CVS commit: [netbsd-6] src/sys/arch/arc/include

[Nick Hudson]

Module Name:src
Committed By:   skrll
Date:   Tue Aug 16 14:09:27 UTC 2022

Modified Files:
src/sys/arch/arc/include [netbsd-6]: pci_machdep.h

Log Message:
Remove commits to wrong branch.


To generate a diff of this commit:
cvs rdiff -u -r1.9.10.2 -r1.9.10.3 src/sys/arch/arc/include/pci_machdep.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/arc/include/pci_machdep.h
diff -u src/sys/arch/arc/include/pci_machdep.h:1.9.10.2 src/sys/arch/arc/include/pci_machdep.h:1.9.10.3
--- src/sys/arch/arc/include/pci_machdep.h:1.9.10.2	Tue Aug 16 13:55:15 2022
+++ src/sys/arch/arc/include/pci_machdep.h	Tue Aug 16 14:09:27 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: pci_machdep.h,v 1.9.10.2 2022/08/16 13:55:15 skrll Exp $ */
+/* $NetBSD: pci_machdep.h,v 1.9.10.3 2022/08/16 14:09:27 skrll Exp $ */
 /* NetBSD: pci_machdep.h,v 1.3 1999/03/19 03:40:46 cgd Exp  */
 
 /*
@@ -28,9 +28,6 @@
  * rights to redistribute these changes.
  */
 
-#ifndef	_MACHINE_PCI_MACHDEP_H_
-#define	_MACHINE_PCI_MACHDEP_H_
-
 /*
  * Machine-specific definitions for PCI autoconfiguration.
  */
@@ -103,7 +100,5 @@ struct arc_pci_chipset {
 (*(c)->pc_intr_disestablish)((c), (iv))
 #define	pci_conf_interrupt(c, b, d, f, s, i)\
 (*(c)->pc_conf_interrupt)((c), (b), (d), (f), (s), (i))
-#define	pci_conf_hook(c, b, d, f, i)	\
+#define	pci_conf_hook(c, b, d, f, i)\
 (*(c)->pc_conf_hook)((c), (b), (d), (f), (i))
-
-#endif /* _MACHINE_PCI_MACHDEP_H_ */

CVS commit: [netbsd-6] src/sys/arch/arc/include

[Nick Hudson]

Module Name:src
Committed By:   skrll
Date:   Tue Aug 16 14:09:27 UTC 2022

Modified Files:
src/sys/arch/arc/include [netbsd-6]: pci_machdep.h

Log Message:
Remove commits to wrong branch.


To generate a diff of this commit:
cvs rdiff -u -r1.9.10.2 -r1.9.10.3 src/sys/arch/arc/include/pci_machdep.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/arch/arc/include

[Nick Hudson]

Module Name:src
Committed By:   skrll
Date:   Tue Aug 16 13:55:15 UTC 2022

Modified Files:
src/sys/arch/arc/include [netbsd-6]: pci_machdep.h

Log Message:
Multiple inclusion protection.


To generate a diff of this commit:
cvs rdiff -u -r1.9.10.1 -r1.9.10.2 src/sys/arch/arc/include/pci_machdep.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/arc/include/pci_machdep.h
diff -u src/sys/arch/arc/include/pci_machdep.h:1.9.10.1 src/sys/arch/arc/include/pci_machdep.h:1.9.10.2
--- src/sys/arch/arc/include/pci_machdep.h:1.9.10.1	Tue Aug 16 13:52:58 2022
+++ src/sys/arch/arc/include/pci_machdep.h	Tue Aug 16 13:55:15 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: pci_machdep.h,v 1.9.10.1 2022/08/16 13:52:58 skrll Exp $ */
+/* $NetBSD: pci_machdep.h,v 1.9.10.2 2022/08/16 13:55:15 skrll Exp $ */
 /* NetBSD: pci_machdep.h,v 1.3 1999/03/19 03:40:46 cgd Exp  */
 
 /*
@@ -28,6 +28,9 @@
  * rights to redistribute these changes.
  */
 
+#ifndef	_MACHINE_PCI_MACHDEP_H_
+#define	_MACHINE_PCI_MACHDEP_H_
+
 /*
  * Machine-specific definitions for PCI autoconfiguration.
  */
@@ -102,3 +105,5 @@ struct arc_pci_chipset {
 (*(c)->pc_conf_interrupt)((c), (b), (d), (f), (s), (i))
 #define	pci_conf_hook(c, b, d, f, i)	\
 (*(c)->pc_conf_hook)((c), (b), (d), (f), (i))
+
+#endif /* _MACHINE_PCI_MACHDEP_H_ */

CVS commit: [netbsd-6] src/sys/arch/arc/include

[Nick Hudson]

Module Name:src
Committed By:   skrll
Date:   Tue Aug 16 13:55:15 UTC 2022

Modified Files:
src/sys/arch/arc/include [netbsd-6]: pci_machdep.h

Log Message:
Multiple inclusion protection.


To generate a diff of this commit:
cvs rdiff -u -r1.9.10.1 -r1.9.10.2 src/sys/arch/arc/include/pci_machdep.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/arch/arc/include

[Nick Hudson]

Module Name:src
Committed By:   skrll
Date:   Tue Aug 16 13:52:58 UTC 2022

Modified Files:
src/sys/arch/arc/include [netbsd-6]: pci_machdep.h

Log Message:
Whitespace


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.10.1 src/sys/arch/arc/include/pci_machdep.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/arc/include/pci_machdep.h
diff -u src/sys/arch/arc/include/pci_machdep.h:1.9 src/sys/arch/arc/include/pci_machdep.h:1.9.10.1
--- src/sys/arch/arc/include/pci_machdep.h:1.9	Mon Apr  4 20:37:45 2011
+++ src/sys/arch/arc/include/pci_machdep.h	Tue Aug 16 13:52:58 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: pci_machdep.h,v 1.9 2011/04/04 20:37:45 dyoung Exp $ */
+/* $NetBSD: pci_machdep.h,v 1.9.10.1 2022/08/16 13:52:58 skrll Exp $ */
 /* NetBSD: pci_machdep.h,v 1.3 1999/03/19 03:40:46 cgd Exp  */
 
 /*
@@ -100,5 +100,5 @@ struct arc_pci_chipset {
 (*(c)->pc_intr_disestablish)((c), (iv))
 #define	pci_conf_interrupt(c, b, d, f, s, i)\
 (*(c)->pc_conf_interrupt)((c), (b), (d), (f), (s), (i))
-#define	pci_conf_hook(c, b, d, f, i)\
+#define	pci_conf_hook(c, b, d, f, i)	\
 (*(c)->pc_conf_hook)((c), (b), (d), (f), (i))

CVS commit: [netbsd-6] src/sys/arch/arc/include

[Nick Hudson]

Module Name:src
Committed By:   skrll
Date:   Tue Aug 16 13:52:58 UTC 2022

Modified Files:
src/sys/arch/arc/include [netbsd-6]: pci_machdep.h

Log Message:
Whitespace


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.10.1 src/sys/arch/arc/include/pci_machdep.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Jul  2 14:37:59 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1551


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.342 -r1.1.2.343 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.342 src/doc/CHANGES-6.2:1.1.2.343
--- src/doc/CHANGES-6.2:1.1.2.342	Sat Jun 30 11:42:34 2018
+++ src/doc/CHANGES-6.2	Mon Jul  2 14:37:59 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.342 2018/06/30 11:42:34 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.343 2018/07/02 14:37:59 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21286,3 +21286,9 @@ xsrc/xfree/xc/programs/mkfontscale/ident
 	Pass gzFile, not gzFile * to gzio functions.
 	[mrg, ticket #1550]
 
+gnu/dist/gcc4/gcc/toplev.h			(apply patch)
+
+	Avoid redefining functions.
+	[mrg, ticket #1551]
+
+

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Jul  2 14:37:59 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1551


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.342 -r1.1.2.343 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/gnu/dist/gcc4/gcc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Jul  2 14:36:42 UTC 2018

Modified Files:
src/gnu/dist/gcc4/gcc [netbsd-6]: toplev.h

Log Message:
Apply patch, requested by mrg in ticket #1551:

Avoid redefining functions.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.44.1 src/gnu/dist/gcc4/gcc/toplev.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/gnu/dist/gcc4/gcc/toplev.h
diff -u src/gnu/dist/gcc4/gcc/toplev.h:1.1.1.1 src/gnu/dist/gcc4/gcc/toplev.h:1.1.1.1.44.1
--- src/gnu/dist/gcc4/gcc/toplev.h:1.1.1.1	Thu Apr 20 10:19:17 2006
+++ src/gnu/dist/gcc4/gcc/toplev.h	Mon Jul  2 14:36:42 2018
@@ -158,6 +158,7 @@ extern int exact_log2  (
 /* Return floor of log2, with -1 for zero.  */
 extern int floor_log2  (unsigned HOST_WIDE_INT);
 
+#if 0 /* these are not valid, and break in GCC 5. */
 /* Inline versions of the above for speed.  */
 #if GCC_VERSION >= 3004
 # if HOST_BITS_PER_WIDE_INT == HOST_BITS_PER_LONG
@@ -183,6 +184,7 @@ exact_log2 (unsigned HOST_WIDE_INT x)
   return x == (x & -x) && x ? (int) CTZ_HWI (x) : -1;
 }
 #endif /* GCC_VERSION >= 3004 */
+#endif
 
 /* Functions used to get and set GCC's notion of in what directory
compilation was started.  */

CVS commit: [netbsd-6] src/gnu/dist/gcc4/gcc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Jul  2 14:36:42 UTC 2018

Modified Files:
src/gnu/dist/gcc4/gcc [netbsd-6]: toplev.h

Log Message:
Apply patch, requested by mrg in ticket #1551:

Avoid redefining functions.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.44.1 src/gnu/dist/gcc4/gcc/toplev.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sat Jun 30 11:42:34 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1550


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.341 -r1.1.2.342 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.341 src/doc/CHANGES-6.2:1.1.2.342
--- src/doc/CHANGES-6.2:1.1.2.341	Thu Jun  7 18:03:14 2018
+++ src/doc/CHANGES-6.2	Sat Jun 30 11:42:34 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.341 2018/06/07 18:03:14 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.342 2018/06/30 11:42:34 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21281,3 +21281,8 @@ sys/arch/sparc64/conf/NONPLUS(patch)
 	[maxv, ticket #1500]
 
 
+xsrc/xfree/xc/programs/mkfontscale/ident.c	(apply patch)
+
+	Pass gzFile, not gzFile * to gzio functions.
+	[mrg, ticket #1550]
+

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sat Jun 30 11:42:34 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1550


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.341 -r1.1.2.342 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu Jun  7 18:03:14 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ammend ticket #1500


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.340 -r1.1.2.341 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.340 src/doc/CHANGES-6.2:1.1.2.341
--- src/doc/CHANGES-6.2:1.1.2.340	Tue May 22 14:40:58 2018
+++ src/doc/CHANGES-6.2	Thu Jun  7 18:03:14 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.340 2018/05/22 14:40:58 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.341 2018/06/07 18:03:14 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21272,6 +21272,8 @@ sys/arch/sparc/conf/MRCOFFEE(patch)
 sys/arch/sparc/conf/TADPOLE3GX(patch)
 sys/arch/sparc64/conf/GENERIC(patch)
 sys/arch/sparc64/conf/NONPLUS64(patch)
+sys/arch/sparc64/conf/GENERIC32(patch)
+sys/arch/sparc64/conf/NONPLUS(patch)
 
 	Disable compat_svr4 and compat_svr4_32 everywhere.
 	Disable compat_ibcs2 everywhere but on Vax.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu Jun  7 18:03:14 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ammend ticket #1500


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.340 -r1.1.2.341 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/arch/sparc64/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu Jun  7 18:01:51 UTC 2018

Modified Files:
src/sys/arch/sparc64/conf [netbsd-6]: GENERIC32 NONPLUS

Log Message:
Fix fallout from ticket #1500: COMPAT_SVR4* has been disabled, do not
disable it here again.


To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.140.102.1 src/sys/arch/sparc64/conf/GENERIC32
cvs rdiff -u -r1.58 -r1.58.102.1 src/sys/arch/sparc64/conf/NONPLUS

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/arch/sparc64/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu Jun  7 18:01:51 UTC 2018

Modified Files:
src/sys/arch/sparc64/conf [netbsd-6]: GENERIC32 NONPLUS

Log Message:
Fix fallout from ticket #1500: COMPAT_SVR4* has been disabled, do not
disable it here again.


To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.140.102.1 src/sys/arch/sparc64/conf/GENERIC32
cvs rdiff -u -r1.58 -r1.58.102.1 src/sys/arch/sparc64/conf/NONPLUS

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/sparc64/conf/GENERIC32
diff -u src/sys/arch/sparc64/conf/GENERIC32:1.140 src/sys/arch/sparc64/conf/GENERIC32:1.140.102.1
--- src/sys/arch/sparc64/conf/GENERIC32:1.140	Fri Jun 30 10:27:48 2006
+++ src/sys/arch/sparc64/conf/GENERIC32	Thu Jun  7 18:01:51 2018
@@ -1,13 +1,13 @@
-# $NetBSD: GENERIC32,v 1.140 2006/06/30 10:27:48 tsutsui Exp $
+# $NetBSD: GENERIC32,v 1.140.102.1 2018/06/07 18:01:51 martin Exp $
 #
 # GENERIC machine description file for 32-bit kernel
 #
 
 include 	"arch/sparc64/conf/GENERIC"
 
-#ident		"GENERIC32-$Revision: 1.140 $"
+#ident		"GENERIC32-$Revision: 1.140.102.1 $"
 
 include 	"arch/sparc64/conf/std.sparc64-32"
 
 no options 	COMPAT_NETBSD32
-no options 	COMPAT_SVR4_32
+#no options 	COMPAT_SVR4_32

Index: src/sys/arch/sparc64/conf/NONPLUS
diff -u src/sys/arch/sparc64/conf/NONPLUS:1.58 src/sys/arch/sparc64/conf/NONPLUS:1.58.102.1
--- src/sys/arch/sparc64/conf/NONPLUS:1.58	Fri Jun 30 10:27:48 2006
+++ src/sys/arch/sparc64/conf/NONPLUS	Thu Jun  7 18:01:51 2018
@@ -1,9 +1,9 @@
-# 	$NetBSD: NONPLUS,v 1.58 2006/06/30 10:27:48 tsutsui Exp $
+# 	$NetBSD: NONPLUS,v 1.58.102.1 2018/06/07 18:01:51 martin Exp $
 
 include "arch/sparc64/conf/NONPLUS64"
 include "arch/sparc64/conf/std.sparc64-32"
 
-#ident 		"NONPLUS-$Revision: 1.58 $"
+#ident 		"NONPLUS-$Revision: 1.58.102.1 $"
 
 no options 	COMPAT_NETBSD32	# NetBSD/sparc binary compatibility
-no options 	COMPAT_SVR4_32	# 32-bit SVR4 binaries
+#no options 	COMPAT_SVR4_32	# 32-bit SVR4 binaries

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue May 22 14:40:58 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1500


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.339 -r1.1.2.340 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.339 src/doc/CHANGES-6.2:1.1.2.340
--- src/doc/CHANGES-6.2:1.1.2.339	Thu May 17 13:46:08 2018
+++ src/doc/CHANGES-6.2	Tue May 22 14:40:58 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.339 2018/05/17 13:46:08 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.340 2018/05/22 14:40:58 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21257,3 +21257,25 @@ sys/net/npf/npf_inet.c1.45 (patch)
 	Fix use-after-free.
 	[maxv, ticket #1549]
 
+sys/kern/kern_exec.c	(patch)
+sys/arch/amiga/conf/DRACO(patch)
+sys/arch/amiga/conf/GENERIC(patch)
+sys/arch/amiga/conf/GENERIC.in(patch)
+sys/arch/hp300/conf/GENERIC(patch)
+sys/arch/i386/conf/GENERIC(patch)
+sys/arch/i386/conf/XEN3_DOM0(patch)
+sys/arch/i386/conf/XEN3_DOMU(patch)
+sys/arch/sparc/conf/BILL-THE-CAT			(patch)
+sys/arch/sparc/conf/GENERIC(patch)
+sys/arch/sparc/conf/KRUPS(patch)
+sys/arch/sparc/conf/MRCOFFEE(patch)
+sys/arch/sparc/conf/TADPOLE3GX(patch)
+sys/arch/sparc64/conf/GENERIC(patch)
+sys/arch/sparc64/conf/NONPLUS64(patch)
+
+	Disable compat_svr4 and compat_svr4_32 everywhere.
+	Disable compat_ibcs2 everywhere but on Vax.
+	Disable autoload of modules for svr4/svr4_32/ibcs2/freebsd.
+	[maxv, ticket #1500]
+
+

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue May 22 14:40:58 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1500


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.339 -r1.1.2.340 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue May 22 14:38:20 UTC 2018

Modified Files:
src/sys/arch/amiga/conf [netbsd-6]: DRACO GENERIC GENERIC.in
src/sys/arch/hp300/conf [netbsd-6]: GENERIC
src/sys/arch/i386/conf [netbsd-6]: GENERIC XEN3_DOM0 XEN3_DOMU
src/sys/arch/sparc/conf [netbsd-6]: BILL-THE-CAT GENERIC KRUPS MRCOFFEE
TADPOLE3GX
src/sys/arch/sparc64/conf [netbsd-6]: GENERIC NONPLUS64
src/sys/kern [netbsd-6]: kern_exec.c

Log Message:
Apply patch requested by maxv in ticket #1500:

 * disable compat_svr4 and compat_svr4_32 everywhere
 * disable compat_ibcs2 everywhere but on Vax
 * remove the svr4/svr4_32/ibcs2/freebsd entries from the autoload list


To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.154.2.1 src/sys/arch/amiga/conf/DRACO
cvs rdiff -u -r1.284 -r1.284.2.1 src/sys/arch/amiga/conf/GENERIC
cvs rdiff -u -r1.96 -r1.96.2.1 src/sys/arch/amiga/conf/GENERIC.in
cvs rdiff -u -r1.169.2.1 -r1.169.2.2 src/sys/arch/hp300/conf/GENERIC
cvs rdiff -u -r1.1066.2.8 -r1.1066.2.9 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.60.2.7 -r1.60.2.8 src/sys/arch/i386/conf/XEN3_DOM0
cvs rdiff -u -r1.41.2.2 -r1.41.2.3 src/sys/arch/i386/conf/XEN3_DOMU
cvs rdiff -u -r1.51 -r1.51.4.1 src/sys/arch/sparc/conf/BILL-THE-CAT
cvs rdiff -u -r1.230 -r1.230.2.1 src/sys/arch/sparc/conf/GENERIC
cvs rdiff -u -r1.56.4.1 -r1.56.4.2 src/sys/arch/sparc/conf/KRUPS
cvs rdiff -u -r1.34 -r1.34.4.1 src/sys/arch/sparc/conf/MRCOFFEE
cvs rdiff -u -r1.54.4.1 -r1.54.4.2 src/sys/arch/sparc/conf/TADPOLE3GX
cvs rdiff -u -r1.148.2.2 -r1.148.2.3 src/sys/arch/sparc64/conf/GENERIC
cvs rdiff -u -r1.34 -r1.34.4.1 src/sys/arch/sparc64/conf/NONPLUS64
cvs rdiff -u -r1.339.2.10 -r1.339.2.11 src/sys/kern/kern_exec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amiga/conf/DRACO
diff -u src/sys/arch/amiga/conf/DRACO:1.154 src/sys/arch/amiga/conf/DRACO:1.154.2.1
--- src/sys/arch/amiga/conf/DRACO:1.154	Tue Jan 24 00:19:39 2012
+++ src/sys/arch/amiga/conf/DRACO	Tue May 22 14:38:20 2018
@@ -1,4 +1,4 @@
-# $NetBSD: DRACO,v 1.154 2012/01/24 00:19:39 rkujawa Exp $
+# $NetBSD: DRACO,v 1.154.2.1 2018/05/22 14:38:20 martin Exp $
 #
 # This file was automatically created.
 # Changes will be lost when make is run in this directory.
@@ -29,7 +29,7 @@ include "arch/amiga/conf/std.amiga"
 
 options 	INCLUDE_CONFIG_FILE	# embed config file in kernel binary
 
-#ident 		"GENERIC-$Revision: 1.154 $"
+#ident 		"GENERIC-$Revision: 1.154.2.1 $"
 
 
 maxusers	8
@@ -143,7 +143,7 @@ options 	COMPAT_30	# NetBSD 3.0 compatib
 options 	COMPAT_40	# NetBSD 4.0 compatibility.
 options 	COMPAT_50	# NetBSD 5.0 compatibility.
 options 	COMPAT_SUNOS	# Support to run Sun (m68k) executables
-options 	COMPAT_SVR4	# Support to run SVR4 (m68k) executables
+#options 	COMPAT_SVR4	# Support to run SVR4 (m68k) executables
 options 	COMPAT_NOMID	# allow nonvalid machine id executables
 #options 	COMPAT_LINUX	# Support to run Linux/m68k executables
 

