CVS commit: src/libexec/httpd
Module Name:src Committed By: spz Date: Thu Aug 20 05:46:31 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h cgi-bozo.c ssl-bozo.c Log Message: send close_notify for the ssl connection before closing the TCP connection Thanks to Dr. Thomas Orgis for reporting the issue. To generate a diff of this commit: cvs rdiff -u -r1.117 -r1.118 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.62 -r1.63 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src
Committed By: spz
Date: Thu Aug 20 05:46:31 UTC 2020
Modified Files:
src/libexec/httpd: bozohttpd.c bozohttpd.h cgi-bozo.c ssl-bozo.c
Log Message:
send close_notify for the ssl connection before closing the TCP connection
Thanks to Dr. Thomas Orgis for reporting the issue.
To generate a diff of this commit:
cvs rdiff -u -r1.117 -r1.118 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.62 -r1.63 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/ssl-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.117 src/libexec/httpd/bozohttpd.c:1.118
--- src/libexec/httpd/bozohttpd.c:1.117 Mon Jul 13 09:38:57 2020
+++ src/libexec/httpd/bozohttpd.c Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.117 2020/07/13 09:38:57 jruoho Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.118 2020/08/20 05:46:31 spz Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -1912,6 +1912,8 @@ bozo_process_request(bozo_httpreq_t *req
cleanup:
close(fd);
cleanup_nofd:
+ /* If SSL enabled send close_notify. */
+ bozo_ssl_shutdown(request->hr_httpd);
close(STDIN_FILENO);
close(STDOUT_FILENO);
/*close(STDERR_FILENO);*/
Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.62 src/libexec/httpd/bozohttpd.h:1.63
--- src/libexec/httpd/bozohttpd.h:1.62 Sat Jul 11 08:10:52 2020
+++ src/libexec/httpd/bozohttpd.h Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.h,v 1.62 2020/07/11 08:10:52 jruoho Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.63 2020/08/20 05:46:31 spz Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
@@ -312,6 +312,7 @@ char *bozostrdup(bozohttpd_t *, bozo_htt
#define bozo_ssl_set_ciphers(w, x) bozo_noop
#define bozo_ssl_init(x)bozo_noop
#define bozo_ssl_accept(x)(0)
+#define bozo_ssl_shutdown(x)bozo_noop
#define bozo_ssl_destroy(x)bozo_noop
#define have_ssl (0)
#else
@@ -319,6 +320,7 @@ void bozo_ssl_set_opts(bozohttpd_t *, co
void bozo_ssl_set_ciphers(bozohttpd_t *, const char *);
void bozo_ssl_init(bozohttpd_t *);
int bozo_ssl_accept(bozohttpd_t *);
+void bozo_ssl_shutdown(bozohttpd_t *);
void bozo_ssl_destroy(bozohttpd_t *);
#define have_ssl (1)
#endif
Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.49 src/libexec/httpd/cgi-bozo.c:1.50
--- src/libexec/httpd/cgi-bozo.c:1.49 Fri Dec 6 05:53:20 2019
+++ src/libexec/httpd/cgi-bozo.c Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: cgi-bozo.c,v 1.49 2019/12/06 05:53:20 mrg Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.50 2020/08/20 05:46:31 spz Exp $ */
/* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */
@@ -637,6 +637,8 @@ bozo_process_cgi(bozo_httpreq_t *request
/* child reader/writer */
close(STDIN_FILENO);
finish_cgi_output(httpd, request, sv[0], nph);
+ /* if we do SSL, send a SSL_shutdown now */
+ bozo_ssl_shutdown(request->hr_httpd);
/* if we're done output, our parent is useless... */
kill(getppid(), SIGKILL);
debug((httpd, DEBUG_FAT, "done processing cgi output"));
Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.26 src/libexec/httpd/ssl-bozo.c:1.27
--- src/libexec/httpd/ssl-bozo.c:1.26 Thu Feb 28 08:28:21 2019
+++ src/libexec/httpd/ssl-bozo.c Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: ssl-bozo.c,v 1.26 2019/02/28 08:28:21 mrg Exp $ */
+/* $NetBSD: ssl-bozo.c,v 1.27 2020/08/20 05:46:31 spz Exp $ */
/* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */
@@ -287,6 +287,15 @@ bozo_ssl_accept(bozohttpd_t *httpd)
}
void
+bozo_ssl_shutdown(bozohttpd_t *httpd)
+{
+ const sslinfo_t *sslinfo = httpd->sslinfo;
+
+ if (sslinfo && sslinfo->bozossl)
+ SSL_shutdown(sslinfo->bozossl);
+}
+
+void
bozo_ssl_destroy(bozohttpd_t *httpd)
{
const sslinfo_t *sslinfo = httpd->sslinfo;
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Tue Jul 10 13:36:51 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs.h usbdevs_data.h Log Message: regenerated (now with correct reference id) To generate a diff of this commit: cvs rdiff -u -r1.744 -r1.745 src/sys/dev/usb/usbdevs.h \ src/sys/dev/usb/usbdevs_data.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/usbdevs.h diff -u src/sys/dev/usb/usbdevs.h:1.744 src/sys/dev/usb/usbdevs.h:1.745 --- src/sys/dev/usb/usbdevs.h:1.744 Tue Jul 10 11:21:34 2018 +++ src/sys/dev/usb/usbdevs.h Tue Jul 10 13:36:51 2018 @@ -1,10 +1,10 @@ -/* $NetBSD: usbdevs.h,v 1.744 2018/07/10 11:21:34 spz Exp $ */ +/* $NetBSD: usbdevs.h,v 1.745 2018/07/10 13:36:51 spz Exp $ */ /* * THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * NetBSD: usbdevs,v 1.750 2018/06/05 13:21:15 martin Exp + * NetBSD: usbdevs,v 1.752 2018/07/10 13:32:38 spz Exp */ /*- @@ -38,7 +38,7 @@ */ /* - * Use "make -f Makefile.usbdevs" to regenerate usbdevs.h and usbdevs_data.h + * Follow the handling instructions in Makefile.usbdevs */ /* Index: src/sys/dev/usb/usbdevs_data.h diff -u src/sys/dev/usb/usbdevs_data.h:1.744 src/sys/dev/usb/usbdevs_data.h:1.745 --- src/sys/dev/usb/usbdevs_data.h:1.744 Tue Jul 10 11:21:34 2018 +++ src/sys/dev/usb/usbdevs_data.h Tue Jul 10 13:36:51 2018 @@ -1,10 +1,10 @@ -/* $NetBSD: usbdevs_data.h,v 1.744 2018/07/10 11:21:34 spz Exp $ */ +/* $NetBSD: usbdevs_data.h,v 1.745 2018/07/10 13:36:51 spz Exp $ */ /* * THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * NetBSD: usbdevs,v 1.750 2018/06/05 13:21:15 martin Exp + * NetBSD: usbdevs,v 1.752 2018/07/10 13:32:38 spz Exp */ /*-
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Tue Jul 10 13:36:51 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs.h usbdevs_data.h Log Message: regenerated (now with correct reference id) To generate a diff of this commit: cvs rdiff -u -r1.744 -r1.745 src/sys/dev/usb/usbdevs.h \ src/sys/dev/usb/usbdevs_data.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Tue Jul 10 13:32:38 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs Log Message: change handling hint to point to the full instructions (comment change only) To generate a diff of this commit: cvs rdiff -u -r1.751 -r1.752 src/sys/dev/usb/usbdevs Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/usbdevs diff -u src/sys/dev/usb/usbdevs:1.751 src/sys/dev/usb/usbdevs:1.752 --- src/sys/dev/usb/usbdevs:1.751 Tue Jul 10 11:21:34 2018 +++ src/sys/dev/usb/usbdevs Tue Jul 10 13:32:38 2018 @@ -1,4 +1,4 @@ -$NetBSD: usbdevs,v 1.751 2018/07/10 11:21:34 spz Exp $ +$NetBSD: usbdevs,v 1.752 2018/07/10 13:32:38 spz Exp $ /*- * Copyright (c) 1998-2004 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ $NetBSD: usbdevs,v 1.751 2018/07/10 11:2 */ /* - * Use "make -f Makefile.usbdevs" to regenerate usbdevs.h and usbdevs_data.h + * Follow the handling instructions in Makefile.usbdevs */ /*
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Tue Jul 10 13:32:38 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs Log Message: change handling hint to point to the full instructions (comment change only) To generate a diff of this commit: cvs rdiff -u -r1.751 -r1.752 src/sys/dev/usb/usbdevs Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Tue Jul 10 11:21:34 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs usbdevs.h usbdevs_data.h Log Message: add Yubikey ids, this time more complete (thanks for the reminders) To generate a diff of this commit: cvs rdiff -u -r1.750 -r1.751 src/sys/dev/usb/usbdevs cvs rdiff -u -r1.743 -r1.744 src/sys/dev/usb/usbdevs.h \ src/sys/dev/usb/usbdevs_data.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Sun Jul 8 08:32:53 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs.h Log Message: add identification for some Yubikeys To generate a diff of this commit: cvs rdiff -u -r1.742 -r1.743 src/sys/dev/usb/usbdevs.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/usbdevs.h diff -u src/sys/dev/usb/usbdevs.h:1.742 src/sys/dev/usb/usbdevs.h:1.743 --- src/sys/dev/usb/usbdevs.h:1.742 Tue Jun 5 13:21:37 2018 +++ src/sys/dev/usb/usbdevs.h Sun Jul 8 08:32:53 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: usbdevs.h,v 1.742 2018/06/05 13:21:37 martin Exp $ */ +/* $NetBSD: usbdevs.h,v 1.743 2018/07/08 08:32:53 spz Exp $ */ /* * THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. @@ -470,6 +470,7 @@ #define USB_VENDOR_MOTOROLA4 0x100d /* Motorola */ #define USB_VENDOR_HP3 0x103c /* Hewlett Packard */ #define USB_VENDOR_GIGABYTE 0x1044 /* GIGABYTE */ +#define USB_VENDOR_YUBICO 0x1050 /* Yubico.se */ #define USB_VENDOR_WESTERN 0x1058 /* Western Digital */ #define USB_VENDOR_MOTOROLA 0x1063 /* Motorola */ #define USB_VENDOR_CCYU 0x1065 /* CCYU Technology */ @@ -3494,6 +3495,11 @@ /* Y-E Data products */ #define USB_PRODUCT_YEDATA_FLASHBUSTERU 0x /* Flashbuster-U */ +/* Yubico products */ +#define USB_PRODUCT_YUBICO_YUBIKEY4MODE1 0x0404 /* YubiKey 4 CCID */ +#define USB_PRODUCT_YUBICO_YUBIKEY4MODE2 0x0405 /* YubiKey 4 OTP+CCID */ +#define USB_PRODUCT_YUBICO_YUBIKEY4MODE6 0x0407 /* YubiKey 4 OTP+CCID+U2F */ + /* Z-Com products */ #define USB_PRODUCT_ZCOM_M4Y750 0x0001 /* M4Y-750 */ #define USB_PRODUCT_ZCOM_725 0x0002 /* 725/726 Prism2.5 WLAN */
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Sun Jul 8 08:32:53 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs.h Log Message: add identification for some Yubikeys To generate a diff of this commit: cvs rdiff -u -r1.742 -r1.743 src/sys/dev/usb/usbdevs.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/heimdal/dist/kdc
Module Name:src Committed By: spz Date: Sun Apr 29 05:36:04 UTC 2018 Modified Files: src/crypto/external/bsd/heimdal/dist/kdc: connect.c Log Message: avoid busy-waiting on a dead child To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/heimdal/dist/kdc/connect.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/heimdal/dist/kdc
Module Name:src
Committed By: spz
Date: Sun Apr 29 05:36:04 UTC 2018
Modified Files:
src/crypto/external/bsd/heimdal/dist/kdc: connect.c
Log Message:
avoid busy-waiting on a dead child
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/heimdal/dist/kdc/connect.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/heimdal/dist/kdc/connect.c
diff -u src/crypto/external/bsd/heimdal/dist/kdc/connect.c:1.2 src/crypto/external/bsd/heimdal/dist/kdc/connect.c:1.3
--- src/crypto/external/bsd/heimdal/dist/kdc/connect.c:1.2 Sat Jan 28 21:31:44 2017
+++ src/crypto/external/bsd/heimdal/dist/kdc/connect.c Sun Apr 29 05:36:04 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: connect.c,v 1.2 2017/01/28 21:31:44 christos Exp $ */
+/* $NetBSD: connect.c,v 1.3 2018/04/29 05:36:04 spz Exp $ */
/*
* Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
@@ -1193,7 +1193,7 @@ start_kdc(krb5_context context,
break;
default:
for (i=0; i < max_kdcs; i++) {
-if (pids[i] == 0) {
+if (pids[i] < 1) {
pids[i] = pid;
break;
}
CVS commit: src/sys/arch/amiga/conf
Module Name:src
Committed By: spz
Date: Tue Mar 6 06:04:21 UTC 2018
Modified Files:
src/sys/arch/amiga/conf: files.amiga
Log Message:
if_xsh needs mii_bitbang; make a pared down kernel build
To generate a diff of this commit:
cvs rdiff -u -r1.178 -r1.179 src/sys/arch/amiga/conf/files.amiga
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amiga/conf/files.amiga
diff -u src/sys/arch/amiga/conf/files.amiga:1.178 src/sys/arch/amiga/conf/files.amiga:1.179
--- src/sys/arch/amiga/conf/files.amiga:1.178 Mon Oct 3 14:26:02 2016
+++ src/sys/arch/amiga/conf/files.amiga Tue Mar 6 06:04:21 2018
@@ -1,4 +1,4 @@
-# $NetBSD: files.amiga,v 1.178 2016/10/03 14:26:02 rkujawa Exp $
+# $NetBSD: files.amiga,v 1.179 2018/03/06 06:04:21 spz Exp $
# maxpartitions must be first item in files.${ARCH}.newconf
maxpartitions 16 # NOTE THAT AMIGA IS SPECIAL!
@@ -254,7 +254,7 @@ device xsh: xshbus
attach xsh at zbus
file arch/amiga/dev/xsh.c xsh needs-flag
-attach ne at xshbus with ne_xsh: ax88190
+attach ne at xshbus with ne_xsh: ax88190, mii_bitbang
file arch/amiga/dev/if_ne_xsh.c ne_xsh needs-flag
# Hydra ethernet card
CVS commit: src/sys/arch/amiga/conf
Module Name:src Committed By: spz Date: Tue Mar 6 06:04:21 UTC 2018 Modified Files: src/sys/arch/amiga/conf: files.amiga Log Message: if_xsh needs mii_bitbang; make a pared down kernel build To generate a diff of this commit: cvs rdiff -u -r1.178 -r1.179 src/sys/arch/amiga/conf/files.amiga Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/wpa/dist
Module Name:src Committed By: spz Date: Mon Oct 16 17:36:16 UTC 2017 Modified Files: src/external/bsd/wpa/dist/src/ap: ieee802_11.c wpa_auth.c wpa_auth.h wpa_auth_ft.c wpa_auth_i.h src/external/bsd/wpa/dist/src/common: wpa_common.h src/external/bsd/wpa/dist/src/rsn_supp: tdls.c wpa.c wpa_ft.c wpa_i.h src/external/bsd/wpa/dist/wpa_supplicant: wnm_sta.c Log Message: apply patches from upstream, namely from https://w1.fi/security/2017-1/ : rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 02-Oct-2017 16:19 6.1K rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch 02-Oct-2017 16:19 7.7K rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch 02-Oct-2017 16:19 6.7K rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch 02-Oct-2017 16:19 2.5K rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch 02-Oct-2017 16:19 1.9K rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch 02-Oct-2017 16:19 4.2K rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch 02-Oct-2017 16:19 1.6K rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch 02-Oct-2017 16:19 2.7K for CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 (see https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt for details) To generate a diff of this commit: cvs rdiff -u -r1.1.1.7 -r1.2 src/external/bsd/wpa/dist/src/ap/ieee802_11.c \ src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c cvs rdiff -u -r1.9 -r1.10 src/external/bsd/wpa/dist/src/ap/wpa_auth.c cvs rdiff -u -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth.h \ src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/common/wpa_common.h cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/tdls.c cvs rdiff -u -r1.1.1.8 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa.c cvs rdiff -u -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c \ src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/wpa/dist
Module Name:src
Committed By: spz
Date: Mon Oct 16 17:36:16 UTC 2017
Modified Files:
src/external/bsd/wpa/dist/src/ap: ieee802_11.c wpa_auth.c wpa_auth.h
wpa_auth_ft.c wpa_auth_i.h
src/external/bsd/wpa/dist/src/common: wpa_common.h
src/external/bsd/wpa/dist/src/rsn_supp: tdls.c wpa.c wpa_ft.c wpa_i.h
src/external/bsd/wpa/dist/wpa_supplicant: wnm_sta.c
Log Message:
apply patches from upstream, namely from https://w1.fi/security/2017-1/ :
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
02-Oct-2017 16:19 6.1K
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
02-Oct-2017 16:19 7.7K
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
02-Oct-2017 16:19 6.7K
rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
02-Oct-2017 16:19 2.5K
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
02-Oct-2017 16:19 1.9K
rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
02-Oct-2017 16:19 4.2K
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
02-Oct-2017 16:19 1.6K
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
02-Oct-2017 16:19 2.7K
for CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088
(see
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
for details)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.2 src/external/bsd/wpa/dist/src/ap/ieee802_11.c \
src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c
cvs rdiff -u -r1.9 -r1.10 src/external/bsd/wpa/dist/src/ap/wpa_auth.c
cvs rdiff -u -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth.h \
src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/common/wpa_common.h
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/tdls.c
cvs rdiff -u -r1.1.1.8 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa.c
cvs rdiff -u -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c \
src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/ap/ieee802_11.c
diff -u src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.1.1.7 src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.2
--- src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.1.1.7 Mon Nov 21 16:42:50 2016
+++ src/external/bsd/wpa/dist/src/ap/ieee802_11.c Mon Oct 16 17:36:16 2017
@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hos
{
struct ieee80211_ht_capabilities ht_cap;
struct ieee80211_vht_capabilities vht_cap;
+ int set = 1;
/*
* Remove the STA entry to ensure the STA PS state gets cleared and
@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hos
* FT-over-the-DS, where a station re-associates back to the same AP but
* skips the authentication flow, or if working with a driver that
* does not support full AP client state.
+ *
+ * Skip this if the STA has already completed FT reassociation and the
+ * TK has been configured since the TX/RX PN must not be reset to 0 for
+ * the same key.
*/
- if (!sta->added_unassoc)
+ if (!sta->added_unassoc &&
+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
hostapd_drv_sta_remove(hapd, sta->addr);
+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ set = 0;
+ }
#ifdef CONFIG_IEEE80211N
if (sta->flags & WLAN_STA_HT)
@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hos
sta->flags & WLAN_STA_VHT ? _cap : NULL,
sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
sta->vht_opmode, sta->p2p_ie ? 1 : 0,
- sta->added_unassoc)) {
+ set)) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
"Could not %s STA to kernel driver",
- sta->added_unassoc ? "set" : "add");
+ set ? "set" : "add");
if (sta->added_unassoc) {
hostapd_drv_sta_remove(hapd, sta->addr);
Index: src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c
diff -u src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c:1.1.1.7 src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c:1.2
--- src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c:1.1.1.7 Mon Nov 21 16:42:50 2016
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c Mon Oct 16 17:36:16 2017
@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state
return;
}
+ if (sm->tk_already_set) {
+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
+ * PN in the driver */
+ wpa_printf(MSG_DEBUG,
+ "FT: Do not re-install same PTK to the driver");
+ return;
+
CVS commit: src/doc
Module Name:src Committed By: spz Date: Fri Jul 14 04:56:12 UTC 2017 Modified Files: src/doc: RESPONSIBLE Log Message: add a few more '*' To generate a diff of this commit: cvs rdiff -u -r1.117 -r1.118 src/doc/RESPONSIBLE Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/RESPONSIBLE diff -u src/doc/RESPONSIBLE:1.117 src/doc/RESPONSIBLE:1.118 --- src/doc/RESPONSIBLE:1.117 Thu Jul 13 22:17:09 2017 +++ src/doc/RESPONSIBLE Fri Jul 14 04:56:11 2017 @@ -1,4 +1,4 @@ -# $NetBSD: RESPONSIBLE,v 1.117 2017/07/13 22:17:09 pgoyette Exp $ +# $NetBSD: RESPONSIBLE,v 1.118 2017/07/14 04:56:11 spz Exp $ List of sections of the system, and who is responsible for them (or at least considered an expert on them). @@ -17,10 +17,10 @@ audioplay mrg audiorecord mrg awk jdolecek* bc phil*, simonb -config cube +config cube* csh christos cvs christos, wiz -dhcp mellon +dhcp mellon* edquota dholland error christos etcupdate [nobody] @@ -66,7 +66,7 @@ top simonb user agc vi aymeric wakeonlan mbalmer -wpa_supplicant scw +wpa_supplicant scw* ypbind dholland Userland Libraries: @@ -113,7 +113,7 @@ device support: acpi thorpej*, kochi*, jmcneill, joerg audio augustss*, jmcneill, nat cgd elric -firewire jmc +firewire jmc* flash ahoka gpio mbalmer ide/atapi bouyer @@ -183,7 +183,7 @@ file systems: adosfs ? cd9660 ? -chfs ttoth +chfs ttoth* coda gdt efs rumble* ext2fs [nobody in particular] @@ -209,7 +209,7 @@ udf reinoud ufs fvdl* union [nobody] umapfs [nobody] -v7fs uch +v7fs uch* kern/vfs: @@ -274,7 +274,7 @@ cobalt core emips pooka evbarm core evbmips simonb -evbppc scw +evbppc scw* evbsh3 core ews4800mips tsutsui hp300 tsutsui @@ -287,12 +287,12 @@ ibmnws matt iyonix gavan landisk uwe luna68k nisimura -mac68k scottr +mac68k scottr* macppc macallan mipsco wdk* mmeye core -mvme68k scw -mvmeppc scw +mvme68k scw* +mvmeppc scw* netwinder matt news68k tsutsui newsmips core @@ -310,7 +310,7 @@ sh3 msaitoh,uwe sparc core sparc64 martin sun2 core -sun3 jeremy +sun3 jeremy* usermode reinoud vax core x68k core
CVS commit: src/doc
Module Name:src Committed By: spz Date: Fri Jul 14 04:56:12 UTC 2017 Modified Files: src/doc: RESPONSIBLE Log Message: add a few more '*' To generate a diff of this commit: cvs rdiff -u -r1.117 -r1.118 src/doc/RESPONSIBLE Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys
Module Name:src
Committed By: spz
Date: Tue Jun 13 19:13:55 UTC 2017
Modified Files:
src/sys/arch/ews4800mips/sbd: fb_sbdio.c
src/sys/arch/pmax/ibus: pm.c
src/sys/dev/hpc: bivideo.c
src/sys/dev/ic: sti.c
Log Message:
correct size checks so they cannot be circumvented by integer overflows
reported by CTurt, thanks for the notification
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/arch/ews4800mips/sbd/fb_sbdio.c
cvs rdiff -u -r1.12 -r1.13 src/sys/arch/pmax/ibus/pm.c
cvs rdiff -u -r1.33 -r1.34 src/sys/dev/hpc/bivideo.c
cvs rdiff -u -r1.18 -r1.19 src/sys/dev/ic/sti.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/ews4800mips/sbd/fb_sbdio.c
diff -u src/sys/arch/ews4800mips/sbd/fb_sbdio.c:1.15 src/sys/arch/ews4800mips/sbd/fb_sbdio.c:1.16
--- src/sys/arch/ews4800mips/sbd/fb_sbdio.c:1.15 Tue Jun 23 21:00:23 2015
+++ src/sys/arch/ews4800mips/sbd/fb_sbdio.c Tue Jun 13 19:13:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: fb_sbdio.c,v 1.15 2015/06/23 21:00:23 matt Exp $ */
+/* $NetBSD: fb_sbdio.c,v 1.16 2017/06/13 19:13:55 spz Exp $ */
/*-
* Copyright (c) 2004, 2005 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#define WIRED_FB_TLB
#include
-__KERNEL_RCSID(0, "$NetBSD: fb_sbdio.c,v 1.15 2015/06/23 21:00:23 matt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fb_sbdio.c,v 1.16 2017/06/13 19:13:55 spz Exp $");
#include
#include
@@ -303,6 +303,8 @@ _fb_ioctl(void *v, void *vs, u_long cmd,
if (ri->ri_flg == RI_FORCEMONO)
break;
ga_clut_get(ga);
+ if (cmap->index >= 256 || cmap->count > 256 - cmap->index)
+ return (EINVAL);
for (i = 0; i < cmap->count; i++) {
cmap->red[i] = ga->clut[cmap->index + i][0];
cmap->green[i] = ga->clut[cmap->index + i][1];
@@ -313,6 +315,8 @@ _fb_ioctl(void *v, void *vs, u_long cmd,
case WSDISPLAYIO_PUTCMAP:
if (ri->ri_flg == RI_FORCEMONO)
break;
+ if (cmap->index >= 256 || cmap->count > 256 - cmap->index)
+ return (EINVAL);
for (i = 0; i < cmap->count; i++) {
ga->clut[cmap->index + i][0] = cmap->red[i];
ga->clut[cmap->index + i][1] = cmap->green[i];
Index: src/sys/arch/pmax/ibus/pm.c
diff -u src/sys/arch/pmax/ibus/pm.c:1.12 src/sys/arch/pmax/ibus/pm.c:1.13
--- src/sys/arch/pmax/ibus/pm.c:1.12 Sun Nov 10 20:09:52 2013
+++ src/sys/arch/pmax/ibus/pm.c Tue Jun 13 19:13:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: pm.c,v 1.12 2013/11/10 20:09:52 christos Exp $ */
+/* $NetBSD: pm.c,v 1.13 2017/06/13 19:13:55 spz Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: pm.c,v 1.12 2013/11/10 20:09:52 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pm.c,v 1.13 2017/06/13 19:13:55 spz Exp $");
#include
#include
@@ -666,7 +666,7 @@ pm_get_cmap(struct pm_softc *sc, struct
index = p->index;
count = p->count;
- if (index >= sc->sc_cmap_size || (index + count) > sc->sc_cmap_size)
+ if (index >= sc->sc_cmap_size || count > sc->sc_cmap_size - index)
return (EINVAL);
if ((rv = copyout(>sc_cmap.r[index], p->red, count)) != 0)
@@ -685,7 +685,7 @@ pm_set_cmap(struct pm_softc *sc, struct
index = p->index;
count = p->count;
- if (index >= sc->sc_cmap_size || (index + count) > sc->sc_cmap_size)
+ if (index >= sc->sc_cmap_size || count > sc->sc_cmap_size - index)
return (EINVAL);
if ((rv = copyin(p->red, >sc_cmap.r[index], count)) != 0)
Index: src/sys/dev/hpc/bivideo.c
diff -u src/sys/dev/hpc/bivideo.c:1.33 src/sys/dev/hpc/bivideo.c:1.34
--- src/sys/dev/hpc/bivideo.c:1.33 Sat Oct 27 17:18:17 2012
+++ src/sys/dev/hpc/bivideo.c Tue Jun 13 19:13:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: bivideo.c,v 1.33 2012/10/27 17:18:17 chs Exp $ */
+/* $NetBSD: bivideo.c,v 1.34 2017/06/13 19:13:55 spz Exp $ */
/*-
* Copyright (c) 1999-2001
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: bivideo.c,v 1.33 2012/10/27 17:18:17 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bivideo.c,v 1.34 2017/06/13 19:13:55 spz Exp $");
#ifdef _KERNEL_OPT
#include "opt_hpcfb.h"
@@ -402,8 +402,8 @@ bivideo_ioctl(void *v, u_long cmd, void
if (sc->sc_fbconf.hf_class != HPCFB_CLASS_INDEXCOLOR ||
sc->sc_fbconf.hf_pack_width != 8 ||
- 256 <= cmap->index ||
- 256 < (cmap->index + cmap->count))
+ cmap->index >= 256 ||
+ cmap->count > 256 - cmap->index)
return (EINVAL);
error = copyout(_cmap_r[cmap->index], cmap->red,
Index: src/sys/dev/ic/sti.c
diff -u src/sys/dev/ic/sti.c:1.18 src/sys/dev/ic/sti.c:1.19
--- src/sys/dev/ic/sti.c:1.18 Sun Jun 29 04:08:43 2014
+++ src/sys/dev/ic/sti.c Tue Jun 13 19:13:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: sti.c,v 1.18 2014/06/29 04:08:43 tsutsui Exp $ */
+/* $NetBSD: sti.c,v 1.19 2017/06/13 19:13:55 spz Exp $ */
/* $OpenBSD: sti.c,v 1.61 2009/09/05 14:09:35 miod Exp $ */
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: sti.c,v
CVS commit: src/sys
Module Name:src Committed By: spz Date: Tue Jun 13 19:13:55 UTC 2017 Modified Files: src/sys/arch/ews4800mips/sbd: fb_sbdio.c src/sys/arch/pmax/ibus: pm.c src/sys/dev/hpc: bivideo.c src/sys/dev/ic: sti.c Log Message: correct size checks so they cannot be circumvented by integer overflows reported by CTurt, thanks for the notification To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 src/sys/arch/ews4800mips/sbd/fb_sbdio.c cvs rdiff -u -r1.12 -r1.13 src/sys/arch/pmax/ibus/pm.c cvs rdiff -u -r1.33 -r1.34 src/sys/dev/hpc/bivideo.c cvs rdiff -u -r1.18 -r1.19 src/sys/dev/ic/sti.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/etc/ssh
Module Name:src Committed By: spz Date: Fri Mar 31 06:26:50 UTC 2017 Modified Files: src/etc/ssh: ssh_known_hosts Log Message: add ssh-ed25519 keys verify keys (split vir functions off from mollari) To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/etc/ssh/ssh_known_hosts Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/etc/ssh
