sys/dev/pci/if_wm.c 1.768-1.782 via patch
sys/dev/pci/if_wmreg.h 1.129-1.130
sys/dev/pci/if_wmvar.h 1.49
wm(4):
- Rework for event counters:
- Fix calculation of GORC, GOTC, TOR and TOT counters correctly.
- Rearrange the order of the registers so that they are roughly
in ascending order.
- Reorder evcnt_attach_dynamic(), WM_EVCNT_ADD() and evcnt_detach()
to match.
- IC{TX,RX}*C registers are for older than 82575.
- Fix a bug that the transmit underrun counter is incorrectly
counted.
- Don't add "Count" for event counter's description.
- Some statistics registers were replaced with new counters on newer
chips. Treat 0x403c(CEXTERR->HTDPMC), 0x40fc(TSCTFC->CBRMPC),
0x4124(ICRXOC->HTCBDPC) and from 0x4104 to 0x4124.
- Add some new counters:
- Circuit Breaker TX Manageability Packet
- Circuit Breaker RX Dropped Packet
- Host Good Octets RX
- Host Good Octets TX
- Length Errors
- SerDes/SGMII Code Violation Packet
- Header Redirection Missed Packet
- EEE TX LPI
- EEE RX LPI
- Fix prc511's comment and description.
- Add SOICZIFDATA (ifconfig -z) support for evcnt(9).
- Use WM_IS_ICHPCH(). No functional change.
- Fix typo. s/ictxact/ictxatc/. No functional change.
- Add comment.
usr.bin/vacation/vacation.c: revision 1.38
usr.bin/vacation/vacation.1: revision 1.33
Make vacation(1) check 'Auto-Submitted:' (RFC 3834) in addition to
'Precedence:' (RFC 2076), and set 'Precedence:' in addition to
'Auto-Submitted:'.
Update the man page accordingly.
sys/dev/pci/pcidevs: revision 1.1478
sys/dev/pci/pcidevs: revision 1.1479
sys/dev/pci/pcidevs: revision 1.1480
Add Samsung SM990.
Add devices from PPR for AMD Family 19h Model 61h Revision B1 processors.
The SATA device ID for Apollo Lake is not 0x5ae0 but 0x5ae3.
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.htmlhttps://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
etc/pam.d/ftpd: revision 1.8
etc/pam.d/su: revision 1.9
etc/pam.d/system: revision 1.9
etc/pam.d/display_manager: revision 1.6
etc/pam.d/sshd: revision 1.10
pam: Disable pam_krb5, pam_ksu by default.
These are not useful unless you also set up /etc/krb5.conf and a
keytab for the host from the Kerberos KDC. But having them enabled
by default means that creating /etc/krb5.conf just to enable use of
Kerberos for _client-side_ single sign-on creates usability issues.
As proposed on tech-security:
https://mail-index.netbsd.org/tech-security/2023/06/16/msg001160.html
sys/compat/sunos32/sunos32_misc.c: revision 1.86
sys/compat/ossaudio/ossaudio.c: revision 1.85
sys/compat/linux32/arch/amd64/linux32_machdep.c: revision 1.48
compat_sunos32: Memset zero before copyout.
Unclear if this can leak anything but let's be on the safe side.
compat_ossaudio: Zero-initialize idat before copyout.
Unclear if there are any paths to the copyout without initialization,
but let's play it safe to keep the auditing effort low.
linux32_rt_sendsig: Memset zero before copyout.
Not sure if there's any padding here, but it's a pretty big
structure, fairly likely, so let's be rather safe than sorry.
sys/dev/pci/ixgbe/ixgbe.c 1.325-1.326 via patch
sys/dev/pci/ixgbe/ixgbe_common.c 1.44
sys/dev/pci/ixgbe/ixgbe_type.h 1.56
- PCI device ID 0x15c8 also uses X557-AT PHY, so create the thermal
sensor sysctl for it, too.
- Count the number of link down events in the MAC using with
LINK_DN_CNT register.
sys/arch/vax/vax/pmap.c: revision 1.196
sys/arch/vax/include/trap.h: revision 1.25
Change CASMAGIC to 0xFEDABABE so that it cannot accidentally end up in
valid kernel memory. Due to the VARM accesses above S0 should always
give a ptelen trap.