Index: src/sys/arch/amiga/conf/GENERIC
diff -u src/sys/arch/amiga/conf/GENERIC:1.284 src/sys/arch/amiga/conf/GENERIC:1.284.2.1
--- src/sys/arch/amiga/conf/GENERIC:1.284	Tue Jan 24 00:19:39 2012
+++ src/sys/arch/amiga/conf/GENERIC	Tue May 22 14:38:20 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.284 2012/01/24 00:19:39 rkujawa Exp $
+# $NetBSD: GENERIC,v 1.284.2.1 2018/05/22 14:38:20 martin Exp $
 #
 # This file was automatically created.
 # Changes will be lost when make is run in this directory.
@@ -29,7 +29,7 @@ include "arch/amiga/conf/std.amiga"
 
 options 	INCLUDE_CONFIG_FILE	# embed config file in kernel binary
 
-#ident 		"GENERIC-$Revision: 1.284 $"
+#ident 		"GENERIC-$Revision: 1.284.2.1 $"
 
 
 maxusers	8
@@ -155,7 +155,7 @@ options 	COMPAT_30	# NetBSD 3.0 compatib
 options 	COMPAT_40	# NetBSD 4.0 compatibility.
 options 	COMPAT_50	# NetBSD 5.0 compatibility.
 options 	COMPAT_SUNOS	# Support to run Sun (m68k) executables
-options 	COMPAT_SVR4	# Support to run SVR4 (m68k) executables
+#options 	COMPAT_SVR4	# Support to run SVR4 (m68k) executables
 options 	COMPAT_NOMID	# allow nonvalid machine id executables
 #options 	COMPAT_LINUX	# Support to run Linux/m68k executables
 

Index: src/sys/arch/amiga/conf/GENERIC.in
diff -u src/sys/arch/amiga/conf/GENERIC.in:1.96 src/sys/arch/amiga/conf/GENERIC.in:1.96.2.1
--- src/sys/arch/amiga/conf/GENERIC.in:1.96	Tue Jan 24 00:19:39 2012
+++ src/sys/arch/amiga/conf/GENERIC.in	Tue May 22 14:38:20 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC.in,v 1.96 2012/01/24 00:19:39 rkujawa Exp $
+# $NetBSD: GENERIC.in,v 1.96.2.1 2018/05/22 14:38:20 martin Exp $
 #
 ##
 # GENERIC machine description file
@@ -52,7 +52,7 @@ include "arch/amiga/conf/std.amiga"
 
 options 	INCLUDE_CONFIG_FILE	# embed config file in kernel binary
 
-#ident 		"GENERIC-$Revision: 1.96 $"
+#ident 		"GENERIC-$Revision: 1.96.2.1 $"
 
 m4_ifdef(`INSTALL_CONFIGURATION', 

CVS commit: [netbsd-6] src/sys

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue May 22 14:38:20 UTC 2018

Modified Files:
src/sys/arch/amiga/conf [netbsd-6]: DRACO GENERIC GENERIC.in
src/sys/arch/hp300/conf [netbsd-6]: GENERIC
src/sys/arch/i386/conf [netbsd-6]: GENERIC XEN3_DOM0 XEN3_DOMU
src/sys/arch/sparc/conf [netbsd-6]: BILL-THE-CAT GENERIC KRUPS MRCOFFEE
TADPOLE3GX
src/sys/arch/sparc64/conf [netbsd-6]: GENERIC NONPLUS64
src/sys/kern [netbsd-6]: kern_exec.c

Log Message:
Apply patch requested by maxv in ticket #1500:

 * disable compat_svr4 and compat_svr4_32 everywhere
 * disable compat_ibcs2 everywhere but on Vax
 * remove the svr4/svr4_32/ibcs2/freebsd entries from the autoload list


To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.154.2.1 src/sys/arch/amiga/conf/DRACO
cvs rdiff -u -r1.284 -r1.284.2.1 src/sys/arch/amiga/conf/GENERIC
cvs rdiff -u -r1.96 -r1.96.2.1 src/sys/arch/amiga/conf/GENERIC.in
cvs rdiff -u -r1.169.2.1 -r1.169.2.2 src/sys/arch/hp300/conf/GENERIC
cvs rdiff -u -r1.1066.2.8 -r1.1066.2.9 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.60.2.7 -r1.60.2.8 src/sys/arch/i386/conf/XEN3_DOM0
cvs rdiff -u -r1.41.2.2 -r1.41.2.3 src/sys/arch/i386/conf/XEN3_DOMU
cvs rdiff -u -r1.51 -r1.51.4.1 src/sys/arch/sparc/conf/BILL-THE-CAT
cvs rdiff -u -r1.230 -r1.230.2.1 src/sys/arch/sparc/conf/GENERIC
cvs rdiff -u -r1.56.4.1 -r1.56.4.2 src/sys/arch/sparc/conf/KRUPS
cvs rdiff -u -r1.34 -r1.34.4.1 src/sys/arch/sparc/conf/MRCOFFEE
cvs rdiff -u -r1.54.4.1 -r1.54.4.2 src/sys/arch/sparc/conf/TADPOLE3GX
cvs rdiff -u -r1.148.2.2 -r1.148.2.3 src/sys/arch/sparc64/conf/GENERIC
cvs rdiff -u -r1.34 -r1.34.4.1 src/sys/arch/sparc64/conf/NONPLUS64
cvs rdiff -u -r1.339.2.10 -r1.339.2.11 src/sys/kern/kern_exec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May 17 13:46:08 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1549


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.338 -r1.1.2.339 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.338 src/doc/CHANGES-6.2:1.1.2.339
--- src/doc/CHANGES-6.2:1.1.2.338	Mon May 14 16:08:15 2018
+++ src/doc/CHANGES-6.2	Thu May 17 13:46:08 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.338 2018/05/14 16:08:15 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.339 2018/05/17 13:46:08 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21251,3 +21251,9 @@ sys/dev/ic/hme.c1.97
 	Fix mis-placed right parenthesis.
 	[pgoyette, ticket #1548]
 
+sys/net/npf/npf_alg_icmp.c			1.27,1.28 (patch)
+sys/net/npf/npf_inet.c1.45 (patch)
+
+	Fix use-after-free.
+	[maxv, ticket #1549]
+

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May 17 13:46:08 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1549


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.338 -r1.1.2.339 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/net/npf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May 17 13:45:15 UTC 2018

Modified Files:
src/sys/net/npf [netbsd-6]: npf_alg_icmp.c npf_inet.c

Log Message:
Pull up following revision(s) via patch (requested by maxv in ticket #1549):

sys/net/npf/npf_inet.c: revision 1.45
sys/net/npf/npf_alg_icmp.c: revision 1.27,1.28

Fix use-after-free.

The nbuf can be reallocated as a result of caching 'enpc', so it is
necessary to recache 'npc', otherwise it contains pointers to the freed
mbuf - pointers which are then used in the ruleset machinery.

We recache 'npc' when we are sure we won't use 'enpc' anymore, because
'enpc' can be clobbered as a result of caching 'npc' (in other words,
only one of the two can be cached at the same time).

Also, we recache 'npc' unconditionally, because there is no way to know
whether the nbuf got clobbered relatively to it. We can't use the
NBUF_DATAREF_RESET flag, because it is stored in the nbuf and not in the
cache.

Discussed with rmind@.

Change npf_cache_all so that it ensures the potential ICMP Query Id is in
the nbuf. In such a way that we don't need to ensure that later.
Change npfa_icmp4_inspect and npfa_icmp6_inspect so that they touch neither
the nbuf nor npc. Adapt their callers accordingly.

In the end, if a packet has a Query Id, we set NPC_ICMP_ID in npc and leave
right away, without recaching npc (not needed since we didn't touch the
nbuf).

This fixes the handling of Query Id packets (that I broke in my previous
commit), and also fixes another possible use-after-free.


To generate a diff of this commit:
cvs rdiff -u -r1.8.4.7 -r1.8.4.8 src/sys/net/npf/npf_alg_icmp.c
cvs rdiff -u -r1.10.4.10 -r1.10.4.11 src/sys/net/npf/npf_inet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/net/npf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May 17 13:45:15 UTC 2018

Modified Files:
src/sys/net/npf [netbsd-6]: npf_alg_icmp.c npf_inet.c

Log Message:
Pull up following revision(s) via patch (requested by maxv in ticket #1549):

sys/net/npf/npf_inet.c: revision 1.45
sys/net/npf/npf_alg_icmp.c: revision 1.27,1.28

Fix use-after-free.

The nbuf can be reallocated as a result of caching 'enpc', so it is
necessary to recache 'npc', otherwise it contains pointers to the freed
mbuf - pointers which are then used in the ruleset machinery.

We recache 'npc' when we are sure we won't use 'enpc' anymore, because
'enpc' can be clobbered as a result of caching 'npc' (in other words,
only one of the two can be cached at the same time).

Also, we recache 'npc' unconditionally, because there is no way to know
whether the nbuf got clobbered relatively to it. We can't use the
NBUF_DATAREF_RESET flag, because it is stored in the nbuf and not in the
cache.

Discussed with rmind@.

Change npf_cache_all so that it ensures the potential ICMP Query Id is in
the nbuf. In such a way that we don't need to ensure that later.
Change npfa_icmp4_inspect and npfa_icmp6_inspect so that they touch neither
the nbuf nor npc. Adapt their callers accordingly.

In the end, if a packet has a Query Id, we set NPC_ICMP_ID in npc and leave
right away, without recaching npc (not needed since we didn't touch the
nbuf).

This fixes the handling of Query Id packets (that I broke in my previous
commit), and also fixes another possible use-after-free.


To generate a diff of this commit:
cvs rdiff -u -r1.8.4.7 -r1.8.4.8 src/sys/net/npf/npf_alg_icmp.c
cvs rdiff -u -r1.10.4.10 -r1.10.4.11 src/sys/net/npf/npf_inet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/npf/npf_alg_icmp.c
diff -u src/sys/net/npf/npf_alg_icmp.c:1.8.4.7 src/sys/net/npf/npf_alg_icmp.c:1.8.4.8
--- src/sys/net/npf/npf_alg_icmp.c:1.8.4.7	Mon Feb 11 21:49:49 2013
+++ src/sys/net/npf/npf_alg_icmp.c	Thu May 17 13:45:15 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_alg_icmp.c,v 1.8.4.7 2013/02/11 21:49:49 riz Exp $	*/
+/*	$NetBSD: npf_alg_icmp.c,v 1.8.4.8 2018/05/17 13:45:15 martin Exp $	*/
 
 /*-
  * Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.8.4.7 2013/02/11 21:49:49 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.8.4.8 2018/05/17 13:45:15 martin Exp $");
 
 #include 
 #include 
@@ -162,12 +162,14 @@ npfa_icmp_match(npf_cache_t *npc, nbuf_t
 /*
  * npfa_icmp{4,6}_inspect: retrieve unique identifiers - either ICMP query
  * ID or TCP/UDP ports of the original packet, which is embedded.
+ *
+ * => Sets hasqid=true if the packet has a Query Id. In this case neither
+ *the nbuf nor npc is touched.
  */
 
 static bool
-npfa_icmp4_inspect(const int type, npf_cache_t *npc, nbuf_t *nbuf)
+npfa_icmp4_inspect(const int type, npf_cache_t *npc, nbuf_t *nbuf, bool *hasqid)
 {
-	u_int offby;
 
 	/* Per RFC 792. */
 	switch (type) {
@@ -191,12 +193,8 @@ npfa_icmp4_inspect(const int type, npf_c
 	case ICMP_TSTAMPREPLY:
 	case ICMP_IREQ:
 	case ICMP_IREQREPLY:
-		/* Should contain ICMP query ID - ensure. */
-		offby = offsetof(struct icmp, icmp_id);
-		if (!nbuf_advance(nbuf, offby, sizeof(uint16_t))) {
-			return false;
-		}
-		npc->npc_info |= NPC_ICMP_ID;
+		/* Contains ICMP query ID. */
+		*hasqid = true;
 		return true;
 	default:
 		break;
@@ -205,9 +203,8 @@ npfa_icmp4_inspect(const int type, npf_c
 }
 
 static bool
-npfa_icmp6_inspect(const int type, npf_cache_t *npc, nbuf_t *nbuf)
+npfa_icmp6_inspect(const int type, npf_cache_t *npc, nbuf_t *nbuf, bool *hasqid)
 {
-	u_int offby;
 
 	/* Per RFC 4443. */
 	switch (type) {
@@ -226,12 +223,8 @@ npfa_icmp6_inspect(const int type, npf_c
 
 	case ICMP6_ECHO_REQUEST:
 	case ICMP6_ECHO_REPLY:
-		/* Should contain ICMP query ID - ensure. */
-		offby = offsetof(struct icmp6_hdr, icmp6_id);
-		if (!nbuf_advance(nbuf, offby, sizeof(uint16_t))) {
-			return false;
-		}
-		npc->npc_info |= NPC_ICMP_ID;
+		/* Contains ICMP query ID. */
+		*hasqid = true;
 		return true;
 	default:
 		break;
@@ -242,12 +235,12 @@ npfa_icmp6_inspect(const int type, npf_c
 /*
  * npfa_icmp_session: ALG ICMP inspector.
  *
- * => Returns true if "enpc" is filled.
+ * => Returns false if there is a problem with the format.
  */
 static bool
 npfa_icmp_inspect(npf_cache_t *npc, nbuf_t *nbuf, npf_cache_t *enpc)
 {
-	bool ret;
+	bool ret, hasqid = false;
 
 	KASSERT(npf_iscached(npc, NPC_IP46));
 	KASSERT(npf_iscached(npc, NPC_ICMP));
@@ -265,10 +258,10 @@ npfa_icmp_inspect(npf_cache_t *npc, nbuf
 	 */
 	if (npf_iscached(npc, NPC_IP4)) {
 		const struct icmp *ic = npc->npc_l4.icmp;
-		ret = npfa_icmp4_inspect(ic->icmp_type, enpc, nbuf);
+		ret = npfa_icmp4_inspect(ic->icmp_type, enpc, nbuf, );
 	} else if (npf_iscached(npc, NPC_IP6)) {
 		const 

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon May 14 16:08:15 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1548


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.337 -r1.1.2.338 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.337 src/doc/CHANGES-6.2:1.1.2.338
--- src/doc/CHANGES-6.2:1.1.2.337	Thu May  3 15:05:46 2018
+++ src/doc/CHANGES-6.2	Mon May 14 16:08:15 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.337 2018/05/03 15:05:46 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.338 2018/05/14 16:08:15 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21246,3 +21246,8 @@ sys/kern/uipc_mbuf.c1.211 (patch)
 	the chain.
 	[maxv, ticket #1547]
 
+sys/dev/ic/hme.c1.97
+
+	Fix mis-placed right parenthesis.
+	[pgoyette, ticket #1548]
+

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon May 14 16:08:15 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1548


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.337 -r1.1.2.338 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/dev/ic

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon May 14 16:07:06 UTC 2018

Modified Files:
src/sys/dev/ic [netbsd-6]: hme.c

Log Message:
Pull up following revision(s) (requested by pgoyette in ticket #1548):

sys/dev/ic/hme.c: revision 1.97

Fix mis-placed right paren.  kern/53271


To generate a diff of this commit:
cvs rdiff -u -r1.87.2.1 -r1.87.2.2 src/sys/dev/ic/hme.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/ic/hme.c
diff -u src/sys/dev/ic/hme.c:1.87.2.1 src/sys/dev/ic/hme.c:1.87.2.2
--- src/sys/dev/ic/hme.c:1.87.2.1	Wed Jul  4 19:43:10 2012
+++ src/sys/dev/ic/hme.c	Mon May 14 16:07:06 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: hme.c,v 1.87.2.1 2012/07/04 19:43:10 riz Exp $	*/
+/*	$NetBSD: hme.c,v 1.87.2.2 2018/05/14 16:07:06 martin Exp $	*/
 
 /*-
  * Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: hme.c,v 1.87.2.1 2012/07/04 19:43:10 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hme.c,v 1.87.2.2 2018/05/14 16:07:06 martin Exp $");
 
 /* #define HMEDEBUG */
 
@@ -752,7 +752,7 @@ hme_get(struct hme_softc *sc, int ri, ui
 			pktlen = m0->m_pkthdr.len - ETHER_HDR_LEN;
 		} else if (ntohs(eh->ether_type) == ETHERTYPE_VLAN) {
 			evh = (struct ether_vlan_header *)eh;
-			if (ntohs(evh->evl_proto != ETHERTYPE_IP))
+			if (ntohs(evh->evl_proto) != ETHERTYPE_IP)
 goto swcsum;
 			ip = (struct ip *)((char *)eh + ETHER_HDR_LEN +
 			ETHER_VLAN_ENCAP_LEN);

CVS commit: [netbsd-6] src/sys/dev/ic

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon May 14 16:07:06 UTC 2018

Modified Files:
src/sys/dev/ic [netbsd-6]: hme.c

Log Message:
Pull up following revision(s) (requested by pgoyette in ticket #1548):

sys/dev/ic/hme.c: revision 1.97

Fix mis-placed right paren.  kern/53271


To generate a diff of this commit:
cvs rdiff -u -r1.87.2.1 -r1.87.2.2 src/sys/dev/ic/hme.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May  3 15:05:46 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Fix entry for ticket #1547


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.336 -r1.1.2.337 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May  3 15:05:46 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Fix entry for ticket #1547


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.336 -r1.1.2.337 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.336 src/doc/CHANGES-6.2:1.1.2.337
--- src/doc/CHANGES-6.2:1.1.2.336	Thu May  3 14:58:46 2018
+++ src/doc/CHANGES-6.2	Thu May  3 15:05:46 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.336 2018/05/03 14:58:46 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.337 2018/05/03 15:05:46 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21240,7 +21240,7 @@ sys/netipsec/ipsec_output.c			1.67,1.75 
 	allow the function to fail (and drop the misformed packet).
 	[maxv, ticket #1546]
 
-sys/kern/uipc_mbuf.c1.211
+sys/kern/uipc_mbuf.c1.211 (patch)
 
 	Modify m_defrag, so that it never frees the first mbuf of
 	the chain.

