CVS commit: src/libexec/httpd
Module Name:src
Committed By: spz
Date: Thu Aug 20 05:46:31 UTC 2020
Modified Files:
src/libexec/httpd: bozohttpd.c bozohttpd.h cgi-bozo.c ssl-bozo.c
Log Message:
send close_notify for the ssl connection before closing the TCP connection
Thanks to Dr. Thomas Orgis for reporting the issue.
To generate a diff of this commit:
cvs rdiff -u -r1.117 -r1.118 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.62 -r1.63 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/ssl-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.117 src/libexec/httpd/bozohttpd.c:1.118
--- src/libexec/httpd/bozohttpd.c:1.117 Mon Jul 13 09:38:57 2020
+++ src/libexec/httpd/bozohttpd.c Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.117 2020/07/13 09:38:57 jruoho Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.118 2020/08/20 05:46:31 spz Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -1912,6 +1912,8 @@ bozo_process_request(bozo_httpreq_t *req
cleanup:
close(fd);
cleanup_nofd:
+ /* If SSL enabled send close_notify. */
+ bozo_ssl_shutdown(request->hr_httpd);
close(STDIN_FILENO);
close(STDOUT_FILENO);
/*close(STDERR_FILENO);*/
Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.62 src/libexec/httpd/bozohttpd.h:1.63
--- src/libexec/httpd/bozohttpd.h:1.62 Sat Jul 11 08:10:52 2020
+++ src/libexec/httpd/bozohttpd.h Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.h,v 1.62 2020/07/11 08:10:52 jruoho Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.63 2020/08/20 05:46:31 spz Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
@@ -312,6 +312,7 @@ char *bozostrdup(bozohttpd_t *, bozo_htt
#define bozo_ssl_set_ciphers(w, x) bozo_noop
#define bozo_ssl_init(x)bozo_noop
#define bozo_ssl_accept(x)(0)
+#define bozo_ssl_shutdown(x)bozo_noop
#define bozo_ssl_destroy(x)bozo_noop
#define have_ssl (0)
#else
@@ -319,6 +320,7 @@ void bozo_ssl_set_opts(bozohttpd_t *, co
void bozo_ssl_set_ciphers(bozohttpd_t *, const char *);
void bozo_ssl_init(bozohttpd_t *);
int bozo_ssl_accept(bozohttpd_t *);
+void bozo_ssl_shutdown(bozohttpd_t *);
void bozo_ssl_destroy(bozohttpd_t *);
#define have_ssl (1)
#endif
Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.49 src/libexec/httpd/cgi-bozo.c:1.50
--- src/libexec/httpd/cgi-bozo.c:1.49 Fri Dec 6 05:53:20 2019
+++ src/libexec/httpd/cgi-bozo.c Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: cgi-bozo.c,v 1.49 2019/12/06 05:53:20 mrg Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.50 2020/08/20 05:46:31 spz Exp $ */
/* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */
@@ -637,6 +637,8 @@ bozo_process_cgi(bozo_httpreq_t *request
/* child reader/writer */
close(STDIN_FILENO);
finish_cgi_output(httpd, request, sv[0], nph);
+ /* if we do SSL, send a SSL_shutdown now */
+ bozo_ssl_shutdown(request->hr_httpd);
/* if we're done output, our parent is useless... */
kill(getppid(), SIGKILL);
debug((httpd, DEBUG_FAT, "done processing cgi output"));
Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.26 src/libexec/httpd/ssl-bozo.c:1.27
--- src/libexec/httpd/ssl-bozo.c:1.26 Thu Feb 28 08:28:21 2019
+++ src/libexec/httpd/ssl-bozo.c Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: ssl-bozo.c,v 1.26 2019/02/28 08:28:21 mrg Exp $ */
+/* $NetBSD: ssl-bozo.c,v 1.27 2020/08/20 05:46:31 spz Exp $ */
/* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */
@@ -287,6 +287,15 @@ bozo_ssl_accept(bozohttpd_t *httpd)
}
void
+bozo_ssl_shutdown(bozohttpd_t *httpd)
+{
+ const sslinfo_t *sslinfo = httpd->sslinfo;
+
+ if (sslinfo && sslinfo->bozossl)
+ SSL_shutdown(sslinfo->bozossl);
+}
+
+void
bozo_ssl_destroy(bozohttpd_t *httpd)
{
const sslinfo_t *sslinfo = httpd->sslinfo;
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Tue Jul 10 13:36:51 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs.h usbdevs_data.h Log Message: regenerated (now with correct reference id) To generate a diff of this commit: cvs rdiff -u -r1.744 -r1.745 src/sys/dev/usb/usbdevs.h \ src/sys/dev/usb/usbdevs_data.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/usbdevs.h diff -u src/sys/dev/usb/usbdevs.h:1.744 src/sys/dev/usb/usbdevs.h:1.745 --- src/sys/dev/usb/usbdevs.h:1.744 Tue Jul 10 11:21:34 2018 +++ src/sys/dev/usb/usbdevs.h Tue Jul 10 13:36:51 2018 @@ -1,10 +1,10 @@ -/* $NetBSD: usbdevs.h,v 1.744 2018/07/10 11:21:34 spz Exp $ */ +/* $NetBSD: usbdevs.h,v 1.745 2018/07/10 13:36:51 spz Exp $ */ /* * THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * NetBSD: usbdevs,v 1.750 2018/06/05 13:21:15 martin Exp + * NetBSD: usbdevs,v 1.752 2018/07/10 13:32:38 spz Exp */ /*- @@ -38,7 +38,7 @@ */ /* - * Use "make -f Makefile.usbdevs" to regenerate usbdevs.h and usbdevs_data.h + * Follow the handling instructions in Makefile.usbdevs */ /* Index: src/sys/dev/usb/usbdevs_data.h diff -u src/sys/dev/usb/usbdevs_data.h:1.744 src/sys/dev/usb/usbdevs_data.h:1.745 --- src/sys/dev/usb/usbdevs_data.h:1.744 Tue Jul 10 11:21:34 2018 +++ src/sys/dev/usb/usbdevs_data.h Tue Jul 10 13:36:51 2018 @@ -1,10 +1,10 @@ -/* $NetBSD: usbdevs_data.h,v 1.744 2018/07/10 11:21:34 spz Exp $ */ +/* $NetBSD: usbdevs_data.h,v 1.745 2018/07/10 13:36:51 spz Exp $ */ /* * THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * NetBSD: usbdevs,v 1.750 2018/06/05 13:21:15 martin Exp + * NetBSD: usbdevs,v 1.752 2018/07/10 13:32:38 spz Exp */ /*-
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Tue Jul 10 13:32:38 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs Log Message: change handling hint to point to the full instructions (comment change only) To generate a diff of this commit: cvs rdiff -u -r1.751 -r1.752 src/sys/dev/usb/usbdevs Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/usbdevs diff -u src/sys/dev/usb/usbdevs:1.751 src/sys/dev/usb/usbdevs:1.752 --- src/sys/dev/usb/usbdevs:1.751 Tue Jul 10 11:21:34 2018 +++ src/sys/dev/usb/usbdevs Tue Jul 10 13:32:38 2018 @@ -1,4 +1,4 @@ -$NetBSD: usbdevs,v 1.751 2018/07/10 11:21:34 spz Exp $ +$NetBSD: usbdevs,v 1.752 2018/07/10 13:32:38 spz Exp $ /*- * Copyright (c) 1998-2004 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ $NetBSD: usbdevs,v 1.751 2018/07/10 11:2 */ /* - * Use "make -f Makefile.usbdevs" to regenerate usbdevs.h and usbdevs_data.h + * Follow the handling instructions in Makefile.usbdevs */ /*
CVS commit: src/sys/dev/usb
Module Name:src Committed By: spz Date: Sun Jul 8 08:32:53 UTC 2018 Modified Files: src/sys/dev/usb: usbdevs.h Log Message: add identification for some Yubikeys To generate a diff of this commit: cvs rdiff -u -r1.742 -r1.743 src/sys/dev/usb/usbdevs.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/usbdevs.h diff -u src/sys/dev/usb/usbdevs.h:1.742 src/sys/dev/usb/usbdevs.h:1.743 --- src/sys/dev/usb/usbdevs.h:1.742 Tue Jun 5 13:21:37 2018 +++ src/sys/dev/usb/usbdevs.h Sun Jul 8 08:32:53 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: usbdevs.h,v 1.742 2018/06/05 13:21:37 martin Exp $ */ +/* $NetBSD: usbdevs.h,v 1.743 2018/07/08 08:32:53 spz Exp $ */ /* * THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. @@ -470,6 +470,7 @@ #define USB_VENDOR_MOTOROLA4 0x100d /* Motorola */ #define USB_VENDOR_HP3 0x103c /* Hewlett Packard */ #define USB_VENDOR_GIGABYTE 0x1044 /* GIGABYTE */ +#define USB_VENDOR_YUBICO 0x1050 /* Yubico.se */ #define USB_VENDOR_WESTERN 0x1058 /* Western Digital */ #define USB_VENDOR_MOTOROLA 0x1063 /* Motorola */ #define USB_VENDOR_CCYU 0x1065 /* CCYU Technology */ @@ -3494,6 +3495,11 @@ /* Y-E Data products */ #define USB_PRODUCT_YEDATA_FLASHBUSTERU 0x /* Flashbuster-U */ +/* Yubico products */ +#define USB_PRODUCT_YUBICO_YUBIKEY4MODE1 0x0404 /* YubiKey 4 CCID */ +#define USB_PRODUCT_YUBICO_YUBIKEY4MODE2 0x0405 /* YubiKey 4 OTP+CCID */ +#define USB_PRODUCT_YUBICO_YUBIKEY4MODE6 0x0407 /* YubiKey 4 OTP+CCID+U2F */ + /* Z-Com products */ #define USB_PRODUCT_ZCOM_M4Y750 0x0001 /* M4Y-750 */ #define USB_PRODUCT_ZCOM_725 0x0002 /* 725/726 Prism2.5 WLAN */
CVS commit: src/crypto/external/bsd/heimdal/dist/kdc
Module Name:src
Committed By: spz
Date: Sun Apr 29 05:36:04 UTC 2018
Modified Files:
src/crypto/external/bsd/heimdal/dist/kdc: connect.c
Log Message:
avoid busy-waiting on a dead child
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/heimdal/dist/kdc/connect.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/heimdal/dist/kdc/connect.c
diff -u src/crypto/external/bsd/heimdal/dist/kdc/connect.c:1.2 src/crypto/external/bsd/heimdal/dist/kdc/connect.c:1.3
--- src/crypto/external/bsd/heimdal/dist/kdc/connect.c:1.2 Sat Jan 28 21:31:44 2017
+++ src/crypto/external/bsd/heimdal/dist/kdc/connect.c Sun Apr 29 05:36:04 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: connect.c,v 1.2 2017/01/28 21:31:44 christos Exp $ */
+/* $NetBSD: connect.c,v 1.3 2018/04/29 05:36:04 spz Exp $ */
/*
* Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
@@ -1193,7 +1193,7 @@ start_kdc(krb5_context context,
break;
default:
for (i=0; i < max_kdcs; i++) {
-if (pids[i] == 0) {
+if (pids[i] < 1) {
pids[i] = pid;
break;
}
CVS commit: src/sys/arch/amiga/conf
Module Name:src
Committed By: spz
Date: Tue Mar 6 06:04:21 UTC 2018
Modified Files:
src/sys/arch/amiga/conf: files.amiga
Log Message:
if_xsh needs mii_bitbang; make a pared down kernel build
To generate a diff of this commit:
cvs rdiff -u -r1.178 -r1.179 src/sys/arch/amiga/conf/files.amiga
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amiga/conf/files.amiga
diff -u src/sys/arch/amiga/conf/files.amiga:1.178 src/sys/arch/amiga/conf/files.amiga:1.179
--- src/sys/arch/amiga/conf/files.amiga:1.178 Mon Oct 3 14:26:02 2016
+++ src/sys/arch/amiga/conf/files.amiga Tue Mar 6 06:04:21 2018
@@ -1,4 +1,4 @@
-# $NetBSD: files.amiga,v 1.178 2016/10/03 14:26:02 rkujawa Exp $
+# $NetBSD: files.amiga,v 1.179 2018/03/06 06:04:21 spz Exp $
# maxpartitions must be first item in files.${ARCH}.newconf
maxpartitions 16 # NOTE THAT AMIGA IS SPECIAL!
@@ -254,7 +254,7 @@ device xsh: xshbus
attach xsh at zbus
file arch/amiga/dev/xsh.c xsh needs-flag
-attach ne at xshbus with ne_xsh: ax88190
+attach ne at xshbus with ne_xsh: ax88190, mii_bitbang
file arch/amiga/dev/if_ne_xsh.c ne_xsh needs-flag
# Hydra ethernet card
CVS commit: src/external/bsd/wpa/dist
Module Name:src
Committed By: spz
Date: Mon Oct 16 17:36:16 UTC 2017
Modified Files:
src/external/bsd/wpa/dist/src/ap: ieee802_11.c wpa_auth.c wpa_auth.h
wpa_auth_ft.c wpa_auth_i.h
src/external/bsd/wpa/dist/src/common: wpa_common.h
src/external/bsd/wpa/dist/src/rsn_supp: tdls.c wpa.c wpa_ft.c wpa_i.h
src/external/bsd/wpa/dist/wpa_supplicant: wnm_sta.c
Log Message:
apply patches from upstream, namely from https://w1.fi/security/2017-1/ :
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
02-Oct-2017 16:19 6.1K
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
02-Oct-2017 16:19 7.7K
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
02-Oct-2017 16:19 6.7K
rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
02-Oct-2017 16:19 2.5K
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
02-Oct-2017 16:19 1.9K
rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
02-Oct-2017 16:19 4.2K
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
02-Oct-2017 16:19 1.6K
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
02-Oct-2017 16:19 2.7K
for CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088
(see
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
for details)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.2 src/external/bsd/wpa/dist/src/ap/ieee802_11.c \
src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c
cvs rdiff -u -r1.9 -r1.10 src/external/bsd/wpa/dist/src/ap/wpa_auth.c
cvs rdiff -u -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth.h \
src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/common/wpa_common.h
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/tdls.c
cvs rdiff -u -r1.1.1.8 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa.c
cvs rdiff -u -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c \
src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/ap/ieee802_11.c
diff -u src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.1.1.7 src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.2
--- src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.1.1.7 Mon Nov 21 16:42:50 2016
+++ src/external/bsd/wpa/dist/src/ap/ieee802_11.c Mon Oct 16 17:36:16 2017
@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hos
{
struct ieee80211_ht_capabilities ht_cap;
struct ieee80211_vht_capabilities vht_cap;
+ int set = 1;
/*
* Remove the STA entry to ensure the STA PS state gets cleared and
@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hos
* FT-over-the-DS, where a station re-associates back to the same AP but
* skips the authentication flow, or if working with a driver that
* does not support full AP client state.
+ *
+ * Skip this if the STA has already completed FT reassociation and the
+ * TK has been configured since the TX/RX PN must not be reset to 0 for
+ * the same key.
*/
- if (!sta->added_unassoc)
+ if (!sta->added_unassoc &&
+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
hostapd_drv_sta_remove(hapd, sta->addr);
+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ set = 0;
+ }
#ifdef CONFIG_IEEE80211N
if (sta->flags & WLAN_STA_HT)
@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hos
sta->flags & WLAN_STA_VHT ? _cap : NULL,
sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
sta->vht_opmode, sta->p2p_ie ? 1 : 0,
- sta->added_unassoc)) {
+ set)) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
"Could not %s STA to kernel driver",
- sta->added_unassoc ? "set" : "add");
+ set ? "set" : "add");
if (sta->added_unassoc) {
hostapd_drv_sta_remove(hapd, sta->addr);
Index: src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c
diff -u src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c:1.1.1.7 src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c:1.2
--- src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c:1.1.1.7 Mon Nov 21 16:42:50 2016
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c Mon Oct 16 17:36:16 2017
@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state
return;
}
+ if (sm->tk_already_set) {
+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
+ * PN in the driver */
+ wpa_printf(MSG_DEBUG,
+ "FT: Do not re-install same PTK to the driver");
+ return;
+
CVS commit: src/doc
Module Name:src Committed By: spz Date: Fri Jul 14 04:56:12 UTC 2017 Modified Files: src/doc: RESPONSIBLE Log Message: add a few more '*' To generate a diff of this commit: cvs rdiff -u -r1.117 -r1.118 src/doc/RESPONSIBLE Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/RESPONSIBLE diff -u src/doc/RESPONSIBLE:1.117 src/doc/RESPONSIBLE:1.118 --- src/doc/RESPONSIBLE:1.117 Thu Jul 13 22:17:09 2017 +++ src/doc/RESPONSIBLE Fri Jul 14 04:56:11 2017 @@ -1,4 +1,4 @@ -# $NetBSD: RESPONSIBLE,v 1.117 2017/07/13 22:17:09 pgoyette Exp $ +# $NetBSD: RESPONSIBLE,v 1.118 2017/07/14 04:56:11 spz Exp $ List of sections of the system, and who is responsible for them (or at least considered an expert on them). @@ -17,10 +17,10 @@ audioplay mrg audiorecord mrg awk jdolecek* bc phil*, simonb -config cube +config cube* csh christos cvs christos, wiz -dhcp mellon +dhcp mellon* edquota dholland error christos etcupdate [nobody] @@ -66,7 +66,7 @@ top simonb user agc vi aymeric wakeonlan mbalmer -wpa_supplicant scw +wpa_supplicant scw* ypbind dholland Userland Libraries: @@ -113,7 +113,7 @@ device support: acpi thorpej*, kochi*, jmcneill, joerg audio augustss*, jmcneill, nat cgd elric -firewire jmc +firewire jmc* flash ahoka gpio mbalmer ide/atapi bouyer @@ -183,7 +183,7 @@ file systems: adosfs ? cd9660 ? -chfs ttoth +chfs ttoth* coda gdt efs rumble* ext2fs [nobody in particular] @@ -209,7 +209,7 @@ udf reinoud ufs fvdl* union [nobody] umapfs [nobody] -v7fs uch +v7fs uch* kern/vfs: @@ -274,7 +274,7 @@ cobalt core emips pooka evbarm core evbmips simonb -evbppc scw +evbppc scw* evbsh3 core ews4800mips tsutsui hp300 tsutsui @@ -287,12 +287,12 @@ ibmnws matt iyonix gavan landisk uwe luna68k nisimura -mac68k scottr +mac68k scottr* macppc macallan mipsco wdk* mmeye core -mvme68k scw -mvmeppc scw +mvme68k scw* +mvmeppc scw* netwinder matt news68k tsutsui newsmips core @@ -310,7 +310,7 @@ sh3 msaitoh,uwe sparc core sparc64 martin sun2 core -sun3 jeremy +sun3 jeremy* usermode reinoud vax core x68k core
CVS commit: src/sys
Module Name:src
Committed By: spz
Date: Tue Jun 13 19:13:55 UTC 2017
Modified Files:
src/sys/arch/ews4800mips/sbd: fb_sbdio.c
src/sys/arch/pmax/ibus: pm.c
src/sys/dev/hpc: bivideo.c
src/sys/dev/ic: sti.c
Log Message:
correct size checks so they cannot be circumvented by integer overflows
reported by CTurt, thanks for the notification
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/arch/ews4800mips/sbd/fb_sbdio.c
cvs rdiff -u -r1.12 -r1.13 src/sys/arch/pmax/ibus/pm.c
cvs rdiff -u -r1.33 -r1.34 src/sys/dev/hpc/bivideo.c
cvs rdiff -u -r1.18 -r1.19 src/sys/dev/ic/sti.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/ews4800mips/sbd/fb_sbdio.c
diff -u src/sys/arch/ews4800mips/sbd/fb_sbdio.c:1.15 src/sys/arch/ews4800mips/sbd/fb_sbdio.c:1.16
--- src/sys/arch/ews4800mips/sbd/fb_sbdio.c:1.15 Tue Jun 23 21:00:23 2015
+++ src/sys/arch/ews4800mips/sbd/fb_sbdio.c Tue Jun 13 19:13:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: fb_sbdio.c,v 1.15 2015/06/23 21:00:23 matt Exp $ */
+/* $NetBSD: fb_sbdio.c,v 1.16 2017/06/13 19:13:55 spz Exp $ */
/*-
* Copyright (c) 2004, 2005 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#define WIRED_FB_TLB
#include
-__KERNEL_RCSID(0, "$NetBSD: fb_sbdio.c,v 1.15 2015/06/23 21:00:23 matt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fb_sbdio.c,v 1.16 2017/06/13 19:13:55 spz Exp $");
#include
#include
@@ -303,6 +303,8 @@ _fb_ioctl(void *v, void *vs, u_long cmd,
if (ri->ri_flg == RI_FORCEMONO)
break;
ga_clut_get(ga);
+ if (cmap->index >= 256 || cmap->count > 256 - cmap->index)
+ return (EINVAL);
for (i = 0; i < cmap->count; i++) {
cmap->red[i] = ga->clut[cmap->index + i][0];
cmap->green[i] = ga->clut[cmap->index + i][1];
@@ -313,6 +315,8 @@ _fb_ioctl(void *v, void *vs, u_long cmd,
case WSDISPLAYIO_PUTCMAP:
if (ri->ri_flg == RI_FORCEMONO)
break;
+ if (cmap->index >= 256 || cmap->count > 256 - cmap->index)
+ return (EINVAL);
for (i = 0; i < cmap->count; i++) {
ga->clut[cmap->index + i][0] = cmap->red[i];
ga->clut[cmap->index + i][1] = cmap->green[i];
Index: src/sys/arch/pmax/ibus/pm.c
diff -u src/sys/arch/pmax/ibus/pm.c:1.12 src/sys/arch/pmax/ibus/pm.c:1.13
--- src/sys/arch/pmax/ibus/pm.c:1.12 Sun Nov 10 20:09:52 2013
+++ src/sys/arch/pmax/ibus/pm.c Tue Jun 13 19:13:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: pm.c,v 1.12 2013/11/10 20:09:52 christos Exp $ */
+/* $NetBSD: pm.c,v 1.13 2017/06/13 19:13:55 spz Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: pm.c,v 1.12 2013/11/10 20:09:52 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pm.c,v 1.13 2017/06/13 19:13:55 spz Exp $");
#include
#include
@@ -666,7 +666,7 @@ pm_get_cmap(struct pm_softc *sc, struct
index = p->index;
count = p->count;
- if (index >= sc->sc_cmap_size || (index + count) > sc->sc_cmap_size)
+ if (index >= sc->sc_cmap_size || count > sc->sc_cmap_size - index)
return (EINVAL);
if ((rv = copyout(>sc_cmap.r[index], p->red, count)) != 0)
@@ -685,7 +685,7 @@ pm_set_cmap(struct pm_softc *sc, struct
index = p->index;
count = p->count;
- if (index >= sc->sc_cmap_size || (index + count) > sc->sc_cmap_size)
+ if (index >= sc->sc_cmap_size || count > sc->sc_cmap_size - index)
return (EINVAL);
if ((rv = copyin(p->red, >sc_cmap.r[index], count)) != 0)
Index: src/sys/dev/hpc/bivideo.c
diff -u src/sys/dev/hpc/bivideo.c:1.33 src/sys/dev/hpc/bivideo.c:1.34
--- src/sys/dev/hpc/bivideo.c:1.33 Sat Oct 27 17:18:17 2012
+++ src/sys/dev/hpc/bivideo.c Tue Jun 13 19:13:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: bivideo.c,v 1.33 2012/10/27 17:18:17 chs Exp $ */
+/* $NetBSD: bivideo.c,v 1.34 2017/06/13 19:13:55 spz Exp $ */
/*-
* Copyright (c) 1999-2001
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: bivideo.c,v 1.33 2012/10/27 17:18:17 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bivideo.c,v 1.34 2017/06/13 19:13:55 spz Exp $");
#ifdef _KERNEL_OPT
#include "opt_hpcfb.h"
@@ -402,8 +402,8 @@ bivideo_ioctl(void *v, u_long cmd, void
if (sc->sc_fbconf.hf_class != HPCFB_CLASS_INDEXCOLOR ||
sc->sc_fbconf.hf_pack_width != 8 ||
- 256 <= cmap->index ||
- 256 < (cmap->index + cmap->count))
+ cmap->index >= 256 ||
+ cmap->count > 256 - cmap->index)
return (EINVAL);
error = copyout(_cmap_r[cmap->index], cmap->red,
Index: src/sys/dev/ic/sti.c
diff -u src/sys/dev/ic/sti.c:1.18 src/sys/dev/ic/sti.c:1.19
--- src/sys/dev/ic/sti.c:1.18 Sun Jun 29 04:08:43 2014
+++ src/sys/dev/ic/sti.c Tue Jun 13 19:13:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: sti.c,v 1.18 2014/06/29 04:08:43 tsutsui Exp $ */
+/* $NetBSD: sti.c,v 1.19 2017/06/13 19:13:55 spz Exp $ */
/* $OpenBSD: sti.c,v 1.61 2009/09/05 14:09:35 miod Exp $ */
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: sti.c,v
CVS commit: src/etc/ssh
Module Name:src Committed By: spz Date: Fri Mar 31 06:26:50 UTC 2017 Modified Files: src/etc/ssh: ssh_known_hosts Log Message: add ssh-ed25519 keys verify keys (split vir functions off from mollari) To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/etc/ssh/ssh_known_hosts Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/etc/ssh/ssh_known_hosts diff -u src/etc/ssh/ssh_known_hosts:1.9 src/etc/ssh/ssh_known_hosts:1.10 --- src/etc/ssh/ssh_known_hosts:1.9 Wed Sep 23 12:14:51 2015 +++ src/etc/ssh/ssh_known_hosts Fri Mar 31 06:26:50 2017 @@ -1,4 +1,4 @@ -# $NetBSD: ssh_known_hosts,v 1.9 2015/09/23 12:14:51 wiz Exp $ +# $NetBSD: ssh_known_hosts,v 1.10 2017/03/31 06:26:50 spz Exp $ # anoncvs.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEA3QiBl8leG9fqIJpKeNov0PKq5YryFFiroMWOPUv4hDFn8R0jC07YVaR/OSBrr37CTmGX5AFceXPzoFnLlwCqWR7rXg4NR75FTlTp9CG9EBAEtU8mee27KDrUFBTZdfVl2+aRYoAI5fTXA+0vpIO68Cq843vRWUZCcwinS4cNLUU= @@ -6,49 +6,85 @@ anoncvs.netbsd.org ecdsa-sha2-nistp521 A # cvs.netbsd.org,cvs4.netbsd.org,cvs6.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEA1b7MS3j0v6NzPr/Snh8OJTILvGLD9OA/zdrTfzQdq3doJjkLKJhD4WYj8SonaauEKuqzdJa1KVilj44GCrJBnjwbWg2BdJWLzB5YFmNgvmXwoqrl9kRyzMVk47UOxeREIipXldKajkCTc/nwa1mGrsCwVlC+TwAhWIyjyza6MOk= +cvs.netbsd.org,cvs4.netbsd.org,cvs6.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5IKs9vV7cSDdIw8hFUiIA+T9QIaZeLi963yuwe8zoCnsJ + cvs.netbsd.org,cvs4.netbsd.org,cvs6.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAGFloNiNSqIkMFVBUglnE9AgBI6J5cLh4hej8DZEtn4InWbFD3dxIFLvw8ZA3qLpVX/TCjFt++MEO3w5GJ2L7a2zQHGIn50E5KVcHuh9arVYRhLPqs9Vfl6ANJ6WiQ81f5k/dZ6ESI8BwqOyQY22/zTujyL8FGHvlZukNsB4iie7Wl+/Q== # ftp.netbsd.org,ftp4.netbsd.org,ftp6.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAv+tO1aHHsW1McwHgnJ28qsXn8gH8z/61yopJzmOKuHH07zBYOnhenAcni6E0+BRavSXXIuuTDdyxEyWcTqXoR0LEVShTzAFmZS3RyzTVl7A+Fp644lNnRaJh1380H+20uZjcKSPU0IudG5J7QllMbJY9RnIBFjGLzTb4vrC8GIc= morden.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAv+tO1aHHsW1McwHgnJ28qsXn8gH8z/61yopJzmOKuHH07zBYOnhenAcni6E0+BRavSXXIuuTDdyxEyWcTqXoR0LEVShTzAFmZS3RyzTVl7A+Fp644lNnRaJh1380H+20uZjcKSPU0IudG5J7QllMbJY9RnIBFjGLzTb4vrC8GIc= +ftp.netbsd.org,ftp4.netbsd.org,ftp6.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5ILx3zN5uEgRjNYqndcHwVOocWXOcHsufGsZdxNcLnJdh + +morden.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5ILx3zN5uEgRjNYqndcHwVOocWXOcHsufGsZdxNcLnJdh + ftp.netbsd.org,ftp4.netbsd.org,ftp6.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAFp8B5B8/cosThWLYgZp0jQGIqduvJUlra4gyCCqKLnaTn44cPltjjDWp1UHRsdVjm8ka81EYSJ95ZgD8lbPE/XZwBBmisSzTVoQT+b2x7ENPz2BOAgjxX5Lljy6Z2vpky8Gtu2nNJlFtekPbAS4wyDxHuwR5SZMEYNPTWegtBcvm460A== morden.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAFp8B5B8/cosThWLYgZp0jQGIqduvJUlra4gyCCqKLnaTn44cPltjjDWp1UHRsdVjm8ka81EYSJ95ZgD8lbPE/XZwBBmisSzTVoQT+b2x7ENPz2BOAgjxX5Lljy6Z2vpky8Gtu2nNJlFtekPbAS4wyDxHuwR5SZMEYNPTWegtBcvm460A== # mail.netbsd.org,homeworld.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAt8UJLhW8iou8Ack7V5XrzfCgzOkdK75+xDZePMBPg+CYDLnHbP1+KQaSrvfnvDzCvgOUXHOkGji1jbrtzDYwv7Itw0hRUo7TxR99c3bTomb9U0vWV5k4FDIyz4xJXWBJMVkKseAWAXgnc5FSdB6V/e21TAISJBl9dolhqOGVsxM= +mail.netbsd.org,homeworld.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5IFnVCBKDY0sNBJM4ip5Ql0KPsDAmQ+URkOelrQPO1ojv + mail.netbsd.org,homeworld.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBADOK8FUImVH0iPCzfwBD9gT8AUELweTGWry8eBXFbxCDcOYW+4HRtUuY7OqP/sJ8tlYCNg9F+PjAIDqp72h6YgPcQH2/M/8ZXizAT7y7uCiysYxMKYbmuBHqVybaJd5rWUNL19JE6e3H+KBkwYQbf7Jrrs6RhDYMCguPmi6ppNEEEAAcQ== # pkgbuild.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAz2c3dFuPdL75gpvwiYinwQ5jiRlfe3HvbXbMkTvpZxLFBQWTVkcDr/yd+vCiWcqVKVENX2tIvT91gPM9/iw7Wl82rxZ54jjaL0pWPL0yjSVhSFxff9pH+as5hgX4l1HjmXLB6v+MWyYVmOSpB01NfVVV2Z9+BGp3Y7i+U5pCdf0= +pkgbuild.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5IINkiJ9FjD7QWexC7bssHKVe+ZbMYMWnltwzgZmloZKz + pkgbuild.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAE7rzIErnIESapcXZJYCMmlNlS3cbeE9zbvraS0/woWexchdhVxLOi/qkfqM5U0Zkin1ooNsUfEYmaJ1k1T+LHbzAAGwZMo/aESnTEekYgBSwhHUj1EjIWeeN/bet9HJrz9Y4WGd2MOXHL88T+cUzfHLEneYrrVe6FDbAlMpSPw4OAOAQ== # build.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAzmmcuzoX0D/qDFdDJDyRgQGkUaNTEu7GdruMg1N+ajqvEoKQHQEEBrMdDbeYqCUYacHyhTRMrP6vZ27iX90rl9iS1lR2iPHp/mbnf+iV/BzdWROPvJWxp9/Am/DrYL+Idah5AYNnkC7fon9n+BeMqPDXYGYl/U+dAzp+8GHPhRc= +build.netbsd.org ssh-ed25519 C3NzaC1lZDI1NTE5ICUM7QeCYsh/mqacK2ZARQrmYtTeB+PWg5FiMruS+xhz + build.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAHYkX/uBJWozv+YkhVu4lvyPw8vlmD8oElKC3jNi2fWiWh+8naw7pTvscgqW5kzihSebdZ8eHnb1+oBOqgjlyaSPgFy+Jvtf2DunOrWTZ1sxSPS5c3j4A35cufNH/cYO5KbWb06h39BUi7c4iB5o0yfguNutuyBPlI9T9GKUmzU1SpfrA== #
CVS import: src/external/bsd/tcpdump/dist
Module Name:src Committed By: spz Date: Sun Feb 5 03:07:24 UTC 2017 Update of /cvsroot/src/external/bsd/tcpdump/dist In directory ivanova.netbsd.org:/tmp/cvs-serv8326 Log Message: Update of tcpdump to version 4.9.0 This update fixes the following vulnerabilities: CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 (all buffer overflows in various parts of tcpdump) Upstream Changelog: General updates: Improve separation frontend/backend (tcpdump/libnetdissect) Don't require IPv6 library support in order to support IPv6 addresses Introduce data types to use for integral values in packet structures Fix display of timestamps with -tt, -ttt and -t options Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others (More information in the log with CVE-2016-* and CVE-2017-*) Change the way protocols print link-layer addresses (Fix heap overflows in CALM-FAST and GeoNetworking printers) Pass correct caplen value to ether_print() and some other functions Fix lookup_nsap() to match what isonsap_string() expects Clean up relative time stamp printing (Fix an array overflow) Fix some alignment issues with GCC on Solaris 10 SPARC Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks Add a fn_printztn() which returns the number of bytes processed Add nd_init() and nd_cleanup() functions. Improve libsmi support Add CONTRIBUTING file Add a summary comment in all printers Compile with more warning options in devel mode if supported (-Wcast-qual, ...) Fix some leaks found by Valgrind/Memcheck Fix a bunch of de-constifications Squelch some Coverity warnings and some compiler warnings Update Coverity and Travis-CI setup Update Visual Studio files Frontend: Fix capsicum support to work with zerocopy buffers in bpf Try opening interfaces by name first, then by name-as-index Work around pcap_create() failures fetching time stamp type lists Fix a segmentation fault with 'tcpdump -J' Improve addrtostr6() bounds checking Add exit_tcpdump() function Don't drop CAP_SYS_CHROOT before chrooting Fixes issue where statistics not reported when -G and -W options used New printers supporting: Generic Protocol Extension for VXLAN (VXLAN-GPE) Home Networking Control Protocol (HNCP), RFCs 7787 and 7788 Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets Marvell Extended Distributed Switch Architecture header (MEDSA) Network Service Header (NSH) REdis Serialization Protocol (RESP) Updated printers: 802.11: Beginnings of 11ac radiotap support 802.11: Check the Protected bit for management frames 802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow) 802.11: Fix the radiotap printer to handle the special bits correctly 802.11: If we have the MCS field, it's 11n 802.11: Only print unknown frame type or subtype messages once 802.11: Radiotap dBm values get printed as dB; Update a test output accordingly 802.11: Source and destination addresses were backwards AH: Add a bounds check AH: Report to our caller that dissection failed if a bounds check fails AP1394: Print src > dst, not dst > src ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow) ATALK: Add bounds and length checks (Fix heap overflows) ATM: Add some bounds checks (Fix a heap overflow) ATM: Fix an incorrect bounds check BFD: Update specification from draft to RFC 5880 BFD: Update to print optional authentication field BGP: Add decoding of ADD-PATH capability BGP: Add support for the AIGP attribute (RFC7311) BGP: Print LARGE_COMMUNITY Path Attribute BGP: Update BGP numbers from IANA; Print minor values for FSM notification BOOTP: Add a bounds check Babel: Add decoder for source-specific extension CDP: Filter out non-printable characters CFM: Fixes to match the IEEE standard, additional bounds and length checks CSLIP: Add more bounds checks (Fix a heap overflow) ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow) DHCP: Fix MUDURL and TZ options DHCPv6: Process MUDURL and TZ options DHCPv6: Update Status Codes with RFCs/IANA names DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
CVS commit: src
Module Name:src
Committed By: spz
Date: Sat Feb 4 10:56:10 UTC 2017
Modified Files:
src/doc: 3RDPARTY
src/external/mit/expat/dist/conftools: config.guess config.sub
src/external/mit/expat/dist/lib: xmlparse.c xmltok.c xmltok_impl.c
src/external/mit/expat/dist/tests: xmltest.sh
src/external/mit/expat/lib/libexpat: expat_config.h
Removed Files:
src/external/mit/expat/dist/doc: xmlwf.sgml
Log Message:
merge expat-2.2.0 and document
To generate a diff of this commit:
cvs rdiff -u -r1.1406 -r1.1407 src/doc/3RDPARTY
cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/dist/conftools/config.guess \
src/external/mit/expat/dist/conftools/config.sub
cvs rdiff -u -r1.1.1.3 -r0 src/external/mit/expat/dist/doc/xmlwf.sgml
cvs rdiff -u -r1.5 -r1.6 src/external/mit/expat/dist/lib/xmlparse.c
cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/dist/lib/xmltok.c
cvs rdiff -u -r1.4 -r1.5 src/external/mit/expat/dist/lib/xmltok_impl.c
cvs rdiff -u -r1.1.1.3 -r1.2 src/external/mit/expat/dist/tests/xmltest.sh
cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/lib/libexpat/expat_config.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/3RDPARTY