Bug found by Kalvis Duckmanton.
Ensure that the kernel do not try to allocate a S0 segment larger than 1G,
since the hardware prohibits that.
etc/rc.d/sshd: revision 1.30
etc/rc.d/sshd: revision 1.33
etc/rc.d/sshd: revision 1.34
etc/rc.d/sshd: revision 1.35
simplify more (from rudolf)
/etc/rc.d/sshd: New check cmd and reload precmd.
- check cmd: run `sshd -t' to check sshd_config file
- reload precmd: run check cmd before reloading so we don't nuke sshd
if there's an error in the sshd_config file
(It is still possible to effectively nuke sshd by changing the
configuration tosomething that won't work on your network, but at
least we avoid making sshd just exit on reload when you make a typo
in a config option.)
/etc/rc.d/sshd: Stop generating DSA host keys by default.
If you want them you can generate them yourself, but in this day and
age (Monday and 2023, specifically) there's no reason to be using DSA
except for compatibility with ancient legacy software.
/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.
The default is NIST P-256, which:
(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
even the advantage of the Mersenne prime structure of P-521 can't
compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
more widespread.
sys/net/route.c: revision 1.237
route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE
Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel
with other LWPs running in the network stack, which eventually results
in say use-after-free of a deleted route.
external/apache2/mDNSResponder/dist/mDNSShared/PlatformCommon.c: revision 1.7
external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c: revision 1.16
mdnsd(8): restore fixes for PR bin/46758, lost on resolving merge conflicts.
Original commit message from Roy Marples:
"Derive our primary interface and address by trying to connect to an
address in the TEST-NET-2 network as noted in RFC5737 instead of using
the 1.1.1.1 address. Also, use port 7 (echo) for better style.
Fixes PR bin/46758 thanks to Lloyd Parkes."
bin/date/Makefile up to 1.16
bin/date/date.1 up to 1.54
bin/date/date.c up to 1.65
Add -R option for displaying time in RFC 5322 format, similar to GNU date.
Add -f option to set the time. From FreeBSD.
sys/dev/ipmi.c: revision 1.10
Ignore non-recoverable and critical limits smaller than the warning limits.
These are usually invalid.
Name the limit flags to make code more readable.
sys/arch/amiga/stand/loadbsd/loadbsd.c: revision 1.38
distrib/amiga/stand/loadbsd.uue: revision 1.4
sys/arch/amiga/stand/loadbsd/startit.s: revision 1.1
sys/arch/amiga/stand/loadbsd/Makefile: revision 1.5
sys/arch/amiga/stand/loadbsd/vmakefile: revision 1.1
sys/arch/amiga/stand/loadbsd/README: revision 1.6
Update loadbsd source and distribution binary to version 3.3.
- Loading the kernel to the highest priority memory segment is default now.
- New option -l to revert the to the previous behaviour of largest segment.
- New option -M to define a minimum size for the memory segment.
- Fixed some warnings and typos.
- Put assembler inline source into its own source text startit.s.
- Can be built with Bebbo's gcc6 Amiga port or with vbcc.
sys/lib/libsa/subr_prf.c: revision 1.30
libsa/printf: Do not fetch long va_arg as long long.
This does real harm iff all of the following conditions are satisfied:
(1) On ILP32 architectures.
(2) Both LIBSA_PRINTF_LONGLONG_SUPPORT and LIBSA_PRINTF_WIDTH_SUPPORT
compile-time options are enabled.
(3) Width field is used with 'l' modifier.
This is an implicit-fallthrough bug, but unfortunately, GCC 10.4 cannot
find this out somehow...
external/gpl3/gcc/usr.bin/libdecnumber/Makefile: revision 1.9
external/gpl3/gcc/usr.bin/common/Makefile: revision 1.12
external/gpl3/gcc/usr.bin/backend/Makefile: revision 1.67
external/gpl3/gcc/usr.bin/common-target/Makefile: revision 1.12
external/gpl3/gcc/usr.bin/frontend/Makefile: revision 1.15
external/gpl3/gcc/usr.bin/libcpp/Makefile: revision 1.10
gcc: fix build with clang++ HOST_CXX
Define HOSTPROG_CXX before .include anything that brings in bsd.own.mk.