CVS commit: [netbsd-6] src/sys/kern

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May  3 15:00:38 UTC 2018

Modified Files:
src/sys/kern [netbsd-6]: uipc_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1547):

sys/kern/uipc_mbuf.c: revision 1.211 (via patch)

Modify m_defrag, so that it never frees the first mbuf of the chain. While
here use the given 'flags' argument, and not M_DONTWAIT.

We have a problem with several drivers: they poll an mbuf chain from their
queues and call m_defrag on them, but m_defrag could update the mbuf
pointer, so the mbuf in the queue is no longer valid. It is not easy to
fix each driver, because doing pop+push will reorder the queue, and we
don't really want that to happen.

This problem was independently spotted by me, Kengo, Masanobu, and other
people too it seems (perhaps PR/53218).

Now m_defrag leaves the first mbuf in place, and compresses the chain
only starting from the second mbuf in the chain.

It is important not to compress the first mbuf with hacks, because the
storage of this first mbuf may be shared with other mbufs.


To generate a diff of this commit:
cvs rdiff -u -r1.145.2.1 -r1.145.2.2 src/sys/kern/uipc_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/uipc_mbuf.c
diff -u src/sys/kern/uipc_mbuf.c:1.145.2.1 src/sys/kern/uipc_mbuf.c:1.145.2.2
--- src/sys/kern/uipc_mbuf.c:1.145.2.1	Fri Feb  8 19:18:12 2013
+++ src/sys/kern/uipc_mbuf.c	Thu May  3 15:00:37 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_mbuf.c,v 1.145.2.1 2013/02/08 19:18:12 riz Exp $	*/
+/*	$NetBSD: uipc_mbuf.c,v 1.145.2.2 2018/05/03 15:00:37 martin Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145.2.1 2013/02/08 19:18:12 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145.2.2 2018/05/03 15:00:37 martin Exp $");
 
 #include "opt_mbuftrace.h"
 #include "opt_nmbclusters.h"
@@ -1266,30 +1266,35 @@ m_makewritable(struct mbuf **mp, int off
 }
 
 /*
- * Copy the mbuf chain to a new mbuf chain that is as short as possible.
- * Return the new mbuf chain on success, NULL on failure.  On success,
- * free the old mbuf chain.
+ * Compress the mbuf chain. Return the new mbuf chain on success, NULL on
+ * failure. The first mbuf is preserved, and on success the pointer returned
+ * is the same as the one passed.
  */
 struct mbuf *
 m_defrag(struct mbuf *mold, int flags)
 {
 	struct mbuf *m0, *mn, *n;
-	size_t sz = mold->m_pkthdr.len;
+	int sz;
 
 #ifdef DIAGNOSTIC
 	if ((mold->m_flags & M_PKTHDR) == 0)
 		panic("m_defrag: not a mbuf chain header");
 #endif
 
-	MGETHDR(m0, flags, MT_DATA);
+	if (mold->m_next == NULL)
+		return mold;
+
+	m0 = m_get(flags, MT_DATA);
 	if (m0 == NULL)
 		return NULL;
-	M_COPY_PKTHDR(m0, mold);
 	mn = m0;
 
+	sz = mold->m_pkthdr.len - mold->m_len;
+	KASSERT(sz >= 0);
+
 	do {
-		if (sz > MHLEN) {
-			MCLGET(mn, M_DONTWAIT);
+		if (sz > MLEN) {
+			MCLGET(mn, flags);
 			if ((mn->m_flags & M_EXT) == 0) {
 m_freem(m0);
 return NULL;
@@ -1305,7 +1310,7 @@ m_defrag(struct mbuf *mold, int flags)
 
 		if (sz > 0) {
 			/* need more mbufs */
-			MGET(n, M_NOWAIT, MT_DATA);
+			n = m_get(flags, MT_DATA);
 			if (n == NULL) {
 m_freem(m0);
 return NULL;
@@ -1316,9 +1321,10 @@ m_defrag(struct mbuf *mold, int flags)
 		}
 	} while (sz > 0);
 
-	m_freem(mold);
+	m_freem(mold->m_next);
+	mold->m_next = m0;
 
-	return m0;
+	return mold;
 }
 
 int

CVS commit: [netbsd-6] src/sys/kern

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May  3 15:00:38 UTC 2018

Modified Files:
src/sys/kern [netbsd-6]: uipc_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1547):

sys/kern/uipc_mbuf.c: revision 1.211 (via patch)

Modify m_defrag, so that it never frees the first mbuf of the chain. While
here use the given 'flags' argument, and not M_DONTWAIT.

We have a problem with several drivers: they poll an mbuf chain from their
queues and call m_defrag on them, but m_defrag could update the mbuf
pointer, so the mbuf in the queue is no longer valid. It is not easy to
fix each driver, because doing pop+push will reorder the queue, and we
don't really want that to happen.

This problem was independently spotted by me, Kengo, Masanobu, and other
people too it seems (perhaps PR/53218).

Now m_defrag leaves the first mbuf in place, and compresses the chain
only starting from the second mbuf in the chain.

It is important not to compress the first mbuf with hacks, because the
storage of this first mbuf may be shared with other mbufs.


To generate a diff of this commit:
cvs rdiff -u -r1.145.2.1 -r1.145.2.2 src/sys/kern/uipc_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May  3 14:58:46 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Tickets #1546 and #1547


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.335 -r1.1.2.336 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.335 src/doc/CHANGES-6.2:1.1.2.336
--- src/doc/CHANGES-6.2:1.1.2.335	Wed Apr 18 07:19:23 2018
+++ src/doc/CHANGES-6.2	Thu May  3 14:58:46 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.335 2018/04/18 07:19:23 msaitoh Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.336 2018/05/03 14:58:46 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21233,3 +21233,16 @@ sys/netipsec/ipsec_mbuf.c			1.23-1.24
 	Don't assume M_PKTHDR is set only on the first mbuf of the chain.
 	Fix a pretty bad mistake (IPsec DoS).
 	[maxv, ticket #1545]
+
+sys/netipsec/ipsec_output.c			1.67,1.75 (patch)
+
+	compute_ipsec_pos: strengthen checks to avoid overruns,
+	allow the function to fail (and drop the misformed packet).
+	[maxv, ticket #1546]
+
+sys/kern/uipc_mbuf.c1.211
+
+	Modify m_defrag, so that it never frees the first mbuf of
+	the chain.
+	[maxv, ticket #1547]
+

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May  3 14:58:46 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Tickets #1546 and #1547


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.335 -r1.1.2.336 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netipsec

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May  3 14:33:30 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: ipsec_output.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1546):

sys/netipsec/ipsec_output.c: revision 1.67,1.75 (via patch)

Strengthen this check, to make sure there is room for an ip6_ext structure.
Seems possible to crash m_copydata here (but I didn't test more than that).

Fix the checks in compute_ipsec_pos, otherwise m_copydata could crash. I
already fixed half of the problem two months ago in rev1.67, back then I
thought it was not triggerable because each packet we emit is guaranteed
to have correctly formed IPv6 options; but it is actually triggerable via
IPv6 forwarding, we emit a packet we just received, and we don't sanitize
its options before invoking IPsec.

Since it would be wrong to just stop the iteration and continue the IPsec
processing, allow compute_ipsec_pos to fail, and when it does, drop the
packet entirely.


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.38.2.1 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netipsec

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu May  3 14:33:30 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: ipsec_output.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1546):

sys/netipsec/ipsec_output.c: revision 1.67,1.75 (via patch)

Strengthen this check, to make sure there is room for an ip6_ext structure.
Seems possible to crash m_copydata here (but I didn't test more than that).

Fix the checks in compute_ipsec_pos, otherwise m_copydata could crash. I
already fixed half of the problem two months ago in rev1.67, back then I
thought it was not triggerable because each packet we emit is guaranteed
to have correctly formed IPv6 options; but it is actually triggerable via
IPv6 forwarding, we emit a packet we just received, and we don't sanitize
its options before invoking IPsec.

Since it would be wrong to just stop the iteration and continue the IPsec
processing, allow compute_ipsec_pos to fail, and when it does, drop the
packet entirely.


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.38.2.1 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.38 src/sys/netipsec/ipsec_output.c:1.38.2.1
--- src/sys/netipsec/ipsec_output.c:1.38	Tue Jan 10 20:01:57 2012
+++ src/sys/netipsec/ipsec_output.c	Thu May  3 14:33:30 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_output.c,v 1.38 2012/01/10 20:01:57 drochner Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.38.2.1 2018/05/03 14:33:30 martin Exp $	*/
 
 /*-
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.38 2012/01/10 20:01:57 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.38.2.1 2018/05/03 14:33:30 martin Exp $");
 
 /*
  * IPsec output processing.
@@ -632,7 +632,7 @@ bad:
 #endif
 
 #ifdef INET6
-static void
+static int
 compute_ipsec_pos(struct mbuf *m, int *i, int *off)
 {
 	int nxt;
@@ -649,7 +649,11 @@ compute_ipsec_pos(struct mbuf *m, int *i
 	 * put AH/ESP/IPcomp header.
 	 *  IPv6 hbh dest1 rthdr ah* [esp* dest2 payload]
 	 */
-	do {
+	while (1) {
+		if (*i + sizeof(ip6e) > m->m_pkthdr.len) {
+			return EINVAL;
+		}
+
 		switch (nxt) {
 		case IPPROTO_AH:
 		case IPPROTO_ESP:
@@ -658,7 +662,7 @@ compute_ipsec_pos(struct mbuf *m, int *i
 		 * we should not skip security header added
 		 * beforehand.
 		 */
-			return;
+			return 0;
 
 		case IPPROTO_HOPOPTS:
 		case IPPROTO_DSTOPTS:
@@ -668,7 +672,7 @@ compute_ipsec_pos(struct mbuf *m, int *i
 		 * we should stop there.
 		 */
 			if (nxt == IPPROTO_DSTOPTS && dstopt)
-return;
+return 0;
 
 			if (nxt == IPPROTO_DSTOPTS) {
 /*
@@ -688,16 +692,14 @@ compute_ipsec_pos(struct mbuf *m, int *i
 			m_copydata(m, *i, sizeof(ip6e), );
 			nxt = ip6e.ip6e_nxt;
 			*off = *i + offsetof(struct ip6_ext, ip6e_nxt);
-			/*
-			 * we will never see nxt == IPPROTO_AH
-			 * so it is safe to omit AH case.
-			 */
 			*i += (ip6e.ip6e_len + 1) << 3;
 			break;
 		default:
-			return;
+			return 0;
 		}
-	} while (*i < m->m_pkthdr.len);
+	}
+
+	return 0;
 }
 
 static int
@@ -799,7 +801,9 @@ ipsec6_process_packet(
 		i = ip->ip_hl << 2;
 		off = offsetof(struct ip, ip_p);
 	} else {	
-		compute_ipsec_pos(m, , );
+		error = compute_ipsec_pos(m, , );
+		if (error)
+			goto bad;
 	}
 	error = (*sav->tdb_xform->xf_output)(m, isr, NULL, i, off);
 	splx(s);

CVS commit: [netbsd-6] src/doc

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:19:23 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1545


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.334 -r1.1.2.335 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:19:23 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1545


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.334 -r1.1.2.335 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.334 src/doc/CHANGES-6.2:1.1.2.335
--- src/doc/CHANGES-6.2:1.1.2.334	Tue Apr 10 17:45:27 2018
+++ src/doc/CHANGES-6.2	Wed Apr 18 07:19:23 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.334 2018/04/10 17:45:27 snj Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.335 2018/04/18 07:19:23 msaitoh Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21228,3 +21228,8 @@ usr.sbin/ypserv/ypserv/ypserv_proc.c		1.
 	procs to avoid returning stale request data to the client.
 	[christos, ticket #1528]
 
+sys/netipsec/ipsec_mbuf.c			1.23-1.24
+
+	Don't assume M_PKTHDR is set only on the first mbuf of the chain.
+	Fix a pretty bad mistake (IPsec DoS).
+	[maxv, ticket #1545]

CVS commit: [netbsd-6] src/sys/netipsec

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 06:59:10 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: ipsec_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
 m_adj(m1, -(m1->m_len - roff));
 if (m1 != m)
 m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.12.10.1 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netipsec

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 06:59:10 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: ipsec_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
 m_adj(m1, -(m1->m_len - roff));
 if (m1 != m)
 m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.12.10.1 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_mbuf.c
diff -u src/sys/netipsec/ipsec_mbuf.c:1.12 src/sys/netipsec/ipsec_mbuf.c:1.12.10.1
--- src/sys/netipsec/ipsec_mbuf.c:1.12	Mon May 16 10:05:23 2011
+++ src/sys/netipsec/ipsec_mbuf.c	Wed Apr 18 06:59:10 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $	*/
+/*	$NetBSD: ipsec_mbuf.c,v 1.12.10.1 2018/04/18 06:59:10 msaitoh Exp $	*/
 /*-
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
  * All rights reserved.
@@ -28,7 +28,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12.10.1 2018/04/18 06:59:10 msaitoh Exp $");
 
 /*
  * IPsec-specific mbuf routines.
@@ -407,10 +407,11 @@ m_striphdr(struct mbuf *m, int skip, int
 		/* The header was at the beginning of the mbuf */
 		IPSEC_STATINC(IPSEC_STAT_INPUT_FRONT);
 		m_adj(m1, hlen);
-		if ((m1->m_flags & M_PKTHDR) == 0)
+		if (m1 != m)
 			m->m_pkthdr.len -= hlen;
 	} else if (roff + hlen >= m1->m_len) {
 		struct mbuf *mo;
+		int adjlen;
 
 		/*
 		 * Part or all of the header is at the end of this mbuf,
@@ -419,11 +420,13 @@ m_striphdr(struct mbuf *m, int skip, int
 		 */
 		IPSEC_STATINC(IPSEC_STAT_INPUT_END);
 		if (roff + hlen > m1->m_len) {
+			adjlen = roff + hlen - m1->m_len;
+
 			/* Adjust the next mbuf by the remainder */
-			m_adj(m1->m_next, roff + hlen - m1->m_len);
+			m_adj(m1->m_next, adjlen);
 
 			/* The second mbuf is guaranteed not to have a pkthdr... */
-			m->m_pkthdr.len -= (roff + hlen - m1->m_len);
+			m->m_pkthdr.len -= adjlen;
 		}
 
 		/* Now, let's unlink the mbuf chain for a second...*/
@@ -431,9 +434,10 @@ m_striphdr(struct mbuf *m, int skip, int
 		m1->m_next = NULL;
 
 		/* ...and trim the end of the first part of the chain...sick */
-		m_adj(m1, -(m1->m_len - roff));
-		if ((m1->m_flags & M_PKTHDR) == 0)
-			m->m_pkthdr.len -= (m1->m_len - roff);
+		adjlen = m1->m_len - roff;
+		m_adj(m1, -adjlen);
+		if (m1 != m)
+			m->m_pkthdr.len -= adjlen;
 
 		/* Finally, let's relink */
 		m1->m_next = mo;

CVS commit: [netbsd-6] src/doc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Apr 10 17:45:27 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
1528


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.333 -r1.1.2.334 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.333 src/doc/CHANGES-6.2:1.1.2.334
--- src/doc/CHANGES-6.2:1.1.2.333	Tue Apr 10 11:28:34 2018
+++ src/doc/CHANGES-6.2	Tue Apr 10 17:45:27 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.333 2018/04/10 11:28:34 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.334 2018/04/10 17:45:27 snj Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21222,3 +21222,9 @@ sys/arch/amiga/amiga/cc.c			1.27 (patch)
 	Fix a spl(9) leak.
 	[msaitoh, ticket #1544]
 
+usr.sbin/ypserv/ypserv/ypserv_proc.c		1.18 via patch
+
+	PR/47615: Always zero out the result structs in the svc
+	procs to avoid returning stale request data to the client.
+	[christos, ticket #1528]
+

CVS commit: [netbsd-6] src/doc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Apr 10 17:45:27 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
1528


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.333 -r1.1.2.334 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/usr.sbin/ypserv/ypserv

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Apr 10 17:44:19 UTC 2018

Modified Files:
src/usr.sbin/ypserv/ypserv [netbsd-6]: ypserv_proc.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #1528):
usr.sbin/ypserv/ypserv/ypserv_proc.c: 1.18 via patch
PR/47615: Dr. W. Stukenbrock: Always zero out the result structs in the
svc procs to avoid returning stale request data to the client.


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.16.4.1 src/usr.sbin/ypserv/ypserv/ypserv_proc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.sbin/ypserv/ypserv/ypserv_proc.c
diff -u src/usr.sbin/ypserv/ypserv/ypserv_proc.c:1.16 src/usr.sbin/ypserv/ypserv/ypserv_proc.c:1.16.4.1
--- src/usr.sbin/ypserv/ypserv/ypserv_proc.c:1.16	Tue Aug 30 17:06:22 2011
+++ src/usr.sbin/ypserv/ypserv/ypserv_proc.c	Tue Apr 10 17:44:18 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ypserv_proc.c,v 1.16 2011/08/30 17:06:22 plunky Exp $	*/
+/*	$NetBSD: ypserv_proc.c,v 1.16.4.1 2018/04/10 17:44:18 snj Exp $	*/
 
 /*
  * Copyright (c) 1994 Mats O Jansson 
@@ -28,7 +28,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: ypserv_proc.c,v 1.16 2011/08/30 17:06:22 plunky Exp $");
+__RCSID("$NetBSD: ypserv_proc.c,v 1.16.4.1 2018/04/10 17:44:18 snj Exp $");
 #endif
 
 #include 
@@ -163,10 +163,11 @@ ypproc_match_2_svc(void *argp, struct sv
 	"key %.*s", clientstr, TORF(secure), k->domain, k->map,
 	k->keydat.dsize, k->keydat.dptr));
 
-	if (secure && securecheck(caller))
+	if (secure && securecheck(caller)) {
+		memset(, 0, sizeof(res));
 		res.status = YP_YPERR;
-	else
-		res = ypdb_get_record(k->domain, k->map, k->keydat, FALSE);
+	} else
+		res = ypdb_get_record(k->domain, k->map, k->keydat, secure);
 
 	return ((void *));
 }
@@ -190,9 +191,10 @@ ypproc_first_2_svc(void *argp, struct sv
 	"first_2: request from %.500s, secure %s, domain %s, map %s",
 	clientstr, TORF(secure), k->domain, k->map));
 
-	if (secure && securecheck(caller))
+	if (secure && securecheck(caller)) {
+		memset(, 0, sizeof(res));
 		res.status = YP_YPERR;
-	else
+	} else
 		res = ypdb_get_first(k->domain, k->map, FALSE);
 
 	return ((void *));
@@ -218,9 +220,10 @@ ypproc_next_2_svc(void *argp, struct svc
 	"key %.*s", clientstr, TORF(secure), k->domain, k->map,
 	k->keydat.dsize, k->keydat.dptr));
 
-	if (secure && securecheck(caller))
+	if (secure && securecheck(caller)) {
+		memset(, 0, sizeof(res));
 		res.status = YP_YPERR;
-	else
+	} else
 		res = ypdb_get_next(k->domain, k->map, k->keydat, FALSE);
 
 	return ((void *));
@@ -326,6 +329,7 @@ ypproc_all_2_svc(void *argp, struct svc_
 	(void)memset(, 0, sizeof(res));
 
 	if (secure && securecheck(caller)) {
+		memset(, 0, sizeof(res));
 		res.ypresp_all_u.val.status = YP_YPERR;
 		return ();
 	}
@@ -368,9 +372,10 @@ ypproc_master_2_svc(void *argp, struct s
 	"master_2: request from %.500s, secure %s, domain %s, map %s",
 	clientstr, TORF(secure), k->domain, k->map));
 
-	if (secure && securecheck(caller))
+	if (secure && securecheck(caller)) {
+		memset(, 0, sizeof(res));
 		res.status = YP_YPERR;
-	else
+	} else
 		res = ypdb_get_master(k->domain, k->map);
 
 	/*
@@ -409,12 +414,15 @@ ypproc_order_2_svc(void *argp, struct sv
 	"order_2: request from %.500s, secure %s, domain %s, map %s",
 	clientstr, TORF(secure), k->domain, k->map));
 
-	if (secure && securecheck(caller))
+	if (secure && securecheck(caller)) {
+		memset(, 0, sizeof(res));
 		res.status = YP_YPERR;
-	else if (_yp_invalid_map(k->map))
+	} else if (_yp_invalid_map(k->map)) {
+		memset(, 0, sizeof(res));
 		res.status = YP_NOMAP;
-	else
+	} else {
 		res = ypdb_get_order(k->domain, k->map);
+	}
 
 	return ((void *));
 }
@@ -446,7 +454,7 @@ ypproc_maplist_2_svc(void *argp, struct 
 	(void)snprintf(domain_path, sizeof(domain_path), "%s/%s", YP_DB_PATH,
 	domain);
 
-	res.list = NULL;
+	memset(, 0, sizeof(res));
 	status = YP_TRUE;
 
 	if ((stat(domain_path, ) != 0) || !S_ISDIR(finfo.st_mode)) {

CVS commit: [netbsd-6] src/usr.sbin/ypserv/ypserv

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Apr 10 17:44:19 UTC 2018

Modified Files:
src/usr.sbin/ypserv/ypserv [netbsd-6]: ypserv_proc.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #1528):
usr.sbin/ypserv/ypserv/ypserv_proc.c: 1.18 via patch
PR/47615: Dr. W. Stukenbrock: Always zero out the result structs in the
svc procs to avoid returning stale request data to the client.