diff -u src/doc/3RDPARTY:1.1406 src/doc/3RDPARTY:1.1407
--- src/doc/3RDPARTY:1.1406 Tue Jan 31 23:56:41 2017
+++ src/doc/3RDPARTY Sat Feb 4 10:56:10 2017
@@ -1,4 +1,4 @@
-# $NetBSD: 3RDPARTY,v 1.1406 2017/01/31 23:56:41 christos Exp $
+# $NetBSD: 3RDPARTY,v 1.1407 2017/02/04 10:56:10 spz Exp $
#
# This file contains a list of the software that has been integrated into
# NetBSD where we are not the primary maintainer.
@@ -413,7 +413,7 @@ Location: external/bsd/ekermit
Notes:
Package: expat
-Version: 2.1.1
+Version: 2.2.0
Current Vers: 2.2.0
Maintainer: Expat Project
Archive Site: http://sourceforge.net/projects/expat/files/expat/
Index: src/external/mit/expat/dist/conftools/config.guess
diff -u src/external/mit/expat/dist/conftools/config.guess:1.2 src/external/mit/expat/dist/conftools/config.guess:1.3
--- src/external/mit/expat/dist/conftools/config.guess:1.2 Wed Feb 1 09:26:43 2017
+++ src/external/mit/expat/dist/conftools/config.guess Sat Feb 4 10:56:10 2017
@@ -1057,7 +1057,18 @@ EOF
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
- echo ${UNAME_MACHINE}-pc-linux-${LIBC}
+ eval $set_cc_for_build
+ X86_64_ABI=
+ # If there is a compiler, see if it is configured for 32-bit objects.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_X32 >/dev/null
+ then
+ X86_64_ABI=x32
+ fi
+ fi
+ echo ${UNAME_MACHINE}-pc-linux-${LIBC}${X86_64_ABI}
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
Index: src/external/mit/expat/dist/conftools/config.sub
diff -u src/external/mit/expat/dist/conftools/config.sub:1.2 src/external/mit/expat/dist/conftools/config.sub:1.3
--- src/external/mit/expat/dist/conftools/config.sub:1.2 Wed Feb 1 09:26:43 2017
+++ src/external/mit/expat/dist/conftools/config.sub Sat Feb 4 10:56:10 2017
@@ -838,6 +838,24 @@ case $basic_machine in
basic_machine=m68k-atari
os=-mint
;;
+ mipsEE* | ee | ps2)
+ basic_machine=mips64r5900el-scei
+ case $os in
+ -linux*)
+ ;;
+ *)
+ os=-elf
+ ;;
+ esac
+ ;;
+ iop)
+ basic_machine=mipsel-scei
+ os=-irx
+ ;;
+ dvp)
+ basic_machine=dvp-scei
+ os=-elf
+ ;;
mips3*-*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
;;
@@ -1404,7 +1422,7 @@ case $os in
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
- | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* | -irx* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
Index: src/external/mit/expat/dist/lib/xmlparse.c
diff -u src/external/mit/expat/dist/lib/xmlparse.c:1.5 src/external/mit/expat/dist/lib/xmlparse.c:1.6
--- src/external/mit/expat/dist/lib/xmlparse.c:1.5 Tue May 17 23:53:02 2016
+++ src/external/mit/expat/dist/lib/xmlparse.c Sat Feb 4 10:56:10 2017
@@ -6,11 +6,18 @@
#include /* memset(), memcpy() */
#include
#include /* UINT_MAX */
-#include/* time() */
+
+#ifdef WIN32
+#define getpid GetCurrentProcessId
+#else
+#include/* gettimeofday() */
+#include /* getpid() */
+#include /* getpid() */
+#endif
#define XML_BUILDING_EXPAT 1
-#ifdef COMPILED_FROM_DSP
+#ifdef WIN32
#include
CVS import: src/external/mit/expat/dist
Module Name:src Committed By: spz Date: Sat Feb 4 10:16:19 UTC 2017 Update of /cvsroot/src/external/mit/expat/dist In directory ivanova.netbsd.org:/tmp/cvs-serv7814 Log Message: from Changes: Release 2.2.0 Tue June 21 2016 Security fixes: #537 CVE-2016-0718 -- Fix crash on malformed input CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1 #499 CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496) Bug fixes: Fix uninitialized reads of size 1 (e.g. in little2_updatePosition) Fix detection of UTF-8 character boundaries Other changes: #532 Fix compilation for Visual Studio 2010 (keyword "C99") Autotools: Resolve use of "$<" to better support bmake Autotools: Add QA script "qa.sh" (and make target "qa") Autotools: Respect CXXFLAGS if given Autotools: Fix "make run-xmltest" Autotools: Have "make run-xmltest" check for expected output p90 CMake: Fix static build (BUILD_shared=OFF) on Windows #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass #323 CMake: Add suffix "d" to differentiate debug from release CMake: Define WIN32 with CMake on Windows Annotate memory allocators for GCC Address all currently known compile warnings Make sure that API symbols remain visible despite -fvisibility=hidden Remove executable flag from source files Resolve COMPILED_FROM_DSP in favor of WIN32 Status: Vendor Tag: expat Release Tags: expat-2-2-0 U src/external/mit/expat/dist/COPYING U src/external/mit/expat/dist/Makefile.in U src/external/mit/expat/dist/configure.ac U src/external/mit/expat/dist/MANIFEST U src/external/mit/expat/dist/expat_config.h.in U src/external/mit/expat/dist/expat.dsw U src/external/mit/expat/dist/configure U src/external/mit/expat/dist/README U src/external/mit/expat/dist/ConfigureChecks.cmake U src/external/mit/expat/dist/aclocal.m4 U src/external/mit/expat/dist/CMakeLists.txt U src/external/mit/expat/dist/CMake.README U src/external/mit/expat/dist/expat_config.h.cmake U src/external/mit/expat/dist/expat.pc.in U src/external/mit/expat/dist/Changes U src/external/mit/expat/dist/xmlwf/win32filemap.c U src/external/mit/expat/dist/xmlwf/xmltchar.h U src/external/mit/expat/dist/xmlwf/codepage.h U src/external/mit/expat/dist/xmlwf/xmlurl.h U src/external/mit/expat/dist/xmlwf/unixfilemap.c U src/external/mit/expat/dist/xmlwf/xmlwf.dsp U src/external/mit/expat/dist/xmlwf/xmlmime.h U src/external/mit/expat/dist/xmlwf/filemap.h U src/external/mit/expat/dist/xmlwf/ct.c U src/external/mit/expat/dist/xmlwf/codepage.c U src/external/mit/expat/dist/xmlwf/xmlwin32url.cxx U src/external/mit/expat/dist/xmlwf/xmlfile.c U src/external/mit/expat/dist/xmlwf/xmlfile.h U src/external/mit/expat/dist/xmlwf/xmlwf.c U src/external/mit/expat/dist/xmlwf/readfilemap.c U src/external/mit/expat/dist/xmlwf/xmlmime.c U src/external/mit/expat/dist/vms/expat_config.h U src/external/mit/expat/dist/vms/README.vms U src/external/mit/expat/dist/vms/descrip.mms U src/external/mit/expat/dist/m4/lt~obsolete.m4 U src/external/mit/expat/dist/m4/ltsugar.m4 U src/external/mit/expat/dist/m4/ltversion.m4 U src/external/mit/expat/dist/m4/libtool.m4 U src/external/mit/expat/dist/m4/ltoptions.m4 U src/external/mit/expat/dist/examples/outline.dsp U src/external/mit/expat/dist/examples/elements.c U src/external/mit/expat/dist/examples/elements.dsp U src/external/mit/expat/dist/examples/outline.c U src/external/mit/expat/dist/win32/README.txt U src/external/mit/expat/dist/win32/expat.iss U src/external/mit/expat/dist/win32/MANIFEST.txt U src/external/mit/expat/dist/conftools/mkinstalldirs U src/external/mit/expat/dist/conftools/ltmain.sh U src/external/mit/expat/dist/conftools/PrintPath U src/external/mit/expat/dist/conftools/install-sh U src/external/mit/expat/dist/conftools/expat.m4 C src/external/mit/expat/dist/conftools/config.guess U src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 U src/external/mit/expat/dist/conftools/get-version.sh C src/external/mit/expat/dist/conftools/config.sub U src/external/mit/expat/dist/amiga/expat_vectors.c U src/external/mit/expat/dist/amiga/README.txt U src/external/mit/expat/dist/amiga/expat_68k.c U src/external/mit/expat/dist/amiga/expat.xml U
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Jan 27 23:16:21 UTC 2017 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README openssl.spec src/crypto/external/bsd/openssl/dist/apps: ca.c s_client.c s_server.c speed.c src/crypto/external/bsd/openssl/dist/crypto: opensslv.h src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec2_mult.c src/crypto/external/bsd/openssl/dist/crypto/evp: e_aes.c src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa_oaep.c src/crypto/external/bsd/openssl/dist/crypto/ui: ui_lib.c ui_openssl.c src/crypto/external/bsd/openssl/dist/doc/crypto: EVP_DigestVerifyInit.pod src/crypto/external/bsd/openssl/dist/ssl: s2_lib.c s3_clnt.c s3_pkt.c s3_srvr.c ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c t1_lib.c Log Message: merge for OpenSSL 1.0.2k To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssl/dist/CHANGES \ src/crypto/external/bsd/openssl/dist/NEWS \ src/crypto/external/bsd/openssl/dist/README \ src/crypto/external/bsd/openssl/dist/openssl.spec cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssl/dist/Configure cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/Makefile cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssl/dist/apps/ca.c \ src/crypto/external/bsd/openssl/dist/apps/s_client.c \ src/crypto/external/bsd/openssl/dist/apps/s_server.c cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssl/dist/apps/speed.c cvs rdiff -u -r1.21 -r1.22 \ src/crypto/external/bsd/openssl/dist/crypto/opensslv.h cvs rdiff -u -r1.12 -r1.13 \ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/ssl/s2_lib.c cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c \ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c cvs rdiff -u -r1.14 -r1.15 \ src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/CHANGES diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.12 src/crypto/external/bsd/openssl/dist/CHANGES:1.13 --- src/crypto/external/bsd/openssl/dist/CHANGES:1.12 Fri Oct 14 16:23:17 2016 +++ src/crypto/external/bsd/openssl/dist/CHANGES Fri Jan 27 23:16:20 2017 @@ -2,6 +2,67 @@ OpenSSL CHANGES ___ + Changes between 1.0.2j and 1.0.2k [26 Jan 2017] + + *) Truncated packet could crash via OOB read + + If one side of an SSL/TLS path is running on a 32-bit host and a specific + cipher is being used, then a truncated packet can cause that host to + perform an out-of-bounds read, usually resulting in a crash. + + This issue was reported to OpenSSL by Robert Święcki of Google. + (CVE-2017-3731) + [Andy Polyakov] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS
CVS commit: src
Module Name:src Committed By: spz Date: Fri Jan 27 23:00:50 UTC 2017 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: x86_64-mont.S x86_64-mont5.S src/crypto/external/bsd/openssl/lib/libcrypto/man: ASN1_OBJECT_new.3 ASN1_STRING_length.3 ASN1_STRING_new.3 ASN1_STRING_print_ex.3 ASN1_generate_nconf.3 BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 BIO_f_cipher.3 BIO_f_md.3 BIO_f_null.3 BIO_f_ssl.3 BIO_find_type.3 BIO_new.3 BIO_new_CMS.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 BIO_s_bio.3 BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 BIO_s_null.3 BIO_s_socket.3 BIO_set_callback.3 BIO_should_retry.3 BN_BLINDING_new.3 BN_CTX_new.3 BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 BN_copy.3 BN_generate_prime.3 BN_mod_inverse.3 BN_mod_mul_montgomery.3 BN_mod_mul_reciprocal.3 BN_new.3 BN_num_bytes.3 BN_rand.3 BN_set_bit.3 BN_swap.3 BN_zero.3 CMS_add0_cert.3 CMS_add1_recipient_cert.3 CMS_add1_signer.3 CMS_compress.3 CMS_decrypt.3 CMS_encrypt.3 CMS_final.3 CMS_get0_RecipientInfos.3 CMS_get0_SignerInfos.3 CMS_get0_type.3 CMS_get1_ReceiptRequest.3 CMS_sign.3 CMS_sign_receipt.3 CMS_uncompress.3 CMS_verify.3 CMS_verify_receipt.3 CONF_modules_free.3 CONF_modules_load_file.3 CRYPTO_set_ex_data.3 DH_generate_key.3 DH_generate_parameters.3 DH_get_ex_new_index.3 DH_new.3 DH_set_method.3 DH_size.3 DSA_SIG_new.3 DSA_do_sign.3 DSA_dup_DH.3 DSA_generate_key.3 DSA_generate_parameters.3 DSA_get_ex_new_index.3 DSA_new.3 DSA_set_method.3 DSA_sign.3 DSA_size.3 ERR_GET_LIB.3 ERR_clear_error.3 ERR_error_string.3 ERR_get_error.3 ERR_load_crypto_strings.3 ERR_load_strings.3 ERR_print_errors.3 ERR_put_error.3 ERR_remove_state.3 ERR_set_mark.3 EVP_BytesToKey.3 EVP_DigestInit.3 EVP_DigestSignInit.3 EVP_DigestVerifyInit.3 EVP_EncodeInit.3 EVP_EncryptInit.3 EVP_OpenInit.3 EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_new.3 EVP_PKEY_cmp.3 EVP_PKEY_decrypt.3 EVP_PKEY_derive.3 EVP_PKEY_encrypt.3 EVP_PKEY_get_default_digest.3 EVP_PKEY_keygen.3 EVP_PKEY_new.3 EVP_PKEY_print_private.3 EVP_PKEY_set1_RSA.3 EVP_PKEY_sign.3 EVP_PKEY_verify.3 EVP_PKEY_verify_recover.3 EVP_SealInit.3 EVP_SignInit.3 EVP_VerifyInit.3 OBJ_nid2obj.3 OPENSSL_Applink.3 OPENSSL_VERSION_NUMBER.3 OPENSSL_config.3 OPENSSL_ia32cap.3 OPENSSL_load_builtin_modules.3 OpenSSL_add_all_algorithms.3 PEM_write_bio_CMS_stream.3 PEM_write_bio_PKCS7_stream.3 PKCS12_create.3 PKCS12_parse.3 PKCS7_decrypt.3 PKCS7_encrypt.3 PKCS7_sign.3 PKCS7_sign_add_signer.3 PKCS7_verify.3 RAND_add.3 RAND_bytes.3 RAND_cleanup.3 RAND_egd.3 RAND_load_file.3 RAND_set_rand_method.3 RSA_blinding_on.3 RSA_check_key.3 RSA_generate_key.3 RSA_get_ex_new_index.3 RSA_new.3 RSA_padding_add_PKCS1_type_1.3 RSA_print.3 RSA_private_encrypt.3 RSA_public_encrypt.3 RSA_set_method.3 RSA_sign.3 RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SMIME_read_CMS.3 SMIME_read_PKCS7.3 SMIME_write_CMS.3 SMIME_write_PKCS7.3 SSL_CIPHER_get_name.3 SSL_COMP_add_compression_method.3 SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 SSL_CTX_ctrl.3 SSL_CTX_flush_sessions.3 SSL_CTX_free.3 SSL_CTX_get_ex_new_index.3 SSL_CTX_get_verify_mode.3 SSL_CTX_load_verify_locations.3 SSL_CTX_new.3 SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 SSL_CTX_set_cert_store.3 SSL_CTX_set_cert_verify_callback.3 SSL_CTX_set_cipher_list.3 SSL_CTX_set_client_CA_list.3 SSL_CTX_set_client_cert_cb.3 SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_generate_session_id.3 SSL_CTX_set_info_callback.3 SSL_CTX_set_max_cert_list.3 SSL_CTX_set_mode.3 SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 SSL_CTX_set_psk_client_callback.3 SSL_CTX_set_quiet_shutdown.3 SSL_CTX_set_read_ahead.3 SSL_CTX_set_session_cache_mode.3 SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 SSL_CTX_set_timeout.3 SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_set_tlsext_ticket_key_cb.3 SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_verify.3 SSL_CTX_use_certificate.3 SSL_CTX_use_psk_identity_hint.3 SSL_SESSION_free.3 SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_time.3 SSL_accept.3 SSL_alert_type_string.3 SSL_clear.3 SSL_connect.3 SSL_do_handshake.3 SSL_free.3 SSL_get_SSL_CTX.3
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Jan 27 22:58:25 UTC 2017 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv18440 Log Message: import of OpenSSL 1.0.2k Upstream changelog: Changes between 1.0.2j and 1.0.2k [26 Jan 2017] *) Truncated packet could crash via OOB read If one side of an SSL/TLS path is running on a 32-bit host and a specific cipher is being used, then a truncated packet can cause that host to perform an out-of-bounds read, usually resulting in a crash. This issue was reported to OpenSSL by Robert Święcki of Google. (CVE-2017-3731) [Andy Polyakov] *) BN_mod_exp may produce incorrect results on x86_64 There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. This issue was reported to OpenSSL by the OSS-Fuzz project. (CVE-2017-3732) [Andy Polyakov] *) Montgomery multiplication may produce incorrect results There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. This issue was publicly reported as transient failures and was not initially recognized as a security issue. Thanks to Richard Morgan for providing reproducible case. (CVE-2016-7055) [Andy Polyakov] *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. [Matt Caswell] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-2k U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/CONTRIBUTING U src/crypto/external/bsd/openssl/dist/GitConfigure U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/GitMake U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org U src/crypto/external/bsd/openssl/dist/makevms.com U src/crypto/external/bsd/openssl/dist/PROBLEMS C
CVS commit: src/external/bsd/bind/dist/bin/named
Module Name:src
Committed By: spz
Date: Thu Jan 12 08:38:31 UTC 2017
Added Files:
src/external/bsd/bind/dist/bin/named: pfilter.c pfilter.h
Log Message:
don't "clean up" the blacklistd integration
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.4 src/external/bsd/bind/dist/bin/named/pfilter.c
cvs rdiff -u -r0 -r1.3 src/external/bsd/bind/dist/bin/named/pfilter.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/external/bsd/bind/dist/bin/named/pfilter.c
diff -u /dev/null src/external/bsd/bind/dist/bin/named/pfilter.c:1.4
--- /dev/null Thu Jan 12 08:38:31 2017
+++ src/external/bsd/bind/dist/bin/named/pfilter.c Thu Jan 12 08:38:31 2017
@@ -0,0 +1,47 @@
+#include
+
+#include
+#include
+#include
+#include
+
+#include
+
+#include "pfilter.h"
+
+static struct blacklist *blstate;
+
+void
+pfilter_open(void)
+{
+ if (blstate == NULL)
+ blstate = blacklist_open();
+}
+
+#define TCP_CLIENT(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
+
+void
+pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg)
+{
+ isc_socket_t *socket;
+
+ pfilter_open();
+
+ if (TCP_CLIENT(client))
+ socket = client->tcpsocket;
+ else {
+ socket = client->udpsocket;
+ if (!client->peeraddr_valid)
+ return;
+ }
+
+ if (socket == NULL)
+ return;
+
+ if (blstate == NULL)
+ return;
+
+ blacklist_sa_r(blstate,
+ res != ISC_R_SUCCESS, isc_socket_getfd(socket),
+ >peeraddr.type.sa, client->peeraddr.length, msg);
+}
Index: src/external/bsd/bind/dist/bin/named/pfilter.h
diff -u /dev/null src/external/bsd/bind/dist/bin/named/pfilter.h:1.3
--- /dev/null Thu Jan 12 08:38:31 2017
+++ src/external/bsd/bind/dist/bin/named/pfilter.h Thu Jan 12 08:38:31 2017
@@ -0,0 +1,2 @@
+void pfilter_open(void);
+void pfilter_notify(isc_result_t, ns_client_t *, const char *);
CVS commit: src/external/bsd/bind/dist
Module Name:src Committed By: spz Date: Thu Jan 12 08:21:33 UTC 2017 Modified Files: src/external/bsd/bind/dist: CHANGES README srcid version src/external/bsd/bind/dist/doc/arm: Bv9ARM.ch04.html Bv9ARM.ch06.html Bv9ARM.ch07.html Bv9ARM.ch08.html Bv9ARM.ch09.html Bv9ARM.html man.arpaname.html man.ddns-confgen.html man.delv.html man.dig.html man.dnssec-checkds.html man.dnssec-coverage.html man.dnssec-dsfromkey.html man.dnssec-importkey.html man.dnssec-keyfromlabel.html man.dnssec-keygen.html man.dnssec-revoke.html man.dnssec-settime.html man.dnssec-signzone.html man.dnssec-verify.html man.genrandom.html man.host.html man.isc-hmac-fixup.html man.named-checkconf.html man.named-checkzone.html man.named-journalprint.html man.named-rrchecker.html man.named.html man.nsec3hash.html man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html man.rndc.html src/external/bsd/bind/dist/lib/dns: api message.c resolver.c src/external/bsd/bind/dist/lib/isc/unix: socket.c src/external/bsd/bind/dist/lib/isc/win32: socket.c Removed Files: src/external/bsd/bind/dist/bin/named: pfilter.c pfilter.h src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat: zkt-ls zkt-signer src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical: zkt-ls zkt-signer Log Message: merge bind-9.10.4-P5 To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/external/bsd/bind/dist/CHANGES cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/README cvs rdiff -u -r1.17 -r1.18 src/external/bsd/bind/dist/srcid cvs rdiff -u -r1.21 -r1.22 src/external/bsd/bind/dist/version cvs rdiff -u -r1.2 -r0 src/external/bsd/bind/dist/bin/named/pfilter.c cvs rdiff -u -r1.1 -r0 src/external/bsd/bind/dist/bin/named/pfilter.h cvs rdiff -u -r1.1 -r0 \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer cvs rdiff -u -r1.1 -r0 \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer cvs rdiff -u -r1.11 -r1.12 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html \ src/external/bsd/bind/dist/doc/arm/man.arpaname.html \ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.delv.html \ src/external/bsd/bind/dist/doc/arm/man.dig.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html \ src/external/bsd/bind/dist/doc/arm/man.genrandom.html \ src/external/bsd/bind/dist/doc/arm/man.host.html \ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html \ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html \ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html \ src/external/bsd/bind/dist/doc/arm/man.named.html \ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html \ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html \ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.html cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/lib/dns/api cvs rdiff -u -r1.20 -r1.21 src/external/bsd/bind/dist/lib/dns/message.c cvs rdiff -u -r1.27 -r1.28 src/external/bsd/bind/dist/lib/dns/resolver.c cvs rdiff -u -r1.19 -r1.20 src/external/bsd/bind/dist/lib/isc/unix/socket.c cvs rdiff -u -r1.11 -r1.12 src/external/bsd/bind/dist/lib/isc/win32/socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/bind/dist/CHANGES diff -u src/external/bsd/bind/dist/CHANGES:1.23
CVS commit: src
Module Name:src Committed By: spz Date: Fri Oct 14 16:39:05 UTC 2016 Modified Files: src: UPDATING Log Message: note that the OpenSSL import requires some objdir cleanup To generate a diff of this commit: cvs rdiff -u -r1.274 -r1.275 src/UPDATING Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/UPDATING diff -u src/UPDATING:1.274 src/UPDATING:1.275 --- src/UPDATING:1.274 Mon Oct 10 13:28:24 2016 +++ src/UPDATING Fri Oct 14 16:39:05 2016 @@ -1,4 +1,4 @@ -$NetBSD: UPDATING,v 1.274 2016/10/10 13:28:24 martin Exp $ +$NetBSD: UPDATING,v 1.275 2016/10/14 16:39:05 spz Exp $ This file (UPDATING) is intended to be a brief reference to recent changes that might cause problems in the build process, and a guide for @@ -19,6 +19,11 @@ See also: BUILDING, build.sh, Makefile. Recent changes: ^^^ +20161014: + a new version of OpenSSL has been imported. + Remove the files from obj (crypto/external/bsd/openssl) + if you build.sh -u + 20161009: a new version of dhcpcd has been imported with slightly changed build infrastructure. When doing a build.sh -u this requires
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Oct 14 16:23:23 UTC 2016 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README e_os.h makevms.com openssl.spec src/crypto/external/bsd/openssl/dist/apps: CA.pl ca.c makeapps.com ocsp.c openssl.cnf s_client.c s_server.c speed.c src/crypto/external/bsd/openssl/dist/crypto: Makefile armcap.c cryptlib.c cryptlib.h crypto-lib.com crypto.h cversion.c ex_data.c install-crypto.com md32_common.h mem.c mem_clr.c opensslconf.h opensslv.h ossl_typ.h ppccap.c ppccpuid.pl sparccpuid.S x86_64cpuid.pl src/crypto/external/bsd/openssl/dist/crypto/aes: Makefile src/crypto/external/bsd/openssl/dist/crypto/aes/asm: aes-x86_64.pl aesni-sha1-x86_64.pl aesni-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/asn1: a_set.c a_strex.c asn1.h asn1_mac.h asn_mime.c asn_pack.c tasn_dec.c tasn_enc.c x_x509.c src/crypto/external/bsd/openssl/dist/crypto/bio: b_sock.c bio.h bio_lib.c bss_file.c src/crypto/external/bsd/openssl/dist/crypto/bn: bn.h bn_exp.c bn_lcl.h bn_lib.c bntest.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm: x86_64-gcc.c x86_64-gf2m.pl src/crypto/external/bsd/openssl/dist/crypto/cms: cms_pwri.c src/crypto/external/bsd/openssl/dist/crypto/comp: c_zlib.c src/crypto/external/bsd/openssl/dist/crypto/des: des.c read_pwd.c src/crypto/external/bsd/openssl/dist/crypto/dh: dh.h dh_lib.c dhtest.c src/crypto/external/bsd/openssl/dist/crypto/dsa: dsa.h dsa_ameth.c dsa_lib.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec.h ec2_smpl.c ec_ameth.c ec_key.c ec_lcl.h ec_lib.c ectest.c src/crypto/external/bsd/openssl/dist/crypto/ecdh: ecdh.h ech_lib.c src/crypto/external/bsd/openssl/dist/crypto/ecdsa: ecdsa.h ecs_lib.c src/crypto/external/bsd/openssl/dist/crypto/engine: Makefile eng_all.c eng_cryptodev.c eng_lib.c engine.h src/crypto/external/bsd/openssl/dist/crypto/err: openssl.ec src/crypto/external/bsd/openssl/dist/crypto/evp: Makefile e_aes.c evp_enc.c evp_test.c m_sha1.c openbsd_hw.c src/crypto/external/bsd/openssl/dist/crypto/hmac: hmac.c hmactest.c src/crypto/external/bsd/openssl/dist/crypto/lhash: lhash.c src/crypto/external/bsd/openssl/dist/crypto/md5: md5_locl.h src/crypto/external/bsd/openssl/dist/crypto/modes: gcm128.c modes.h src/crypto/external/bsd/openssl/dist/crypto/objects: o_names.c objects.h src/crypto/external/bsd/openssl/dist/crypto/perlasm: x86gas.pl src/crypto/external/bsd/openssl/dist/crypto/pkcs12: p12_decr.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pk7_doit.c src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c rand_unix.c randfile.c src/crypto/external/bsd/openssl/dist/crypto/rc4: Makefile src/crypto/external/bsd/openssl/dist/crypto/rc4/asm: rc4-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/rc5: rc5_locl.h src/crypto/external/bsd/openssl/dist/crypto/rsa: Makefile rsa.h rsa_err.c rsa_lib.c rsa_oaep.c rsa_sign.c src/crypto/external/bsd/openssl/dist/crypto/sha: sha256.c src/crypto/external/bsd/openssl/dist/crypto/sha/asm: sha1-x86_64.pl src/crypto/external/bsd/openssl/dist/crypto/stack: safestack.h stack.c src/crypto/external/bsd/openssl/dist/crypto/store: store.h str_lib.c src/crypto/external/bsd/openssl/dist/crypto/ui: ui.h ui_lib.c ui_openssl.c src/crypto/external/bsd/openssl/dist/crypto/x509: x509.h x509_vfy.c x509_vfy.h src/crypto/external/bsd/openssl/dist/crypto/x509v3: v3_addr.c src/crypto/external/bsd/openssl/dist/doc/apps: genpkey.pod src/crypto/external/bsd/openssl/dist/doc/crypto: BIO_s_accept.pod EVP_DigestInit.pod EVP_DigestVerifyInit.pod EVP_EncryptInit.pod d2i_X509.pod src/crypto/external/bsd/openssl/dist/doc/ssl: SSL_CTX_use_psk_identity_hint.pod SSL_accept.pod SSL_do_handshake.pod SSL_shutdown.pod src/crypto/external/bsd/openssl/dist/engines: makeengines.com src/crypto/external/bsd/openssl/dist/engines/ccgost: gost2001_keyx.c gost94_keyx.c src/crypto/external/bsd/openssl/dist/ssl: Makefile d1_both.c d1_lib.c d1_pkt.c d1_srtp.c d1_srvr.c dtls1.h s23_clnt.c s23_srvr.c s2_lib.c s2_srvr.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c srtp.h ssl-lib.com ssl.h ssl3.h ssl_ciph.c ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c ssltest.c t1_enc.c t1_lib.c tls1.h src/crypto/external/bsd/openssl/dist/test: Makefile maketests.com
CVS commit: src
Module Name:src Committed By: spz Date: Fri Oct 14 16:09:45 UTC 2016 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto: Makefile asn1.inc bn.inc cms.inc dh.inc dso.inc ec.inc ecdh.inc engine.inc evp.inc man.inc modes.inc pkcs7.inc rand.inc shlib_version x509v3.inc src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: aes-586.S aesni-x86.S bn-586.S des-586.S ghash-x86.S rc4-586.S sha1-586.S sha256-586.S sha512-586.S uplink-x86.S vpaes-x86.S x86cpuid.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/powerpc: Makefile aes-ppc.S bn.inc ppc-mont.S ppc.S ppccpuid.S sha1-ppc.S sha512-ppc.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc: Makefile aes.inc crypto.inc des_enc-sparc.S ghash-sparcv9.S modes.inc sha1-sparcv9.S sha512-sparcv9.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc64: Makefile aes.inc crypto.inc des_enc-sparc.S ghash-sparcv9.S sha1-sparcv9.S sha512-sparcv9.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: Makefile aes-x86_64.S aes.inc aesni-sha1-x86_64.S aesni-x86_64.S bn.inc bsaes-x86_64.S cmll-x86_64.S engine.inc ghash-x86_64.S md5-x86_64.S rc4-x86_64.S sha.inc sha1-x86_64.S sha512-x86_64.S uplink-x86_64.S vpaes-x86_64.S wp-x86_64.S x86_64-gf2m.S x86_64-mont.S x86_64-mont5.S x86_64cpuid.S src/crypto/external/bsd/openssl/lib/libcrypto_rc5: shlib_version src/crypto/external/bsd/openssl/lib/libdes: shlib_version src/crypto/external/bsd/openssl/lib/libssl: shlib_version ssl.inc src/distrib/sets/lists/base: shl.mi src/distrib/sets/lists/comp: mi src/distrib/sets/lists/debug: shl.mi src/distrib/sets/lists/man: mi src/doc: 3RDPARTY src/tests/crypto/libcrypto/rc4: Makefile Added Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/powerpc: aes.inc aesp8-ppc.S ghashp8-ppc.S modes.inc ppc64-mont.S sha.inc sha256-ppc.S sha256p8-ppc.S sha512p8-ppc.S vpaes-ppc.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc: aest4-sparcv9.S cmllt4-sparcv9.S dest4-sparcv9.S md5-sparcv9.S sparct4-mont.S sparcv9-gf2m.S vis3-mont.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc64: aest4-sparcv9.S cmllt4-sparcv9.S dest4-sparcv9.S md5-sparcv9.S sparct4-mont.S sparcv9-gf2m.S vis3-mont.S src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: aesni-gcm-x86_64.S aesni-mb-x86_64.S aesni-sha256-x86_64.S ecp_nistz256-x86_64.S rsaz-avx2.S rsaz-x86_64.S sha1-mb-x86_64.S sha256-mb-x86_64.S Removed Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: modexp512-x86_64.S Log Message: periphereal updates and generated files for the new openssl. Expect at least one more commit until the tree builds again. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 \ src/crypto/external/bsd/openssl/lib/libcrypto/Makefile \ src/crypto/external/bsd/openssl/lib/libcrypto/shlib_version cvs rdiff -u -r1.1 -r1.2 \ src/crypto/external/bsd/openssl/lib/libcrypto/asn1.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/dso.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/ecdh.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/pkcs7.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/rand.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/x509v3.inc cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/dh.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/ec.inc cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/lib/libcrypto/cms.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/modes.inc cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/openssl/lib/libcrypto/engine.inc cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/evp.inc \ src/crypto/external/bsd/openssl/lib/libcrypto/man.inc cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha1-586.S cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aesni-x86.S cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn-586.S cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/des-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/ghash-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/rc4-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha256-586.S \
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Oct 14 16:07:29 UTC 2016 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv15362 Log Message: Import of OpenSSL 1.0.2j. The 1.0.2 branch of OpenSSL is the current long term support branch. Differences between 1.0.1 and 1.0.2: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 o TLS automatic EC curve selection. o API to set TLS supported signature algorithms and curves o SSL_CONF configuration API. o TLS Brainpool support. o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. Security fixes from the previous version (1.0.1t) in NetBSD: o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) o SWEET32 Mitigation (CVE-2016-2183) o OOB write in MDC2_Update() (CVE-2016-6303) o Malformed SHA512 ticket DoS (CVE-2016-6302) o OOB write in BN_bn2dec() (CVE-2016-2182) o OOB read in TS_OBJ_print_bio() (CVE-2016-2180) o Pointer arithmetic undefined behaviour (CVE-2016-2177) o Constant time flag not preserved in DSA signing (CVE-2016-2178) o DTLS buffered message DoS (CVE-2016-2179) o DTLS replay protection DoS (CVE-2016-2181) o Certificate message OOB reads (CVE-2016-6306) Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-2j U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/CONTRIBUTING N src/crypto/external/bsd/openssl/dist/GitConfigure U src/crypto/external/bsd/openssl/dist/e_os2.h C src/crypto/external/bsd/openssl/dist/e_os.h N src/crypto/external/bsd/openssl/dist/GitMake U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org C src/crypto/external/bsd/openssl/dist/makevms.com U src/crypto/external/bsd/openssl/dist/PROBLEMS C src/crypto/external/bsd/openssl/dist/NEWS U src/crypto/external/bsd/openssl/dist/README.ENGINE U src/crypto/external/bsd/openssl/dist/openssl.doxy C src/crypto/external/bsd/openssl/dist/openssl.spec C src/crypto/external/bsd/openssl/dist/README U src/crypto/external/bsd/openssl/dist/README.ASN1 U src/crypto/external/bsd/openssl/dist/apps/app_rand.c U src/crypto/external/bsd/openssl/dist/apps/apps.c U src/crypto/external/bsd/openssl/dist/apps/apps.h U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c C src/crypto/external/bsd/openssl/dist/apps/ca.c U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl U src/crypto/external/bsd/openssl/dist/apps/CA.com U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem C src/crypto/external/bsd/openssl/dist/apps/CA.pl U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem U src/crypto/external/bsd/openssl/dist/apps/CA.sh U src/crypto/external/bsd/openssl/dist/apps/cert.pem U src/crypto/external/bsd/openssl/dist/apps/ciphers.c U src/crypto/external/bsd/openssl/dist/apps/client.pem U src/crypto/external/bsd/openssl/dist/apps/cms.c U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c U src/crypto/external/bsd/openssl/dist/apps/crl.c U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem U src/crypto/external/bsd/openssl/dist/apps/dgst.c U src/crypto/external/bsd/openssl/dist/apps/install-apps.com U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem U src/crypto/external/bsd/openssl/dist/apps/dh512.pem U src/crypto/external/bsd/openssl/dist/apps/dh.c U src/crypto/external/bsd/openssl/dist/apps/dhparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem U src/crypto/external/bsd/openssl/dist/apps/dsa.c U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem U src/crypto/external/bsd/openssl/dist/apps/dsap.pem U src/crypto/external/bsd/openssl/dist/apps/ec.c U
CVS commit: src
Module Name:src
Committed By: spz
Date: Tue May 17 23:53:02 UTC 2016
Modified Files:
src/distrib/sets/lists/base: shl.mi
src/distrib/sets/lists/debug: shl.mi
src/external/mit/expat/dist/lib: xmlparse.c xmltok.c xmltok.h
xmltok_impl.c
src/external/mit/expat/lib/libexpat: shlib_version
Log Message:
Fixes for CVE-2016-0718 from upstream.