Module Name:src Committed By: spz Date: Fri Mar 31 06:26:50 UTC 2017 Modified Files: src/etc/ssh: ssh_known_hosts Log Message: add ssh-ed25519 keys verify keys (split vir functions off from mollari) To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/etc/ssh/ssh_known_hosts Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/etc/ssh/ssh_known_hosts diff -u src/etc/ssh/ssh_known_hosts:1.9 src/etc/ssh/ssh_known_hosts:1.10 --- src/etc/ssh/ssh_known_hosts:1.9 Wed Sep 23 12:14:51 2015 +++ src/etc/ssh/ssh_known_hosts Fri Mar 31 06:26:50 2017 @@ -1,4 +1,4 @@ -# $NetBSD: ssh_known_hosts,v 1.9 2015/09/23 12:14:51 wiz Exp $ +# $NetBSD: ssh_known_hosts,v 1.10 2017/03/31 06:26:50 spz Exp $ # anoncvs.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEA3QiBl8leG9fqIJpKeNov0PKq5YryFFiroMWOPUv4hDFn8R0jC07YVaR/OSBrr37CTmGX5AFceXPzoFnLlwCqWR7rXg4NR75FTlTp9CG9EBAEtU8mee27KDrUFBTZdfVl2+aRYoAI5fTXA+0vpIO68Cq843vRWUZCcwinS4cNLUU= @@ -6,49 +6,85 @@ anoncvs.netbsd.org ecdsa-sha2-nistp521 A # cvs.netbsd.org,cvs4.netbsd.org,cvs6.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEA1b7MS3j0v6NzPr/Snh8OJTILvGLD9OA/zdrTfzQdq3doJjkLKJhD4WYj8SonaauEKuqzdJa1KVilj44GCrJBnjwbWg2BdJWLzB5YFmNgvmXwoqrl9kRyzMVk47UOxeREIipXldKajkCTc/nwa1mGrsCwVlC+TwAhWIyjyza6MOk= +cvs.netbsd.org,cvs4.netbsd.org,cvs6.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5IKs9vV7cSDdIw8hFUiIA+T9QIaZeLi963yuwe8zoCnsJ + cvs.netbsd.org,cvs4.netbsd.org,cvs6.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAGFloNiNSqIkMFVBUglnE9AgBI6J5cLh4hej8DZEtn4InWbFD3dxIFLvw8ZA3qLpVX/TCjFt++MEO3w5GJ2L7a2zQHGIn50E5KVcHuh9arVYRhLPqs9Vfl6ANJ6WiQ81f5k/dZ6ESI8BwqOyQY22/zTujyL8FGHvlZukNsB4iie7Wl+/Q== # ftp.netbsd.org,ftp4.netbsd.org,ftp6.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAv+tO1aHHsW1McwHgnJ28qsXn8gH8z/61yopJzmOKuHH07zBYOnhenAcni6E0+BRavSXXIuuTDdyxEyWcTqXoR0LEVShTzAFmZS3RyzTVl7A+Fp644lNnRaJh1380H+20uZjcKSPU0IudG5J7QllMbJY9RnIBFjGLzTb4vrC8GIc= morden.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAv+tO1aHHsW1McwHgnJ28qsXn8gH8z/61yopJzmOKuHH07zBYOnhenAcni6E0+BRavSXXIuuTDdyxEyWcTqXoR0LEVShTzAFmZS3RyzTVl7A+Fp644lNnRaJh1380H+20uZjcKSPU0IudG5J7QllMbJY9RnIBFjGLzTb4vrC8GIc= +ftp.netbsd.org,ftp4.netbsd.org,ftp6.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5ILx3zN5uEgRjNYqndcHwVOocWXOcHsufGsZdxNcLnJdh + +morden.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5ILx3zN5uEgRjNYqndcHwVOocWXOcHsufGsZdxNcLnJdh + ftp.netbsd.org,ftp4.netbsd.org,ftp6.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAFp8B5B8/cosThWLYgZp0jQGIqduvJUlra4gyCCqKLnaTn44cPltjjDWp1UHRsdVjm8ka81EYSJ95ZgD8lbPE/XZwBBmisSzTVoQT+b2x7ENPz2BOAgjxX5Lljy6Z2vpky8Gtu2nNJlFtekPbAS4wyDxHuwR5SZMEYNPTWegtBcvm460A== morden.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAFp8B5B8/cosThWLYgZp0jQGIqduvJUlra4gyCCqKLnaTn44cPltjjDWp1UHRsdVjm8ka81EYSJ95ZgD8lbPE/XZwBBmisSzTVoQT+b2x7ENPz2BOAgjxX5Lljy6Z2vpky8Gtu2nNJlFtekPbAS4wyDxHuwR5SZMEYNPTWegtBcvm460A== # mail.netbsd.org,homeworld.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAt8UJLhW8iou8Ack7V5XrzfCgzOkdK75+xDZePMBPg+CYDLnHbP1+KQaSrvfnvDzCvgOUXHOkGji1jbrtzDYwv7Itw0hRUo7TxR99c3bTomb9U0vWV5k4FDIyz4xJXWBJMVkKseAWAXgnc5FSdB6V/e21TAISJBl9dolhqOGVsxM= +mail.netbsd.org,homeworld.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5IFnVCBKDY0sNBJM4ip5Ql0KPsDAmQ+URkOelrQPO1ojv + mail.netbsd.org,homeworld.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBADOK8FUImVH0iPCzfwBD9gT8AUELweTGWry8eBXFbxCDcOYW+4HRtUuY7OqP/sJ8tlYCNg9F+PjAIDqp72h6YgPcQH2/M/8ZXizAT7y7uCiysYxMKYbmuBHqVybaJd5rWUNL19JE6e3H+KBkwYQbf7Jrrs6RhDYMCguPmi6ppNEEEAAcQ== # pkgbuild.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAz2c3dFuPdL75gpvwiYinwQ5jiRlfe3HvbXbMkTvpZxLFBQWTVkcDr/yd+vCiWcqVKVENX2tIvT91gPM9/iw7Wl82rxZ54jjaL0pWPL0yjSVhSFxff9pH+as5hgX4l1HjmXLB6v+MWyYVmOSpB01NfVVV2Z9+BGp3Y7i+U5pCdf0= +pkgbuild.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5IINkiJ9FjD7QWexC7bssHKVe+ZbMYMWnltwzgZmloZKz + pkgbuild.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAE7rzIErnIESapcXZJYCMmlNlS3cbeE9zbvraS0/woWexchdhVxLOi/qkfqM5U0Zkin1ooNsUfEYmaJ1k1T+LHbzAAGwZMo/aESnTEekYgBSwhHUj1EjIWeeN/bet9HJrz9Y4WGd2MOXHL88T+cUzfHLEneYrrVe6FDbAlMpSPw4OAOAQ== # build.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAzmmcuzoX0D/qDFdDJDyRgQGkUaNTEu7GdruMg1N+ajqvEoKQHQEEBrMdDbeYqCUYacHyhTRMrP6vZ27iX90rl9iS1lR2iPHp/mbnf+iV/BzdWROPvJWxp9/Am/DrYL+Idah5AYNnkC7fon9n+BeMqPDXYGYl/U+dAzp+8GHPhRc= +build.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5ICUM7QeCYsh/mqacK2ZARQrmYtTeB+PWg5FiMruS+xhz + build.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAHYkX/uBJWozv+YkhVu4lvyPw8vlmD8oElKC3jNi2fWiWh+8naw7pTvscgqW5kzihSebdZ8eHnb1+oBOqgjlyaSPgFy+Jvtf2DunOrWTZ1sxSPS5c3j4A35cufNH/cYO5KbWb06h39BUi7c4iB5o0yfguNutuyBPlI9T9GKUmzU1SpfrA== #
CVS commit: src
Module Name:src Committed By: spz Date: Sun Feb 5 04:05:05 UTC 2017 Modified Files: src/doc: 3RDPARTY src/external/bsd/tcpdump/bin: Makefile src/external/bsd/tcpdump/dist: addrtoname.c addrtostr.c configure configure.in extract.h interface.h l2vpn.c netdissect.c netdissect.h oui.c parsenfsfh.c print-802_11.c print-802_15_4.c print-ah.c print-ahcp.c print-aodv.c print-aoe.c print-ap1394.c print-arcnet.c print-arp.c print-ascii.c print-atalk.c print-atm.c print-babel.c print-beep.c print-bfd.c print-bgp.c print-bootp.c print-bt.c print-calm-fast.c print-carp.c print-cdp.c print-cfm.c print-chdlc.c print-cip.c print-cnfp.c print-dccp.c print-decnet.c print-dhcp6.c print-domain.c print-dtp.c print-dvmrp.c print-eap.c print-egp.c print-eigrp.c print-enc.c print-esp.c print-ether.c print-fddi.c print-forces.c print-fr.c print-frag6.c print-ftp.c print-geneve.c print-geonet.c print-gre.c print-hncp.c print-hsrp.c print-http.c print-icmp.c print-icmp6.c print-igmp.c print-igrp.c print-ip.c print-ip6.c print-ip6opts.c print-ipcomp.c print-ipfc.c print-ipnet.c print-ipx.c print-isakmp.c print-isoclns.c print-juniper.c print-krb.c print-l2tp.c print-lane.c print-ldp.c print-lisp.c print-llc.c print-lldp.c print-lmp.c print-loopback.c print-lspping.c print-lwapp.c print-lwres.c print-m3ua.c print-medsa.c print-mobile.c print-mobility.c print-mpcp.c print-mpls.c print-mptcp.c print-msdp.c print-msnlb.c print-nflog.c print-nfs.c print-nsh.c print-ntp.c print-null.c print-olsr.c print-openflow-1.0.c print-openflow.c print-ospf.c print-ospf6.c print-otv.c print-pflog.c print-pgm.c print-pim.c print-pktap.c print-ppi.c print-ppp.c print-pppoe.c print-pptp.c print-radius.c print-raw.c print-resp.c print-rip.c print-ripng.c print-rpki-rtr.c print-rrcp.c print-rsvp.c print-rt6.c print-rtsp.c print-rx.c print-sctp.c print-sflow.c print-sip.c print-sl.c print-sll.c print-slow.c print-smb.c print-smtp.c print-snmp.c print-stp.c print-sunatm.c print-sunrpc.c print-symantec.c print-syslog.c print-tcp.c print-telnet.c print-tftp.c print-timed.c print-tipc.c print-token.c print-udld.c print-udp.c print-usb.c print-vjc.c print-vqp.c print-vrrp.c print-vtp.c print-vxlan-gpe.c print-vxlan.c print-wb.c print-zephyr.c print-zeromq.c print.c signature.c strtoaddr.c tcp.h tcpdump.1.in tcpdump.c udp.h util-print.c Added Files: src/external/bsd/tcpdump/dist: README Removed Files: src/external/bsd/tcpdump/dist: util.c src/external/bsd/tcpdump/dist/tests: failure-outputs.txt forces2v.out Log Message: merge for tcpdump 4.9.0 and document To generate a diff of this commit: cvs rdiff -u -r1.1407 -r1.1408 src/doc/3RDPARTY cvs rdiff -u -r1.17 -r1.18 src/external/bsd/tcpdump/bin/Makefile cvs rdiff -u -r0 -r1.3 src/external/bsd/tcpdump/dist/README cvs rdiff -u -r1.8 -r1.9 src/external/bsd/tcpdump/dist/addrtoname.c \ src/external/bsd/tcpdump/dist/print-isakmp.c \ src/external/bsd/tcpdump/dist/print-lmp.c \ src/external/bsd/tcpdump/dist/print-pim.c \ src/external/bsd/tcpdump/dist/print-rsvp.c cvs rdiff -u -r1.2 -r1.3 src/external/bsd/tcpdump/dist/addrtostr.c \ src/external/bsd/tcpdump/dist/print-802_15_4.c \ src/external/bsd/tcpdump/dist/print-babel.c \ src/external/bsd/tcpdump/dist/print-calm-fast.c \ src/external/bsd/tcpdump/dist/print-carp.c \ src/external/bsd/tcpdump/dist/print-dtp.c \ src/external/bsd/tcpdump/dist/print-ftp.c \ src/external/bsd/tcpdump/dist/print-geneve.c \ src/external/bsd/tcpdump/dist/print-geonet.c \ src/external/bsd/tcpdump/dist/print-hncp.c \ src/external/bsd/tcpdump/dist/print-http.c \ src/external/bsd/tcpdump/dist/print-ipnet.c \ src/external/bsd/tcpdump/dist/print-lisp.c \ src/external/bsd/tcpdump/dist/print-medsa.c \ src/external/bsd/tcpdump/dist/print-mptcp.c \ src/external/bsd/tcpdump/dist/print-msnlb.c \ src/external/bsd/tcpdump/dist/print-nflog.c \ src/external/bsd/tcpdump/dist/print-nsh.c \ src/external/bsd/tcpdump/dist/print-olsr.c \ src/external/bsd/tcpdump/dist/print-openflow-1.0.c \ src/external/bsd/tcpdump/dist/print-openflow.c \ src/external/bsd/tcpdump/dist/print-otv.c \ src/external/bsd/tcpdump/dist/print-ppi.c \ src/external/bsd/tcpdump/dist/print-resp.c \ src/external/bsd/tcpdump/dist/print-rtsp.c \ src/external/bsd/tcpdump/dist/print-smtp.c \ src/external/bsd/tcpdump/dist/print-tipc.c \ src/external/bsd/tcpdump/dist/print-udld.c \ src/external/bsd/tcpdump/dist/print-usb.c \
CVS import: src/external/bsd/tcpdump/dist
Module Name:src Committed By: spz Date: Sun Feb 5 03:07:24 UTC 2017 Update of /cvsroot/src/external/bsd/tcpdump/dist In directory ivanova.netbsd.org:/tmp/cvs-serv8326 Log Message: Update of tcpdump to version 4.9.0 This update fixes the following vulnerabilities: CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 (all buffer overflows in various parts of tcpdump) Upstream Changelog: General updates: Improve separation frontend/backend (tcpdump/libnetdissect) Don't require IPv6 library support in order to support IPv6 addresses Introduce data types to use for integral values in packet structures Fix display of timestamps with -tt, -ttt and -t options Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others (More information in the log with CVE-2016-* and CVE-2017-*) Change the way protocols print link-layer addresses (Fix heap overflows in CALM-FAST and GeoNetworking printers) Pass correct caplen value to ether_print() and some other functions Fix lookup_nsap() to match what isonsap_string() expects Clean up relative time stamp printing (Fix an array overflow) Fix some alignment issues with GCC on Solaris 10 SPARC Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks Add a fn_printztn() which returns the number of bytes processed Add nd_init() and nd_cleanup() functions. Improve libsmi support Add CONTRIBUTING file Add a summary comment in all printers Compile with more warning options in devel mode if supported (-Wcast-qual, ...) Fix some leaks found by Valgrind/Memcheck Fix a bunch of de-constifications Squelch some Coverity warnings and some compiler warnings Update Coverity and Travis-CI setup Update Visual Studio files Frontend: Fix capsicum support to work with zerocopy buffers in bpf Try opening interfaces by name first, then by name-as-index Work around pcap_create() failures fetching time stamp type lists Fix a segmentation fault with 'tcpdump -J' Improve addrtostr6() bounds checking Add exit_tcpdump() function Don't drop CAP_SYS_CHROOT before chrooting Fixes issue where statistics not reported when -G and -W options used New printers supporting: Generic Protocol Extension for VXLAN (VXLAN-GPE) Home Networking Control Protocol (HNCP), RFCs 7787 and 7788 Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets Marvell Extended Distributed Switch Architecture header (MEDSA) Network Service Header (NSH) REdis Serialization Protocol (RESP) Updated printers: 802.11: Beginnings of 11ac radiotap support 802.11: Check the Protected bit for management frames 802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow) 802.11: Fix the radiotap printer to handle the special bits correctly 802.11: If we have the MCS field, it's 11n 802.11: Only print unknown frame type or subtype messages once 802.11: Radiotap dBm values get printed as dB; Update a test output accordingly 802.11: Source and destination addresses were backwards AH: Add a bounds check AH: Report to our caller that dissection failed if a bounds check fails AP1394: Print src > dst, not dst > src ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow) ATALK: Add bounds and length checks (Fix heap overflows) ATM: Add some bounds checks (Fix a heap overflow) ATM: Fix an incorrect bounds check BFD: Update specification from draft to RFC 5880 BFD: Update to print optional authentication field BGP: Add decoding of ADD-PATH capability BGP: Add support for the AIGP attribute (RFC7311) BGP: Print LARGE_COMMUNITY Path Attribute BGP: Update BGP numbers from IANA; Print minor values for FSM notification BOOTP: Add a bounds check Babel: Add decoder for source-specific extension CDP: Filter out non-printable characters CFM: Fixes to match the IEEE standard, additional bounds and length checks CSLIP: Add more bounds checks (Fix a heap overflow) ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow) DHCP: Fix MUDURL and TZ options DHCPv6: Process MUDURL and TZ options DHCPv6: Update Status Codes with RFCs/IANA names DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
CVS import: src/external/bsd/tcpdump/dist
Module Name:src Committed By: spz Date: Sun Feb 5 03:07:24 UTC 2017 Update of /cvsroot/src/external/bsd/tcpdump/dist In directory ivanova.netbsd.org:/tmp/cvs-serv8326 Log Message: Update of tcpdump to version 4.9.0 This update fixes the following vulnerabilities: CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 (all buffer overflows in various parts of tcpdump) Upstream Changelog: General updates: Improve separation frontend/backend (tcpdump/libnetdissect) Don't require IPv6 library support in order to support IPv6 addresses Introduce data types to use for integral values in packet structures Fix display of timestamps with -tt, -ttt and -t options Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others (More information in the log with CVE-2016-* and CVE-2017-*) Change the way protocols print link-layer addresses (Fix heap overflows in CALM-FAST and GeoNetworking printers) Pass correct caplen value to ether_print() and some other functions Fix lookup_nsap() to match what isonsap_string() expects Clean up relative time stamp printing (Fix an array overflow) Fix some alignment issues with GCC on Solaris 10 SPARC Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks Add a fn_printztn() which returns the number of bytes processed Add nd_init() and nd_cleanup() functions. Improve libsmi support Add CONTRIBUTING file Add a summary comment in all printers Compile with more warning options in devel mode if supported (-Wcast-qual, ...) Fix some leaks found by Valgrind/Memcheck Fix a bunch of de-constifications Squelch some Coverity warnings and some compiler warnings Update Coverity and Travis-CI setup Update Visual Studio files Frontend: Fix capsicum support to work with zerocopy buffers in bpf Try opening interfaces by name first, then by name-as-index Work around pcap_create() failures fetching time stamp type lists Fix a segmentation fault with 'tcpdump -J' Improve addrtostr6() bounds checking Add exit_tcpdump() function Don't drop CAP_SYS_CHROOT before chrooting Fixes issue where statistics not reported when -G and -W options used New printers supporting: Generic Protocol Extension for VXLAN (VXLAN-GPE) Home Networking Control Protocol (HNCP), RFCs 7787 and 7788 Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets Marvell Extended Distributed Switch Architecture header (MEDSA) Network Service Header (NSH) REdis Serialization Protocol (RESP) Updated printers: 802.11: Beginnings of 11ac radiotap support 802.11: Check the Protected bit for management frames 802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow) 802.11: Fix the radiotap printer to handle the special bits correctly 802.11: If we have the MCS field, it's 11n 802.11: Only print unknown frame type or subtype messages once 802.11: Radiotap dBm values get printed as dB; Update a test output accordingly 802.11: Source and destination addresses were backwards AH: Add a bounds check AH: Report to our caller that dissection failed if a bounds check fails AP1394: Print src > dst, not dst > src ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow) ATALK: Add bounds and length checks (Fix heap overflows) ATM: Add some bounds checks (Fix a heap overflow) ATM: Fix an incorrect bounds check BFD: Update specification from draft to RFC 5880 BFD: Update to print optional authentication field BGP: Add decoding of ADD-PATH capability BGP: Add support for the AIGP attribute (RFC7311) BGP: Print LARGE_COMMUNITY Path Attribute BGP: Update BGP numbers from IANA; Print minor values for FSM notification BOOTP: Add a bounds check Babel: Add decoder for source-specific extension CDP: Filter out non-printable characters CFM: Fixes to match the IEEE standard, additional bounds and length checks CSLIP: Add more bounds checks (Fix a heap overflow) ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow) DHCP: Fix MUDURL and TZ options DHCPv6: Process MUDURL and TZ options DHCPv6: Update Status Codes with RFCs/IANA names DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
CVS commit: src
Module Name:src
Committed By: spz
Date: Sat Feb 4 10:56:10 UTC 2017
Modified Files:
src/doc: 3RDPARTY
src/external/mit/expat/dist/conftools: config.guess config.sub
src/external/mit/expat/dist/lib: xmlparse.c xmltok.c xmltok_impl.c
src/external/mit/expat/dist/tests: xmltest.sh
src/external/mit/expat/lib/libexpat: expat_config.h
Removed Files:
src/external/mit/expat/dist/doc: xmlwf.sgml
Log Message:
merge expat-2.2.0 and document
To generate a diff of this commit:
cvs rdiff -u -r1.1406 -r1.1407 src/doc/3RDPARTY
cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/dist/conftools/config.guess \
src/external/mit/expat/dist/conftools/config.sub
cvs rdiff -u -r1.1.1.3 -r0 src/external/mit/expat/dist/doc/xmlwf.sgml
cvs rdiff -u -r1.5 -r1.6 src/external/mit/expat/dist/lib/xmlparse.c
cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/dist/lib/xmltok.c
cvs rdiff -u -r1.4 -r1.5 src/external/mit/expat/dist/lib/xmltok_impl.c
cvs rdiff -u -r1.1.1.3 -r1.2 src/external/mit/expat/dist/tests/xmltest.sh
cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/lib/libexpat/expat_config.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/3RDPARTY
diff -u src/doc/3RDPARTY:1.1406 src/doc/3RDPARTY:1.1407
--- src/doc/3RDPARTY:1.1406 Tue Jan 31 23:56:41 2017
+++ src/doc/3RDPARTY Sat Feb 4 10:56:10 2017
@@ -1,4 +1,4 @@
-# $NetBSD: 3RDPARTY,v 1.1406 2017/01/31 23:56:41 christos Exp $
+# $NetBSD: 3RDPARTY,v 1.1407 2017/02/04 10:56:10 spz Exp $
#
# This file contains a list of the software that has been integrated into
# NetBSD where we are not the primary maintainer.
@@ -413,7 +413,7 @@ Location: external/bsd/ekermit
Notes:
Package: expat
-Version: 2.1.1
+Version: 2.2.0
Current Vers: 2.2.0
Maintainer: Expat Project
Archive Site: http://sourceforge.net/projects/expat/files/expat/
Index: src/external/mit/expat/dist/conftools/config.guess
diff -u src/external/mit/expat/dist/conftools/config.guess:1.2 src/external/mit/expat/dist/conftools/config.guess:1.3
--- src/external/mit/expat/dist/conftools/config.guess:1.2 Wed Feb 1 09:26:43 2017
+++ src/external/mit/expat/dist/conftools/config.guess Sat Feb 4 10:56:10 2017
@@ -1057,7 +1057,18 @@ EOF
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
- echo ${UNAME_MACHINE}-pc-linux-${LIBC}
+ eval $set_cc_for_build
+ X86_64_ABI=
+ # If there is a compiler, see if it is configured for 32-bit objects.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_X32 >/dev/null
+ then
+ X86_64_ABI=x32
+ fi
+ fi
+ echo ${UNAME_MACHINE}-pc-linux-${LIBC}${X86_64_ABI}
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
Index: src/external/mit/expat/dist/conftools/config.sub
diff -u src/external/mit/expat/dist/conftools/config.sub:1.2 src/external/mit/expat/dist/conftools/config.sub:1.3
--- src/external/mit/expat/dist/conftools/config.sub:1.2 Wed Feb 1 09:26:43 2017
+++ src/external/mit/expat/dist/conftools/config.sub Sat Feb 4 10:56:10 2017
@@ -838,6 +838,24 @@ case $basic_machine in
basic_machine=m68k-atari
os=-mint
;;
+ mipsEE* | ee | ps2)
+ basic_machine=mips64r5900el-scei
+ case $os in
+ -linux*)
+ ;;
+ *)
+ os=-elf
+ ;;
+ esac
+ ;;
+ iop)
+ basic_machine=mipsel-scei
+ os=-irx
+ ;;
+ dvp)
+ basic_machine=dvp-scei
+ os=-elf
+ ;;
mips3*-*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
;;
@@ -1404,7 +1422,7 @@ case $os in
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
- | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* | -irx* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
Index: src/external/mit/expat/dist/lib/xmlparse.c
diff -u src/external/mit/expat/dist/lib/xmlparse.c:1.5 src/external/mit/expat/dist/lib/xmlparse.c:1.6
--- src/external/mit/expat/dist/lib/xmlparse.c:1.5 Tue May 17 23:53:02 2016
+++ src/external/mit/expat/dist/lib/xmlparse.c Sat Feb 4 10:56:10 2017
@@ -6,11 +6,18 @@
#include /* memset(), memcpy() */
#include
#include /* UINT_MAX */
-#include/* time() */
+
+#ifdef WIN32
+#define getpid GetCurrentProcessId
+#else
+#include/* gettimeofday() */
+#include /* getpid() */
+#include /* getpid() */
+#endif
#define XML_BUILDING_EXPAT 1
-#ifdef COMPILED_FROM_DSP
+#ifdef WIN32
#include
CVS commit: src
Module Name:src Committed By: spz Date: Sat Feb 4 10:56:10 UTC 2017 Modified Files: src/doc: 3RDPARTY src/external/mit/expat/dist/conftools: config.guess config.sub src/external/mit/expat/dist/lib: xmlparse.c xmltok.c xmltok_impl.c src/external/mit/expat/dist/tests: xmltest.sh src/external/mit/expat/lib/libexpat: expat_config.h Removed Files: src/external/mit/expat/dist/doc: xmlwf.sgml Log Message: merge expat-2.2.0 and document To generate a diff of this commit: cvs rdiff -u -r1.1406 -r1.1407 src/doc/3RDPARTY cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/dist/conftools/config.guess \ src/external/mit/expat/dist/conftools/config.sub cvs rdiff -u -r1.1.1.3 -r0 src/external/mit/expat/dist/doc/xmlwf.sgml cvs rdiff -u -r1.5 -r1.6 src/external/mit/expat/dist/lib/xmlparse.c cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/dist/lib/xmltok.c cvs rdiff -u -r1.4 -r1.5 src/external/mit/expat/dist/lib/xmltok_impl.c cvs rdiff -u -r1.1.1.3 -r1.2 src/external/mit/expat/dist/tests/xmltest.sh cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/lib/libexpat/expat_config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS import: src/external/mit/expat/dist
Module Name:src Committed By: spz Date: Sat Feb 4 10:16:19 UTC 2017 Update of /cvsroot/src/external/mit/expat/dist In directory ivanova.netbsd.org:/tmp/cvs-serv7814 Log Message: from Changes: Release 2.2.0 Tue June 21 2016 Security fixes: #537 CVE-2016-0718 -- Fix crash on malformed input CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1 #499 CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496) Bug fixes: Fix uninitialized reads of size 1 (e.g. in little2_updatePosition) Fix detection of UTF-8 character boundaries Other changes: #532 Fix compilation for Visual Studio 2010 (keyword "C99") Autotools: Resolve use of "$<" to better support bmake Autotools: Add QA script "qa.sh" (and make target "qa") Autotools: Respect CXXFLAGS if given Autotools: Fix "make run-xmltest" Autotools: Have "make run-xmltest" check for expected output p90 CMake: Fix static build (BUILD_shared=OFF) on Windows #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass #323 CMake: Add suffix "d" to differentiate debug from release CMake: Define WIN32 with CMake on Windows Annotate memory allocators for GCC Address all currently known compile warnings Make sure that API symbols remain visible despite -fvisibility=hidden Remove executable flag from source files Resolve COMPILED_FROM_DSP in favor of WIN32 Status: Vendor Tag: expat Release Tags: expat-2-2-0 U src/external/mit/expat/dist/COPYING U src/external/mit/expat/dist/Makefile.in U src/external/mit/expat/dist/configure.ac U src/external/mit/expat/dist/MANIFEST U src/external/mit/expat/dist/expat_config.h.in U src/external/mit/expat/dist/expat.dsw U src/external/mit/expat/dist/configure U src/external/mit/expat/dist/README U src/external/mit/expat/dist/ConfigureChecks.cmake U src/external/mit/expat/dist/aclocal.m4 U src/external/mit/expat/dist/CMakeLists.txt U src/external/mit/expat/dist/CMake.README U src/external/mit/expat/dist/expat_config.h.cmake U src/external/mit/expat/dist/expat.pc.in U src/external/mit/expat/dist/Changes U src/external/mit/expat/dist/xmlwf/win32filemap.c U src/external/mit/expat/dist/xmlwf/xmltchar.h U src/external/mit/expat/dist/xmlwf/codepage.h U src/external/mit/expat/dist/xmlwf/xmlurl.h U src/external/mit/expat/dist/xmlwf/unixfilemap.c U src/external/mit/expat/dist/xmlwf/xmlwf.dsp U src/external/mit/expat/dist/xmlwf/xmlmime.h U src/external/mit/expat/dist/xmlwf/filemap.h U src/external/mit/expat/dist/xmlwf/ct.c U src/external/mit/expat/dist/xmlwf/codepage.c U src/external/mit/expat/dist/xmlwf/xmlwin32url.cxx U src/external/mit/expat/dist/xmlwf/xmlfile.c U src/external/mit/expat/dist/xmlwf/xmlfile.h U src/external/mit/expat/dist/xmlwf/xmlwf.c U src/external/mit/expat/dist/xmlwf/readfilemap.c U src/external/mit/expat/dist/xmlwf/xmlmime.c U src/external/mit/expat/dist/vms/expat_config.h U src/external/mit/expat/dist/vms/README.vms U src/external/mit/expat/dist/vms/descrip.mms U src/external/mit/expat/dist/m4/lt~obsolete.m4 U src/external/mit/expat/dist/m4/ltsugar.m4 U src/external/mit/expat/dist/m4/ltversion.m4 U src/external/mit/expat/dist/m4/libtool.m4 U src/external/mit/expat/dist/m4/ltoptions.m4 U src/external/mit/expat/dist/examples/outline.dsp U src/external/mit/expat/dist/examples/elements.c U src/external/mit/expat/dist/examples/elements.dsp U src/external/mit/expat/dist/examples/outline.c U src/external/mit/expat/dist/win32/README.txt U src/external/mit/expat/dist/win32/expat.iss U src/external/mit/expat/dist/win32/MANIFEST.txt U src/external/mit/expat/dist/conftools/mkinstalldirs U src/external/mit/expat/dist/conftools/ltmain.sh U src/external/mit/expat/dist/conftools/PrintPath U src/external/mit/expat/dist/conftools/install-sh U src/external/mit/expat/dist/conftools/expat.m4 C src/external/mit/expat/dist/conftools/config.guess U src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 U src/external/mit/expat/dist/conftools/get-version.sh C src/external/mit/expat/dist/conftools/config.sub U src/external/mit/expat/dist/amiga/expat_vectors.c U src/external/mit/expat/dist/amiga/README.txt U src/external/mit/expat/dist/amiga/expat_68k.c U src/external/mit/expat/dist/amiga/expat.xml U
CVS import: src/external/mit/expat/dist