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.16.4.1 src/usr.sbin/ypserv/ypserv/ypserv_proc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Apr 10 11:28:34 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1544


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.332 -r1.1.2.333 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Apr 10 11:28:34 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1544


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.332 -r1.1.2.333 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.332 src/doc/CHANGES-6.2:1.1.2.333
--- src/doc/CHANGES-6.2:1.1.2.332	Mon Apr  9 13:08:06 2018
+++ src/doc/CHANGES-6.2	Tue Apr 10 11:28:34 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.332 2018/04/09 13:08:06 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.333 2018/04/10 11:28:34 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21217,3 +21217,8 @@ external/gpl3/binutils/dist/bfd/elflink.
 	indirectness first.
 	[joerg, ticket #1543]
 
+sys/arch/amiga/amiga/cc.c			1.27 (patch)
+
+	Fix a spl(9) leak.
+	[msaitoh, ticket #1544]
+

CVS commit: [netbsd-6] src/sys/arch/amiga/amiga

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Apr 10 11:27:55 UTC 2018

Modified Files:
src/sys/arch/amiga/amiga [netbsd-6]: cc.c

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1544):

sys/arch/amiga/amiga/cc.c: revision 1.27 (patch)

spl leak, found by mootja


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.22.14.1 src/sys/arch/amiga/amiga/cc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/arch/amiga/amiga

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Apr 10 11:27:55 UTC 2018

Modified Files:
src/sys/arch/amiga/amiga [netbsd-6]: cc.c

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1544):

sys/arch/amiga/amiga/cc.c: revision 1.27 (patch)

spl leak, found by mootja


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.22.14.1 src/sys/arch/amiga/amiga/cc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amiga/amiga/cc.c
diff -u src/sys/arch/amiga/amiga/cc.c:1.22 src/sys/arch/amiga/amiga/cc.c:1.22.14.1
--- src/sys/arch/amiga/amiga/cc.c:1.22	Mon Dec 20 00:25:25 2010
+++ src/sys/arch/amiga/amiga/cc.c	Tue Apr 10 11:27:55 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: cc.c,v 1.22 2010/12/20 00:25:25 matt Exp $	*/
+/*	$NetBSD: cc.c,v 1.22.14.1 2018/04/10 11:27:55 martin Exp $	*/
 
 /*
  * Copyright (c) 1994 Christian E. Hopps
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: cc.c,v 1.22 2010/12/20 00:25:25 matt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cc.c,v 1.22.14.1 2018/04/10 11:27:55 martin Exp $");
 
 #include 
 #include 
@@ -504,9 +504,10 @@ alloc_chipmem(u_long size)
 	while (size > mn->size && mn != (void *)_list)
 		mn = mn->free_link.cqe_next;
 
-	if (mn == (void *)_list)
+	if (mn == (void *)_list) {
+		splx(s);
 		return(NULL);
-
+	}
 	if ((mn->size - size) <= sizeof (*mn)) {
 		/*
 		 * our allocation would not leave room

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Apr  9 13:08:06 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1543


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.331 -r1.1.2.332 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.331 src/doc/CHANGES-6.2:1.1.2.332
--- src/doc/CHANGES-6.2:1.1.2.331	Thu Apr  5 11:35:08 2018
+++ src/doc/CHANGES-6.2	Mon Apr  9 13:08:06 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.331 2018/04/05 11:35:08 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.332 2018/04/09 13:08:06 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21210,3 +21210,10 @@ sys/net/npf/npf.h1.55
 	Fix an integer overflow that allows incoming IPv6 packets
 	to bypass a certain number of filtering rules.
 	[maxv, ticket #1542]
+
+external/gpl3/binutils/dist/bfd/elflink.c	1.14 (patch)
+
+	When trying to decide the status of a weak symbol, resolve any
+	indirectness first.
+	[joerg, ticket #1543]
+

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Apr  9 13:08:06 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1543


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.331 -r1.1.2.332 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/external/gpl3/binutils/dist/bfd

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Apr  9 13:00:07 UTC 2018

Modified Files:
src/external/gpl3/binutils/dist/bfd [netbsd-6]: elflink.c

Log Message:
Pull up following revision(s) (requested by joerg in ticket #1543):

external/gpl3/binutils/dist/bfd/elflink.c: revision 1.14 (patch)

When trying to decide the status of a weak symbol, resolve any
indirectness first. In the case of various Qt5 libraries, __bss_start
ends up with a Qt5 version, but it has to be resolved first to match the
actual (implicit) definition. This fixes the root cause of pkg/53089.


To generate a diff of this commit:
cvs rdiff -u -r1.5.2.1 -r1.5.2.2 \
src/external/gpl3/binutils/dist/bfd/elflink.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/external/gpl3/binutils/dist/bfd/elflink.c
diff -u src/external/gpl3/binutils/dist/bfd/elflink.c:1.5.2.1 src/external/gpl3/binutils/dist/bfd/elflink.c:1.5.2.2
--- src/external/gpl3/binutils/dist/bfd/elflink.c:1.5.2.1	Tue Apr  3 15:54:48 2012
+++ src/external/gpl3/binutils/dist/bfd/elflink.c	Mon Apr  9 13:00:06 2018
@@ -2528,9 +2528,10 @@ _bfd_elf_fix_symbol_flags (struct elf_li
  over to the real definition.  */
   if (h->u.weakdef != NULL)
 {
-  struct elf_link_hash_entry *weakdef;
+  struct elf_link_hash_entry *weakdef = h->u.weakdef;
+  while (weakdef->root.type == bfd_link_hash_indirect)
+weakdef = (struct elf_link_hash_entry *) weakdef->root.u.i.link;
 
-  weakdef = h->u.weakdef;
   if (h->root.type == bfd_link_hash_indirect)
 	h = (struct elf_link_hash_entry *) h->root.u.i.link;
 

CVS commit: [netbsd-6] src/external/gpl3/binutils/dist/bfd

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Apr  9 13:00:07 UTC 2018

Modified Files:
src/external/gpl3/binutils/dist/bfd [netbsd-6]: elflink.c

Log Message:
Pull up following revision(s) (requested by joerg in ticket #1543):

external/gpl3/binutils/dist/bfd/elflink.c: revision 1.14 (patch)

When trying to decide the status of a weak symbol, resolve any
indirectness first. In the case of various Qt5 libraries, __bss_start
ends up with a Qt5 version, but it has to be resolved first to match the
actual (implicit) definition. This fixes the root cause of pkg/53089.


To generate a diff of this commit:
cvs rdiff -u -r1.5.2.1 -r1.5.2.2 \
src/external/gpl3/binutils/dist/bfd/elflink.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu Apr  5 11:35:09 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1542


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.330 -r1.1.2.331 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu Apr  5 11:35:09 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1542


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.330 -r1.1.2.331 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.330 src/doc/CHANGES-6.2:1.1.2.331
--- src/doc/CHANGES-6.2:1.1.2.330	Sun Apr  1 09:23:13 2018
+++ src/doc/CHANGES-6.2	Thu Apr  5 11:35:08 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.330 2018/04/01 09:23:13 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.331 2018/04/05 11:35:08 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21205,3 +21205,8 @@ sys/netinet6/raw_ip6.c1.161
 	Fix use-after-free.
 	[maxv, ticket #1541]
 
+sys/net/npf/npf.h1.55
+
+	Fix an integer overflow that allows incoming IPv6 packets
+	to bypass a certain number of filtering rules.
+	[maxv, ticket #1542]

CVS commit: [netbsd-6] src/sys/net/npf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu Apr  5 11:34:17 UTC 2018

Modified Files:
src/sys/net/npf [netbsd-6]: npf.h

Log Message:
Pullup the following revision, requested by maxv in ticket #1542:

sys/net/npf/npf.h   1.55

Fix a vulnerability in NPF, that allows whatever incoming IPv6 packet to
bypass a certain number of filtering rules.

Basically there is an integer overflow in npf_cache_ip: npc_hlen is a
8bit unsigned int, and can wrap to zero if the IPv6 packet being processed
has large extensions.

As a result of an overflow, (mbuf + npc_hlen) won't point at the real
protocol header, but instead at some garbage within the packet. That
garbage, is what NPF applies its rules on.

If these filtering rules allow the packet to enter, that packet is given
to the main IPv6 entry point. This entry point, however, is not subject to
an integer overflow, so it will actually parse the correct protocol header.

The result is: NPF read a wrong header, allowed the packet to enter, the
kernel read the correct header, and delivered the packet depending on this
correct header. So the offending packet was supposed to be kicked, but
still went through the firewall.

Simple example, a packet with:
packet +   0 = IP6 Header
packet +  40 = IP6 Routing header (ip6r_len = 31)
packet +  48 = Crafted UDP header (uh_dport = )
packet + 296 = IP6 Dest header (ip6e_len = 0)
packet + 304 = Real UDP header (uh_dport = )
Will bypass a rule of the kind "block port ". Here NPF reads the
crafted UDP header, sees , lets the packet in; later the kernel reads
the real UDP header, and delivers it on port .

Fix this by using uint32_t. While here, it seems to me there is also a
memory overflow: still in npf_cache_ip, npc_hlen may be incremented with
a value that goes beyond the mbuf.


To generate a diff of this commit:
cvs rdiff -u -r1.14.2.12 -r1.14.2.13 src/sys/net/npf/npf.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/net/npf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Thu Apr  5 11:34:17 UTC 2018

Modified Files:
src/sys/net/npf [netbsd-6]: npf.h

Log Message:
Pullup the following revision, requested by maxv in ticket #1542:

sys/net/npf/npf.h   1.55

Fix a vulnerability in NPF, that allows whatever incoming IPv6 packet to
bypass a certain number of filtering rules.

Basically there is an integer overflow in npf_cache_ip: npc_hlen is a
8bit unsigned int, and can wrap to zero if the IPv6 packet being processed
has large extensions.

As a result of an overflow, (mbuf + npc_hlen) won't point at the real
protocol header, but instead at some garbage within the packet. That
garbage, is what NPF applies its rules on.

If these filtering rules allow the packet to enter, that packet is given
to the main IPv6 entry point. This entry point, however, is not subject to
an integer overflow, so it will actually parse the correct protocol header.

The result is: NPF read a wrong header, allowed the packet to enter, the
kernel read the correct header, and delivered the packet depending on this
correct header. So the offending packet was supposed to be kicked, but
still went through the firewall.

Simple example, a packet with:
packet +   0 = IP6 Header
packet +  40 = IP6 Routing header (ip6r_len = 31)
packet +  48 = Crafted UDP header (uh_dport = )
packet + 296 = IP6 Dest header (ip6e_len = 0)
packet + 304 = Real UDP header (uh_dport = )
Will bypass a rule of the kind "block port ". Here NPF reads the
crafted UDP header, sees , lets the packet in; later the kernel reads
the real UDP header, and delivers it on port .

Fix this by using uint32_t. While here, it seems to me there is also a
memory overflow: still in npf_cache_ip, npc_hlen may be incremented with
a value that goes beyond the mbuf.


To generate a diff of this commit:
cvs rdiff -u -r1.14.2.12 -r1.14.2.13 src/sys/net/npf/npf.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/npf/npf.h
diff -u src/sys/net/npf/npf.h:1.14.2.12 src/sys/net/npf/npf.h:1.14.2.13
--- src/sys/net/npf/npf.h:1.14.2.12	Mon Feb 11 21:49:49 2013
+++ src/sys/net/npf/npf.h	Thu Apr  5 11:34:17 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf.h,v 1.14.2.12 2013/02/11 21:49:49 riz Exp $	*/
+/*	$NetBSD: npf.h,v 1.14.2.13 2018/04/05 11:34:17 martin Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -99,7 +99,7 @@ typedef struct {
 	npf_addr_t *		npc_dstip;
 	/* Size (v4 or v6) of IP addresses. */
 	uint8_t			npc_alen;
-	uint8_t			npc_hlen;
+	uint32_t		npc_hlen;
 	uint16_t		npc_proto;
 	/* IPv4, IPv6. */
 	union {

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:23:13 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Tickets #1540 and #1541


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.329 -r1.1.2.330 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.329 src/doc/CHANGES-6.2:1.1.2.330
--- src/doc/CHANGES-6.2:1.1.2.329	Mon Mar 26 12:18:23 2018
+++ src/doc/CHANGES-6.2	Sun Apr  1 09:23:13 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.329 2018/03/26 12:18:23 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.330 2018/04/01 09:23:13 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21195,3 +21195,13 @@ distrib/sets/lists/base/mi			1.1164
 	Updated tzdata to 2018d.
 	[kre, ticket #1539]
 
+sys/netinet6/ip6_forward.c			1.91 (patch)
+
+	Fix two IPv6 ipsec use-after-free issues.
+	[maxv, ticket #1540]
+
+sys/netinet6/raw_ip6.c1.161
+
+	Fix use-after-free.
+	[maxv, ticket #1541]
+

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:23:13 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Tickets #1540 and #1541


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.329 -r1.1.2.330 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netinet6

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:22:37 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-6]: raw_ip6.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1541):

sys/netinet6/raw_ip6.c: revision 1.161

Fix use-after-free, the first m_copyback_cow may have freed the mbuf, so
it is wrong to read ip6->ip6_nxt.


To generate a diff of this commit:
cvs rdiff -u -r1.109.2.1 -r1.109.2.2 src/sys/netinet6/raw_ip6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netinet6

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:22:37 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-6]: raw_ip6.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1541):

sys/netinet6/raw_ip6.c: revision 1.161

Fix use-after-free, the first m_copyback_cow may have freed the mbuf, so
it is wrong to read ip6->ip6_nxt.


To generate a diff of this commit:
cvs rdiff -u -r1.109.2.1 -r1.109.2.2 src/sys/netinet6/raw_ip6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/raw_ip6.c
diff -u src/sys/netinet6/raw_ip6.c:1.109.2.1 src/sys/netinet6/raw_ip6.c:1.109.2.2
--- src/sys/netinet6/raw_ip6.c:1.109.2.1	Tue Jan 30 18:44:22 2018
+++ src/sys/netinet6/raw_ip6.c	Sun Apr  1 09:22:37 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: raw_ip6.c,v 1.109.2.1 2018/01/30 18:44:22 martin Exp $	*/
+/*	$NetBSD: raw_ip6.c,v 1.109.2.2 2018/04/01 09:22:37 martin Exp $	*/
 /*	$KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.109.2.1 2018/01/30 18:44:22 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.109.2.2 2018/04/01 09:22:37 martin Exp $");
 
 #include "opt_ipsec.h"
 
@@ -502,6 +502,7 @@ rip6_output(struct mbuf *m, struct socke
 
 	if (so->so_proto->pr_protocol == IPPROTO_ICMPV6 ||
 	in6p->in6p_cksum != -1) {
+		const uint8_t nxt = ip6->ip6_nxt;
 		int off;
 		u_int16_t sum;
 
@@ -523,7 +524,7 @@ rip6_output(struct mbuf *m, struct socke
 			error = ENOBUFS;
 			goto bad;
 		}
-		sum = in6_cksum(m, ip6->ip6_nxt, sizeof(*ip6), plen);
+		sum = in6_cksum(m, nxt, sizeof(*ip6), plen);
 		m = m_copyback_cow(m, off, sizeof(sum), (void *),
 		M_DONTWAIT);
 		if (m == NULL) {

CVS commit: [netbsd-6] src/sys/netinet6

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:18:54 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-6]: ip6_forward.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1540):

sys/netinet6/ip6_forward.c: revision 1.91 (via patch)

Fix two pretty bad mistakes. If ipsec6_check_policy fails m is not freed,
and a 'goto out' is missing after ipsec6_process_packet.


To generate a diff of this commit:
cvs rdiff -u -r1.69.2.1 -r1.69.2.2 src/sys/netinet6/ip6_forward.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/ip6_forward.c
diff -u src/sys/netinet6/ip6_forward.c:1.69.2.1 src/sys/netinet6/ip6_forward.c:1.69.2.2
--- src/sys/netinet6/ip6_forward.c:1.69.2.1	Tue Mar 13 16:43:06 2018
+++ src/sys/netinet6/ip6_forward.c	Sun Apr  1 09:18:54 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_forward.c,v 1.69.2.1 2018/03/13 16:43:06 snj Exp $	*/
+/*	$NetBSD: ip6_forward.c,v 1.69.2.2 2018/04/01 09:18:54 martin Exp $	*/
 /*	$KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.69.2.1 2018/03/13 16:43:06 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.69.2.2 2018/04/01 09:18:54 martin Exp $");
 
 #include "opt_gateway.h"
 #include "opt_ipsec.h"
@@ -361,9 +361,10 @@ ip6_forward(struct mbuf *m, int srcrt)
 		 * because we asked key management for an SA and
 		 * it was delayed (e.g. kicked up to IKE).
 		 */
-	if (error == -EINVAL)
-		error = 0;
-	goto freecopy;
+		if (error == -EINVAL)
+			error = 0;
+		m_freem(m);
+		goto freecopy;
 	}
 #endif /* FAST_IPSEC */
 
@@ -467,8 +468,10 @@ ip6_forward(struct mbuf *m, int srcrt)
 		s = splsoftnet();
 		error = ipsec6_process_packet(m,sp->req);
 		splx(s);
+		/* m is freed */
 		if (mcopy)
 			goto freecopy;
+		return;
 }
 #endif   
 

CVS commit: [netbsd-6] src/sys/netinet6

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:18:54 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-6]: ip6_forward.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1540):

sys/netinet6/ip6_forward.c: revision 1.91 (via patch)

Fix two pretty bad mistakes. If ipsec6_check_policy fails m is not freed,
and a 'goto out' is missing after ipsec6_process_packet.