To generate a diff of this commit:
cvs rdiff -u -r1.771 -r1.772 src/distrib/sets/lists/base/shl.mi
cvs rdiff -u -r1.133 -r1.134 src/distrib/sets/lists/debug/shl.mi
cvs rdiff -u -r1.4 -r1.5 src/external/mit/expat/dist/lib/xmlparse.c
cvs rdiff -u -r1.1.1.2 -r1.2 src/external/mit/expat/dist/lib/xmltok.c
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/mit/expat/dist/lib/xmltok.h
cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/dist/lib/xmltok_impl.c
cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/lib/libexpat/shlib_version
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/base/shl.mi
diff -u src/distrib/sets/lists/base/shl.mi:1.771 src/distrib/sets/lists/base/shl.mi:1.772
--- src/distrib/sets/lists/base/shl.mi:1.771 Sat May 14 14:39:39 2016
+++ src/distrib/sets/lists/base/shl.mi Tue May 17 23:53:02 2016
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.771 2016/05/14 14:39:39 spz Exp $
+# $NetBSD: shl.mi,v 1.772 2016/05/17 23:53:02 spz Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -276,7 +276,7 @@
./usr/lib/libexecinfo.so.0.0 base-sys-shlib compatfile
./usr/lib/libexpat.sobase-sys-shlib compatfile
./usr/lib/libexpat.so.2base-sys-shlib compatfile
-./usr/lib/libexpat.so.2.2 base-sys-shlib compatfile
+./usr/lib/libexpat.so.2.3 base-sys-shlib compatfile
./usr/lib/libfetch.sobase-sys-shlib compatfile
./usr/lib/libfetch.so.3base-sys-shlib compatfile
./usr/lib/libfetch.so.3.0 base-sys-shlib compatfile
Index: src/distrib/sets/lists/debug/shl.mi
diff -u src/distrib/sets/lists/debug/shl.mi:1.133 src/distrib/sets/lists/debug/shl.mi:1.134
--- src/distrib/sets/lists/debug/shl.mi:1.133 Sat May 14 14:39:39 2016
+++ src/distrib/sets/lists/debug/shl.mi Tue May 17 23:53:02 2016
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.133 2016/05/14 14:39:39 spz Exp $
+# $NetBSD: shl.mi,v 1.134 2016/05/17 23:53:02 spz Exp $
./usr/libdata/debug/lib base-sys-usr debug,dynamicroot,compatdir
./usr/libdata/debug/lib/libblacklist.so.0.0.debug comp-sys-debug debug,dynamicroot
./usr/libdata/debug/lib/libc.so.12.202.debug comp-sys-debug debug,dynamicroot
@@ -90,7 +90,7 @@
./usr/libdata/debug/usr/lib/libevent_openssl.so.4.0.debug comp-sys-debug debug,compatfile,crypto
./usr/libdata/debug/usr/lib/libevent_pthreads.so.4.0.debug comp-sys-debug debug,compatfile
./usr/libdata/debug/usr/lib/libexecinfo.so.0.0.debug comp-sys-debug debug,compatfile
-./usr/libdata/debug/usr/lib/libexpat.so.2.2.debug comp-sys-debug debug,compatfile
+./usr/libdata/debug/usr/lib/libexpat.so.2.3.debug comp-sys-debug debug,compatfile
./usr/libdata/debug/usr/lib/libfetch.so.3.0.debug comp-sys-debug debug,compatfile
./usr/libdata/debug/usr/lib/libform.so.6.0.debug comp-sys-debug debug,compatfile
./usr/libdata/debug/usr/lib/libg2c.so.2.0.debug comp-sys-debug obsolete
Index: src/external/mit/expat/dist/lib/xmlparse.c
diff -u src/external/mit/expat/dist/lib/xmlparse.c:1.4 src/external/mit/expat/dist/lib/xmlparse.c:1.5
--- src/external/mit/expat/dist/lib/xmlparse.c:1.4 Sat May 14 14:39:39 2016
+++ src/external/mit/expat/dist/lib/xmlparse.c Tue May 17 23:53:02 2016
@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len
}
if (len > bufferLim - bufferEnd) {
-int neededSize = len + (int)(bufferEnd - bufferPtr);
+/* Do not invoke signed arithmetic overflow: */
+int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
if (neededSize < 0) {
errorCode = XML_ERROR_NO_MEMORY;
return NULL;
@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len
if (bufferSize == 0)
bufferSize = INIT_BUFFER_SIZE;
do {
-bufferSize *= 2;
+/* Do not invoke signed arithmetic overflow: */
+bufferSize = (int) (2U * (unsigned) bufferSize);
} while (bufferSize < neededSize && bufferSize > 0);
if (bufferSize <= 0) {
errorCode = XML_ERROR_NO_MEMORY;
@@ -2426,11 +2428,11 @@ doContent(XML_Parser parser,
for (;;) {
int bufSize;
int convLen;
-XmlConvert(enc,
+const enum XML_Convert_Result convert_res = XmlConvert(enc,
, rawNameEnd,
(ICHAR **), (ICHAR *)tag->bufEnd - 1);
convLen = (int)(toPtr - (XML_Char *)tag->buf);
-if (fromPtr == rawNameEnd) {
+if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res ==
CVS commit: src/doc
Module Name:src Committed By: spz Date: Sat May 14 14:46:55 UTC 2016 Modified Files: src/doc: 3RDPARTY Log Message: .. and don't forget to update doc/3RDPARTY when updating external/* stuff To generate a diff of this commit: cvs rdiff -u -r1.1329 -r1.1330 src/doc/3RDPARTY Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1329 src/doc/3RDPARTY:1.1330 --- src/doc/3RDPARTY:1.1329 Mon May 9 10:21:42 2016 +++ src/doc/3RDPARTY Sat May 14 14:46:55 2016 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1329 2016/05/09 10:21:42 roy Exp $ +# $NetBSD: 3RDPARTY,v 1.1330 2016/05/14 14:46:55 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -385,13 +385,13 @@ Location: external/bsd/ekermit Notes: Package: expat -Version: 2.1.0 +Version: 2.1.1 Current Vers: 2.1.1 -Maintainer: mrg +Maintainer: Expat Project Archive Site: http://sourceforge.net/projects/expat/files/expat/ Home Page: http://www.libexpat.org/ Mailing List: expat-disc...@libexpat.org -Responsible: +Responsible: mrg License: MIT Location: src/external/mit/expat/dist Notes:
CVS commit: src
Module Name:src Committed By: spz Date: Sat May 14 14:39:39 UTC 2016 Modified Files: src/distrib/sets/lists/base: shl.mi src/distrib/sets/lists/comp: mi src/distrib/sets/lists/debug: shl.mi src/external/mit/expat/dist/conftools: ac_c_bigendian_cross.m4 mkinstalldirs src/external/mit/expat/dist/lib: xmlparse.c src/external/mit/expat/lib/libexpat: Makefile expat_config.h shlib_version Added Files: src/external/mit/expat/lib/libexpat: expat.pc.in Log Message: merge conflicts, bump shlib version, add expat.pc To generate a diff of this commit: cvs rdiff -u -r1.770 -r1.771 src/distrib/sets/lists/base/shl.mi cvs rdiff -u -r1.2034 -r1.2035 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.132 -r1.133 src/distrib/sets/lists/debug/shl.mi cvs rdiff -u -r1.3 -r1.4 \ src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 \ src/external/mit/expat/dist/conftools/mkinstalldirs cvs rdiff -u -r1.3 -r1.4 src/external/mit/expat/dist/lib/xmlparse.c cvs rdiff -u -r1.1 -r1.2 src/external/mit/expat/lib/libexpat/Makefile cvs rdiff -u -r0 -r1.1 src/external/mit/expat/lib/libexpat/expat.pc.in cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/lib/libexpat/expat_config.h \ src/external/mit/expat/lib/libexpat/shlib_version Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/base/shl.mi diff -u src/distrib/sets/lists/base/shl.mi:1.770 src/distrib/sets/lists/base/shl.mi:1.771 --- src/distrib/sets/lists/base/shl.mi:1.770 Sat Apr 23 23:28:13 2016 +++ src/distrib/sets/lists/base/shl.mi Sat May 14 14:39:39 2016 @@ -1,4 +1,4 @@ -# $NetBSD: shl.mi,v 1.770 2016/04/23 23:28:13 christos Exp $ +# $NetBSD: shl.mi,v 1.771 2016/05/14 14:39:39 spz Exp $ # # Note: Don't delete entries from here - mark them as "obsolete" instead, # unless otherwise stated below. @@ -276,7 +276,7 @@ ./usr/lib/libexecinfo.so.0.0 base-sys-shlib compatfile ./usr/lib/libexpat.sobase-sys-shlib compatfile ./usr/lib/libexpat.so.2base-sys-shlib compatfile -./usr/lib/libexpat.so.2.1 base-sys-shlib compatfile +./usr/lib/libexpat.so.2.2 base-sys-shlib compatfile ./usr/lib/libfetch.sobase-sys-shlib compatfile ./usr/lib/libfetch.so.3base-sys-shlib compatfile ./usr/lib/libfetch.so.3.0 base-sys-shlib compatfile Index: src/distrib/sets/lists/comp/mi diff -u src/distrib/sets/lists/comp/mi:1.2034 src/distrib/sets/lists/comp/mi:1.2035 --- src/distrib/sets/lists/comp/mi:1.2034 Fri May 6 09:30:05 2016 +++ src/distrib/sets/lists/comp/mi Sat May 14 14:39:39 2016 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.2034 2016/05/06 09:30:05 snj Exp $ +# $NetBSD: mi,v 1.2035 2016/05/14 14:39:39 spz Exp $ # # Note: don't delete entries from here - mark them as "obsolete" instead. ./etc/mtree/set.compcomp-sys-root @@ -3635,6 +3635,7 @@ ./usr/lib/pkgconfig/atf-c.pc comp-atf-lib atf,share ./usr/lib/pkgconfig/atf-sh.pc comp-atf-lib atf,share ./usr/lib/pkgconfig/atf.pc comp-obsolete obsolete +./usr/lib/pkgconfig/expat.pc comp-c-lib ./usr/lib/pkgconfig/kyua-testers.pc comp-kyua-lib kyua,share ./usr/lib/pkgconfig/libcrypto.pc comp-crypto-lib crypto,share ./usr/lib/pkgconfig/libssl.pc comp-crypto-lib crypto,share Index: src/distrib/sets/lists/debug/shl.mi diff -u src/distrib/sets/lists/debug/shl.mi:1.132 src/distrib/sets/lists/debug/shl.mi:1.133 --- src/distrib/sets/lists/debug/shl.mi:1.132 Sat Apr 23 23:28:13 2016 +++ src/distrib/sets/lists/debug/shl.mi Sat May 14 14:39:39 2016 @@ -1,4 +1,4 @@ -# $NetBSD: shl.mi,v 1.132 2016/04/23 23:28:13 christos Exp $ +# $NetBSD: shl.mi,v 1.133 2016/05/14 14:39:39 spz Exp $ ./usr/libdata/debug/lib base-sys-usr debug,dynamicroot,compatdir ./usr/libdata/debug/lib/libblacklist.so.0.0.debug comp-sys-debug debug,dynamicroot ./usr/libdata/debug/lib/libc.so.12.202.debug comp-sys-debug debug,dynamicroot @@ -90,7 +90,7 @@ ./usr/libdata/debug/usr/lib/libevent_openssl.so.4.0.debug comp-sys-debug debug,compatfile,crypto ./usr/libdata/debug/usr/lib/libevent_pthreads.so.4.0.debug comp-sys-debug debug,compatfile ./usr/libdata/debug/usr/lib/libexecinfo.so.0.0.debug comp-sys-debug debug,compatfile -./usr/libdata/debug/usr/lib/libexpat.so.2.1.debug comp-sys-debug debug,compatfile +./usr/libdata/debug/usr/lib/libexpat.so.2.2.debug comp-sys-debug debug,compatfile ./usr/libdata/debug/usr/lib/libfetch.so.3.0.debug comp-sys-debug debug,compatfile ./usr/libdata/debug/usr/lib/libform.so.6.0.debug comp-sys-debug debug,compatfile ./usr/libdata/debug/usr/lib/libg2c.so.2.0.debug comp-sys-debug obsolete Index: src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 diff -u src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4:1.3 src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4:1.4 --- src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4:1.3 Fri Apr 6 10:46:13
CVS import: src/external/mit/expat/dist
Module Name:src Committed By: spz Date: Sat May 14 14:30:54 UTC 2016 Update of /cvsroot/src/external/mit/expat/dist In directory ivanova.netbsd.org:/tmp/cvs-serv22133 Log Message: Import of a new expat version. Upstream Changes: Release 2.1.1 Sat March 12 2016 Security fixes: #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer Bug fixes: #502: Fix potential null pointer dereference #520: Symbol XML_SetHashSalt was not exported Output of "xmlwf -h" was incomplete Other changes #503: Document behavior of calling XML_SetHashSalt with salt 0 Minor improvements to man page xmlwf(1) Improvements to the experimental CMake build system libtool now invoked with --verbose Status: Vendor Tag: expat Release Tags: expat-2-1-1 U src/external/mit/expat/dist/expat_config.h.cmake U src/external/mit/expat/dist/ConfigureChecks.cmake U src/external/mit/expat/dist/COPYING U src/external/mit/expat/dist/expat_config.h.in U src/external/mit/expat/dist/Makefile.in N src/external/mit/expat/dist/configure.ac U src/external/mit/expat/dist/CMakeLists.txt U src/external/mit/expat/dist/aclocal.m4 U src/external/mit/expat/dist/expat.pc.in U src/external/mit/expat/dist/MANIFEST U src/external/mit/expat/dist/README U src/external/mit/expat/dist/expat.dsw U src/external/mit/expat/dist/configure U src/external/mit/expat/dist/Changes U src/external/mit/expat/dist/CMake.README U src/external/mit/expat/dist/doc/style.css U src/external/mit/expat/dist/doc/valid-xhtml10.png U src/external/mit/expat/dist/doc/xmlwf.sgml U src/external/mit/expat/dist/doc/reference.html U src/external/mit/expat/dist/doc/xmlwf.1 U src/external/mit/expat/dist/doc/expat.png U src/external/mit/expat/dist/tests/xmltest.sh U src/external/mit/expat/dist/tests/chardata.h U src/external/mit/expat/dist/tests/minicheck.h U src/external/mit/expat/dist/tests/README.txt U src/external/mit/expat/dist/tests/chardata.c U src/external/mit/expat/dist/tests/minicheck.c U src/external/mit/expat/dist/tests/runtests.c U src/external/mit/expat/dist/tests/runtestspp.cpp U src/external/mit/expat/dist/tests/benchmark/benchmark.dsp U src/external/mit/expat/dist/tests/benchmark/benchmark.c U src/external/mit/expat/dist/tests/benchmark/README.txt U src/external/mit/expat/dist/tests/benchmark/benchmark.dsw U src/external/mit/expat/dist/examples/elements.c U src/external/mit/expat/dist/examples/outline.c U src/external/mit/expat/dist/examples/outline.dsp U src/external/mit/expat/dist/examples/elements.dsp U src/external/mit/expat/dist/xmlwf/xmlfile.c U src/external/mit/expat/dist/xmlwf/xmlmime.h U src/external/mit/expat/dist/xmlwf/codepage.c U src/external/mit/expat/dist/xmlwf/xmlfile.h U src/external/mit/expat/dist/xmlwf/xmlwf.dsp U src/external/mit/expat/dist/xmlwf/readfilemap.c U src/external/mit/expat/dist/xmlwf/xmlurl.h U src/external/mit/expat/dist/xmlwf/codepage.h U src/external/mit/expat/dist/xmlwf/ct.c U src/external/mit/expat/dist/xmlwf/xmltchar.h U src/external/mit/expat/dist/xmlwf/filemap.h U src/external/mit/expat/dist/xmlwf/win32filemap.c U src/external/mit/expat/dist/xmlwf/xmlwf.c U src/external/mit/expat/dist/xmlwf/xmlwin32url.cxx U src/external/mit/expat/dist/xmlwf/unixfilemap.c U src/external/mit/expat/dist/xmlwf/xmlmime.c U src/external/mit/expat/dist/m4/ltversion.m4 U src/external/mit/expat/dist/m4/ltoptions.m4 U src/external/mit/expat/dist/m4/lt~obsolete.m4 U src/external/mit/expat/dist/m4/libtool.m4 U src/external/mit/expat/dist/m4/ltsugar.m4 U src/external/mit/expat/dist/bcb5/expat.bpf U src/external/mit/expat/dist/bcb5/expat.mak U src/external/mit/expat/dist/bcb5/xmlwf.mak U src/external/mit/expat/dist/bcb5/expat_static.bpr U src/external/mit/expat/dist/bcb5/outline.bpf U src/external/mit/expat/dist/bcb5/outline.mak U src/external/mit/expat/dist/bcb5/elements.bpr U src/external/mit/expat/dist/bcb5/expat_static.mak U src/external/mit/expat/dist/bcb5/expatw_static.bpr U src/external/mit/expat/dist/bcb5/outline.bpr U src/external/mit/expat/dist/bcb5/expatw_static.mak U src/external/mit/expat/dist/bcb5/expat_static.bpf U src/external/mit/expat/dist/bcb5/README.txt U src/external/mit/expat/dist/bcb5/expatw.mak U src/external/mit/expat/dist/bcb5/expat.bpr U src/external/mit/expat/dist/bcb5/libexpatw_mtd.def U src/external/mit/expat/dist/bcb5/elements.bpf U src/external/mit/expat/dist/bcb5/setup.bat U src/external/mit/expat/dist/bcb5/expatw_static.bpf U src/external/mit/expat/dist/bcb5/all_projects.bpg U src/external/mit/expat/dist/bcb5/expatw.bpf U src/external/mit/expat/dist/bcb5/xmlwf.bpr U src/external/mit/expat/dist/bcb5/libexpat_mtd.def U src/external/mit/expat/dist/bcb5/expatw.bpr U src/external/mit/expat/dist/bcb5/elements.mak U src/external/mit/expat/dist/bcb5/xmlwf.bpf U src/external/mit/expat/dist/bcb5/makefile.mak U src/external/mit/expat/dist/amiga/expat_68k.h U
CVS commit: src
Module Name:src Committed By: spz Date: Mon Mar 23 10:22:52 UTC 2015 Modified Files: src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS README e_os.h makevms.com openssl.spec src/crypto/external/bsd/openssl/dist/apps: ca.c ocsp.c s_client.c s_server.c s_time.c speed.c src/crypto/external/bsd/openssl/dist/crypto: LPdir_vms.c LPdir_win.c Makefile armcap.c constant_time_locl.h cryptlib.c cryptlib.h crypto.h cversion.c ebcdic.h md32_common.h mem.c mem_clr.c opensslconf.h opensslv.h ossl_typ.h ppccap.c sparccpuid.S uid.c src/crypto/external/bsd/openssl/dist/crypto/aes: aes.h aes_locl.h src/crypto/external/bsd/openssl/dist/crypto/asn1: a_d2i_fp.c a_strex.c a_type.c asn_mime.c tasn_dec.c tasn_enc.c src/crypto/external/bsd/openssl/dist/crypto/bf: bf_opts.c bfspeed.c bftest.c src/crypto/external/bsd/openssl/dist/crypto/bio: b_sock.c bss_file.c bss_log.c src/crypto/external/bsd/openssl/dist/crypto/bn: bn.h bn_exp.c bn_lcl.h bn_lib.c bn_mont.c bn_nist.c bntest.c divtest.c exptest.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm: x86_64-gcc.c src/crypto/external/bsd/openssl/dist/crypto/buffer: buffer.c src/crypto/external/bsd/openssl/dist/crypto/cast: cast.h cast_spd.c castopts.c casttest.c src/crypto/external/bsd/openssl/dist/crypto/cms: cms_pwri.c src/crypto/external/bsd/openssl/dist/crypto/comp: c_zlib.c src/crypto/external/bsd/openssl/dist/crypto/conf: conf_def.c test.c src/crypto/external/bsd/openssl/dist/crypto/des: des.c des.h des_opts.c destest.c rand_key.c read_pwd.c speed.c src/crypto/external/bsd/openssl/dist/crypto/dh: dhtest.c src/crypto/external/bsd/openssl/dist/crypto/dsa: dsa_ameth.c src/crypto/external/bsd/openssl/dist/crypto/dso: dso_dlfcn.c src/crypto/external/bsd/openssl/dist/crypto/ec: ec.h ec2_mult.c ec2_smpl.c ec_ameth.c ec_asn1.c ecp_mont.c ecp_nist.c ecp_smpl.c ectest.c src/crypto/external/bsd/openssl/dist/crypto/engine: eng_all.c eng_cryptodev.c engine.h enginetest.c src/crypto/external/bsd/openssl/dist/crypto/evp: Makefile e_aes.c evp_enc.c m_sha1.c openbsd_hw.c src/crypto/external/bsd/openssl/dist/crypto/hmac: hmactest.c src/crypto/external/bsd/openssl/dist/crypto/idea: i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c idea.h idea_lcl.h idea_spd.c ideatest.c src/crypto/external/bsd/openssl/dist/crypto/lhash: lh_test.c lhash.c lhash.h src/crypto/external/bsd/openssl/dist/crypto/md2: md2test.c src/crypto/external/bsd/openssl/dist/crypto/md4: md4.h md4_dgst.c md4test.c src/crypto/external/bsd/openssl/dist/crypto/md5: md5.h md5_dgst.c md5_locl.h md5test.c src/crypto/external/bsd/openssl/dist/crypto/mdc2: mdc2test.c src/crypto/external/bsd/openssl/dist/crypto/modes: modes.h src/crypto/external/bsd/openssl/dist/crypto/objects: o_names.c src/crypto/external/bsd/openssl/dist/crypto/ocsp: ocsp_vfy.c src/crypto/external/bsd/openssl/dist/crypto/pkcs12: p12_decr.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pk7_doit.c pk7_lib.c pkcs7.h src/crypto/external/bsd/openssl/dist/crypto/pqueue: pqueue.h src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c rand_egd.c rand_unix.c randfile.c src/crypto/external/bsd/openssl/dist/crypto/rc2: rc2.h rc2_cbc.c rc2_ecb.c rc2_locl.h rc2cfb64.c rc2ofb64.c rc2speed.c src/crypto/external/bsd/openssl/dist/crypto/rc4: rc4.h rc4speed.c src/crypto/external/bsd/openssl/dist/crypto/rc5: rc5.h rc5_ecb.c rc5_enc.c rc5_locl.h rc5cfb64.c rc5ofb64.c rc5speed.c src/crypto/external/bsd/openssl/dist/crypto/ripemd: ripemd.h rmd_dgst.c rmd_locl.h rmdtest.c src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa.h rsa_eay.c rsa_err.c rsa_oaep.c rsa_pk1.c rsa_sign.c src/crypto/external/bsd/openssl/dist/crypto/sha: sha.h sha1test.c sha256.c sha_locl.h shatest.c src/crypto/external/bsd/openssl/dist/crypto/stack: safestack.h src/crypto/external/bsd/openssl/dist/crypto/threads: mttest.c th-lock.c src/crypto/external/bsd/openssl/dist/crypto/ui: ui_openssl.c src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c src/crypto/external/bsd/openssl/dist/crypto/x509v3: tabtest.c v3_addr.c src/crypto/external/bsd/openssl/dist/demos/engines/zencod: hw_zencod.h src/crypto/external/bsd/openssl/dist/doc/crypto: d2i_X509.pod src/crypto/external/bsd/openssl/dist/engines: e_padlock.c src/crypto/external/bsd/openssl/dist/engines/ccgost: gost2001_keyx.c
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Mon Mar 23 08:31:52 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv27726 Log Message: This is an import of OpenSSL 1.0.1m. The vulnerabilities listed below were previously fixed by patches supplied by the OpenSSL project. Thus, this import is not about vulnerabilities, but about the change in source style OpenSSL applied before 1.0.1m (as well as small fixes not listed in the changelog that make us have a 'proper' 1.0.1m). Upstream Changelog: Changes between 1.0.1l and 1.0.1m [19 Mar 2015] *) Segmentation fault in ASN1_TYPE_cmp fix The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (CVE-2015-0286) [Stephen Henson] *) ASN.1 structure reuse memory corruption fix Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. (CVE-2015-0287) [Stephen Henson] *) PKCS7 NULL pointer dereferences fix The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) [Emilia K�sper] *) DoS via reachable assert in SSLv2 servers fix A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. This issue was discovered by Sean Burford (Google) and Emilia K�sper (OpenSSL development team). (CVE-2015-0293) [Emilia K�sper] *) Use After Free following d2i_ECPrivatekey error fix A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare. This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. (CVE-2015-0209) [Matt Caswell] *) X509_to_X509_REQ NULL pointer deref fix The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice. This issue was discovered by Brian Carpenter. (CVE-2015-0288) [Stephen Henson] *) Removed the export ciphers from the DEFAULT ciphers [Kurt Roeckx] Changes between 1.0.1k and 1.0.1l [15 Jan 2015] *) Build fixes for the Windows and OpenVMS platforms [Matt Caswell and Richard Levitte] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1m U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h C src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Thu Mar 19 14:24:55 UTC 2015 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/asn1: a_type.c tasn_dec.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7: pk7_doit.c pk7_lib.c src/crypto/external/bsd/openssl/dist/doc/crypto: d2i_X509.pod src/crypto/external/bsd/openssl/dist/ssl: s2_lib.c s2_srvr.c Log Message: patches for todays' OpenSSL security advisory from OpenSSL, as relevant to NetBSD base: OpenSSL Security Advisory [19 Mar 2015] === Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) Severity: High This security issue was previously announced by the OpenSSL project and classified as low severity. This severity rating has now been changed to high. This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common. This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. ** issue already committed see last release ** OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015. Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) === Severity: Moderate The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit ee5a1253285e5c9f406c8b57b0686319b70c07d8 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit 1e3ca524cb38ec92deea37629718e98aba43bc5d OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33 This issue was discovered and fixed by Stephen Henson of the OpenSSL development team. ASN.1 structure reuse memory corruption (CVE-2015-0287) === Severity: Moderate Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit d96692c933fe02829c3e922bf7f239e0bd003759 OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team. PKCS7 NULL pointer dereferences (CVE-2015-0289) === Severity: Moderate The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit e0d6a791c53b64da64277c5565eb89b1cb149fc3 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit d3d52c73544bba800c2a8f5ef3376358158cf2ca OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552 OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9 This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski
CVS commit: src/doc
Module Name:src Committed By: spz Date: Mon Feb 23 07:17:37 UTC 2015 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: note bind now is 9.10.1-P2 To generate a diff of this commit: cvs rdiff -u -r1.1206 -r1.1207 src/doc/3RDPARTY cvs rdiff -u -r1.2046 -r1.2047 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1206 src/doc/3RDPARTY:1.1207 --- src/doc/3RDPARTY:1.1206 Sat Feb 21 12:05:47 2015 +++ src/doc/3RDPARTY Mon Feb 23 07:17:37 2015 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1206 2015/02/21 12:05:47 tron Exp $ +# $NetBSD: 3RDPARTY,v 1.1207 2015/02/23 07:17:37 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -113,8 +113,8 @@ Notes: bc includes dc, both of which are in the NetBSD tree. Package: bind [named and utils] -Version: 9.10.1-P1 -Current Vers: 9.10.1-P1 +Version: 9.10.1-P2 +Current Vers: 9.10.1-P2 Maintainer: Paul Vixie vi...@vix.com Archive Site: ftp://ftp.isc.org/isc/bind9/ Home Page: http://www.isc.org/software/bind/ Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.2046 src/doc/CHANGES:1.2047 --- src/doc/CHANGES:1.2046 Sat Feb 21 12:05:47 2015 +++ src/doc/CHANGES Mon Feb 23 07:17:37 2015 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.2046 $ +# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.2047 $ # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -132,3 +132,4 @@ Changes from NetBSD 7.0 to NetBSD 8.0: zoneinfo: Import tzdata2015a. [apb 20150131] libc: Import tzdata2015a. [christos 20150131] postfix(1): Import version 2.11.4. [tron 20150221] + bind: patch to version 9.10.1-P2. [spz 20150221]
CVS commit: src/external/bsd/libevent/dist/include/event2
Module Name:src Committed By: spz Date: Sun Feb 1 19:09:05 UTC 2015 Removed Files: src/external/bsd/libevent/dist/include/event2: event-config.h Log Message: this generated include file oughtn't be around, the 'good' version is in external/bsd/libevent/include/event2/event-config.h instead To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r0 \ src/external/bsd/libevent/dist/include/event2/event-config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/doc
Module Name:src Committed By: spz Date: Fri Jan 30 23:00:06 UTC 2015 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: note the libevent update To generate a diff of this commit: cvs rdiff -u -r1.1198 -r1.1199 src/doc/3RDPARTY cvs rdiff -u -r1.2042 -r1.2043 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1198 src/doc/3RDPARTY:1.1199 --- src/doc/3RDPARTY:1.1198 Fri Jan 30 10:21:23 2015 +++ src/doc/3RDPARTY Fri Jan 30 23:00:06 2015 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1198 2015/01/30 10:21:23 roy Exp $ +# $NetBSD: 3RDPARTY,v 1.1199 2015/01/30 23:00:06 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -677,12 +677,12 @@ The lvm2tools and the libdevmapper are n repository. See the lvm2tools Notes for more information. Package: libevent -Version: 2.0.21-stable -Current Vers: 2.0.21-stable +Version: 2.0.22-stable +Current Vers: 2.0.22-stable Maintainer: Niels Provos pro...@citi.umich.edu Archive Site: http://www.monkey.org/~provos/libevent/ Home Page: http://www.monkey.org/~provos/libevent/ -Responsible: provos +Responsible: License: BSD (3/4-clause) Location: external/bsd/libevent/dist Notes: Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.2042 src/doc/CHANGES:1.2043 --- src/doc/CHANGES:1.2042 Fri Jan 30 10:21:23 2015 +++ src/doc/CHANGES Fri Jan 30 23:00:06 2015 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.2042 $ +# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.2043 $ # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -127,4 +127,5 @@ Changes from NetBSD 7.0 to NetBSD 8.0: arm: Add support for Zynq SoC. [hkenken 20150123] evbarm: Add support for the PARALLELLA (Zynq). [hkenken 20150123] blacklist: Added daemon and library [christos 20150125] + libevent: Import libevent 2.0.22 [spz 20150129] dhcpcd(8): Import dhcpcd-6.7.1. [roy 20150130]
CVS import: src/external/bsd/libevent/dist
Module Name:src Committed By: spz Date: Thu Jan 29 06:28:12 UTC 2015 Update of /cvsroot/src/external/bsd/libevent/dist In directory ivanova.netbsd.org:/tmp/cvs-serv25758 Log Message: Upstream Change_log: Changes in version 2.0.22-stable (5 Jan 2015) SECURITY FIXES (evbuffers) o Avoid integer overflow bugs in evbuffer_add() and related functions. See CVE-2014-6272 advisory for more information. (20d6d4458bee5d88bda1511c225c25b2d3198d6c) BUGFIXES (evhttp) o fix #73 and fix http_connection_fail_test to catch it (crash fix) (b618204 Greg Hazel) o Avoid racy bufferevent activation (5eb1788 Nate Rosenblum) BUGFIXES (compilation and portability) o Fix compilation with WIN32_HAVE_CONDITION_VARIABLES enabled (7e45739) o Fix missing AC_PROG_SED on older Autoconfs (9ab2b3f Tay Ray Chuan) o Backport libevent to vanilla Autoconf 2.59 (as used in RHEL5) (74d4c44 Kevin Bowling) o Use AC_CONFIG_HEADERS in place of AM_CONFIG_HEADERS for automake 1.13 compat (817ea36) o Rename configure.in to configure.ac to appease newer autoconfs (0c79787) o Avoid using top_srcdir in TESTS: new automakes do not like this (a55514e) o Use windows vsnprintf fixup logic on all windows environments (e826f19) o Fix a compiler warning when checking for arc4random_buf linker breakage. (5cb3865) o Fix another arc4random_buf-related warning (e64a2b0) o Add -Qunused-arguments for clang on macos (b56611d Trond Norbye) BUGFIXES (resource leaks/lock errors on error) o Avoid leaking fds on evconnlistener with no callback set (69db261) o Avoid double-close on getsockname error in evutil_ersatz_socketpair (0a822a6) o Fix a locking error in bufferevent_socket_get_dns_error. (0a5eb2e) o libevent/win32_dealloc() : fix sizeof(pointer) vs sizeof(*pointer) (b8f5980 Frank Denis) BUGFIXES: (other stability) o bufferevent_pair: don't call downcast(NULL) (f2428a2) o Consistently check for failure from evbuffer_pullup() (60f8f72) o Fix race caused by event_active (3c7d6fc vjpai) BUGFIXES (miscellaneous) o Avoid redundant invocations of init_extension_functions for IOCP (3b77d62) o Typo fixes from Linus Nordberg (cec62cb, 8cd695b) o Add a few files created by make verify to .gitignore. (1a8295a Pierre Phaneuf) o regress_buffer: fix 'memcmp' compare size (79800df Maks Naumov) o Fix bufferevent setwatermark suspend_read (b34e4ac ufo2243) o Fix evbuffer_peek() with len==-1 and start_at non-NULL. (fb7e76a) BUFGIXES (evdns) o Checking request nameserver for NULL, before using it. (5c710c0 Belobrov Andrey) o Fix SEGFAULT after evdns_base_resume if no nameservers installed. (f8d7df8 Azat Khuzhin) o Fix a crash in evdns related to shutting down evdns (9f39c88,e8fe749) BUGFIXES (epoll) o Check does arch have the epoll_create and __NR_epoll_wait syscalls. (dfe1e52 Marcin Juszkiewicz) BUGFIXES (evutil_secure_random) o Avoid other RNG initialization FS reads when urandom file is specified (9695e9c, bb52471) o When we seed from /proc/sys/kernel/random/uuid, count it as success (e35b540) o Document that arc4random is not a great cryptographic PRNG. (6e49696) o Add evutil_secure_rng_set_urandom_device_file (2bbb5d7) o Really remove RNG seeds from the stack (f5ced88) DOCUMENTATION FIXES o Fix a mistake in evbuffer_remove() arguments in example http server code (c322c20 Gyepi Sam) o Fix a typo in a comment in buffer.h. Spotted by Alt_F4 (773b0a5) o Clarify event_base_loop exit conditions (031a803) o Use FindClose for handle from FindFirstFile in http-server.c (6466e88) o Fix a typo in a doxygen comment. Reported by 亦得. (be1aeff) Status: Vendor Tag: LIBEVENT Release Tags: libevent-2-0-22-stable N src/external/bsd/libevent/dist/URLs N src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz N src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz.asc N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/Makefile.in N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evmap-internal.h N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/event_iocp.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/win32select.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/epoll.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evrpc-internal.h N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/autogen.sh N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/event.h N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evutil_rand.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/event.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/libevent_openssl.pc.in N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/Makefile.nmake N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/evmap.c N src/external/bsd/libevent/dist/src/external/bsd/libevent/dist/make-event-config.sed N
CVS import: src/external/bsd/libevent/dist
Module Name:src Committed By: spz Date: Thu Jan 29 06:38:29 UTC 2015 Update of /cvsroot/src/external/bsd/libevent/dist In directory ivanova.netbsd.org:/tmp/cvs-serv1728 Log Message: Upstream Change_log: Changes in version 2.0.22-stable (5 Jan 2015) SECURITY FIXES (evbuffers) o Avoid integer overflow bugs in evbuffer_add() and related functions. See CVE-2014-6272 advisory for more information. (20d6d4458bee5d88bda1511c225c25b2d3198d6c) BUGFIXES (evhttp) o fix #73 and fix http_connection_fail_test to catch it (crash fix) (b618204 Greg Hazel) o Avoid racy bufferevent activation (5eb1788 Nate Rosenblum) BUGFIXES (compilation and portability) o Fix compilation with WIN32_HAVE_CONDITION_VARIABLES enabled (7e45739) o Fix missing AC_PROG_SED on older Autoconfs (9ab2b3f Tay Ray Chuan) o Backport libevent to vanilla Autoconf 2.59 (as used in RHEL5) (74d4c44 Kevin Bowling) o Use AC_CONFIG_HEADERS in place of AM_CONFIG_HEADERS for automake 1.13 compat (817ea36) o Rename configure.in to configure.ac to appease newer autoconfs (0c79787) o Avoid using top_srcdir in TESTS: new automakes do not like this (a55514e) o Use windows vsnprintf fixup logic on all windows environments (e826f19) o Fix a compiler warning when checking for arc4random_buf linker breakage. (5cb3865) o Fix another arc4random_buf-related warning (e64a2b0) o Add -Qunused-arguments for clang on macos (b56611d Trond Norbye) BUGFIXES (resource leaks/lock errors on error) o Avoid leaking fds on evconnlistener with no callback set (69db261) o Avoid double-close on getsockname error in evutil_ersatz_socketpair (0a822a6) o Fix a locking error in bufferevent_socket_get_dns_error. (0a5eb2e) o libevent/win32_dealloc() : fix sizeof(pointer) vs sizeof(*pointer) (b8f5980 Frank Denis) BUGFIXES: (other stability) o bufferevent_pair: don't call downcast(NULL) (f2428a2) o Consistently check for failure from evbuffer_pullup() (60f8f72) o Fix race caused by event_active (3c7d6fc vjpai) BUGFIXES (miscellaneous) o Avoid redundant invocations of init_extension_functions for IOCP (3b77d62) o Typo fixes from Linus Nordberg (cec62cb, 8cd695b) o Add a few files created by make verify to .gitignore. (1a8295a Pierre Phaneuf) o regress_buffer: fix 'memcmp' compare size (79800df Maks Naumov) o Fix bufferevent setwatermark suspend_read (b34e4ac ufo2243) o Fix evbuffer_peek() with len==-1 and start_at non-NULL. (fb7e76a) BUFGIXES (evdns) o Checking request nameserver for NULL, before using it. (5c710c0 Belobrov Andrey) o Fix SEGFAULT after evdns_base_resume if no nameservers installed. (f8d7df8 Azat Khuzhin) o Fix a crash in evdns related to shutting down evdns (9f39c88,e8fe749) BUGFIXES (epoll) o Check does arch have the epoll_create and __NR_epoll_wait syscalls. (dfe1e52 Marcin Juszkiewicz) BUGFIXES (evutil_secure_random) o Avoid other RNG initialization FS reads when urandom file is specified (9695e9c, bb52471) o When we seed from /proc/sys/kernel/random/uuid, count it as success (e35b540) o Document that arc4random is not a great cryptographic PRNG. (6e49696) o Add evutil_secure_rng_set_urandom_device_file (2bbb5d7) o Really remove RNG seeds from the stack (f5ced88) DOCUMENTATION FIXES o Fix a mistake in evbuffer_remove() arguments in example http server code (c322c20 Gyepi Sam) o Fix a typo in a comment in buffer.h. Spotted by Alt_F4 (773b0a5) o Clarify event_base_loop exit conditions (031a803) o Use FindClose for handle from FindFirstFile in http-server.c (6466e88) o Fix a typo in a doxygen comment. Reported by 亦得. (be1aeff) Status: Vendor Tag: LIBEVENT Release Tags: libevent-2-0-22-stable U src/external/bsd/libevent/dist/Makefile.in U src/external/bsd/libevent/dist/evmap-internal.h U src/external/bsd/libevent/dist/event_iocp.c U src/external/bsd/libevent/dist/win32select.c U src/external/bsd/libevent/dist/epoll.c U src/external/bsd/libevent/dist/evrpc-internal.h U src/external/bsd/libevent/dist/autogen.sh U src/external/bsd/libevent/dist/event.h C src/external/bsd/libevent/dist/evutil_rand.c C src/external/bsd/libevent/dist/event.c U src/external/bsd/libevent/dist/libevent_openssl.pc.in U src/external/bsd/libevent/dist/Makefile.nmake U src/external/bsd/libevent/dist/evmap.c U src/external/bsd/libevent/dist/make-event-config.sed U src/external/bsd/libevent/dist/ratelim-internal.h U src/external/bsd/libevent/dist/log-internal.h C src/external/bsd/libevent/dist/util-internal.h C src/external/bsd/libevent/dist/evdns.c C src/external/bsd/libevent/dist/event_tagging.c U src/external/bsd/libevent/dist/strlcpy.c U src/external/bsd/libevent/dist/defer-internal.h U src/external/bsd/libevent/dist/libevent.pc.in U src/external/bsd/libevent/dist/arc4random.c U src/external/bsd/libevent/dist/http-internal.h N src/external/bsd/libevent/dist/configure.ac U src/external/bsd/libevent/dist/select.c U src/external/bsd/libevent/dist/configure U
CVS commit: src/external/bsd/libevent
Module Name:src
Committed By: spz
Date: Thu Jan 29 07:26:03 UTC 2015
Modified Files:
src/external/bsd/libevent: libevent2netbsd
src/external/bsd/libevent/dist: buffer.c bufferevent.c
evbuffer-internal.h evdns.c event.c event_tagging.c evrpc.c
evutil.c evutil_rand.c http.c log-internal.h log.c ltmain.sh
util-internal.h
src/external/bsd/libevent/dist/include/event2: rpc.h util.h
src/external/bsd/libevent/dist/test: regress.c regress.h
regress_buffer.c regress_http.c
src/external/bsd/libevent/include/event2: event-config.h
src/external/bsd/libevent/man: buffer.h.3 buffer_compat.h.3
bufferevent.3 bufferevent_ssl.h.3 deprecated.3 dns.h.3
dns_compat.h.3 evbuffer_cb_info.3 evbuffer_iovec.3 evbuffer_ptr.3
event.h.3 event_base.3 event_compat.h.3 event_config.3
evthread_condition_callbacks.3 evthread_lock_callbacks.3
evutil_addrinfo.3 http.h.3 http_compat.h.3 rpc.h.3 rpc_compat.h.3
tag.h.3 tag_compat.h.3 thread.h.3 util.h.3
Log Message:
merge and update manpages and include/event2/event-config.h
May need extra fixing around log-internal.h and log.c
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/external/bsd/libevent/libevent2netbsd
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/libevent/dist/buffer.c \
src/external/bsd/libevent/dist/bufferevent.c \
src/external/bsd/libevent/dist/evbuffer-internal.h \
src/external/bsd/libevent/dist/evdns.c \
src/external/bsd/libevent/dist/event.c \
src/external/bsd/libevent/dist/event_tagging.c \
src/external/bsd/libevent/dist/evrpc.c \
src/external/bsd/libevent/dist/evutil_rand.c \
src/external/bsd/libevent/dist/http.c \
src/external/bsd/libevent/dist/log.c \
src/external/bsd/libevent/dist/util-internal.h
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/libevent/dist/evutil.c
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/libevent/dist/log-internal.h
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/libevent/dist/ltmain.sh
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/libevent/dist/include/event2/rpc.h \
src/external/bsd/libevent/dist/include/event2/util.h
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/libevent/dist/test/regress.c
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/libevent/dist/test/regress.h \
src/external/bsd/libevent/dist/test/regress_buffer.c \
src/external/bsd/libevent/dist/test/regress_http.c
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/libevent/include/event2/event-config.h
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/libevent/man/buffer.h.3 \
src/external/bsd/libevent/man/buffer_compat.h.3 \
src/external/bsd/libevent/man/bufferevent.3 \
src/external/bsd/libevent/man/bufferevent_ssl.h.3 \
src/external/bsd/libevent/man/deprecated.3 \
src/external/bsd/libevent/man/dns.h.3 \
src/external/bsd/libevent/man/dns_compat.h.3 \
src/external/bsd/libevent/man/evbuffer_cb_info.3 \
src/external/bsd/libevent/man/evbuffer_iovec.3 \
src/external/bsd/libevent/man/evbuffer_ptr.3 \
src/external/bsd/libevent/man/event.h.3 \
src/external/bsd/libevent/man/event_base.3 \
src/external/bsd/libevent/man/event_compat.h.3 \
src/external/bsd/libevent/man/event_config.3 \
src/external/bsd/libevent/man/evthread_condition_callbacks.3 \
src/external/bsd/libevent/man/evthread_lock_callbacks.3 \
src/external/bsd/libevent/man/evutil_addrinfo.3 \
src/external/bsd/libevent/man/http.h.3 \
src/external/bsd/libevent/man/http_compat.h.3 \
src/external/bsd/libevent/man/rpc.h.3 \
src/external/bsd/libevent/man/rpc_compat.h.3 \
src/external/bsd/libevent/man/tag.h.3 \
src/external/bsd/libevent/man/tag_compat.h.3 \
src/external/bsd/libevent/man/thread.h.3 \
src/external/bsd/libevent/man/util.h.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/libevent/libevent2netbsd
diff -u src/external/bsd/libevent/libevent2netbsd:1.1 src/external/bsd/libevent/libevent2netbsd:1.2
--- src/external/bsd/libevent/libevent2netbsd:1.1 Thu Apr 11 16:56:11 2013
+++ src/external/bsd/libevent/libevent2netbsd Thu Jan 29 07:26:02 2015
@@ -1,5 +1,5 @@
#!/bin/sh
-# $NetBSD: libevent2netbsd,v 1.1 2013/04/11 16:56:11 christos Exp $
+# $NetBSD: libevent2netbsd,v 1.2 2015/01/29 07:26:02 spz Exp $
# Extract the new tarball and rename the libevent-X.Y.Z directory
# to dist. Run this script and check for additional files and
@@ -43,6 +43,11 @@ if [ -f $d/configure ]; then
#endif
d
}
+/_EVENT_SIZEOF_LONG_LONG/ {
+ a\
+#define _EVENT_SIZEOF_LONG_LONG 8
+ d
+}
/_EVENT_SIZEOF_LONG/ {
a\
#ifdef _LP64\
Index: src/external/bsd/libevent/dist/buffer.c
diff -u src/external/bsd/libevent/dist/buffer.c:1.2 src/external/bsd/libevent/dist/buffer.c:1.3
--- src/external/bsd/libevent/dist/buffer.c:1.2 Thu Apr 11 16:56:41 2013
CVS commit: src/external/bsd/libevent/dist
Module Name:src Committed By: spz Date: Thu Jan 29 06:34:05 UTC 2015 Removed Files: src/external/bsd/libevent/dist: URLs libevent-2.0.22-stable.tar.gz libevent-2.0.22-stable.tar.gz.asc Log Message: eeep, that import went not as I had intended. Going to remove the rest of the clutter from the repo To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r0 src/external/bsd/libevent/dist/URLs \ src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz \ src/external/bsd/libevent/dist/libevent-2.0.22-stable.tar.gz.asc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Tue Jan 13 08:02:20 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv14297 Log Message: Import of OpenSSL 1.0.1k. Upstream log: Changes between 1.0.1j and 1.0.1k [8 Jan 2015] *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack. Thanks to Markus Stenberg of Cisco Systems, Inc. for reporting this issue. (CVE-2014-3571) [Steve Henson] *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion. Thanks to Chris Mueller for reporting this issue. (CVE-2015-0206) [Matt Caswell] *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. Thanks to Frank Schmirler for reporting this issue. (CVE-2014-3569) [Kurt Roeckx] *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for reporting this issue. (CVE-2014-3572) [Steve Henson] *) Remove non-export ephemeral RSA code on client and server. This code violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] *) Fixed issue where DH client certificates are accepted without verification. An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting this issue. (CVE-2015-0205) [Steve Henson] *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. The session ID context is typically set from the parent SSL_CTX, and can vary with the CTX. [Adam Langley] *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. Thanks to Konrad Kraszewski from Google for reporting this issue. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team. (CVE-2014-8275) [Steve Henson] *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. Thanks to Pieter Wuille (Blockstream) who reported this issue and also suggested an initial fix. Further analysis was conducted by the OpenSSL
CVS commit: src/etc/rc.d
Module Name:src
Committed By: spz
Date: Thu Dec 25 23:00:18 UTC 2014
Modified Files:
src/etc/rc.d: ntpd
Log Message:
new ntpd wants to be able to translate ntp into a port number after chroot,
so give it its own small copy of /etc/services in the chroot
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/etc/rc.d/ntpd
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/rc.d/ntpd
diff -u src/etc/rc.d/ntpd:1.14 src/etc/rc.d/ntpd:1.15
--- src/etc/rc.d/ntpd:1.14 Tue Dec 4 16:38:40 2012
+++ src/etc/rc.d/ntpd Thu Dec 25 23:00:18 2014
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: ntpd,v 1.14 2012/12/04 16:38:40 prlw1 Exp $
+# $NetBSD: ntpd,v 1.15 2014/12/25 23:00:18 spz Exp $
#
# PROVIDE: ntpd
@@ -50,6 +50,21 @@ ntpd_precmd()
fi
ln -fs ${ntpd_chrootdir}/var/db/ntp.drift /var/db/ntp.drift
+ if [ ! -d ${ntpd_chrootdir}/etc ]; then
+ mkdir ${ntpd_chrootdir}/etc
+ fi
+ if [ ! -f ${ntpd_chrootdir}/etc/services ]; then
+ getent services ntp/udp ntp/tcp \
+ ${ntpd_chrootdir}/etc/services
+ fi
+ if [ ! -d ${ntpd_chrootdir}/var/db ]; then
+ mkdir -p ${ntpd_chrootdir}/var/db
+ fi
+ if [ ! -f ${ntpd_chrootdir}/var/db/services.cdb ]; then
+ services_mkdb -o ${ntpd_chrootdir}/var/db/services.cdb \
+ ${ntpd_chrootdir}/etc/services
+ fi
+
# Change run_rc_commands()'s internal copy of $ntpd_flags
#
rc_flags=-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Sun Aug 10 07:36:33 UTC 2014 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv23227 Log Message: Upstream changelog: Changes between 1.0.1h and 1.0.1i [6 Aug 2014] *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for discovering this issue. (CVE-2014-3512) [Steve Henson] *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. (CVE-2014-3511) [David Benjamin] *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. Thanks to Felix Gröbert (Google) for discovering and researching this issue. (CVE-2014-3510) [Emilia Käsper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. Thanks to Adam Langley for discovering and researching this issue. (CVE-2014-3507) [Adam Langley] *) An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. Thanks to Adam Langley for discovering and researching this issue. (CVE-2014-3506) [Adam Langley] *) An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. Thanks to Adam Langley and Wan-Teh Chang for discovering and researching this issue. (CVE-2014-3505) [Adam Langley] *) If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. (CVE-2014-3509) [Gabor Tyukasz] *) A malicious server can crash an OpenSSL client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack. Thanks to Joonas Kuorilehto and Riku Hietam�ki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] *) A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) [Emilia Käsper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to bogus results, with non-infinity inputs mapped to infinity too.) [Bodo Moeller] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1i U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay U src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE U src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U
CVS commit: src/crypto/external/bsd/openssl/dist/crypto/asn1
Module Name:src
Committed By: spz
Date: Sun Aug 10 08:27:42 UTC 2014
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/asn1: tasn_enc.c
Log Message:
merge accident, fixed
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c:1.2 src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c:1.2 Sun Aug 10 08:07:48 2014
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c Sun Aug 10 08:27:42 2014
@@ -463,7 +463,6 @@ static int asn1_set_seq_out(STACK_OF(ASN
}
}
}
- }
/* If not sorting just output each item */
if (!do_sort)
{
CVS commit: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Sun Aug 10 18:59:57 UTC 2014 Removed Files: src/crypto/external/bsd/openssl/dist/crypto/pkcs7: bio_ber.c dec.c des.pem doc enc.c es1.pem example.c example.h info.pem infokey.pem server.pem sign.c verify.c src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7: a1 a2 src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t: 3des.pem 3dess.pem c.pem ff msie-e msie-e.pem msie-enc-01 msie-enc-01.pem msie-enc-02 msie-enc-02.pem msie-s-a-e msie-s-a-e.pem nav-smime s.pem server.pem src/crypto/external/bsd/openssl/dist/demos/eay: Makefile base64.c conn.c loadrsa.c src/crypto/external/bsd/openssl/dist/demos/maurice: Makefile README cert.pem example1.c example2.c example3.c example4.c loadkeys.c loadkeys.h privkey.pem Log Message: remove empty files (newly gone in openssl 1.0.1i) remove now empty (and also gone) directories in a week or so (namely: crypto/pkcs7/p7 crypto/pkcs7/t demos/eay demos/maurice) To generate a diff of this commit: cvs rdiff -u -r1.3 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/bio_ber.c cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/dec.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/des.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/doc \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/enc.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/es1.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/example.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/example.h \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/info.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/infokey.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/server.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/sign.c \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/verify.c cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7/a1 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/p7/a2 cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/3des.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/3dess.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/c.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/ff \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-e \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-e.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-01 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-01.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-02 \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-02.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-s-a-e \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-s-a-e.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/nav-smime \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/s.pem \ src/crypto/external/bsd/openssl/dist/crypto/pkcs7/t/server.pem cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/demos/eay/Makefile \ src/crypto/external/bsd/openssl/dist/demos/eay/base64.c \ src/crypto/external/bsd/openssl/dist/demos/eay/conn.c \ src/crypto/external/bsd/openssl/dist/demos/eay/loadrsa.c cvs rdiff -u -r1.2 -r0 \ src/crypto/external/bsd/openssl/dist/demos/maurice/Makefile \ src/crypto/external/bsd/openssl/dist/demos/maurice/README \ src/crypto/external/bsd/openssl/dist/demos/maurice/cert.pem \ src/crypto/external/bsd/openssl/dist/demos/maurice/example1.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/example2.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/example3.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/example4.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/loadkeys.c \ src/crypto/external/bsd/openssl/dist/demos/maurice/loadkeys.h \ src/crypto/external/bsd/openssl/dist/demos/maurice/privkey.pem Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/crypto
Module Name:src Committed By: spz Date: Sun Aug 10 21:00:48 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/dist/crypto: ppccpuid.pl Log Message: merge lossage (this file is an ASM generator not used in a normal build) To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl diff -u src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl:1.3 src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl:1.4 --- src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl:1.3 Sun Aug 10 08:07:48 2014 +++ src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl Sun Aug 10 21:00:48 2014 @@ -88,8 +88,12 @@ Ladd: lwarx r5,0,r3 .globl .OPENSSL_rdtsc .align 4 .OPENSSL_rdtsc: - mftb r3 +Lrdtsc: + mftbr5 mftbu r4 + mftb r3 + cmplw r3,r5 + bne Lrdtsc blr .long 0 .byte 0,12,0x14,0,0,0,0,0
CVS commit: src/etc/rc.d
Module Name:src
Committed By: spz
Date: Thu Jul 17 07:17:03 UTC 2014
Modified Files:
src/etc/rc.d: dhcpd
Log Message:
Create the dhcpd.leases file if it doesn't exist already, don't just
warn about it not being there.