This ensures that HOST_DBG (etc) gets assigned before HOST_CFLAGS
and HOST_CXXFLAGS is created.
backend: .include <bsd.init.mk> much earlier, as per the other directories.
Fixes backend build when using clang++ as the host compiler (e.g., macOS),
because backend host tools are now built with -O.
Inspired by https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255760
Fixes PR toolchain/57014
external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c: revision 1.15
reapply changes for the built-in drop-privs support by tsarna.
this commit doesn't reapply "dumping of the unicast server list
to the DumpStateLog debugging output" enhancement.
It doesn't build anymore, no idea how to rewrite.
Should fix PR 57442. Needs pull-ups for netbsd-9, netbsd-10.
sys/arch/xen/conf/files.xen (apply patch)
Build fix to define the SELFRELOC option for XEN kernels.
This is not needed in newer branches as those include amd64/conf/files.amd64
from x86/conf/files.x86 (and get the definition via that path)
sys/ufs/ffs/ffs_snapshot.c: revision 1.155
ffs: apply the remaining ffs_snapshot.c part of this FreeBSD commit:
commit 364ed814e7285c8216d8a201d3ab3674eb34ce29
Author: Kirk McKusick <mckusick@FreeBSD.org>
Date: Thu Dec 9 21:24:00 2004 +0000
Fixes a bug that caused UFS2 filesystems bigger than 2TB to
prematurely report that they were full and/or to panic the kernel
with the message ``ffs_clusteralloc: allocated out of group''.
Submitted by: Henry Whincup <henry@jot.to>
MFC after: 1 week
all the other changes in that commit were applied previously by others:
- sborrill commmitted ffs_alloc.c rev 1.123 in 2009
- simonb committed ffs_alloc.c rev 1.110 in 2008
- the ffs_clusteralloc() part is not needed because we no longer have
that function.
fixes PR 57307
share/man/man8/man8.x86/boot.8: revision 1.27
sys/arch/i386/stand/efiboot/version: revision 1.3
share/man/man8/man8.x86/boot.8: revision 1.28 (via patch)
share/man/man8/man8.x86/boot.8: revision 1.29 (via patch)
sys/arch/i386/stand/lib/exec.c: revision 1.79
sys/arch/i386/stand/efiboot/efiboot.c: revision 1.13
sys/arch/i386/stand/efiboot/bootx64/efibootx64.c: revision 1.6
sys/arch/i386/stand/efiboot/bootia32/efibootia32.c: revision 1.6
sys/arch/i386/stand/efiboot/boot.c: revision 1.22
sys/arch/amd64/amd64/locore.S: revision 1.219
sys/arch/i386/stand/efiboot/bootia32/startprog32.S: revision 1.3
sys/arch/i386/stand/efiboot/efiboot.h: revision 1.12
sys/arch/amd64/conf/files.amd64: revision 1.121
sys/arch/amd64/conf/std.amd64: revision 1.13
share/man/man8/man8.x86/pxeboot.8: revision 1.6
sys/arch/i386/stand/efiboot/bootx64/startprog64.S: revision 1.4
sys/arch/amd64/amd64/locore.S: revision 1.220
share/man/man8/man8.x86/dosboot.8: revision 1.4
share/man/man4/options.4: revision 1.524
Add reloc keyworkd to let EFI bootstrap load amd64 kernel at any address
EFI bootstrap assumes it can copy the amd64 kernel to its ELF load
address (that is KERNTEXTOFF - KERNBASE = 0x200000), but it can
clash with previous UEFI memory allocation, as described here:
http://mail-index.netbsd.org/tech-kern/2023/04/07/msg028833.html
This change adds a reloc keyword for controling where the EFI
boostrap will copy the kernel image. Possible values are:
default - the default and prior behavior, copy at 0x200000.
none - do not copy and use the kernel image where it was loaded.
address - specify an explicit address where to copy the kernel.