To generate a diff of this commit:
cvs rdiff -u -r1.69.2.1 -r1.69.2.2 src/sys/netinet6/ip6_forward.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Mar 26 12:18:23 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ammend tickt #1539


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.328 -r1.1.2.329 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.328 src/doc/CHANGES-6.2:1.1.2.329
--- src/doc/CHANGES-6.2:1.1.2.328	Sun Mar 25 18:32:04 2018
+++ src/doc/CHANGES-6.2	Mon Mar 26 12:18:23 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.328 2018/03/25 18:32:04 martin Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.329 2018/03/26 12:18:23 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21166,7 +21166,6 @@ share/man/man4/altq.41.3
 	[sevan, ticket #1538]
 
 external/public-domain/tz/dist/CONTRIBUTING up to 1.1.1.5
-external/public-domain/tz/dist/Makefile up to 1.1.1.20
 external/public-domain/tz/dist/NEWS up to 1.1.1.21
 external/public-domain/tz/dist/README   up to 1.1.1.6
 external/public-domain/tz/dist/TZDATA_VERSION   up to 1.11

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Mar 26 12:18:23 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ammend tickt #1539


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.328 -r1.1.2.329 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/share/zoneinfo

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Mar 26 12:17:20 UTC 2018

Modified Files:
src/share/zoneinfo [netbsd-6]: Makefile

Log Message:
Back out all changes to this file accidently included in the pullup of
tickt #1539.


To generate a diff of this commit:
cvs rdiff -u -r1.43.8.4 -r1.43.8.5 src/share/zoneinfo/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/share/zoneinfo/Makefile
diff -u src/share/zoneinfo/Makefile:1.43.8.4 src/share/zoneinfo/Makefile:1.43.8.5
--- src/share/zoneinfo/Makefile:1.43.8.4	Sun Mar 25 18:31:03 2018
+++ src/share/zoneinfo/Makefile	Mon Mar 26 12:17:20 2018
@@ -1,43 +1,19 @@
-# This file is in the public domain, so clarified as of
-# 2009-05-17 by Arthur David Olson.
+#	$NetBSD: Makefile,v 1.43.8.5 2018/03/26 12:17:20 martin Exp $
 
-# Package name for the code distribution.
-PACKAGE=	tzcode
+.include 
 
-# Version number for the distribution, overridden in the 'tarballs' rule below.
-VERSION=	unknown
+TZDISTDIR=${.CURDIR}
 
-# Email address for bug reports.
-BUGEMAIL=	t...@iana.org
-
-# Choose source data features.  To get new features right away, use:
-#	DATAFORM=	vanguard
-# To wait a while before using new features, to give downstream users
-# time to upgrade zic (the default), use:
-#	DATAFORM=	main
-# To wait even longer for new features, use:
-#	DATAFORM=	rearguard
-DATAFORM=		main
-
-# Change the line below for your time zone (after finding the zone you want in
-# the time zone files, or adding it to a time zone file).
-# Alternately, if you discover you've got the wrong time zone, you can just
-#	zic -l rightzone
-# to correct things.
-# Use the command
-#	make zonenames
-# to get a list of the values you can use for LOCALTIME.
-
-LOCALTIME=	GMT
+.PATH: ${TZDISTDIR}
 
 # If you want something other than Eastern United States time as a template
 # for handling POSIX-style time zone environment variables,
 # change the line below (after finding the zone you want in the
 # time zone files, or adding it to a time zone file).
-# When a POSIX-style environment variable is handled, the rules in the
+# (When a POSIX-style environment variable is handled, the rules in the
 # template file are used to determine "spring forward" and "fall back" days and
 # times; the environment variable itself specifies UT offsets of standard and
-# daylight saving time.
+# summer time.)
 # Alternately, if you discover you've got the wrong time zone, you can just
 #	zic -p rightzone
 # to correct things.
@@ -48,72 +24,18 @@ LOCALTIME=	GMT
 
 POSIXRULES=	America/New_York
 
-# Also see TZDEFRULESTRING below, which takes effect only
-# if the time zone files cannot be accessed.
-
-
-# Installation locations.
-#
-# The defaults are suitable for Debian, except that if REDO is
-# posix_right or right_posix then files that Debian puts under
-# /usr/share/zoneinfo/posix and /usr/share/zoneinfo/right are instead
-# put under /usr/share/zoneinfo-posix and /usr/share/zoneinfo-leaps,
-# respectively.  Problems with the Debian approach are discussed in
-# the commentary for the right_posix rule (below).
-
-# Destination directory, which can be used for staging.
-# 'make DESTDIR=/stage install' installs under /stage (e.g., to
-# /stage/etc/localtime instead of to /etc/localtime).  Files under
-# /stage are not intended to work as-is, but can be copied by hand to
-# the root directory later.  If DESTDIR is empty, 'make install' does
-# not stage, but installs directly into production locations.
-DESTDIR =
-
-# Everything is installed into subdirectories of TOPDIR, and used there.
-# TOPDIR should be empty (meaning the root directory),
-# or a directory name that does not end in "/".
-# TOPDIR should be empty or an absolute name unless you're just testing.
-TOPDIR =
-
-# The default local time zone is taken from the file TZDEFAULT.
-TZDEFAULT = $(TOPDIR)/etc/localtime
-
-# The subdirectory containing installed program and data files, and
-# likewise for installed files that can be shared among architectures.
-# These should be relative file names.
-USRDIR = usr
-USRSHAREDIR = $(USRDIR)/share
-
 # "Compiled" time zone information is placed in the "TZDIR" directory
 # (and subdirectories).
-# TZDIR_BASENAME should not contain "/" and should not be ".", ".." or empty.
-TZDIR_BASENAME=	zoneinfo
-TZDIR = $(TOPDIR)/$(USRSHAREDIR)/$(TZDIR_BASENAME)
-
-# The "tzselect" and (if you do "make INSTALL") "date" commands go in:
-BINDIR = $(TOPDIR)/$(USRDIR)/bin
-
-# The "zdump" command goes in:
-ZDUMPDIR = $(BINDIR)
-
-# The "zic" command goes in:
-ZICDIR = $(TOPDIR)/$(USRDIR)/sbin
+# Use an absolute path name for TZDIR unless you're just testing the software.
+# Note: ${DESTDIR} is prepended to this for the actual copy.
 
-# Manual pages go in subdirectories of. . .
-MANDIR = $(TOPDIR)/$(USRSHAREDIR)/man
+TZDIR=	/usr/share/zoneinfo
 
-# Library functions are put in an archive in LIBDIR.
-LIBDIR = 

CVS commit: [netbsd-6] src/share/zoneinfo

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Mon Mar 26 12:17:20 UTC 2018

Modified Files:
src/share/zoneinfo [netbsd-6]: Makefile

Log Message:
Back out all changes to this file accidently included in the pullup of
tickt #1539.


To generate a diff of this commit:
cvs rdiff -u -r1.43.8.4 -r1.43.8.5 src/share/zoneinfo/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sun Mar 25 18:32:04 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1539


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.327 -r1.1.2.328 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.327 src/doc/CHANGES-6.2:1.1.2.328
--- src/doc/CHANGES-6.2:1.1.2.327	Tue Mar 13 18:06:22 2018
+++ src/doc/CHANGES-6.2	Sun Mar 25 18:32:04 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.327 2018/03/13 18:06:22 snj Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.328 2018/03/25 18:32:04 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21165,3 +21165,34 @@ share/man/man4/altq.41.3
 	Update URL for the cited paper
 	[sevan, ticket #1538]
 
+external/public-domain/tz/dist/CONTRIBUTING up to 1.1.1.5
+external/public-domain/tz/dist/Makefile up to 1.1.1.20
+external/public-domain/tz/dist/NEWS up to 1.1.1.21
+external/public-domain/tz/dist/README   up to 1.1.1.6
+external/public-domain/tz/dist/TZDATA_VERSION   up to 1.11
+external/public-domain/tz/dist/africa   up to 1.1.1.14
+external/public-domain/tz/dist/antarctica   up to 1.1.1.10
+external/public-domain/tz/dist/asia up to 1.1.1.19
+external/public-domain/tz/dist/australasia  up to 1.1.1.14
+external/public-domain/tz/dist/backzone up to 1.1.1.14
+external/public-domain/tz/dist/calendarsup to 1.1.1.1
+external/public-domain/tz/dist/checktab.awk up to 1.1.1.9
+external/public-domain/tz/dist/europe   up to 1.1.1.20
+external/public-domain/tz/dist/leap-seconds.list up to 1.1.1.9
+external/public-domain/tz/dist/leapseconds  up to 1.1.1.10
+external/public-domain/tz/dist/northamerica up to 1.1.1.19
+external/public-domain/tz/dist/southamerica up to 1.1.1.14
+external/public-domain/tz/dist/theory.html  up to 1.1.1.3
+external/public-domain/tz/dist/version  up to 1.1.1.8
+external/public-domain/tz/dist/ziguard.awk  up to 1.1.1.1
+external/public-domain/tz/dist/zishrink.awk up to 1.1.1.3
+external/public-domain/tz/dist/zone.tab up to 1.1.1.14
+external/public-domain/tz/dist/zone1970.tab up to 1.1.1.16
+	(with external/public-domain/tz/dist -> share/zoneinfo)
+share/zoneinfo/Theory   		delete
+doc/3RDPARTY	(patch)
+distrib/sets/lists/base/mi			1.1164
+
+	Updated tzdata to 2018d.
+	[kre, ticket #1539]
+

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sun Mar 25 18:32:04 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1539


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.327 -r1.1.2.328 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Sun Mar 25 18:31:03 UTC 2018

Modified Files:
src/distrib/sets/lists/base [netbsd-6]: mi
src/doc [netbsd-6]: 3RDPARTY
src/share/zoneinfo [netbsd-6]: CONTRIBUTING LICENSE Makefile NEWS
README TZDATA_VERSION africa antarctica asia australasia backward
backzone checklinks.awk checktab.awk europe leap-seconds.list
leapseconds leapseconds.awk northamerica southamerica version
zone.tab zone1970.tab
Added Files:
src/share/zoneinfo [netbsd-6]: calendars theory.html ziguard.awk
zishrink.awk
Removed Files:
src/share/zoneinfo [netbsd-6]: Theory

Log Message:
Pull up the following revisions, requested by kre in tickt #1539:

external/public-domain/tz/dist/CONTRIBUTING up to 1.1.1.5
external/public-domain/tz/dist/Makefile up to 1.1.1.20
external/public-domain/tz/dist/NEWS up to 1.1.1.21
external/public-domain/tz/dist/README   up to 1.1.1.6
external/public-domain/tz/dist/TZDATA_VERSION   up to 1.11
external/public-domain/tz/dist/africa   up to 1.1.1.14
external/public-domain/tz/dist/antarctica   up to 1.1.1.10
external/public-domain/tz/dist/asia up to 1.1.1.19
external/public-domain/tz/dist/australasia  up to 1.1.1.14
external/public-domain/tz/dist/backzone up to 1.1.1.14
external/public-domain/tz/dist/calendarsup to 1.1.1.1
external/public-domain/tz/dist/checktab.awk up to 1.1.1.9
external/public-domain/tz/dist/europe   up to 1.1.1.20
external/public-domain/tz/dist/leap-seconds.list up to 1.1.1.9
external/public-domain/tz/dist/leapseconds  up to 1.1.1.10
external/public-domain/tz/dist/northamerica up to 1.1.1.19
external/public-domain/tz/dist/southamerica up to 1.1.1.14
external/public-domain/tz/dist/theory.html  up to 1.1.1.3
external/public-domain/tz/dist/version  up to 1.1.1.8
external/public-domain/tz/dist/ziguard.awk  up to 1.1.1.1
external/public-domain/tz/dist/zishrink.awk up to 1.1.1.3
external/public-domain/tz/dist/zone.tab up to 1.1.1.14
external/public-domain/tz/dist/zone1970.tab up to 1.1.1.16
(with external/public-domain/tz/dist/ -> share/zoneinfo/)
share/zoneinfo/Theory   delete
doc/3RDPARTY(patch)
distrib/sets/lists/base/mi  1.1164

Update of /cvsroot/src/external/public-domain/tz/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv18468

Log Message:
Import tzdata2018d from ftp://ftp.iana.org/tz/releases/tzdata2018d.tar.gz

Summary of changes in tzdata2018d (2018-03-22 07:05:46 -0700):

In 2018, Palestine starts DST on March 24 (today!), not March 31

Casey Station in Antarctica changed from +11 to +08 on 2018-03-11
at 04:00.

Various adjustments to some historical conversions (several for
Uruguay (1920 .. 1990), one fpr Enderbury and Kiritimati (1994/5),
one for Portugal and colonies (1912) and Jamaica and Turks & Caicos
(pre 1913)).

Summary of changes in tzdata2017c:

Northern Cyprus switches from +03 to +02/+03 on 2017-10-29.
Fiji ends DST 2018-01-14, not 2018-01-21.
Namibia switches from +01/+02 to +02 on 2018-04-01.
Sudan switches from +03 to +02 on 2017-11-01.
Tonga likely switches from +13/+14 to +13 on 2017-11-05.
Turks & Caicos switches from -04 to -05/-04 on 2018-11-04.
Some corrections to (mostly ancient) historical data.

Summary of changes in tzdata2018c (2018-01-22 23:00:44 -0800):
Summary of changes in tzdata2018b (2018-01-17 23:24:48 -0800):
Summary of changes in tzdata2018a (2018-01-12 22:29:21 -0800):

2018a and 2018b were (kind of) released, but never announced.
Some "issues" were found with them that caused the relatively
quick updates...

The updates are from the previous version (2017c) to the
current one (2018c) - that 2018a & 2018b intervened is best
forgotten... (changes in 2018a that were corrected (2018b) or
reverted (2018c) are not mentioned).

Briefly:

 Sao Tome and Principe (An island nation off west coast of
 Equatorial Africa) switched from +00 to +01.

 Brazil's DST will now start on November's first Sunday.

 Use Debian-style installation locations, instead of 4.3BSD-style.
(this does not affect NetBSD, we do not use the tzdata Makefile)

Changes to past and future time stamps

Sao Tome and Principe switched from +00 to +01 on 2018-01-01 at
01:00.  (Thanks to Steffen Thorsen and Michael Deckers.)

  Changes to 

CVS commit: [netbsd-6] src/doc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 18:06:22 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
1516, 1518-1520, 1522, 1532-1538


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.326 -r1.1.2.327 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.326 src/doc/CHANGES-6.2:1.1.2.327
--- src/doc/CHANGES-6.2:1.1.2.326	Sat Mar  3 20:50:38 2018
+++ src/doc/CHANGES-6.2	Tue Mar 13 18:06:22 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.326 2018/03/03 20:50:38 snj Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.327 2018/03/13 18:06:22 snj Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21093,3 +21093,75 @@ dist/pf/etc/pf.os1.4-1.5
 	Add DragonFly BSD fingerprints.
 	[sevan, ticket #1515]
 
+sys/dev/fss.c	1.101-1.103
+
+	fss:
+	- Bounds check against media size for non-persistent snapshots.
+	- Treat partial read from backing store as I/O error.
+	- Pass residual back to b_resid for persistent snapshots.
+	[hannken, ticket #1516]
+
+sys/netinet6/ip6_forward.c			1.89-1.90 via patch
+
+	Fix use-after-free of mbuf in ip6flow_create and ip6flow_create.
+	[ozaki-r, ticket #1518]
+
+sys/arch/sparc/sparc/timer.c			1.33-1.34 via patch
+sys/arch/sparc/sparc/timer_sun4m.c		1.31 via patch
+sys/arch/sparc/sparc/timerreg.h			1.10 via patch
+
+	Fix time goes backwards problems on sparc.
+	[mrg, ticket #1519]
+
+bin/ksh/history.c1.18 via patch
+
+	Use 0600 as the mode for histfile.  PR bin/52480
+	[maya, ticket #1520]
+
+sys/arch/macppc/dev/snapper.c			1.42
+
+	Fix issue with audio being downpitched.  PR 52949.
+	[sevan, ticket #1522]
+
+sys/netipsec/xform_ah.c1.77 via patch
+sys/netipsec/xform_esp.c			1.73 via patch
+sys/netipsec/xform_ipip.c			1.56-1.57 via patch
+
+	Several fixes in IPsec: strengthen sanity checks (AH/ESP), and
+	fix possible use-after-free (Tunnel).
+	[maxv, ticket #1532]
+
+sys/dev/sbus/be.c1.86
+
+	Fix spl leak.
+	[msaitoh, ticket #1533]
+
+lib/libc/arch/powerpc/gen/swapcontext.S		1.8 via patch
+lib/libc/arch/powerpc/genassym.cf		1.5 via patch
+
+	PIC code clobbers %r30 so we need to update the saved oucp with
+	caller's %r30 manually.  Makes old context happy when it needs
+	to do more function calls after restore.
+	[uwe, ticket #1534]
+
+sys/net/if_mpls.c1.31-1.33 via patch
+sys/netmpls/mpls_ttl.c1.9 via patch
+
+   	Fix several memory corruptions and inconsistencies in MPLS.
+	[maxv, ticket #1535]
+
+sys/netipsec/ipsec_input.c			1.57-1.58
+
+	Fix out-of-bounds read.
+	[maxv, ticket #1536]
+
+sys/dev/ppbus/if_plip.c1.28
+
+	Fix spl leak.
+	[msaitoh, ticket #1537]
+
+share/man/man4/altq.41.3
+
+	Update URL for the cited paper
+	[sevan, ticket #1538]
+

CVS commit: [netbsd-6] src/doc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 18:06:22 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
1516, 1518-1520, 1522, 1532-1538


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.326 -r1.1.2.327 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/share/man/man4

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:52:37 UTC 2018

Modified Files:
src/share/man/man4 [netbsd-6]: altq.4

Log Message:
Pull up following revision(s) (requested by sevan in ticket #1538):
share/man/man4/altq.4: 1.3
Update URL for the cited paper


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.4.1 src/share/man/man4/altq.4

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/share/man/man4/altq.4
diff -u src/share/man/man4/altq.4:1.2 src/share/man/man4/altq.4:1.2.4.1
--- src/share/man/man4/altq.4:1.2	Thu Jun 23 07:47:22 2011
+++ src/share/man/man4/altq.4	Tue Mar 13 17:52:37 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: altq.4,v 1.2 2011/06/23 07:47:22 wiz Exp $
+.\" $NetBSD: altq.4,v 1.2.4.1 2018/03/13 17:52:37 snj Exp $
 .\"
 .\" Copyright (c) 2011 Jukka Ruohonen 
 .\"
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 .\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd June 22, 2011
+.Dd March 08, 2018
 .Dt ALTQ 4
 .Os
 .Sh NAME
@@ -77,7 +77,7 @@ are required in order to use a certain n
 .%D March, 2004
 .%C Taipei, Taiwan
 .%O Asia BSD conference
-.%U http://www.sonycsl.co.jp/~kjc/papers/fittingtheory.pdf
+.%U http://www.sonycsl.co.jp/person/kjc/papers/fittingtheory.pdf
 .Re
 .\" .Sh HISTORY
 .\"

CVS commit: [netbsd-6] src/share/man/man4

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:52:37 UTC 2018

Modified Files:
src/share/man/man4 [netbsd-6]: altq.4

Log Message:
Pull up following revision(s) (requested by sevan in ticket #1538):
share/man/man4/altq.4: 1.3
Update URL for the cited paper