Closes PR misc/48868
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/etc/rc.d/dhcpd
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/rc.d/dhcpd
diff -u src/etc/rc.d/dhcpd:1.6 src/etc/rc.d/dhcpd:1.7
--- src/etc/rc.d/dhcpd:1.6 Fri Aug 13 18:08:03 2004
+++ src/etc/rc.d/dhcpd Thu Jul 17 07:17:03 2014
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: dhcpd,v 1.6 2004/08/13 18:08:03 mycroft Exp $
+# $NetBSD: dhcpd,v 1.7 2014/07/17 07:17:03 spz Exp $
#
# PROVIDE: dhcpd
@@ -12,8 +12,17 @@ $_rc_subr_loaded . /etc/rc.subr
name=dhcpd
rcvar=$name
command=/usr/sbin/${name}
+start_precmd=dhcpd_precmd
pidfile=/var/run/${name}.pid
-required_files=/etc/${name}.conf /var/db/${name}.leases
+required_files=/etc/${name}.conf
+
+dhcpd_precmd()
+{
+if [ ! -e /var/db/${name}.leases ]; then
+echo Creating /var/db/${name}.leases
+touch /var/db/${name}.leases
+fi
+}
load_rc_config $name
run_rc_command $1
CVS commit: src/external/bsd/dhcp/include
Module Name:src Committed By: spz Date: Sun Jul 13 19:37:23 UTC 2014 Modified Files: src/external/bsd/dhcp/include: config.h Log Message: make the comment at the DHCPv6 define less cryptic To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/external/bsd/dhcp/include/config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/dhcp/include/config.h diff -u src/external/bsd/dhcp/include/config.h:1.6 src/external/bsd/dhcp/include/config.h:1.7 --- src/external/bsd/dhcp/include/config.h:1.6 Sun Jul 13 14:56:56 2014 +++ src/external/bsd/dhcp/include/config.h Sun Jul 13 19:37:23 2014 @@ -16,7 +16,7 @@ #define DHCP_BYTE_ORDER _BYTE_ORDER #if 0 -/* From the Makefile */ +/* make it possible to obey USE_INET6=no, define it in the Makefile instead */ /* Define to 1 to include DHCPv6 support. */ #define DHCPv6 1 #endif
CVS import: src/external/bsd/dhcp/dist
Module Name:src Committed By: spz Date: Sat Jul 12 11:58:18 UTC 2014 Update of /cvsroot/src/external/bsd/dhcp/dist In directory ivanova.netbsd.org:/tmp/cvs-serv10346 Log Message: import of dhcp 4.3.0. Excerpts of the upstream RELNOTES: The major theme for ISC DHCP 4.3.x was to update the suport for DHCPv6 to include several of the features that have been available for DHCPv4. These include: - Support the use of classes - Support for on_commit, on_expiry and on_release statements - Better logging of address assignments - Support for using DHCPv6 relay options in expressions This release also adds suppport for the standard DDNS as described in the current RFCs as well as enhancing support for dynamically adding and removing subclasses via OMAPI. There are a number of DHCPv6 limitations and features missing in this release, which will be addressed in the future: - Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported. - DHCPv6 includes human-readable text in status code messages, in English. A method to reconfigure or support other languages would be preferable. - The host-identifier option is limited to a simple token. - The client and server can only operate DHCPv4 or DHCPv6 at a time, not both. To use both protocols simultaneously, two instances of the relevant daemon are required, one with the '-6' command line option. Changes since 4.3.0b1 - Tidy up receive packet processing. Thanks to Brad Plank of GTA for reporting the issue and suggesting a possible patch. [ISC-Bugs #34447] Changes since 4.3.0a1 - Modify the message displayed when a process hits a fatal error. The new message is much shorter and simply points to the README and our website for directions on bug submissions. [ISC-Bugs #24789] - Handle an absent resolv.conf file better. [ISC-Bugs #35194] Changes since 4.2.5 - Address static analysis warnings. [ISC-Bugs #33510] [ISC-Bugs #33511] - Silence benign static analysis warnings. [ISC-Bugs #33428] - Add check for 64-bit package for atf. [ISC-Bugs #32206] - Use newer auto* tool packages and turn on RFC_3542 support on Mac OS. [ISC-Bugs #26303] - Remove a variable when it isn't being used due to #ifdefs to avoid a compiler warning on Solaris using GCC. [ISC-Bugs #33032] - Add a check for too much whitespace in a config or lease file. Thanks to Paolo Pellegrino for finding the issue and a suggestion for the patch. [ISC-Bugs #33351] - Fix several problems with using OMAPI to manipulate class and subclass objects. [ISC-Bugs #27452] - Added a sleep call after killing the old client to allow time for the sockets to be cleaned. This should allow the -r option to work more consistently. [ISC-Bugs #18175] - Missing files for ISC DHCP Developer's Guide are now included in the release tarballs. To generate this documentation, please use make devel command in doc directory. [ISC-Bugs #32767] - Update client script for use with openwrt. [ISC-Bugs #29843] - Fix the socket handling for DHCPv6 clients to allow multiple instances of a client on a single machine to work properly. Previously only one client would receive the packets. Thanks to Jiri Popelka at Red Hat for the bug report and a potential patch. [ISC-Bugs #34784] - Added support for gentle shutdown after signal is received. [ISC-Bugs #32692] [ISC-Bugs 34945] - Enhance the DHCPv6 server logging to include the addresses that are assigned to the clients. [ISC-Bugs #26377] - Fix an operation in the DDNS code to be a bitwise instead of logical or. [ISC-Bugs #35138] Status: Vendor Tag: ISC Release Tags: DHCP4_3_0 U src/external/bsd/dhcp/dist/aclocal.m4 N src/external/bsd/dhcp/dist/config.guess N src/external/bsd/dhcp/dist/compile N src/external/bsd/dhcp/dist/config.sub U src/external/bsd/dhcp/dist/configure U src/external/bsd/dhcp/dist/configure.ac U src/external/bsd/dhcp/dist/depcomp U src/external/bsd/dhcp/dist/install-sh U src/external/bsd/dhcp/dist/LICENSE U src/external/bsd/dhcp/dist/Makefile.am U src/external/bsd/dhcp/dist/Makefile.in U src/external/bsd/dhcp/dist/missing U src/external/bsd/dhcp/dist/README U src/external/bsd/dhcp/dist/RELNOTES N src/external/bsd/dhcp/dist/test-driver U src/external/bsd/dhcp/dist/doc/api+protocol U src/external/bsd/dhcp/dist/doc/IANA-arp-parameters U src/external/bsd/dhcp/dist/doc/References.html U src/external/bsd/dhcp/dist/doc/Makefile U src/external/bsd/dhcp/dist/doc/References.xml U src/external/bsd/dhcp/dist/doc/References.txt N src/external/bsd/dhcp/dist/doc/devel/contrib.dox N src/external/bsd/dhcp/dist/doc/devel/arch.dox N src/external/bsd/dhcp/dist/doc/devel/atf.dox N src/external/bsd/dhcp/dist/doc/devel/debug.dox U src/external/bsd/dhcp/dist/doc/devel/doxyfile.in N src/external/bsd/dhcp/dist/doc/devel/isc-logo.jpg N src/external/bsd/dhcp/dist/doc/devel/mainpage.dox N
CVS commit: src/external/bsd/dhcp
Module Name:src
Committed By: spz
Date: Sat Jul 12 12:11:22 UTC 2014
Modified Files:
src/external/bsd/dhcp: Makefile.inc
Log Message:
the new release wants libisc (and thus libisccfg) from bind
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/external/bsd/dhcp/Makefile.inc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/dhcp/Makefile.inc
diff -u src/external/bsd/dhcp/Makefile.inc:1.10 src/external/bsd/dhcp/Makefile.inc:1.11
--- src/external/bsd/dhcp/Makefile.inc:1.10 Thu Jan 16 13:55:46 2014
+++ src/external/bsd/dhcp/Makefile.inc Sat Jul 12 12:11:22 2014
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.10 2014/01/16 13:55:46 christos Exp $
+# $NetBSD: Makefile.inc,v 1.11 2014/07/12 12:11:22 spz Exp $
WARNS?= 1 # XXX -Wshadow -Wcast-qual -Wsign-compare
@@ -23,7 +23,7 @@ CPPFLAGS+= -DDHCPv6
CPPFLAGS+= -DISC_PLATFORM_USETHREADS -DHAVE_CONFIG_H
CPPFLAGS+= -I${DIST} -I${DIST}/includes -I${DIST}/../include
CPPFLAGS+= -I${BIND} -I${BIND}/includes -I${BIND}/../include
-.for dir in isc dns
+.for dir in isc dns irs
CPPFLAGS+= -I${BIND}/lib/${dir}/include
CPPFLAGS+= -I${BIND}/lib/${dir}/unix/include
CPPFLAGS+= -I${BIND}/lib/${dir}/pthreads/include
@@ -34,7 +34,7 @@ LDADD+= ${OMOBJDIR}/libomapi.a ${DSTOBJD
.if defined(PROG) ${PROG} == dhclient
LDADD+=-Wl,-Bstatic
.endif
-LDADD+= -ldns -lisc
+LDADD+= -lirs -lisccfg -ldns -lisc
LDADD+=-lpthread
.if defined(PROG) ${PROG} == dhclient
LDADD+=-Wl,-Bdynamic
CVS commit: src/doc
Module Name:src Committed By: spz Date: Sat Jul 12 12:53:27 UTC 2014 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: update the records for the dhcp import To generate a diff of this commit: cvs rdiff -u -r1.1133 -r1.1134 src/doc/3RDPARTY cvs rdiff -u -r1.1943 -r1.1944 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1133 src/doc/3RDPARTY:1.1134 --- src/doc/3RDPARTY:1.1133 Fri Jul 11 22:33:03 2014 +++ src/doc/3RDPARTY Sat Jul 12 12:53:27 2014 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1133 2014/07/11 22:33:03 alnsn Exp $ +# $NetBSD: 3RDPARTY,v 1.1134 2014/07/12 12:53:27 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -289,8 +289,8 @@ distribution into the netbsd format. Th src/lib/libc/db/db2netbsd. Package: dhcp -Version: 4.2.5-P1 -Current Vers: 4.2.5-P1 +Version: 4.3.0 +Current Vers: 4.3.0 Maintainer: mellon Archive Site: ftp://ftp.isc.org/isc/dhcp/ Home Page: http://www.isc.org/software/dhcp/ Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.1943 src/doc/CHANGES:1.1944 --- src/doc/CHANGES:1.1943 Wed Jul 9 04:53:35 2014 +++ src/doc/CHANGES Sat Jul 12 12:53:27 2014 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1943 $ +# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1944 $ # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -439,3 +439,4 @@ Changes from NetBSD 6.0 to NetBSD 7.0: and reorganize. [dholland 20140705] postfix(1): Import version 2.11.1 [tron 20140706] bind: Import version 9.10.0-P2 [spz 20140708] + dhcp: Import version 4.3.0 [spz 20140712]
CVS commit: src/external/bsd/dhcp/include
Module Name:src Committed By: spz Date: Sat Jul 12 20:03:19 UTC 2014 Modified Files: src/external/bsd/dhcp/include: config.h Log Message: update config.h to the new version and enable DHCPv6 To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/external/bsd/dhcp/include/config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/dhcp/include/config.h diff -u src/external/bsd/dhcp/include/config.h:1.4 src/external/bsd/dhcp/include/config.h:1.5 --- src/external/bsd/dhcp/include/config.h:1.4 Wed Mar 27 00:38:54 2013 +++ src/external/bsd/dhcp/include/config.h Sat Jul 12 20:03:19 2014 @@ -1,6 +1,9 @@ /* includes/config.h. Generated from config.h.in by configure. */ /* includes/config.h.in. Generated from configure.ac by autoheader. */ +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ + /* Define to compile debug-only DHCP software. */ /* #undef DEBUG */ @@ -12,11 +15,8 @@ #include sys/endian.h #define DHCP_BYTE_ORDER _BYTE_ORDER -#if 0 -/* From the Makefile */ /* Define to 1 to include DHCPv6 support. */ #define DHCPv6 1 -#endif /* Define to any value to chroot() prior to loading config. */ /* #undef EARLY_CHROOT */ @@ -34,7 +34,7 @@ (struct s)' as it overestimates the size. Use 'offsetof (struct s, d)' instead. Don't use 'offsetof (struct s, d[0])', as this doesn't work with MSVC and with C++ compilers. */ -#define FLEXIBLE_ARRAY_MEMBER +#define FLEXIBLE_ARRAY_MEMBER /**/ /* Define to 1 to use the Berkeley Packet Filter interface code. */ #define HAVE_BPF 1 @@ -70,7 +70,7 @@ #define HAVE_REGEX_H 1 /* Define to 1 if the sockaddr structure has a length field. */ -#define HAVE_SA_LEN +#define HAVE_SA_LEN /**/ /* Define to 1 if you have the stdint.h header file. */ #define HAVE_STDINT_H 1 @@ -84,6 +84,9 @@ /* Define to 1 if you have the string.h header file. */ #define HAVE_STRING_H 1 +/* Define to 1 if you have the `strlcat' function. */ +#define HAVE_STRLCAT 1 + /* Define to 1 if you have the sys/socket.h header file. */ #define HAVE_SYS_SOCKET_H 1 @@ -121,13 +124,16 @@ #define PACKAGE_NAME DHCP /* Define to the full name and version of this package. */ -#define PACKAGE_STRING DHCP 4.2.5-P1 +#define PACKAGE_STRING DHCP 4.3.0 /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME dhcp +/* Define to the home page for this package. */ +#define PACKAGE_URL + /* Define to the version of this package. */ -#define PACKAGE_VERSION 4.2.5-P1 +#define PACKAGE_VERSION 4.3.0 /* Define to any value to include Ari's PARANOIA patch. */ /* #undef PARANOIA */ @@ -147,23 +153,45 @@ /* Define to 1 to use the standard BSD socket API. */ /* #undef USE_SOCKETS */ -/* Define to 1 to enable IPv4 packet info support. */ -/* #undef USE_V4_PKTINFO */ - -/* Version number of package */ -#define VERSION 4.2.5-P1 - -/* Define to 1 if on AIX 3. - System headers sometimes define this. - We just want to avoid a redefinition error message. */ +/* Enable extensions on AIX 3, Interix. */ #ifndef _ALL_SOURCE /* # undef _ALL_SOURCE */ #endif - /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # define _GNU_SOURCE 1 #endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# define _POSIX_PTHREAD_SEMANTICS 1 +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# define _TANDEM_SOURCE 1 +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# define __EXTENSIONS__ 1 +#endif + + +/* Define to 1 to enable IPv4 packet info support. */ +/* #undef USE_V4_PKTINFO */ + +/* Version number of package */ +#define VERSION 4.3.0 + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif +#endif /* Define to 1 if on MINIX. */ /* #undef _MINIX */ @@ -206,31 +234,20 @@ /* #undef _POSIX_SOURCE */ /* Define for Solaris 2.5.1 so the uint32_t typedef from sys/synch.h, - pthread.h, or semaphore.h is not used. If the typedef was allowed, the + pthread.h, or semaphore.h is not used. If the typedef were allowed, the #define below would cause a syntax error. */ /* #undef _UINT32_T */ /* Define for Solaris 2.5.1 so the uint64_t typedef from sys/synch.h, - pthread.h, or semaphore.h is not used. If the typedef was allowed, the + pthread.h, or semaphore.h is not used. If the typedef were allowed, the #define below would cause a syntax error. */ /* #undef _UINT64_T */ /* Define for Solaris 2.5.1 so the uint8_t typedef from sys/synch.h, - pthread.h, or semaphore.h is not used. If
CVS commit: src/doc
Module Name:src Committed By: spz Date: Tue Jul 8 06:01:47 UTC 2014 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: note bind import To generate a diff of this commit: cvs rdiff -u -r1.1130 -r1.1131 src/doc/3RDPARTY cvs rdiff -u -r1.1941 -r1.1942 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1130 src/doc/3RDPARTY:1.1131 --- src/doc/3RDPARTY:1.1130 Sun Jul 6 20:14:08 2014 +++ src/doc/3RDPARTY Tue Jul 8 06:01:47 2014 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1130 2014/07/06 20:14:08 tron Exp $ +# $NetBSD: 3RDPARTY,v 1.1131 2014/07/08 06:01:47 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -113,8 +113,8 @@ Notes: bc includes dc, both of which are in the NetBSD tree. Package: bind [named and utils] -Version: 9.10.0b1 -Current Vers: 9.10.0b1 +Version: 9.10.0-P2 +Current Vers: 9.10.0-P2 Maintainer: Paul Vixie vi...@vix.com Archive Site: ftp://ftp.isc.org/isc/bind9/ Home Page: http://www.isc.org/software/bind/ Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.1941 src/doc/CHANGES:1.1942 --- src/doc/CHANGES:1.1941 Sun Jul 6 20:14:08 2014 +++ src/doc/CHANGES Tue Jul 8 06:01:47 2014 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1941 $ +# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1942 $ # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -436,3 +436,4 @@ Changes from NetBSD 6.0 to NetBSD 7.0: pigz(1): Update to pigz-2.3.1 [tls 20140615] gdb(1): Updated to 7.7.1. [christos 20140622] postfix(1): Import version 2.11.1 [tron 20140706] + bind: Import version 9.10.0-P2 [spz 20140708]
CVS commit: src/etc/rc.d
Module Name:src
Committed By: spz
Date: Tue Jul 8 07:04:07 UTC 2014
Modified Files:
src/etc/rc.d: named
Log Message:
create /etc/rndc.key on start if it doesn't already exist
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/etc/rc.d/named
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/rc.d/named
diff -u src/etc/rc.d/named:1.23 src/etc/rc.d/named:1.24
--- src/etc/rc.d/named:1.23 Mon Oct 1 18:46:43 2012
+++ src/etc/rc.d/named Tue Jul 8 07:04:07 2014
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: named,v 1.23 2012/10/01 18:46:43 christos Exp $
+# $NetBSD: named,v 1.24 2014/07/08 07:04:07 spz Exp $
#
# PROVIDE: named
@@ -63,6 +63,11 @@ named_migrate()
named_precmd()
{
+ if [ ! -e /etc/rndc.key ]; then
+ echo Generating rndc.key
+ /usr/sbin/rndc-confgen -a
+ fi
+
if [ -z $named_chrootdir ]; then
if [ ! -d /etc/namedb/keys ]; then
mkdir -m 775 /etc/namedb/keys
CVS commit: src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat
Module Name:src Committed By: spz Date: Tue Jul 8 05:47:36 UTC 2014 Added Files: src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat: zkt-ls zkt-signer Log Message: two merge escapees To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls \ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Added files: Index: src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls diff -u /dev/null src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls:1.1 --- /dev/null Tue Jul 8 05:47:36 2014 +++ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls Tue Jul 8 05:47:36 2014 @@ -0,0 +1,12 @@ +#!/bin/sh +# +# Shell script to start the zkt-ls command +# out of the example directory +# + +if test ! -f dnssec.conf +then + echo Please start this skript out of the flat or hierarchical sub directory + exit 1 +fi +ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-ls $@ Index: src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer diff -u /dev/null src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer:1.1 --- /dev/null Tue Jul 8 05:47:36 2014 +++ src/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer Tue Jul 8 05:47:36 2014 @@ -0,0 +1,12 @@ +#!/bin/sh +# +# Shell script to start the zkt-signer +# command out of the example directory +# + +if test ! -f dnssec.conf +then + echo Please start this skript out of the flat or hierarchical sub directory + exit 1 +fi +ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-signer $@
CVS commit: src
Module Name:src Committed By: spz Date: Tue Jul 8 05:55:34 UTC 2014 Modified Files: src/distrib/sets/lists/base: ad.arm ad.mips ad.powerpc md.amd64 md.sparc64 mi shl.mi src/distrib/sets/lists/comp: ad.arm ad.mips ad.powerpc md.amd64 md.sparc64 mi shl.mi src/distrib/sets/lists/man: mi src/external/bsd/bind/bin: Makefile src/external/bsd/bind/bin/dnssec: Makefile src/external/bsd/bind/include: config.h src/external/bsd/bind/include/isc: atomic.h platform.h src/external/bsd/bind/lib: Makefile src/external/bsd/bind/lib/libisccfg: Makefile shlib_version Added Files: src/external/bsd/bind/bin/delv: Makefile src/external/bsd/bind/bin/dnssec/dnssec-importkey: Makefile src/external/bsd/bind/include/irs: netdb.h platform.h src/external/bsd/bind/lib/libirs: Makefile shlib_version Log Message: infrastructure for bind-9.10.0-P2: adding the tools delv and dnssec-importkey adding libirs to support delv To generate a diff of this commit: cvs rdiff -u -r1.46 -r1.47 src/distrib/sets/lists/base/ad.arm cvs rdiff -u -r1.42 -r1.43 src/distrib/sets/lists/base/ad.mips cvs rdiff -u -r1.11 -r1.12 src/distrib/sets/lists/base/ad.powerpc cvs rdiff -u -r1.236 -r1.237 src/distrib/sets/lists/base/md.amd64 cvs rdiff -u -r1.223 -r1.224 src/distrib/sets/lists/base/md.sparc64 cvs rdiff -u -r1.1071 -r1.1072 src/distrib/sets/lists/base/mi cvs rdiff -u -r1.705 -r1.706 src/distrib/sets/lists/base/shl.mi cvs rdiff -u -r1.56 -r1.57 src/distrib/sets/lists/comp/ad.arm cvs rdiff -u -r1.48 -r1.49 src/distrib/sets/lists/comp/ad.mips cvs rdiff -u -r1.69 -r1.70 src/distrib/sets/lists/comp/ad.powerpc cvs rdiff -u -r1.221 -r1.222 src/distrib/sets/lists/comp/md.amd64 cvs rdiff -u -r1.184 -r1.185 src/distrib/sets/lists/comp/md.sparc64 cvs rdiff -u -r1.1896 -r1.1897 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.264 -r1.265 src/distrib/sets/lists/comp/shl.mi cvs rdiff -u -r1.1477 -r1.1478 src/distrib/sets/lists/man/mi cvs rdiff -u -r1.4 -r1.5 src/external/bsd/bind/bin/Makefile cvs rdiff -u -r0 -r1.1 src/external/bsd/bind/bin/delv/Makefile cvs rdiff -u -r1.3 -r1.4 src/external/bsd/bind/bin/dnssec/Makefile cvs rdiff -u -r0 -r1.1 \ src/external/bsd/bind/bin/dnssec/dnssec-importkey/Makefile cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/include/config.h cvs rdiff -u -r0 -r1.1 src/external/bsd/bind/include/irs/netdb.h \ src/external/bsd/bind/include/irs/platform.h cvs rdiff -u -r1.3 -r1.4 src/external/bsd/bind/include/isc/atomic.h cvs rdiff -u -r1.15 -r1.16 src/external/bsd/bind/include/isc/platform.h cvs rdiff -u -r1.2 -r1.3 src/external/bsd/bind/lib/Makefile cvs rdiff -u -r0 -r1.1 src/external/bsd/bind/lib/libirs/Makefile \ src/external/bsd/bind/lib/libirs/shlib_version cvs rdiff -u -r1.2 -r1.3 src/external/bsd/bind/lib/libisccfg/Makefile cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/lib/libisccfg/shlib_version Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/base/ad.arm diff -u src/distrib/sets/lists/base/ad.arm:1.46 src/distrib/sets/lists/base/ad.arm:1.47 --- src/distrib/sets/lists/base/ad.arm:1.46 Wed Jun 18 17:50:14 2014 +++ src/distrib/sets/lists/base/ad.arm Tue Jul 8 05:55:33 2014 @@ -1,4 +1,4 @@ -# $NetBSD: ad.arm,v 1.46 2014/06/18 17:50:14 christos Exp $ +# $NetBSD: ad.arm,v 1.47 2014/07/08 05:55:33 spz Exp $ ./lib/oabi base-compat-shlib compat ./lib/oabi/npf base-npf-shlib compat ./lib/oabi/npf/ext_log.so base-npf-shlib compat,pic @@ -163,12 +163,15 @@ ./usr/lib/oabi/libintl.so.1.0 base-compat-shlib compat,pic ./usr/lib/oabi/libipsec.so.3 base-compat-shlib compat,pic ./usr/lib/oabi/libipsec.so.3.0 base-compat-shlib compat,pic +./usr/lib/oabi/libirs.so.8 base-compat-shlib compat,pic +./usr/lib/oabi/libirs.so.8.0 base-compat-shlib compat,pic ./usr/lib/oabi/libisc.so.8 base-compat-shlib compat,pic ./usr/lib/oabi/libisc.so.8.0 base-compat-shlib compat,pic ./usr/lib/oabi/libisccc.so.8 base-compat-shlib compat,pic ./usr/lib/oabi/libisccc.so.8.0 base-compat-shlib compat,pic ./usr/lib/oabi/libisccfg.so.8 base-compat-shlib compat,pic -./usr/lib/oabi/libisccfg.so.8.0 base-compat-shlib compat,pic +./usr/lib/oabi/libisccfg.so.8.1 base-compat-shlib compat,pic +./usr/lib/oabi/libisccfg.so.8.0 base-compat-shlib obsolete ./usr/lib/oabi/libiscsi.so.2 base-compat-shlib compat,pic,iscsi ./usr/lib/oabi/libiscsi.so.2.0 base-compat-shlib compat,pic,iscsi ./usr/lib/oabi/libisns.so.0 base-compat-shlib compat,pic Index: src/distrib/sets/lists/base/ad.mips diff -u src/distrib/sets/lists/base/ad.mips:1.42 src/distrib/sets/lists/base/ad.mips:1.43 --- src/distrib/sets/lists/base/ad.mips:1.42 Wed Jun 18 17:50:14 2014 +++ src/distrib/sets/lists/base/ad.mips Tue Jul 8 05:55:33 2014 @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips,v 1.42 2014/06/18 17:50:14
CVS commit: src/lib/libc/citrus
Module Name:src
Committed By: spz
Date: Tue Jun 24 22:24:18 UTC 2014
Modified Files:
src/lib/libc/citrus: citrus_prop.c citrus_prop.h
src/lib/libc/citrus/modules: citrus_big5.c citrus_hz.c
Log Message:
Fix our iconv version for the issues that apply to us from CVE-2014-3951
(which are the:
- Consistently pass around context information using a simple pointer.
This fixes some dereferencing bugs in Chinese character set conversions.
- Fix Simplified Chinese character set conversions by switching around the
fields of an internal struct so it corresponds with the way variables of
this type are initialised.
part)
Patch taken from FreeBSD and mutilated to fit.
FreeBSD credits: Manuel Mausz (reporter), Tijl Coosemans (report handler)
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/lib/libc/citrus/citrus_prop.c
cvs rdiff -u -r1.5 -r1.6 src/lib/libc/citrus/citrus_prop.h
cvs rdiff -u -r1.14 -r1.15 src/lib/libc/citrus/modules/citrus_big5.c
cvs rdiff -u -r1.3 -r1.4 src/lib/libc/citrus/modules/citrus_hz.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/citrus/citrus_prop.c
diff -u src/lib/libc/citrus/citrus_prop.c:1.4 src/lib/libc/citrus/citrus_prop.c:1.5
--- src/lib/libc/citrus/citrus_prop.c:1.4 Wed Mar 30 08:22:01 2011
+++ src/lib/libc/citrus/citrus_prop.c Tue Jun 24 22:24:18 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: citrus_prop.c,v 1.4 2011/03/30 08:22:01 jruoho Exp $ */
+/* $NetBSD: citrus_prop.c,v 1.5 2014/06/24 22:24:18 spz Exp $ */
/*-
* Copyright (c)2006 Citrus Project,
@@ -29,7 +29,7 @@
#include sys/cdefs.h
#if defined(LIBC_SCCS) !defined(lint)
-__RCSID($NetBSD: citrus_prop.c,v 1.4 2011/03/30 08:22:01 jruoho Exp $);
+__RCSID($NetBSD: citrus_prop.c,v 1.5 2014/06/24 22:24:18 spz Exp $);
#endif /* LIBC_SCCS and not lint */
#include assert.h
@@ -350,7 +350,7 @@ name_found:
static int
_citrus_prop_parse_element(struct _memstream * __restrict ms,
const _citrus_prop_hint_t * __restrict hints,
- void ** __restrict context)
+ void * __restrict context)
{
int ch, errnum;
#define _CITRUS_PROP_HINT_NAME_LEN_MAX 255
@@ -459,8 +459,7 @@ _citrus_prop_parse_variable(const _citru
if (ch == EOF || ch == '\0')
break;
_memstream_ungetc(ms, ch);
- errnum = _citrus_prop_parse_element(
- ms, hints, (void **)context);
+ errnum = _citrus_prop_parse_element(ms, hints, context);
if (errnum != 0)
return errnum;
}
Index: src/lib/libc/citrus/citrus_prop.h
diff -u src/lib/libc/citrus/citrus_prop.h:1.5 src/lib/libc/citrus/citrus_prop.h:1.6
--- src/lib/libc/citrus/citrus_prop.h:1.5 Mon May 23 14:52:32 2011
+++ src/lib/libc/citrus/citrus_prop.h Tue Jun 24 22:24:18 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: citrus_prop.h,v 1.5 2011/05/23 14:52:32 joerg Exp $ */
+/* $NetBSD: citrus_prop.h,v 1.6 2014/06/24 22:24:18 spz Exp $ */
/*-
* Copyright (c)2006 Citrus Project,
@@ -41,7 +41,7 @@ typedef struct _citrus_prop_hint_t _citr
#define _CITRUS_PROP_CB0_T(_func_, _type_) \
typedef int (*_citrus_prop_##_func_##_cb_func_t) \
- (void ** __restrict, const char *, _type_); \
+ (void * __restrict, const char *, _type_); \
typedef struct { \
_citrus_prop_##_func_##_cb_func_t func; \
} _citrus_prop_##_func_##_cb_t;
@@ -51,7 +51,7 @@ _CITRUS_PROP_CB0_T(str, const char *)
#define _CITRUS_PROP_CB1_T(_func_, _type_) \
typedef int (*_citrus_prop_##_func_##_cb_func_t) \
- (void ** __restrict, const char *, _type_, _type_); \
+ (void * __restrict, const char *, _type_, _type_); \
typedef struct { \
_citrus_prop_##_func_##_cb_func_t func; \
} _citrus_prop_##_func_##_cb_t;
Index: src/lib/libc/citrus/modules/citrus_big5.c
diff -u src/lib/libc/citrus/modules/citrus_big5.c:1.14 src/lib/libc/citrus/modules/citrus_big5.c:1.15
--- src/lib/libc/citrus/modules/citrus_big5.c:1.14 Tue May 28 16:57:56 2013
+++ src/lib/libc/citrus/modules/citrus_big5.c Tue Jun 24 22:24:18 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: citrus_big5.c,v 1.14 2013/05/28 16:57:56 joerg Exp $ */
+/* $NetBSD: citrus_big5.c,v 1.15 2014/06/24 22:24:18 spz Exp $ */
/*-
* Copyright (c)2002, 2006 Citrus Project,
@@ -60,7 +60,7 @@
#include sys/cdefs.h
#if defined(LIBC_SCCS) !defined(lint)
-__RCSID($NetBSD: citrus_big5.c,v 1.14 2013/05/28 16:57:56 joerg Exp $);
+__RCSID($NetBSD: citrus_big5.c,v 1.15 2014/06/24 22:24:18 spz Exp $);
#endif /* LIBC_SCCS and not lint */
#include sys/queue.h
@@ -192,18 +192,18 @@ _citrus_BIG5_check_excludes(_BIG5Encodin
}
static int
-_citrus_BIG5_fill_rowcol(void ** __restrict ctx, const char * __restrict s,
+_citrus_BIG5_fill_rowcol(void * __restrict ctx, const char * __restrict s,
uint64_t start, uint64_t end)
{
_BIG5EncodingInfo *ei;
int i;
uint64_t n;
- _DIAGASSERT(ctx != NULL *ctx != NULL);
+ _DIAGASSERT(ctx != NULL);
if (start 0xFF || end 0xFF)
return EINVAL;
- ei = (_BIG5EncodingInfo *)*ctx;
+ ei = (_BIG5EncodingInfo *)ctx;
i =
CVS commit: src/external/bsd/openpam/dist/lib
Module Name:src
Committed By: spz
Date: Tue Jun 17 07:08:47 UTC 2014
Modified Files:
src/external/bsd/openpam/dist/lib: openpam_configure.c
Log Message:
make sure we have a log message at the appropriate level (error) on
why pam is failing in the case of an included pam config file missing.
example: instead of logging with the default log settings:
Jun 17 08:49:37 tucana su: pam_start failed: system error
it will log:
Jun 17 08:55:49 tucana su: in openpam_parse_chain(): failed loading include for
service gibbetnich in /etc/pam.d/su(15): No such file or directory
Jun 17 08:55:49 tucana su: pam_start failed: system error
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 \
src/external/bsd/openpam/dist/lib/openpam_configure.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/openpam/dist/lib/openpam_configure.c
diff -u src/external/bsd/openpam/dist/lib/openpam_configure.c:1.9 src/external/bsd/openpam/dist/lib/openpam_configure.c:1.10
--- src/external/bsd/openpam/dist/lib/openpam_configure.c:1.9 Tue Jun 3 20:22:54 2014
+++ src/external/bsd/openpam/dist/lib/openpam_configure.c Tue Jun 17 07:08:47 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: openpam_configure.c,v 1.9 2014/06/03 20:22:54 christos Exp $ */
+/* $NetBSD: openpam_configure.c,v 1.10 2014/06/17 07:08:47 spz Exp $ */
/*-
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
@@ -229,8 +229,19 @@ openpam_parse_chain(pam_handle_t *pamh,
* outer loop does not just ignore the
* error and keep searching.