Module Name:src Committed By: spz Date: Sat Feb 4 10:16:19 UTC 2017 Update of /cvsroot/src/external/mit/expat/dist In directory ivanova.netbsd.org:/tmp/cvs-serv7814 Log Message: from Changes: Release 2.2.0 Tue June 21 2016 Security fixes: #537 CVE-2016-0718 -- Fix crash on malformed input CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1 #499 CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496) Bug fixes: Fix uninitialized reads of size 1 (e.g. in little2_updatePosition) Fix detection of UTF-8 character boundaries Other changes: #532 Fix compilation for Visual Studio 2010 (keyword "C99") Autotools: Resolve use of "$<" to better support bmake Autotools: Add QA script "qa.sh" (and make target "qa") Autotools: Respect CXXFLAGS if given Autotools: Fix "make run-xmltest" Autotools: Have "make run-xmltest" check for expected output p90 CMake: Fix static build (BUILD_shared=OFF) on Windows #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass #323 CMake: Add suffix "d" to differentiate debug from release CMake: Define WIN32 with CMake on Windows Annotate memory allocators for GCC Address all currently known compile warnings Make sure that API symbols remain visible despite -fvisibility=hidden Remove executable flag from source files Resolve COMPILED_FROM_DSP in favor of WIN32 Status: Vendor Tag: expat Release Tags: expat-2-2-0 U src/external/mit/expat/dist/COPYING U src/external/mit/expat/dist/Makefile.in U src/external/mit/expat/dist/configure.ac U src/external/mit/expat/dist/MANIFEST U src/external/mit/expat/dist/expat_config.h.in U src/external/mit/expat/dist/expat.dsw U src/external/mit/expat/dist/configure U src/external/mit/expat/dist/README U src/external/mit/expat/dist/ConfigureChecks.cmake U src/external/mit/expat/dist/aclocal.m4 U src/external/mit/expat/dist/CMakeLists.txt U src/external/mit/expat/dist/CMake.README U src/external/mit/expat/dist/expat_config.h.cmake U src/external/mit/expat/dist/expat.pc.in U src/external/mit/expat/dist/Changes U src/external/mit/expat/dist/xmlwf/win32filemap.c U src/external/mit/expat/dist/xmlwf/xmltchar.h U src/external/mit/expat/dist/xmlwf/codepage.h U src/external/mit/expat/dist/xmlwf/xmlurl.h U src/external/mit/expat/dist/xmlwf/unixfilemap.c U src/external/mit/expat/dist/xmlwf/xmlwf.dsp U src/external/mit/expat/dist/xmlwf/xmlmime.h U src/external/mit/expat/dist/xmlwf/filemap.h U src/external/mit/expat/dist/xmlwf/ct.c U src/external/mit/expat/dist/xmlwf/codepage.c U src/external/mit/expat/dist/xmlwf/xmlwin32url.cxx U src/external/mit/expat/dist/xmlwf/xmlfile.c U src/external/mit/expat/dist/xmlwf/xmlfile.h U src/external/mit/expat/dist/xmlwf/xmlwf.c U src/external/mit/expat/dist/xmlwf/readfilemap.c U src/external/mit/expat/dist/xmlwf/xmlmime.c U src/external/mit/expat/dist/vms/expat_config.h U src/external/mit/expat/dist/vms/README.vms U src/external/mit/expat/dist/vms/descrip.mms U src/external/mit/expat/dist/m4/lt~obsolete.m4 U src/external/mit/expat/dist/m4/ltsugar.m4 U src/external/mit/expat/dist/m4/ltversion.m4 U src/external/mit/expat/dist/m4/libtool.m4 U src/external/mit/expat/dist/m4/ltoptions.m4 U src/external/mit/expat/dist/examples/outline.dsp U src/external/mit/expat/dist/examples/elements.c U src/external/mit/expat/dist/examples/elements.dsp U src/external/mit/expat/dist/examples/outline.c U src/external/mit/expat/dist/win32/README.txt U src/external/mit/expat/dist/win32/expat.iss U src/external/mit/expat/dist/win32/MANIFEST.txt U src/external/mit/expat/dist/conftools/mkinstalldirs U src/external/mit/expat/dist/conftools/ltmain.sh U src/external/mit/expat/dist/conftools/PrintPath U src/external/mit/expat/dist/conftools/install-sh U src/external/mit/expat/dist/conftools/expat.m4 C src/external/mit/expat/dist/conftools/config.guess U src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 U src/external/mit/expat/dist/conftools/get-version.sh C src/external/mit/expat/dist/conftools/config.sub U src/external/mit/expat/dist/amiga/expat_vectors.c U src/external/mit/expat/dist/amiga/README.txt U src/external/mit/expat/dist/amiga/expat_68k.c U src/external/mit/expat/dist/amiga/expat.xml U
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Jan 27 23:16:21 UTC 2017 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README openssl.spec src/crypto/external/bsd/openssl/dist/apps: ca.c s_client.c s_server.c speed.c src/crypto/external/bsd/openssl/dist/crypto: opensslv.h src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec2_mult.c src/crypto/external/bsd/openssl/dist/crypto/evp: e_aes.c src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa_oaep.c src/crypto/external/bsd/openssl/dist/crypto/ui: ui_lib.c ui_openssl.c src/crypto/external/bsd/openssl/dist/doc/crypto: EVP_DigestVerifyInit.pod src/crypto/external/bsd/openssl/dist/ssl: s2_lib.c s3_clnt.c s3_pkt.c s3_srvr.c ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c t1_lib.c Log Message: merge for OpenSSL 1.0.2k To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssl/dist/CHANGES \ src/crypto/external/bsd/openssl/dist/NEWS \ src/crypto/external/bsd/openssl/dist/README \ src/crypto/external/bsd/openssl/dist/openssl.spec cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssl/dist/Configure cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/Makefile cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssl/dist/apps/ca.c \ src/crypto/external/bsd/openssl/dist/apps/s_client.c \ src/crypto/external/bsd/openssl/dist/apps/s_server.c cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssl/dist/apps/speed.c cvs rdiff -u -r1.21 -r1.22 \ src/crypto/external/bsd/openssl/dist/crypto/opensslv.h cvs rdiff -u -r1.12 -r1.13 \ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/ssl/s2_lib.c cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c \ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c cvs rdiff -u -r1.14 -r1.15 \ src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/CHANGES diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.12 src/crypto/external/bsd/openssl/dist/CHANGES:1.13 --- src/crypto/external/bsd/openssl/dist/CHANGES:1.12 Fri Oct 14 16:23:17 2016 +++ src/crypto/external/bsd/openssl/dist/CHANGES Fri Jan 27 23:16:20 2017 @@ -2,6 +2,67 @@ OpenSSL CHANGES ___ + Changes between 1.0.2j and 1.0.2k [26 Jan 2017] + + *) Truncated packet could crash via OOB read + + If one side of an SSL/TLS path is running on a 32-bit host and a specific + cipher is being used, then a truncated packet can cause that host to + perform an out-of-bounds read, usually resulting in a crash. + + This issue was reported to OpenSSL by Robert Święcki of Google. + (CVE-2017-3731) + [Andy Polyakov] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Jan 27 23:16:21 UTC 2017 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README openssl.spec src/crypto/external/bsd/openssl/dist/apps: ca.c s_client.c s_server.c speed.c src/crypto/external/bsd/openssl/dist/crypto: opensslv.h src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec2_mult.c src/crypto/external/bsd/openssl/dist/crypto/evp: e_aes.c src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa_oaep.c src/crypto/external/bsd/openssl/dist/crypto/ui: ui_lib.c ui_openssl.c src/crypto/external/bsd/openssl/dist/doc/crypto: EVP_DigestVerifyInit.pod src/crypto/external/bsd/openssl/dist/ssl: s2_lib.c s3_clnt.c s3_pkt.c s3_srvr.c ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c t1_lib.c Log Message: merge for OpenSSL 1.0.2k To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssl/dist/CHANGES \ src/crypto/external/bsd/openssl/dist/NEWS \ src/crypto/external/bsd/openssl/dist/README \ src/crypto/external/bsd/openssl/dist/openssl.spec cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssl/dist/Configure cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/Makefile cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssl/dist/apps/ca.c \ src/crypto/external/bsd/openssl/dist/apps/s_client.c \ src/crypto/external/bsd/openssl/dist/apps/s_server.c cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssl/dist/apps/speed.c cvs rdiff -u -r1.21 -r1.22 \ src/crypto/external/bsd/openssl/dist/crypto/opensslv.h cvs rdiff -u -r1.12 -r1.13 \ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/ssl/s2_lib.c cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c \ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c cvs rdiff -u -r1.14 -r1.15 \ src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: spz Date: Fri Jan 27 23:00:50 UTC 2017 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: x86_64-mont.S x86_64-mont5.S src/crypto/external/bsd/openssl/lib/libcrypto/man: ASN1_OBJECT_new.3 ASN1_STRING_length.3 ASN1_STRING_new.3 ASN1_STRING_print_ex.3 ASN1_generate_nconf.3 BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 BIO_f_cipher.3 BIO_f_md.3 BIO_f_null.3 BIO_f_ssl.3 BIO_find_type.3 BIO_new.3 BIO_new_CMS.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 BIO_s_bio.3 BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 BIO_s_null.3 BIO_s_socket.3 BIO_set_callback.3 BIO_should_retry.3 BN_BLINDING_new.3 BN_CTX_new.3 BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 BN_copy.3 BN_generate_prime.3 BN_mod_inverse.3 BN_mod_mul_montgomery.3 BN_mod_mul_reciprocal.3 BN_new.3 BN_num_bytes.3 BN_rand.3 BN_set_bit.3 BN_swap.3 BN_zero.3 CMS_add0_cert.3 CMS_add1_recipient_cert.3 CMS_add1_signer.3 CMS_compress.3 CMS_decrypt.3 CMS_encrypt.3 CMS_final.3 CMS_get0_RecipientInfos.3 CMS_get0_SignerInfos.3 CMS_get0_type.3 CMS_get1_ReceiptRequest.3 CMS_sign.3 CMS_sign_receipt.3 CMS_uncompress.3 CMS_verify.3 CMS_verify_receipt.3 CONF_modules_free.3 CONF_modules_load_file.3 CRYPTO_set_ex_data.3 DH_generate_key.3 DH_generate_parameters.3 DH_get_ex_new_index.3 DH_new.3 DH_set_method.3 DH_size.3 DSA_SIG_new.3 DSA_do_sign.3 DSA_dup_DH.3 DSA_generate_key.3 DSA_generate_parameters.3 DSA_get_ex_new_index.3 DSA_new.3 DSA_set_method.3 DSA_sign.3 DSA_size.3 ERR_GET_LIB.3 ERR_clear_error.3 ERR_error_string.3 ERR_get_error.3 ERR_load_crypto_strings.3 ERR_load_strings.3 ERR_print_errors.3 ERR_put_error.3 ERR_remove_state.3 ERR_set_mark.3 EVP_BytesToKey.3 EVP_DigestInit.3 EVP_DigestSignInit.3 EVP_DigestVerifyInit.3 EVP_EncodeInit.3 EVP_EncryptInit.3 EVP_OpenInit.3 EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_new.3 EVP_PKEY_cmp.3 EVP_PKEY_decrypt.3 EVP_PKEY_derive.3 EVP_PKEY_encrypt.3 EVP_PKEY_get_default_digest.3 EVP_PKEY_keygen.3 EVP_PKEY_new.3 EVP_PKEY_print_private.3 EVP_PKEY_set1_RSA.3 EVP_PKEY_sign.3 EVP_PKEY_verify.3 EVP_PKEY_verify_recover.3 EVP_SealInit.3 EVP_SignInit.3 EVP_VerifyInit.3 OBJ_nid2obj.3 OPENSSL_Applink.3 OPENSSL_VERSION_NUMBER.3 OPENSSL_config.3 OPENSSL_ia32cap.3 OPENSSL_load_builtin_modules.3 OpenSSL_add_all_algorithms.3 PEM_write_bio_CMS_stream.3 PEM_write_bio_PKCS7_stream.3 PKCS12_create.3 PKCS12_parse.3 PKCS7_decrypt.3 PKCS7_encrypt.3 PKCS7_sign.3 PKCS7_sign_add_signer.3 PKCS7_verify.3 RAND_add.3 RAND_bytes.3 RAND_cleanup.3 RAND_egd.3 RAND_load_file.3 RAND_set_rand_method.3 RSA_blinding_on.3 RSA_check_key.3 RSA_generate_key.3 RSA_get_ex_new_index.3 RSA_new.3 RSA_padding_add_PKCS1_type_1.3 RSA_print.3 RSA_private_encrypt.3 RSA_public_encrypt.3 RSA_set_method.3 RSA_sign.3 RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SMIME_read_CMS.3 SMIME_read_PKCS7.3 SMIME_write_CMS.3 SMIME_write_PKCS7.3 SSL_CIPHER_get_name.3 SSL_COMP_add_compression_method.3 SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 SSL_CTX_ctrl.3 SSL_CTX_flush_sessions.3 SSL_CTX_free.3 SSL_CTX_get_ex_new_index.3 SSL_CTX_get_verify_mode.3 SSL_CTX_load_verify_locations.3 SSL_CTX_new.3 SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 SSL_CTX_set_cert_store.3 SSL_CTX_set_cert_verify_callback.3 SSL_CTX_set_cipher_list.3 SSL_CTX_set_client_CA_list.3 SSL_CTX_set_client_cert_cb.3 SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_generate_session_id.3 SSL_CTX_set_info_callback.3 SSL_CTX_set_max_cert_list.3 SSL_CTX_set_mode.3 SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 SSL_CTX_set_psk_client_callback.3 SSL_CTX_set_quiet_shutdown.3 SSL_CTX_set_read_ahead.3 SSL_CTX_set_session_cache_mode.3 SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 SSL_CTX_set_timeout.3 SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_set_tlsext_ticket_key_cb.3 SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_verify.3 SSL_CTX_use_certificate.3 SSL_CTX_use_psk_identity_hint.3 SSL_SESSION_free.3 SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_time.3 SSL_accept.3 SSL_alert_type_string.3 SSL_clear.3 SSL_connect.3 SSL_do_handshake.3 SSL_free.3 SSL_get_SSL_CTX.3
CVS commit: src
Module Name:src Committed By: spz Date: Fri Jan 27 23:00:50 UTC 2017 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: x86_64-mont.S x86_64-mont5.S src/crypto/external/bsd/openssl/lib/libcrypto/man: ASN1_OBJECT_new.3 ASN1_STRING_length.3 ASN1_STRING_new.3 ASN1_STRING_print_ex.3 ASN1_generate_nconf.3 BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 BIO_f_cipher.3 BIO_f_md.3 BIO_f_null.3 BIO_f_ssl.3 BIO_find_type.3 BIO_new.3 BIO_new_CMS.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 BIO_s_bio.3 BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 BIO_s_null.3 BIO_s_socket.3 BIO_set_callback.3 BIO_should_retry.3 BN_BLINDING_new.3 BN_CTX_new.3 BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 BN_copy.3 BN_generate_prime.3 BN_mod_inverse.3 BN_mod_mul_montgomery.3 BN_mod_mul_reciprocal.3 BN_new.3 BN_num_bytes.3 BN_rand.3 BN_set_bit.3 BN_swap.3 BN_zero.3 CMS_add0_cert.3 CMS_add1_recipient_cert.3 CMS_add1_signer.3 CMS_compress.3 CMS_decrypt.3 CMS_encrypt.3 CMS_final.3 CMS_get0_RecipientInfos.3 CMS_get0_SignerInfos.3 CMS_get0_type.3 CMS_get1_ReceiptRequest.3 CMS_sign.3 CMS_sign_receipt.3 CMS_uncompress.3 CMS_verify.3 CMS_verify_receipt.3 CONF_modules_free.3 CONF_modules_load_file.3 CRYPTO_set_ex_data.3 DH_generate_key.3 DH_generate_parameters.3 DH_get_ex_new_index.3 DH_new.3 DH_set_method.3 DH_size.3 DSA_SIG_new.3 DSA_do_sign.3 DSA_dup_DH.3 DSA_generate_key.3 DSA_generate_parameters.3 DSA_get_ex_new_index.3 DSA_new.3 DSA_set_method.3 DSA_sign.3 DSA_size.3 ERR_GET_LIB.3 ERR_clear_error.3 ERR_error_string.3 ERR_get_error.3 ERR_load_crypto_strings.3 ERR_load_strings.3 ERR_print_errors.3 ERR_put_error.3 ERR_remove_state.3 ERR_set_mark.3 EVP_BytesToKey.3 EVP_DigestInit.3 EVP_DigestSignInit.3 EVP_DigestVerifyInit.3 EVP_EncodeInit.3 EVP_EncryptInit.3 EVP_OpenInit.3 EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_new.3 EVP_PKEY_cmp.3 EVP_PKEY_decrypt.3 EVP_PKEY_derive.3 EVP_PKEY_encrypt.3 EVP_PKEY_get_default_digest.3 EVP_PKEY_keygen.3 EVP_PKEY_new.3 EVP_PKEY_print_private.3 EVP_PKEY_set1_RSA.3 EVP_PKEY_sign.3 EVP_PKEY_verify.3 EVP_PKEY_verify_recover.3 EVP_SealInit.3 EVP_SignInit.3 EVP_VerifyInit.3 OBJ_nid2obj.3 OPENSSL_Applink.3 OPENSSL_VERSION_NUMBER.3 OPENSSL_config.3 OPENSSL_ia32cap.3 OPENSSL_load_builtin_modules.3 OpenSSL_add_all_algorithms.3 PEM_write_bio_CMS_stream.3 PEM_write_bio_PKCS7_stream.3 PKCS12_create.3 PKCS12_parse.3 PKCS7_decrypt.3 PKCS7_encrypt.3 PKCS7_sign.3 PKCS7_sign_add_signer.3 PKCS7_verify.3 RAND_add.3 RAND_bytes.3 RAND_cleanup.3 RAND_egd.3 RAND_load_file.3 RAND_set_rand_method.3 RSA_blinding_on.3 RSA_check_key.3 RSA_generate_key.3 RSA_get_ex_new_index.3 RSA_new.3 RSA_padding_add_PKCS1_type_1.3 RSA_print.3 RSA_private_encrypt.3 RSA_public_encrypt.3 RSA_set_method.3 RSA_sign.3 RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SMIME_read_CMS.3 SMIME_read_PKCS7.3 SMIME_write_CMS.3 SMIME_write_PKCS7.3 SSL_CIPHER_get_name.3 SSL_COMP_add_compression_method.3 SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 SSL_CTX_ctrl.3 SSL_CTX_flush_sessions.3 SSL_CTX_free.3 SSL_CTX_get_ex_new_index.3 SSL_CTX_get_verify_mode.3 SSL_CTX_load_verify_locations.3 SSL_CTX_new.3 SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 SSL_CTX_set_cert_store.3 SSL_CTX_set_cert_verify_callback.3 SSL_CTX_set_cipher_list.3 SSL_CTX_set_client_CA_list.3 SSL_CTX_set_client_cert_cb.3 SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_generate_session_id.3 SSL_CTX_set_info_callback.3 SSL_CTX_set_max_cert_list.3 SSL_CTX_set_mode.3 SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 SSL_CTX_set_psk_client_callback.3 SSL_CTX_set_quiet_shutdown.3 SSL_CTX_set_read_ahead.3 SSL_CTX_set_session_cache_mode.3 SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 SSL_CTX_set_timeout.3 SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_set_tlsext_ticket_key_cb.3 SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_verify.3 SSL_CTX_use_certificate.3 SSL_CTX_use_psk_identity_hint.3 SSL_SESSION_free.3 SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_time.3 SSL_accept.3 SSL_alert_type_string.3 SSL_clear.3 SSL_connect.3 SSL_do_handshake.3 SSL_free.3 SSL_get_SSL_CTX.3
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Jan 27 22:58:25 UTC 2017 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv18440 Log Message: import of OpenSSL 1.0.2k Upstream changelog: Changes between 1.0.2j and 1.0.2k [26 Jan 2017] *) Truncated packet could crash via OOB read If one side of an SSL/TLS path is running on a 32-bit host and a specific cipher is being used, then a truncated packet can cause that host to perform an out-of-bounds read, usually resulting in a crash. This issue was reported to OpenSSL by Robert Święcki of Google. (CVE-2017-3731) [Andy Polyakov] *) BN_mod_exp may produce incorrect results on x86_64 There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. This issue was reported to OpenSSL by the OSS-Fuzz project. (CVE-2017-3732) [Andy Polyakov] *) Montgomery multiplication may produce incorrect results There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. This issue was publicly reported as transient failures and was not initially recognized as a security issue. Thanks to Richard Morgan for providing reproducible case. (CVE-2016-7055) [Andy Polyakov] *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. [Matt Caswell] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-2k U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/CONTRIBUTING U src/crypto/external/bsd/openssl/dist/GitConfigure U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/GitMake U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org U src/crypto/external/bsd/openssl/dist/makevms.com U src/crypto/external/bsd/openssl/dist/PROBLEMS C
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Jan 27 22:58:25 UTC 2017 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv18440 Log Message: import of OpenSSL 1.0.2k Upstream changelog: Changes between 1.0.2j and 1.0.2k [26 Jan 2017] *) Truncated packet could crash via OOB read If one side of an SSL/TLS path is running on a 32-bit host and a specific cipher is being used, then a truncated packet can cause that host to perform an out-of-bounds read, usually resulting in a crash. This issue was reported to OpenSSL by Robert Święcki of Google. (CVE-2017-3731) [Andy Polyakov] *) BN_mod_exp may produce incorrect results on x86_64 There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. This issue was reported to OpenSSL by the OSS-Fuzz project. (CVE-2017-3732) [Andy Polyakov] *) Montgomery multiplication may produce incorrect results There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. This issue was publicly reported as transient failures and was not initially recognized as a security issue. Thanks to Richard Morgan for providing reproducible case. (CVE-2016-7055) [Andy Polyakov] *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. [Matt Caswell] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-2k U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/CONTRIBUTING U src/crypto/external/bsd/openssl/dist/GitConfigure U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/GitMake U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org U src/crypto/external/bsd/openssl/dist/makevms.com U src/crypto/external/bsd/openssl/dist/PROBLEMS C
CVS commit: src/external/bsd/bind/dist/bin/named
Module Name:src
Committed By: spz
Date: Thu Jan 12 08:38:31 UTC 2017
Added Files:
src/external/bsd/bind/dist/bin/named: pfilter.c pfilter.h
Log Message:
don't "clean up" the blacklistd integration
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.4 src/external/bsd/bind/dist/bin/named/pfilter.c
cvs rdiff -u -r0 -r1.3 src/external/bsd/bind/dist/bin/named/pfilter.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/external/bsd/bind/dist/bin/named/pfilter.c
diff -u /dev/null src/external/bsd/bind/dist/bin/named/pfilter.c:1.4
--- /dev/null Thu Jan 12 08:38:31 2017
+++ src/external/bsd/bind/dist/bin/named/pfilter.c Thu Jan 12 08:38:31 2017
@@ -0,0 +1,47 @@
+#include
+
+#include
+#include
+#include
+#include
+
+#include
+
+#include "pfilter.h"
+
+static struct blacklist *blstate;
+
+void
+pfilter_open(void)
+{
+ if (blstate == NULL)
+ blstate = blacklist_open();
+}
+
+#define TCP_CLIENT(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
+
+void
+pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg)
+{
+ isc_socket_t *socket;
+
+ pfilter_open();
+
+ if (TCP_CLIENT(client))
+ socket = client->tcpsocket;
+ else {
+ socket = client->udpsocket;
+ if (!client->peeraddr_valid)
+ return;
+ }
+
+ if (socket == NULL)
+ return;
+
+ if (blstate == NULL)
+ return;
+
+ blacklist_sa_r(blstate,
+ res != ISC_R_SUCCESS, isc_socket_getfd(socket),
+ >peeraddr.type.sa, client->peeraddr.length, msg);
+}
Index: src/external/bsd/bind/dist/bin/named/pfilter.h
diff -u /dev/null src/external/bsd/bind/dist/bin/named/pfilter.h:1.3
--- /dev/null Thu Jan 12 08:38:31 2017
+++ src/external/bsd/bind/dist/bin/named/pfilter.h Thu Jan 12 08:38:31 2017
@@ -0,0 +1,2 @@
+void pfilter_open(void);
+void pfilter_notify(isc_result_t, ns_client_t *, const char *);
CVS commit: src/external/bsd/bind/dist/bin/named
Module Name:src Committed By: spz Date: Thu Jan 12 08:38:31 UTC 2017 Added Files: src/external/bsd/bind/dist/bin/named: pfilter.c pfilter.h Log Message: don't "clean up" the blacklistd integration To generate a diff of this commit: cvs rdiff -u -r0 -r1.4 src/external/bsd/bind/dist/bin/named/pfilter.c cvs rdiff -u -r0 -r1.3 src/external/bsd/bind/dist/bin/named/pfilter.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/bind/dist
Module Name:src Committed By: spz Date: Thu Jan 12 08:21:33 UTC 2017 Modified Files: src/external/bsd/bind/dist: CHANGES README srcid version src/external/bsd/bind/dist/doc/arm: Bv9ARM.ch04.html Bv9ARM.ch06.html Bv9ARM.ch07.html Bv9ARM.ch08.html Bv9ARM.ch09.html Bv9ARM.html man.arpaname.html man.ddns-confgen.html man.delv.html man.dig.html man.dnssec-checkds.html man.dnssec-coverage.html man.dnssec-dsfromkey.html man.dnssec-importkey.html man.dnssec-keyfromlabel.html man.dnssec-keygen.html man.dnssec-revoke.html man.dnssec-settime.html man.dnssec-signzone.html man.dnssec-verify.html man.genrandom.html man.host.html man.isc-hmac-fixup.html man.named-checkconf.html man.named-checkzone.html man.named-journalprint.html man.named-rrchecker.html man.named.html man.nsec3hash.html man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html man.rndc.html src/external/bsd/bind/dist/lib/dns: api message.c resolver.c src/external/bsd/bind/dist/lib/isc/unix: socket.c src/external/bsd/bind/dist/lib/isc/win32: socket.c Removed Files: src/external/bsd/bind/dist/bin/named: pfilter.c pfilter.h src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat: zkt-ls zkt-signer src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical: zkt-ls zkt-signer Log Message: merge bind-9.10.4-P5 To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/external/bsd/bind/dist/CHANGES cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/README cvs rdiff -u -r1.17 -r1.18 src/external/bsd/bind/dist/srcid cvs rdiff -u -r1.21 -r1.22 src/external/bsd/bind/dist/version cvs rdiff -u -r1.2 -r0 src/external/bsd/bind/dist/bin/named/pfilter.c cvs rdiff -u -r1.1 -r0 src/external/bsd/bind/dist/bin/named/pfilter.h cvs rdiff -u -r1.1 -r0 \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer cvs rdiff -u -r1.1 -r0 \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer cvs rdiff -u -r1.11 -r1.12 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html \ src/external/bsd/bind/dist/doc/arm/man.arpaname.html \ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.delv.html \ src/external/bsd/bind/dist/doc/arm/man.dig.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html \ src/external/bsd/bind/dist/doc/arm/man.genrandom.html \ src/external/bsd/bind/dist/doc/arm/man.host.html \ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html \ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html \ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html \ src/external/bsd/bind/dist/doc/arm/man.named.html \ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html \ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html \ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.html cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/lib/dns/api cvs rdiff -u -r1.20 -r1.21 src/external/bsd/bind/dist/lib/dns/message.c cvs rdiff -u -r1.27 -r1.28 src/external/bsd/bind/dist/lib/dns/resolver.c cvs rdiff -u -r1.19 -r1.20 src/external/bsd/bind/dist/lib/isc/unix/socket.c cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/lib/isc/win32/socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/bind/dist