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.4.1 src/share/man/man4/altq.4

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/dev/ppbus

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:48:21 UTC 2018

Modified Files:
src/sys/dev/ppbus [netbsd-6]: if_plip.c

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1537):
sys/dev/ppbus/if_plip.c: 1.28
spl leak, found by Mootja


To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.24.14.1 src/sys/dev/ppbus/if_plip.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/ppbus/if_plip.c
diff -u src/sys/dev/ppbus/if_plip.c:1.24 src/sys/dev/ppbus/if_plip.c:1.24.14.1
--- src/sys/dev/ppbus/if_plip.c:1.24	Mon Apr  5 07:21:47 2010
+++ src/sys/dev/ppbus/if_plip.c	Tue Mar 13 17:48:21 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: if_plip.c,v 1.24 2010/04/05 07:21:47 joerg Exp $ */
+/* $NetBSD: if_plip.c,v 1.24.14.1 2018/03/13 17:48:21 snj Exp $ */
 
 /*-
  * Copyright (c) 1997 Poul-Henning Kamp
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if_plip.c,v 1.24 2010/04/05 07:21:47 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_plip.c,v 1.24.14.1 2018/03/13 17:48:21 snj Exp $");
 
 /*
  * Parallel port TCP/IP interfaces added.  I looked at the driver from
@@ -445,6 +445,7 @@ lpioctl(struct ifnet *ifp, u_long cmd, v
 		case AF_INET:
 			break;
 		default:
+			splx(s);
 			return EAFNOSUPPORT;
 		}
 		break;

CVS commit: [netbsd-6] src/sys/dev/ppbus

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:48:21 UTC 2018

Modified Files:
src/sys/dev/ppbus [netbsd-6]: if_plip.c

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1537):
sys/dev/ppbus/if_plip.c: 1.28
spl leak, found by Mootja


To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.24.14.1 src/sys/dev/ppbus/if_plip.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netipsec

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:47:14 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: ipsec_input.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1536):
sys/netipsec/ipsec_input.c: 1.57-1.58
Extend these #ifdef notyet. The m_copydata's in these branches are wrong,
we are not guaranteed to have enough room for another struct ip, and we
may crash here. Triggerable remotely, but after authentication, by sending
an AH packet that has a one-byte-sized IPIP payload.
--
Argh, in my previous commit in this file I forgot to fix the IPv6
entry point; apply the same fix there.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.2.1 src/sys/netipsec/ipsec_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netipsec

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:47:14 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: ipsec_input.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1536):
sys/netipsec/ipsec_input.c: 1.57-1.58
Extend these #ifdef notyet. The m_copydata's in these branches are wrong,
we are not guaranteed to have enough room for another struct ip, and we
may crash here. Triggerable remotely, but after authentication, by sending
an AH packet that has a one-byte-sized IPIP payload.
--
Argh, in my previous commit in this file I forgot to fix the IPv6
entry point; apply the same fix there.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.2.1 src/sys/netipsec/ipsec_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.29 src/sys/netipsec/ipsec_input.c:1.29.2.1
--- src/sys/netipsec/ipsec_input.c:1.29	Wed Jan 25 21:58:10 2012
+++ src/sys/netipsec/ipsec_input.c	Tue Mar 13 17:47:14 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_input.c,v 1.29 2012/01/25 21:58:10 drochner Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.29.2.1 2018/03/13 17:47:14 snj Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $	*/
 /*	$OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $	*/
 
@@ -39,7 +39,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.29 2012/01/25 21:58:10 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.29.2.1 2018/03/13 17:47:14 snj Exp $");
 
 /*
  * IPsec input processing.
@@ -332,14 +332,15 @@ ipsec4_common_input_cb(struct mbuf *m, s
 	ip->ip_len = htons(m->m_pkthdr.len);
 	prot = ip->ip_p;
 
+#ifdef notyet
 	/* IP-in-IP encapsulation */
 	if (prot == IPPROTO_IPIP) {
 		struct ip ipn;
 
 		/* ipn will now contain the inner IPv4 header */
+		/* XXX: check m_pkthdr.len */
 		m_copydata(m, ip->ip_hl << 2, sizeof(struct ip), );
 
-#ifdef notyet
 		/* XXX PROXY address isn't recorded in SAH */
 		/*
 		 * Check that the inner source address is the same as
@@ -367,7 +368,6 @@ ipsec4_common_input_cb(struct mbuf *m, s
 			error = EACCES;
 			goto bad;
 		}
-#endif /*XXX*/
 	}
 #if INET6
 	/* IPv6-in-IP encapsulation. */
@@ -375,9 +375,9 @@ ipsec4_common_input_cb(struct mbuf *m, s
 		struct ip6_hdr ip6n;
 
 		/* ip6n will now contain the inner IPv6 header. */
+		/* XXX: check m_pkthdr.len */
 		m_copydata(m, ip->ip_hl << 2, sizeof(struct ip6_hdr), );
 
-#ifdef notyet
 		/*
 		 * Check that the inner source address is the same as
 		 * the proxy address, if available.
@@ -403,9 +403,9 @@ ipsec4_common_input_cb(struct mbuf *m, s
 			error = EACCES;
 			goto bad;
 		}
-#endif /*XXX*/
 	}
 #endif /* INET6 */
+#endif /* notyet */
 
 	/*
 	 * Record what we've done to the packet (under what SA it was
@@ -651,15 +651,16 @@ ipsec6_common_input_cb(struct mbuf *m, s
 	/* Save protocol */
 	m_copydata(m, protoff, 1, );
 
+#ifdef notyet
 #ifdef INET
 	/* IP-in-IP encapsulation */
 	if (prot == IPPROTO_IPIP) {
 		struct ip ipn;
 
 		/* ipn will now contain the inner IPv4 header */
+		/* XXX: check m_pkthdr.len */
 		m_copydata(m, skip, sizeof(struct ip), );
 
-#ifdef notyet
 		/*
 		 * Check that the inner source address is the same as
 		 * the proxy address, if available.
@@ -683,18 +684,16 @@ ipsec6_common_input_cb(struct mbuf *m, s
 			error = EACCES;
 			goto bad;
 		}
-#endif /*XXX*/
 	}
 #endif /* INET */
-
 	/* IPv6-in-IP encapsulation */
 	if (prot == IPPROTO_IPV6) {
 		struct ip6_hdr ip6n;
 
 		/* ip6n will now contain the inner IPv6 header. */
+		/* XXX: check m_pkthdr.len */
 		m_copydata(m, skip, sizeof(struct ip6_hdr), );
 
-#ifdef notyet
 		/*
 		 * Check that the inner source address is the same as
 		 * the proxy address, if available.
@@ -719,8 +718,8 @@ ipsec6_common_input_cb(struct mbuf *m, s
 			error = EACCES;
 			goto bad;
 		}
-#endif /*XXX*/
 	}
+#endif /* notyet */
 
 	/*
 	 * Record what we've done to the packet (under what SA it was

CVS commit: [netbsd-6] src/sys

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:42:41 UTC 2018

Modified Files:
src/sys/net [netbsd-6]: if_mpls.c
src/sys/netmpls [netbsd-6]: mpls_ttl.c

Log Message:
Pull up following revision(s) (requested by uwe in ticket #1534):
sys/net/if_mpls.c: 1.31-1.33 via patch
sys/netmpls/mpls_ttl.c: 1.9 via patch
Style, and fix several bugs:
 - ip4_check(), mpls_unlabel_inet() and mpls_unlabel_inet6() perform
   pullups, so we need to pass the updated pointers back
 - in mpls_lse() the route is not always freed
Looks a little better now.
--
Kick MPLS packets earlier.
--
Several changes:
 * In mpls_unlabel_inet, copy the label locally. It's not incorrect to
   keep a pointer on the mbuf, but it's bug-friendly.
 * In mpls_label_inetX, fix the length check. Meanwhile add an XXX: we
   just want to make sure that m_copydata won't fail, but if we were
   guaranteed that m has M_PKTHDR set, we could simply check the length
   against m->m_pkthdr.len.


To generate a diff of this commit:
cvs rdiff -u -r1.8.8.1 -r1.8.8.2 src/sys/net/if_mpls.c
cvs rdiff -u -r1.3 -r1.3.18.1 src/sys/netmpls/mpls_ttl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_mpls.c
diff -u src/sys/net/if_mpls.c:1.8.8.1 src/sys/net/if_mpls.c:1.8.8.2
--- src/sys/net/if_mpls.c:1.8.8.1	Tue Jul 30 03:05:39 2013
+++ src/sys/net/if_mpls.c	Tue Mar 13 17:42:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_mpls.c,v 1.8.8.1 2013/07/30 03:05:39 msaitoh Exp $ */
+/*	$NetBSD: if_mpls.c,v 1.8.8.2 2018/03/13 17:42:41 snj Exp $ */
 
 /*
  * Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if_mpls.c,v 1.8.8.1 2013/07/30 03:05:39 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_mpls.c,v 1.8.8.2 2018/03/13 17:42:41 snj Exp $");
 
 #include "opt_inet.h"
 #include "opt_mpls.h"
@@ -83,12 +83,12 @@ static int mpls_send_frame(struct mbuf *
 static int mpls_lse(struct mbuf *);
 
 #ifdef INET
-static int mpls_unlabel_inet(struct mbuf *);
+static struct mbuf *mpls_unlabel_inet(struct mbuf *, int *error);
 static struct mbuf *mpls_label_inet(struct mbuf *, union mpls_shim *, uint);
 #endif
 
 #ifdef INET6
-static int mpls_unlabel_inet6(struct mbuf *);
+static struct mbuf *mpls_unlabel_inet6(struct mbuf *, int *error);
 static struct mbuf *mpls_label_inet6(struct mbuf *, union mpls_shim *, uint);
 #endif
 
@@ -308,6 +308,12 @@ mpls_lse(struct mbuf *m)
 	int error = ENOBUFS;
 	uint psize = sizeof(struct sockaddr_mpls);
 
+	/* If we're not accepting MPLS frames, leave now. */
+	if (!mpls_accept) {
+		error = EINVAL;
+		goto done;
+	}
+
 	if (m->m_len < sizeof(union mpls_shim) &&
 	(m = m_pullup(m, sizeof(union mpls_shim))) == NULL)
 		goto done;
@@ -316,10 +322,7 @@ mpls_lse(struct mbuf *m)
 	dst.smpls_family = AF_MPLS;
 	dst.smpls_addr.s_addr = ntohl(mtod(m, union mpls_shim *)->s_addr);
 
-	/* Check if we're accepting MPLS Frames */
 	error = EINVAL;
-	if (!mpls_accept)
-		goto done;
 
 	/* TTL decrement */
 	if ((m = mpls_ttl_dec(m)) == NULL)
@@ -331,15 +334,17 @@ mpls_lse(struct mbuf *m)
 #ifdef INET
 		case MPLS_LABEL_IPV4NULL:
 			/* Pop shim and push mbuf to IP stack */
-			if (dst.smpls_addr.shim.bos)
-error = mpls_unlabel_inet(m);
+			if (dst.smpls_addr.shim.bos) {
+m = mpls_unlabel_inet(m, );
+			}
 			break;
 #endif
 #ifdef INET6
 		case MPLS_LABEL_IPV6NULL:
 			/* Pop shim and push mbuf to IPv6 stack */
-			if (dst.smpls_addr.shim.bos)
-error = mpls_unlabel_inet6(m);
+			if (dst.smpls_addr.shim.bos) {
+m = mpls_unlabel_inet6(m, );
+			}
 			break;
 #endif
 		case MPLS_LABEL_RTALERT:	/* Yeah, I'm all alerted */
@@ -393,8 +398,10 @@ mpls_lse(struct mbuf *m)
 		tshim.shim.bos = tshim.shim.exp = 0;
 		tshim.shim.ttl = mpls_defttl;
 		if (tshim.shim.label != MPLS_LABEL_IMPLNULL &&
-		((m = mpls_prepend_shim(m, )) == NULL))
-			return ENOBUFS;
+		((m = mpls_prepend_shim(m, )) == NULL)) {
+			error = ENOBUFS;
+			goto done;
+		}
 		psize += sizeof(tshim);
 	}
 
@@ -439,11 +446,9 @@ mpls_send_frame(struct mbuf *m, struct i
 	return 0;
 }
 
-
-
 #ifdef INET
-static int
-mpls_unlabel_inet(struct mbuf *m)
+static struct mbuf *
+mpls_unlabel_inet(struct mbuf *m, int *error)
 {
 	int s, iphlen;
 	struct ip *iph;
@@ -451,7 +456,6 @@ mpls_unlabel_inet(struct mbuf *m)
 	struct ifqueue *inq;
 
 	if (mpls_mapttl_inet || mpls_mapprec_inet) {
-
 		/* get shim info */
 		ms = mtod(m, union mpls_shim *);
 		ms->s_addr = ntohl(ms->s_addr);
@@ -460,23 +464,29 @@ mpls_unlabel_inet(struct mbuf *m)
 		m_adj(m, sizeof(union mpls_shim));
 
 		/* get ip header */
-		if (m->m_len < sizeof (struct ip) &&
-		(m = m_pullup(m, sizeof(struct ip))) == NULL)
-			return ENOBUFS;
+		if (m->m_len < sizeof(struct ip) &&
+		(m = m_pullup(m, sizeof(struct ip))) == NULL) {
+			*error = ENOBUFS;
+			return NULL;
+		}
+
 		iph = mtod(m, struct ip *);
 		iphlen = 

CVS commit: [netbsd-6] src/sys

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:42:41 UTC 2018

Modified Files:
src/sys/net [netbsd-6]: if_mpls.c
src/sys/netmpls [netbsd-6]: mpls_ttl.c

Log Message:
Pull up following revision(s) (requested by uwe in ticket #1534):
sys/net/if_mpls.c: 1.31-1.33 via patch
sys/netmpls/mpls_ttl.c: 1.9 via patch
Style, and fix several bugs:
 - ip4_check(), mpls_unlabel_inet() and mpls_unlabel_inet6() perform
   pullups, so we need to pass the updated pointers back
 - in mpls_lse() the route is not always freed
Looks a little better now.
--
Kick MPLS packets earlier.
--
Several changes:
 * In mpls_unlabel_inet, copy the label locally. It's not incorrect to
   keep a pointer on the mbuf, but it's bug-friendly.
 * In mpls_label_inetX, fix the length check. Meanwhile add an XXX: we
   just want to make sure that m_copydata won't fail, but if we were
   guaranteed that m has M_PKTHDR set, we could simply check the length
   against m->m_pkthdr.len.


To generate a diff of this commit:
cvs rdiff -u -r1.8.8.1 -r1.8.8.2 src/sys/net/if_mpls.c
cvs rdiff -u -r1.3 -r1.3.18.1 src/sys/netmpls/mpls_ttl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/lib/libc/arch/powerpc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:27:39 UTC 2018

Modified Files:
src/lib/libc/arch/powerpc [netbsd-6]: genassym.cf
src/lib/libc/arch/powerpc/gen [netbsd-6]: swapcontext.S

Log Message:
Pull up following revision(s) (requested by uwe in ticket #1534):
lib/libc/arch/powerpc/genassym.cf: 1.5 via patch
lib/libc/arch/powerpc/gen/swapcontext.S: 1.8 via patch
PIC code clobbers %r30 so we need to update the saved oucp with
caller's %r30 manually.  Makes old context happy when it needs to do
more function calls after restore.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.3.8.1 src/lib/libc/arch/powerpc/genassym.cf
cvs rdiff -u -r1.6 -r1.6.8.1 src/lib/libc/arch/powerpc/gen/swapcontext.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/lib/libc/arch/powerpc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:27:39 UTC 2018

Modified Files:
src/lib/libc/arch/powerpc [netbsd-6]: genassym.cf
src/lib/libc/arch/powerpc/gen [netbsd-6]: swapcontext.S

Log Message:
Pull up following revision(s) (requested by uwe in ticket #1534):
lib/libc/arch/powerpc/genassym.cf: 1.5 via patch
lib/libc/arch/powerpc/gen/swapcontext.S: 1.8 via patch
PIC code clobbers %r30 so we need to update the saved oucp with
caller's %r30 manually.  Makes old context happy when it needs to do
more function calls after restore.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.3.8.1 src/lib/libc/arch/powerpc/genassym.cf
cvs rdiff -u -r1.6 -r1.6.8.1 src/lib/libc/arch/powerpc/gen/swapcontext.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/lib/libc/arch/powerpc/genassym.cf
diff -u src/lib/libc/arch/powerpc/genassym.cf:1.3 src/lib/libc/arch/powerpc/genassym.cf:1.3.8.1
--- src/lib/libc/arch/powerpc/genassym.cf:1.3	Tue Jan 18 01:23:24 2011
+++ src/lib/libc/arch/powerpc/genassym.cf	Tue Mar 13 17:27:39 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: genassym.cf,v 1.3 2011/01/18 01:23:24 matt Exp $
+#	$NetBSD: genassym.cf,v 1.3.8.1 2018/03/13 17:27:39 snj Exp $
 
 #
 # Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -42,6 +42,7 @@ define CALLFRAME_R31	offsetof(struct cal
 
 define UC_GREGS_R1	offsetof(ucontext_t, uc_mcontext.__gregs[_REG_R1])
 define UC_GREGS_R3	offsetof(ucontext_t, uc_mcontext.__gregs[_REG_R3])
+define UC_GREGS_R30	offsetof(ucontext_t, uc_mcontext.__gregs[_REG_R30])
 define UC_GREGS_PC	offsetof(ucontext_t, uc_mcontext.__gregs[_REG_PC])
 
 define SIG_BLOCK	SIG_BLOCK

Index: src/lib/libc/arch/powerpc/gen/swapcontext.S
diff -u src/lib/libc/arch/powerpc/gen/swapcontext.S:1.6 src/lib/libc/arch/powerpc/gen/swapcontext.S:1.6.8.1
--- src/lib/libc/arch/powerpc/gen/swapcontext.S:1.6	Sun Jan 16 02:43:10 2011
+++ src/lib/libc/arch/powerpc/gen/swapcontext.S	Tue Mar 13 17:27:39 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: swapcontext.S,v 1.6 2011/01/16 02:43:10 matt Exp $	*/
+/*	$NetBSD: swapcontext.S,v 1.6.8.1 2018/03/13 17:27:39 snj Exp $	*/
 
 /*-
  * Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
 #include "SYS.h"
 #include "assym.h"
 
-__RCSID("$NetBSD: swapcontext.S,v 1.6 2011/01/16 02:43:10 matt Exp $")
+__RCSID("$NetBSD: swapcontext.S,v 1.6.8.1 2018/03/13 17:27:39 snj Exp $")
 
 #define	XCALLFRAMELEN	(((2+3)*SZREG + CALLFRAMELEN - 1) & -CALLFRAMELEN)
 #define	XCALLFRAME_R30	(XCALLFRAMELEN-1*SZREG)
@@ -57,6 +57,10 @@ ENTRY(swapcontext)
 	stw	%r0,UC_GREGS_PC(%r11)		# pc <- lr
 	addi	%r0,%r1,XCALLFRAMELEN
 	stw	%r0,UC_GREGS_R1(%r11)		# adjust sp
+#ifdef PIC
+	lwz	%r0,XCALLFRAME_R30(%r1)
+	stw	%r0,UC_GREGS_R30(%r11)		# caller's r30
+#endif
 	lwz	%r3,XCALLFRAME_UCP(%r1)		# load ucp
 	bl	PIC_PLT(_C_LABEL(setcontext))	# setcontext(ucp)
 1:

CVS commit: [netbsd-6] src/sys/dev/sbus

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:20:25 UTC 2018

Modified Files:
src/sys/dev/sbus [netbsd-6]: be.c

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1533):
sys/dev/sbus/be.c: 1.86
spl leak, found by Mootja a long time ago


To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.78.2.1 src/sys/dev/sbus/be.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/sbus/be.c
diff -u src/sys/dev/sbus/be.c:1.78 src/sys/dev/sbus/be.c:1.78.2.1
--- src/sys/dev/sbus/be.c:1.78	Thu Feb  2 19:43:06 2012
+++ src/sys/dev/sbus/be.c	Tue Mar 13 17:20:25 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: be.c,v 1.78 2012/02/02 19:43:06 tls Exp $	*/
+/*	$NetBSD: be.c,v 1.78.2.1 2018/03/13 17:20:25 snj Exp $	*/
 
 /*-
  * Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: be.c,v 1.78 2012/02/02 19:43:06 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: be.c,v 1.78.2.1 2018/03/13 17:20:25 snj Exp $");
 
 #include "opt_ddb.h"
 #include "opt_inet.h"
@@ -1126,6 +1126,7 @@ beinit(struct ifnet *ifp)
 
 	callout_reset(>sc_tick_ch, hz, be_tick, sc);
 
+	splx(s);
 	return 0;
 out:
 	splx(s);

CVS commit: [netbsd-6] src/sys/dev/sbus

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:20:25 UTC 2018

Modified Files:
src/sys/dev/sbus [netbsd-6]: be.c

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1533):
sys/dev/sbus/be.c: 1.86
spl leak, found by Mootja a long time ago


To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.78.2.1 src/sys/dev/sbus/be.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netipsec

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:18:16 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: xform_ah.c xform_esp.c xform_ipip.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1532):
sys/netipsec/xform_ah.c: 1.77 via patch
sys/netipsec/xform_esp.c: 1.73 via patch
sys/netipsec/xform_ipip.c: 1.56-1.57 via patch
Reinforce and clarify.
--
Add missing NULL check. Normally that's not triggerable remotely, since we
are guaranteed that 8 bytes are valid at mbuf+skip.
--
Fix use-after-free. There is a path where the mbuf gets pulled up without
a proper mtod afterwards:
218 ipo = mtod(m, struct ip *);
281 m = m_pullup(m, hlen);
232 ipo->ip_src.s_addr
Found by Mootja.
Meanwhile it seems to me that 'ipo' should be set to NULL if the inner
packet is IPv6, but I'll revisit that later.
--
As I said in my last commit in this file, ipo should be set to NULL;
otherwise the 'local address spoofing' check below is always wrong on
IPv6.