*/
-if (errno == ENOENT)
+if (errno == ENOENT) {
+ /*
+ * we're failing load, make sure
+ * there's a log message of severity
+ * higher than debug
+ */
+ openpam_log(PAM_LOG_ERROR,
+ failed loading include for service
+ %s in %s(%d): %s,
+ servicename, filename, lineno,
+ strerror(errno));
errno = EINVAL;
+}
goto fail;
}
continue;
CVS commit: src/sys/net/npf
Module Name:src Committed By: spz Date: Sun Jun 8 12:12:56 UTC 2014 Modified Files: src/sys/net/npf: npf_alg_icmp.c Log Message: fix typo in comment To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/sys/net/npf/npf_alg_icmp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/npf/npf_alg_icmp.c diff -u src/sys/net/npf/npf_alg_icmp.c:1.20 src/sys/net/npf/npf_alg_icmp.c:1.21 --- src/sys/net/npf/npf_alg_icmp.c:1.20 Wed Feb 19 03:51:31 2014 +++ src/sys/net/npf/npf_alg_icmp.c Sun Jun 8 12:12:56 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_alg_icmp.c,v 1.20 2014/02/19 03:51:31 rmind Exp $ */ +/* $NetBSD: npf_alg_icmp.c,v 1.21 2014/06/08 12:12:56 spz Exp $ */ /*- * Copyright (c) 2010 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: npf_alg_icmp.c,v 1.20 2014/02/19 03:51:31 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: npf_alg_icmp.c,v 1.21 2014/06/08 12:12:56 spz Exp $); #include sys/param.h #include sys/module.h @@ -66,7 +66,7 @@ MODULE(MODULE_CLASS_MISC, npf_alg_icmp, static npf_alg_t * alg_icmp __read_mostly; /* - * npfa_icmp_match: matching insperctor determines ALG case and associates + * npfa_icmp_match: matching inspector determines ALG case and associates * our ALG with the NAT entry. */ static bool
CVS commit: src/share/examples/npf
Module Name:src
Committed By: spz
Date: Sat May 31 11:54:37 UTC 2014
Modified Files:
src/share/examples/npf: host-npf.conf
Log Message:
example for port remapping added
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/share/examples/npf/host-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/npf/host-npf.conf
diff -u src/share/examples/npf/host-npf.conf:1.6 src/share/examples/npf/host-npf.conf:1.7
--- src/share/examples/npf/host-npf.conf:1.6 Sat Feb 8 01:32:19 2014
+++ src/share/examples/npf/host-npf.conf Sat May 31 11:54:37 2014
@@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.6 2014/02/08 01:32:19 rmind Exp $
+# $NetBSD: host-npf.conf,v 1.7 2014/05/31 11:54:37 spz Exp $
#
# this is an example of NPF rules for a host (i.e., not routing) with
# two network interfaces, wired and wifi
@@ -31,6 +31,10 @@ procedure log {
log: npflog0
}
+# make a service running on a high port on 127.0.0.1 available on $wired_if
+# see also the pass rules below
+map $wired_if dynamic 127.0.0.1 port 8080 - $wired_v4 port 80
+
group wired on $wired_if {
# not being picky about our own address here
@@ -45,6 +49,11 @@ group wired on $wired_if {
pass in final family inet6 proto tcp to $wired_v6 port ssh
+ # the port mapping
+ # Note the filter sees packets before translation
+ pass in final family inet4 proto tcp from any to $wired_v4 port 80
+ pass out final family inet4 proto tcp from 127.0.0.1 port 8080 to any
+
pass in final family inet4 proto tcp flags S/SA \
from $backupsrv_v4 to $wired_v4 port $backup_port
pass in final family inet4 proto udp \
CVS commit: src/share/examples/npf
Module Name:src
Committed By: spz
Date: Sat May 31 12:33:14 UTC 2014
Modified Files:
src/share/examples/npf: l2tp_gw-npf.conf
Log Message:
- match up comment and interface identifiers
- use RFC5737 documentation prefixes
- use a variable for the RFC1918 private address ranges
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/share/examples/npf/l2tp_gw-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/npf/l2tp_gw-npf.conf
diff -u src/share/examples/npf/l2tp_gw-npf.conf:1.4 src/share/examples/npf/l2tp_gw-npf.conf:1.5
--- src/share/examples/npf/l2tp_gw-npf.conf:1.4 Tue May 27 23:34:43 2014
+++ src/share/examples/npf/l2tp_gw-npf.conf Sat May 31 12:33:14 2014
@@ -1,17 +1,19 @@
# ex0 - (internal) network interface
-# 192.168.2.254/24
-# hme0 - (external) connection to Two Sigma
-# 74.66.0.142/24
+# 192.0.2.254/24
+# hme0 - (external) connection to Peer
+# 198.51.100.142/24
-$int_if = sk0
-$ext_if = bge0
+$int_if = ex0
+$ext_if = hme0
+
+$private_addr = { 10.0.0.0/8, 172.16.0.0/14, 192.168.0.0/16 }
alg icmp
#
# NAT for all.
#
-map $ext_if dynamic 192.168.1.0/24 - inet4($ext_if)
+map $ext_if dynamic 192.0.2.0/24 - inet4($ext_if)
#table 1 type tree file /etc/npf_problem_sites
@@ -37,20 +39,15 @@ group external on $ext_if {
#
# Block IANA-reserved addresses from entering or exiting
#
- block in final from 10.0.0.0/8 apply log
- block in final from 172.16.0.0/12 apply log
- block in final from 192.168.0.0/16 apply log
- #
- block out final to 10.0.0.0/8 apply log
- block out final to 172.16.0.0/12 apply log
- block out final to 192.168.0.0/16 apply log
+ block in final from $private_addr apply log
+ block out final to $private_addr apply log
#
pass stateful out final proto tcp all
pass stateful out final proto udp all
pass stateful out final proto icmp all
pass stateful out final proto ipv6-icmp all
- block in final proto tcp to 192.168.2.255 apply log
+ block in final proto tcp to 192.0.2.255 apply log
#
# Prevent IP spoofing attacks on the firewall.
CVS commit: xsrc
Module Name:xsrc
Committed By: spz
Date: Tue May 13 15:17:33 UTC 2014
Modified Files:
xsrc/external/mit/libXfont/dist/src/fc: fsconvert.c fserve.c
xsrc/external/mit/libXfont/dist/src/fontfile: dirfile.c
xsrc/xfree/xc/lib/font/fc: fsconvert.c fserve.c
xsrc/xfree/xc/lib/font/fontfile: dirfile.c
Log Message:
Fix multiple vulnerabilities in libXfont:
- CVE-2014-0209: integer overflow of allocations in font metadata file parsing
When a local user who is already authenticated to the X server adds
a new directory to the font path, the X server calls libXfont to open
the fonts.dir and fonts.alias files in that directory and add entries
to the font tables for every line in it. A large file (~2-4 gb) could
cause the allocations to overflow, and allow the remaining data read
from the file to overwrite other memory in the heap.
Affected functions: FontFileAddEntry(), lexAlias()
- CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
When parsing replies received from the font server, these calls do not
check that the lengths and/or indexes returned by the font server are
within the size of the reply or the bounds of the memory allocated to
store the data, so could write past the bounds of allocated memory when
storing the returned data.
Affected functions: _fs_recv_conn_setup(), fs_read_open_font(),
fs_read_query_info(), fs_read_extent_info(), fs_read_glyphs(),
fs_read_list(), fs_read_list_info()
- CVE-2014-0211: integer overflows calculating memory needs for xfs replies
These calls do not check that their calculations for how much memory
is needed to handle the returned data have not overflowed, so can
result in allocating too little memory and then writing the returned
data past the end of the allocated buffer.
Affected functions: fs_get_reply(), fs_alloc_glyphs(),
fs_read_extent_info()
See also: http://lists.x.org/archives/xorg-announce/2014-May/002431.html
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3 -r1.2 \
xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c \
xsrc/external/mit/libXfont/dist/src/fc/fserve.c
cvs rdiff -u -r1.1.1.3 -r1.2 \
xsrc/external/mit/libXfont/dist/src/fontfile/dirfile.c
cvs rdiff -u -r1.4 -r1.5 xsrc/xfree/xc/lib/font/fc/fsconvert.c \
xsrc/xfree/xc/lib/font/fc/fserve.c
cvs rdiff -u -r1.4 -r1.5 xsrc/xfree/xc/lib/font/fontfile/dirfile.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c
diff -u xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c:1.1.1.3 xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c:1.2
--- xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c:1.1.1.3 Fri May 31 01:08:57 2013
+++ xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c Tue May 13 15:17:33 2014
@@ -118,6 +118,10 @@ _fs_convert_props(fsPropInfo *pi, fsProp
for (i = 0; i nprops; i++, dprop++, is_str++)
{
memcpy(local_off, off_adr, SIZEOF(fsPropOffset));
+ if ((local_off.name.position = pi-data_len) ||
+ (local_off.name.length
+ (pi-data_len - local_off.name.position)))
+ goto bail;
dprop-name = MakeAtom(pdc[local_off.name.position],
local_off.name.length, 1);
if (local_off.type != PropTypeString) {
@@ -125,10 +129,15 @@ _fs_convert_props(fsPropInfo *pi, fsProp
dprop-value = local_off.value.position;
} else {
*is_str = TRUE;
+ if ((local_off.name.position = pi-data_len) ||
+ (local_off.name.length
+ (pi-data_len - local_off.name.position)))
+ goto bail;
dprop-value = (INT32) MakeAtom(pdc[local_off.value.position],
local_off.value.length, 1);
if (dprop-value == BAD_RESOURCE)
{
+ bail:
free (pfi-props);
pfi-nprops = 0;
pfi-props = 0;
@@ -712,7 +721,12 @@ fs_alloc_glyphs (FontPtr pFont, int size
FSGlyphPtr glyphs;
FSFontPtr fsfont = (FSFontPtr) pFont-fontPrivate;
-glyphs = malloc (sizeof (FSGlyphRec) + size);
+if (size (INT_MAX - sizeof (FSGlyphRec)))
+ glyphs = malloc (sizeof (FSGlyphRec) + size);
+else
+glyphs = NULL;
+if (glyphs == NULL)
+return NULL;
glyphs-next = fsfont-glyphs;
fsfont-glyphs = glyphs;
return (pointer) (glyphs + 1);
Index: xsrc/external/mit/libXfont/dist/src/fc/fserve.c
diff -u xsrc/external/mit/libXfont/dist/src/fc/fserve.c:1.1.1.3 xsrc/external/mit/libXfont/dist/src/fc/fserve.c:1.2
--- xsrc/external/mit/libXfont/dist/src/fc/fserve.c:1.1.1.3 Fri May 31 01:08:57 2013
+++ xsrc/external/mit/libXfont/dist/src/fc/fserve.c Tue May 13 15:17:33 2014
@@ -70,6 +70,7 @@ in this Software without prior written a
#include fservestr.h
#include X11/fonts/fontutil.h
#include errno.h
+#includelimits.h
#include time.h
#define Time_t time_t
@@ -91,6 +92,15 @@ in this Software without prior
CVS commit: src/external/bsd/bind/dist
Module Name:src
Committed By: spz
Date: Tue Jan 14 08:03:07 UTC 2014
Modified Files:
src/external/bsd/bind/dist: version
src/external/bsd/bind/dist/bin/named: query.c
Log Message:
a fix by ISC for CVE-2014-0591:
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/bind/dist/version
cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/bin/named/query.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/bind/dist/version
diff -u src/external/bsd/bind/dist/version:1.7 src/external/bsd/bind/dist/version:1.8
--- src/external/bsd/bind/dist/version:1.7 Tue Dec 31 20:24:38 2013
+++ src/external/bsd/bind/dist/version Tue Jan 14 08:03:07 2014
@@ -4,10 +4,10 @@
# configure.
#
PRODUCT=BIND
-DESCRIPTION=(Extended Support Version)
+DESCRIPTION=(Development release)
MAJORVER=9
MINORVER=9
PATCHVER=5
RELEASETYPE=b
RELEASEVER=1
-EXTENSIONS=
+EXTENSIONS=nb1
Index: src/external/bsd/bind/dist/bin/named/query.c
diff -u src/external/bsd/bind/dist/bin/named/query.c:1.12 src/external/bsd/bind/dist/bin/named/query.c:1.13
--- src/external/bsd/bind/dist/bin/named/query.c:1.12 Tue Dec 31 20:24:39 2013
+++ src/external/bsd/bind/dist/bin/named/query.c Tue Jan 14 08:03:07 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: query.c,v 1.12 2013/12/31 20:24:39 christos Exp $ */
+/* $NetBSD: query.c,v 1.13 2014/01/14 08:03:07 spz Exp $ */
/*
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. (ISC)
@@ -5263,8 +5263,7 @@ query_findclosestnsec3(dns_name_t *qname
dns_fixedname_t fixed;
dns_hash_t hash;
dns_name_t name;
- int order;
- unsigned int count;
+ unsigned int skip = 0, labels;
dns_rdata_nsec3_t nsec3;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_boolean_t optout;
@@ -5279,6 +5278,7 @@ query_findclosestnsec3(dns_name_t *qname
dns_name_init(name, NULL);
dns_name_clone(qname, name);
+ labels = dns_name_countlabels(name);
dns_clientinfomethods_init(cm, ns_client_sourceip);
dns_clientinfo_init(ci, client);
@@ -5312,13 +5312,14 @@ query_findclosestnsec3(dns_name_t *qname
dns_rdata_reset(rdata);
optout = ISC_TF((nsec3.flags DNS_NSEC3FLAG_OPTOUT) != 0);
if (found != NULL optout
- dns_name_fullcompare(name, dns_db_origin(db), order,
- count) == dns_namereln_subdomain) {
+ dns_name_issubdomain(name, dns_db_origin(db)))
+ {
dns_rdataset_disassociate(rdataset);
if (dns_rdataset_isassociated(sigrdataset))
dns_rdataset_disassociate(sigrdataset);
- count = dns_name_countlabels(name) - 1;
- dns_name_getlabelsequence(name, 1, count, name);
+ skip++;
+ dns_name_getlabelsequence(qname, skip, labels - skip,
+ name);
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
looking for closest provable encloser);
@@ -5336,7 +5337,11 @@ query_findclosestnsec3(dns_name_t *qname
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
expected covering NSEC3, got an exact match);
- if (found != NULL)
+ if (found == qname) {
+ if (skip != 0U)
+ dns_name_getlabelsequence(qname, skip, labels - skip,
+ found);
+ } else if (found != NULL)
dns_name_copy(name, found, NULL);
return;
}
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src
Committed By: spz
Date: Sun Dec 15 10:42:52 UTC 2013
Modified Files:
src/crypto/external/bsd/openssh/dist: servconf.c
Log Message:
Coverity issues 996120 and 996121, Use after free
Use the M_CP_STROPT definition exclusive to servconf.c twice and
you have freed your original string.
servconf.h won copying authorized_keys_command and
authorized_keys_command_user in COPY_MATCH_STRING_OPTS in 1.107,
but servconf.c didn't drop its own, so it walks into this trap.
Remove the duplicate copies, and disarm the trap.
Note this is on a code path where authorized_keys_command and
authorized_keys_command_user don't actually get used except
for a debug dump of the config, and dump_cfg_string protects
itself against trying to print NULL pointers, so all
you get is sshd -T -C ... giving wrong results, which is rather
insignificant as far as security issues go.
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/servconf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.13 src/crypto/external/bsd/openssh/dist/servconf.c:1.14
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.13 Fri Nov 8 19:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/servconf.c Sun Dec 15 10:42:52 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: servconf.c,v 1.13 2013/11/08 19:18:25 christos Exp $ */
+/* $NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $ */
/* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland
@@ -12,7 +12,7 @@
*/
#include includes.h
-__RCSID($NetBSD: servconf.c,v 1.13 2013/11/08 19:18:25 christos Exp $);
+__RCSID($NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $);
#include sys/types.h
#include sys/socket.h
#include sys/queue.h
@@ -2012,7 +2012,7 @@ int server_match_spec_complete(struct co
dst-n = src-n; \
} while (0)
#define M_CP_STROPT(n) do {\
- if (src-n != NULL) { \
+ if (src-n != NULL dst-n != src-n) { \
free(dst-n); \
dst-n = src-n; \
} \
@@ -2043,8 +2043,6 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(hostbased_uses_name_from_packet_only);
M_CP_INTOPT(kbd_interactive_authentication);
M_CP_INTOPT(zero_knowledge_password_authentication);
- M_CP_STROPT(authorized_keys_command);
- M_CP_STROPT(authorized_keys_command_user);
M_CP_INTOPT(permit_root_login);
M_CP_INTOPT(permit_empty_passwd);
CVS commit: src/bin/cat
Module Name:src
Committed By: spz
Date: Sun Dec 8 08:32:13 UTC 2013
Modified Files:
src/bin/cat: cat.c
Log Message:
more complete fix for Coverity issue 976653
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 src/bin/cat/cat.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/bin/cat/cat.c
diff -u src/bin/cat/cat.c:1.53 src/bin/cat/cat.c:1.54
--- src/bin/cat/cat.c:1.53 Tue Dec 3 17:06:51 2013
+++ src/bin/cat/cat.c Sun Dec 8 08:32:13 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: cat.c,v 1.53 2013/12/03 17:06:51 spz Exp $ */
+/* $NetBSD: cat.c,v 1.54 2013/12/08 08:32:13 spz Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -44,7 +44,7 @@ __COPYRIGHT(
#if 0
static char sccsid[] = @(#)cat.c 8.2 (Berkeley) 4/27/95;
#else
-__RCSID($NetBSD: cat.c,v 1.53 2013/12/03 17:06:51 spz Exp $);
+__RCSID($NetBSD: cat.c,v 1.54 2013/12/08 08:32:13 spz Exp $);
#endif
#endif /* not lint */
@@ -279,10 +279,11 @@ skipnomsg:
continue;
}
filename = *argv++;
+ } else if (fd 0) {
+ err(EXIT_FAILURE, stdin);
}
raw_cat(fd);
- /* fd 0 would be cuter but let's priorize human-readability */
- if (fd = 0 fd != fileno(stdin))
+ if (fd != fileno(stdin))
(void)close(fd);
} while (*argv);
}
CVS commit: src/bin/cat
Module Name:src
Committed By: spz
Date: Tue Dec 3 17:06:52 UTC 2013
Modified Files:
src/bin/cat: cat.c
Log Message:
Coverity complaint fixes:
bin/cat/cat.c 976654 Argument cannot be negative
(missing check for fileno result, stdout)
bin/cat/cat.c 976653 Improper use of negative value
(missing check for fileno result, stdin)
To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.53 src/bin/cat/cat.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/bin/cat/cat.c
diff -u src/bin/cat/cat.c:1.52 src/bin/cat/cat.c:1.53
--- src/bin/cat/cat.c:1.52 Mon Nov 19 19:41:31 2012
+++ src/bin/cat/cat.c Tue Dec 3 17:06:51 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: cat.c,v 1.52 2012/11/19 19:41:31 christos Exp $ */
+/* $NetBSD: cat.c,v 1.53 2013/12/03 17:06:51 spz Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -44,7 +44,7 @@ __COPYRIGHT(
#if 0
static char sccsid[] = @(#)cat.c 8.2 (Berkeley) 4/27/95;
#else
-__RCSID($NetBSD: cat.c,v 1.52 2012/11/19 19:41:31 christos Exp $);
+__RCSID($NetBSD: cat.c,v 1.53 2013/12/03 17:06:51 spz Exp $);
#endif
#endif /* not lint */
@@ -250,9 +250,11 @@ raw_args(char **argv)
filename = stdin;
do {
if (*argv) {
- if (!strcmp(*argv, -))
+ if (!strcmp(*argv, -)) {
fd = fileno(stdin);
- else if (fflag) {
+if (fd 0)
+ goto skip;
+ } else if (fflag) {
struct stat st;
fd = open(*argv, O_RDONLY|O_NONBLOCK, 0);
if (fd 0)
@@ -279,7 +281,8 @@ skipnomsg:
filename = *argv++;
}
raw_cat(fd);
- if (fd != fileno(stdin))
+ /* fd 0 would be cuter but let's priorize human-readability */
+ if (fd = 0 fd != fileno(stdin))
(void)close(fd);
} while (*argv);
}
@@ -294,6 +297,8 @@ raw_cat(int rfd)
int wfd;
wfd = fileno(stdout);
+ if (wfd 0)
+ err(EXIT_FAILURE, stdout);
if (buf == NULL) {
struct stat sbuf;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: spz Date: Tue Dec 3 17:14:35 UTC 2013 Modified Files: src/crypto/external/bsd/openssh/dist: monitor.c Log Message: Coverity fix: 979928 Use after free debug3 line moved to before one of its arguments is freed To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/monitor.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor.c diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.11 src/crypto/external/bsd/openssh/dist/monitor.c:1.12 --- src/crypto/external/bsd/openssh/dist/monitor.c:1.11 Fri Nov 8 19:18:25 2013 +++ src/crypto/external/bsd/openssh/dist/monitor.c Tue Dec 3 17:14:35 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor.c,v 1.11 2013/11/08 19:18:25 christos Exp $ */ +/* $NetBSD: monitor.c,v 1.12 2013/12/03 17:14:35 spz Exp $ */ /* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */ /* * Copyright 2002 Niels Provos pro...@citi.umich.edu @@ -27,7 +27,7 @@ */ #include includes.h -__RCSID($NetBSD: monitor.c,v 1.11 2013/11/08 19:18:25 christos Exp $); +__RCSID($NetBSD: monitor.c,v 1.12 2013/12/03 17:14:35 spz Exp $); #include sys/types.h #include sys/wait.h #include sys/socket.h @@ -1181,6 +1181,9 @@ mm_answer_keyallowed(int sock, Buffer *m break; } } + debug3(%s: key %p is %s, + __func__, key, allowed ? allowed : not allowed); + if (key != NULL) key_free(key); @@ -1202,9 +1205,6 @@ mm_answer_keyallowed(int sock, Buffer *m free(chost); } - debug3(%s: key %p is %s, - __func__, key, allowed ? allowed : not allowed); - buffer_clear(m); buffer_put_int(m, allowed); buffer_put_int(m, forced_command != NULL);
CVS commit: src/etc
Module Name:src
Committed By: spz
Date: Wed Nov 6 19:30:20 UTC 2013
Modified Files:
src/etc: security
Log Message:
having more than one line with the same group name and gid is not only
allowed, it's even recommended for groups with lots of members, so
do not warn about duplicate group name lines if the gid is the same
To generate a diff of this commit:
cvs rdiff -u -r1.113 -r1.114 src/etc/security
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/security
diff -u src/etc/security:1.113 src/etc/security:1.114
--- src/etc/security:1.113 Sun Sep 8 08:19:40 2013
+++ src/etc/security Wed Nov 6 19:30:20 2013
@@ -1,6 +1,6 @@
#!/bin/sh -
#
-# $NetBSD: security,v 1.113 2013/09/08 08:19:40 prlw1 Exp $
+# $NetBSD: security,v 1.114 2013/11/06 19:30:20 spz Exp $
# from: @(#)security 8.1 (Berkeley) 6/9/93
#
@@ -337,9 +337,16 @@ if checkyesno check_group; then
fi
awk -F: '{ print $1 }' $GRP | sort | uniq -d $OUTPUT
- if [ -s $OUTPUT ] ; then
+ dupgroups=
+ for group in $(cat $OUTPUT) ; do
+ gcount=$(awk -F: /$group/ { print \$1,\$3 } $GRP | sort -u | wc -l)
+ if [ $gcount -gt 1 ]; then
+ dupgroups=$dupgroups $group
+ fi
+ done
+ if [ ! -z $dupgroups ] ; then
printf \n$GRP has duplicate group names.\n
- column $OUTPUT
+ printf $dupgroups\n
fi
fi
CVS commit: src
Module Name:src
Committed By: spz
Date: Wed Nov 6 19:37:06 UTC 2013
Modified Files:
src/etc: security
src/etc/defaults: security.conf
src/share/man/man5: security.conf.5
Log Message:
Introduce a variable for security.conf, default empty, to list users
whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can
make security shut up about my uucp users.
Fixes the second half of PR misc/36063
To generate a diff of this commit:
cvs rdiff -u -r1.114 -r1.115 src/etc/security
cvs rdiff -u -r1.25 -r1.26 src/etc/defaults/security.conf
cvs rdiff -u -r1.39 -r1.40 src/share/man/man5/security.conf.5
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/security
diff -u src/etc/security:1.114 src/etc/security:1.115
--- src/etc/security:1.114 Wed Nov 6 19:30:20 2013
+++ src/etc/security Wed Nov 6 19:37:05 2013
@@ -1,6 +1,6 @@
#!/bin/sh -
#
-# $NetBSD: security,v 1.114 2013/11/06 19:30:20 spz Exp $
+# $NetBSD: security,v 1.115 2013/11/06 19:37:05 spz Exp $
# from: @(#)security 8.1 (Berkeley) 6/9/93
#
@@ -529,8 +529,13 @@ if checkyesno check_homes; then
printf -- $uid $file\n
fi
done $MPBYPATH |
- awk -v usergroups=$permit_usergroups '
- $1 != $4 $4 != root \
+ awk -v usergroups=$permit_usergroups \
+-v permit_owners_list=$check_homes_permit_other_owner '
+ BEGIN {
+ split(permit_owners_list, a);
+ for (i in a) permit_owners[a[i]]++;
+ }
+ $1 != $4 $4 != root !permit_owners[$1] \
{ print user $1 home directory is owned by $4 }
$2 ~ /^dw/ (!usergroups || $5 != $1) \
{ print user $1 home directory is group writable }
@@ -552,8 +557,13 @@ if checkyesno check_homes; then
fi
done
done $MPBYPATH |
- awk -v usergroups=$permit_usergroups '
- $1 != $5 $5 != root \
+ awk -v usergroups=$permit_usergroups \
+-v permit_owners_list=$check_homes_permit_other_owner '
+ BEGIN {
+ split(permit_owners_list, a);
+ for (i in a) permit_owners[a[i]]++;
+ }
+ $1 != $5 $5 != root !permit_owners[$1] \
{ print user $1 $2 file is owned by $5 }
$3 ~ /^-...r/ (!usergroups || $6 != $1) \
{ print user $1 $2 file is group readable }
@@ -581,8 +591,13 @@ if checkyesno check_homes; then
fi
done
done $MPBYPATH |
- awk -v usergroups=$permit_usergroups '
- $1 != $5 $5 != root \
+ awk -v usergroups=$permit_usergroups \
+-v permit_owners_list=$check_homes_permit_other_owner '
+ BEGIN {
+ split(permit_owners_list, a);
+ for (i in a) permit_owners[a[i]]++;
+ }
+ $1 != $5 $5 != root !permit_owners[$1] \
{ print user $1 $2 file is owned by $5 }
$3 ~ /^-w/ (!usergroups || $6 != $1) \
{ print user $1 $2 file is group writable }
Index: src/etc/defaults/security.conf
diff -u src/etc/defaults/security.conf:1.25 src/etc/defaults/security.conf:1.26
--- src/etc/defaults/security.conf:1.25 Wed May 1 05:36:25 2013
+++ src/etc/defaults/security.conf Wed Nov 6 19:37:05 2013
@@ -1,4 +1,4 @@
-# $NetBSD: security.conf,v 1.25 2013/05/01 05:36:25 agc Exp $
+# $NetBSD: security.conf,v 1.26 2013/11/06 19:37:05 spz Exp $
#
# /etc/defaults/security.conf --
# default configuration of /etc/security.conf
@@ -32,6 +32,7 @@ backup_uses_rcs=YES
diff_options=-u
check_homes_permit_usergroups=NO
+check_homes_permit_other_owner=
check_devices_ignore_fstypes=!local fdesc kernfs null procfs ptyfs ntfs msdos
check_devices_ignore_paths=
Index: src/share/man/man5/security.conf.5
diff -u src/share/man/man5/security.conf.5:1.39 src/share/man/man5/security.conf.5:1.40
--- src/share/man/man5/security.conf.5:1.39 Thu Apr 5 09:15:56 2012
+++ src/share/man/man5/security.conf.5 Wed Nov 6 19:37:06 2013
@@ -1,4 +1,4 @@
-.\ $NetBSD: security.conf.5,v 1.39 2012/04/05 09:15:56 wiz Exp $
+.\ $NetBSD: security.conf.5,v 1.40 2013/11/06 19:37:06 spz Exp $
.\
.\ Copyright (c) 1996 Matthew R. Green
.\ All rights reserved.
@@ -171,6 +171,11 @@ During the
.Sy check_homes
phase, allow the checked files to be group-writable if the group name is
the same as the username.
+.It Sy check_homes_permit_other_owner
+During the
+.Sy check_homes
+phase, allow the home directory and files of the listed users to be owned
+by a different user.
.It Sy check_devices_ignore_fstypes
Lists filesystem types to ignore during the
.Sy check_devices
CVS commit: xsrc
Module Name:xsrc
Committed By: spz
Date: Tue Oct 8 21:25:51 UTC 2013
Modified Files:
xsrc/external/mit/xorg-server/dist/dix: dixfonts.c
xsrc/xfree/xc/programs/Xserver/dix: dixfonts.c
Log Message:
Fix CVE-2013-4396 using a patch from:
--- snip ---
From a4d9bf1259ad28f54b6d59a480b2009cc89ca623 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith alan.coopersm...@oracle.com
Date: Mon, 16 Sep 2013 21:47:16 -0700
Subject: [PATCH] Avoid use-after-free in dix/dixfonts.c: doImageText()
Save a pointer to the passed in closure structure before copying it
and overwriting the *c pointer to point to our copy instead of the
original. If we hit an error, once we free(c), reset c to point to
the original structure before jumping to the cleanup code that
references *c.
Since one of the errors being checked for is whether the server was
able to malloc(c-nChars * itemSize), the client can potentially pass
a number of characters chosen to cause the malloc to fail and the
error path to be taken, resulting in the read from freed memory.
Since the memory is accessed almost immediately afterwards, and the
X server is mostly single threaded, the odds of the free memory having
invalid contents are low with most malloc implementations when not using
memory debugging features, but some allocators will definitely overwrite
the memory there, leading to a likely crash.
Reported-by: Pedro Ribeiro ped...@gmail.com
Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com
Reviewed-by: Julien Cristau jcris...@debian.org
--- snip ---
the patch is shifted but otherwise applies. mrg@ to test (thanks)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.6 -r1.2 \
xsrc/external/mit/xorg-server/dist/dix/dixfonts.c
cvs rdiff -u -r1.3 -r1.4 xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: xsrc/external/mit/xorg-server/dist/dix/dixfonts.c
diff -u xsrc/external/mit/xorg-server/dist/dix/dixfonts.c:1.1.1.6 xsrc/external/mit/xorg-server/dist/dix/dixfonts.c:1.2
--- xsrc/external/mit/xorg-server/dist/dix/dixfonts.c:1.1.1.6 Mon Jun 3 07:34:19 2013
+++ xsrc/external/mit/xorg-server/dist/dix/dixfonts.c Tue Oct 8 21:25:50 2013
@@ -1479,6 +1479,7 @@ doImageText(ClientPtr client, ITclosureP
GC *pGC;
unsigned char *data;
ITclosurePtr new_closure;
+ITclosurePtr old_closure;
/* We're putting the client to sleep. We need to
save some state. Similar problem to that handled
@@ -1491,6 +1492,7 @@ doImageText(ClientPtr client, ITclosureP
err = BadAlloc;
goto bail;
}
+old_closure = c;
*new_closure = *c;
c = new_closure;
@@ -1498,6 +1500,7 @@ doImageText(ClientPtr client, ITclosureP
if (!data)
{
free(c);
+c = old_closure;
err = BadAlloc;
goto bail;
}
@@ -1509,6 +1512,7 @@ doImageText(ClientPtr client, ITclosureP
{
free(c-data);
free(c);
+c = old_closure;
err = BadAlloc;
goto bail;
}
@@ -1522,6 +1526,7 @@ doImageText(ClientPtr client, ITclosureP
FreeScratchGC(pGC);
free(c-data);
free(c);
+c = old_closure;
err = BadAlloc;
goto bail;
}
Index: xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c
diff -u xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c:1.3 xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c:1.4
--- xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c:1.3 Fri May 27 21:29:26 2011
+++ xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c Tue Oct 8 21:25:51 2013
@@ -1544,6 +1544,7 @@ doImageText(client, c)
GC *pGC;
unsigned char *data;
ITclosurePtr new_closure;
+ ITclosurePtr old_closure;
/* We're putting the client to sleep. We need to
save some state. Similar problem to that handled
@@ -1556,6 +1557,7 @@ doImageText(client, c)
err = BadAlloc;
goto bail;
}
+old_closure = c;
*new_closure = *c;
c = new_closure;
@@ -1563,6 +1565,7 @@ doImageText(client, c)
if (!data)
{
xfree(c);
+c = old_closure;
err = BadAlloc;
goto bail;
}
@@ -1574,6 +1577,7 @@ doImageText(client, c)
{
xfree(c-data);
xfree(c);
+c = old_closure;
err = BadAlloc;
goto bail;
}
@@ -1587,6 +1591,7 @@ doImageText(client, c)
FreeScratchGC(pGC);
xfree(c-data);
xfree(c);
+c = old_closure;
err = BadAlloc;
goto bail;
}
CVS commit: src/share/examples/npf
Module Name:src
Committed By: spz
Date: Fri Sep 20 17:51:04 UTC 2013
Modified Files:
src/share/examples/npf: host-npf.conf l2tp_gw-npf.conf soho_gw-npf.conf
Log Message:
track syntax change in npf.conf regarding group
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/share/examples/npf/host-npf.conf \
src/share/examples/npf/soho_gw-npf.conf
cvs rdiff -u -r1.1 -r1.2 src/share/examples/npf/l2tp_gw-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/npf/host-npf.conf
diff -u src/share/examples/npf/host-npf.conf:1.4 src/share/examples/npf/host-npf.conf:1.5
--- src/share/examples/npf/host-npf.conf:1.4 Sun Dec 9 22:12:26 2012
+++ src/share/examples/npf/host-npf.conf Fri Sep 20 17:51:04 2013
@@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.4 2012/12/09 22:12:26 rmind Exp $
+# $NetBSD: host-npf.conf,v 1.5 2013/09/20 17:51:04 spz Exp $
#
# this is an example of NPF rules for a host (i.e., not routing) with
# two network interfaces, wired and wifi
@@ -31,7 +31,7 @@ procedure log {
log: npflog0
}
-group (name wired, interface $wired_if) {
+group wired on $wired_if {
# not being picky about our own address here
pass in final family inet6 proto ipv6-icmp all
@@ -74,7 +74,7 @@ group (name wired, interface $wired_if
}
-group (name wifi, interface $wifi_if) {
+group wifi on $wifi_if {
# linklocal
pass in final family inet6 proto ipv6-icmp to fe80::/10
pass out final family inet6 proto ipv6-icmp from fe80::/10
@@ -116,7 +116,7 @@ group (name wifi, interface $wifi_if)
pass stateful out final family inet from $wifi_v4
}
-group (default) {
+group default {
pass final on lo0 all
block all apply log
}
Index: src/share/examples/npf/soho_gw-npf.conf
diff -u src/share/examples/npf/soho_gw-npf.conf:1.4 src/share/examples/npf/soho_gw-npf.conf:1.5
--- src/share/examples/npf/soho_gw-npf.conf:1.4 Sun Dec 9 22:12:26 2012
+++ src/share/examples/npf/soho_gw-npf.conf Fri Sep 20 17:51:04 2013
@@ -1,4 +1,4 @@
-# $NetBSD: soho_gw-npf.conf,v 1.4 2012/12/09 22:12:26 rmind Exp $
+# $NetBSD: soho_gw-npf.conf,v 1.5 2013/09/20 17:51:04 spz Exp $
#
# SOHO border
#
@@ -34,7 +34,7 @@ procedure log {
log: npflog0
}
-group (name external, interface $ext_if) {
+group external on $ext_if {
pass stateful out final all
block in final from 1
@@ -49,13 +49,13 @@ group (name external, interface $ext_i
pass stateful in final proto udp to $ext_addrs port 33434-33600
}
-group (name internal, interface $int_if) {
+group internal on $int_if {
block in all
pass in final from 2
pass out final all
}
-group (default) {
+group default {
pass final on lo0 all
block all
}
Index: src/share/examples/npf/l2tp_gw-npf.conf
diff -u src/share/examples/npf/l2tp_gw-npf.conf:1.1 src/share/examples/npf/l2tp_gw-npf.conf:1.2
--- src/share/examples/npf/l2tp_gw-npf.conf:1.1 Wed Jun 26 21:36:39 2013
+++ src/share/examples/npf/l2tp_gw-npf.conf Fri Sep 20 17:51:04 2013
@@ -19,7 +19,7 @@ procedure log {
log: npflog0
}
-group (name external, interface $ext_if) {
+group external on $ext_if {
#
# Allow DHCP requests (even to reserved addresses).
#
@@ -127,13 +127,13 @@ group (name external, interface $ext_i
block return-rst in final proto tcp flags S/SA all apply log
}
-group (name internal, interface $int_if) {
+group internal on $int_if {
# Pass everything to internal networks,
# should be ok, because we are nat'ed.
pass final all
}
-group (default) {
+group default {
# Loopback interface should allows packets to traverse it.
pass final on lo0 all
# For one L2TP tunnel, needs interface pre-created, post-destroyed
CVS commit: src
Module Name:src
Committed By: spz
Date: Thu Aug 8 20:00:20 UTC 2013
Modified Files:
src: UPDATING
src/doc: CHANGES
Log Message:
add hints about FAST_IPSEC no longer being around
To generate a diff of this commit:
cvs rdiff -u -r1.246 -r1.247 src/UPDATING
cvs rdiff -u -r1.1841 -r1.1842 src/doc/CHANGES
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/UPDATING
diff -u src/UPDATING:1.246 src/UPDATING:1.247
--- src/UPDATING:1.246 Wed Jun 5 21:59:59 2013
+++ src/UPDATING Thu Aug 8 20:00:20 2013
@@ -1,4 +1,4 @@
-$NetBSD: UPDATING,v 1.246 2013/06/05 21:59:59 martin Exp $
+$NetBSD: UPDATING,v 1.247 2013/08/08 20:00:20 spz Exp $
This file (UPDATING) is intended to be a brief reference to recent
changes that might cause problems in the build process, and a guide for
@@ -17,6 +17,10 @@ Recent changes:
^^^
20130605:
+ The kernel option FAST_IPSEC no longer exists, it's been renamed
+ to IPSEC (and the older IPSEC version removed).
+
+20130605:
Previous freetype installations eroneously installed private
header files. If you are building against a non-empty $DESTDIR,
please remove ${DESTDIR}//usr/X11R7/include/freetype2/freetype/.
Index: src/doc/CHANGES
diff -u src/doc/CHANGES:1.1841 src/doc/CHANGES:1.1842
--- src/doc/CHANGES:1.1841 Mon Aug 5 18:47:58 2013
+++ src/doc/CHANGES Thu Aug 8 20:00:20 2013
@@ -1,4 +1,4 @@
-# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1841 $
+# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1842 $
#
#
# [Note: This file does not mention every change made to the NetBSD source tree.
@@ -273,3 +273,5 @@ Changes from NetBSD 6.0 to NetBSD 7.0:
makefs(8): Added UDF support for makefs(8). It allows for the creation
of images for both read-only, rewritable or recordable media.