This comes with an amd64 kernel patch that makes it self-relocatable.
It first discover where it was loaded in memory, and if this is
different than the expected 0x200000, hhe the kernel relocates
itself and start over at the right address.
Merge x86 boot options in x86/boot(8) and add undocumented UEFI options
We were supposed to keep the option list in x86/boot(8), x86/dosoot(8)
and x86/pxeboot(8) in sync, but it did not happen, hence it may work
better with all the options in x86/boot(8). Also add the undocumented
UEFI boot options.
Add a SELFRELOC kernel option for the sake of documentation clarity.
Instead of telling that x86/boot(8) reloc command needs a kernel able
to self relocate, we can tell it needs a kernel built with the
SELFRELOC option. This keeps the reader from wondering what could
make a kernel able to self relocate.
Remove XXX todo marker left by mistake
Raise the version for new feature (here reloc command)
Suggested by Masanobu SAITOH
sys/arch/dreamcast/dev/microcode/aica_armcode.h: revision 1.5
sys/arch/dreamcast/dev/microcode/aica_arm_locore.S: revision 1.4
sys/arch/dreamcast/dev/microcode/aica_arm_locore.S: revision 1.5
sys/arch/dreamcast/dev/microcode/Makefile: revision 1.6
sys/arch/dreamcast/dev/microcode/aica_arm.c: revision 1.7
sys/arch/dreamcast/dev/microcode/aica_arm.c: revision 1.8
arm side of aica(4) sometimes became unresponsive when audioplay was performed several times.
- disabled data cache at startup.
- compiled with cross-arm-none-eabi-gcc-8.3.0nb4 of pkg.
- added memset() in asm because gcc8 (and later) detects the zero clear part in
own bzero function and calls memset internally, and bzero were replaced with memset.
improve comment, update mailaddr, and remove clause 3 from my licenses.
sys/arch/luna68k/luna68k/mainbus.c: revision 1.20
Fix device name for xpbus at mainbus for LUNA-II, missed on psgpam merge.
Fortunately harmless because xpbus_match() doesn't check ma_name in
mainbus_attach_args.
usr.sbin/iostat/iostat.c: revision 1.68
Fix processing of the archaic arg format (BACKWARD_COMPATIBILITY) so it
doesn't repeat the processing every iteration. Repeatedly seeing the wait
interval does no harm, but setting the iteration count (reps) over and
over again rather defeats its purpose.
libexec/ld.elf_so/rtld.c: revision 1.212
ld.elf_so(8): Make fork take a shared, not exclusive, lock.
We only need to ensure that there are no concurrent modifications to
the rtld data structures in flight, since the threads that began
those modifications will not exist in the child and will therefore be
unable to complete them in the child.
A shared lock suffices to ensure there are no such concurrent
modifications in flight; an exclusive lock is not necessary, and can
cause deadlock if fork is executed from a signal handler, which is
explicitly allowed by POSIX (and our own sigaction(2) man page) which
marks fork as async-signal-safe.
PR lib/56979
sys/uvm/uvm_map.c: revision 1.395
uvm(9): Fix 19-year-old bug in assertion about mmap hint.
Previously this would _first_ remember the original hint, and _then_
clamp the hint to the VM map's range:
orig_hint = hint;
if (hint < vm_map_min(map)) { /* check ranges ... */
if (flags & UVM_FLAG_FIXED) {
UVMHIST_LOG(maphist,"<- VA below map range",0,0,0,0);
return (NULL);
}
hint = vm_map_min(map);
...
KASSERTMSG(!topdown || hint <= orig_hint, "hint: %#jx, orig_hint: %#jx",
(uintmax_t)hint, (uintmax_t)orig_hint);
Even if nothing else happens in the ellipsis, taking the branch
guarantees the assertion will fail in the topdown case.
sys/uvm/uvm_mmap.c: revision 1.180
mmap(2): If we fail with a hint, try again without it.
`Hint' here means nonzero addr, but no MAP_FIXED or MAP_TRYFIXED.
This is suboptimal -- we could teach uvm_mmap to do a fancier search
using the address as a hint. But this should do for now.
Candidate fix for PR kern/55533.
martin