Module Name:src Committed By: spz Date: Thu Jan 12 08:21:33 UTC 2017 Modified Files: src/external/bsd/bind/dist: CHANGES README srcid version src/external/bsd/bind/dist/doc/arm: Bv9ARM.ch04.html Bv9ARM.ch06.html Bv9ARM.ch07.html Bv9ARM.ch08.html Bv9ARM.ch09.html Bv9ARM.html man.arpaname.html man.ddns-confgen.html man.delv.html man.dig.html man.dnssec-checkds.html man.dnssec-coverage.html man.dnssec-dsfromkey.html man.dnssec-importkey.html man.dnssec-keyfromlabel.html man.dnssec-keygen.html man.dnssec-revoke.html man.dnssec-settime.html man.dnssec-signzone.html man.dnssec-verify.html man.genrandom.html man.host.html man.isc-hmac-fixup.html man.named-checkconf.html man.named-checkzone.html man.named-journalprint.html man.named-rrchecker.html man.named.html man.nsec3hash.html man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html man.rndc.html src/external/bsd/bind/dist/lib/dns: api message.c resolver.c src/external/bsd/bind/dist/lib/isc/unix: socket.c src/external/bsd/bind/dist/lib/isc/win32: socket.c Removed Files: src/external/bsd/bind/dist/bin/named: pfilter.c pfilter.h src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat: zkt-ls zkt-signer src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical: zkt-ls zkt-signer Log Message: merge bind-9.10.4-P5 To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/external/bsd/bind/dist/CHANGES cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/README cvs rdiff -u -r1.17 -r1.18 src/external/bsd/bind/dist/srcid cvs rdiff -u -r1.21 -r1.22 src/external/bsd/bind/dist/version cvs rdiff -u -r1.2 -r0 src/external/bsd/bind/dist/bin/named/pfilter.c cvs rdiff -u -r1.1 -r0 src/external/bsd/bind/dist/bin/named/pfilter.h cvs rdiff -u -r1.1 -r0 \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer cvs rdiff -u -r1.1 -r0 \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer cvs rdiff -u -r1.11 -r1.12 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html \ src/external/bsd/bind/dist/doc/arm/man.arpaname.html \ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.delv.html \ src/external/bsd/bind/dist/doc/arm/man.dig.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html \ src/external/bsd/bind/dist/doc/arm/man.genrandom.html \ src/external/bsd/bind/dist/doc/arm/man.host.html \ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html \ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html \ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html \ src/external/bsd/bind/dist/doc/arm/man.named.html \ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html \ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html \ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.html cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/lib/dns/api cvs rdiff -u -r1.20 -r1.21 src/external/bsd/bind/dist/lib/dns/message.c cvs rdiff -u -r1.27 -r1.28 src/external/bsd/bind/dist/lib/dns/resolver.c cvs rdiff -u -r1.19 -r1.20 src/external/bsd/bind/dist/lib/isc/unix/socket.c cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/lib/isc/win32/socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/bind/dist/CHANGES diff -u src/external/bsd/bind/dist/CHANGES:1.23
CVS commit: src
Module Name:src Committed By: spz Date: Fri Oct 14 16:39:05 UTC 2016 Modified Files: src: UPDATING Log Message: note that the OpenSSL import requires some objdir cleanup To generate a diff of this commit: cvs rdiff -u -r1.274 -r1.275 src/UPDATING Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: spz Date: Fri Oct 14 16:39:05 UTC 2016 Modified Files: src: UPDATING Log Message: note that the OpenSSL import requires some objdir cleanup To generate a diff of this commit: cvs rdiff -u -r1.274 -r1.275 src/UPDATING Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/UPDATING diff -u src/UPDATING:1.274 src/UPDATING:1.275 --- src/UPDATING:1.274 Mon Oct 10 13:28:24 2016 +++ src/UPDATING Fri Oct 14 16:39:05 2016 @@ -1,4 +1,4 @@ -$NetBSD: UPDATING,v 1.274 2016/10/10 13:28:24 martin Exp $ +$NetBSD: UPDATING,v 1.275 2016/10/14 16:39:05 spz Exp $ This file (UPDATING) is intended to be a brief reference to recent changes that might cause problems in the build process, and a guide for @@ -19,6 +19,11 @@ See also: BUILDING, build.sh, Makefile. Recent changes: ^^^ +20161014: + a new version of OpenSSL has been imported. + Remove the files from obj (crypto/external/bsd/openssl) + if you build.sh -u + 20161009: a new version of dhcpcd has been imported with slightly changed build infrastructure. When doing a build.sh -u this requires
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Oct 14 16:23:23 UTC 2016 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README e_os.h makevms.com openssl.spec src/crypto/external/bsd/openssl/dist/apps: CA.pl ca.c makeapps.com ocsp.c openssl.cnf s_client.c s_server.c speed.c src/crypto/external/bsd/openssl/dist/crypto: Makefile armcap.c cryptlib.c cryptlib.h crypto-lib.com crypto.h cversion.c ex_data.c install-crypto.com md32_common.h mem.c mem_clr.c opensslconf.h opensslv.h ossl_typ.h ppccap.c ppccpuid.pl sparccpuid.S x86_64cpuid.pl src/crypto/external/bsd/openssl/dist/crypto/aes: Makefile src/crypto/external/bsd/openssl/dist/crypto/aes/asm: aes-x86_64.pl aesni-sha1-x86_64.pl aesni-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/asn1: a_set.c a_strex.c asn1.h asn1_mac.h asn_mime.c asn_pack.c tasn_dec.c tasn_enc.c x_x509.c src/crypto/external/bsd/openssl/dist/crypto/bio: b_sock.c bio.h bio_lib.c bss_file.c src/crypto/external/bsd/openssl/dist/crypto/bn: bn.h bn_exp.c bn_lcl.h bn_lib.c bntest.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm: x86_64-gcc.c x86_64-gf2m.pl src/crypto/external/bsd/openssl/dist/crypto/cms: cms_pwri.c src/crypto/external/bsd/openssl/dist/crypto/comp: c_zlib.c src/crypto/external/bsd/openssl/dist/crypto/des: des.c read_pwd.c src/crypto/external/bsd/openssl/dist/crypto/dh: dh.h dh_lib.c dhtest.c src/crypto/external/bsd/openssl/dist/crypto/dsa: dsa.h dsa_ameth.c dsa_lib.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec.h ec2_smpl.c ec_ameth.c ec_key.c ec_lcl.h ec_lib.c ectest.c src/crypto/external/bsd/openssl/dist/crypto/ecdh: ecdh.h ech_lib.c src/crypto/external/bsd/openssl/dist/crypto/ecdsa: ecdsa.h ecs_lib.c src/crypto/external/bsd/openssl/dist/crypto/engine: Makefile eng_all.c eng_cryptodev.c eng_lib.c engine.h src/crypto/external/bsd/openssl/dist/crypto/err: openssl.ec src/crypto/external/bsd/openssl/dist/crypto/evp: Makefile e_aes.c evp_enc.c evp_test.c m_sha1.c openbsd_hw.c src/crypto/external/bsd/openssl/dist/crypto/hmac: hmac.c hmactest.c src/crypto/external/bsd/openssl/dist/crypto/lhash: lhash.c src/crypto/external/bsd/openssl/dist/crypto/md5: md5_locl.h src/crypto/external/bsd/openssl/dist/crypto/modes: gcm128.c modes.h src/crypto/external/bsd/openssl/dist/crypto/objects: o_names.c objects.h src/crypto/external/bsd/openssl/dist/crypto/perlasm: x86gas.pl src/crypto/external/bsd/openssl/dist/crypto/pkcs12: p12_decr.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pk7_doit.c src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c rand_unix.c randfile.c src/crypto/external/bsd/openssl/dist/crypto/rc4: Makefile src/crypto/external/bsd/openssl/dist/crypto/rc4/asm: rc4-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/rc5: rc5_locl.h src/crypto/external/bsd/openssl/dist/crypto/rsa: Makefile rsa.h rsa_err.c rsa_lib.c rsa_oaep.c rsa_sign.c src/crypto/external/bsd/openssl/dist/crypto/sha: sha256.c src/crypto/external/bsd/openssl/dist/crypto/sha/asm: sha1-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/stack: safestack.h stack.c src/crypto/external/bsd/openssl/dist/crypto/store: store.h str_lib.c src/crypto/external/bsd/openssl/dist/crypto/ui: ui.h ui_lib.c ui_openssl.c src/crypto/external/bsd/openssl/dist/crypto/x509: x509.h x509_vfy.c x509_vfy.h src/crypto/external/bsd/openssl/dist/crypto/x509v3: v3_addr.c src/crypto/external/bsd/openssl/dist/doc/apps: genpkey.pod src/crypto/external/bsd/openssl/dist/doc/crypto: BIO_s_accept.pod EVP_DigestInit.pod EVP_DigestVerifyInit.pod EVP_EncryptInit.pod d2i_X509.pod src/crypto/external/bsd/openssl/dist/doc/ssl: SSL_CTX_use_psk_identity_hint.pod SSL_accept.pod SSL_do_handshake.pod SSL_shutdown.pod src/crypto/external/bsd/openssl/dist/engines: makeengines.com src/crypto/external/bsd/openssl/dist/engines/ccgost: gost2001_keyx.c gost94_keyx.c src/crypto/external/bsd/openssl/dist/ssl: Makefile d1_both.c d1_lib.c d1_pkt.c d1_srtp.c d1_srvr.c dtls1.h s23_clnt.c s23_srvr.c s2_lib.c s2_srvr.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c srtp.h ssl-lib.com ssl.h ssl3.h ssl_ciph.c ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c ssltest.c t1_enc.c t1_lib.c tls1.h src/crypto/external/bsd/openssl/dist/test: Makefile maketests.com
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Oct 14 16:23:23 UTC 2016 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README e_os.h makevms.com openssl.spec src/crypto/external/bsd/openssl/dist/apps: CA.pl ca.c makeapps.com ocsp.c openssl.cnf s_client.c s_server.c speed.c src/crypto/external/bsd/openssl/dist/crypto: Makefile armcap.c cryptlib.c cryptlib.h crypto-lib.com crypto.h cversion.c ex_data.c install-crypto.com md32_common.h mem.c mem_clr.c opensslconf.h opensslv.h ossl_typ.h ppccap.c ppccpuid.pl sparccpuid.S x86_64cpuid.pl src/crypto/external/bsd/openssl/dist/crypto/aes: Makefile src/crypto/external/bsd/openssl/dist/crypto/aes/asm: aes-x86_64.pl aesni-sha1-x86_64.pl aesni-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/asn1: a_set.c a_strex.c asn1.h asn1_mac.h asn_mime.c asn_pack.c tasn_dec.c tasn_enc.c x_x509.c src/crypto/external/bsd/openssl/dist/crypto/bio: b_sock.c bio.h bio_lib.c bss_file.c src/crypto/external/bsd/openssl/dist/crypto/bn: bn.h bn_exp.c bn_lcl.h bn_lib.c bntest.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm: x86_64-gcc.c x86_64-gf2m.pl src/crypto/external/bsd/openssl/dist/crypto/cms: cms_pwri.c src/crypto/external/bsd/openssl/dist/crypto/comp: c_zlib.c src/crypto/external/bsd/openssl/dist/crypto/des: des.c read_pwd.c src/crypto/external/bsd/openssl/dist/crypto/dh: dh.h dh_lib.c dhtest.c src/crypto/external/bsd/openssl/dist/crypto/dsa: dsa.h dsa_ameth.c dsa_lib.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec.h ec2_smpl.c ec_ameth.c ec_key.c ec_lcl.h ec_lib.c ectest.c src/crypto/external/bsd/openssl/dist/crypto/ecdh: ecdh.h ech_lib.c src/crypto/external/bsd/openssl/dist/crypto/ecdsa: ecdsa.h ecs_lib.c src/crypto/external/bsd/openssl/dist/crypto/engine: Makefile eng_all.c eng_cryptodev.c eng_lib.c engine.h src/crypto/external/bsd/openssl/dist/crypto/err: openssl.ec src/crypto/external/bsd/openssl/dist/crypto/evp: Makefile e_aes.c evp_enc.c evp_test.c m_sha1.c openbsd_hw.c src/crypto/external/bsd/openssl/dist/crypto/hmac: hmac.c hmactest.c src/crypto/external/bsd/openssl/dist/crypto/lhash: lhash.c src/crypto/external/bsd/openssl/dist/crypto/md5: md5_locl.h src/crypto/external/bsd/openssl/dist/crypto/modes: gcm128.c modes.h src/crypto/external/bsd/openssl/dist/crypto/objects: o_names.c objects.h src/crypto/external/bsd/openssl/dist/crypto/perlasm: x86gas.pl src/crypto/external/bsd/openssl/dist/crypto/pkcs12: p12_decr.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pk7_doit.c src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c rand_unix.c randfile.c src/crypto/external/bsd/openssl/dist/crypto/rc4: Makefile src/crypto/external/bsd/openssl/dist/crypto/rc4/asm: rc4-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/rc5: rc5_locl.h src/crypto/external/bsd/openssl/dist/crypto/rsa: Makefile rsa.h rsa_err.c rsa_lib.c rsa_oaep.c rsa_sign.c src/crypto/external/bsd/openssl/dist/crypto/sha: sha256.c src/crypto/external/bsd/openssl/dist/crypto/sha/asm: sha1-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/stack: safestack.h stack.c src/crypto/external/bsd/openssl/dist/crypto/store: store.h str_lib.c src/crypto/external/bsd/openssl/dist/crypto/ui: ui.h ui_lib.c ui_openssl.c src/crypto/external/bsd/openssl/dist/crypto/x509: x509.h x509_vfy.c x509_vfy.h src/crypto/external/bsd/openssl/dist/crypto/x509v3: v3_addr.c src/crypto/external/bsd/openssl/dist/doc/apps: genpkey.pod src/crypto/external/bsd/openssl/dist/doc/crypto: BIO_s_accept.pod EVP_DigestInit.pod EVP_DigestVerifyInit.pod EVP_EncryptInit.pod d2i_X509.pod src/crypto/external/bsd/openssl/dist/doc/ssl: SSL_CTX_use_psk_identity_hint.pod SSL_accept.pod SSL_do_handshake.pod SSL_shutdown.pod src/crypto/external/bsd/openssl/dist/engines: makeengines.com src/crypto/external/bsd/openssl/dist/engines/ccgost: gost2001_keyx.c gost94_keyx.c src/crypto/external/bsd/openssl/dist/ssl: Makefile d1_both.c d1_lib.c d1_pkt.c d1_srtp.c d1_srvr.c dtls1.h s23_clnt.c s23_srvr.c s2_lib.c s2_srvr.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c srtp.h ssl-lib.com ssl.h ssl3.h ssl_ciph.c ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c ssltest.c t1_enc.c t1_lib.c tls1.h src/crypto/external/bsd/openssl/dist/test: Makefile maketests.com
CVS commit: src
Module Name:src Committed By: spz Date: Fri Oct 14 16:09:45 UTC 2016 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto: Makefile asn1.inc bn.inc cms.inc dh.inc dso.inc ec.inc ecdh.inc engine.inc evp.inc man.inc modes.inc pkcs7.inc rand.inc shlib_version x509v3.inc src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: aes-586.S aesni-x86.S bn-586.S des-586.S ghash-x86.S rc4-586.S sha1-586.S sha256-586.S sha512-586.S uplink-x86.S vpaes-x86.S x86cpuid.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/powerpc: Makefile aes-ppc.S bn.inc ppc-mont.S ppc.S ppccpuid.S sha1-ppc.S sha512-ppc.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc: Makefile aes.inc crypto.inc des_enc-sparc.S ghash-sparcv9.S modes.inc sha1-sparcv9.S sha512-sparcv9.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc64: Makefile aes.inc crypto.inc des_enc-sparc.S ghash-sparcv9.S sha1-sparcv9.S sha512-sparcv9.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: Makefile aes-x86_64.S aes.inc aesni-sha1-x86_64.S aesni-x86_64.S bn.inc bsaes-x86_64.S cmll-x86_64.S engine.inc ghash-x86_64.S md5-x86_64.S rc4-x86_64.S sha.inc sha1-x86_64.S sha512-x86_64.S uplink-x86_64.S vpaes-x86_64.S wp-x86_64.S x86_64-gf2m.S x86_64-mont.S x86_64-mont5.S x86_64cpuid.S src/crypto/external/bsd/openssl/lib/libcrypto_rc5: shlib_version src/crypto/external/bsd/openssl/lib/libdes: shlib_version src/crypto/external/bsd/openssl/lib/libssl: shlib_version ssl.inc src/distrib/sets/lists/base: shl.mi src/distrib/sets/lists/comp: mi src/distrib/sets/lists/debug: shl.mi src/distrib/sets/lists/man: mi src/doc: 3RDPARTY src/tests/crypto/libcrypto/rc4: Makefile Added Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/powerpc: aes.inc aesp8-ppc.S ghashp8-ppc.S modes.inc ppc64-mont.S sha.inc sha256-ppc.S sha256p8-ppc.S sha512p8-ppc.S vpaes-ppc.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc: aest4-sparcv9.S cmllt4-sparcv9.S dest4-sparcv9.S md5-sparcv9.S sparct4-mont.S sparcv9-gf2m.S vis3-mont.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc64: aest4-sparcv9.S cmllt4-sparcv9.S dest4-sparcv9.S md5-sparcv9.S sparct4-mont.S sparcv9-gf2m.S vis3-mont.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: aesni-gcm-x86_64.S aesni-mb-x86_64.S aesni-sha256-x86_64.S ecp_nistz256-x86_64.S rsaz-avx2.S rsaz-x86_64.S sha1-mb-x86_64.S sha256-mb-x86_64.S Removed Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: modexp512-x86_64.S Log Message: periphereal updates and generated files for the new openssl. Expect at least one more commit until the tree builds again. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 \ src/crypto/external/bsd/openssl/lib/libcrypto/Makefile \ src/crypto/external/bsd/openssl/lib/libcrypto/shlib_version cvs rdiff -u -r1.1 -r1.2 \ src/crypto/external/bsd/openssl/lib/libcrypto/asn1.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/dso.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/ecdh.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/pkcs7.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/rand.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/x509v3.inc cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/dh.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/ec.inc cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/lib/libcrypto/cms.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/modes.inc cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/openssl/lib/libcrypto/engine.inc cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/evp.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/man.inc cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha1-586.S cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aesni-x86.S cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn-586.S cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/des-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/ghash-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/rc4-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha256-586.S \
CVS commit: src
Module Name:src Committed By: spz Date: Fri Oct 14 16:09:45 UTC 2016 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto: Makefile asn1.inc bn.inc cms.inc dh.inc dso.inc ec.inc ecdh.inc engine.inc evp.inc man.inc modes.inc pkcs7.inc rand.inc shlib_version x509v3.inc src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: aes-586.S aesni-x86.S bn-586.S des-586.S ghash-x86.S rc4-586.S sha1-586.S sha256-586.S sha512-586.S uplink-x86.S vpaes-x86.S x86cpuid.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/powerpc: Makefile aes-ppc.S bn.inc ppc-mont.S ppc.S ppccpuid.S sha1-ppc.S sha512-ppc.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc: Makefile aes.inc crypto.inc des_enc-sparc.S ghash-sparcv9.S modes.inc sha1-sparcv9.S sha512-sparcv9.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc64: Makefile aes.inc crypto.inc des_enc-sparc.S ghash-sparcv9.S sha1-sparcv9.S sha512-sparcv9.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: Makefile aes-x86_64.S aes.inc aesni-sha1-x86_64.S aesni-x86_64.S bn.inc bsaes-x86_64.S cmll-x86_64.S engine.inc ghash-x86_64.S md5-x86_64.S rc4-x86_64.S sha.inc sha1-x86_64.S sha512-x86_64.S uplink-x86_64.S vpaes-x86_64.S wp-x86_64.S x86_64-gf2m.S x86_64-mont.S x86_64-mont5.S x86_64cpuid.S src/crypto/external/bsd/openssl/lib/libcrypto_rc5: shlib_version src/crypto/external/bsd/openssl/lib/libdes: shlib_version src/crypto/external/bsd/openssl/lib/libssl: shlib_version ssl.inc src/distrib/sets/lists/base: shl.mi src/distrib/sets/lists/comp: mi src/distrib/sets/lists/debug: shl.mi src/distrib/sets/lists/man: mi src/doc: 3RDPARTY src/tests/crypto/libcrypto/rc4: Makefile Added Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/powerpc: aes.inc aesp8-ppc.S ghashp8-ppc.S modes.inc ppc64-mont.S sha.inc sha256-ppc.S sha256p8-ppc.S sha512p8-ppc.S vpaes-ppc.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc: aest4-sparcv9.S cmllt4-sparcv9.S dest4-sparcv9.S md5-sparcv9.S sparct4-mont.S sparcv9-gf2m.S vis3-mont.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc64: aest4-sparcv9.S cmllt4-sparcv9.S dest4-sparcv9.S md5-sparcv9.S sparct4-mont.S sparcv9-gf2m.S vis3-mont.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: aesni-gcm-x86_64.S aesni-mb-x86_64.S aesni-sha256-x86_64.S ecp_nistz256-x86_64.S rsaz-avx2.S rsaz-x86_64.S sha1-mb-x86_64.S sha256-mb-x86_64.S Removed Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: modexp512-x86_64.S Log Message: periphereal updates and generated files for the new openssl. Expect at least one more commit until the tree builds again. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 \ src/crypto/external/bsd/openssl/lib/libcrypto/Makefile \ src/crypto/external/bsd/openssl/lib/libcrypto/shlib_version cvs rdiff -u -r1.1 -r1.2 \ src/crypto/external/bsd/openssl/lib/libcrypto/asn1.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/dso.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/ecdh.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/pkcs7.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/rand.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/x509v3.inc cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/dh.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/ec.inc cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/lib/libcrypto/cms.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/modes.inc cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/openssl/lib/libcrypto/engine.inc cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/evp.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/man.inc cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha1-586.S cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aesni-x86.S cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn-586.S cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/des-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/ghash-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/rc4-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha256-586.S \
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Oct 14 16:07:29 UTC 2016 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv15362 Log Message: Import of OpenSSL 1.0.2j. The 1.0.2 branch of OpenSSL is the current long term support branch. Differences between 1.0.1 and 1.0.2: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 o TLS automatic EC curve selection. o API to set TLS supported signature algorithms and curves o SSL_CONF configuration API. o TLS Brainpool support. o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. Security fixes from the previous version (1.0.1t) in NetBSD: o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) o SWEET32 Mitigation (CVE-2016-2183) o OOB write in MDC2_Update() (CVE-2016-6303) o Malformed SHA512 ticket DoS (CVE-2016-6302) o OOB write in BN_bn2dec() (CVE-2016-2182) o OOB read in TS_OBJ_print_bio() (CVE-2016-2180) o Pointer arithmetic undefined behaviour (CVE-2016-2177) o Constant time flag not preserved in DSA signing (CVE-2016-2178) o DTLS buffered message DoS (CVE-2016-2179) o DTLS replay protection DoS (CVE-2016-2181) o Certificate message OOB reads (CVE-2016-6306) Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-2j U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/CONTRIBUTING N src/crypto/external/bsd/openssl/dist/GitConfigure U src/crypto/external/bsd/openssl/dist/e_os2.h C src/crypto/external/bsd/openssl/dist/e_os.h N src/crypto/external/bsd/openssl/dist/GitMake U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org C src/crypto/external/bsd/openssl/dist/makevms.com U src/crypto/external/bsd/openssl/dist/PROBLEMS C src/crypto/external/bsd/openssl/dist/NEWS U src/crypto/external/bsd/openssl/dist/README.ENGINE U src/crypto/external/bsd/openssl/dist/openssl.doxy C src/crypto/external/bsd/openssl/dist/openssl.spec C src/crypto/external/bsd/openssl/dist/README U src/crypto/external/bsd/openssl/dist/README.ASN1 U src/crypto/external/bsd/openssl/dist/apps/app_rand.c U src/crypto/external/bsd/openssl/dist/apps/apps.c U src/crypto/external/bsd/openssl/dist/apps/apps.h U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c C src/crypto/external/bsd/openssl/dist/apps/ca.c U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl U src/crypto/external/bsd/openssl/dist/apps/CA.com U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem C src/crypto/external/bsd/openssl/dist/apps/CA.pl U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem U src/crypto/external/bsd/openssl/dist/apps/CA.sh U src/crypto/external/bsd/openssl/dist/apps/cert.pem U src/crypto/external/bsd/openssl/dist/apps/ciphers.c U src/crypto/external/bsd/openssl/dist/apps/client.pem U src/crypto/external/bsd/openssl/dist/apps/cms.c U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c U src/crypto/external/bsd/openssl/dist/apps/crl.c U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem U src/crypto/external/bsd/openssl/dist/apps/dgst.c U src/crypto/external/bsd/openssl/dist/apps/install-apps.com U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem U src/crypto/external/bsd/openssl/dist/apps/dh512.pem U src/crypto/external/bsd/openssl/dist/apps/dh.c U src/crypto/external/bsd/openssl/dist/apps/dhparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem U src/crypto/external/bsd/openssl/dist/apps/dsa.c U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem U src/crypto/external/bsd/openssl/dist/apps/dsap.pem U src/crypto/external/bsd/openssl/dist/apps/ec.c U
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Oct 14 16:07:29 UTC 2016 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv15362 Log Message: Import of OpenSSL 1.0.2j. The 1.0.2 branch of OpenSSL is the current long term support branch. Differences between 1.0.1 and 1.0.2: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 o TLS automatic EC curve selection. o API to set TLS supported signature algorithms and curves o SSL_CONF configuration API. o TLS Brainpool support. o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. Security fixes from the previous version (1.0.1t) in NetBSD: o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) o SWEET32 Mitigation (CVE-2016-2183) o OOB write in MDC2_Update() (CVE-2016-6303) o Malformed SHA512 ticket DoS (CVE-2016-6302) o OOB write in BN_bn2dec() (CVE-2016-2182) o OOB read in TS_OBJ_print_bio() (CVE-2016-2180) o Pointer arithmetic undefined behaviour (CVE-2016-2177) o Constant time flag not preserved in DSA signing (CVE-2016-2178) o DTLS buffered message DoS (CVE-2016-2179) o DTLS replay protection DoS (CVE-2016-2181) o Certificate message OOB reads (CVE-2016-6306) Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-2j U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/CONTRIBUTING N src/crypto/external/bsd/openssl/dist/GitConfigure U src/crypto/external/bsd/openssl/dist/e_os2.h C src/crypto/external/bsd/openssl/dist/e_os.h N src/crypto/external/bsd/openssl/dist/GitMake U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org C src/crypto/external/bsd/openssl/dist/makevms.com U src/crypto/external/bsd/openssl/dist/PROBLEMS C src/crypto/external/bsd/openssl/dist/NEWS U src/crypto/external/bsd/openssl/dist/README.ENGINE U src/crypto/external/bsd/openssl/dist/openssl.doxy C src/crypto/external/bsd/openssl/dist/openssl.spec C src/crypto/external/bsd/openssl/dist/README U src/crypto/external/bsd/openssl/dist/README.ASN1 U src/crypto/external/bsd/openssl/dist/apps/app_rand.c U src/crypto/external/bsd/openssl/dist/apps/apps.c U src/crypto/external/bsd/openssl/dist/apps/apps.h U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c C src/crypto/external/bsd/openssl/dist/apps/ca.c U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl U src/crypto/external/bsd/openssl/dist/apps/CA.com U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem C src/crypto/external/bsd/openssl/dist/apps/CA.pl U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem U src/crypto/external/bsd/openssl/dist/apps/CA.sh U src/crypto/external/bsd/openssl/dist/apps/cert.pem U src/crypto/external/bsd/openssl/dist/apps/ciphers.c U src/crypto/external/bsd/openssl/dist/apps/client.pem U src/crypto/external/bsd/openssl/dist/apps/cms.c U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c U src/crypto/external/bsd/openssl/dist/apps/crl.c U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem U src/crypto/external/bsd/openssl/dist/apps/dgst.c U src/crypto/external/bsd/openssl/dist/apps/install-apps.com U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem U src/crypto/external/bsd/openssl/dist/apps/dh512.pem U src/crypto/external/bsd/openssl/dist/apps/dh.c U src/crypto/external/bsd/openssl/dist/apps/dhparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem U src/crypto/external/bsd/openssl/dist/apps/dsa.c U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem U src/crypto/external/bsd/openssl/dist/apps/dsap.pem U src/crypto/external/bsd/openssl/dist/apps/ec.c U
CVS commit: src
Module Name:src
Committed By: spz
Date: Tue May 17 23:53:02 UTC 2016
Modified Files:
src/distrib/sets/lists/base: shl.mi
src/distrib/sets/lists/debug: shl.mi
src/external/mit/expat/dist/lib: xmlparse.c xmltok.c xmltok.h
xmltok_impl.c
src/external/mit/expat/lib/libexpat: shlib_version
Log Message:
Fixes for CVE-2016-0718 from upstream.