[reinoud 20130805]
+ ipsec(4): FAST_IPSEC is now named IPSEC, old IPSEC is gone.
+ [christos 20130605]
CVS commit: src/doc
Module Name:src Committed By: spz Date: Thu Aug 8 21:09:49 UTC 2013 Modified Files: src/doc: CHANGES Log Message: resort entry about ipsec kernel option change so it's chronologically fitting To generate a diff of this commit: cvs rdiff -u -r1.1842 -r1.1843 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.1842 src/doc/CHANGES:1.1843 --- src/doc/CHANGES:1.1842 Thu Aug 8 20:00:20 2013 +++ src/doc/CHANGES Thu Aug 8 21:09:49 2013 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1842 $ +# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1843 $ # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -249,6 +249,8 @@ Changes from NetBSD 6.0 to NetBSD 7.0: wm(4): Add support for I217 and I218 [msaitoh 20130602] X11: Updated all Xorg packages that could be, for Xorg SA 2003-05-23, and general. [mrg 20130605] + ipsec(4): FAST_IPSEC is now named IPSEC, old IPSEC is gone. + [christos 20130605] kernel: Add driver soekrisgpio for Soekris net6501 Ported by kardel@ from a patch for OpenBSD. [kardel 20130609] cgfourteen: both kernel and Xorg driver now support hardware @@ -273,5 +275,3 @@ Changes from NetBSD 6.0 to NetBSD 7.0: makefs(8): Added UDF support for makefs(8). It allows for the creation of images for both read-only, rewritable or recordable media. [reinoud 20130805] - ipsec(4): FAST_IPSEC is now named IPSEC, old IPSEC is gone. - [christos 20130605]
CVS commit: src/sys/kern
Module Name:src Committed By: spz Date: Fri Aug 2 20:00:33 UTC 2013 Modified Files: src/sys/kern: uipc_socket.c Log Message: Fix an inversion in checking for authorization to drop TCP connections found (and the obvious fix suggested) by Sander Bos. To generate a diff of this commit: cvs rdiff -u -r1.215 -r1.216 src/sys/kern/uipc_socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_socket.c diff -u src/sys/kern/uipc_socket.c:1.215 src/sys/kern/uipc_socket.c:1.216 --- src/sys/kern/uipc_socket.c:1.215 Mon Apr 8 21:12:33 2013 +++ src/sys/kern/uipc_socket.c Fri Aug 2 20:00:33 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_socket.c,v 1.215 2013/04/08 21:12:33 skrll Exp $ */ +/* $NetBSD: uipc_socket.c,v 1.216 2013/08/02 20:00:33 spz Exp $ */ /*- * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.215 2013/04/08 21:12:33 skrll Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.216 2013/08/02 20:00:33 spz Exp $); #include opt_compat_netbsd.h #include opt_sock_counters.h @@ -416,7 +416,7 @@ socket_listener_cb(kauth_cred_t cred, ka /* Normal users can only drop their own connections. */ struct socket *so = (struct socket *)arg1; - if (proc_uidmatch(cred, so-so_cred)) + if (proc_uidmatch(cred, so-so_cred) == 0) result = KAUTH_RESULT_ALLOW; break;
CVS commit: xsrc/external/mit/xterm/include
Module Name:xsrc Committed By: spz Date: Thu Jul 11 20:02:25 UTC 2013 Modified Files: xsrc/external/mit/xterm/include: xtermcfg.h Log Message: enable defines that make xterm able to do UTF-8 if instructed by its environment to do UTF-8. That means: env LC_CTYPE=en_US.UTF-8 xterm for example will get you an xterm that will take UTF-8 input and display it correctly, provided it finds a fitting UTF-8 font. Note that with this version of xterm, -u8 doesn't actually have an effect any more, but -lc has. xterm will record the locale settings it has been started with in the environment variable XTERM_LOCALE. It is probably a good idea to have at least the encoding part of LC_CTYPE and XTERM_LOCALE match. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 xsrc/external/mit/xterm/include/xtermcfg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/xterm/include/xtermcfg.h diff -u xsrc/external/mit/xterm/include/xtermcfg.h:1.5 xsrc/external/mit/xterm/include/xtermcfg.h:1.6 --- xsrc/external/mit/xterm/include/xtermcfg.h:1.5 Fri May 31 21:48:11 2013 +++ xsrc/external/mit/xterm/include/xtermcfg.h Thu Jul 11 20:02:24 2013 @@ -108,7 +108,7 @@ #define HAVE_XKBKEYCODETOKEYSYM 1 /* AC_CHECK_FUNCS(XkbKeycodeToKeysym) */ #define HAVE_XKBQUERYEXTENSION 1 /* AC_CHECK_FUNCS(XkbQueryExtension) */ #define HAVE_XKB_BELL_EXT 1 /* CF_XKB_BELL_EXT */ -/* #undef LUIT_PATH */ /* CF_ARG_ENABLE(luit) */ +#define LUIT_PATH /usr/X11R7/bin/luit /* CF_ARG_ENABLE(luit) */ /* #undef NO_ACTIVE_ICON */ /* CF_ARG_DISABLE(active-icon) */ /* #undef NO_LEAKS */ /* CF_ARG_DISABLE(leaks) */ /* #undef OPT_256_COLORS */ /* CF_ARG_ENABLE(256-color) */ @@ -135,7 +135,7 @@ /* #undef OPT_INPUT_METHOD */ /* CF_ARG_DISABLE(input-method) */ /* #undef OPT_ISO_COLORS */ /* CF_ARG_DISABLE(ansi-color) */ /* #undef OPT_LOAD_VTFONTS */ /* CF_ARG_ENABLE(load-vt-fonts) */ -/* #undef OPT_LUIT_PROG */ /* CF_ARG_ENABLE(luit) */ +#define OPT_LUIT_PROG 1 /* CF_ARG_ENABLE(luit) */ /* #undef OPT_MAXIMIZE */ /* CF_ARG_DISABLE(maximize) */ /* #undef OPT_MINI_LUIT */ /* CF_ARG_ENABLE(mini-luit) */ /* #undef OPT_NUM_LOCK */ /* CF_ARG_DISABLE(num-lock) */ @@ -155,7 +155,7 @@ /* #undef OPT_TOOLBAR */ /* CF_ARG_ENABLE(toolbar) */ /* #undef OPT_VT52_MODE */ /* CF_ARG_DISABLE(vt52) */ /* #undef OPT_WIDER_ICHAR */ /* CF_ARG_ENABLE(16bit-chars) */ -/* #undef OPT_WIDE_CHARS */ /* CF_ARG_OPTION(wide-chars) */ +#define OPT_WIDE_CHARS 1 /* CF_ARG_OPTION(wide-chars) */ /* #undef OPT_XMC_GLITCH */ /* CF_ARG_ENABLE(xmc-glitch) */ /* #undef OPT_ZICONBEEP */ /* CF_ARG_DISABLE(ziconbeep) */ /* #undef OWN_TERMINFO_DIR */ /* AC_ARG_WITH(own-terminfo) */ @@ -178,6 +178,7 @@ /* #undef USE_UTMP_SETGID */ /* AC_ARG_WITH(utmp-setgid) */ #define UTMPX_FOR_UTMP 1 /* CF_UTMP */ #define XRENDERFONT 1 /* CF_X_FREETYPE */ +#define XFREE86_FT2 1 /* #undef cc_t */ /* CF_TYPE_CC_T */ /* #undef gid_t */ /* AC_TYPE_UID_T */ /* #undef mode_t */ /* AC_TYPE_MODE_T */
CVS commit: src/etc/ssh
Module Name:src Committed By: spz Date: Fri Jun 7 16:44:17 UTC 2013 Modified Files: src/etc/ssh: ssh_known_hosts Log Message: fix narn-names - mollari add ecdsa keys (in many cases, pre-emptive strikes) To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/etc/ssh/ssh_known_hosts Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/etc/ssh/ssh_known_hosts diff -u src/etc/ssh/ssh_known_hosts:1.7 src/etc/ssh/ssh_known_hosts:1.8 --- src/etc/ssh/ssh_known_hosts:1.7 Sun May 8 13:19:08 2011 +++ src/etc/ssh/ssh_known_hosts Fri Jun 7 16:44:17 2013 @@ -1,27 +1,51 @@ -# $NetBSD: ssh_known_hosts,v 1.7 2011/05/08 13:19:08 spz Exp $ +# $NetBSD: ssh_known_hosts,v 1.8 2013/06/07 16:44:17 spz Exp $ # anoncvs.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEA3QiBl8leG9fqIJpKeNov0PKq5YryFFiroMWOPUv4hDFn8R0jC07YVaR/OSBrr37CTmGX5AFceXPzoFnLlwCqWR7rXg4NR75FTlTp9CG9EBAEtU8mee27KDrUFBTZdfVl2+aRYoAI5fTXA+0vpIO68Cq843vRWUZCcwinS4cNLUU= +anoncvs.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAFhP4E9+oDpCQZ9yVQA7OzDF0tHnL3eykrqEt3hS+rdHXA0Ak5uCaxi2Aj2JRnAKW1JYbjQ5hyKHYZ2o6SfDimqaQBAt18nWm4CCKc20UbSgyWaH/x+O3J68j5n43MY8gHycPKcLHly2FjhDhuhHuoYODfq9GYn3okYsMu2T/i6Tg+SKw== +# cvs.netbsd.org,cvs4.netbsd.org,cvs6.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEA1b7MS3j0v6NzPr/Snh8OJTILvGLD9OA/zdrTfzQdq3doJjkLKJhD4WYj8SonaauEKuqzdJa1KVilj44GCrJBnjwbWg2BdJWLzB5YFmNgvmXwoqrl9kRyzMVk47UOxeREIipXldKajkCTc/nwa1mGrsCwVlC+TwAhWIyjyza6MOk= +cvs.netbsd.org,cvs4.netbsd.org,cvs6.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAGFloNiNSqIkMFVBUglnE9AgBI6J5cLh4hej8DZEtn4InWbFD3dxIFLvw8ZA3qLpVX/TCjFt++MEO3w5GJ2L7a2zQHGIn50E5KVcHuh9arVYRhLPqs9Vfl6ANJ6WiQ81f5k/dZ6ESI8BwqOyQY22/zTujyL8FGHvlZukNsB4iie7Wl+/Q== +# ftp.netbsd.org,ftp4.netbsd.org,ftp6.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAv+tO1aHHsW1McwHgnJ28qsXn8gH8z/61yopJzmOKuHH07zBYOnhenAcni6E0+BRavSXXIuuTDdyxEyWcTqXoR0LEVShTzAFmZS3RyzTVl7A+Fp644lNnRaJh1380H+20uZjcKSPU0IudG5J7QllMbJY9RnIBFjGLzTb4vrC8GIc= -mail.netbsd.org,homeworld.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAt8UJLhW8iou8Ack7V5XrzfCgzOkdK75+xDZePMBPg+CYDLnHbP1+KQaSrvfnvDzCvgOUXHOkGji1jbrtzDYwv7Itw0hRUo7TxR99c3bTomb9U0vWV5k4FDIyz4xJXWBJMVkKseAWAXgnc5FSdB6V/e21TAISJBl9dolhqOGVsxM= +morden.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAv+tO1aHHsW1McwHgnJ28qsXn8gH8z/61yopJzmOKuHH07zBYOnhenAcni6E0+BRavSXXIuuTDdyxEyWcTqXoR0LEVShTzAFmZS3RyzTVl7A+Fp644lNnRaJh1380H+20uZjcKSPU0IudG5J7QllMbJY9RnIBFjGLzTb4vrC8GIc= -www.netbsd.org,www4.netbsd.org,gnats.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAyBrlCbbZ2lQxWt7c9Ru0byoOktalLWKJ4t0kzWp6C2oVa+Ll1c1TO2FJb34DCZqULfSHaMmKgq647d75npk9GeXXLk8QwcX6kNl7QFnHo7GUHnHtiZAjTMbYmYOaNLi1PjwyQH+9yeRQYsGW7xejTsyK0yuRKROdCl/QU9gkB3s= +ftp.netbsd.org,ftp4.netbsd.org,ftp6.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAFp8B5B8/cosThWLYgZp0jQGIqduvJUlra4gyCCqKLnaTn44cPltjjDWp1UHRsdVjm8ka81EYSJ95ZgD8lbPE/XZwBBmisSzTVoQT+b2x7ENPz2BOAgjxX5Lljy6Z2vpky8Gtu2nNJlFtekPbAS4wyDxHuwR5SZMEYNPTWegtBcvm460A== +morden.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAFp8B5B8/cosThWLYgZp0jQGIqduvJUlra4gyCCqKLnaTn44cPltjjDWp1UHRsdVjm8ka81EYSJ95ZgD8lbPE/XZwBBmisSzTVoQT+b2x7ENPz2BOAgjxX5Lljy6Z2vpky8Gtu2nNJlFtekPbAS4wyDxHuwR5SZMEYNPTWegtBcvm460A== +# +mail.netbsd.org,homeworld.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAt8UJLhW8iou8Ack7V5XrzfCgzOkdK75+xDZePMBPg+CYDLnHbP1+KQaSrvfnvDzCvgOUXHOkGji1jbrtzDYwv7Itw0hRUo7TxR99c3bTomb9U0vWV5k4FDIyz4xJXWBJMVkKseAWAXgnc5FSdB6V/e21TAISJBl9dolhqOGVsxM= + +mail.netbsd.org,homeworld.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBADOK8FUImVH0iPCzfwBD9gT8AUELweTGWry8eBXFbxCDcOYW+4HRtUuY7OqP/sJ8tlYCNg9F+PjAIDqp72h6YgPcQH2/M/8ZXizAT7y7uCiysYxMKYbmuBHqVybaJd5rWUNL19JE6e3H+KBkwYQbf7Jrrs6RhDYMCguPmi6ppNEEEAAcQ== +# pkgbuild.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAz2c3dFuPdL75gpvwiYinwQ5jiRlfe3HvbXbMkTvpZxLFBQWTVkcDr/yd+vCiWcqVKVENX2tIvT91gPM9/iw7Wl82rxZ54jjaL0pWPL0yjSVhSFxff9pH+as5hgX4l1HjmXLB6v+MWyYVmOSpB01NfVVV2Z9+BGp3Y7i+U5pCdf0= +pkgbuild.netbsd.org ecdsa-sha2-nistp521 E2VjZHNhLXNoYTItbmlzdHA1MjEIbmlzdHA1MjEAAACFBAE7rzIErnIESapcXZJYCMmlNlS3cbeE9zbvraS0/woWexchdhVxLOi/qkfqM5U0Zkin1ooNsUfEYmaJ1k1T+LHbzAAGwZMo/aESnTEekYgBSwhHUj1EjIWeeN/bet9HJrz9Y4WGd2MOXHL88T+cUzfHLEneYrrVe6FDbAlMpSPw4OAOAQ== +# build.netbsd.org ssh-rsa B3NzaC1yc2EBIwAAAIEAzmmcuzoX0D/qDFdDJDyRgQGkUaNTEu7GdruMg1N+ajqvEoKQHQEEBrMdDbeYqCUYacHyhTRMrP6vZ27iX90rl9iS1lR2iPHp/mbnf+iV/BzdWROPvJWxp9/Am/DrYL+Idah5AYNnkC7fon9n+BeMqPDXYGYl/U+dAzp+8GHPhRc= -blog.netbsd.org,rt.netbsd.org,monitor.netbsd.org,releng.netbsd.org,wiki.netbsd.org ssh-rsa
CVS commit: src/usr.sbin/sup/source
Module Name:src Committed By: spz Date: Tue May 28 20:13:17 UTC 2013 Modified Files: src/usr.sbin/sup/source: supservers.8 Log Message: document the anon account for anonymous access fixing PR misc/5545 (the last bits thereof) To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/usr.sbin/sup/source/supservers.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/sup/source/supservers.8 diff -u src/usr.sbin/sup/source/supservers.8:1.10 src/usr.sbin/sup/source/supservers.8:1.11 --- src/usr.sbin/sup/source/supservers.8:1.10 Mon Nov 2 00:33:34 2009 +++ src/usr.sbin/sup/source/supservers.8 Tue May 28 20:13:16 2013 @@ -1,4 +1,4 @@ -.\ $NetBSD: supservers.8,v 1.10 2009/11/02 00:33:34 joerg Exp $ +.\ $NetBSD: supservers.8,v 1.11 2013/05/28 20:13:16 spz Exp $ .\ .\ Copyright (c) 1992 Carnegie Mellon University .\ All Rights Reserved. @@ -116,6 +116,13 @@ the server will listen for a network con This is useful for debugging the servers in live mode rather than as daemons. +If anonymous serving of files is desired, an account +.I anon +needs to exist. +This account should have /sbin/nologin as shell, no password, needs to be +able to read the files to be served (but not to write or to own them), and +should have as home the directory containing the files to be served. + For debugging purposes, the -P debugging ports flag can be used. It will cause the selection of an alternate, non-privileged set of TCP ports instead of the usual ports, which are reserved for the
CVS commit: src/distrib/sets/lists/debug
Module Name:src Committed By: spz Date: Mon Apr 8 18:46:02 UTC 2013 Modified Files: src/distrib/sets/lists/debug: ad.mips64eb ad.mips64el md.amd64 md.sparc64 shl.mi Log Message: refine ld.elf_so entries: don't let the old files languish, list them as obsolete. Also, md.sparc64 does get a ld.elf_so-sparc.debug installed To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/distrib/sets/lists/debug/ad.mips64eb \ src/distrib/sets/lists/debug/md.amd64 cvs rdiff -u -r1.19 -r1.20 src/distrib/sets/lists/debug/ad.mips64el \ src/distrib/sets/lists/debug/md.sparc64 \ src/distrib/sets/lists/debug/shl.mi Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/debug/ad.mips64eb diff -u src/distrib/sets/lists/debug/ad.mips64eb:1.18 src/distrib/sets/lists/debug/ad.mips64eb:1.19 --- src/distrib/sets/lists/debug/ad.mips64eb:1.18 Mon Apr 8 13:56:27 2013 +++ src/distrib/sets/lists/debug/ad.mips64eb Mon Apr 8 18:46:00 2013 @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64eb,v 1.18 2013/04/08 13:56:27 njoly Exp $ +# $NetBSD: ad.mips64eb,v 1.19 2013/04/08 18:46:00 spz Exp $ ./usr/libdata/debug/lib/64/npf/ext_log.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/lib/64/npf/ext_normalize.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/lib/64/npf/ext_rndblock.so.0.0.debug comp-npf-debug debug,compat @@ -7,6 +7,8 @@ ./usr/libdata/debug/lib/o32/npf/ext_rndblock.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/libexec/ld.elf_so-o32.debug comp-sys-debug debug ./usr/libdata/debug/libexec/ld.elf_so-64.debug comp-sys-debug debug +./usr/libdata/debug/usr/libexec/ld.elf_so-o32 comp-obsolete obsolete +./usr/libdata/debug/usr/libexec/ld.elf_so-64 comp-obsolete obsolete ./usr/libdata/debug/usr/bin/elf2aout.debug comp-obsolete obsolete ./usr/libdata/debug/usr/bin/elf2ecoff.debug comp-sysutil-debug debug ./usr/libdata/debug/usr/lib/64/i18n/libBIG5.so.5.0.debug comp-i18n-debug debug,compat Index: src/distrib/sets/lists/debug/md.amd64 diff -u src/distrib/sets/lists/debug/md.amd64:1.18 src/distrib/sets/lists/debug/md.amd64:1.19 --- src/distrib/sets/lists/debug/md.amd64:1.18 Mon Apr 8 13:56:28 2013 +++ src/distrib/sets/lists/debug/md.amd64 Mon Apr 8 18:46:01 2013 @@ -1,8 +1,9 @@ -# $NetBSD: md.amd64,v 1.18 2013/04/08 13:56:28 njoly Exp $ +# $NetBSD: md.amd64,v 1.19 2013/04/08 18:46:01 spz Exp $ ./usr/libdata/debug/lib/i386/npf/ext_log.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/lib/i386/npf/ext_normalize.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/lib/i386/npf/ext_rndblock.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/libexec/ld.elf_so-i386.debug comp-sys-debug debug +./usr/libdata/debug/usr/libexec/ld.elf_so-i386 comp-obsolete obsolete ./usr/libdata/debug/usr/bin/fdformat.debug comp-util-debug debug ./usr/libdata/debug/usr/bin/iasl.debug comp-util-debug debug ./usr/libdata/debug/usr/lib/i386/i18n/libBIG5.so.5.0.debug comp-i18n-shlib compat,pic,debug Index: src/distrib/sets/lists/debug/ad.mips64el diff -u src/distrib/sets/lists/debug/ad.mips64el:1.19 src/distrib/sets/lists/debug/ad.mips64el:1.20 --- src/distrib/sets/lists/debug/ad.mips64el:1.19 Mon Apr 8 13:56:28 2013 +++ src/distrib/sets/lists/debug/ad.mips64el Mon Apr 8 18:46:01 2013 @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64el,v 1.19 2013/04/08 13:56:28 njoly Exp $ +# $NetBSD: ad.mips64el,v 1.20 2013/04/08 18:46:01 spz Exp $ ./usr/libdata/debug/lib/64/npf/ext_log.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/lib/64/npf/ext_normalize.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/lib/64/npf/ext_rndblock.so.0.0.debug comp-npf-debug debug,compat @@ -7,6 +7,8 @@ ./usr/libdata/debug/lib/o32/npf/ext_rndblock.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/libexec/ld.elf_so-64.debug comp-sys-debug debug ./usr/libdata/debug/libexec/ld.elf_so-o32.debug comp-sys-debug debug +./usr/libdata/debug/usr/libexec/ld.elf_so-o32 comp-obsolete obsolete +./usr/libdata/debug/usr/libexec/ld.elf_so-64 comp-obsolete obsolete ./usr/libdata/debug/usr/bin/elf2aout.debug comp-obsolete obsolete ./usr/libdata/debug/usr/bin/elf2ecoff.debug comp-sysutil-debug debug ./usr/libdata/debug/usr/lib/64/i18n/libBIG5.so.5.0.debug comp-i18n-debug debug,compat Index: src/distrib/sets/lists/debug/md.sparc64 diff -u src/distrib/sets/lists/debug/md.sparc64:1.19 src/distrib/sets/lists/debug/md.sparc64:1.20 --- src/distrib/sets/lists/debug/md.sparc64:1.19 Mon Apr 8 13:56:28 2013 +++ src/distrib/sets/lists/debug/md.sparc64 Mon Apr 8 18:46:01 2013 @@ -1,9 +1,11 @@ -# $NetBSD: md.sparc64,v 1.19 2013/04/08 13:56:28 njoly Exp $ +# $NetBSD: md.sparc64,v 1.20 2013/04/08 18:46:01 spz Exp $ ./usr/libdata/debug/lib/sparc/npf/ext_log.so.0.0.debug comp-npf-debug debug,compat
CVS commit: src/distrib/sets/lists/debug
Module Name:src Committed By: spz Date: Mon Apr 8 20:08:06 UTC 2013 Modified Files: src/distrib/sets/lists/debug: md.sparc64 Log Message: as pointed out by njoly@, the ld.elf_so-sparc.debug was there, just a bit up. Keep the obsolete, drop the duplicate To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/distrib/sets/lists/debug/md.sparc64 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/debug/md.sparc64 diff -u src/distrib/sets/lists/debug/md.sparc64:1.20 src/distrib/sets/lists/debug/md.sparc64:1.21 --- src/distrib/sets/lists/debug/md.sparc64:1.20 Mon Apr 8 18:46:01 2013 +++ src/distrib/sets/lists/debug/md.sparc64 Mon Apr 8 20:08:05 2013 @@ -1,12 +1,11 @@ -# $NetBSD: md.sparc64,v 1.20 2013/04/08 18:46:01 spz Exp $ +# $NetBSD: md.sparc64,v 1.21 2013/04/08 20:08:05 spz Exp $ ./usr/libdata/debug/lib/sparc/npf/ext_log.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/lib/sparc/npf/ext_normalize.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/lib/sparc/npf/ext_rndblock.so.0.0.debug comp-npf-debug debug,compat ./usr/libdata/debug/libexec/ld.elf_so-sparc.debug comp-sys-debug debug ./usr/libdata/debug/sbin/edlabel.debug comp-sysutil-debug obsolete -./usr/libdata/debug/libexec/ld.elf_so-sparc.debug comp-sys-debug debug -./usr/libdata/debug/usr/libexec/ld.elf_so.sparc comp-obsolete obsolete ./usr/libdata/debug/usr/bin/fdformat.debug comp-util-debug debug +./usr/libdata/debug/usr/libexec/ld.elf_so.sparc comp-obsolete obsolete ./usr/libdata/debug/usr/lib/sparc/i18n/libBIG5.so.5.0.debug comp-i18n-shlib compat,pic,debug ./usr/libdata/debug/usr/lib/sparc/i18n/libDECHanyu.so.5.0.debug comp-i18n-shlib compat,pic,debug ./usr/libdata/debug/usr/lib/sparc/i18n/libEUC.so.5.0.debug comp-i18n-shlib compat,pic,debug
CVS commit: src/share/mk
Module Name:src
Committed By: spz
Date: Sat Feb 9 12:17:21 UTC 2013
Modified Files:
src/share/mk: bsd.lib.mk
Log Message:
typo in a MKDEBUGLIB part
To generate a diff of this commit:
cvs rdiff -u -r1.328 -r1.329 src/share/mk/bsd.lib.mk
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/mk/bsd.lib.mk
diff -u src/share/mk/bsd.lib.mk:1.328 src/share/mk/bsd.lib.mk:1.329
--- src/share/mk/bsd.lib.mk:1.328 Fri Feb 8 04:06:25 2013
+++ src/share/mk/bsd.lib.mk Sat Feb 9 12:17:20 2013
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.lib.mk,v 1.328 2013/02/08 04:06:25 matt Exp $
+# $NetBSD: bsd.lib.mk,v 1.329 2013/02/09 12:17:20 spz Exp $
# @(#)bsd.lib.mk 8.3 (Berkeley) 4/22/94
.include bsd.init.mk
@@ -723,7 +723,7 @@ libinstall:: ${_DEST.LIB}/${_LIB_g.a}
.PRECIOUS: ${_DEST.LIB}/${_LIB_g.a}
.if ${MKUPDATE} == no
-.if !defined(BUILD) !make(all) !make(${_LIB_g.a)
+.if !defined(BUILD) !make(all) !make(${_LIB_g.a})
${_DEST.LIB}/${_LIB_g.a}! .MADE
.endif
${_DEST.LIB}/${_LIB_g.a}! ${_LIB_g.a} __archiveinstall
CVS commit: src/usr.sbin/npf/npfctl
Module Name:src
Committed By: spz
Date: Fri Feb 1 05:40:07 UTC 2013
Modified Files:
src/usr.sbin/npf/npfctl: npf_disassemble.c npfctl.c
Log Message:
IPv6 linklocal address printing cosmetics
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/usr.sbin/npf/npfctl/npf_disassemble.c
cvs rdiff -u -r1.27 -r1.28 src/usr.sbin/npf/npfctl/npfctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/npf/npfctl/npf_disassemble.c
diff -u src/usr.sbin/npf/npfctl/npf_disassemble.c:1.13 src/usr.sbin/npf/npfctl/npf_disassemble.c:1.14
--- src/usr.sbin/npf/npfctl/npf_disassemble.c:1.13 Mon Dec 10 02:26:04 2012
+++ src/usr.sbin/npf/npfctl/npf_disassemble.c Fri Feb 1 05:40:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_disassemble.c,v 1.13 2012/12/10 02:26:04 rmind Exp $ */
+/* $NetBSD: npf_disassemble.c,v 1.14 2013/02/01 05:40:07 spz Exp $ */
/*-
* Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
* FIXME: config generation should be redesigned..
*/
#include sys/cdefs.h
-__RCSID($NetBSD: npf_disassemble.c,v 1.13 2012/12/10 02:26:04 rmind Exp $);
+__RCSID($NetBSD: npf_disassemble.c,v 1.14 2013/02/01 05:40:07 spz Exp $);
#include stdio.h
#include stdlib.h
@@ -213,6 +213,7 @@ npfctl_ncode_operand(nc_inf_t *ni, char
sin6-sin6_len = sizeof(*sin6);
sin6-sin6_family = AF_INET6;
sin6-sin6_port = 0;
+ sin6-sin6_scope_id = 0;
memcpy(sin6-sin6_addr, ni-ni_pc, sizeof(sin6-sin6_addr));
sockaddr_snprintf(buf, bufsiz, %a, (struct sockaddr *)sin6);
if (ni) {
Index: src/usr.sbin/npf/npfctl/npfctl.c
diff -u src/usr.sbin/npf/npfctl/npfctl.c:1.27 src/usr.sbin/npf/npfctl/npfctl.c:1.28
--- src/usr.sbin/npf/npfctl/npfctl.c:1.27 Mon Dec 24 19:05:46 2012
+++ src/usr.sbin/npf/npfctl/npfctl.c Fri Feb 1 05:40:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npfctl.c,v 1.27 2012/12/24 19:05:46 rmind Exp $ */
+/* $NetBSD: npfctl.c,v 1.28 2013/02/01 05:40:07 spz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include sys/cdefs.h
-__RCSID($NetBSD: npfctl.c,v 1.27 2012/12/24 19:05:46 rmind Exp $);
+__RCSID($NetBSD: npfctl.c,v 1.28 2013/02/01 05:40:07 spz Exp $);
#include sys/ioctl.h
#include sys/stat.h
@@ -236,6 +236,7 @@ npfctl_print_addrmask(int alen, npf_addr
sin6-sin6_len = sizeof(*sin6);
sin6-sin6_family = AF_INET6;
sin6-sin6_port = 0;
+ sin6-sin6_scope_id = 0;
memcpy(sin6-sin6_addr, addr, sizeof(sin6-sin6_addr));
break;
}
CVS commit: src/sys/conf
Module Name:src Committed By: spz Date: Tue Jan 1 00:01:23 UTC 2013 Modified Files: src/sys/conf: copyright Log Message: Happy 2013 everybody To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/sys/conf/copyright Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/conf/copyright diff -u src/sys/conf/copyright:1.10 src/sys/conf/copyright:1.11 --- src/sys/conf/copyright:1.10 Sun Jan 1 00:00:30 2012 +++ src/sys/conf/copyright Tue Jan 1 00:01:23 2013 @@ -1,5 +1,5 @@ Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, -2006, 2007, 2008, 2009, 2010, 2011, 2012 +2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 The NetBSD Foundation, Inc. All rights reserved. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved.