To generate a diff of this commit:
cvs rdiff -u -r1.37.2.3 -r1.37.2.4 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.40 -r1.40.2.1 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.28.8.1 -r1.28.8.2 src/sys/netipsec/xform_ipip.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.37.2.3 src/sys/netipsec/xform_ah.c:1.37.2.4
--- src/sys/netipsec/xform_ah.c:1.37.2.3	Thu Feb 15 16:49:04 2018
+++ src/sys/netipsec/xform_ah.c	Tue Mar 13 17:18:15 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ah.c,v 1.37.2.3 2018/02/15 16:49:04 martin Exp $	*/
+/*	$NetBSD: xform_ah.c,v 1.37.2.4 2018/03/13 17:18:15 snj Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@@ -39,7 +39,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.2.3 2018/02/15 16:49:04 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.2.4 2018/03/13 17:18:15 snj Exp $");
 
 #include "opt_inet.h"
 #ifdef __FreeBSD__
@@ -498,54 +498,45 @@ ah_massage_headers(struct mbuf **m0, int
 
 		nxt = ip6.ip6_nxt & 0xff; /* Next header type. */
 
-		for (off = 0; off < skip - sizeof(struct ip6_hdr);)
+		for (off = 0; off < skip - sizeof(struct ip6_hdr);) {
+			int noff;
+
 			switch (nxt) {
 			case IPPROTO_HOPOPTS:
 			case IPPROTO_DSTOPTS:
-ip6e = (struct ip6_ext *) (ptr + off);
+ip6e = (struct ip6_ext *)(ptr + off);
+noff = off + ((ip6e->ip6e_len + 1) << 3);
+
+/* Sanity check. */
+if (noff > skip - sizeof(struct ip6_hdr)) {
+	goto error6;
+}
 
 /*
- * Process the mutable/immutable
- * options -- borrows heavily from the
- * KAME code.
+ * Zero out mutable options.
  */
 for (count = off + sizeof(struct ip6_ext);
- count < off + ((ip6e->ip6e_len + 1) << 3);) {
+ count < noff;) {
 	if (ptr[count] == IP6OPT_PAD1) {
 		count++;
-		continue; /* Skip padding. */
-	}
-
-	/* Sanity check. */
-	if (count > off +
-	((ip6e->ip6e_len + 1) << 3)) {
-		m_freem(m);
-
-		/* Free, if we allocated. */
-		if (alloc)
-			free(ptr, M_XDATA);
-		return EINVAL;
+		continue;
 	}
 
 	ad = ptr[count + 1] + 2;
 
-	/* If mutable option, zeroize. */
-	if (ptr[count] & IP6OPT_MUTABLE)
-		memcpy(ptr + count, ipseczeroes,
-		ad);
+	if (count + ad > noff) {
+		goto error6;
+	}
+
+	if (ptr[count] & IP6OPT_MUTABLE) {
+		memset(ptr + count, 0, ad);
+	}
 
 	count += ad;
+}
 
-	/* Sanity check. */
-	if (count >
-	skip - sizeof(struct ip6_hdr)) {
-		m_freem(m);
-
-		/* Free, if we allocated. */
-		if (alloc)
-			free(ptr, M_XDATA);
-		return EINVAL;
-	}
+if (count != noff) {
+	goto error6;
 }
 
 /* Advance. */
@@ -603,11 +594,13 @@ ah_massage_headers(struct mbuf **m0, int
 			default:
 DPRINTF(("ah_massage_headers: unexpected "
 "IPv6 header type %d", off));
+error6:
 if (alloc)
 	free(ptr, M_XDATA);
 m_freem(m);
 return EINVAL;
 			}
+		}
 
 		/* Copyback and free, if we allocated. */
 		if (alloc) {

Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.40 src/sys/netipsec/xform_esp.c:1.40.2.1
--- src/sys/netipsec/xform_esp.c:1.40	Wed Jan 25 20:31:23 2012
+++ src/sys/netipsec/xform_esp.c	Tue Mar 13 17:18:15 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_esp.c,v 1.40 2012/01/25 20:31:23 drochner Exp $	*/
+/*	$NetBSD: xform_esp.c,v 1.40.2.1 2018/03/13 17:18:15 snj Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
 
@@ -39,7 +39,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.40 2012/01/25 20:31:23 

CVS commit: [netbsd-6] src/sys/netipsec

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:18:16 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: xform_ah.c xform_esp.c xform_ipip.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1532):
sys/netipsec/xform_ah.c: 1.77 via patch
sys/netipsec/xform_esp.c: 1.73 via patch
sys/netipsec/xform_ipip.c: 1.56-1.57 via patch
Reinforce and clarify.
--
Add missing NULL check. Normally that's not triggerable remotely, since we
are guaranteed that 8 bytes are valid at mbuf+skip.
--
Fix use-after-free. There is a path where the mbuf gets pulled up without
a proper mtod afterwards:
218 ipo = mtod(m, struct ip *);
281 m = m_pullup(m, hlen);
232 ipo->ip_src.s_addr
Found by Mootja.
Meanwhile it seems to me that 'ipo' should be set to NULL if the inner
packet is IPv6, but I'll revisit that later.
--
As I said in my last commit in this file, ipo should be set to NULL;
otherwise the 'local address spoofing' check below is always wrong on
IPv6.


To generate a diff of this commit:
cvs rdiff -u -r1.37.2.3 -r1.37.2.4 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.40 -r1.40.2.1 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.28.8.1 -r1.28.8.2 src/sys/netipsec/xform_ipip.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/arch/macppc/dev

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:09:15 UTC 2018

Modified Files:
src/sys/arch/macppc/dev [netbsd-6]: snapper.c

Log Message:
Pull up following revision(s) (requested by sevan in ticket #1522):
sys/arch/macppc/dev/snapper.c: 1.42
Fix issue with audio being downpitched, thanks to 
"it seems that snapper_init should be called before audio_attach_mi, as
snapper
init is setting the rate to 44100 after the hardware format has been
configured
by audio_attach_mi.
audio_attach_mi should be the last thing called during an attach of an audio
device so the audio device is ready to be configured when audio_attach_mi is
called."
Resolves PR port-macppc/52949


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.38.4.1 src/sys/arch/macppc/dev/snapper.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/macppc/dev/snapper.c
diff -u src/sys/arch/macppc/dev/snapper.c:1.38 src/sys/arch/macppc/dev/snapper.c:1.38.4.1
--- src/sys/arch/macppc/dev/snapper.c:1.38	Thu Nov 24 03:35:57 2011
+++ src/sys/arch/macppc/dev/snapper.c	Tue Mar 13 17:09:15 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: snapper.c,v 1.38 2011/11/24 03:35:57 mrg Exp $	*/
+/*	$NetBSD: snapper.c,v 1.38.4.1 2018/03/13 17:09:15 snj Exp $	*/
 /*	Id: snapper.c,v 1.11 2002/10/31 17:42:13 tsubai Exp	*/
 /*	Id: i2s.c,v 1.12 2005/01/15 14:32:35 tsubai Exp		*/
 
@@ -35,7 +35,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: snapper.c,v 1.38 2011/11/24 03:35:57 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: snapper.c,v 1.38.4.1 2018/03/13 17:09:15 snj Exp $");
 
 #include 
 #include 
@@ -839,10 +839,10 @@ snapper_defer(device_t dev)
 		break;
 	}
 
-	audio_attach_mi(_hw_if, sc, sc->sc_dev);
-
 	/* ki2c_setmode(sc->sc_i2c, I2C_STDSUBMODE); */
 	snapper_init(sc, sc->sc_node);
+
+	audio_attach_mi(_hw_if, sc, sc->sc_dev);
 }
 
 static int

CVS commit: [netbsd-6] src/sys/arch/macppc/dev

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:09:15 UTC 2018

Modified Files:
src/sys/arch/macppc/dev [netbsd-6]: snapper.c

Log Message:
Pull up following revision(s) (requested by sevan in ticket #1522):
sys/arch/macppc/dev/snapper.c: 1.42
Fix issue with audio being downpitched, thanks to 
"it seems that snapper_init should be called before audio_attach_mi, as
snapper
init is setting the rate to 44100 after the hardware format has been
configured
by audio_attach_mi.
audio_attach_mi should be the last thing called during an attach of an audio
device so the audio device is ready to be configured when audio_attach_mi is
called."
Resolves PR port-macppc/52949


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.38.4.1 src/sys/arch/macppc/dev/snapper.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/bin/ksh

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:01:57 UTC 2018

Modified Files:
src/bin/ksh [netbsd-6]: history.c

Log Message:
Pull up following revision(s) (requested by maya in ticket #1520):
bin/ksh/history.c: 1.18
Use 0600 as the mode for histfile here too.
pointed out by John D. Baker in PR bin/52480


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.11.4.1 src/bin/ksh/history.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/bin/ksh

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 17:01:57 UTC 2018

Modified Files:
src/bin/ksh [netbsd-6]: history.c

Log Message:
Pull up following revision(s) (requested by maya in ticket #1520):
bin/ksh/history.c: 1.18
Use 0600 as the mode for histfile here too.
pointed out by John D. Baker in PR bin/52480


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.11.4.1 src/bin/ksh/history.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/bin/ksh/history.c
diff -u src/bin/ksh/history.c:1.11 src/bin/ksh/history.c:1.11.4.1
--- src/bin/ksh/history.c:1.11	Wed Aug 31 16:24:54 2011
+++ src/bin/ksh/history.c	Tue Mar 13 17:01:57 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: history.c,v 1.11 2011/08/31 16:24:54 plunky Exp $	*/
+/*	$NetBSD: history.c,v 1.11.4.1 2018/03/13 17:01:57 snj Exp $	*/
 
 /*
  * command history
@@ -19,7 +19,7 @@
 #include 
 
 #ifndef lint
-__RCSID("$NetBSD: history.c,v 1.11 2011/08/31 16:24:54 plunky Exp $");
+__RCSID("$NetBSD: history.c,v 1.11.4.1 2018/03/13 17:01:57 snj Exp $");
 #endif
 
 
@@ -757,7 +757,7 @@ hist_finish()
   else
 hp = histlist;
 
-  fd = open(hname, O_WRONLY | O_CREAT | O_TRUNC | O_EXLOCK, 0777);
+  fd = open(hname, O_WRONLY | O_CREAT | O_TRUNC | O_EXLOCK, 0600);
   /* Remove anything written before we got the lock */
   ftruncate(fd, 0);
   if (fd >= 0 && (fh = fdopen(fd, "w"))) {

CVS commit: [netbsd-6] src/sys/arch/sparc/sparc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 16:48:05 UTC 2018

Modified Files:
src/sys/arch/sparc/sparc [netbsd-6]: timer.c timer_sun4m.c timerreg.h

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1519):
sys/arch/sparc/sparc/timer_sun4m.c: 1.33 1.34 1.31
sys/arch/sparc/sparc/timer.c: 1.33
sys/arch/sparc/sparc/timer.c: 1.33 1.34
sys/arch/sparc/sparc/timerreg.h: 1.33 1.34 1.31 1.10
fix time goes backwards problems on sparc.
there are a few things here:
- there's a race between reading the limit register (which clears
  the interrupt and the limit bit) and increasing the latest offset.
  this can happen easily if an interrupt comes between the read and
  the call to tickle_tc() that increases the offset (i obverved this
  actually happening.)
- in early boot, sometimes the counter can cycle twice before the
  tickle happens.
to handle these issues, add two workarounds:
- if the limit bit isn't set, but the counter value is less than
  the previous value, and the offset hasn't changed, use the same
  fixup as if the limit bit was set.  this handles the first case
  above.
- add a hard-workaround for never allowing returning a smaller
  value (except during 32 bit overflow): if the result is less than
  the last result, add fixups until it does (or until it would
  overflow.)
the first workaround fixes general run-time issues, and the second
fixes issues only seen during boot.
also expand some comments in timer_sun4m.c and re-enable the sun4m
sub-microsecond tmr_ustolim4m() support (but it's always called with
at least 'tick' microseconds, so the end result is the same.)
fix hang at 4B microseconds (1h12 or so), and simplify part of the previous


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.8.1 src/sys/arch/sparc/sparc/timer.c
cvs rdiff -u -r1.28 -r1.28.8.1 src/sys/arch/sparc/sparc/timer_sun4m.c
cvs rdiff -u -r1.9 -r1.9.118.1 src/sys/arch/sparc/sparc/timerreg.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/arch/sparc/sparc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 16:48:05 UTC 2018

Modified Files:
src/sys/arch/sparc/sparc [netbsd-6]: timer.c timer_sun4m.c timerreg.h

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1519):
sys/arch/sparc/sparc/timer_sun4m.c: 1.33 1.34 1.31
sys/arch/sparc/sparc/timer.c: 1.33
sys/arch/sparc/sparc/timer.c: 1.33 1.34
sys/arch/sparc/sparc/timerreg.h: 1.33 1.34 1.31 1.10
fix time goes backwards problems on sparc.
there are a few things here:
- there's a race between reading the limit register (which clears
  the interrupt and the limit bit) and increasing the latest offset.
  this can happen easily if an interrupt comes between the read and
  the call to tickle_tc() that increases the offset (i obverved this
  actually happening.)
- in early boot, sometimes the counter can cycle twice before the
  tickle happens.
to handle these issues, add two workarounds:
- if the limit bit isn't set, but the counter value is less than
  the previous value, and the offset hasn't changed, use the same
  fixup as if the limit bit was set.  this handles the first case
  above.
- add a hard-workaround for never allowing returning a smaller
  value (except during 32 bit overflow): if the result is less than
  the last result, add fixups until it does (or until it would
  overflow.)
the first workaround fixes general run-time issues, and the second
fixes issues only seen during boot.
also expand some comments in timer_sun4m.c and re-enable the sun4m
sub-microsecond tmr_ustolim4m() support (but it's always called with
at least 'tick' microseconds, so the end result is the same.)
fix hang at 4B microseconds (1h12 or so), and simplify part of the previous


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.8.1 src/sys/arch/sparc/sparc/timer.c
cvs rdiff -u -r1.28 -r1.28.8.1 src/sys/arch/sparc/sparc/timer_sun4m.c
cvs rdiff -u -r1.9 -r1.9.118.1 src/sys/arch/sparc/sparc/timerreg.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/sparc/sparc/timer.c
diff -u src/sys/arch/sparc/sparc/timer.c:1.29 src/sys/arch/sparc/sparc/timer.c:1.29.8.1
--- src/sys/arch/sparc/sparc/timer.c:1.29	Sun Jul 17 23:18:23 2011
+++ src/sys/arch/sparc/sparc/timer.c	Tue Mar 13 16:48:05 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: timer.c,v 1.29 2011/07/17 23:18:23 mrg Exp $ */
+/*	$NetBSD: timer.c,v 1.29.8.1 2018/03/13 16:48:05 snj Exp $ */
 
 /*
  * Copyright (c) 1992, 1993
@@ -60,7 +60,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: timer.c,v 1.29 2011/07/17 23:18:23 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: timer.c,v 1.29.8.1 2018/03/13 16:48:05 snj Exp $");
 
 #include 
 #include 
@@ -83,56 +83,93 @@ static u_int timer_get_timecount(struct 
  * timecounter local state
  */
 static struct counter {
-	volatile u_int *cntreg;	/* counter register */
+	__cpu_simple_lock_t lock; /* protects access to offset, reg, last* */
+	volatile u_int *cntreg;	/* counter register to read */
 	u_int limit;		/* limit we count up to */
 	u_int offset;		/* accumulated offet due to wraps */
 	u_int shift;		/* scaling for valid bits */
 	u_int mask;		/* valid bit mask */
-} cntr;
+	u_int lastcnt;		/* the last* values are used to notice */
+	u_int lastres;		/* and fix up cases where it would appear */
+	u_int lastoffset;	/* time went backwards. */
+} cntr __aligned(CACHE_LINE_SIZE);
 
 /*
  * define timecounter
  */
 
 static struct timecounter counter_timecounter = {
-	timer_get_timecount,	/* get_timecount */
-	0,			/* no poll_pps */
-	~0u,			/* counter_mask */
-	0,  /* frequency - set at initialisation */
-	"timer-counter",	/* name */
-	100,			/* quality */
-/* private reference */
+	.tc_get_timecount =	timer_get_timecount,
+	.tc_poll_pps =		NULL,
+	.tc_counter_mask =	~0u,
+	.tc_frequency =		0,
+	.tc_name =		"timer-counter",
+	.tc_quality =		100,
+	.tc_priv =		,
 };
 
 /*
  * timer_get_timecount provide current counter value
  */
+__attribute__((__optimize__("Os")))
 static u_int
 timer_get_timecount(struct timecounter *tc)
 {
-	struct counter *ctr = (struct counter *)tc->tc_priv;
-
-	u_int c, res, r;
+	u_int cnt, res, fixup, offset;
 	int s;
 