To generate a diff of this commit:
cvs rdiff -u -r1.771 -r1.772 src/distrib/sets/lists/base/shl.mi
cvs rdiff -u -r1.133 -r1.134 src/distrib/sets/lists/debug/shl.mi
cvs rdiff -u -r1.4 -r1.5 src/external/mit/expat/dist/lib/xmlparse.c
cvs rdiff -u -r1.1.1.2 -r1.2 src/external/mit/expat/dist/lib/xmltok.c
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/mit/expat/dist/lib/xmltok.h
cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/dist/lib/xmltok_impl.c
cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/lib/libexpat/shlib_version
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/base/shl.mi
diff -u src/distrib/sets/lists/base/shl.mi:1.771 src/distrib/sets/lists/base/shl.mi:1.772
--- src/distrib/sets/lists/base/shl.mi:1.771 Sat May 14 14:39:39 2016
+++ src/distrib/sets/lists/base/shl.mi Tue May 17 23:53:02 2016
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.771 2016/05/14 14:39:39 spz Exp $
+# $NetBSD: shl.mi,v 1.772 2016/05/17 23:53:02 spz Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -276,7 +276,7 @@
./usr/lib/libexecinfo.so.0.0 base-sys-shlib compatfile
./usr/lib/libexpat.sobase-sys-shlib compatfile
./usr/lib/libexpat.so.2base-sys-shlib compatfile
-./usr/lib/libexpat.so.2.2 base-sys-shlib compatfile
+./usr/lib/libexpat.so.2.3 base-sys-shlib compatfile
./usr/lib/libfetch.sobase-sys-shlib compatfile
./usr/lib/libfetch.so.3base-sys-shlib compatfile
./usr/lib/libfetch.so.3.0 base-sys-shlib compatfile
Index: src/distrib/sets/lists/debug/shl.mi
diff -u src/distrib/sets/lists/debug/shl.mi:1.133 src/distrib/sets/lists/debug/shl.mi:1.134
--- src/distrib/sets/lists/debug/shl.mi:1.133 Sat May 14 14:39:39 2016
+++ src/distrib/sets/lists/debug/shl.mi Tue May 17 23:53:02 2016
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.133 2016/05/14 14:39:39 spz Exp $
+# $NetBSD: shl.mi,v 1.134 2016/05/17 23:53:02 spz Exp $
./usr/libdata/debug/lib base-sys-usr debug,dynamicroot,compatdir
./usr/libdata/debug/lib/libblacklist.so.0.0.debug comp-sys-debug debug,dynamicroot
./usr/libdata/debug/lib/libc.so.12.202.debug comp-sys-debug debug,dynamicroot
@@ -90,7 +90,7 @@
./usr/libdata/debug/usr/lib/libevent_openssl.so.4.0.debug comp-sys-debug debug,compatfile,crypto
./usr/libdata/debug/usr/lib/libevent_pthreads.so.4.0.debug comp-sys-debug debug,compatfile
./usr/libdata/debug/usr/lib/libexecinfo.so.0.0.debug comp-sys-debug debug,compatfile
-./usr/libdata/debug/usr/lib/libexpat.so.2.2.debug comp-sys-debug debug,compatfile
+./usr/libdata/debug/usr/lib/libexpat.so.2.3.debug comp-sys-debug debug,compatfile
./usr/libdata/debug/usr/lib/libfetch.so.3.0.debug comp-sys-debug debug,compatfile
./usr/libdata/debug/usr/lib/libform.so.6.0.debug comp-sys-debug debug,compatfile
./usr/libdata/debug/usr/lib/libg2c.so.2.0.debug comp-sys-debug obsolete
Index: src/external/mit/expat/dist/lib/xmlparse.c
diff -u src/external/mit/expat/dist/lib/xmlparse.c:1.4 src/external/mit/expat/dist/lib/xmlparse.c:1.5
--- src/external/mit/expat/dist/lib/xmlparse.c:1.4 Sat May 14 14:39:39 2016
+++ src/external/mit/expat/dist/lib/xmlparse.c Tue May 17 23:53:02 2016
@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len
}
if (len > bufferLim - bufferEnd) {
-int neededSize = len + (int)(bufferEnd - bufferPtr);
+/* Do not invoke signed arithmetic overflow: */
+int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
if (neededSize < 0) {
errorCode = XML_ERROR_NO_MEMORY;
return NULL;
@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len
if (bufferSize == 0)
bufferSize = INIT_BUFFER_SIZE;
do {
-bufferSize *= 2;
+/* Do not invoke signed arithmetic overflow: */
+bufferSize = (int) (2U * (unsigned) bufferSize);
} while (bufferSize < neededSize && bufferSize > 0);
if (bufferSize <= 0) {
errorCode = XML_ERROR_NO_MEMORY;
@@ -2426,11 +2428,11 @@ doContent(XML_Parser parser,
for (;;) {
int bufSize;
int convLen;
-XmlConvert(enc,
+const enum XML_Convert_Result convert_res = XmlConvert(enc,
, rawNameEnd,
(ICHAR **), (ICHAR *)tag->bufEnd - 1);
convLen = (int)(toPtr - (XML_Char *)tag->buf);
-if (fromPtr == rawNameEnd) {
+if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res ==
CVS commit: src
Module Name:src Committed By: spz Date: Tue May 17 23:53:02 UTC 2016 Modified Files: src/distrib/sets/lists/base: shl.mi src/distrib/sets/lists/debug: shl.mi src/external/mit/expat/dist/lib: xmlparse.c xmltok.c xmltok.h xmltok_impl.c src/external/mit/expat/lib/libexpat: shlib_version Log Message: Fixes for CVE-2016-0718 from upstream. To generate a diff of this commit: cvs rdiff -u -r1.771 -r1.772 src/distrib/sets/lists/base/shl.mi cvs rdiff -u -r1.133 -r1.134 src/distrib/sets/lists/debug/shl.mi cvs rdiff -u -r1.4 -r1.5 src/external/mit/expat/dist/lib/xmlparse.c cvs rdiff -u -r1.1.1.2 -r1.2 src/external/mit/expat/dist/lib/xmltok.c cvs rdiff -u -r1.1.1.1 -r1.2 src/external/mit/expat/dist/lib/xmltok.h cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/dist/lib/xmltok_impl.c cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/lib/libexpat/shlib_version Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/doc
Module Name:src Committed By: spz Date: Sat May 14 14:46:55 UTC 2016 Modified Files: src/doc: 3RDPARTY Log Message: .. and don't forget to update doc/3RDPARTY when updating external/* stuff To generate a diff of this commit: cvs rdiff -u -r1.1329 -r1.1330 src/doc/3RDPARTY Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1329 src/doc/3RDPARTY:1.1330 --- src/doc/3RDPARTY:1.1329 Mon May 9 10:21:42 2016 +++ src/doc/3RDPARTY Sat May 14 14:46:55 2016 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1329 2016/05/09 10:21:42 roy Exp $ +# $NetBSD: 3RDPARTY,v 1.1330 2016/05/14 14:46:55 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -385,13 +385,13 @@ Location: external/bsd/ekermit Notes: Package: expat -Version: 2.1.0 +Version: 2.1.1 Current Vers: 2.1.1 -Maintainer: mrg +Maintainer: Expat Project Archive Site: http://sourceforge.net/projects/expat/files/expat/ Home Page: http://www.libexpat.org/ Mailing List: expat-disc...@libexpat.org -Responsible: +Responsible: mrg License: MIT Location: src/external/mit/expat/dist Notes:
CVS commit: src/doc
Module Name:src Committed By: spz Date: Sat May 14 14:46:55 UTC 2016 Modified Files: src/doc: 3RDPARTY Log Message: .. and don't forget to update doc/3RDPARTY when updating external/* stuff To generate a diff of this commit: cvs rdiff -u -r1.1329 -r1.1330 src/doc/3RDPARTY Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: spz Date: Sat May 14 14:39:39 UTC 2016 Modified Files: src/distrib/sets/lists/base: shl.mi src/distrib/sets/lists/comp: mi src/distrib/sets/lists/debug: shl.mi src/external/mit/expat/dist/conftools: ac_c_bigendian_cross.m4 mkinstalldirs src/external/mit/expat/dist/lib: xmlparse.c src/external/mit/expat/lib/libexpat: Makefile expat_config.h shlib_version Added Files: src/external/mit/expat/lib/libexpat: expat.pc.in Log Message: merge conflicts, bump shlib version, add expat.pc To generate a diff of this commit: cvs rdiff -u -r1.770 -r1.771 src/distrib/sets/lists/base/shl.mi cvs rdiff -u -r1.2034 -r1.2035 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.132 -r1.133 src/distrib/sets/lists/debug/shl.mi cvs rdiff -u -r1.3 -r1.4 \ src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 \ src/external/mit/expat/dist/conftools/mkinstalldirs cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/dist/lib/xmlparse.c cvs rdiff -u -r1.1 -r1.2 src/external/mit/expat/lib/libexpat/Makefile cvs rdiff -u -r0 -r1.1 src/external/mit/expat/lib/libexpat/expat.pc.in cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/lib/libexpat/expat_config.h \ src/external/mit/expat/lib/libexpat/shlib_version Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/base/shl.mi diff -u src/distrib/sets/lists/base/shl.mi:1.770 src/distrib/sets/lists/base/shl.mi:1.771 --- src/distrib/sets/lists/base/shl.mi:1.770 Sat Apr 23 23:28:13 2016 +++ src/distrib/sets/lists/base/shl.mi Sat May 14 14:39:39 2016 @@ -1,4 +1,4 @@ -# $NetBSD: shl.mi,v 1.770 2016/04/23 23:28:13 christos Exp $ +# $NetBSD: shl.mi,v 1.771 2016/05/14 14:39:39 spz Exp $ # # Note: Don't delete entries from here - mark them as "obsolete" instead, # unless otherwise stated below. @@ -276,7 +276,7 @@ ./usr/lib/libexecinfo.so.0.0 base-sys-shlib compatfile ./usr/lib/libexpat.sobase-sys-shlib compatfile ./usr/lib/libexpat.so.2base-sys-shlib compatfile -./usr/lib/libexpat.so.2.1 base-sys-shlib compatfile +./usr/lib/libexpat.so.2.2 base-sys-shlib compatfile ./usr/lib/libfetch.sobase-sys-shlib compatfile ./usr/lib/libfetch.so.3base-sys-shlib compatfile ./usr/lib/libfetch.so.3.0 base-sys-shlib compatfile Index: src/distrib/sets/lists/comp/mi diff -u src/distrib/sets/lists/comp/mi:1.2034 src/distrib/sets/lists/comp/mi:1.2035 --- src/distrib/sets/lists/comp/mi:1.2034 Fri May 6 09:30:05 2016 +++ src/distrib/sets/lists/comp/mi Sat May 14 14:39:39 2016 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.2034 2016/05/06 09:30:05 snj Exp $ +# $NetBSD: mi,v 1.2035 2016/05/14 14:39:39 spz Exp $ # # Note: don't delete entries from here - mark them as "obsolete" instead. ./etc/mtree/set.compcomp-sys-root @@ -3635,6 +3635,7 @@ ./usr/lib/pkgconfig/atf-c.pc comp-atf-lib atf,share ./usr/lib/pkgconfig/atf-sh.pc comp-atf-lib atf,share ./usr/lib/pkgconfig/atf.pc comp-obsolete obsolete +./usr/lib/pkgconfig/expat.pc comp-c-lib ./usr/lib/pkgconfig/kyua-testers.pc comp-kyua-lib kyua,share ./usr/lib/pkgconfig/libcrypto.pc comp-crypto-lib crypto,share ./usr/lib/pkgconfig/libssl.pc comp-crypto-lib crypto,share Index: src/distrib/sets/lists/debug/shl.mi diff -u src/distrib/sets/lists/debug/shl.mi:1.132 src/distrib/sets/lists/debug/shl.mi:1.133 --- src/distrib/sets/lists/debug/shl.mi:1.132 Sat Apr 23 23:28:13 2016 +++ src/distrib/sets/lists/debug/shl.mi Sat May 14 14:39:39 2016 @@ -1,4 +1,4 @@ -# $NetBSD: shl.mi,v 1.132 2016/04/23 23:28:13 christos Exp $ +# $NetBSD: shl.mi,v 1.133 2016/05/14 14:39:39 spz Exp $ ./usr/libdata/debug/lib base-sys-usr debug,dynamicroot,compatdir ./usr/libdata/debug/lib/libblacklist.so.0.0.debug comp-sys-debug debug,dynamicroot ./usr/libdata/debug/lib/libc.so.12.202.debug comp-sys-debug debug,dynamicroot @@ -90,7 +90,7 @@ ./usr/libdata/debug/usr/lib/libevent_openssl.so.4.0.debug comp-sys-debug debug,compatfile,crypto ./usr/libdata/debug/usr/lib/libevent_pthreads.so.4.0.debug comp-sys-debug debug,compatfile ./usr/libdata/debug/usr/lib/libexecinfo.so.0.0.debug comp-sys-debug debug,compatfile -./usr/libdata/debug/usr/lib/libexpat.so.2.1.debug comp-sys-debug debug,compatfile +./usr/libdata/debug/usr/lib/libexpat.so.2.2.debug comp-sys-debug debug,compatfile ./usr/libdata/debug/usr/lib/libfetch.so.3.0.debug comp-sys-debug debug,compatfile ./usr/libdata/debug/usr/lib/libform.so.6.0.debug comp-sys-debug debug,compatfile ./usr/libdata/debug/usr/lib/libg2c.so.2.0.debug comp-sys-debug obsolete Index: src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 diff -u src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4:1.3 src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4:1.4 --- src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4:1.3 Fri Apr 6 10:46:13
CVS commit: src
Module Name:src Committed By: spz Date: Sat May 14 14:39:39 UTC 2016 Modified Files: src/distrib/sets/lists/base: shl.mi src/distrib/sets/lists/comp: mi src/distrib/sets/lists/debug: shl.mi src/external/mit/expat/dist/conftools: ac_c_bigendian_cross.m4 mkinstalldirs src/external/mit/expat/dist/lib: xmlparse.c src/external/mit/expat/lib/libexpat: Makefile expat_config.h shlib_version Added Files: src/external/mit/expat/lib/libexpat: expat.pc.in Log Message: merge conflicts, bump shlib version, add expat.pc To generate a diff of this commit: cvs rdiff -u -r1.770 -r1.771 src/distrib/sets/lists/base/shl.mi cvs rdiff -u -r1.2034 -r1.2035 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.132 -r1.133 src/distrib/sets/lists/debug/shl.mi cvs rdiff -u -r1.3 -r1.4 \ src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 \ src/external/mit/expat/dist/conftools/mkinstalldirs cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/dist/lib/xmlparse.c cvs rdiff -u -r1.1 -r1.2 src/external/mit/expat/lib/libexpat/Makefile cvs rdiff -u -r0 -r1.1 src/external/mit/expat/lib/libexpat/expat.pc.in cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/lib/libexpat/expat_config.h \ src/external/mit/expat/lib/libexpat/shlib_version Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS import: src/external/mit/expat/dist
Module Name:src Committed By: spz Date: Sat May 14 14:30:54 UTC 2016 Update of /cvsroot/src/external/mit/expat/dist In directory ivanova.netbsd.org:/tmp/cvs-serv22133 Log Message: Import of a new expat version. Upstream Changes: Release 2.1.1 Sat March 12 2016 Security fixes: #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer Bug fixes: #502: Fix potential null pointer dereference #520: Symbol XML_SetHashSalt was not exported Output of "xmlwf -h" was incomplete Other changes #503: Document behavior of calling XML_SetHashSalt with salt 0 Minor improvements to man page xmlwf(1) Improvements to the experimental CMake build system libtool now invoked with --verbose Status: Vendor Tag: expat Release Tags: expat-2-1-1 U src/external/mit/expat/dist/expat_config.h.cmake U src/external/mit/expat/dist/ConfigureChecks.cmake U src/external/mit/expat/dist/COPYING U src/external/mit/expat/dist/expat_config.h.in U src/external/mit/expat/dist/Makefile.in N src/external/mit/expat/dist/configure.ac U src/external/mit/expat/dist/CMakeLists.txt U src/external/mit/expat/dist/aclocal.m4 U src/external/mit/expat/dist/expat.pc.in U src/external/mit/expat/dist/MANIFEST U src/external/mit/expat/dist/README U src/external/mit/expat/dist/expat.dsw U src/external/mit/expat/dist/configure U src/external/mit/expat/dist/Changes U src/external/mit/expat/dist/CMake.README U src/external/mit/expat/dist/doc/style.css U src/external/mit/expat/dist/doc/valid-xhtml10.png U src/external/mit/expat/dist/doc/xmlwf.sgml U src/external/mit/expat/dist/doc/reference.html U src/external/mit/expat/dist/doc/xmlwf.1 U src/external/mit/expat/dist/doc/expat.png U src/external/mit/expat/dist/tests/xmltest.sh U src/external/mit/expat/dist/tests/chardata.h U src/external/mit/expat/dist/tests/minicheck.h U src/external/mit/expat/dist/tests/README.txt U src/external/mit/expat/dist/tests/chardata.c U src/external/mit/expat/dist/tests/minicheck.c U src/external/mit/expat/dist/tests/runtests.c U src/external/mit/expat/dist/tests/runtestspp.cpp U src/external/mit/expat/dist/tests/benchmark/benchmark.dsp U src/external/mit/expat/dist/tests/benchmark/benchmark.c U src/external/mit/expat/dist/tests/benchmark/README.txt U src/external/mit/expat/dist/tests/benchmark/benchmark.dsw U src/external/mit/expat/dist/examples/elements.c U src/external/mit/expat/dist/examples/outline.c U src/external/mit/expat/dist/examples/outline.dsp U src/external/mit/expat/dist/examples/elements.dsp U src/external/mit/expat/dist/xmlwf/xmlfile.c U src/external/mit/expat/dist/xmlwf/xmlmime.h U src/external/mit/expat/dist/xmlwf/codepage.c U src/external/mit/expat/dist/xmlwf/xmlfile.h U src/external/mit/expat/dist/xmlwf/xmlwf.dsp U src/external/mit/expat/dist/xmlwf/readfilemap.c U src/external/mit/expat/dist/xmlwf/xmlurl.h U src/external/mit/expat/dist/xmlwf/codepage.h U src/external/mit/expat/dist/xmlwf/ct.c U src/external/mit/expat/dist/xmlwf/xmltchar.h U src/external/mit/expat/dist/xmlwf/filemap.h U src/external/mit/expat/dist/xmlwf/win32filemap.c U src/external/mit/expat/dist/xmlwf/xmlwf.c U src/external/mit/expat/dist/xmlwf/xmlwin32url.cxx U src/external/mit/expat/dist/xmlwf/unixfilemap.c U src/external/mit/expat/dist/xmlwf/xmlmime.c U src/external/mit/expat/dist/m4/ltversion.m4 U src/external/mit/expat/dist/m4/ltoptions.m4 U src/external/mit/expat/dist/m4/lt~obsolete.m4 U src/external/mit/expat/dist/m4/libtool.m4 U src/external/mit/expat/dist/m4/ltsugar.m4 U src/external/mit/expat/dist/bcb5/expat.bpf U src/external/mit/expat/dist/bcb5/expat.mak U src/external/mit/expat/dist/bcb5/xmlwf.mak U src/external/mit/expat/dist/bcb5/expat_static.bpr U src/external/mit/expat/dist/bcb5/outline.bpf U src/external/mit/expat/dist/bcb5/outline.mak U src/external/mit/expat/dist/bcb5/elements.bpr U src/external/mit/expat/dist/bcb5/expat_static.mak U src/external/mit/expat/dist/bcb5/expatw_static.bpr U src/external/mit/expat/dist/bcb5/outline.bpr U src/external/mit/expat/dist/bcb5/expatw_static.mak U src/external/mit/expat/dist/bcb5/expat_static.bpf U src/external/mit/expat/dist/bcb5/README.txt U src/external/mit/expat/dist/bcb5/expatw.mak U src/external/mit/expat/dist/bcb5/expat.bpr U src/external/mit/expat/dist/bcb5/libexpatw_mtd.def U src/external/mit/expat/dist/bcb5/elements.bpf U src/external/mit/expat/dist/bcb5/setup.bat U src/external/mit/expat/dist/bcb5/expatw_static.bpf U src/external/mit/expat/dist/bcb5/all_projects.bpg U src/external/mit/expat/dist/bcb5/expatw.bpf U src/external/mit/expat/dist/bcb5/xmlwf.bpr U src/external/mit/expat/dist/bcb5/libexpat_mtd.def U src/external/mit/expat/dist/bcb5/expatw.bpr U src/external/mit/expat/dist/bcb5/elements.mak U src/external/mit/expat/dist/bcb5/xmlwf.bpf U src/external/mit/expat/dist/bcb5/makefile.mak U src/external/mit/expat/dist/amiga/expat_68k.h U
CVS import: src/external/mit/expat/dist
Module Name:src Committed By: spz Date: Sat May 14 14:30:54 UTC 2016 Update of /cvsroot/src/external/mit/expat/dist In directory ivanova.netbsd.org:/tmp/cvs-serv22133 Log Message: Import of a new expat version. Upstream Changes: Release 2.1.1 Sat March 12 2016 Security fixes: #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer Bug fixes: #502: Fix potential null pointer dereference #520: Symbol XML_SetHashSalt was not exported Output of "xmlwf -h" was incomplete Other changes #503: Document behavior of calling XML_SetHashSalt with salt 0 Minor improvements to man page xmlwf(1) Improvements to the experimental CMake build system libtool now invoked with --verbose Status: Vendor Tag: expat Release Tags: expat-2-1-1 U src/external/mit/expat/dist/expat_config.h.cmake U src/external/mit/expat/dist/ConfigureChecks.cmake U src/external/mit/expat/dist/COPYING U src/external/mit/expat/dist/expat_config.h.in U src/external/mit/expat/dist/Makefile.in N src/external/mit/expat/dist/configure.ac U src/external/mit/expat/dist/CMakeLists.txt U src/external/mit/expat/dist/aclocal.m4 U src/external/mit/expat/dist/expat.pc.in U src/external/mit/expat/dist/MANIFEST U src/external/mit/expat/dist/README U src/external/mit/expat/dist/expat.dsw U src/external/mit/expat/dist/configure U src/external/mit/expat/dist/Changes U src/external/mit/expat/dist/CMake.README U src/external/mit/expat/dist/doc/style.css U src/external/mit/expat/dist/doc/valid-xhtml10.png U src/external/mit/expat/dist/doc/xmlwf.sgml U src/external/mit/expat/dist/doc/reference.html U src/external/mit/expat/dist/doc/xmlwf.1 U src/external/mit/expat/dist/doc/expat.png U src/external/mit/expat/dist/tests/xmltest.sh U src/external/mit/expat/dist/tests/chardata.h U src/external/mit/expat/dist/tests/minicheck.h U src/external/mit/expat/dist/tests/README.txt U src/external/mit/expat/dist/tests/chardata.c U src/external/mit/expat/dist/tests/minicheck.c U src/external/mit/expat/dist/tests/runtests.c U src/external/mit/expat/dist/tests/runtestspp.cpp U src/external/mit/expat/dist/tests/benchmark/benchmark.dsp U src/external/mit/expat/dist/tests/benchmark/benchmark.c U src/external/mit/expat/dist/tests/benchmark/README.txt U src/external/mit/expat/dist/tests/benchmark/benchmark.dsw U src/external/mit/expat/dist/examples/elements.c U src/external/mit/expat/dist/examples/outline.c U src/external/mit/expat/dist/examples/outline.dsp U src/external/mit/expat/dist/examples/elements.dsp U src/external/mit/expat/dist/xmlwf/xmlfile.c U src/external/mit/expat/dist/xmlwf/xmlmime.h U src/external/mit/expat/dist/xmlwf/codepage.c U src/external/mit/expat/dist/xmlwf/xmlfile.h U src/external/mit/expat/dist/xmlwf/xmlwf.dsp U src/external/mit/expat/dist/xmlwf/readfilemap.c U src/external/mit/expat/dist/xmlwf/xmlurl.h U src/external/mit/expat/dist/xmlwf/codepage.h U src/external/mit/expat/dist/xmlwf/ct.c U src/external/mit/expat/dist/xmlwf/xmltchar.h U src/external/mit/expat/dist/xmlwf/filemap.h U src/external/mit/expat/dist/xmlwf/win32filemap.c U src/external/mit/expat/dist/xmlwf/xmlwf.c U src/external/mit/expat/dist/xmlwf/xmlwin32url.cxx U src/external/mit/expat/dist/xmlwf/unixfilemap.c U src/external/mit/expat/dist/xmlwf/xmlmime.c U src/external/mit/expat/dist/m4/ltversion.m4 U src/external/mit/expat/dist/m4/ltoptions.m4 U src/external/mit/expat/dist/m4/lt~obsolete.m4 U src/external/mit/expat/dist/m4/libtool.m4 U src/external/mit/expat/dist/m4/ltsugar.m4 U src/external/mit/expat/dist/bcb5/expat.bpf U src/external/mit/expat/dist/bcb5/expat.mak U src/external/mit/expat/dist/bcb5/xmlwf.mak U src/external/mit/expat/dist/bcb5/expat_static.bpr U src/external/mit/expat/dist/bcb5/outline.bpf U src/external/mit/expat/dist/bcb5/outline.mak U src/external/mit/expat/dist/bcb5/elements.bpr U src/external/mit/expat/dist/bcb5/expat_static.mak U src/external/mit/expat/dist/bcb5/expatw_static.bpr U src/external/mit/expat/dist/bcb5/outline.bpr U src/external/mit/expat/dist/bcb5/expatw_static.mak U src/external/mit/expat/dist/bcb5/expat_static.bpf U src/external/mit/expat/dist/bcb5/README.txt U src/external/mit/expat/dist/bcb5/expatw.mak U src/external/mit/expat/dist/bcb5/expat.bpr U src/external/mit/expat/dist/bcb5/libexpatw_mtd.def U src/external/mit/expat/dist/bcb5/elements.bpf U src/external/mit/expat/dist/bcb5/setup.bat U src/external/mit/expat/dist/bcb5/expatw_static.bpf U src/external/mit/expat/dist/bcb5/all_projects.bpg U src/external/mit/expat/dist/bcb5/expatw.bpf U src/external/mit/expat/dist/bcb5/xmlwf.bpr U src/external/mit/expat/dist/bcb5/libexpat_mtd.def U src/external/mit/expat/dist/bcb5/expatw.bpr U src/external/mit/expat/dist/bcb5/elements.mak U src/external/mit/expat/dist/bcb5/xmlwf.bpf U src/external/mit/expat/dist/bcb5/makefile.mak U src/external/mit/expat/dist/amiga/expat_68k.h U
Re: CVS commit: src/share/misc
Thus wrote Paul Goyette (p...@vps1.whooppee.com): At the very les, if we're going to have these acronyms, they should be listed in a separate file which is not searched by default. Similar to what is done with fortune(6). But that might not serve to indicate to these unwanted elements (women) that they are not welcome here and might face violence if they obtrude anyway. regards, spz
CVS commit: src
Module Name:src Committed By: spz Date: Mon Mar 23 10:22:52 UTC 2015 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README e_os.h makevms.com openssl.spec src/crypto/external/bsd/openssl/dist/apps: ca.c ocsp.c s_client.c s_server.c s_time.c speed.c src/crypto/external/bsd/openssl/dist/crypto: LPdir_vms.c LPdir_win.c Makefile armcap.c constant_time_locl.h cryptlib.c cryptlib.h crypto.h cversion.c ebcdic.h md32_common.h mem.c mem_clr.c opensslconf.h opensslv.h ossl_typ.h ppccap.c sparccpuid.S uid.c src/crypto/external/bsd/openssl/dist/crypto/aes: aes.h aes_locl.h src/crypto/external/bsd/openssl/dist/crypto/asn1: a_d2i_fp.c a_strex.c a_type.c asn_mime.c tasn_dec.c tasn_enc.c src/crypto/external/bsd/openssl/dist/crypto/bf: bf_opts.c bfspeed.c bftest.c src/crypto/external/bsd/openssl/dist/crypto/bio: b_sock.c bss_file.c bss_log.c src/crypto/external/bsd/openssl/dist/crypto/bn: bn.h bn_exp.c bn_lcl.h bn_lib.c bn_mont.c bn_nist.c bntest.c divtest.c exptest.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm: x86_64-gcc.c src/crypto/external/bsd/openssl/dist/crypto/buffer: buffer.c src/crypto/external/bsd/openssl/dist/crypto/cast: cast.h cast_spd.c castopts.c casttest.c src/crypto/external/bsd/openssl/dist/crypto/cms: cms_pwri.c src/crypto/external/bsd/openssl/dist/crypto/comp: c_zlib.c src/crypto/external/bsd/openssl/dist/crypto/conf: conf_def.c test.c src/crypto/external/bsd/openssl/dist/crypto/des: des.c des.h des_opts.c destest.c rand_key.c read_pwd.c speed.c src/crypto/external/bsd/openssl/dist/crypto/dh: dhtest.c src/crypto/external/bsd/openssl/dist/crypto/dsa: dsa_ameth.c src/crypto/external/bsd/openssl/dist/crypto/dso: dso_dlfcn.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec.h ec2_mult.c ec2_smpl.c ec_ameth.c ec_asn1.c ecp_mont.c ecp_nist.c ecp_smpl.c ectest.c src/crypto/external/bsd/openssl/dist/crypto/engine: eng_all.c eng_cryptodev.c engine.h enginetest.c src/crypto/external/bsd/openssl/dist/crypto/evp: Makefile e_aes.c evp_enc.c m_sha1.c openbsd_hw.c src/crypto/external/bsd/openssl/dist/crypto/hmac: hmactest.c src/crypto/external/bsd/openssl/dist/crypto/idea: i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c idea.h idea_lcl.h idea_spd.c ideatest.c src/crypto/external/bsd/openssl/dist/crypto/lhash: lh_test.c lhash.c lhash.h src/crypto/external/bsd/openssl/dist/crypto/md2: md2test.c src/crypto/external/bsd/openssl/dist/crypto/md4: md4.h md4_dgst.c md4test.c src/crypto/external/bsd/openssl/dist/crypto/md5: md5.h md5_dgst.c md5_locl.h md5test.c src/crypto/external/bsd/openssl/dist/crypto/mdc2: mdc2test.c src/crypto/external/bsd/openssl/dist/crypto/modes: modes.h src/crypto/external/bsd/openssl/dist/crypto/objects: o_names.c src/crypto/external/bsd/openssl/dist/crypto/ocsp: ocsp_vfy.c src/crypto/external/bsd/openssl/dist/crypto/pkcs12: p12_decr.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pk7_doit.c pk7_lib.c pkcs7.h src/crypto/external/bsd/openssl/dist/crypto/pqueue: pqueue.h src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c rand_egd.c rand_unix.c randfile.c src/crypto/external/bsd/openssl/dist/crypto/rc2: rc2.h rc2_cbc.c rc2_ecb.c rc2_locl.h rc2cfb64.c rc2ofb64.c rc2speed.c src/crypto/external/bsd/openssl/dist/crypto/rc4: rc4.h rc4speed.c src/crypto/external/bsd/openssl/dist/crypto/rc5: rc5.h rc5_ecb.c rc5_enc.c rc5_locl.h rc5cfb64.c rc5ofb64.c rc5speed.c src/crypto/external/bsd/openssl/dist/crypto/ripemd: ripemd.h rmd_dgst.c rmd_locl.h rmdtest.c src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa.h rsa_eay.c rsa_err.c rsa_oaep.c rsa_pk1.c rsa_sign.c src/crypto/external/bsd/openssl/dist/crypto/sha: sha.h sha1test.c sha256.c sha_locl.h shatest.c src/crypto/external/bsd/openssl/dist/crypto/stack: safestack.h src/crypto/external/bsd/openssl/dist/crypto/threads: mttest.c th-lock.c src/crypto/external/bsd/openssl/dist/crypto/ui: ui_openssl.c src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c src/crypto/external/bsd/openssl/dist/crypto/x509v3: tabtest.c v3_addr.c src/crypto/external/bsd/openssl/dist/demos/engines/zencod: hw_zencod.h src/crypto/external/bsd/openssl/dist/doc/crypto: d2i_X509.pod src/crypto/external/bsd/openssl/dist/engines: e_padlock.c src/crypto/external/bsd/openssl/dist/engines/ccgost: gost2001_keyx.c
CVS commit: src
Module Name:src Committed By: spz Date: Mon Mar 23 10:22:52 UTC 2015 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README e_os.h makevms.com openssl.spec src/crypto/external/bsd/openssl/dist/apps: ca.c ocsp.c s_client.c s_server.c s_time.c speed.c src/crypto/external/bsd/openssl/dist/crypto: LPdir_vms.c LPdir_win.c Makefile armcap.c constant_time_locl.h cryptlib.c cryptlib.h crypto.h cversion.c ebcdic.h md32_common.h mem.c mem_clr.c opensslconf.h opensslv.h ossl_typ.h ppccap.c sparccpuid.S uid.c src/crypto/external/bsd/openssl/dist/crypto/aes: aes.h aes_locl.h src/crypto/external/bsd/openssl/dist/crypto/asn1: a_d2i_fp.c a_strex.c a_type.c asn_mime.c tasn_dec.c tasn_enc.c src/crypto/external/bsd/openssl/dist/crypto/bf: bf_opts.c bfspeed.c bftest.c src/crypto/external/bsd/openssl/dist/crypto/bio: b_sock.c bss_file.c bss_log.c src/crypto/external/bsd/openssl/dist/crypto/bn: bn.h bn_exp.c bn_lcl.h bn_lib.c bn_mont.c bn_nist.c bntest.c divtest.c exptest.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm: x86_64-gcc.c src/crypto/external/bsd/openssl/dist/crypto/buffer: buffer.c src/crypto/external/bsd/openssl/dist/crypto/cast: cast.h cast_spd.c castopts.c casttest.c src/crypto/external/bsd/openssl/dist/crypto/cms: cms_pwri.c src/crypto/external/bsd/openssl/dist/crypto/comp: c_zlib.c src/crypto/external/bsd/openssl/dist/crypto/conf: conf_def.c test.c src/crypto/external/bsd/openssl/dist/crypto/des: des.c des.h des_opts.c destest.c rand_key.c read_pwd.c speed.c src/crypto/external/bsd/openssl/dist/crypto/dh: dhtest.c src/crypto/external/bsd/openssl/dist/crypto/dsa: dsa_ameth.c src/crypto/external/bsd/openssl/dist/crypto/dso: dso_dlfcn.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec.h ec2_mult.c ec2_smpl.c ec_ameth.c ec_asn1.c ecp_mont.c ecp_nist.c ecp_smpl.c ectest.c src/crypto/external/bsd/openssl/dist/crypto/engine: eng_all.c eng_cryptodev.c engine.h enginetest.c src/crypto/external/bsd/openssl/dist/crypto/evp: Makefile e_aes.c evp_enc.c m_sha1.c openbsd_hw.c src/crypto/external/bsd/openssl/dist/crypto/hmac: hmactest.c src/crypto/external/bsd/openssl/dist/crypto/idea: i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c idea.h idea_lcl.h idea_spd.c ideatest.c src/crypto/external/bsd/openssl/dist/crypto/lhash: lh_test.c lhash.c lhash.h src/crypto/external/bsd/openssl/dist/crypto/md2: md2test.c src/crypto/external/bsd/openssl/dist/crypto/md4: md4.h md4_dgst.c md4test.c src/crypto/external/bsd/openssl/dist/crypto/md5: md5.h md5_dgst.c md5_locl.h md5test.c src/crypto/external/bsd/openssl/dist/crypto/mdc2: mdc2test.c src/crypto/external/bsd/openssl/dist/crypto/modes: modes.h src/crypto/external/bsd/openssl/dist/crypto/objects: o_names.c src/crypto/external/bsd/openssl/dist/crypto/ocsp: ocsp_vfy.c src/crypto/external/bsd/openssl/dist/crypto/pkcs12: p12_decr.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pk7_doit.c pk7_lib.c pkcs7.h src/crypto/external/bsd/openssl/dist/crypto/pqueue: pqueue.h src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c rand_egd.c rand_unix.c randfile.c src/crypto/external/bsd/openssl/dist/crypto/rc2: rc2.h rc2_cbc.c rc2_ecb.c rc2_locl.h rc2cfb64.c rc2ofb64.c rc2speed.c src/crypto/external/bsd/openssl/dist/crypto/rc4: rc4.h rc4speed.c src/crypto/external/bsd/openssl/dist/crypto/rc5: rc5.h rc5_ecb.c rc5_enc.c rc5_locl.h rc5cfb64.c rc5ofb64.c rc5speed.c src/crypto/external/bsd/openssl/dist/crypto/ripemd: ripemd.h rmd_dgst.c rmd_locl.h rmdtest.c src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa.h rsa_eay.c rsa_err.c rsa_oaep.c rsa_pk1.c rsa_sign.c src/crypto/external/bsd/openssl/dist/crypto/sha: sha.h sha1test.c sha256.c sha_locl.h shatest.c src/crypto/external/bsd/openssl/dist/crypto/stack: safestack.h src/crypto/external/bsd/openssl/dist/crypto/threads: mttest.c th-lock.c src/crypto/external/bsd/openssl/dist/crypto/ui: ui_openssl.c src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c src/crypto/external/bsd/openssl/dist/crypto/x509v3: tabtest.c v3_addr.c src/crypto/external/bsd/openssl/dist/demos/engines/zencod: hw_zencod.h src/crypto/external/bsd/openssl/dist/doc/crypto: d2i_X509.pod src/crypto/external/bsd/openssl/dist/engines: e_padlock.c src/crypto/external/bsd/openssl/dist/engines/ccgost: gost2001_keyx.c