CVS commit: src
Module Name:src Committed By: spz Date: Tue Dec 18 22:45:14 UTC 2012 Modified Files: src/distrib/sets/lists/base: ad.mips64eb ad.mips64el md.amd64 md.sparc64 src/distrib/sets/lists/comp: ad.mips64eb ad.mips64el md.amd64 md.sparc64 shl.mi src/etc/mtree: NetBSD.dist.mips64eb NetBSD.dist.mips64el NetBSD.dist.sparc64 NetBSD.dist.x86_64 Log Message: add entries built for MKDEBUG and MKDEBUGLIB to the set lists Thanks to Hisashi T Fujinaka ht...@twofifty.com for pointing out the gap. To generate a diff of this commit: cvs rdiff -u -r1.107 -r1.108 src/distrib/sets/lists/base/ad.mips64eb \ src/distrib/sets/lists/base/ad.mips64el cvs rdiff -u -r1.183 -r1.184 src/distrib/sets/lists/base/md.amd64 cvs rdiff -u -r1.172 -r1.173 src/distrib/sets/lists/base/md.sparc64 cvs rdiff -u -r1.95 -r1.96 src/distrib/sets/lists/comp/ad.mips64eb cvs rdiff -u -r1.97 -r1.98 src/distrib/sets/lists/comp/ad.mips64el cvs rdiff -u -r1.185 -r1.186 src/distrib/sets/lists/comp/md.amd64 cvs rdiff -u -r1.162 -r1.163 src/distrib/sets/lists/comp/md.sparc64 cvs rdiff -u -r1.242 -r1.243 src/distrib/sets/lists/comp/shl.mi cvs rdiff -u -r1.4 -r1.5 src/etc/mtree/NetBSD.dist.mips64eb \ src/etc/mtree/NetBSD.dist.sparc64 src/etc/mtree/NetBSD.dist.x86_64 cvs rdiff -u -r1.5 -r1.6 src/etc/mtree/NetBSD.dist.mips64el Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/base/ad.mips64eb diff -u src/distrib/sets/lists/base/ad.mips64eb:1.107 src/distrib/sets/lists/base/ad.mips64eb:1.108 --- src/distrib/sets/lists/base/ad.mips64eb:1.107 Wed Dec 12 17:47:57 2012 +++ src/distrib/sets/lists/base/ad.mips64eb Tue Dec 18 22:45:12 2012 @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64eb,v 1.107 2012/12/12 17:47:57 christos Exp $ +# $NetBSD: ad.mips64eb,v 1.108 2012/12/18 22:45:12 spz Exp $ ./libexec/ld.elf_so-64base-compat-shlib compat,pic ./libexec/ld.elf_so-o32base-sysutil-bin compat,pic ./usr/lib/64 base-compat-lib @@ -641,8 +641,10 @@ ./usr/lib/o32/security/pam_unix.so.3 base-compat-shlib compat,pic,pam ./usr/libdata/debug/usr/lib/64 base-compat-lib compat ./usr/libdata/debug/usr/lib/64/i18n base-compat-lib compat +./usr/libdata/debug/usr/lib/64/npf base-compat-lib compat ./usr/libdata/debug/usr/lib/o32 base-compat-lib compat ./usr/libdata/debug/usr/lib/o32/i18n base-compat-lib compat +./usr/libdata/debug/usr/lib/o32/npf base-compat-lib compat ./usr/libexec/ld.elf_so-64 base-compat-shlib compat,pic ./usr/libexec/ld.elf_so-o32 base-sysutil-bin compat,pic ./usr/lkm/ldscriptbase-obsolete obsolete Index: src/distrib/sets/lists/base/ad.mips64el diff -u src/distrib/sets/lists/base/ad.mips64el:1.107 src/distrib/sets/lists/base/ad.mips64el:1.108 --- src/distrib/sets/lists/base/ad.mips64el:1.107 Wed Dec 12 17:47:58 2012 +++ src/distrib/sets/lists/base/ad.mips64el Tue Dec 18 22:45:12 2012 @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64el,v 1.107 2012/12/12 17:47:58 christos Exp $ +# $NetBSD: ad.mips64el,v 1.108 2012/12/18 22:45:12 spz Exp $ ./libexec/ld.elf_so-64base-compat-shlib compat,pic ./libexec/ld.elf_so-o32base-sysutil-bin compat,pic ./usr/lib/64 base-compat-lib @@ -641,8 +641,10 @@ ./usr/lib/o32/security/pam_unix.so.3 base-compat-shlib compat,pic,pam ./usr/libdata/debug/usr/lib/64 base-compat-lib compat ./usr/libdata/debug/usr/lib/64/i18n base-compat-lib compat +./usr/libdata/debug/usr/lib/64/npf base-compat-lib compat ./usr/libdata/debug/usr/lib/o32 base-compat-lib compat ./usr/libdata/debug/usr/lib/o32/i18n base-compat-lib compat +./usr/libdata/debug/usr/lib/o32/npf base-compat-lib compat ./usr/libexec/ld.elf_so-64 base-compat-shlib compat,pic ./usr/libexec/ld.elf_so-o32 base-sysutil-bin compat,pic ./usr/lkm/ldscriptbase-obsolete obsolete Index: src/distrib/sets/lists/base/md.amd64 diff -u src/distrib/sets/lists/base/md.amd64:1.183 src/distrib/sets/lists/base/md.amd64:1.184 --- src/distrib/sets/lists/base/md.amd64:1.183 Wed Dec 12 17:47:58 2012 +++ src/distrib/sets/lists/base/md.amd64 Tue Dec 18 22:45:12 2012 @@ -1,4 +1,4 @@ -# $NetBSD: md.amd64,v 1.183 2012/12/12 17:47:58 christos Exp $ +# $NetBSD: md.amd64,v 1.184 2012/12/18 22:45:12 spz Exp $ ./dev/lms0 base-obsolete obsolete ./dev/mms0 base-obsolete obsolete ./libexec/ld.elf_so-i386 base-sys-shlib compat,pic @@ -331,6 +331,7 @@ ./usr/lib/libx86_64.so.0.0 base-sys-shlib pic ./usr/libdata/debug/usr/lib/i386 base-compat-lib compat ./usr/libdata/debug/usr/lib/i386/i18n base-compat-lib compat +./usr/libdata/debug/usr/lib/i386/npf base-compat-lib compat ./usr/libexec/ld.elf_so-i386 base-sys-shlib compat,pic ./usr/lkm/aps.o base-obsolete obsolete ./usr/lkm/compat_linux.o base-obsolete obsolete Index: src/distrib/sets/lists/base/md.sparc64 diff -u src/distrib/sets/lists/base/md.sparc64:1.172
CVS commit: src
Module Name:src Committed By: spz Date: Sun Dec 9 22:06:21 UTC 2012 Modified Files: src/distrib/sets/lists/base: ad.mips64eb ad.mips64el md.amd64 md.sparc64 src/etc/mtree: NetBSD.dist.mips64eb NetBSD.dist.mips64el NetBSD.dist.sparc64 NetBSD.dist.x86_64 src/lib/npf/ext_log: Makefile src/lib/npf/ext_normalise: Makefile Log Message: Make the compat libs of npf extension shared libraries go to the compat directories instead of overwriting the arch native libs. Also, make sure the compat directories get created. Tested on amd64. To generate a diff of this commit: cvs rdiff -u -r1.104 -r1.105 src/distrib/sets/lists/base/ad.mips64eb \ src/distrib/sets/lists/base/ad.mips64el cvs rdiff -u -r1.180 -r1.181 src/distrib/sets/lists/base/md.amd64 cvs rdiff -u -r1.169 -r1.170 src/distrib/sets/lists/base/md.sparc64 cvs rdiff -u -r1.3 -r1.4 src/etc/mtree/NetBSD.dist.mips64eb \ src/etc/mtree/NetBSD.dist.sparc64 src/etc/mtree/NetBSD.dist.x86_64 cvs rdiff -u -r1.4 -r1.5 src/etc/mtree/NetBSD.dist.mips64el cvs rdiff -u -r1.1 -r1.2 src/lib/npf/ext_log/Makefile cvs rdiff -u -r1.1 -r1.2 src/lib/npf/ext_normalise/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/base/ad.mips64eb diff -u src/distrib/sets/lists/base/ad.mips64eb:1.104 src/distrib/sets/lists/base/ad.mips64eb:1.105 --- src/distrib/sets/lists/base/ad.mips64eb:1.104 Tue Dec 4 23:38:57 2012 +++ src/distrib/sets/lists/base/ad.mips64eb Sun Dec 9 22:06:21 2012 @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64eb,v 1.104 2012/12/04 23:38:57 spz Exp $ +# $NetBSD: ad.mips64eb,v 1.105 2012/12/09 22:06:21 spz Exp $ ./libexec/ld.elf_so-64base-compat-shlib compat,pic ./libexec/ld.elf_so-o32base-sysutil-bin compat,pic ./usr/lib/64 base-compat-lib @@ -290,6 +290,13 @@ ./usr/lib/64/lua/5.1base-compat-shlib compat ./usr/lib/64/lua/5.1/gpio.so base-compat-shlib compat,pic ./usr/lib/64/lua/5.1/sqlite.so base-compat-shlib compat,pic +./usr/lib/64/npfbase-npf-shlib compat +./usr/lib/64/npf/ext_log.so base-npf-shlib compat,pic +./usr/lib/64/npf/ext_log.so.0 base-npf-shlib compat,pic +./usr/lib/64/npf/ext_log.so.0.0 base-npf-shlib compat,pic +./usr/lib/64/npf/ext_normalise.so base-npf-shlib compat,pic +./usr/lib/64/npf/ext_normalise.so.0 base-npf-shlib compat,pic +./usr/lib/64/npf/ext_normalise.so.0.0 base-npf-shlib compat,pic ./usr/lib/64/securitybase-compat-shlib ./usr/lib/64/security/pam_afslog.so.3 base-compat-shlib compat,pic,kerberos,pam ./usr/lib/64/security/pam_chroot.so.3 base-compat-shlib compat,pic,pam @@ -596,6 +603,13 @@ ./usr/lib/o32/lua/5.1base-compat-shlib compat ./usr/lib/o32/lua/5.1/gpio.so base-compat-shlib compat,pic ./usr/lib/o32/lua/5.1/sqlite.so base-compat-shlib compat,pic +./usr/lib/o32/npfbase-npf-shlib compat +./usr/lib/o32/npf/ext_log.so base-npf-shlib compat,pic +./usr/lib/o32/npf/ext_log.so.0 base-npf-shlib compat,pic +./usr/lib/o32/npf/ext_log.so.0.0 base-npf-shlib compat,pic +./usr/lib/o32/npf/ext_normalise.so base-npf-shlib compat,pic +./usr/lib/o32/npf/ext_normalise.so.0 base-npf-shlib compat,pic +./usr/lib/o32/npf/ext_normalise.so.0.0 base-npf-shlib compat,pic ./usr/lib/o32/securitybase-compat-shlib ./usr/lib/o32/security/pam_afslog.so.3 base-compat-shlib compat,pic,kerberos,pam ./usr/lib/o32/security/pam_chroot.so.3 base-compat-shlib compat,pic,pam Index: src/distrib/sets/lists/base/ad.mips64el diff -u src/distrib/sets/lists/base/ad.mips64el:1.104 src/distrib/sets/lists/base/ad.mips64el:1.105 --- src/distrib/sets/lists/base/ad.mips64el:1.104 Tue Dec 4 23:38:57 2012 +++ src/distrib/sets/lists/base/ad.mips64el Sun Dec 9 22:06:21 2012 @@ -1,4 +1,4 @@ -# $NetBSD: ad.mips64el,v 1.104 2012/12/04 23:38:57 spz Exp $ +# $NetBSD: ad.mips64el,v 1.105 2012/12/09 22:06:21 spz Exp $ ./libexec/ld.elf_so-64base-compat-shlib compat,pic ./libexec/ld.elf_so-o32base-sysutil-bin compat,pic ./usr/lib/64 base-compat-lib @@ -290,6 +290,13 @@ ./usr/lib/64/lua/5.1base-compat-shlib compat ./usr/lib/64/lua/5.1/gpio.so base-compat-shlib compat,pic ./usr/lib/64/lua/5.1/sqlite.so base-compat-shlib compat,pic +./usr/lib/64/npfbase-npf-shlib compat +./usr/lib/64/npf/ext_log.so base-npf-shlib compat,pic +./usr/lib/64/npf/ext_log.so.0 base-npf-shlib compat,pic +./usr/lib/64/npf/ext_log.so.0.0 base-npf-shlib compat,pic +./usr/lib/64/npf/ext_normalise.so base-npf-shlib compat,pic +./usr/lib/64/npf/ext_normalise.so.0 base-npf-shlib compat,pic +./usr/lib/64/npf/ext_normalise.so.0.0 base-npf-shlib compat,pic ./usr/lib/64/securitybase-compat-shlib ./usr/lib/64/security/pam_afslog.so.3 base-compat-shlib compat,pic,kerberos,pam ./usr/lib/64/security/pam_chroot.so.3 base-compat-shlib compat,pic,pam @@ -596,6 +603,13 @@ ./usr/lib/o32/lua/5.1base-compat-shlib
CVS commit: src/doc
Module Name:src Committed By: spz Date: Wed Dec 5 08:57:53 UTC 2012 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: note the bind update To generate a diff of this commit: cvs rdiff -u -r1.983 -r1.984 src/doc/3RDPARTY cvs rdiff -u -r1.1761 -r1.1762 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.983 src/doc/3RDPARTY:1.984 --- src/doc/3RDPARTY:1.983 Wed Nov 28 09:43:16 2012 +++ src/doc/3RDPARTY Wed Dec 5 08:57:53 2012 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.983 2012/11/28 09:43:16 wiz Exp $ +# $NetBSD: 3RDPARTY,v 1.984 2012/12/05 08:57:53 spz Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -110,8 +110,8 @@ Notes: bc includes dc, both of which are in the NetBSD tree. Package: bind [named and utils] -Version: 9.9.1-P2 -Current Vers: 9.9.1-P2 +Version: 9.9.2-P1 +Current Vers: 9.9.2-P1 Maintainer: Paul Vixie vi...@vix.com Archive Site: ftp://ftp.isc.org/isc/bind9/ Home Page: http://www.isc.org/software/bind/ Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.1761 src/doc/CHANGES:1.1762 --- src/doc/CHANGES:1.1761 Mon Nov 26 00:23:53 2012 +++ src/doc/CHANGES Wed Dec 5 08:57:53 2012 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1761 $ +# LIST OF CHANGES FROM LAST RELEASE: $Revision: 1.1762 $ # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -145,3 +145,5 @@ Changes from NetBSD 6.0 to NetBSD 7.0: xsurf(4): Add X-Surf IDE controller support. [rkujawa 20121119] z3rambd(4): Add driver for Zorro III RAM boards as block devices. [rkujawa 20121126] + bind: update to 9.9.2-P1 to fix the DNS64 vulnerability. + [spz 20121204]
CVS commit: src/share/examples/npf
Module Name:src
Committed By: spz
Date: Tue Dec 4 18:48:33 UTC 2012
Modified Files:
src/share/examples/npf: host-npf.conf soho_gw-npf.conf
Log Message:
adjust to current npf.conf syntax
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/share/examples/npf/host-npf.conf \
src/share/examples/npf/soho_gw-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/npf/host-npf.conf
diff -u src/share/examples/npf/host-npf.conf:1.2 src/share/examples/npf/host-npf.conf:1.3
--- src/share/examples/npf/host-npf.conf:1.2 Wed Aug 22 06:45:17 2012
+++ src/share/examples/npf/host-npf.conf Tue Dec 4 18:48:32 2012
@@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.2 2012/08/22 06:45:17 spz Exp $
+# $NetBSD: host-npf.conf,v 1.3 2012/12/04 18:48:32 spz Exp $
#
# this is an example of NPF rules for a host (i.e., not routing) with
# two network interfaces, wired and wifi
@@ -7,7 +7,12 @@
# it also does IPSEC on the wifi
#
$wired_if = wm0
+$wired_v4 = { inet4(wm0) }
+$wired_v6 = { inet6(wm0) }
+
$wifi_if = iwn0
+$wifi_v4 = { inet4(iwn0) }
+$wifi_v6 = { inet6(iwn0) }
$dhcpserver = { 198.51.100.1 }
@@ -37,38 +42,38 @@ group (name wired, interface $wired_if
pass in final family inet proto icmp all
pass in final family inet proto tcp \
- from $dhcpserver port bootps to $wired_if port bootpc
+ from $dhcpserver port bootps to $wired_v4 port bootpc
pass in final family inet proto udp \
- from $dhcpserver port bootps to $wired_if port bootpc
+ from $dhcpserver port bootps to $wired_v4 port bootpc
- pass in final family inet6 proto tcp to $wired_if port ssh
+ pass in final family inet6 proto tcp to $wired_v6 port ssh
pass in final family inet proto tcp flags S/SA \
- from $backupsrv_v4 to $wired_if port $backup_port
+ from $backupsrv_v4 to $wired_v4 port $backup_port
pass in final family inet proto udp \
- from $backupsrv_v4 to $wired_if port $backup_port
+ from $backupsrv_v4 to $wired_v4 port $backup_port
pass in final family inet6 proto tcp flags S/SA \
- from $backupsrv_v6 to $wired_if port $backup_port
+ from $backupsrv_v6 to $wired_v6 port $backup_port
pass in final family inet6 proto udp \
- from $backupsrv_v6 to $wired_if port $backup_port
+ from $backupsrv_v6 to $wired_v6 port $backup_port
- pass stateful in final family inet6 proto udp to $wired_if \
+ pass stateful in final family inet6 proto udp to $wired_v6 \
port $services_udp
- pass stateful in final family inet proto udp to $wired_if \
+ pass stateful in final family inet proto udp to $wired_v6 \
port $services_udp
# only SYN packets need to generate state
pass stateful out final family inet6 proto tcp flags S/SA \
- from $wired_if apply rid
+ from $wired_v6 apply rid
pass stateful out final family inet proto tcp flags S/SA \
- from $wired_if apply rid
+ from $wired_v4 apply rid
# pass the other tcp packets without generating extra state
- pass out final family inet6 proto tcp from $wired_if apply rid
- pass out final family inet proto tcp from $wired_if apply rid
+ pass out final family inet6 proto tcp from $wired_v6 apply rid
+ pass out final family inet proto tcp from $wired_v4 apply rid
# all other types of traffic, generate state per packet
- pass stateful out final family inet6 from $wired_if apply rid
- pass stateful out final family inet from $wired_if apply rid
+ pass stateful out final family inet6 from $wired_v6 apply rid
+ pass stateful out final family inet from $wired_v4 apply rid
}
@@ -81,37 +86,37 @@ group (name wifi, interface $wifi_if)
pass in final family inet6 proto ipv6-icmp to ff00::/10
pass out final family inet6 proto ipv6-icmp from ff00::/10
- pass in final family inet6 proto ipv6-icmp to $wifi_if
- pass in final family inet proto icmp to $wifi_if
+ pass in final family inet6 proto ipv6-icmp to $wifi_v6
+ pass in final family inet proto icmp to $wifi_v6
pass in final family inet proto tcp \
- from any port bootps to $wifi_if port bootpc
+ from any port bootps to $wifi_v4 port bootpc
pass in final family inet proto udp \
- from any port bootps to $wifi_if port bootpc
+ from any port bootps to $wifi_v4 port bootpc
-pass in final family inet6 proto tcp flags S/SA to $wifi_if port ssh
+pass in final family inet6 proto tcp flags S/SA to $wifi_v6 port ssh
-pass in final family inet6 proto udp to $wifi_if port $services_udp
-pass in final family inet proto udp to $wifi_if port $services_udp
+pass in final family inet6 proto udp to $wifi_v6 port $services_udp
+pass in final family inet proto udp to $wifi_v4 port $services_udp
# IPSEC
- pass in final family inet6 proto udp to $wifi_if port isakmp
- pass in final family inet proto udp to $wifi_if port isakmp
+ pass in final family inet6 proto udp to $wifi_v6
CVS commit: src
Module Name:src Committed By: spz Date: Tue Dec 4 23:38:59 UTC 2012 Modified Files: src/distrib/sets/lists/base: ad.mips64eb ad.mips64el md.amd64 md.sparc64 mi shl.mi src/distrib/sets/lists/man: mi src/external/bsd/bind/bin/dnssec: Makefile src/external/bsd/bind/dist: CHANGES acconfig.h config.h.in srcid version src/external/bsd/bind/dist/bin/check: check-tool.c src/external/bsd/bind/dist/bin/dig: nslookup.c src/external/bsd/bind/dist/bin/dnssec: dnssec-dsfromkey.8 dnssec-dsfromkey.c dnssec-keyfromlabel.8 dnssec-keyfromlabel.c dnssec-keygen.8 dnssec-keygen.c dnssec-settime.c dnssec-signzone.c dnssec-verify.8 dnssec-verify.c dnssectool.c dnssectool.h src/external/bsd/bind/dist/bin/named: builtin.c client.c config.c controlconf.c query.c server.c statschannel.c src/external/bsd/bind/dist/bin/named/unix: dlz_dlopen_driver.c src/external/bsd/bind/dist/bin/nsupdate: nsupdate.c src/external/bsd/bind/dist/bin/python: dnssec-checkds.8 dnssec-checkds.docbook src/external/bsd/bind/dist/bin/tests/dst: t_dst.c src/external/bsd/bind/dist/bin/tests/names: t_names.c src/external/bsd/bind/dist/bin/tests/resolver: t_resolver.c src/external/bsd/bind/dist/bin/tests/system: testsock6.pl src/external/bsd/bind/dist/bin/tests/system/checkds: missing.example.dlv.example.dlv.db src/external/bsd/bind/dist/bin/tests/system/rpz: rpz.c src/external/bsd/bind/dist/bin/tests/system/rsabigexponent: bigkey.c src/external/bsd/bind/dist/bin/tests/system/rsabigexponent/ns2: Xexample.+005+05896.private src/external/bsd/bind/dist/bin/tests/system/stub: tests.sh src/external/bsd/bind/dist/contrib/dlz/drivers: dlz_dlopen_driver.c src/external/bsd/bind/dist/contrib/named-bootconf: named-bootconf.sh src/external/bsd/bind/dist/contrib/zkt/doc: rfc5011.txt src/external/bsd/bind/dist/doc/arm: Bv9ARM.pdf isc-logo.pdf src/external/bsd/bind/dist/doc/misc: options src/external/bsd/bind/dist/lib/bind9: check.c src/external/bsd/bind/dist/lib/dns: adb.c db.c dnssec.c ds.c dst_api.c dst_internal.h dst_openssl.h dst_parse.c dst_parse.h dst_result.c gssapi_link.c hmac_link.c log.c master.c masterdump.c nsec.c nsec3.c openssl_link.c openssldh_link.c openssldsa_link.c opensslecdsa_link.c opensslgost_link.c opensslrsa_link.c rbtdb.c rcode.c rdata.c rdataset.c resolver.c rpz.c update.c validator.c view.c zone.c zt.c src/external/bsd/bind/dist/lib/dns/include/dns: db.h dnssec.h ds.h iptable.h keyvalues.h log.h nsec.h private.h rdata.h rdataset.h rpz.h stats.h view.h zone.h src/external/bsd/bind/dist/lib/dns/include/dst: dst.h result.h src/external/bsd/bind/dist/lib/dns/rdata/generic: dlv_32769.c ds_43.c src/external/bsd/bind/dist/lib/dns/tests: Makefile.in dnstest.h rdataset_test.c src/external/bsd/bind/dist/lib/isc: mem.c task.c task_api.c src/external/bsd/bind/dist/lib/isc/ia64/include/isc: atomic.h src/external/bsd/bind/dist/lib/isc/include/isc: file.h heap.h list.h namespace.h queue.h task.h src/external/bsd/bind/dist/lib/isc/pthreads: condition.c src/external/bsd/bind/dist/lib/isc/tests: isctest.h src/external/bsd/bind/dist/lib/isc/unix: file.c src/external/bsd/bind/dist/lib/isc/win32: file.c src/external/bsd/bind/dist/lib/isc/win32/include/isc: stat.h src/external/bsd/bind/dist/lib/isccc: cc.c src/external/bsd/bind/dist/lib/isccfg: namedconf.c src/external/bsd/bind/dist/lib/lwres: getaddrinfo.c src/external/bsd/bind/dist/make: rules.in src/external/bsd/bind/dist/unit/atf-src/atf-c: macros.h src/external/bsd/bind/dist/unit/atf-src/atf-c/detail: process_test.c sanity.h text_test.c src/external/bsd/bind/include: config.h src/external/bsd/bind/lib/libbind9: shlib_version src/external/bsd/bind/lib/libdns: Makefile shlib_version src/external/bsd/bind/lib/libisc: shlib_version src/external/bsd/bind/lib/libisccc: shlib_version src/external/bsd/bind/lib/libisccfg: shlib_version src/external/bsd/bind/lib/liblwres: shlib_version Added Files: src/external/bsd/bind/bin/dnssec/dnssec-verify: Makefile Log Message: merge bind-9-9-2-P1 and adjust build as needed fixes CVE-2012-5688, see: http://www.isc.org/software/bind/advisories/cve-2012-5688 To generate a diff of this commit: cvs rdiff -u -r1.103 -r1.104 src/distrib/sets/lists/base/ad.mips64eb \ src/distrib/sets/lists/base/ad.mips64el cvs rdiff -u -r1.179 -r1.180 src/distrib/sets/lists/base/md.amd64 cvs rdiff -u -r1.168 -r1.169
CVS commit: src/lib/libc/gen
Module Name:src Committed By: spz Date: Sat Sep 15 19:31:12 UTC 2012 Modified Files: src/lib/libc/gen: fts.c Log Message: remove dubious cast To generate a diff of this commit: cvs rdiff -u -r1.44 -r1.45 src/lib/libc/gen/fts.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libc/gen/fts.c diff -u src/lib/libc/gen/fts.c:1.44 src/lib/libc/gen/fts.c:1.45 --- src/lib/libc/gen/fts.c:1.44 Wed Mar 14 00:25:19 2012 +++ src/lib/libc/gen/fts.c Sat Sep 15 19:31:12 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: fts.c,v 1.44 2012/03/14 00:25:19 christos Exp $ */ +/* $NetBSD: fts.c,v 1.45 2012/09/15 19:31:12 spz Exp $ */ /*- * Copyright (c) 1990, 1993, 1994 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = @(#)fts.c 8.6 (Berkeley) 8/14/94; #else -__RCSID($NetBSD: fts.c,v 1.44 2012/03/14 00:25:19 christos Exp $); +__RCSID($NetBSD: fts.c,v 1.45 2012/09/15 19:31:12 spz Exp $); #endif #endif /* LIBC_SCCS and not lint */ @@ -133,7 +133,7 @@ fts_open(char * const *argv, int options } /* Allocate/initialize the stream */ - if ((sp = malloc((unsigned int)sizeof(FTS))) == NULL) + if ((sp = malloc(sizeof(FTS))) == NULL) return (NULL); memset(sp, 0, sizeof(FTS)); sp-fts_compar = compar;
CVS commit: src
Module Name:src
Committed By: spz
Date: Wed Aug 22 06:45:17 UTC 2012
Modified Files:
src/distrib/sets/lists/base: mi
src/etc/mtree: NetBSD.dist.base
src/share/examples: Makefile
src/share/examples/npf: host-npf.conf
Added Files:
src/share/examples/npf: Makefile hashtablefile treetablefile
Log Message:
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
To generate a diff of this commit:
cvs rdiff -u -r1.1002 -r1.1003 src/distrib/sets/lists/base/mi
cvs rdiff -u -r1.103 -r1.104 src/etc/mtree/NetBSD.dist.base
cvs rdiff -u -r1.20 -r1.21 src/share/examples/Makefile
cvs rdiff -u -r0 -r1.1 src/share/examples/npf/Makefile \
src/share/examples/npf/hashtablefile src/share/examples/npf/treetablefile
cvs rdiff -u -r1.1 -r1.2 src/share/examples/npf/host-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/base/mi
diff -u src/distrib/sets/lists/base/mi:1.1002 src/distrib/sets/lists/base/mi:1.1003
--- src/distrib/sets/lists/base/mi:1.1002 Sun Aug 19 08:22:59 2012
+++ src/distrib/sets/lists/base/mi Wed Aug 22 06:45:15 2012
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1002 2012/08/19 08:22:59 mrg Exp $
+# $NetBSD: mi,v 1.1003 2012/08/22 06:45:15 spz Exp $
#
# Note: Don't delete entries from here - mark them as obsolete instead,
# unless otherwise stated below.
@@ -1669,6 +1669,11 @@
./usr/share/examples/lua/sqlite.lua base-sys-examples share
./usr/share/examples/mount_portal base-miscfs-examples
./usr/share/examples/named base-obsolete obsolete
+./usr/share/examples/npf base-netutil-examples
+./usr/share/examples/npf/host-npf.conf base-netutil-examples
+./usr/share/examples/npf/soho_gw-npf.conf base-netutil-examples
+./usr/share/examples/npf/hashtablefile base-netutil-examples
+./usr/share/examples/npf/treetablefile base-netutil-examples
./usr/share/examples/openssl base-crypto-examples
./usr/share/examples/pfbase-netutil-examples
./usr/share/examples/postfix base-postfix-examples
Index: src/etc/mtree/NetBSD.dist.base
diff -u src/etc/mtree/NetBSD.dist.base:1.103 src/etc/mtree/NetBSD.dist.base:1.104
--- src/etc/mtree/NetBSD.dist.base:1.103 Thu Jun 21 04:30:04 2012
+++ src/etc/mtree/NetBSD.dist.base Wed Aug 22 06:45:16 2012
@@ -1,4 +1,4 @@
-# $NetBSD: NetBSD.dist.base,v 1.103 2012/06/21 04:30:04 pgoyette Exp $
+# $NetBSD: NetBSD.dist.base,v 1.104 2012/08/22 06:45:16 spz Exp $
# @(#)4.4BSD.dist 8.1 (Berkeley) 6/13/93
# Do not customize this file as it may be overwritten on upgrades.
@@ -344,6 +344,7 @@
./usr/share/examples/libsaslc/mech
./usr/share/examples/lua
./usr/share/examples/mount_portal
+./usr/share/examples/npf
./usr/share/examples/openssl
./usr/share/examples/pf
./usr/share/examples/pppd
Index: src/share/examples/Makefile
diff -u src/share/examples/Makefile:1.20 src/share/examples/Makefile:1.21
--- src/share/examples/Makefile:1.20 Sat Nov 12 01:18:40 2011
+++ src/share/examples/Makefile Wed Aug 22 06:45:16 2012
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.20 2011/11/12 01:18:40 jmmv Exp $
+# $NetBSD: Makefile,v 1.21 2012/08/22 06:45:16 spz Exp $
-SUBDIR= amd apm asm disktab emul fstab ftpd getdate hostapd isdn lua pppd \
- racoon supfiles syslogd wsmoused
+SUBDIR= amd apm asm disktab emul fstab ftpd getdate hostapd \
+isdn lua npf pppd racoon supfiles syslogd wsmoused
.include bsd.subdir.mk
Index: src/share/examples/npf/host-npf.conf
diff -u src/share/examples/npf/host-npf.conf:1.1 src/share/examples/npf/host-npf.conf:1.2
--- src/share/examples/npf/host-npf.conf:1.1 Mon Aug 20 21:09:49 2012
+++ src/share/examples/npf/host-npf.conf Wed Aug 22 06:45:17 2012
@@ -1,3 +1,5 @@
+# $NetBSD: host-npf.conf,v 1.2 2012/08/22 06:45:17 spz Exp $
+#
# this is an example of NPF rules for a host (i.e., not routing) with
# two network interfaces, wired and wifi
#
Added files:
Index: src/share/examples/npf/Makefile
diff -u /dev/null src/share/examples/npf/Makefile:1.1
--- /dev/null Wed Aug 22 06:45:18 2012
+++ src/share/examples/npf/Makefile Wed Aug 22 06:45:16 2012
@@ -0,0 +1,12 @@
+# $NetBSD: Makefile,v 1.1 2012/08/22 06:45:16 spz Exp $
+
+NOOBJ= # defined
+
+.include bsd.own.mk
+
+.if ${MKSHARE} != no
+FILES= host-npf.conf soho_gw-npf.conf hashtablefile treetablefile
+FILESDIR= /usr/share/examples/npf
+.endif
+
+.include bsd.prog.mk
Index: src/share/examples/npf/hashtablefile
diff -u /dev/null src/share/examples/npf/hashtablefile:1.1
--- /dev/null Wed Aug 22 06:45:18 2012
+++ src/share/examples/npf/hashtablefile Wed Aug 22 06:45:17 2012
@@ -0,0 +1,8 @@
+# $NetBSD: hashtablefile,v 1.1 2012/08/22 06:45:17 spz Exp $
+#
+# hash tables can only have single IP addresses
+#
+# entry comment 1 (optional)
+192.0.2.7
+# entry comment 2 (optional)
+198.51.100.48
Index: src/share/examples/npf/treetablefile
diff -u /dev/null
CVS commit: src/share/examples/npf
Module Name:src
Committed By: spz
Date: Tue Aug 21 06:54:40 UTC 2012
Added Files:
src/share/examples/npf: soho_gw-npf.conf
Log Message:
the example from the man page, with a few extra comments
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/share/examples/npf/soho_gw-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/share/examples/npf/soho_gw-npf.conf
diff -u /dev/null src/share/examples/npf/soho_gw-npf.conf:1.1
--- /dev/null Tue Aug 21 06:54:40 2012
+++ src/share/examples/npf/soho_gw-npf.conf Tue Aug 21 06:54:39 2012
@@ -0,0 +1,60 @@
+# $NetBSD: soho_gw-npf.conf,v 1.1 2012/08/21 06:54:39 spz Exp $
+#
+# SOHO border
+#
+# This is a natting border gateway/webserver/mailserver/nameserver
+#
+$ext_if = wm0
+$int_if = wm1
+
+table 1 type hash file /etc/npf_blacklist
+# for NAT
+table 2 type tree dynamic
+
+$services_tcp = { http, https, smtp, domain, 6000, 9022 }
+$services_udp = { domain, ntp, 6000 }
+$localnet = { 198.51.100.0/24 }
+
+# NAT outgoing to the address of the external interface
+# Note: if $ext_if has multiple IP addresses (e.g. IPv6 as well),
+# then the translation address has to be specified explicitly.
+map $ext_if dynamic 198.51.100.0/24 - $ext_if
+
+# NAT traffic arriving on port 9022 of the external interface address
+# to host 198.51.100.2 port 22
+map $ext_if dynamic 198.51.100.2 port 22 - $ext_if 9022
+
+procedure log {
+ log: npflog0
+}
+
+procedure rid {
+ normalise: random-id
+}
+
+group (name external, interface $ext_if) {
+ pass stateful out final from $ext_if apply rid
+
+ block in final from 1
+ pass stateful in final family inet proto tcp to $ext_if port ssh \
+ apply log
+ pass stateful in final proto tcp to $ext_if port $services_tcp
+ pass stateful in final proto udp to $ext_if port $services_udp
+
+ # Passive FTP
+ pass stateful in final proto tcp to $ext_if port 49151-65535
+ # Traceroute
+ pass stateful in final proto udp to $ext_if port 33434-33600
+}
+
+group (name internal, interface $int_if) {
+ block in all
+ pass in final from 2
+ pass out final all
+}
+
+group (default) {
+ pass final on lo0 all
+ block all
+}
+
CVS commit: src/share/examples/npf
Module Name:src
Committed By: spz
Date: Tue Aug 21 08:25:21 UTC 2012
Modified Files:
src/share/examples/npf: soho_gw-npf.conf
Log Message:
add id string, fix comments
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/share/examples/npf/soho_gw-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/npf/soho_gw-npf.conf
diff -u src/share/examples/npf/soho_gw-npf.conf:1.1 src/share/examples/npf/soho_gw-npf.conf:1.2
--- src/share/examples/npf/soho_gw-npf.conf:1.1 Tue Aug 21 06:54:39 2012
+++ src/share/examples/npf/soho_gw-npf.conf Tue Aug 21 08:25:21 2012
@@ -1,14 +1,16 @@
-# $NetBSD: soho_gw-npf.conf,v 1.1 2012/08/21 06:54:39 spz Exp $
+# $NetBSD: soho_gw-npf.conf,v 1.2 2012/08/21 08:25:21 spz Exp $
#
# SOHO border
#
# This is a natting border gateway/webserver/mailserver/nameserver
+# IPv4 only
#
$ext_if = wm0
$int_if = wm1
-table 1 type hash file /etc/npf_blacklist
-# for NAT
+# a table to house e.g. block candidates in
+table 1 type hash file /usr/share/examples/npf/hashtablefile
+# feed this using npfctl table 2 add 198.51.100.16/29 f.e.
table 2 type tree dynamic
$services_tcp = { http, https, smtp, domain, 6000, 9022 }
CVS commit: src/share/examples/npf
Module Name:src
Committed By: spz
Date: Mon Aug 20 21:09:50 UTC 2012
Added Files:
src/share/examples/npf: host-npf.conf
Log Message:
add an example for a npf.conf
It probably could do with polishing of both rules and comments, but meh,
better than nothing
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/share/examples/npf/host-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/share/examples/npf/host-npf.conf
diff -u /dev/null src/share/examples/npf/host-npf.conf:1.1
--- /dev/null Mon Aug 20 21:09:50 2012
+++ src/share/examples/npf/host-npf.conf Mon Aug 20 21:09:49 2012
@@ -0,0 +1,118 @@
+# this is an example of NPF rules for a host (i.e., not routing) with
+# two network interfaces, wired and wifi
+#
+# it does both IPv4 and IPv6 and allows for DHCP in v4 and SLAAC in v6
+# it also does IPSEC on the wifi
+#
+$wired_if = wm0
+$wifi_if = iwn0
+
+$dhcpserver = { 198.51.100.1 }
+
+# sample udp service
+$services_udp = { ntp }
+
+# sample mixed service
+$backupsrv_v4 = { 198.51.100.11 }
+$backupsrv_v6 = { 2001:0DB8:404::11 }
+$backup_port = { amanda }
+
+# watching a tcpdump of npflog0, when it only logs blocks,
+# can be very helpful for building the rules you actually need
+procedure log {
+ log: npflog0
+}
+
+procedure rid {
+ normalise: random-id
+}
+
+group (name wired, interface $wired_if) {
+
+ # not being picky about our own address here
+ pass in final family inet6 proto ipv6-icmp all
+ pass out final family inet6 proto ipv6-icmp all
+ pass in final family inet proto icmp all
+
+ pass in final family inet proto tcp \
+ from $dhcpserver port bootps to $wired_if port bootpc
+ pass in final family inet proto udp \
+ from $dhcpserver port bootps to $wired_if port bootpc
+
+ pass in final family inet6 proto tcp to $wired_if port ssh
+
+ pass in final family inet proto tcp flags S/SA \
+ from $backupsrv_v4 to $wired_if port $backup_port
+ pass in final family inet proto udp \
+ from $backupsrv_v4 to $wired_if port $backup_port
+ pass in final family inet6 proto tcp flags S/SA \
+ from $backupsrv_v6 to $wired_if port $backup_port
+ pass in final family inet6 proto udp \
+ from $backupsrv_v6 to $wired_if port $backup_port
+
+ pass stateful in final family inet6 proto udp to $wired_if \
+ port $services_udp
+ pass stateful in final family inet proto udp to $wired_if \
+ port $services_udp
+
+ # only SYN packets need to generate state
+ pass stateful out final family inet6 proto tcp flags S/SA \
+ from $wired_if apply rid
+ pass stateful out final family inet proto tcp flags S/SA \
+ from $wired_if apply rid
+ # pass the other tcp packets without generating extra state
+ pass out final family inet6 proto tcp from $wired_if apply rid
+ pass out final family inet proto tcp from $wired_if apply rid
+
+ # all other types of traffic, generate state per packet
+ pass stateful out final family inet6 from $wired_if apply rid
+ pass stateful out final family inet from $wired_if apply rid
+
+}
+
+group (name wifi, interface $wifi_if) {
+ # linklocal
+ pass in final family inet6 proto ipv6-icmp to fe80::/10
+ pass out final family inet6 proto ipv6-icmp from fe80::/10
+
+ # administrative multicasts
+ pass in final family inet6 proto ipv6-icmp to ff00::/10
+ pass out final family inet6 proto ipv6-icmp from ff00::/10
+
+ pass in final family inet6 proto ipv6-icmp to $wifi_if
+ pass in final family inet proto icmp to $wifi_if
+
+ pass in final family inet proto tcp \
+ from any port bootps to $wifi_if port bootpc
+ pass in final family inet proto udp \
+ from any port bootps to $wifi_if port bootpc
+
+pass in final family inet6 proto tcp flags S/SA to $wifi_if port ssh
+
+pass in final family inet6 proto udp to $wifi_if port $services_udp
+pass in final family inet proto udp to $wifi_if port $services_udp
+
+ # IPSEC
+ pass in final family inet6 proto udp to $wifi_if port isakmp
+ pass in final family inet proto udp to $wifi_if port isakmp
+ pass in family inet6 proto esp all
+ pass in family inet proto esp all
+
+ # only SYN packets need to generate state
+pass stateful out final family inet6 proto tcp flags S/SA \
+ from $wifi_if apply rid
+pass stateful out final family inet proto tcp flags S/SA \
+ from $wifi_if apply rid
+ # pass the other tcp packets without generating extra state
+pass out final family inet6 proto tcp from $wifi_if apply rid
+pass out final family inet proto tcp from $wifi_if apply rid
+
+ # all other types of traffic, generate state per packet
+pass stateful out final family inet6 from $wifi_if apply rid
+pass stateful out final family inet from $wifi_if apply rid
+}
+
+group (default) {
+ pass final on lo0 all
+ block all apply log
+}
CVS commit: src/external/bsd/bind/dist
Module Name:src
Committed By: spz
Date: Tue Jul 24 18:06:29 UTC 2012
Modified Files:
src/external/bsd/bind/dist: CHANGES version
src/external/bsd/bind/dist/bin/tests/system/stub: tests.sh
src/external/bsd/bind/dist/lib/dns: resolver.c zone.c
src/external/bsd/bind/dist/lib/isc/include/isc: queue.h
Log Message:
Fixes for CVE-2012-3817 and CVE-2012-3868 from ISC:
--- 9.9.1-P2 released ---
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3345. [bug] Addressed race condition when removing the last item
or inserting the first item in an ISC_QUEUE.
[RT #29539]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/bind/dist/CHANGES
cvs rdiff -u -r1.1.1.11 -r1.2 src/external/bsd/bind/dist/version
cvs rdiff -u -r1.1.1.3 -r1.2 \
src/external/bsd/bind/dist/bin/tests/system/stub/tests.sh
cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/lib/dns/resolver.c
cvs rdiff -u -r1.5 -r1.6 src/external/bsd/bind/dist/lib/dns/zone.c
cvs rdiff -u -r1.1.1.1 -r1.2 \
src/external/bsd/bind/dist/lib/isc/include/isc/queue.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/bind/dist/CHANGES
diff -u src/external/bsd/bind/dist/CHANGES:1.3 src/external/bsd/bind/dist/CHANGES:1.4
--- src/external/bsd/bind/dist/CHANGES:1.3 Tue Jun 5 00:38:46 2012
+++ src/external/bsd/bind/dist/CHANGES Tue Jul 24 18:06:28 2012
@@ -1,3 +1,16 @@
+ --- 9.9.1-P2 released ---
+
+3346. [security] Bad-cache data could be used before it was
+ initialized, causing an assert. [RT #30025]
+
+3345. [bug] Addressed race condition when removing the last item
+ or inserting the first item in an ISC_QUEUE.
+ [RT #29539]
+
+3342. [bug] Change #3314 broke saving of stub zones to disk
+ resulting in excessive cpu usage in some cases.
+ [RT #29952]
+
--- 9.9.1-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
Index: src/external/bsd/bind/dist/version
diff -u src/external/bsd/bind/dist/version:1.1.1.11 src/external/bsd/bind/dist/version:1.2
--- src/external/bsd/bind/dist/version:1.1.1.11 Mon Jun 4 17:53:25 2012
+++ src/external/bsd/bind/dist/version Tue Jul 24 18:06:28 2012
@@ -7,4 +7,4 @@ MAJORVER=9
MINORVER=9
PATCHVER=1
RELEASETYPE=-P
-RELEASEVER=1
+RELEASEVER=2
Index: src/external/bsd/bind/dist/bin/tests/system/stub/tests.sh
diff -u src/external/bsd/bind/dist/bin/tests/system/stub/tests.sh:1.1.1.3 src/external/bsd/bind/dist/bin/tests/system/stub/tests.sh:1.2
--- src/external/bsd/bind/dist/bin/tests/system/stub/tests.sh:1.1.1.3 Mon Jun 4 17:54:37 2012
+++ src/external/bsd/bind/dist/bin/tests/system/stub/tests.sh Tue Jul 24 18:06:28 2012
@@ -21,14 +21,24 @@ SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
+echo I:check that the stub zone has been saved to disk
+for i in 1 2 3 4 5 6 7 8 9 20
+do
+ [ -f ns3/child.example.st ] break
+ sleep 1
+done
+[ -f ns3/child.example.st ] || { status=1; echo I:failed; }
+
+for pass in 1 2
+do
-echo I:trying an axfr that should be denied (NOTAUTH)
+echo I:trying an axfr that should be denied (NOTAUTH) (pass=$pass)
ret=0
-$DIG +tcp data.child.example. @10.53.0.3 axfr -p 5300 dig.out.ns3 || ret=1
+$DIG +tcp child.example. @10.53.0.3 axfr -p 5300 dig.out.ns3 || ret=1
grep ; Transfer failed. dig.out.ns3 /dev/null || ret=1
[ $ret = 0 ] || { status=1; echo I:failed; }
-echo I:look for stub zone data without recursion (should not be found)
+echo I:look for stub zone data without recursion (should not be found) (pass=$pass)
for i in 1 2 3 4 5 6 7 8 9
do
ret=0
@@ -41,11 +51,20 @@ done
$PERL ../digcomp.pl knowngood.dig.out.norec dig.out.ns3 || ret=1
[ $ret = 0 ] || { status=1; echo I:failed; }
-echo I:look for stub zone data with recursion (should be found)
+echo I:look for stub zone data with recursion (should be found) (pass=$pass)
ret=0
$DIG +tcp data.child.example. @10.53.0.3 txt -p 5300 dig.out.ns3 || ret=1
$PERL ../digcomp.pl knowngood.dig.out.rec dig.out.ns3 || ret=1
[ $ret = 0 ] || { status=1; echo I:failed; }
+[ $pass = 1 ] {
+ echo I:stopping stub server
+ $PERL $SYSTEMTESTTOP/stop.pl . ns3
+
+ echo I:re-starting stub server
+ $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns3
+}
+done
+
echo I:exit status: $status
exit $status
Index: src/external/bsd/bind/dist/lib/dns/resolver.c
diff -u src/external/bsd/bind/dist/lib/dns/resolver.c:1.12 src/external/bsd/bind/dist/lib/dns/resolver.c:1.13
--- src/external/bsd/bind/dist/lib/dns/resolver.c:1.12 Tue Jun 5 00:41:39 2012
+++ src/external/bsd/bind/dist/lib/dns/resolver.c Tue Jul 24
CVS commit: src/external/bsd/bind/dist
Module Name:src
Committed By: spz
Date: Tue Jul 24 20:00:45 UTC 2012
Modified Files:
src/external/bsd/bind/dist: CHANGES
src/external/bsd/bind/dist/lib/dns: resolver.c
src/external/bsd/bind/dist/lib/isc/include/isc: queue.h
Log Message:
the patch for CVE-2012-3868 was incomplete
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/bind/dist/CHANGES
cvs rdiff -u -r1.13 -r1.14 src/external/bsd/bind/dist/lib/dns/resolver.c
cvs rdiff -u -r1.2 -r1.3 \
src/external/bsd/bind/dist/lib/isc/include/isc/queue.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/bind/dist/CHANGES
diff -u src/external/bsd/bind/dist/CHANGES:1.4 src/external/bsd/bind/dist/CHANGES:1.5
--- src/external/bsd/bind/dist/CHANGES:1.4 Tue Jul 24 18:06:28 2012
+++ src/external/bsd/bind/dist/CHANGES Tue Jul 24 20:00:44 2012
@@ -1,5 +1,7 @@
--- 9.9.1-P2 released ---
+3349. [bug] Change #3345 was incomplete. [RT #30233]
+
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
Index: src/external/bsd/bind/dist/lib/dns/resolver.c
diff -u src/external/bsd/bind/dist/lib/dns/resolver.c:1.13 src/external/bsd/bind/dist/lib/dns/resolver.c:1.14
--- src/external/bsd/bind/dist/lib/dns/resolver.c:1.13 Tue Jul 24 18:06:28 2012
+++ src/external/bsd/bind/dist/lib/dns/resolver.c Tue Jul 24 20:00:45 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: resolver.c,v 1.13 2012/07/24 18:06:28 spz Exp $ */
+/* $NetBSD: resolver.c,v 1.14 2012/07/24 20:00:45 spz Exp $ */
/*
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. (ISC)
@@ -8465,7 +8465,7 @@ dns_resolver_addbadcache(dns_resolver_t
resolver-badhash DNS_BADCACHE_SIZE)
resizehash(resolver, now, ISC_FALSE);
} else
- bad-expire = *expire;
+ bad-expire = *expire;
cleanup:
UNLOCK(resolver-lock);
}
Index: src/external/bsd/bind/dist/lib/isc/include/isc/queue.h
diff -u src/external/bsd/bind/dist/lib/isc/include/isc/queue.h:1.2 src/external/bsd/bind/dist/lib/isc/include/isc/queue.h:1.3
--- src/external/bsd/bind/dist/lib/isc/include/isc/queue.h:1.2 Tue Jul 24 18:06:29 2012
+++ src/external/bsd/bind/dist/lib/isc/include/isc/queue.h Tue Jul 24 20:00:45 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: queue.h,v 1.2 2012/07/24 18:06:29 spz Exp $ */
+/* $NetBSD: queue.h,v 1.3 2012/07/24 20:00:45 spz Exp $ */
/*
* Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. (ISC)
@@ -103,15 +103,15 @@
} \
LOCK((queue).taillock); \
if ((queue).tail == NULL !headlocked) { \
- UNLOCK((queue).taillock); \
+ UNLOCK((queue).taillock); \
LOCK((queue).headlock); \
LOCK((queue).taillock); \
headlocked = ISC_TRUE; \
} \
- if ((queue).tail != NULL) \
- (queue).tail-link.next = (elt); \
(elt)-link.prev = (queue).tail; \
(elt)-link.next = NULL; \
+ if ((queue).tail != NULL) \
+ (queue).tail-link.next = (elt); \
(queue).tail = (elt); \
UNLOCK((queue).taillock); \
if (headlocked) { \
@@ -130,10 +130,10 @@
LOCK((queue).taillock); \
if (ret-link.next == NULL) { \
(queue).head = (queue).tail = NULL; \
-UNLOCK((queue).taillock); \
+ UNLOCK((queue).taillock); \
break; \
} \
-UNLOCK((queue).taillock); \
+ UNLOCK((queue).taillock); \
} \
(queue).head = ret-link.next; \
(queue).head-link.prev = NULL; \
CVS commit: src/sys/netinet
Module Name:src
Committed By: spz
Date: Thu Jul 19 20:57:43 UTC 2012
Modified Files:
src/sys/netinet: icmp6.h
Log Message:
this commit contains two sets of unrelated changes:
while I was here I checked other KAME implementations for their icmp6.h
version, and thus:
- added a define for MLDV2_LISTENER_REPORT from FreeBSD
- added defines for the missing ICMP6_DST_UNREACH codes
then on to what I actually wanted to do:
- adds strings for the types and codes (encapsulated by ICMP6_STRINGS)
for the use of npfctl and other tools that might want to parse
human-friendly names instead of the corresponding number for ipv6-icmp
types and codes.