-
+	/*
+	 * We use splhigh/__cpu_simple_lock here as we don't want
+	 * any mutex or lockdebug overhead.  The lock protects a
+	 * bunch of the members of cntr that are written here to
+	 * deal with the various minor races to be observed and
+	 * worked around.
+	 */
 	s = splhigh();
 
-	res = c = *ctr->cntreg;
+	__cpu_simple_lock();
+	res = cnt = *cntr.cntreg;
 
 	res  &= ~TMR_LIMIT;
+	offset = cntr.offset;
 
-	if (c != res) {
-		r = ctr->limit;
+	/*
+	 * There are 3 cases here:
+	 * - limit reached, interrupt not yet processed.
+	 * - count reset but offset the same, race between handling
+	 *   the interrupt and tickle_tc() updating the offset.
+	 * - normal case.
+	 *
+	 * For the first two cases, add the limit so 

CVS commit: [netbsd-6] src/sys/netinet6

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 16:43:06 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-6]: ip6_forward.c

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #1518):
sys/netinet6/ip6_forward.c: 1.89-1.90 via patch
Fix use-after-free of mbuf by ip6flow_create
This fixes recent failures of some ATF tests such as t_ipsec_tunnel_odd.
--
Fix use-after-free of mbuf by ip6flow_create (one more)


To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.69.2.1 src/sys/netinet6/ip6_forward.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netinet6

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 16:43:06 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-6]: ip6_forward.c

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #1518):
sys/netinet6/ip6_forward.c: 1.89-1.90 via patch
Fix use-after-free of mbuf by ip6flow_create
This fixes recent failures of some ATF tests such as t_ipsec_tunnel_odd.
--
Fix use-after-free of mbuf by ip6flow_create (one more)


To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.69.2.1 src/sys/netinet6/ip6_forward.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/ip6_forward.c
diff -u src/sys/netinet6/ip6_forward.c:1.69 src/sys/netinet6/ip6_forward.c:1.69.2.1
--- src/sys/netinet6/ip6_forward.c:1.69	Mon Dec 19 11:59:58 2011
+++ src/sys/netinet6/ip6_forward.c	Tue Mar 13 16:43:06 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_forward.c,v 1.69 2011/12/19 11:59:58 drochner Exp $	*/
+/*	$NetBSD: ip6_forward.c,v 1.69.2.1 2018/03/13 16:43:06 snj Exp $	*/
 /*	$KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.69 2011/12/19 11:59:58 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.69.2.1 2018/03/13 16:43:06 snj Exp $");
 
 #include "opt_gateway.h"
 #include "opt_ipsec.h"
@@ -645,8 +645,8 @@ ip6_forward(struct mbuf *m, int srcrt)
 			IP6_STATINC(IP6_STAT_REDIRECTSENT);
 		else {
 #ifdef GATEWAY
-			if (m->m_flags & M_CANFASTFWD)
-ip6flow_create(_forward_rt, m);
+			if (mcopy->m_flags & M_CANFASTFWD)
+ip6flow_create(_forward_rt, mcopy);
 #endif
 			if (mcopy)
 goto freecopy;

CVS commit: [netbsd-6] src/sys/dev

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 16:38:28 UTC 2018

Modified Files:
src/sys/dev [netbsd-6]: fss.c

Log Message:
Pull up following revision(s) (requested by hannken in ticket #1516):
sys/dev/fss.c: 1.101-1.103
Bounds check against media size for non-persistent snapshots.
--
Treat partial read from backing store as I/O error.
--
Pass residual back to b_resid for persistent snapshots.


To generate a diff of this commit:
cvs rdiff -u -r1.81.4.4 -r1.81.4.5 src/sys/dev/fss.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/fss.c
diff -u src/sys/dev/fss.c:1.81.4.4 src/sys/dev/fss.c:1.81.4.5
--- src/sys/dev/fss.c:1.81.4.4	Sat Aug 27 14:47:47 2016
+++ src/sys/dev/fss.c	Tue Mar 13 16:38:28 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: fss.c,v 1.81.4.4 2016/08/27 14:47:47 bouyer Exp $	*/
+/*	$NetBSD: fss.c,v 1.81.4.5 2018/03/13 16:38:28 snj Exp $	*/
 
 /*-
  * Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: fss.c,v 1.81.4.4 2016/08/27 14:47:47 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fss.c,v 1.81.4.5 2018/03/13 16:38:28 snj Exp $");
 
 #include 
 #include 
@@ -90,7 +90,7 @@ static void fss_softc_free(struct fss_so
 static int fss_read_cluster(struct fss_softc *, u_int32_t);
 static void fss_bs_thread(void *);
 static int fss_bs_io(struct fss_softc *, fss_io_type,
-u_int32_t, off_t, int, void *);
+u_int32_t, off_t, int, void *, size_t *);
 static u_int32_t *fss_bs_indir(struct fss_softc *, u_int32_t);
 
 static kmutex_t fss_device_lock;	/* Protect all units. */
@@ -266,20 +266,26 @@ fss_strategy(struct buf *bp)
 	mutex_enter(>sc_slock);
 
 	if (write || !FSS_ISVALID(sc)) {
-
-		mutex_exit(>sc_slock);
-
 		bp->b_error = (write ? EROFS : ENXIO);
-		bp->b_resid = bp->b_bcount;
-		biodone(bp);
-		return;
+		goto done;
 	}
+	/* Check bounds for non-persistent snapshots. */
+	if ((sc->sc_flags & FSS_PERSISTENT) == 0 &&
+	bounds_check_with_mediasize(bp, DEV_BSIZE,
+	btodb(FSS_CLTOB(sc, sc->sc_clcount - 1) + sc->sc_clresid)) <= 0)
+		goto done;
 
 	bp->b_rawblkno = bp->b_blkno;
 	bufq_put(sc->sc_bufq, bp);
 	cv_signal(>sc_work_cv);
 
 	mutex_exit(>sc_slock);
+	return;
+
+done:
+	mutex_exit(>sc_slock);
+	bp->b_resid = bp->b_bcount;
+	biodone(bp);
 }
 
 int
@@ -993,6 +999,8 @@ restart:
 		todo -= len;
 	}
 	error = biowait(mbp);
+	if (error == 0 && mbp->b_resid != 0)
+		error = EIO;
 	putiobuf(mbp);
 
 	mutex_enter(>sc_slock);
@@ -1014,7 +1022,7 @@ restart:
  */
 static int
 fss_bs_io(struct fss_softc *sc, fss_io_type rw,
-u_int32_t cl, off_t off, int len, void *data)
+u_int32_t cl, off_t off, int len, void *data, size_t *resid)
 {
 	int error;
 
@@ -1025,7 +1033,7 @@ fss_bs_io(struct fss_softc *sc, fss_io_t
 	error = vn_rdwr((rw == FSS_READ ? UIO_READ : UIO_WRITE), sc->sc_bs_vp,
 	data, len, off, UIO_SYSSPACE,
 	IO_ADV_ENCODE(POSIX_FADV_NOREUSE) | IO_NODELOCKED,
-	sc->sc_bs_lwp->l_cred, NULL, NULL);
+	sc->sc_bs_lwp->l_cred, resid, NULL);
 	if (error == 0) {
 		mutex_enter(sc->sc_bs_vp->v_interlock);
 		error = VOP_PUTPAGES(sc->sc_bs_vp, trunc_page(off),
@@ -1054,7 +1062,7 @@ fss_bs_indir(struct fss_softc *sc, u_int
 
 	if (sc->sc_indir_dirty) {
 		if (fss_bs_io(sc, FSS_WRITE, sc->sc_indir_cur, 0,
-		FSS_CLSIZE(sc), (void *)sc->sc_indir_data) != 0)
+		FSS_CLSIZE(sc), (void *)sc->sc_indir_data, NULL) != 0)
 			return NULL;
 		setbit(sc->sc_indir_valid, sc->sc_indir_cur);
 	}
@@ -1064,7 +1072,7 @@ fss_bs_indir(struct fss_softc *sc, u_int
 
 	if (isset(sc->sc_indir_valid, sc->sc_indir_cur)) {
 		if (fss_bs_io(sc, FSS_READ, sc->sc_indir_cur, 0,
-		FSS_CLSIZE(sc), (void *)sc->sc_indir_data) != 0)
+		FSS_CLSIZE(sc), (void *)sc->sc_indir_data, NULL) != 0)
 			return NULL;
 	} else
 		memset(sc->sc_indir_data, 0, FSS_CLSIZE(sc));
@@ -1085,6 +1093,7 @@ fss_bs_thread(void *arg)
 	long off;
 	char *addr;
 	u_int32_t c, cl, ch, *indirp;
+	size_t resid;
 	struct buf *bp, *nbp;
 	struct fss_softc *sc;
 	struct fss_cache *scp, *scl;
@@ -1121,14 +1130,18 @@ fss_bs_thread(void *arg)
 disk_busy(sc->sc_dkdev);
 error = fss_bs_io(sc, FSS_READ, 0,
 dbtob(bp->b_blkno), bp->b_bcount,
-bp->b_data);
+bp->b_data, );
+if (error)
+	resid = bp->b_bcount;
 disk_unbusy(sc->sc_dkdev,
 (error ? 0 : bp->b_bcount), is_read);
-			} else
+			} else {
 error = ENXIO;
+resid = bp->b_bcount;
+			}
 
 			bp->b_error = error;
-			bp->b_resid = (error ? bp->b_bcount : 0);
+			bp->b_resid = resid;
 			biodone(bp);
 
 			mutex_enter(>sc_slock);
@@ -1149,7 +1162,7 @@ fss_bs_thread(void *arg)
 			indirp = fss_bs_indir(sc, scp->fc_cluster);
 			if (indirp != NULL) {
 error = fss_bs_io(sc, FSS_WRITE, sc->sc_clnext,
-0, FSS_CLSIZE(sc), scp->fc_data);
+0, FSS_CLSIZE(sc), scp->fc_data, NULL);
 			} else
 error = EIO;
 
@@ -1217,6 +1230,8 

CVS commit: [netbsd-6] src/sys/dev

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Tue Mar 13 16:38:28 UTC 2018

Modified Files:
src/sys/dev [netbsd-6]: fss.c

Log Message:
Pull up following revision(s) (requested by hannken in ticket #1516):
sys/dev/fss.c: 1.101-1.103
Bounds check against media size for non-persistent snapshots.
--
Treat partial read from backing store as I/O error.
--
Pass residual back to b_resid for persistent snapshots.


To generate a diff of this commit:
cvs rdiff -u -r1.81.4.4 -r1.81.4.5 src/sys/dev/fss.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Sat Mar  3 20:50:38 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
1512, 1513, 1515


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.325 -r1.1.2.326 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.325 src/doc/CHANGES-6.2:1.1.2.326
--- src/doc/CHANGES-6.2:1.1.2.325	Mon Feb 19 20:56:37 2018
+++ src/doc/CHANGES-6.2	Sat Mar  3 20:50:38 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.325 2018/02/19 20:56:37 snj Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.326 2018/03/03 20:50:38 snj Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21073,3 +21073,23 @@ sys/arch/x86/x86/vm_machdep.c			1.30 via
 	Prevent unrestricted userland access to I/O ports in XEN.
 	[maxv, ticket #1517]
 
+sys/dev/rndpseudo.cpatch
+sys/kern/subr_cprng.cpatch
+sys/sys/cprng.h	patch
+
+	Fix panic when waiting with kqueue/kevent for a read from
+	/dev/random.
+	[riastradh, ticket #1512]
+
+sys/arch/sparc/sparc/locore.s			1.269
+
+	Avoid an instruction requiring a higher alignment than we
+	are guaranteed. PR port-sparc/52721: ddb errors on ps command
+	[maya, ticket #1513]
+
+dist/pf/etc/pf.os1.4-1.5
+
+	Synchronise with r1.27 from OpenBSD
+	Add DragonFly BSD fingerprints.
+	[sevan, ticket #1515]
+

CVS commit: [netbsd-6] src/doc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Sat Mar  3 20:50:38 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
1512, 1513, 1515


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.325 -r1.1.2.326 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/dist/pf/etc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Sat Mar  3 20:49:18 UTC 2018

Modified Files:
src/dist/pf/etc [netbsd-6]: pf.os

Log Message:
Pull up following revision(s) (requested by sevan in ticket #1515):
dist/pf/etc/pf.os: 1.4-1.5
Synchronise with r1.27 from OpenBSD
--
Add DragonFly BSD fingerprints.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.3.20.1 src/dist/pf/etc/pf.os

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/dist/pf/etc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Sat Mar  3 20:49:18 UTC 2018

Modified Files:
src/dist/pf/etc [netbsd-6]: pf.os

Log Message:
Pull up following revision(s) (requested by sevan in ticket #1515):
dist/pf/etc/pf.os: 1.4-1.5
Synchronise with r1.27 from OpenBSD
--
Add DragonFly BSD fingerprints.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.3.20.1 src/dist/pf/etc/pf.os

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/pf/etc/pf.os
diff -u src/dist/pf/etc/pf.os:1.3 src/dist/pf/etc/pf.os:1.3.20.1
--- src/dist/pf/etc/pf.os:1.3	Wed Jun 18 09:06:25 2008
+++ src/dist/pf/etc/pf.os	Sat Mar  3 20:49:18 2018
@@ -1,5 +1,5 @@
-# $NetBSD: pf.os,v 1.3 2008/06/18 09:06:25 yamt Exp $
-# $OpenBSD: pf.os,v 1.21 2006/07/28 21:51:12 david Exp $
+# $NetBSD: pf.os,v 1.3.20.1 2018/03/03 20:49:18 snj Exp $
+# $OpenBSD: pf.os,v 1.27 2016/09/03 17:08:57 sthen Exp $
 # passive OS fingerprinting
 # -
 #
@@ -226,7 +226,13 @@ S2:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linu
 S3:64:1:60:M*,S,T,N,W0:		Linux:2.4:.18-21:Linux 2.4.18 and newer
 S4:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4/2.6 <= 2.6.7
 S4:64:1:60:M*,S,T,N,W0:		Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
-S4:64:1:60:M*,S,T,N,W7:		Linux:2.6:8:Linux 2.6.8 and newer (?)
+
+S4:64:1:60:M*,S,T,N,W5:		Linux:2.6::Linux 2.6 (newer, 1)
+S4:64:1:60:M*,S,T,N,W6:		Linux:2.6::Linux 2.6 (newer, 2)
+S4:64:1:60:M*,S,T,N,W7:		Linux:2.6::Linux 2.6 (newer, 3)
+T4:64:1:60:M*,S,T,N,W7:		Linux:2.6::Linux 2.6 (newer, 4)
+
+S10:64:1:60:M*,S,T,N,W4:	Linux:3.0::Linux 3.0
 
 S3:64:1:60:M*,S,T,N,W1:		Linux:2.5::Linux 2.5 (sometimes 2.4)
 S4:64:1:60:M*,S,T,N,W1:		Linux:2.5-2.6::Linux 2.5/2.6
@@ -299,13 +305,27 @@ S22:64:1:52:M*,N,N,S,N,W0:	Linux:2.2:ts:
 # - OpenBSD -
 
 16384:64:0:60:M*,N,W0,N,N,T:		OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
-16384:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0::OpenBSD 3.0-4.0
-16384:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0:no-df:OpenBSD 3.0-4.0 (scrub no-df)
+16384:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.8::OpenBSD 3.0-4.8
+16384:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df)
 57344:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0::OpenBSD 3.3-4.0
 57344:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df)
 
 65535:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera)
 
+16384:64:1:64:M*,N,N,S,N,W3,N,N,T:	OpenBSD:4.9::OpenBSD 4.9
+16384:64:0:64:M*,N,N,S,N,W3,N,N,T:	OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df)
+
+16384:64:1:64:M*,N,N,S,N,W6,N,N,T:  OpenBSD:6.1::OpenBSD 6.1
+16384:64:0:64:M*,N,N,S,N,W6,N,N,T:  OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df)
+
+# - DragonFly BSD -
+
+57344:64:1:60:M*,N,W0,N,N,T:		DragonFly:1.0:A:DragonFly 1.0A
+57344:64:0:64:M*,N,W0,N,N,S,N,N,T:	DragonFly:1.2-1.12::DragonFly 1.2-1.12
+5840:64:1:60:M*,S,T,N,W4:		DragonFly:2.0-2.1::DragonFly 2.0-2.1
+57344:64:0:64:M*,N,W0,N,N,S,N,N,T:	DragonFly:2.2-2.3::DragonFly 2.2-2.3
+57344:64:0:64:M*,N,W5,N,N,S,N,N,T:	DragonFly:2.4-2.7::DragonFly 2.4-2.7
+
 # - Solaris -
 
 S17:64:1:64:N,W3,N,N,T0,N,N,S,M*:	Solaris:8:RFC1323:Solaris 8 RFC1323
@@ -362,7 +382,7 @@ S34:64:1:52:M*,N,W0,N,N,S:		Solaris:10:b
 # - Windows -
 
 # Windows TCP/IP stack is a mess. For most recent XP, 2000 and
-# even 98, the pathlevel, not the actual OS version, is more
+# even 98, the patchlevel, not the actual OS version, is more
 # relevant to the signature. They share the same code, so it would
 # seem. Luckily for us, almost all Windows 9x boxes have an
 # awkward MSS of 536, which I use to tell one from another
@@ -426,6 +446,8 @@ S44:128:1:48:M*,N,N,S:			Windows:XP:SP1:
 32767:128:1:48:M*,N,N,S:		Windows:2000:SP4:Windows SP1, 2000 SP4
 32767:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows SP1, 2000 SP4
 
+8192:128:1:52:M*,N,W2,N,N,S:		Windows:Vista::Windows Vista/7
+
 # Odds, ends, mods:
 
 S52:128:1:48:M1260,N,N,S:		Windows:2000:cisco:Windows XP/2000 via Cisco

CVS commit: [netbsd-6] src/sys/arch/sparc/sparc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Sat Mar  3 20:47:24 UTC 2018

Modified Files:
src/sys/arch/sparc/sparc [netbsd-6]: locore.s

Log Message:
Pull up following revision(s) (requested by maya in ticket #1513):
sys/arch/sparc/sparc/locore.s: 1.269
Avoid an instruction requiring a higher alignment than we are guaranteed
Fixes PR port-sparc/52721: ddb errors on ps command
Thanks to mlelstv.


To generate a diff of this commit:
cvs rdiff -u -r1.265 -r1.265.8.1 src/sys/arch/sparc/sparc/locore.s

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/sparc/sparc/locore.s
diff -u src/sys/arch/sparc/sparc/locore.s:1.265 src/sys/arch/sparc/sparc/locore.s:1.265.8.1
--- src/sys/arch/sparc/sparc/locore.s:1.265	Mon Aug 15 02:19:44 2011
+++ src/sys/arch/sparc/sparc/locore.s	Sat Mar  3 20:47:24 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: locore.s,v 1.265 2011/08/15 02:19:44 mrg Exp $	*/
+/*	$NetBSD: locore.s,v 1.265.8.1 2018/03/03 20:47:24 snj Exp $	*/
 
 /*
  * Copyright (c) 1996 Paul Kranenburg
@@ -6286,8 +6286,9 @@ ENTRY(longjmp)
 	cmp	%fp, %g7	! compare against desired frame
 	bl,a	1b		! if below,
 	 restore		!pop frame and loop
-	be,a	2f		! if there,
-	 ldd	[%g1+0], %o2	!fetch return %sp and pc, and get out
+	ld	[%g1+0], %o2	! fetch return %sp
+	be,a	2f		! we're there, get out
+	 ld	[%g1+4], %o3	! fetch return pc
 
 Llongjmpbotch:
 ! otherwise, went too far; bomb out