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Mon Mar 23 08:31:52 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv27726 Log Message: This is an import of OpenSSL 1.0.1m. The vulnerabilities listed below were previously fixed by patches supplied by the OpenSSL project. Thus, this import is not about vulnerabilities, but about the change in source style OpenSSL applied before 1.0.1m (as well as small fixes not listed in the changelog that make us have a 'proper' 1.0.1m). Upstream Changelog: Changes between 1.0.1l and 1.0.1m [19 Mar 2015] *) Segmentation fault in ASN1_TYPE_cmp fix The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (CVE-2015-0286) [Stephen Henson] *) ASN.1 structure reuse memory corruption fix Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. (CVE-2015-0287) [Stephen Henson] *) PKCS7 NULL pointer dereferences fix The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) [Emilia K�sper] *) DoS via reachable assert in SSLv2 servers fix A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. This issue was discovered by Sean Burford (Google) and Emilia K�sper (OpenSSL development team). (CVE-2015-0293) [Emilia K�sper] *) Use After Free following d2i_ECPrivatekey error fix A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare. This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. (CVE-2015-0209) [Matt Caswell] *) X509_to_X509_REQ NULL pointer deref fix The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice. This issue was discovered by Brian Carpenter. (CVE-2015-0288) [Stephen Henson] *) Removed the export ciphers from the DEFAULT ciphers [Kurt Roeckx] Changes between 1.0.1k and 1.0.1l [15 Jan 2015] *) Build fixes for the Windows and OpenVMS platforms [Matt Caswell and Richard Levitte] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1m U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h C src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Mon Mar 23 08:31:52 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv27726 Log Message: This is an import of OpenSSL 1.0.1m. The vulnerabilities listed below were previously fixed by patches supplied by the OpenSSL project. Thus, this import is not about vulnerabilities, but about the change in source style OpenSSL applied before 1.0.1m (as well as small fixes not listed in the changelog that make us have a 'proper' 1.0.1m). Upstream Changelog: Changes between 1.0.1l and 1.0.1m [19 Mar 2015] *) Segmentation fault in ASN1_TYPE_cmp fix The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (CVE-2015-0286) [Stephen Henson] *) ASN.1 structure reuse memory corruption fix Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. (CVE-2015-0287) [Stephen Henson] *) PKCS7 NULL pointer dereferences fix The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) [Emilia K�sper] *) DoS via reachable assert in SSLv2 servers fix A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. This issue was discovered by Sean Burford (Google) and Emilia K�sper (OpenSSL development team). (CVE-2015-0293) [Emilia K�sper] *) Use After Free following d2i_ECPrivatekey error fix A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare. This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. (CVE-2015-0209) [Matt Caswell] *) X509_to_X509_REQ NULL pointer deref fix The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice. This issue was discovered by Brian Carpenter. (CVE-2015-0288) [Stephen Henson] *) Removed the export ciphers from the DEFAULT ciphers [Kurt Roeckx] Changes between 1.0.1k and 1.0.1l [15 Jan 2015] *) Build fixes for the Windows and OpenVMS platforms [Matt Caswell and Richard Levitte] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1m U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h C src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Thu Mar 19 14:24:55 UTC 2015 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/asn1: a_type.c tasn_dec.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pk7_doit.c pk7_lib.c src/crypto/external/bsd/openssl/dist/doc/crypto: d2i_X509.pod src/crypto/external/bsd/openssl/dist/ssl: s2_lib.c s2_srvr.c Log Message: patches for todays' OpenSSL security advisory from OpenSSL, as relevant to NetBSD base: OpenSSL Security Advisory [19 Mar 2015] === Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) Severity: High This security issue was previously announced by the OpenSSL project and classified as low severity. This severity rating has now been changed to high. This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common. This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. ** issue already committed see last release ** OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015. Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) === Severity: Moderate The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit ee5a1253285e5c9f406c8b57b0686319b70c07d8 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit 1e3ca524cb38ec92deea37629718e98aba43bc5d OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33 This issue was discovered and fixed by Stephen Henson of the OpenSSL development team. ASN.1 structure reuse memory corruption (CVE-2015-0287) === Severity: Moderate Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit d96692c933fe02829c3e922bf7f239e0bd003759 OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team. PKCS7 NULL pointer dereferences (CVE-2015-0289) === Severity: Moderate The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit e0d6a791c53b64da64277c5565eb89b1cb149fc3 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit d3d52c73544bba800c2a8f5ef3376358158cf2ca OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552 OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9 This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Thu Mar 19 14:24:55 UTC 2015 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/asn1: a_type.c tasn_dec.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pk7_doit.c pk7_lib.c src/crypto/external/bsd/openssl/dist/doc/crypto: d2i_X509.pod src/crypto/external/bsd/openssl/dist/ssl: s2_lib.c s2_srvr.c Log Message: patches for todays' OpenSSL security advisory from OpenSSL, as relevant to NetBSD base: OpenSSL Security Advisory [19 Mar 2015] === Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) Severity: High This security issue was previously announced by the OpenSSL project and classified as low severity. This severity rating has now been changed to high. This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common. This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. ** issue already committed see last release ** OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015. Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) === Severity: Moderate The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit ee5a1253285e5c9f406c8b57b0686319b70c07d8 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit 1e3ca524cb38ec92deea37629718e98aba43bc5d OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33 This issue was discovered and fixed by Stephen Henson of the OpenSSL development team. ASN.1 structure reuse memory corruption (CVE-2015-0287) === Severity: Moderate Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit d96692c933fe02829c3e922bf7f239e0bd003759 OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team. PKCS7 NULL pointer dereferences (CVE-2015-0289) === Severity: Moderate The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit e0d6a791c53b64da64277c5565eb89b1cb149fc3 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit d3d52c73544bba800c2a8f5ef3376358158cf2ca OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552 OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9 This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski
CVS commit: src/doc
Module Name:src Committed By: spz Date: Mon Feb 23 07:17:37 UTC 2015 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: note bind now is 9.10.1-P2 To generate a diff of this commit: cvs rdiff -u -r1.1206 -r1.1207 src/doc/3RDPARTY cvs rdiff -u -r1.2046 -r1.2047 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/doc
Module Name:src Committed By: spz Date: Mon Feb 23 07:17:37 UTC 2015 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: note bind now is 9.10.1-P2 To generate a diff of this commit: cvs rdiff -u -r1.1206 -r1.1207 src/doc/3RDPARTY cvs rdiff -u -r1.2046 -r1.2047 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1206 src/doc/3RDPARTY:1.1207 --- src/doc/3RDPARTY:1.1206 Sat Feb 21 12:05:47 2015 +++ src/doc/3RDPARTY Mon Feb 23 07:17:37 2015 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1206 2015/02/21 12:05:47 tron Exp $ +# $NetBSD: 3RDPARTY,v 1.1207 2015/02/23 07:17:37 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -113,8 +113,8 @@ Notes: bc includes dc, both of which are in the NetBSD tree. Package: bind [named and utils] -Version: 9.10.1-P1 -Current Vers: 9.10.1-P1 +Version: 9.10.1-P2 +Current Vers: 9.10.1-P2 Maintainer: Paul Vixie vi...@vix.com Archive Site: ftp://ftp.isc.org/isc/bind9/ Home Page: http://www.isc.org/software/bind/ Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.2046 src/doc/CHANGES:1.2047 --- src/doc/CHANGES:1.2046 Sat Feb 21 12:05:47 2015 +++ src/doc/CHANGES Mon Feb 23 07:17:37 2015 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.2046 $ +# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.2047 $ # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -132,3 +132,4 @@ Changes from NetBSD 7.0 to NetBSD 8.0: zoneinfo: Import tzdata2015a. [apb 20150131] libc: Import tzdata2015a. [christos 20150131] postfix(1): Import version 2.11.4. [tron 20150221] + bind: patch to version 9.10.1-P2. [spz 20150221]
CVS commit: src/external/bsd/bind/dist
Module Name:src Committed By: spz Date: Sat Feb 21 20:19:22 UTC 2015 Modified Files: src/external/bsd/bind/dist: CHANGES README srcid version src/external/bsd/bind/dist/bin/tests/system: ans.pl src/external/bsd/bind/dist/doc/arm: Bv9ARM.ch04.html Bv9ARM.ch06.html Bv9ARM.ch07.html Bv9ARM.ch08.html Bv9ARM.ch09.html Bv9ARM.html man.arpaname.html man.ddns-confgen.html man.delv.html man.dig.html man.dnssec-checkds.html man.dnssec-coverage.html man.dnssec-dsfromkey.html man.dnssec-importkey.html man.dnssec-keyfromlabel.html man.dnssec-keygen.html man.dnssec-revoke.html man.dnssec-settime.html man.dnssec-signzone.html man.dnssec-verify.html man.genrandom.html man.host.html man.isc-hmac-fixup.html man.named-checkconf.html man.named-checkzone.html man.named-journalprint.html man.named-rrchecker.html man.named.html man.nsec3hash.html man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html man.rndc.html src/external/bsd/bind/dist/lib/dns: api zone.c src/external/bsd/bind/dist/lib/dns/tests: geoip_test.c Log Message: security patch for bind from ISC (to 9.10.1-P2). Only the change to lib/dns/zone.c is security relevant Upstream changelog: --- 9.10.1-P2 released --- 4053. [security] Revoking a managed trust anchor and supplying an untrusted replacement could cause named to crash with an assertion failure. (CVE-2015-1349) [RT #38344] 4027. [port] Net::DNS 0.81 compatibility. [RT #38165] To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/external/bsd/bind/dist/CHANGES cvs rdiff -u -r1.1.1.15 -r1.2 src/external/bsd/bind/dist/README cvs rdiff -u -r1.7 -r1.8 src/external/bsd/bind/dist/srcid cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/version cvs rdiff -u -r1.1.1.5 -r1.2 \ src/external/bsd/bind/dist/bin/tests/system/ans.pl cvs rdiff -u -r1.1.1.17 -r1.2 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html \ src/external/bsd/bind/dist/doc/arm/man.dig.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html \ src/external/bsd/bind/dist/doc/arm/man.host.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html \ src/external/bsd/bind/dist/doc/arm/man.named.html \ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html \ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.html cvs rdiff -u -r1.1.1.14 -r1.2 \ src/external/bsd/bind/dist/doc/arm/man.arpaname.html \ src/external/bsd/bind/dist/doc/arm/man.genrandom.html \ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html \ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html cvs rdiff -u -r1.1.1.15 -r1.2 \ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html cvs rdiff -u -r1.1.1.3 -r1.2 src/external/bsd/bind/dist/doc/arm/man.delv.html cvs rdiff -u -r1.1.1.5 -r1.2 \ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html cvs rdiff -u -r1.1.1.4 -r1.2 \ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html \ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html cvs rdiff -u -r1.1.1.7 -r1.2 \ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html cvs rdiff -u -r1.1.1.13 -r1.2 \ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html cvs rdiff -u -r1.1.1.18 -r1.2 src/external/bsd/bind/dist/lib/dns/api cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/lib/dns/zone.c cvs rdiff -u -r1.1.1.3 -r1.2 \ src/external/bsd/bind/dist/lib/dns/tests/geoip_test.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/libevent/dist/include/event2
Module Name:src Committed By: spz Date: Sun Feb 1 19:09:05 UTC 2015 Removed Files: src/external/bsd/libevent/dist/include/event2: event-config.h Log Message: this generated include file oughtn't be around, the 'good' version is in external/bsd/libevent/include/event2/event-config.h instead To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r0 \ src/external/bsd/libevent/dist/include/event2/event-config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/libevent/dist/include/event2
Module Name:src Committed By: spz Date: Sun Feb 1 19:09:05 UTC 2015 Removed Files: src/external/bsd/libevent/dist/include/event2: event-config.h Log Message: this generated include file oughtn't be around, the 'good' version is in external/bsd/libevent/include/event2/event-config.h instead To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r0 \ src/external/bsd/libevent/dist/include/event2/event-config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/doc
Module Name:src Committed By: spz Date: Fri Jan 30 23:00:06 UTC 2015 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: note the libevent update To generate a diff of this commit: cvs rdiff -u -r1.1198 -r1.1199 src/doc/3RDPARTY cvs rdiff -u -r1.2042 -r1.2043 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1198 src/doc/3RDPARTY:1.1199 --- src/doc/3RDPARTY:1.1198 Fri Jan 30 10:21:23 2015 +++ src/doc/3RDPARTY Fri Jan 30 23:00:06 2015 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1198 2015/01/30 10:21:23 roy Exp $ +# $NetBSD: 3RDPARTY,v 1.1199 2015/01/30 23:00:06 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -677,12 +677,12 @@ The lvm2tools and the libdevmapper are n repository. See the lvm2tools Notes for more information. Package: libevent -Version: 2.0.21-stable -Current Vers: 2.0.21-stable +Version: 2.0.22-stable +Current Vers: 2.0.22-stable Maintainer: Niels Provos pro...@citi.umich.edu Archive Site: http://www.monkey.org/~provos/libevent/ Home Page: http://www.monkey.org/~provos/libevent/ -Responsible: provos +Responsible: License: BSD (3/4-clause) Location: external/bsd/libevent/dist Notes: Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.2042 src/doc/CHANGES:1.2043 --- src/doc/CHANGES:1.2042 Fri Jan 30 10:21:23 2015 +++ src/doc/CHANGES Fri Jan 30 23:00:06 2015 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.2042 $ +# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.2043 $ # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -127,4 +127,5 @@ Changes from NetBSD 7.0 to NetBSD 8.0: arm: Add support for Zynq SoC. [hkenken 20150123] evbarm: Add support for the PARALLELLA (Zynq). [hkenken 20150123] blacklist: Added daemon and library [christos 20150125] + libevent: Import libevent 2.0.22 [spz 20150129] dhcpcd(8): Import dhcpcd-6.7.1. [roy 20150130]
CVS import: src/external/bsd/libevent/dist
Module Name:src Committed By: spz Date: Thu Jan 29 06:28:12 UTC 2015 Update of /cvsroot/src/external/bsd/libevent/dist In directory ivanova.netbsd.org:/tmp/cvs-serv25758 Log Message: Upstream Change_log: Changes in version 2.0.22-stable (5 Jan 2015) SECURITY FIXES (evbuffers) o Avoid integer overflow bugs in evbuffer_add() and related functions. See CVE-2014-6272 advisory for more information. (20d6d4458bee5d88bda1511c225c25b2d3198d6c) BUGFIXES (evhttp) o fix #73 and fix http_connection_fail_test to catch it (crash fix) (b618204 Greg Hazel) o Avoid racy bufferevent activation (5eb1788 Nate Rosenblum) BUGFIXES (compilation and portability) o Fix compilation with WIN32_HAVE_CONDITION_VARIABLES enabled (7e45739) o Fix missing AC_PROG_SED on older Autoconfs (9ab2b3f Tay Ray Chuan) o Backport libevent to vanilla Autoconf 2.59 (as used in RHEL5) (74d4c44 Kevin Bowling) o Use AC_CONFIG_HEADERS in place of AM_CONFIG_HEADERS for automake 1.13 compat (817ea36) o Rename configure.in to configure.ac to appease newer autoconfs (0c79787) o Avoid using top_srcdir in TESTS: new automakes do not like this (a55514e) o Use windows vsnprintf fixup logic on all windows environments (e826f19) o Fix a compiler warning when checking for arc4random_buf linker breakage. (5cb3865) o Fix another arc4random_buf-related warning (e64a2b0) o Add -Qunused-arguments for clang on macos (b56611d Trond Norbye) BUGFIXES (resource leaks/lock errors on error) o Avoid leaking fds on evconnlistener with no callback set (69db261) o Avoid double-close on getsockname error in evutil_ersatz_socketpair (0a822a6) o Fix a locking error in bufferevent_socket_get_dns_error. (0a5eb2e) o libevent/win32_dealloc() : fix sizeof(pointer) vs sizeof(*pointer) (b8f5980 Frank Denis) BUGFIXES: (other stability) o bufferevent_pair: don't call downcast(NULL) (f2428a2) o Consistently check for failure from evbuffer_pullup() (60f8f72) o Fix race caused by event_active (3c7d6fc vjpai) BUGFIXES (miscellaneous) o Avoid redundant invocations of init_extension_functions for IOCP (3b77d62) o Typo fixes from Linus Nordberg (cec62cb, 8cd695b) o Add a few files created by make verify to .gitignore. (1a8295a Pierre Phaneuf) o regress_buffer: fix 'memcmp' compare size (79800df Maks Naumov) o Fix bufferevent setwatermark suspend_read (b34e4ac ufo2243) o Fix evbuffer_peek() with len==-1 and start_at non-NULL. (fb7e76a) BUFGIXES (evdns) o Checking request nameserver for NULL, before using it. (5c710c0 Belobrov Andrey) o Fix SEGFAULT after evdns_base_resume if no nameservers installed. (f8d7df8 Azat Khuzhin) o Fix a crash in evdns related to shutting down evdns (9f39c88,e8fe749) BUGFIXES (epoll) o Check does arch have the epoll_create and __NR_epoll_wait syscalls. (dfe1e52 Marcin Juszkiewicz) BUGFIXES (evutil_secure_random) o Avoid other RNG initialization FS reads when urandom file is specified (9695e9c, bb52471) o When we seed from /proc/sys/kernel/random/uuid, count it as success (e35b540) o Document that arc4random is not a great cryptographic PRNG. (6e49696) o Add evutil_secure_rng_set_urandom_device_file (2bbb5d7) o Really remove RNG seeds from the stack (f5ced88) DOCUMENTATION FIXES o Fix a mistake in evbuffer_remove() arguments in example http server code (c322c20 Gyepi Sam) o Fix a typo in a comment in buffer.h. Spotted by Alt_F4 (773b0a5) o Clarify event_base_loop exit conditions (031a803) o Use FindClose for handle from FindFirstFile in http-server.c (6466e88) o Fix a typo in a doxygen comment. Reported by 亦得. (be1aeff) Status: Vendor Tag: LIBEVENT Release Tags: libevent-2-0-22-stable N src/external/bsd/libevent/dist/URLs N src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz N src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz.asc N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/Makefile.in N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evmap-internal.h N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/event_iocp.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/win32select.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/epoll.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evrpc-internal.h N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/autogen.sh N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/event.h N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evutil_rand.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/event.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/libevent_openssl.pc.in N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/Makefile.nmake N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evmap.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/make-event-config.sed N
CVS import: src/external/bsd/libevent/dist
Module Name:src Committed By: spz Date: Thu Jan 29 06:28:12 UTC 2015 Update of /cvsroot/src/external/bsd/libevent/dist In directory ivanova.netbsd.org:/tmp/cvs-serv25758 Log Message: Upstream Change_log: Changes in version 2.0.22-stable (5 Jan 2015) SECURITY FIXES (evbuffers) o Avoid integer overflow bugs in evbuffer_add() and related functions. See CVE-2014-6272 advisory for more information. (20d6d4458bee5d88bda1511c225c25b2d3198d6c) BUGFIXES (evhttp) o fix #73 and fix http_connection_fail_test to catch it (crash fix) (b618204 Greg Hazel) o Avoid racy bufferevent activation (5eb1788 Nate Rosenblum) BUGFIXES (compilation and portability) o Fix compilation with WIN32_HAVE_CONDITION_VARIABLES enabled (7e45739) o Fix missing AC_PROG_SED on older Autoconfs (9ab2b3f Tay Ray Chuan) o Backport libevent to vanilla Autoconf 2.59 (as used in RHEL5) (74d4c44 Kevin Bowling) o Use AC_CONFIG_HEADERS in place of AM_CONFIG_HEADERS for automake 1.13 compat (817ea36) o Rename configure.in to configure.ac to appease newer autoconfs (0c79787) o Avoid using top_srcdir in TESTS: new automakes do not like this (a55514e) o Use windows vsnprintf fixup logic on all windows environments (e826f19) o Fix a compiler warning when checking for arc4random_buf linker breakage. (5cb3865) o Fix another arc4random_buf-related warning (e64a2b0) o Add -Qunused-arguments for clang on macos (b56611d Trond Norbye) BUGFIXES (resource leaks/lock errors on error) o Avoid leaking fds on evconnlistener with no callback set (69db261) o Avoid double-close on getsockname error in evutil_ersatz_socketpair (0a822a6) o Fix a locking error in bufferevent_socket_get_dns_error. (0a5eb2e) o libevent/win32_dealloc() : fix sizeof(pointer) vs sizeof(*pointer) (b8f5980 Frank Denis) BUGFIXES: (other stability) o bufferevent_pair: don't call downcast(NULL) (f2428a2) o Consistently check for failure from evbuffer_pullup() (60f8f72) o Fix race caused by event_active (3c7d6fc vjpai) BUGFIXES (miscellaneous) o Avoid redundant invocations of init_extension_functions for IOCP (3b77d62) o Typo fixes from Linus Nordberg (cec62cb, 8cd695b) o Add a few files created by make verify to .gitignore. (1a8295a Pierre Phaneuf) o regress_buffer: fix 'memcmp' compare size (79800df Maks Naumov) o Fix bufferevent setwatermark suspend_read (b34e4ac ufo2243) o Fix evbuffer_peek() with len==-1 and start_at non-NULL. (fb7e76a) BUFGIXES (evdns) o Checking request nameserver for NULL, before using it. (5c710c0 Belobrov Andrey) o Fix SEGFAULT after evdns_base_resume if no nameservers installed. (f8d7df8 Azat Khuzhin) o Fix a crash in evdns related to shutting down evdns (9f39c88,e8fe749) BUGFIXES (epoll) o Check does arch have the epoll_create and __NR_epoll_wait syscalls. (dfe1e52 Marcin Juszkiewicz) BUGFIXES (evutil_secure_random) o Avoid other RNG initialization FS reads when urandom file is specified (9695e9c, bb52471) o When we seed from /proc/sys/kernel/random/uuid, count it as success (e35b540) o Document that arc4random is not a great cryptographic PRNG. (6e49696) o Add evutil_secure_rng_set_urandom_device_file (2bbb5d7) o Really remove RNG seeds from the stack (f5ced88) DOCUMENTATION FIXES o Fix a mistake in evbuffer_remove() arguments in example http server code (c322c20 Gyepi Sam) o Fix a typo in a comment in buffer.h. Spotted by Alt_F4 (773b0a5) o Clarify event_base_loop exit conditions (031a803) o Use FindClose for handle from FindFirstFile in http-server.c (6466e88) o Fix a typo in a doxygen comment. Reported by 亦得. (be1aeff) Status: Vendor Tag: LIBEVENT Release Tags: libevent-2-0-22-stable N src/external/bsd/libevent/dist/URLs N src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz N src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz.asc N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/Makefile.in N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evmap-internal.h N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/event_iocp.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/win32select.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/epoll.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evrpc-internal.h N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/autogen.sh N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/event.h N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evutil_rand.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/event.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/libevent_openssl.pc.in N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/Makefile.nmake N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evmap.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/make-event-config.sed N
CVS import: src/external/bsd/libevent/dist
Module Name:src Committed By: spz Date: Thu Jan 29 06:38:29 UTC 2015 Update of /cvsroot/src/external/bsd/libevent/dist In directory ivanova.netbsd.org:/tmp/cvs-serv1728 Log Message: Upstream Change_log: Changes in version 2.0.22-stable (5 Jan 2015) SECURITY FIXES (evbuffers) o Avoid integer overflow bugs in evbuffer_add() and related functions. See CVE-2014-6272 advisory for more information. (20d6d4458bee5d88bda1511c225c25b2d3198d6c) BUGFIXES (evhttp) o fix #73 and fix http_connection_fail_test to catch it (crash fix) (b618204 Greg Hazel) o Avoid racy bufferevent activation (5eb1788 Nate Rosenblum) BUGFIXES (compilation and portability) o Fix compilation with WIN32_HAVE_CONDITION_VARIABLES enabled (7e45739) o Fix missing AC_PROG_SED on older Autoconfs (9ab2b3f Tay Ray Chuan) o Backport libevent to vanilla Autoconf 2.59 (as used in RHEL5) (74d4c44 Kevin Bowling) o Use AC_CONFIG_HEADERS in place of AM_CONFIG_HEADERS for automake 1.13 compat (817ea36) o Rename configure.in to configure.ac to appease newer autoconfs (0c79787) o Avoid using top_srcdir in TESTS: new automakes do not like this (a55514e) o Use windows vsnprintf fixup logic on all windows environments (e826f19) o Fix a compiler warning when checking for arc4random_buf linker breakage. (5cb3865) o Fix another arc4random_buf-related warning (e64a2b0) o Add -Qunused-arguments for clang on macos (b56611d Trond Norbye) BUGFIXES (resource leaks/lock errors on error) o Avoid leaking fds on evconnlistener with no callback set (69db261) o Avoid double-close on getsockname error in evutil_ersatz_socketpair (0a822a6) o Fix a locking error in bufferevent_socket_get_dns_error. (0a5eb2e) o libevent/win32_dealloc() : fix sizeof(pointer) vs sizeof(*pointer) (b8f5980 Frank Denis) BUGFIXES: (other stability) o bufferevent_pair: don't call downcast(NULL) (f2428a2) o Consistently check for failure from evbuffer_pullup() (60f8f72) o Fix race caused by event_active (3c7d6fc vjpai) BUGFIXES (miscellaneous) o Avoid redundant invocations of init_extension_functions for IOCP (3b77d62) o Typo fixes from Linus Nordberg (cec62cb, 8cd695b) o Add a few files created by make verify to .gitignore. (1a8295a Pierre Phaneuf) o regress_buffer: fix 'memcmp' compare size (79800df Maks Naumov) o Fix bufferevent setwatermark suspend_read (b34e4ac ufo2243) o Fix evbuffer_peek() with len==-1 and start_at non-NULL. (fb7e76a) BUFGIXES (evdns) o Checking request nameserver for NULL, before using it. (5c710c0 Belobrov Andrey) o Fix SEGFAULT after evdns_base_resume if no nameservers installed. (f8d7df8 Azat Khuzhin) o Fix a crash in evdns related to shutting down evdns (9f39c88,e8fe749) BUGFIXES (epoll) o Check does arch have the epoll_create and __NR_epoll_wait syscalls. (dfe1e52 Marcin Juszkiewicz) BUGFIXES (evutil_secure_random) o Avoid other RNG initialization FS reads when urandom file is specified (9695e9c, bb52471) o When we seed from /proc/sys/kernel/random/uuid, count it as success (e35b540) o Document that arc4random is not a great cryptographic PRNG. (6e49696) o Add evutil_secure_rng_set_urandom_device_file (2bbb5d7) o Really remove RNG seeds from the stack (f5ced88) DOCUMENTATION FIXES o Fix a mistake in evbuffer_remove() arguments in example http server code (c322c20 Gyepi Sam) o Fix a typo in a comment in buffer.h. Spotted by Alt_F4 (773b0a5) o Clarify event_base_loop exit conditions (031a803) o Use FindClose for handle from FindFirstFile in http-server.c (6466e88) o Fix a typo in a doxygen comment. Reported by 亦得. (be1aeff) Status: Vendor Tag: LIBEVENT Release Tags: libevent-2-0-22-stable U src/external/bsd/libevent/dist/Makefile.in U src/external/bsd/libevent/dist/evmap-internal.h U src/external/bsd/libevent/dist/event_iocp.c U src/external/bsd/libevent/dist/win32select.c U src/external/bsd/libevent/dist/epoll.c U src/external/bsd/libevent/dist/evrpc-internal.h U src/external/bsd/libevent/dist/autogen.sh U src/external/bsd/libevent/dist/event.h C src/external/bsd/libevent/dist/evutil_rand.c C src/external/bsd/libevent/dist/event.c U src/external/bsd/libevent/dist/libevent_openssl.pc.in U src/external/bsd/libevent/dist/Makefile.nmake U src/external/bsd/libevent/dist/evmap.c U src/external/bsd/libevent/dist/make-event-config.sed U src/external/bsd/libevent/dist/ratelim-internal.h U src/external/bsd/libevent/dist/log-internal.h C src/external/bsd/libevent/dist/util-internal.h C src/external/bsd/libevent/dist/evdns.c C src/external/bsd/libevent/dist/event_tagging.c U src/external/bsd/libevent/dist/strlcpy.c U src/external/bsd/libevent/dist/defer-internal.h U src/external/bsd/libevent/dist/libevent.pc.in U src/external/bsd/libevent/dist/arc4random.c U src/external/bsd/libevent/dist/http-internal.h N src/external/bsd/libevent/dist/configure.ac U src/external/bsd/libevent/dist/select.c U src/external/bsd/libevent/dist/configure U
CVS import: src/external/bsd/libevent/dist