The strings are ordered such that their index is (as far as is practical)
the number belonging to the name, which is why there are
icmp6_type_err (use directly) and icmp6_type_info (add 128)
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 src/sys/netinet/icmp6.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/icmp6.h
diff -u src/sys/netinet/icmp6.h:1.44 src/sys/netinet/icmp6.h:1.45
--- src/sys/netinet/icmp6.h:1.44 Sat Dec 10 19:14:29 2011
+++ src/sys/netinet/icmp6.h Thu Jul 19 20:57:43 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: icmp6.h,v 1.44 2011/12/10 19:14:29 roy Exp $ */
+/* $NetBSD: icmp6.h,v 1.45 2012/07/19 20:57:43 spz Exp $ */
/* $KAME: icmp6.h,v 1.84 2003/04/23 10:26:51 itojun Exp $ */
@@ -125,6 +125,7 @@ struct icmp6_hdr {
#define ICMP6_FQDN_REPLY 140 /* FQDN reply */
#define ICMP6_NI_QUERY 139 /* node information request */
#define ICMP6_NI_REPLY 140 /* node information reply */
+#define MLDV2_LISTENER_REPORT 143 /* RFC3810 listener report */
/* The definitions below are experimental. TBA */
#define MLD_MTRACE_RESP 200 /* mtrace response(to sender) */
@@ -144,6 +145,9 @@ struct icmp6_hdr {
#define ICMP6_DST_UNREACH_BEYONDSCOPE 2 /* beyond scope of source address */
#define ICMP6_DST_UNREACH_ADDR 3 /* address unreachable */
#define ICMP6_DST_UNREACH_NOPORT 4 /* port unreachable */
+#define ICMP6_DST_UNREACH_POLICY 5 /* source address failed ingress/egress policy */
+#define ICMP6_DST_UNREACH_REJROUTE 6 /* reject route to destination */
+#define ICMP6_DST_UNREACH_SOURCERT 7 /* error in source routing header */
#define ICMP6_TIME_EXCEED_TRANSIT 0 /* ttl==0 in transit */
#define ICMP6_TIME_EXCEED_REASSEMBLY 1 /* ttl==0 in reass */
@@ -733,4 +737,41 @@ extern int icmp6_rediraccept; /* accept/
extern int icmp6_redirtimeout; /* cache time for redirect routes */
#endif /* _KERNEL */
+#ifdef ICMP6_STRINGS
+/* Info: http://www.iana.org/assignments/icmpv6-parameters */
+
+static const char * const icmp6_type_err[] = {
+reserved0, unreach, packet_too_big, timxceed, paramprob,
+ NULL
+};
+
+static const char * const icmp6_type_info[] = {
+ echo, echoreply,
+ mcastlistenq, mcastlistenrep, mcastlistendone,
+ rtsol, rtadv, neighsol, neighadv, redirect,
+ routerrenum, nodeinfoq, nodeinfor, invneighsol, invneighrep,
+ mcastlistenrep2, haad_req, haad_rep,
+ mobile_psol, mobile_padv, cga_sol, cga_adv,
+ experimental150, mcast_rtadv, mcast_rtsol, mcast_rtterm,
+ fmipv6_msg, rpl_control, NULL
+};
+
+static const char * const icmp6_code_none[] = { none, NULL };
+
+static const char * const icmp6_code_unreach[] = {
+noroute, admin, beyondscope, addr, port,
+ srcaddr_policy, reject_route, source_route_err, NULL
+};
+
+static const char * const icmp6_code_timxceed[] = {
+intrans, reass, NULL
+};
+
+static const char * const icmp6_code_paramprob[] = {
+hdr_field, nxthdr_type, option, NULL
+};
+
+/* not all informational icmps that have codes have a names array */
+#endif
+
#endif /* !_NETINET_ICMP6_H_ */
CVS commit: src/sys/netinet
Module Name:src
Committed By: spz
Date: Thu Jul 19 21:08:43 UTC 2012
Modified Files:
src/sys/netinet: icmp6.h
Log Message:
grmblwhitespace/grmbl
To generate a diff of this commit:
cvs rdiff -u -r1.45 -r1.46 src/sys/netinet/icmp6.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/icmp6.h
diff -u src/sys/netinet/icmp6.h:1.45 src/sys/netinet/icmp6.h:1.46
--- src/sys/netinet/icmp6.h:1.45 Thu Jul 19 20:57:43 2012
+++ src/sys/netinet/icmp6.h Thu Jul 19 21:08:42 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: icmp6.h,v 1.45 2012/07/19 20:57:43 spz Exp $ */
+/* $NetBSD: icmp6.h,v 1.46 2012/07/19 21:08:42 spz Exp $ */
/* $KAME: icmp6.h,v 1.84 2003/04/23 10:26:51 itojun Exp $ */
@@ -741,7 +741,7 @@ extern int icmp6_redirtimeout; /* cache
/* Info: http://www.iana.org/assignments/icmpv6-parameters */
static const char * const icmp6_type_err[] = {
-reserved0, unreach, packet_too_big, timxceed, paramprob,
+ reserved0, unreach, packet_too_big, timxceed, paramprob,
NULL
};
@@ -759,16 +759,16 @@ static const char * const icmp6_type_inf
static const char * const icmp6_code_none[] = { none, NULL };
static const char * const icmp6_code_unreach[] = {
-noroute, admin, beyondscope, addr, port,
+ noroute, admin, beyondscope, addr, port,
srcaddr_policy, reject_route, source_route_err, NULL
};
static const char * const icmp6_code_timxceed[] = {
-intrans, reass, NULL
+ intrans, reass, NULL
};
static const char * const icmp6_code_paramprob[] = {
-hdr_field, nxthdr_type, option, NULL
+ hdr_field, nxthdr_type, option, NULL
};
/* not all informational icmps that have codes have a names array */
CVS commit: src
Module Name:src
Committed By: spz
Date: Thu Jul 19 21:52:29 UTC 2012
Modified Files:
src/sys/net/npf: npf.h npf_alg_icmp.c npf_impl.h npf_inet.c npf_instr.c
npf_ncode.h npf_processor.c npf_session.c
src/usr.sbin/npf/npfctl: npf_build.c npf_data.c npf_disassemble.c
npf_ncgen.c npf_parse.y npf_scan.l npf_var.h npfctl.h
Log Message:
teach npf ipv6-icmp
reviewed by rmind@
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/sys/net/npf/npf.h
cvs rdiff -u -r1.10 -r1.11 src/sys/net/npf/npf_alg_icmp.c
cvs rdiff -u -r1.18 -r1.19 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.14 -r1.15 src/sys/net/npf/npf_inet.c
cvs rdiff -u -r1.13 -r1.14 src/sys/net/npf/npf_instr.c
cvs rdiff -u -r1.9 -r1.10 src/sys/net/npf/npf_ncode.h
cvs rdiff -u -r1.11 -r1.12 src/sys/net/npf/npf_processor.c
cvs rdiff -u -r1.15 -r1.16 src/sys/net/npf/npf_session.c
cvs rdiff -u -r1.11 -r1.12 src/usr.sbin/npf/npfctl/npf_build.c
cvs rdiff -u -r1.15 -r1.16 src/usr.sbin/npf/npfctl/npf_data.c
cvs rdiff -u -r1.7 -r1.8 src/usr.sbin/npf/npfctl/npf_disassemble.c
cvs rdiff -u -r1.12 -r1.13 src/usr.sbin/npf/npfctl/npf_ncgen.c
cvs rdiff -u -r1.10 -r1.11 src/usr.sbin/npf/npfctl/npf_parse.y
cvs rdiff -u -r1.4 -r1.5 src/usr.sbin/npf/npfctl/npf_scan.l
cvs rdiff -u -r1.2 -r1.3 src/usr.sbin/npf/npfctl/npf_var.h
cvs rdiff -u -r1.17 -r1.18 src/usr.sbin/npf/npfctl/npfctl.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf.h
diff -u src/sys/net/npf/npf.h:1.19 src/sys/net/npf/npf.h:1.20
--- src/sys/net/npf/npf.h:1.19 Sun Jul 15 00:23:00 2012
+++ src/sys/net/npf/npf.h Thu Jul 19 21:52:29 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.19 2012/07/15 00:23:00 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.20 2012/07/19 21:52:29 spz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -74,6 +74,7 @@ typedef struct npf_rproc npf_rproc_t;
#include netinet/tcp.h
#include netinet/udp.h
#include netinet/ip_icmp.h
+#include netinet/icmp6.h
#define NPC_IP4 0x01 /* Indicates fetched IPv4 header. */
#define NPC_IP6 0x02 /* Indicates IPv6 header. */
@@ -104,9 +105,10 @@ typedef struct {
} npc_ip;
/* TCP, UDP, ICMP. */
union {
- struct tcphdr tcp;
- struct udphdr udp;
- struct icmp icmp;
+ struct tcphdr tcp;
+ struct udphdr udp;
+ struct icmp icmp;
+ struct icmp6_hdr icmp6;
} npc_l4;
} npf_cache_t;
Index: src/sys/net/npf/npf_alg_icmp.c
diff -u src/sys/net/npf/npf_alg_icmp.c:1.10 src/sys/net/npf/npf_alg_icmp.c:1.11
--- src/sys/net/npf/npf_alg_icmp.c:1.10 Sun Jul 15 00:23:00 2012
+++ src/sys/net/npf/npf_alg_icmp.c Thu Jul 19 21:52:29 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg_icmp.c,v 1.10 2012/07/15 00:23:00 rmind Exp $ */
+/* $NetBSD: npf_alg_icmp.c,v 1.11 2012/07/19 21:52:29 spz Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: npf_alg_icmp.c,v 1.10 2012/07/15 00:23:00 rmind Exp $);
+__KERNEL_RCSID(0, $NetBSD: npf_alg_icmp.c,v 1.11 2012/07/19 21:52:29 spz Exp $);
#include sys/param.h
#include sys/module.h
@@ -46,6 +46,7 @@ __KERNEL_RCSID(0, $NetBSD: npf_alg_icmp
#include netinet/tcp.h
#include netinet/udp.h
#include netinet/ip_icmp.h
+#include netinet/icmp6.h
#include net/pfil.h
#include npf_impl.h
@@ -156,54 +157,102 @@ npfa_icmp_match(npf_cache_t *npc, nbuf_t
static bool
npf_icmp_uniqid(const int type, npf_cache_t *npc, nbuf_t *nbuf, void *n_ptr)
{
- struct icmp *ic;
- u_int offby;
-
- /* Per RFC 792. */
- switch (type) {
- case ICMP_UNREACH:
- case ICMP_SOURCEQUENCH:
- case ICMP_REDIRECT:
- case ICMP_TIMXCEED:
- case ICMP_PARAMPROB:
- /* Should contain original IP header. */
- offby = offsetof(struct icmp, icmp_ip);
- if ((n_ptr = nbuf_advance(nbuf, n_ptr, offby)) == NULL) {
- return false;
- }
- /* Fetch into the cache. */
- if (!npf_fetch_ip(npc, nbuf, n_ptr)) {
- return false;
- }
- switch (npf_cache_ipproto(npc)) {
- case IPPROTO_TCP:
- return npf_fetch_tcp(npc, nbuf, n_ptr);
- case IPPROTO_UDP:
- return npf_fetch_udp(npc, nbuf, n_ptr);
+ struct icmp *ic;
+ struct icmp6_hdr *ic6;
+ u_intoffby;
+
+ if (npf_iscached(npc, NPC_IP4)) {
+ /* Per RFC 792. */
+ switch (type) {
+ case ICMP_UNREACH:
+ case ICMP_SOURCEQUENCH:
+ case ICMP_REDIRECT:
+ case ICMP_TIMXCEED:
+ case ICMP_PARAMPROB:
+ /* Should contain original IP header. */
+ offby = offsetof(struct icmp, icmp_ip);
+ if ((n_ptr = nbuf_advance(nbuf, n_ptr, offby)) == NULL) {
+return false;
+ }
+ /* Fetch into the cache. */
+ if (!npf_fetch_ip(npc, nbuf, n_ptr)) {
+return false;
+ }
+ switch (npf_cache_ipproto(npc)) {
+ case IPPROTO_TCP:
+return npf_fetch_tcp(npc, nbuf, n_ptr);
+ case IPPROTO_UDP:
+return npf_fetch_udp(npc, nbuf, n_ptr);
+ default:
+return false;
+ }
+ return true;
+
+ case ICMP_ECHOREPLY:
+ case ICMP_ECHO:
CVS commit: src/usr.sbin/mtree
Module Name:src
Committed By: spz
Date: Sun Jul 15 09:08:30 UTC 2012
Modified Files:
src/usr.sbin/mtree: create.c
Log Message:
resource leak (Coverity issues 274383 and 274384)
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 src/usr.sbin/mtree/create.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/mtree/create.c
diff -u src/usr.sbin/mtree/create.c:1.58 src/usr.sbin/mtree/create.c:1.59
--- src/usr.sbin/mtree/create.c:1.58 Fri Apr 3 21:18:59 2009
+++ src/usr.sbin/mtree/create.c Sun Jul 15 09:08:29 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: create.c,v 1.58 2009/04/03 21:18:59 apb Exp $ */
+/* $NetBSD: create.c,v 1.59 2012/07/15 09:08:29 spz Exp $ */
/*-
* Copyright (c) 1989, 1993
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = @(#)create.c 8.1 (Berkeley) 6/6/93;
#else
-__RCSID($NetBSD: create.c,v 1.58 2009/04/03 21:18:59 apb Exp $);
+__RCSID($NetBSD: create.c,v 1.59 2012/07/15 09:08:29 spz Exp $);
#endif
#endif /* not lint */
@@ -259,9 +259,11 @@ statf(FTSENT *p)
(p-fts_info == FTS_SL || p-fts_info == FTS_SLNONE))
output(indent, link=%s, vispath(rlink(p-fts_accpath)));
#if HAVE_STRUCT_STAT_ST_FLAGS
- if (keys F_FLAGS p-fts_statp-st_flags != flags)
- output(indent, flags=%s,
- flags_to_string(p-fts_statp-st_flags, none));
+ if (keys F_FLAGS p-fts_statp-st_flags != flags) {
+ char *str = flags_to_string(p-fts_statp-st_flags, none);
+ output(indent, flags=%s, str);
+ free(str);
+ }
#endif
putchar('\n');
}
@@ -372,9 +374,11 @@ statd(FTS *t, FTSENT *parent, uid_t *pui
printf( mode=%#lo, (u_long)savemode);
if (keys F_NLINK)
printf( nlink=1);
- if (keys F_FLAGS)
- printf( flags=%s,
- flags_to_string(saveflags, none));
+ if (keys F_FLAGS) {
+ char *str = flags_to_string(saveflags, none);
+ printf( flags=%s, str);
+ free(str);
+ }
printf(\n);
*puid = saveuid;
*pgid = savegid;
CVS commit: src/dist/nvi/common
Module Name:src
Committed By: spz
Date: Sun Jul 15 09:13:59 UTC 2012
Modified Files:
src/dist/nvi/common: exf.c
Log Message:
Use after free (Coverity 273146)
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/dist/nvi/common/exf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/nvi/common/exf.c
diff -u src/dist/nvi/common/exf.c:1.4 src/dist/nvi/common/exf.c:1.5
--- src/dist/nvi/common/exf.c:1.4 Sat Nov 14 20:01:20 2009
+++ src/dist/nvi/common/exf.c Sun Jul 15 09:13:59 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: exf.c,v 1.4 2009/11/14 20:01:20 tnozaki Exp $ */
+/* $NetBSD: exf.c,v 1.5 2012/07/15 09:13:59 spz Exp $ */
/*-
* Copyright (c) 1992, 1993, 1994
@@ -173,6 +173,7 @@ file_init(SCR *sp, FREF *frp, char *rcv_
exfp-minode == sb.st_ino
(exfp != sp-ep || exfp-refcnt 1)) {
ep = exfp;
+oname = ep-rcv_path;
goto postinit;
}
}
@@ -807,8 +808,10 @@ file_end(SCR *sp, EXF *ep, int force)
(void)close(ep-rcv_fd);
if (ep-env_path != NULL)
free(ep-env_path);
- if (ep-rcv_path != NULL)
+ if (ep-rcv_path != NULL) {
free(ep-rcv_path);
+ ep-rcv_path = NULL;
+ }
if (ep-rcv_mpath != NULL)
free(ep-rcv_mpath);
@@ -1251,6 +1254,8 @@ file_backup(SCR *sp, const char *name, c
}
if (bp != NULL)
FREE_SPACE(sp, bp, blen);
+ if (d != NULL)
+ free(d);
return (0);
alloc_err:
CVS commit: src/sys/dev/acpi
Module Name:src
Committed By: spz
Date: Sun Jul 15 11:52:01 UTC 2012
Modified Files:
src/sys/dev/acpi: thinkpad_acpi.c
Log Message:
add function switch to switch on/off wireless WAN, aka GSM et al modem
not tested to actually work, extensively tested not to do any harm if you
don't have a wwan
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 src/sys/dev/acpi/thinkpad_acpi.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/acpi/thinkpad_acpi.c
diff -u src/sys/dev/acpi/thinkpad_acpi.c:1.39 src/sys/dev/acpi/thinkpad_acpi.c:1.40
--- src/sys/dev/acpi/thinkpad_acpi.c:1.39 Mon Jun 20 15:00:04 2011
+++ src/sys/dev/acpi/thinkpad_acpi.c Sun Jul 15 11:52:01 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: thinkpad_acpi.c,v 1.39 2011/06/20 15:00:04 pgoyette Exp $ */
+/* $NetBSD: thinkpad_acpi.c,v 1.40 2012/07/15 11:52:01 spz Exp $ */
/*-
* Copyright (c) 2007 Jared D. McNeill jmcne...@invisible.ca
@@ -27,7 +27,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: thinkpad_acpi.c,v 1.39 2011/06/20 15:00:04 pgoyette Exp $);
+__KERNEL_RCSID(0, $NetBSD: thinkpad_acpi.c,v 1.40 2012/07/15 11:52:01 spz Exp $);
#include sys/param.h
#include sys/device.h
@@ -79,7 +79,7 @@ typedef struct thinkpad_softc {
#define THINKPAD_NOTIFY_BatteryInfo 0x003
#define THINKPAD_NOTIFY_SleepButton 0x004
#define THINKPAD_NOTIFY_WirelessSwitch 0x005
-#define THINKPAD_NOTIFY_FnF6 0x006
+#define THINKPAD_NOTIFY_wWANSwitch 0x006
#define THINKPAD_NOTIFY_DisplayCycle 0x007
#define THINKPAD_NOTIFY_PointerSwitch 0x008
#define THINKPAD_NOTIFY_EjectButton 0x009
@@ -120,6 +120,7 @@ static void thinkpad_temp_refresh(struct
static void thinkpad_fan_refresh(struct sysmon_envsys *, envsys_data_t *);
static void thinkpad_wireless_toggle(thinkpad_softc_t *);
+static void thinkpad_wwan_toggle(thinkpad_softc_t *);
static bool thinkpad_resume(device_t, const pmf_qual_t *);
static void thinkpad_brightness_up(device_t);
@@ -348,6 +349,9 @@ thinkpad_get_hotkeys(void *opaque)
case THINKPAD_NOTIFY_WirelessSwitch:
thinkpad_wireless_toggle(sc);
break;
+ case THINKPAD_NOTIFY_wWANSwitch:
+ thinkpad_wwan_toggle(sc);
+ break;
case THINKPAD_NOTIFY_SleepButton:
if (sc-sc_smpsw_valid == false)
break;
@@ -405,7 +409,6 @@ thinkpad_get_hotkeys(void *opaque)
PSWITCH_EVENT_PRESSED);
break;
case THINKPAD_NOTIFY_FnF1:
- case THINKPAD_NOTIFY_FnF6:
case THINKPAD_NOTIFY_PointerSwitch:
case THINKPAD_NOTIFY_FnF10:
case THINKPAD_NOTIFY_FnF11:
@@ -590,6 +593,13 @@ thinkpad_wireless_toggle(thinkpad_softc_
(void)AcpiEvaluateObject(sc-sc_node-ad_handle, GWAN, NULL, NULL);
}
+static void
+thinkpad_wwan_toggle(thinkpad_softc_t *sc)
+{
+ /* Ignore return value, as the hardware may not support wireless WAN */
+ (void)AcpiEvaluateObject(sc-sc_node-ad_handle, WTGL, NULL, NULL);
+}
+
static uint8_t
thinkpad_brightness_read(thinkpad_softc_t *sc)
{
CVS commit: src
Module Name:src
Committed By: spz
Date: Sat Jul 14 16:04:06 UTC 2012
Modified Files:
src/distrib/sets: sets.subr
src/distrib/sets/lists/base: shl.mi
src/share/man/man5: mk.conf.5
src/share/mk: bsd.README bsd.own.mk
src/tests/crypto/libcrypto: t_ciphers.sh t_hashes.sh
Log Message:
more MKCRYPTO_IDEA and MKCRYPTO_MDC2 removal (resp, adjustment to IDEA and
MBC2 now always being included)
MKCRYPTO_RC5 now builds shared libs, add the missing files to sets
To generate a diff of this commit:
cvs rdiff -u -r1.136 -r1.137 src/distrib/sets/sets.subr
cvs rdiff -u -r1.631 -r1.632 src/distrib/sets/lists/base/shl.mi
cvs rdiff -u -r1.59 -r1.60 src/share/man/man5/mk.conf.5
cvs rdiff -u -r1.296 -r1.297 src/share/mk/bsd.README
cvs rdiff -u -r1.699 -r1.700 src/share/mk/bsd.own.mk
cvs rdiff -u -r1.3 -r1.4 src/tests/crypto/libcrypto/t_ciphers.sh
cvs rdiff -u -r1.1 -r1.2 src/tests/crypto/libcrypto/t_hashes.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/sets.subr
diff -u src/distrib/sets/sets.subr:1.136 src/distrib/sets/sets.subr:1.137
--- src/distrib/sets/sets.subr:1.136 Fri Feb 17 00:00:39 2012
+++ src/distrib/sets/sets.subr Sat Jul 14 16:04:04 2012
@@ -1,4 +1,4 @@
-# $NetBSD: sets.subr,v 1.136 2012/02/17 00:00:39 christos Exp $
+# $NetBSD: sets.subr,v 1.137 2012/07/14 16:04:04 spz Exp $
#
#
@@ -172,7 +172,7 @@ SUBST=${SUBST};s#@MACHINE@#${MACHINE}#g
# In each file, a record consists of a path and a System Package name,
# separated by whitespace. E.g.,
#
-# # $NetBSD: sets.subr,v 1.136 2012/02/17 00:00:39 christos Exp $
+# # $NetBSD: sets.subr,v 1.137 2012/07/14 16:04:04 spz Exp $
# . base-sys-root [keyword[,...]]
# ./altroot base-sys-root
# ./bin base-sys-root
@@ -199,8 +199,6 @@ SUBST=${SUBST};s#@MACHINE@#${MACHINE}#g
# catpages ${MKCATPAGES} != no
# compat ${MKCOMPAT} != no
# crypto ${MKCRYPTO} != no
-# crypto_idea ${MKCRYPTO_IDEA} != no
-# crypto_mdc2 ${MKCRYPTO_MDC2} != no
# crypto_rc5 ${MKCRYPTO_RC5} != no
# cvs ${MKCVS} != no
# debug ${MKDEBUG} != no
Index: src/distrib/sets/lists/base/shl.mi
diff -u src/distrib/sets/lists/base/shl.mi:1.631 src/distrib/sets/lists/base/shl.mi:1.632
--- src/distrib/sets/lists/base/shl.mi:1.631 Wed Jul 11 22:42:39 2012
+++ src/distrib/sets/lists/base/shl.mi Sat Jul 14 16:04:05 2012
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.631 2012/07/11 22:42:39 jmmv Exp $
+# $NetBSD: shl.mi,v 1.632 2012/07/14 16:04:05 spz Exp $
#
# Note: Don't delete entries from here - mark them as obsolete instead,
# unless otherwise stated below.
@@ -194,8 +194,10 @@
./usr/lib/libcrypto_idea.so.7.0 base-obsolete obsolete
./usr/lib/libcrypto_mdc2.so.7 base-obsolete obsolete
./usr/lib/libcrypto_mdc2.so.7.0 base-obsolete obsolete
+./usr/lib/libcrypto_rc5.so base-crypto-shlib crypto,crypto_rc5
./usr/lib/libcrypto_rc5.so.7 base-crypto-shlib crypto,crypto_rc5
./usr/lib/libcrypto_rc5.so.7.0 base-crypto-shlib crypto,crypto_rc5
+./usr/lib/libcrypto_rc5_pic.a base-crypto-shlib crypto,crypto_rc5
./usr/lib/libctf.sobase-sys-shlib dtrace
./usr/lib/libctf.so.2base-sys-shlib dtrace
./usr/lib/libctf.so.2.0base-sys-shlib dtrace
Index: src/share/man/man5/mk.conf.5
diff -u src/share/man/man5/mk.conf.5:1.59 src/share/man/man5/mk.conf.5:1.60
--- src/share/man/man5/mk.conf.5:1.59 Sun Mar 11 23:42:06 2012
+++ src/share/man/man5/mk.conf.5 Sat Jul 14 16:04:05 2012
@@ -1,4 +1,4 @@
-.\ $NetBSD: mk.conf.5,v 1.59 2012/03/11 23:42:06 njoly Exp $
+.\ $NetBSD: mk.conf.5,v 1.60 2012/07/14 16:04:05 spz Exp $
.\
.\ Copyright (c) 1999-2003 The NetBSD Foundation, Inc.
.\ All rights reserved.
@@ -266,18 +266,6 @@ If
acts as
.Sy MKKERBEROS=no .
.
-.It Sy MKCRYPTO_IDEA
-.YorN
-Indicates whether IDEA support will be built into
-.Sy libcrypto_idea.a .
-.DFLTn
-.
-.It Sy MKCRYPTO_MDC2
-.YorN
-Indicates whether MDC2 support will be built into
-.Sy libcrypto_mdc2.a .
-.DFLTn
-.
.It Sy MKCRYPTO_RC5
.YorN
Indicates whether RC5 support will be built into
Index: src/share/mk/bsd.README
diff -u src/share/mk/bsd.README:1.296 src/share/mk/bsd.README:1.297
--- src/share/mk/bsd.README:1.296 Tue Jun 19 06:20:13 2012
+++ src/share/mk/bsd.README Sat Jul 14 16:04:06 2012
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.README,v 1.296 2012/06/19 06:20:13 plunky Exp $
+# $NetBSD: bsd.README,v 1.297 2012/07/14 16:04:06 spz Exp $
# @(#)bsd.README 8.2 (Berkeley) 4/2/94
This is the README file for the make include files for the NetBSD
@@ -140,13 +140,7 @@ MKCRYPTO If no, no cryptography suppor
and also acts as MKKERBEROS=no.
Default: yes
-MKCRYPTO_IDEA If not no, IDEA support will be built into libcrypto_idea.a.
- Default: no
-
-MKCRYPTO_MDC2 If not no, MDC2 support will be built into libcrypto_mdc2.a
- Default: no
-
-MKCRYPTO_RC5 If not no, RC5 support will be built into libcrypto_rc5.a.
+MKCRYPTO_RC5 If not no, RC5 support
CVS commit: src/share/man/man4
Module Name:src Committed By: spz Date: Sat Jul 7 21:29:03 UTC 2012 Modified Files: src/share/man/man4: tpm.4 Log Message: platfrom - platform copyright name UTF8ified To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/share/man/man4/tpm.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man4/tpm.4 diff -u src/share/man/man4/tpm.4:1.2 src/share/man/man4/tpm.4:1.3 --- src/share/man/man4/tpm.4:1.2 Sun Jan 22 11:26:48 2012 +++ src/share/man/man4/tpm.4 Sat Jul 7 21:29:03 2012 @@ -1,6 +1,6 @@ -.\ $NetBSD: tpm.4,v 1.2 2012/01/22 11:26:48 wiz Exp $ +.\ $NetBSD: tpm.4,v 1.3 2012/07/07 21:29:03 spz Exp $ .\ -.\ Copyright (c) 2010 Hans-Jörg Höxer, hans-joerg.hoe...@genua.de +.\ Copyright (c) 2010 Hans-Jörg Höxer, hans-joerg.hoe...@genua.de .\ .\ Permission to use, copy, modify, and distribute this software for any .\ purpose with or without fee is hereby granted, provided that the above @@ -26,7 +26,7 @@ .Sh DESCRIPTION The .Nm -driver provides support for various trusted platfrom modules (TPM) that can +driver provides support for various trusted platform modules (TPM) that can store cryptographic keys. .Pp Supported modules:
CVS commit: src/external/mit/expat/dist
Module Name:src Committed By: spz Date: Fri Apr 6 10:23:44 UTC 2012 Update of /cvsroot/src/external/mit/expat/dist In directory ivanova.netbsd.org:/tmp/cvs-serv16154 Log Message: import of expat 2.1.0 Fixes CVE-2012-1147, CVE-2012-1148 and CVE-2012-0876 (other security issues have been previously fixed in our tree) relevant Changes: Release 2.1.0 Sat March 24 2012 - Bug Fixes: #1742315: Harmful XML_ParserCreateNS suggestion. #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. #1785430: Expat build fails on linux-amd64 with gcc version=4.1 -O3. #1983953, 2517952, 2517962, 2649838: Build modifications using autoreconf instead of buildconf.sh. #2815947, #2884086: OBJEXT and EXEEXT support while building. #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. #2517938: xmlwf should return non-zero exit status if not well-formed. #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. #2855609: Dangling positionPtr after error. #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). #2958794: CVE-2012-1148 - Memory leak in poolGrow. #2990652: CMake support. #3010819: UNEXPECTED_STATE with a trailing % in entity value. #3206497: Unitialized memory returned from XML_Parse. #3287849: make check fails on mingw-w64. #3496608: CVE-2012-0876 - Hash DOS attack. - Patches: #1749198: pkg-config support. #3010222: Fix for bug #3010819. #3312568: CMake support. #3446384: Report byte offsets for attr names and values. - New Features / API changes: Added new API member XML_SetHashSalt() that allows setting an intial value (salt) for hash calculations. This is part of the fix for bug #3496608 to randomize hash parameters. When compiled with XML_ATTR_INFO defined, adds new API member XML_GetAttributeInfo() that allows retrieving the byte offsets for attribute names and values (patch #3446384). Added CMake build system. See bug #2990652 and patch #3312568. Added run-benchmark target to Makefile.in - relies on testdata module present in the same relative location as in the repository. Status: Vendor Tag: expat Release Tags: expat-2-1-0 N src/external/mit/expat/dist/CMakeLists.txt U src/external/mit/expat/dist/COPYING U src/external/mit/expat/dist/expat.dsw U src/external/mit/expat/dist/README U src/external/mit/expat/dist/Changes N src/external/mit/expat/dist/ConfigureChecks.cmake U src/external/mit/expat/dist/configure N src/external/mit/expat/dist/expat.pc.in N src/external/mit/expat/dist/expat_config.h.cmake N src/external/mit/expat/dist/CMake.README U src/external/mit/expat/dist/MANIFEST U src/external/mit/expat/dist/expat_config.h.in U src/external/mit/expat/dist/Makefile.in U src/external/mit/expat/dist/configure.in N src/external/mit/expat/dist/aclocal.m4 C src/external/mit/expat/dist/conftools/mkinstalldirs U src/external/mit/expat/dist/conftools/PrintPath U src/external/mit/expat/dist/conftools/config.sub U src/external/mit/expat/dist/conftools/expat.m4 U src/external/mit/expat/dist/conftools/get-version.sh U src/external/mit/expat/dist/conftools/install-sh U src/external/mit/expat/dist/conftools/ltmain.sh U src/external/mit/expat/dist/conftools/config.guess C src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 U src/external/mit/expat/dist/examples/outline.c U src/external/mit/expat/dist/examples/elements.c U src/external/mit/expat/dist/examples/elements.dsp U src/external/mit/expat/dist/examples/outline.dsp U src/external/mit/expat/dist/bcb5/libexpatw_mtd.def U src/external/mit/expat/dist/bcb5/expat_static.mak U src/external/mit/expat/dist/bcb5/outline.mak U src/external/mit/expat/dist/bcb5/xmlwf.bpf U src/external/mit/expat/dist/bcb5/all_projects.bpg U src/external/mit/expat/dist/bcb5/expatw.mak U src/external/mit/expat/dist/bcb5/expat.mak U src/external/mit/expat/dist/bcb5/xmlwf.bpr U src/external/mit/expat/dist/bcb5/expat_static.bpf U src/external/mit/expat/dist/bcb5/expatw.bpf U src/external/mit/expat/dist/bcb5/makefile.mak U src/external/mit/expat/dist/bcb5/outline.bpr U src/external/mit/expat/dist/bcb5/expatw.bpr U src/external/mit/expat/dist/bcb5/expat.bpf U src/external/mit/expat/dist/bcb5/setup.bat U src/external/mit/expat/dist/bcb5/outline.bpf U src/external/mit/expat/dist/bcb5/elements.bpr U src/external/mit/expat/dist/bcb5/elements.mak U src/external/mit/expat/dist/bcb5/elements.bpf U src/external/mit/expat/dist/bcb5/README.txt U src/external/mit/expat/dist/bcb5/expatw_static.mak U src/external/mit/expat/dist/bcb5/expatw_static.bpf U src/external/mit/expat/dist/bcb5/libexpat_mtd.def U src/external/mit/expat/dist/bcb5/expat_static.bpr U
CVS commit: src/external/mit/expat/dist
Module Name:src Committed By: spz Date: Fri Apr 6 10:46:13 UTC 2012 Modified Files: src/external/mit/expat/dist/conftools: ac_c_bigendian_cross.m4 mkinstalldirs src/external/mit/expat/dist/lib: xmlparse.c xmltok_impl.c Removed Files: src/external/mit/expat/dist/amiga: stdlib.c src/external/mit/expat/dist/conftools: libtool.m4 Log Message: merge expat-2.1.0 To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r0 src/external/mit/expat/dist/amiga/stdlib.c cvs rdiff -u -r1.2 -r1.3 \ src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 \ src/external/mit/expat/dist/conftools/mkinstalldirs cvs rdiff -u -r1.1.1.1 -r0 src/external/mit/expat/dist/conftools/libtool.m4 cvs rdiff -u -r1.2 -r1.3 src/external/mit/expat/dist/lib/xmlparse.c \ src/external/mit/expat/dist/lib/xmltok_impl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 diff -u src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4:1.2 src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4:1.3 --- src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4:1.2 Sat Feb 11 18:22:58 2012 +++ src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4 Fri Apr 6 10:46:13 2012 @@ -7,7 +7,7 @@ dnl The implementation will create a bin dnl the binary it will be grep'ed for some symbols that will look dnl different for different endianess of the binary. dnl -dnl @version $Id: ac_c_bigendian_cross.m4,v 1.2 2012/02/11 18:22:58 tron Exp $ +dnl @version Id: ac_c_bigendian_cross.m4,v 1.2 2001/10/01 20:03:13 fdrake Exp dnl @author Guido Draheim gui...@gmx.de dnl AC_DEFUN([AC_C_BIGENDIAN_CROSS], Index: src/external/mit/expat/dist/conftools/mkinstalldirs diff -u src/external/mit/expat/dist/conftools/mkinstalldirs:1.2 src/external/mit/expat/dist/conftools/mkinstalldirs:1.3 --- src/external/mit/expat/dist/conftools/mkinstalldirs:1.2 Sat Feb 11 18:22:58 2012 +++ src/external/mit/expat/dist/conftools/mkinstalldirs Fri Apr 6 10:46:13 2012 @@ -4,7 +4,7 @@ # Created: 1993-05-16 # Public domain -# $Id: mkinstalldirs,v 1.2 2012/02/11 18:22:58 tron Exp $ +# Id: mkinstalldirs,v 1.1 2000/09/18 16:26:21 coopercc Exp errstatus=0 Index: src/external/mit/expat/dist/lib/xmlparse.c diff -u src/external/mit/expat/dist/lib/xmlparse.c:1.2 src/external/mit/expat/dist/lib/xmlparse.c:1.3 --- src/external/mit/expat/dist/lib/xmlparse.c:1.2 Sat Feb 11 18:22:58 2012 +++ src/external/mit/expat/dist/lib/xmlparse.c Fri Apr 6 10:46:13 2012 @@ -5,6 +5,8 @@ #include stddef.h #include string.h /* memset(), memcpy() */ #include assert.h +#include limits.h /* UINT_MAX */ +#include time.h /* time() */ #define XML_BUILDING_EXPAT 1 @@ -12,7 +14,7 @@ #include winconfig.h #elif defined(MACOS_CLASSIC) #include macconfig.h -#elif defined(__amigaos4__) +#elif defined(__amigaos__) #include amigaconfig.h #elif defined(__WATCOMC__) #include watcomconfig.h @@ -327,15 +329,15 @@ processXmlDecl(XML_Parser parser, int is static enum XML_Error initializeEncoding(XML_Parser parser); static enum XML_Error -doProlog(XML_Parser parser, const ENCODING *enc, const char *s, - const char *end, int tok, const char *next, const char **nextPtr, +doProlog(XML_Parser parser, const ENCODING *enc, const char *s, + const char *end, int tok, const char *next, const char **nextPtr, XML_Bool haveMore); static enum XML_Error -processInternalEntity(XML_Parser parser, ENTITY *entity, +processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl); static enum XML_Error doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, - const char *start, const char *end, const char **endPtr, + const char *start, const char *end, const char **endPtr, XML_Bool haveMore); static enum XML_Error doCdataSection(XML_Parser parser, const ENCODING *, const char **startPtr, @@ -353,7 +355,7 @@ static enum XML_Error addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, const XML_Char *uri, BINDING **bindingsPtr); static int -defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *, XML_Bool isCdata, +defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *, XML_Bool isCdata, XML_Bool isId, const XML_Char *dfltValue, XML_Parser parser); static enum XML_Error storeAttributeValue(XML_Parser parser, const ENCODING *, XML_Bool isCdata, @@ -391,12 +393,13 @@ static void dtdReset(DTD *p, const XML_M static void dtdDestroy(DTD *p, XML_Bool isDocEntity, const XML_Memory_Handling_Suite *ms); static int -dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms); +dtdCopy(XML_Parser oldParser, +DTD *newDtd, const DTD *oldDtd, const