Module Name:src Committed By: spz Date: Thu Jan 29 06:38:29 UTC 2015 Update of /cvsroot/src/external/bsd/libevent/dist In directory ivanova.netbsd.org:/tmp/cvs-serv1728 Log Message: Upstream Change_log: Changes in version 2.0.22-stable (5 Jan 2015) SECURITY FIXES (evbuffers) o Avoid integer overflow bugs in evbuffer_add() and related functions. See CVE-2014-6272 advisory for more information. (20d6d4458bee5d88bda1511c225c25b2d3198d6c) BUGFIXES (evhttp) o fix #73 and fix http_connection_fail_test to catch it (crash fix) (b618204 Greg Hazel) o Avoid racy bufferevent activation (5eb1788 Nate Rosenblum) BUGFIXES (compilation and portability) o Fix compilation with WIN32_HAVE_CONDITION_VARIABLES enabled (7e45739) o Fix missing AC_PROG_SED on older Autoconfs (9ab2b3f Tay Ray Chuan) o Backport libevent to vanilla Autoconf 2.59 (as used in RHEL5) (74d4c44 Kevin Bowling) o Use AC_CONFIG_HEADERS in place of AM_CONFIG_HEADERS for automake 1.13 compat (817ea36) o Rename configure.in to configure.ac to appease newer autoconfs (0c79787) o Avoid using top_srcdir in TESTS: new automakes do not like this (a55514e) o Use windows vsnprintf fixup logic on all windows environments (e826f19) o Fix a compiler warning when checking for arc4random_buf linker breakage. (5cb3865) o Fix another arc4random_buf-related warning (e64a2b0) o Add -Qunused-arguments for clang on macos (b56611d Trond Norbye) BUGFIXES (resource leaks/lock errors on error) o Avoid leaking fds on evconnlistener with no callback set (69db261) o Avoid double-close on getsockname error in evutil_ersatz_socketpair (0a822a6) o Fix a locking error in bufferevent_socket_get_dns_error. (0a5eb2e) o libevent/win32_dealloc() : fix sizeof(pointer) vs sizeof(*pointer) (b8f5980 Frank Denis) BUGFIXES: (other stability) o bufferevent_pair: don't call downcast(NULL) (f2428a2) o Consistently check for failure from evbuffer_pullup() (60f8f72) o Fix race caused by event_active (3c7d6fc vjpai) BUGFIXES (miscellaneous) o Avoid redundant invocations of init_extension_functions for IOCP (3b77d62) o Typo fixes from Linus Nordberg (cec62cb, 8cd695b) o Add a few files created by make verify to .gitignore. (1a8295a Pierre Phaneuf) o regress_buffer: fix 'memcmp' compare size (79800df Maks Naumov) o Fix bufferevent setwatermark suspend_read (b34e4ac ufo2243) o Fix evbuffer_peek() with len==-1 and start_at non-NULL. (fb7e76a) BUFGIXES (evdns) o Checking request nameserver for NULL, before using it. (5c710c0 Belobrov Andrey) o Fix SEGFAULT after evdns_base_resume if no nameservers installed. (f8d7df8 Azat Khuzhin) o Fix a crash in evdns related to shutting down evdns (9f39c88,e8fe749) BUGFIXES (epoll) o Check does arch have the epoll_create and __NR_epoll_wait syscalls. (dfe1e52 Marcin Juszkiewicz) BUGFIXES (evutil_secure_random) o Avoid other RNG initialization FS reads when urandom file is specified (9695e9c, bb52471) o When we seed from /proc/sys/kernel/random/uuid, count it as success (e35b540) o Document that arc4random is not a great cryptographic PRNG. (6e49696) o Add evutil_secure_rng_set_urandom_device_file (2bbb5d7) o Really remove RNG seeds from the stack (f5ced88) DOCUMENTATION FIXES o Fix a mistake in evbuffer_remove() arguments in example http server code (c322c20 Gyepi Sam) o Fix a typo in a comment in buffer.h. Spotted by Alt_F4 (773b0a5) o Clarify event_base_loop exit conditions (031a803) o Use FindClose for handle from FindFirstFile in http-server.c (6466e88) o Fix a typo in a doxygen comment. Reported by 亦得. (be1aeff) Status: Vendor Tag: LIBEVENT Release Tags: libevent-2-0-22-stable U src/external/bsd/libevent/dist/Makefile.in U src/external/bsd/libevent/dist/evmap-internal.h U src/external/bsd/libevent/dist/event_iocp.c U src/external/bsd/libevent/dist/win32select.c U src/external/bsd/libevent/dist/epoll.c U src/external/bsd/libevent/dist/evrpc-internal.h U src/external/bsd/libevent/dist/autogen.sh U src/external/bsd/libevent/dist/event.h C src/external/bsd/libevent/dist/evutil_rand.c C src/external/bsd/libevent/dist/event.c U src/external/bsd/libevent/dist/libevent_openssl.pc.in U src/external/bsd/libevent/dist/Makefile.nmake U src/external/bsd/libevent/dist/evmap.c U src/external/bsd/libevent/dist/make-event-config.sed U src/external/bsd/libevent/dist/ratelim-internal.h U src/external/bsd/libevent/dist/log-internal.h C src/external/bsd/libevent/dist/util-internal.h C src/external/bsd/libevent/dist/evdns.c C src/external/bsd/libevent/dist/event_tagging.c U src/external/bsd/libevent/dist/strlcpy.c U src/external/bsd/libevent/dist/defer-internal.h U src/external/bsd/libevent/dist/libevent.pc.in U src/external/bsd/libevent/dist/arc4random.c U src/external/bsd/libevent/dist/http-internal.h N src/external/bsd/libevent/dist/configure.ac U src/external/bsd/libevent/dist/select.c U src/external/bsd/libevent/dist/configure U
CVS commit: src/external/bsd/libevent
Module Name:src
Committed By: spz
Date: Thu Jan 29 07:26:03 UTC 2015
Modified Files:
src/external/bsd/libevent: libevent2netbsd
src/external/bsd/libevent/dist: buffer.c bufferevent.c
evbuffer-internal.h evdns.c event.c event_tagging.c evrpc.c
evutil.c evutil_rand.c http.c log-internal.h log.c ltmain.sh
util-internal.h
src/external/bsd/libevent/dist/include/event2: rpc.h util.h
src/external/bsd/libevent/dist/test: regress.c regress.h
regress_buffer.c regress_http.c
src/external/bsd/libevent/include/event2: event-config.h
src/external/bsd/libevent/man: buffer.h.3 buffer_compat.h.3
bufferevent.3 bufferevent_ssl.h.3 deprecated.3 dns.h.3
dns_compat.h.3 evbuffer_cb_info.3 evbuffer_iovec.3 evbuffer_ptr.3
event.h.3 event_base.3 event_compat.h.3 event_config.3
evthread_condition_callbacks.3 evthread_lock_callbacks.3
evutil_addrinfo.3 http.h.3 http_compat.h.3 rpc.h.3 rpc_compat.h.3
tag.h.3 tag_compat.h.3 thread.h.3 util.h.3
Log Message:
merge and update manpages and include/event2/event-config.h
May need extra fixing around log-internal.h and log.c
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/external/bsd/libevent/libevent2netbsd
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/libevent/dist/buffer.c \
src/external/bsd/libevent/dist/bufferevent.c \
src/external/bsd/libevent/dist/evbuffer-internal.h \
src/external/bsd/libevent/dist/evdns.c \
src/external/bsd/libevent/dist/event.c \
src/external/bsd/libevent/dist/event_tagging.c \
src/external/bsd/libevent/dist/evrpc.c \
src/external/bsd/libevent/dist/evutil_rand.c \
src/external/bsd/libevent/dist/http.c \
src/external/bsd/libevent/dist/log.c \
src/external/bsd/libevent/dist/util-internal.h
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/libevent/dist/evutil.c
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/libevent/dist/log-internal.h
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/libevent/dist/ltmain.sh
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/libevent/dist/include/event2/rpc.h \
src/external/bsd/libevent/dist/include/event2/util.h
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/libevent/dist/test/regress.c
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/libevent/dist/test/regress.h \
src/external/bsd/libevent/dist/test/regress_buffer.c \
src/external/bsd/libevent/dist/test/regress_http.c
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/libevent/include/event2/event-config.h
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/libevent/man/buffer.h.3 \
src/external/bsd/libevent/man/buffer_compat.h.3 \
src/external/bsd/libevent/man/bufferevent.3 \
src/external/bsd/libevent/man/bufferevent_ssl.h.3 \
src/external/bsd/libevent/man/deprecated.3 \
src/external/bsd/libevent/man/dns.h.3 \
src/external/bsd/libevent/man/dns_compat.h.3 \
src/external/bsd/libevent/man/evbuffer_cb_info.3 \
src/external/bsd/libevent/man/evbuffer_iovec.3 \
src/external/bsd/libevent/man/evbuffer_ptr.3 \
src/external/bsd/libevent/man/event.h.3 \
src/external/bsd/libevent/man/event_base.3 \
src/external/bsd/libevent/man/event_compat.h.3 \
src/external/bsd/libevent/man/event_config.3 \
src/external/bsd/libevent/man/evthread_condition_callbacks.3 \
src/external/bsd/libevent/man/evthread_lock_callbacks.3 \
src/external/bsd/libevent/man/evutil_addrinfo.3 \
src/external/bsd/libevent/man/http.h.3 \
src/external/bsd/libevent/man/http_compat.h.3 \
src/external/bsd/libevent/man/rpc.h.3 \
src/external/bsd/libevent/man/rpc_compat.h.3 \
src/external/bsd/libevent/man/tag.h.3 \
src/external/bsd/libevent/man/tag_compat.h.3 \
src/external/bsd/libevent/man/thread.h.3 \
src/external/bsd/libevent/man/util.h.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/libevent/libevent2netbsd
diff -u src/external/bsd/libevent/libevent2netbsd:1.1 src/external/bsd/libevent/libevent2netbsd:1.2
--- src/external/bsd/libevent/libevent2netbsd:1.1 Thu Apr 11 16:56:11 2013
+++ src/external/bsd/libevent/libevent2netbsd Thu Jan 29 07:26:02 2015
@@ -1,5 +1,5 @@
#!/bin/sh
-# $NetBSD: libevent2netbsd,v 1.1 2013/04/11 16:56:11 christos Exp $
+# $NetBSD: libevent2netbsd,v 1.2 2015/01/29 07:26:02 spz Exp $
# Extract the new tarball and rename the libevent-X.Y.Z directory
# to dist. Run this script and check for additional files and
@@ -43,6 +43,11 @@ if [ -f $d/configure ]; then
#endif
d
}
+/_EVENT_SIZEOF_LONG_LONG/ {
+ a\
+#define _EVENT_SIZEOF_LONG_LONG 8
+ d
+}
/_EVENT_SIZEOF_LONG/ {
a\
#ifdef _LP64\
Index: src/external/bsd/libevent/dist/buffer.c
diff -u src/external/bsd/libevent/dist/buffer.c:1.2 src/external/bsd/libevent/dist/buffer.c:1.3
--- src/external/bsd/libevent/dist/buffer.c:1.2 Thu Apr 11 16:56:41 2013
CVS commit: src/external/bsd/libevent
Module Name:src Committed By: spz Date: Thu Jan 29 07:26:03 UTC 2015 Modified Files: src/external/bsd/libevent: libevent2netbsd src/external/bsd/libevent/dist: buffer.c bufferevent.c evbuffer-internal.h evdns.c event.c event_tagging.c evrpc.c evutil.c evutil_rand.c http.c log-internal.h log.c ltmain.sh util-internal.h src/external/bsd/libevent/dist/include/event2: rpc.h util.h src/external/bsd/libevent/dist/test: regress.c regress.h regress_buffer.c regress_http.c src/external/bsd/libevent/include/event2: event-config.h src/external/bsd/libevent/man: buffer.h.3 buffer_compat.h.3 bufferevent.3 bufferevent_ssl.h.3 deprecated.3 dns.h.3 dns_compat.h.3 evbuffer_cb_info.3 evbuffer_iovec.3 evbuffer_ptr.3 event.h.3 event_base.3 event_compat.h.3 event_config.3 evthread_condition_callbacks.3 evthread_lock_callbacks.3 evutil_addrinfo.3 http.h.3 http_compat.h.3 rpc.h.3 rpc_compat.h.3 tag.h.3 tag_compat.h.3 thread.h.3 util.h.3 Log Message: merge and update manpages and include/event2/event-config.h May need extra fixing around log-internal.h and log.c To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/external/bsd/libevent/libevent2netbsd cvs rdiff -u -r1.2 -r1.3 src/external/bsd/libevent/dist/buffer.c \ src/external/bsd/libevent/dist/bufferevent.c \ src/external/bsd/libevent/dist/evbuffer-internal.h \ src/external/bsd/libevent/dist/evdns.c \ src/external/bsd/libevent/dist/event.c \ src/external/bsd/libevent/dist/event_tagging.c \ src/external/bsd/libevent/dist/evrpc.c \ src/external/bsd/libevent/dist/evutil_rand.c \ src/external/bsd/libevent/dist/http.c \ src/external/bsd/libevent/dist/log.c \ src/external/bsd/libevent/dist/util-internal.h cvs rdiff -u -r1.4 -r1.5 src/external/bsd/libevent/dist/evutil.c cvs rdiff -u -r1.3 -r1.4 src/external/bsd/libevent/dist/log-internal.h cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/libevent/dist/ltmain.sh cvs rdiff -u -r1.2 -r1.3 src/external/bsd/libevent/dist/include/event2/rpc.h \ src/external/bsd/libevent/dist/include/event2/util.h cvs rdiff -u -r1.7 -r1.8 src/external/bsd/libevent/dist/test/regress.c cvs rdiff -u -r1.3 -r1.4 src/external/bsd/libevent/dist/test/regress.h \ src/external/bsd/libevent/dist/test/regress_buffer.c \ src/external/bsd/libevent/dist/test/regress_http.c cvs rdiff -u -r1.1 -r1.2 \ src/external/bsd/libevent/include/event2/event-config.h cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/libevent/man/buffer.h.3 \ src/external/bsd/libevent/man/buffer_compat.h.3 \ src/external/bsd/libevent/man/bufferevent.3 \ src/external/bsd/libevent/man/bufferevent_ssl.h.3 \ src/external/bsd/libevent/man/deprecated.3 \ src/external/bsd/libevent/man/dns.h.3 \ src/external/bsd/libevent/man/dns_compat.h.3 \ src/external/bsd/libevent/man/evbuffer_cb_info.3 \ src/external/bsd/libevent/man/evbuffer_iovec.3 \ src/external/bsd/libevent/man/evbuffer_ptr.3 \ src/external/bsd/libevent/man/event.h.3 \ src/external/bsd/libevent/man/event_base.3 \ src/external/bsd/libevent/man/event_compat.h.3 \ src/external/bsd/libevent/man/event_config.3 \ src/external/bsd/libevent/man/evthread_condition_callbacks.3 \ src/external/bsd/libevent/man/evthread_lock_callbacks.3 \ src/external/bsd/libevent/man/evutil_addrinfo.3 \ src/external/bsd/libevent/man/http.h.3 \ src/external/bsd/libevent/man/http_compat.h.3 \ src/external/bsd/libevent/man/rpc.h.3 \ src/external/bsd/libevent/man/rpc_compat.h.3 \ src/external/bsd/libevent/man/tag.h.3 \ src/external/bsd/libevent/man/tag_compat.h.3 \ src/external/bsd/libevent/man/thread.h.3 \ src/external/bsd/libevent/man/util.h.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/libevent/dist
Module Name:src Committed By: spz Date: Thu Jan 29 06:34:05 UTC 2015 Removed Files: src/external/bsd/libevent/dist: URLs libevent-2.0.22-stable.tar.gz libevent-2.0.22-stable.tar.gz.asc Log Message: eeep, that import went not as I had intended. Going to remove the rest of the clutter from the repo To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r0 src/external/bsd/libevent/dist/URLs \ src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz \ src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz.asc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/libevent/dist
Module Name:src Committed By: spz Date: Thu Jan 29 06:34:05 UTC 2015 Removed Files: src/external/bsd/libevent/dist: URLs libevent-2.0.22-stable.tar.gz libevent-2.0.22-stable.tar.gz.asc Log Message: eeep, that import went not as I had intended. Going to remove the rest of the clutter from the repo To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r0 src/external/bsd/libevent/dist/URLs \ src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz \ src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz.asc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: spz Date: Tue Jan 13 09:14:59 UTC 2015 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto: shlib_version src/crypto/external/bsd/openssl/lib/libcrypto/man: ASN1_OBJECT_new.3 ASN1_STRING_length.3 ASN1_STRING_new.3 ASN1_STRING_print_ex.3 ASN1_generate_nconf.3 BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 BIO_f_cipher.3 BIO_f_md.3 BIO_f_null.3 BIO_f_ssl.3 BIO_find_type.3 BIO_new.3 BIO_new_CMS.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 BIO_s_bio.3 BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 BIO_s_null.3 BIO_s_socket.3 BIO_set_callback.3 BIO_should_retry.3 BN_BLINDING_new.3 BN_CTX_new.3 BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 BN_copy.3 BN_generate_prime.3 BN_mod_inverse.3 BN_mod_mul_montgomery.3 BN_mod_mul_reciprocal.3 BN_new.3 BN_num_bytes.3 BN_rand.3 BN_set_bit.3 BN_swap.3 BN_zero.3 CMS_add0_cert.3 CMS_add1_recipient_cert.3 CMS_compress.3 CMS_decrypt.3 CMS_encrypt.3 CMS_final.3 CMS_get0_RecipientInfos.3 CMS_get0_SignerInfos.3 CMS_get0_type.3 CMS_get1_ReceiptRequest.3 CMS_sign.3 CMS_sign_add1_signer.3 CMS_sign_receipt.3 CMS_uncompress.3 CMS_verify.3 CMS_verify_receipt.3 CONF_modules_free.3 CONF_modules_load_file.3 CRYPTO_set_ex_data.3 DH_generate_key.3 DH_generate_parameters.3 DH_get_ex_new_index.3 DH_new.3 DH_set_method.3 DH_size.3 DSA_SIG_new.3 DSA_do_sign.3 DSA_dup_DH.3 DSA_generate_key.3 DSA_generate_parameters.3 DSA_get_ex_new_index.3 DSA_new.3 DSA_set_method.3 DSA_sign.3 DSA_size.3 ERR_GET_LIB.3 ERR_clear_error.3 ERR_error_string.3 ERR_get_error.3 ERR_load_crypto_strings.3 ERR_load_strings.3 ERR_print_errors.3 ERR_put_error.3 ERR_remove_state.3 ERR_set_mark.3 EVP_BytesToKey.3 EVP_DigestInit.3 EVP_DigestSignInit.3 EVP_DigestVerifyInit.3 EVP_EncryptInit.3 EVP_OpenInit.3 EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_new.3 EVP_PKEY_cmp.3 EVP_PKEY_decrypt.3 EVP_PKEY_derive.3 EVP_PKEY_encrypt.3 EVP_PKEY_get_default_digest.3 EVP_PKEY_keygen.3 EVP_PKEY_new.3 EVP_PKEY_print_private.3 EVP_PKEY_set1_RSA.3 EVP_PKEY_sign.3 EVP_PKEY_verify.3 EVP_PKEY_verify_recover.3 EVP_SealInit.3 EVP_SignInit.3 EVP_VerifyInit.3 OBJ_nid2obj.3 OPENSSL_Applink.3 OPENSSL_VERSION_NUMBER.3 OPENSSL_config.3 OPENSSL_ia32cap.3 OPENSSL_load_builtin_modules.3 OpenSSL_add_all_algorithms.3 PEM_write_bio_CMS_stream.3 PEM_write_bio_PKCS7_stream.3 PKCS12_create.3 PKCS12_parse.3 PKCS7_decrypt.3 PKCS7_encrypt.3 PKCS7_sign.3 PKCS7_sign_add_signer.3 PKCS7_verify.3 RAND_add.3 RAND_bytes.3 RAND_cleanup.3 RAND_egd.3 RAND_load_file.3 RAND_set_rand_method.3 RSA_blinding_on.3 RSA_check_key.3 RSA_generate_key.3 RSA_get_ex_new_index.3 RSA_new.3 RSA_padding_add_PKCS1_type_1.3 RSA_print.3 RSA_private_encrypt.3 RSA_public_encrypt.3 RSA_set_method.3 RSA_sign.3 RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SMIME_read_CMS.3 SMIME_read_PKCS7.3 SMIME_write_CMS.3 SMIME_write_PKCS7.3 SSL_CIPHER_get_name.3 SSL_COMP_add_compression_method.3 SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 SSL_CTX_ctrl.3 SSL_CTX_flush_sessions.3 SSL_CTX_free.3 SSL_CTX_get_ex_new_index.3 SSL_CTX_get_verify_mode.3 SSL_CTX_load_verify_locations.3 SSL_CTX_new.3 SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 SSL_CTX_set_cert_store.3 SSL_CTX_set_cert_verify_callback.3 SSL_CTX_set_cipher_list.3 SSL_CTX_set_client_CA_list.3 SSL_CTX_set_client_cert_cb.3 SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_generate_session_id.3 SSL_CTX_set_info_callback.3 SSL_CTX_set_max_cert_list.3 SSL_CTX_set_mode.3 SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 SSL_CTX_set_psk_client_callback.3 SSL_CTX_set_quiet_shutdown.3 SSL_CTX_set_session_cache_mode.3 SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 SSL_CTX_set_timeout.3 SSL_CTX_set_tlsext_ticket_key_cb.3 SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_verify.3 SSL_CTX_use_certificate.3 SSL_CTX_use_psk_identity_hint.3 SSL_SESSION_free.3 SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_time.3 SSL_accept.3 SSL_alert_type_string.3 SSL_clear.3 SSL_connect.3 SSL_do_handshake.3 SSL_free.3 SSL_get_SSL_CTX.3 SSL_get_ciphers.3 SSL_get_client_CA_list.3 SSL_get_current_cipher.3 SSL_get_default_timeout.3 SSL_get_error.3
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Tue Jan 13 08:02:20 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv14297 Log Message: Import of OpenSSL 1.0.1k. Upstream log: Changes between 1.0.1j and 1.0.1k [8 Jan 2015] *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack. Thanks to Markus Stenberg of Cisco Systems, Inc. for reporting this issue. (CVE-2014-3571) [Steve Henson] *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion. Thanks to Chris Mueller for reporting this issue. (CVE-2015-0206) [Matt Caswell] *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. Thanks to Frank Schmirler for reporting this issue. (CVE-2014-3569) [Kurt Roeckx] *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for reporting this issue. (CVE-2014-3572) [Steve Henson] *) Remove non-export ephemeral RSA code on client and server. This code violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] *) Fixed issue where DH client certificates are accepted without verification. An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting this issue. (CVE-2015-0205) [Steve Henson] *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. The session ID context is typically set from the parent SSL_CTX, and can vary with the CTX. [Adam Langley] *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. Thanks to Konrad Kraszewski from Google for reporting this issue. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team. (CVE-2014-8275) [Steve Henson] *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. Thanks to Pieter Wuille (Blockstream) who reported this issue and also suggested an initial fix. Further analysis was conducted by the OpenSSL
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Tue Jan 13 08:02:20 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv14297 Log Message: Import of OpenSSL 1.0.1k. Upstream log: Changes between 1.0.1j and 1.0.1k [8 Jan 2015] *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack. Thanks to Markus Stenberg of Cisco Systems, Inc. for reporting this issue. (CVE-2014-3571) [Steve Henson] *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion. Thanks to Chris Mueller for reporting this issue. (CVE-2015-0206) [Matt Caswell] *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. Thanks to Frank Schmirler for reporting this issue. (CVE-2014-3569) [Kurt Roeckx] *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for reporting this issue. (CVE-2014-3572) [Steve Henson] *) Remove non-export ephemeral RSA code on client and server. This code violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] *) Fixed issue where DH client certificates are accepted without verification. An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting this issue. (CVE-2015-0205) [Steve Henson] *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. The session ID context is typically set from the parent SSL_CTX, and can vary with the CTX. [Adam Langley] *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. Thanks to Konrad Kraszewski from Google for reporting this issue. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team. (CVE-2014-8275) [Steve Henson] *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. Thanks to Pieter Wuille (Blockstream) who reported this issue and also suggested an initial fix. Further analysis was conducted by the OpenSSL
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Tue Jan 13 08:16:09 UTC 2015 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README e_os.h makevms.com openssl.spec src/crypto/external/bsd/openssl/dist/apps: ca.c ocsp.c s_client.c s_server.c s_time.c speed.c src/crypto/external/bsd/openssl/dist/crypto: LPdir_win.c Makefile constant_time_locl.h cversion.c md32_common.h mem.c opensslv.h src/crypto/external/bsd/openssl/dist/crypto/bn: bn.h bntest.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm: mips3.s x86_64-gcc.c src/crypto/external/bsd/openssl/dist/crypto/dso: dso_dlfcn.c src/crypto/external/bsd/openssl/dist/crypto/ec: ectest.c src/crypto/external/bsd/openssl/dist/crypto/evp: Makefile evp_enc.c src/crypto/external/bsd/openssl/dist/doc/apps: dgst.pod src/crypto/external/bsd/openssl/dist/doc/crypto: EVP_EncryptInit.pod src/crypto/external/bsd/openssl/dist/engines: e_padlock.c src/crypto/external/bsd/openssl/dist/ssl: d1_both.c d1_enc.c d1_lib.c d1_pkt.c d1_srvr.c dtls1.h s23_srvr.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c srtp.h ssl.h ssl3.h ssl_ciph.c ssl_lib.c ssl_locl.h ssltest.c t1_enc.c t1_lib.c src/crypto/external/bsd/openssl/dist/util: mk1mf.pl mkdef.pl ssleay.num Log Message: merge OpenSSL 1.0.1k import To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/CHANGES \ src/crypto/external/bsd/openssl/dist/NEWS \ src/crypto/external/bsd/openssl/dist/README \ src/crypto/external/bsd/openssl/dist/e_os.h \ src/crypto/external/bsd/openssl/dist/makevms.com \ src/crypto/external/bsd/openssl/dist/openssl.spec cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssl/dist/Configure cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/Makefile cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/apps/ca.c \ src/crypto/external/bsd/openssl/dist/apps/s_client.c cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/apps/ocsp.c \ src/crypto/external/bsd/openssl/dist/apps/s_server.c \ src/crypto/external/bsd/openssl/dist/apps/speed.c cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/apps/s_time.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/LPdir_win.c \ src/crypto/external/bsd/openssl/dist/crypto/Makefile cvs rdiff -u -r1.1 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/constant_time_locl.h cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/cversion.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/md32_common.h cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/crypto/mem.c cvs rdiff -u -r1.11 -r1.12 \ src/crypto/external/bsd/openssl/dist/crypto/opensslv.h cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/bn/bn.h cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/bn/bntest.c cvs rdiff -u -r1.1.1.1 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/mips3.s cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/dist/crypto/ec/ectest.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/evp/Makefile \ src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/doc/apps/dgst.pod cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_EncryptInit.pod cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/engines/e_padlock.c cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/d1_both.c \ src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c \ src/crypto/external/bsd/openssl/dist/ssl/dtls1.h \ src/crypto/external/bsd/openssl/dist/ssl/s23_srvr.c \ src/crypto/external/bsd/openssl/dist/ssl/srtp.h \ src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c \ src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/ssl/d1_srvr.c \ src/crypto/external/bsd/openssl/dist/ssl/ssltest.c cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c \ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c \ src/crypto/external/bsd/openssl/dist/ssl/ssl3.h \ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c cvs rdiff -u -r1.12 -r1.13
CVS commit: src/etc/rc.d
Module Name:src
Committed By: spz
Date: Thu Dec 25 23:00:18 UTC 2014
Modified Files:
src/etc/rc.d: ntpd
Log Message:
new ntpd wants to be able to translate ntp into a port number after chroot,
so give it its own small copy of /etc/services in the chroot
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/etc/rc.d/ntpd
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/rc.d/ntpd
diff -u src/etc/rc.d/ntpd:1.14 src/etc/rc.d/ntpd:1.15
--- src/etc/rc.d/ntpd:1.14 Tue Dec 4 16:38:40 2012
+++ src/etc/rc.d/ntpd Thu Dec 25 23:00:18 2014
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: ntpd,v 1.14 2012/12/04 16:38:40 prlw1 Exp $
+# $NetBSD: ntpd,v 1.15 2014/12/25 23:00:18 spz Exp $
#
# PROVIDE: ntpd
@@ -50,6 +50,21 @@ ntpd_precmd()
fi
ln -fs ${ntpd_chrootdir}/var/db/ntp.drift /var/db/ntp.drift
+ if [ ! -d ${ntpd_chrootdir}/etc ]; then
+ mkdir ${ntpd_chrootdir}/etc
+ fi
+ if [ ! -f ${ntpd_chrootdir}/etc/services ]; then
+ getent services ntp/udp ntp/tcp \
+ ${ntpd_chrootdir}/etc/services
+ fi
+ if [ ! -d ${ntpd_chrootdir}/var/db ]; then
+ mkdir -p ${ntpd_chrootdir}/var/db
+ fi
+ if [ ! -f ${ntpd_chrootdir}/var/db/services.cdb ]; then
+ services_mkdb -o ${ntpd_chrootdir}/var/db/services.cdb \
+ ${ntpd_chrootdir}/etc/services
+ fi
+
# Change run_rc_commands()'s internal copy of $ntpd_flags
#
rc_flags=-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags
CVS commit: src/etc/rc.d
Module Name:src Committed By: spz Date: Thu Dec 25 23:00:18 UTC 2014 Modified Files: src/etc/rc.d: ntpd Log Message: new ntpd wants to be able to translate ntp into a port number after chroot, so give it its own small copy of /etc/services in the chroot To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/etc/rc.d/ntpd Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Oct 17 16:34:27 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README e_os.h makevms.com openssl.spec src/crypto/external/bsd/openssl/dist/apps: makeapps.com s_client.c src/crypto/external/bsd/openssl/dist/crypto: LPdir_vms.c LPdir_win.c Makefile crypto-lib.com ebcdic.h install-crypto.com opensslconf.h opensslv.h ossl_typ.h src/crypto/external/bsd/openssl/dist/crypto/aes/asm: aesni-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/asn1: a_strex.c src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c bn_nist.c exptest.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm: x86_64-gcc.c src/crypto/external/bsd/openssl/dist/crypto/dsa: dsa_ameth.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec.h ec2_smpl.c ec_ameth.c ec_asn1.c ecp_mont.c ecp_nist.c ecp_smpl.c ectest.c src/crypto/external/bsd/openssl/dist/crypto/err: openssl.ec src/crypto/external/bsd/openssl/dist/crypto/evp: Makefile e_aes.c evp_enc.c src/crypto/external/bsd/openssl/dist/crypto/md5/asm: md5-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/modes: modes.h src/crypto/external/bsd/openssl/dist/crypto/ocsp: ocsp_vfy.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pkcs7.h src/crypto/external/bsd/openssl/dist/crypto/pqueue: pqueue.h src/crypto/external/bsd/openssl/dist/crypto/rsa: Makefile rsa.h rsa_err.c rsa_oaep.c rsa_pk1.c rsa_sign.c src/crypto/external/bsd/openssl/dist/crypto/stack: safestack.h src/crypto/external/bsd/openssl/dist/doc/apps: dgst.pod src/crypto/external/bsd/openssl/dist/doc/crypto: BIO_s_accept.pod EVP_DigestInit.pod EVP_DigestVerifyInit.pod EVP_EncryptInit.pod EVP_PKEY_set1_RSA.pod EVP_PKEY_sign.pod src/crypto/external/bsd/openssl/dist/doc/ssl: SSL_CTX_set_tmp_dh_callback.pod src/crypto/external/bsd/openssl/dist/engines: makeengines.com src/crypto/external/bsd/openssl/dist/ssl: Makefile d1_both.c d1_lib.c d1_srtp.c dtls1.h s23_clnt.c s23_srvr.c s2_lib.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c srtp.h ssl-lib.com ssl.h ssl3.h ssl_err.c ssl_lib.c t1_enc.c t1_lib.c tls1.h src/crypto/external/bsd/openssl/dist/test: Makefile maketests.com tests.com testssl src/crypto/external/bsd/openssl/dist/util: mk1mf.pl mkdef.pl ssleay.num Added Files: src/crypto/external/bsd/openssl/dist/crypto: constant_time_locl.h Log Message: update of openssl to the next higher version, 1.0.1j Upstream condensed log: Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] o Fix for CVE-2014-3513 o Fix for CVE-2014-3567 o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) o Fix for CVE-2014-3568 To generate a diff of this commit: cvs rdiff -u -r1.1.1.11 -r1.2 src/crypto/external/bsd/openssl/dist/CHANGES cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/Configure cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/Makefile cvs rdiff -u -r1.1.1.9 -r1.2 src/crypto/external/bsd/openssl/dist/NEWS cvs rdiff -u -r1.1.1.10 -r1.2 src/crypto/external/bsd/openssl/dist/README \ src/crypto/external/bsd/openssl/dist/openssl.spec cvs rdiff -u -r1.1.1.5 -r1.2 src/crypto/external/bsd/openssl/dist/e_os.h cvs rdiff -u -r1.1.1.3 -r1.2 src/crypto/external/bsd/openssl/dist/makevms.com cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/apps/makeapps.com cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/apps/s_client.c cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/LPdir_vms.c \ src/crypto/external/bsd/openssl/dist/crypto/ossl_typ.h cvs rdiff -u -r1.1.1.1 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/LPdir_win.c \ src/crypto/external/bsd/openssl/dist/crypto/ebcdic.h \ src/crypto/external/bsd/openssl/dist/crypto/install-crypto.com cvs rdiff -u -r1.1.1.4 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/Makefile cvs rdiff -u -r0 -r1.1 \ src/crypto/external/bsd/openssl/dist/crypto/constant_time_locl.h cvs rdiff -u -r1.1.1.5 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/crypto-lib.com cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/dist/crypto/opensslconf.h cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/openssl/dist/crypto/opensslv.h cvs rdiff -u -r1.1.1.3 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-x86_64.pl cvs rdiff -u -r1.1.1.3 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c cvs rdiff -u -r1.1.1.4 -r1.2 \
Re: CVS commit: src/sbin/gpt
Hi Jörg, Thus wrote Joerg Sonnenberger (jo...@netbsd.org): Module Name: src Committed By: joerg Date: Thu Oct 2 19:15:21 UTC 2014 Modified Files: src/sbin/gpt: biosboot.c gpt.c Log Message: Fix tools build on !NetBSD. It would be nice if it still built on NetBSD, too. /home/spz/cvs/src/tools/gpt/../../sbin/gpt/biosboot.c: In function 'cmd_biosboot ': /home/spz/cvs/src/tools/gpt/../../sbin/gpt/biosboot.c:274:22: error: storage siz e of 'dkw' isn't known struct dkwedge_info dkw; regards, spz
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Sun Aug 10 07:36:33 UTC 2014 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv23227 Log Message: Upstream changelog: Changes between 1.0.1h and 1.0.1i [6 Aug 2014] *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for discovering this issue. (CVE-2014-3512) [Steve Henson] *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. (CVE-2014-3511) [David Benjamin] *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. Thanks to Felix Gröbert (Google) for discovering and researching this issue. (CVE-2014-3510) [Emilia Käsper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. Thanks to Adam Langley for discovering and researching this issue. (CVE-2014-3507) [Adam Langley] *) An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. Thanks to Adam Langley for discovering and researching this issue. (CVE-2014-3506) [Adam Langley] *) An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. Thanks to Adam Langley and Wan-Teh Chang for discovering and researching this issue. (CVE-2014-3505) [Adam Langley] *) If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. (CVE-2014-3509) [Gabor Tyukasz] *) A malicious server can crash an OpenSSL client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack. Thanks to Joonas Kuorilehto and Riku Hietam�ki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] *) A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) [Emilia Käsper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to bogus results, with non-infinity inputs mapped to infinity too.) [Bodo Moeller] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1i U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay U src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE U src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U
CVS commit: src/crypto/external/bsd/openssl/dist/crypto/asn1
Module Name:src
Committed By: spz
Date: Sun Aug 10 08:27:42 UTC 2014
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/asn1: tasn_enc.c
Log Message:
merge accident, fixed
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c:1.2 src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c:1.2 Sun Aug 10 08:07:48 2014
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c Sun Aug 10 08:27:42 2014
@@ -463,7 +463,6 @@ static int asn1_set_seq_out(STACK_OF(ASN
}
}
}
- }
/* If not sorting just output each item */
if (!do_sort)
{
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Sun Aug 10 18:59:57 UTC 2014 Removed Files: src/crypto/external/bsd/openssl/dist/crypto/pkcs7: bio_ber.c dec.c des.pem doc enc.c es1.pem example.c example.h info.pem infokey.pem server.pem sign.c verify.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7: a1 a2 src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t: 3des.pem 3dess.pem c.pem ff msie-e msie-e.pem msie-enc-01 msie-enc-01.pem msie-enc-02 msie-enc-02.pem msie-s-a-e msie-s-a-e.pem nav-smime s.pem server.pem src/crypto/external/bsd/openssl/dist/demos/eay: Makefile base64.c conn.c loadrsa.c src/crypto/external/bsd/openssl/dist/demos/maurice: Makefile README cert.pem example1.c example2.c example3.c example4.c loadkeys.c loadkeys.h privkey.pem Log Message: remove empty files (newly gone in openssl 1.0.1i) remove now empty (and also gone) directories in a week or so (namely: crypto/pkcs7/p7 crypto/pkcs7/t demos/eay demos/maurice) To generate a diff of this commit: cvs rdiff -u -r1.3 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/bio_ber.c cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/dec.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/des.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/doc \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/enc.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/es1.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/example.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/example.h \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/info.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/infokey.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/server.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/sign.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/verify.c cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7/a1 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7/a2 cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/3des.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/3dess.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/c.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/ff \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-e \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-e.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-01 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-01.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-02 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-02.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-s-a-e \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-s-a-e.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/nav-smime \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/s.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/server.pem cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/demos/eay/Makefile \ src/crypto/external/bsd/openssl/dist/demos/eay/base64.c \ src/crypto/external/bsd/openssl/dist/demos/eay/conn.c \ src/crypto/external/bsd/openssl/dist/demos/eay/loadrsa.c cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/demos/maurice/Makefile \ src/crypto/external/bsd/openssl/dist/demos/maurice/README \ src/crypto/external/bsd/openssl/dist/demos/maurice/cert.pem \ src/crypto/external/bsd/openssl/dist/demos/maurice/example1.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/example2.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/example3.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/example4.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/loadkeys.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/loadkeys.h \ src/crypto/external/bsd/openssl/dist/demos/maurice/privkey.pem Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/crypto
Module Name:src Committed By: spz Date: Sun Aug 10 21:00:48 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/dist/crypto: ppccpuid.pl Log Message: merge lossage (this file is an ASM generator not used in a normal build) To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl diff -u src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl:1.3 src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl:1.4 --- src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl:1.3 Sun Aug 10 08:07:48 2014 +++ src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl Sun Aug 10 21:00:48 2014 @@ -88,8 +88,12 @@ Ladd: lwarx r5,0,r3 .globl .OPENSSL_rdtsc .align 4 .OPENSSL_rdtsc: - mftb r3 +Lrdtsc: + mftbr5 mftbu r4 + mftb r3 + cmplw r3,r5 + bne Lrdtsc blr .long 0 .byte 0,12,0x14,0,0,0,0,0
CVS commit: src
Module Name:src Committed By: spz Date: Sun Aug 10 08:07:50 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/dist: Configure Makefile src/crypto/external/bsd/openssl/dist/apps: ca.c ocsp.c s_client.c s_server.c src/crypto/external/bsd/openssl/dist/crypto: opensslconf.h opensslv.h ppccap.c ppccpuid.pl src/crypto/external/bsd/openssl/dist/crypto/asn1: asn_mime.c tasn_enc.c src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c bn_lib.c src/crypto/external/bsd/openssl/dist/crypto/cms: cms_pwri.c src/crypto/external/bsd/openssl/dist/crypto/conf: conf_def.c src/crypto/external/bsd/openssl/dist/crypto/ec: ecp_smpl.c ectest.c src/crypto/external/bsd/openssl/dist/crypto/evp: e_aes.c src/crypto/external/bsd/openssl/dist/crypto/idea: ideatest.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: bio_ber.c dec.c des.pem doc enc.c es1.pem example.c example.h info.pem infokey.pem server.pem sign.c verify.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7: a1 a2 src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t: 3des.pem 3dess.pem c.pem ff msie-e msie-e.pem msie-enc-01 msie-enc-01.pem msie-enc-02 msie-enc-02.pem msie-s-a-e msie-s-a-e.pem nav-smime s.pem server.pem src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c randfile.c src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa_eay.c src/crypto/external/bsd/openssl/dist/demos/eay: Makefile base64.c conn.c loadrsa.c src/crypto/external/bsd/openssl/dist/demos/maurice: Makefile README cert.pem example1.c example2.c example3.c example4.c loadkeys.c loadkeys.h privkey.pem src/crypto/external/bsd/openssl/dist/doc/ssl: SSL_CTX_set_client_CA_list.pod src/crypto/external/bsd/openssl/dist/ssl: d1_srvr.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c ssl.h ssl_ciph.c ssl_err.c ssl_locl.h t1_enc.c t1_lib.c tls_srp.c src/crypto/external/bsd/openssl/lib/libcrypto: shlib_version src/crypto/external/bsd/openssl/lib/libssl: shlib_version ssl.inc src/distrib/sets/lists/base: ad.arm ad.mips ad.powerpc md.amd64 md.sparc64 shl.mi src/distrib/sets/lists/debug: ad.arm ad.mips ad.powerpc md.amd64 md.sparc64 shl.mi Added Files: src/crypto/external/bsd/openssl/dist/test: heartbeat_test.c Removed Files: src/crypto/external/bsd/openssl/lib/libssl: ssl.diff Log Message: merge openssl 1.0.1i To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/Configure cvs rdiff -u -r1.1.1.7 -r1.2 src/crypto/external/bsd/openssl/dist/Makefile cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/apps/ca.c cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/apps/ocsp.c \ src/crypto/external/bsd/openssl/dist/apps/s_client.c \ src/crypto/external/bsd/openssl/dist/apps/s_server.c cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/dist/crypto/opensslconf.h cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/openssl/dist/crypto/opensslv.h cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/crypto/ppccap.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/cms/cms_pwri.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c cvs rdiff -u -r1.1.1.4 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/ec/ecp_smpl.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/dist/crypto/ec/ectest.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/idea/ideatest.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/bio_ber.c cvs rdiff -u -r1.1.1.1 -r1.2 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/dec.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/des.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/doc \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/enc.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/es1.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/example.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/example.h \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/info.pem \
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Sun Aug 10 07:36:33 UTC 2014 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv23227 Log Message: Upstream changelog: Changes between 1.0.1h and 1.0.1i [6 Aug 2014] *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for discovering this issue. (CVE-2014-3512) [Steve Henson] *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. (CVE-2014-3511) [David Benjamin] *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. Thanks to Felix Gröbert (Google) for discovering and researching this issue. (CVE-2014-3510) [Emilia Käsper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. Thanks to Adam Langley for discovering and researching this issue. (CVE-2014-3507) [Adam Langley] *) An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. Thanks to Adam Langley for discovering and researching this issue. (CVE-2014-3506) [Adam Langley] *) An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. Thanks to Adam Langley and Wan-Teh Chang for discovering and researching this issue. (CVE-2014-3505) [Adam Langley] *) If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. (CVE-2014-3509) [Gabor Tyukasz] *) A malicious server can crash an OpenSSL client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack. Thanks to Joonas Kuorilehto and Riku Hietam�ki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] *) A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) [Emilia Käsper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to bogus results, with non-infinity inputs mapped to infinity too.) [Bodo Moeller] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1i U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay U src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE U src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U
CVS commit: src/crypto/external/bsd/openssl/dist/crypto/asn1
Module Name:src Committed By: spz Date: Sun Aug 10 08:27:42 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/asn1: tasn_enc.c Log Message: merge accident, fixed To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: spz Date: Sun Aug 10 17:07:05 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto: man.inc src/crypto/external/bsd/openssl/lib/libcrypto/man: ASN1_OBJECT_new.3 ASN1_STRING_length.3 ASN1_STRING_new.3 ASN1_STRING_print_ex.3 ASN1_generate_nconf.3 BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 BIO_f_cipher.3 BIO_f_md.3 BIO_f_null.3 BIO_f_ssl.3 BIO_find_type.3 BIO_new.3 BIO_new_CMS.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 BIO_s_bio.3 BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 BIO_s_null.3 BIO_s_socket.3 BIO_set_callback.3 BIO_should_retry.3 BN_BLINDING_new.3 BN_CTX_new.3 BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 BN_copy.3 BN_generate_prime.3 BN_mod_inverse.3 BN_mod_mul_montgomery.3 BN_mod_mul_reciprocal.3 BN_new.3 BN_num_bytes.3 BN_rand.3 BN_set_bit.3 BN_swap.3 BN_zero.3 CMS_add0_cert.3 CMS_add1_recipient_cert.3 CMS_compress.3 CMS_decrypt.3 CMS_encrypt.3 CMS_final.3 CMS_get0_RecipientInfos.3 CMS_get0_SignerInfos.3 CMS_get0_type.3 CMS_get1_ReceiptRequest.3 CMS_sign.3 CMS_sign_add1_signer.3 CMS_sign_receipt.3 CMS_uncompress.3 CMS_verify.3 CMS_verify_receipt.3 CONF_modules_free.3 CONF_modules_load_file.3 CRYPTO_set_ex_data.3 DH_generate_key.3 DH_generate_parameters.3 DH_get_ex_new_index.3 DH_new.3 DH_set_method.3 DH_size.3 DSA_SIG_new.3 DSA_do_sign.3 DSA_dup_DH.3 DSA_generate_key.3 DSA_generate_parameters.3 DSA_get_ex_new_index.3 DSA_new.3 DSA_set_method.3 DSA_sign.3 DSA_size.3 ERR_GET_LIB.3 ERR_clear_error.3 ERR_error_string.3 ERR_get_error.3 ERR_load_crypto_strings.3 ERR_load_strings.3 ERR_print_errors.3 ERR_put_error.3 ERR_remove_state.3 ERR_set_mark.3 EVP_BytesToKey.3 EVP_DigestInit.3 EVP_DigestSignInit.3 EVP_DigestVerifyInit.3 EVP_EncryptInit.3 EVP_OpenInit.3 EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_new.3 EVP_PKEY_cmp.3 EVP_PKEY_decrypt.3 EVP_PKEY_derive.3 EVP_PKEY_encrypt.3 EVP_PKEY_get_default_digest.3 EVP_PKEY_keygen.3 EVP_PKEY_new.3 EVP_PKEY_print_private.3 EVP_PKEY_set1_RSA.3 EVP_PKEY_sign.3 EVP_PKEY_verify.3 EVP_PKEY_verify_recover.3 EVP_SealInit.3 EVP_SignInit.3 EVP_VerifyInit.3 OBJ_nid2obj.3 OPENSSL_Applink.3 OPENSSL_VERSION_NUMBER.3 OPENSSL_config.3 OPENSSL_ia32cap.3 OPENSSL_load_builtin_modules.3 OpenSSL_add_all_algorithms.3 PEM_write_bio_CMS_stream.3 PEM_write_bio_PKCS7_stream.3 PKCS12_create.3 PKCS12_parse.3 PKCS7_decrypt.3 PKCS7_encrypt.3 PKCS7_sign.3 PKCS7_sign_add_signer.3 PKCS7_verify.3 RAND_add.3 RAND_bytes.3 RAND_cleanup.3 RAND_egd.3 RAND_load_file.3 RAND_set_rand_method.3 RSA_blinding_on.3 RSA_check_key.3 RSA_generate_key.3 RSA_get_ex_new_index.3 RSA_new.3 RSA_padding_add_PKCS1_type_1.3 RSA_print.3 RSA_private_encrypt.3 RSA_public_encrypt.3 RSA_set_method.3 RSA_sign.3 RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SMIME_read_CMS.3 SMIME_read_PKCS7.3 SMIME_write_CMS.3 SMIME_write_PKCS7.3 SSL_CIPHER_get_name.3 SSL_COMP_add_compression_method.3 SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 SSL_CTX_ctrl.3 SSL_CTX_flush_sessions.3 SSL_CTX_free.3 SSL_CTX_get_ex_new_index.3 SSL_CTX_get_verify_mode.3 SSL_CTX_load_verify_locations.3 SSL_CTX_new.3 SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 SSL_CTX_set_cert_store.3 SSL_CTX_set_cert_verify_callback.3 SSL_CTX_set_cipher_list.3 SSL_CTX_set_client_CA_list.3 SSL_CTX_set_client_cert_cb.3 SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_generate_session_id.3 SSL_CTX_set_info_callback.3 SSL_CTX_set_max_cert_list.3 SSL_CTX_set_mode.3 SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 SSL_CTX_set_psk_client_callback.3 SSL_CTX_set_quiet_shutdown.3 SSL_CTX_set_session_cache_mode.3 SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 SSL_CTX_set_timeout.3 SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_verify.3 SSL_CTX_use_certificate.3 SSL_CTX_use_psk_identity_hint.3 SSL_SESSION_free.3 SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_time.3 SSL_accept.3 SSL_alert_type_string.3 SSL_clear.3 SSL_connect.3 SSL_do_handshake.3 SSL_free.3 SSL_get_SSL_CTX.3 SSL_get_ciphers.3 SSL_get_client_CA_list.3 SSL_get_current_cipher.3 SSL_get_default_timeout.3 SSL_get_error.3 SSL_get_ex_data_X509_STORE_CTX_idx.3
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Sun Aug 10 18:59:57 UTC 2014 Removed Files: src/crypto/external/bsd/openssl/dist/crypto/pkcs7: bio_ber.c dec.c des.pem doc enc.c es1.pem example.c example.h info.pem infokey.pem server.pem sign.c verify.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7: a1 a2 src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t: 3des.pem 3dess.pem c.pem ff msie-e msie-e.pem msie-enc-01 msie-enc-01.pem msie-enc-02 msie-enc-02.pem msie-s-a-e msie-s-a-e.pem nav-smime s.pem server.pem src/crypto/external/bsd/openssl/dist/demos/eay: Makefile base64.c conn.c loadrsa.c src/crypto/external/bsd/openssl/dist/demos/maurice: Makefile README cert.pem example1.c example2.c example3.c example4.c loadkeys.c loadkeys.h privkey.pem Log Message: remove empty files (newly gone in openssl 1.0.1i) remove now empty (and also gone) directories in a week or so (namely: crypto/pkcs7/p7 crypto/pkcs7/t demos/eay demos/maurice) To generate a diff of this commit: cvs rdiff -u -r1.3 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/bio_ber.c cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/dec.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/des.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/doc \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/enc.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/es1.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/example.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/example.h \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/info.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/infokey.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/server.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/sign.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/verify.c cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7/a1 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7/a2 cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/3des.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/3dess.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/c.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/ff \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-e \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-e.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-01 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-01.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-02 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-02.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-s-a-e \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-s-a-e.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/nav-smime \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/s.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/server.pem cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/demos/eay/Makefile \ src/crypto/external/bsd/openssl/dist/demos/eay/base64.c \ src/crypto/external/bsd/openssl/dist/demos/eay/conn.c \ src/crypto/external/bsd/openssl/dist/demos/eay/loadrsa.c cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/demos/maurice/Makefile \ src/crypto/external/bsd/openssl/dist/demos/maurice/README \ src/crypto/external/bsd/openssl/dist/demos/maurice/cert.pem \ src/crypto/external/bsd/openssl/dist/demos/maurice/example1.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/example2.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/example3.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/example4.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/loadkeys.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/loadkeys.h \ src/crypto/external/bsd/openssl/dist/demos/maurice/privkey.pem Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/crypto
Module Name:src Committed By: spz Date: Sun Aug 10 21:00:48 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/dist/crypto: ppccpuid.pl Log Message: merge lossage (this file is an ASM generator not used in a normal build) To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/etc/rc.d
Module Name:src
Committed By: spz
Date: Thu Jul 17 07:17:03 UTC 2014
Modified Files:
src/etc/rc.d: dhcpd
Log Message:
Create the dhcpd.leases file if it doesn't exist already, don't just
warn about it not being there.
Closes PR misc/48868
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/etc/rc.d/dhcpd
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/rc.d/dhcpd
diff -u src/etc/rc.d/dhcpd:1.6 src/etc/rc.d/dhcpd:1.7
--- src/etc/rc.d/dhcpd:1.6 Fri Aug 13 18:08:03 2004
+++ src/etc/rc.d/dhcpd Thu Jul 17 07:17:03 2014
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: dhcpd,v 1.6 2004/08/13 18:08:03 mycroft Exp $
+# $NetBSD: dhcpd,v 1.7 2014/07/17 07:17:03 spz Exp $
#
# PROVIDE: dhcpd
@@ -12,8 +12,17 @@ $_rc_subr_loaded . /etc/rc.subr
name=dhcpd
rcvar=$name
command=/usr/sbin/${name}
+start_precmd=dhcpd_precmd
pidfile=/var/run/${name}.pid
-required_files=/etc/${name}.conf /var/db/${name}.leases
+required_files=/etc/${name}.conf
+
+dhcpd_precmd()
+{
+if [ ! -e /var/db/${name}.leases ]; then
+echo Creating /var/db/${name}.leases
+touch /var/db/${name}.leases
+fi
+}
load_rc_config $name
run_rc_command $1
CVS commit: src/etc/rc.d
Module Name:src Committed By: spz Date: Thu Jul 17 07:17:03 UTC 2014 Modified Files: src/etc/rc.d: dhcpd Log Message: Create the dhcpd.leases file if it doesn't exist already, don't just warn about it not being there. Closes PR misc/48868 To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/etc/rc.d/dhcpd Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/dhcp/include
Module Name:src Committed By: spz Date: Sun Jul 13 19:37:23 UTC 2014 Modified Files: src/external/bsd/dhcp/include: config.h Log Message: make the comment at the DHCPv6 define less cryptic To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/external/bsd/dhcp/include/config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/dhcp/include/config.h diff -u src/external/bsd/dhcp/include/config.h:1.6 src/external/bsd/dhcp/include/config.h:1.7 --- src/external/bsd/dhcp/include/config.h:1.6 Sun Jul 13 14:56:56 2014 +++ src/external/bsd/dhcp/include/config.h Sun Jul 13 19:37:23 2014 @@ -16,7 +16,7 @@ #define DHCP_BYTE_ORDER _BYTE_ORDER #if 0 -/* From the Makefile */ +/* make it possible to obey USE_INET6=no, define it in the Makefile instead */ /* Define to 1 to include DHCPv6 support. */ #define DHCPv6 1 #endif
CVS commit: src/external/bsd/dhcp/include
Module Name:src Committed By: spz Date: Sun Jul 13 19:37:23 UTC 2014 Modified Files: src/external/bsd/dhcp/include: config.h Log Message: make the comment at the DHCPv6 define less cryptic To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/external/bsd/dhcp/include/config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS import: src/external/bsd/dhcp/dist
Module Name:src Committed By: spz Date: Sat Jul 12 11:58:18 UTC 2014 Update of /cvsroot/src/external/bsd/dhcp/dist In directory ivanova.netbsd.org:/tmp/cvs-serv10346 Log Message: import of dhcp 4.3.0. Excerpts of the upstream RELNOTES: The major theme for ISC DHCP 4.3.x was to update the suport for DHCPv6 to include several of the features that have been available for DHCPv4. These include: - Support the use of classes - Support for on_commit, on_expiry and on_release statements - Better logging of address assignments - Support for using DHCPv6 relay options in expressions This release also adds suppport for the standard DDNS as described in the current RFCs as well as enhancing support for dynamically adding and removing subclasses via OMAPI. There are a number of DHCPv6 limitations and features missing in this release, which will be addressed in the future: - Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported. - DHCPv6 includes human-readable text in status code messages, in English. A method to reconfigure or support other languages would be preferable. - The host-identifier option is limited to a simple token. - The client and server can only operate DHCPv4 or DHCPv6 at a time, not both. To use both protocols simultaneously, two instances of the relevant daemon are required, one with the '-6' command line option. Changes since 4.3.0b1 - Tidy up receive packet processing. Thanks to Brad Plank of GTA for reporting the issue and suggesting a possible patch. [ISC-Bugs #34447] Changes since 4.3.0a1 - Modify the message displayed when a process hits a fatal error. The new message is much shorter and simply points to the README and our website for directions on bug submissions. [ISC-Bugs #24789] - Handle an absent resolv.conf file better. [ISC-Bugs #35194] Changes since 4.2.5 - Address static analysis warnings. [ISC-Bugs #33510] [ISC-Bugs #33511] - Silence benign static analysis warnings. [ISC-Bugs #33428] - Add check for 64-bit package for atf. [ISC-Bugs #32206] - Use newer auto* tool packages and turn on RFC_3542 support on Mac OS. [ISC-Bugs #26303] - Remove a variable when it isn't being used due to #ifdefs to avoid a compiler warning on Solaris using GCC. [ISC-Bugs #33032] - Add a check for too much whitespace in a config or lease file. Thanks to Paolo Pellegrino for finding the issue and a suggestion for the patch. [ISC-Bugs #33351] - Fix several problems with using OMAPI to manipulate class and subclass objects. [ISC-Bugs #27452] - Added a sleep call after killing the old client to allow time for the sockets to be cleaned. This should allow the -r option to work more consistently. [ISC-Bugs #18175] - Missing files for ISC DHCP Developer's Guide are now included in the release tarballs. To generate this documentation, please use make devel command in doc directory. [ISC-Bugs #32767] - Update client script for use with openwrt. [ISC-Bugs #29843] - Fix the socket handling for DHCPv6 clients to allow multiple instances of a client on a single machine to work properly. Previously only one client would receive the packets. Thanks to Jiri Popelka at Red Hat for the bug report and a potential patch. [ISC-Bugs #34784] - Added support for gentle shutdown after signal is received. [ISC-Bugs #32692] [ISC-Bugs 34945] - Enhance the DHCPv6 server logging to include the addresses that are assigned to the clients. [ISC-Bugs #26377] - Fix an operation in the DDNS code to be a bitwise instead of logical or. [ISC-Bugs #35138] Status: Vendor Tag: ISC Release Tags: DHCP4_3_0 U src/external/bsd/dhcp/dist/aclocal.m4 N src/external/bsd/dhcp/dist/config.guess N src/external/bsd/dhcp/dist/compile N src/external/bsd/dhcp/dist/config.sub U src/external/bsd/dhcp/dist/configure U src/external/bsd/dhcp/dist/configure.ac U src/external/bsd/dhcp/dist/depcomp U src/external/bsd/dhcp/dist/install-sh U src/external/bsd/dhcp/dist/LICENSE U src/external/bsd/dhcp/dist/Makefile.am U src/external/bsd/dhcp/dist/Makefile.in U src/external/bsd/dhcp/dist/missing U src/external/bsd/dhcp/dist/README U src/external/bsd/dhcp/dist/RELNOTES N src/external/bsd/dhcp/dist/test-driver U src/external/bsd/dhcp/dist/doc/api+protocol U src/external/bsd/dhcp/dist/doc/IANA-arp-parameters U src/external/bsd/dhcp/dist/doc/References.html U src/external/bsd/dhcp/dist/doc/Makefile U src/external/bsd/dhcp/dist/doc/References.xml U src/external/bsd/dhcp/dist/doc/References.txt N src/external/bsd/dhcp/dist/doc/devel/contrib.dox N src/external/bsd/dhcp/dist/doc/devel/arch.dox N src/external/bsd/dhcp/dist/doc/devel/atf.dox N src/external/bsd/dhcp/dist/doc/devel/debug.dox U src/external/bsd/dhcp/dist/doc/devel/doxyfile.in N src/external/bsd/dhcp/dist/doc/devel/isc-logo.jpg N src/external/bsd/dhcp/dist/doc/devel/mainpage.dox N
CVS commit: src/external/bsd/dhcp
Module Name:src
Committed By: spz
Date: Sat Jul 12 12:11:22 UTC 2014
Modified Files:
src/external/bsd/dhcp: Makefile.inc
Log Message:
the new release wants libisc (and thus libisccfg) from bind
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/external/bsd/dhcp/Makefile.inc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/dhcp/Makefile.inc
diff -u src/external/bsd/dhcp/Makefile.inc:1.10 src/external/bsd/dhcp/Makefile.inc:1.11
--- src/external/bsd/dhcp/Makefile.inc:1.10 Thu Jan 16 13:55:46 2014
+++ src/external/bsd/dhcp/Makefile.inc Sat Jul 12 12:11:22 2014
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.10 2014/01/16 13:55:46 christos Exp $
+# $NetBSD: Makefile.inc,v 1.11 2014/07/12 12:11:22 spz Exp $
WARNS?= 1 # XXX -Wshadow -Wcast-qual -Wsign-compare
@@ -23,7 +23,7 @@ CPPFLAGS+= -DDHCPv6
CPPFLAGS+= -DISC_PLATFORM_USETHREADS -DHAVE_CONFIG_H
CPPFLAGS+= -I${DIST} -I${DIST}/includes -I${DIST}/../include
CPPFLAGS+= -I${BIND} -I${BIND}/includes -I${BIND}/../include
-.for dir in isc dns
+.for dir in isc dns irs
CPPFLAGS+= -I${BIND}/lib/${dir}/include
CPPFLAGS+= -I${BIND}/lib/${dir}/unix/include
CPPFLAGS+= -I${BIND}/lib/${dir}/pthreads/include
@@ -34,7 +34,7 @@ LDADD+= ${OMOBJDIR}/libomapi.a ${DSTOBJD
.if defined(PROG) ${PROG} == dhclient
LDADD+=-Wl,-Bstatic
.endif
-LDADD+= -ldns -lisc
+LDADD+= -lirs -lisccfg -ldns -lisc
LDADD+=-lpthread
.if defined(PROG) ${PROG} == dhclient
LDADD+=-Wl,-Bdynamic
CVS commit: src/doc
Module Name:src Committed By: spz Date: Sat Jul 12 12:53:27 UTC 2014 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: update the records for the dhcp import To generate a diff of this commit: cvs rdiff -u -r1.1133 -r1.1134 src/doc/3RDPARTY cvs rdiff -u -r1.1943 -r1.1944 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1133 src/doc/3RDPARTY:1.1134 --- src/doc/3RDPARTY:1.1133 Fri Jul 11 22:33:03 2014 +++ src/doc/3RDPARTY Sat Jul 12 12:53:27 2014 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1133 2014/07/11 22:33:03 alnsn Exp $ +# $NetBSD: 3RDPARTY,v 1.1134 2014/07/12 12:53:27 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -289,8 +289,8 @@ distribution into the netbsd format. Th src/lib/libc/db/db2netbsd. Package: dhcp -Version: 4.2.5-P1 -Current Vers: 4.2.5-P1 +Version: 4.3.0 +Current Vers: 4.3.0 Maintainer: mellon Archive Site: ftp://ftp.isc.org/isc/dhcp/ Home Page: http://www.isc.org/software/dhcp/ Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.1943 src/doc/CHANGES:1.1944 --- src/doc/CHANGES:1.1943 Wed Jul 9 04:53:35 2014 +++ src/doc/CHANGES Sat Jul 12 12:53:27 2014 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1943 $ +# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1944 $ # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -439,3 +439,4 @@ Changes from NetBSD 6.0 to NetBSD 7.0: and reorganize. [dholland 20140705] postfix(1): Import version 2.11.1 [tron 20140706] bind: Import version 9.10.0-P2 [spz 20140708] + dhcp: Import version 4.3.0 [spz 20140712]
