* dhcpcd: carrier handling issue fixed from 9.3.0
* dhcpcd: log if interface type is unsupported in debug
* duid: memory leak fixed if UUID wanted but none available
* privsep: fix receiving inet and no BPF running
* privsep: allow gettimeofday for SECCOMP
* privsep: fix stderr redirection again
GCC 9.3 seems to be able to compile rtree.c with -O2:
- No new regressions in ATF.
- System survives over a night, at least, under heavy loads.
On the other hand, unfortunately, GCC 9.3 still miscompiles tcache.c
with -O2 or -O1. For example, even ``gcc -g hello.c'' fails with ICE
if tcache.c is compiled with -O[12] in libc.
* dhcpcd: Backticks have been removed from quoting filenames
* dhcpcd: Only manipulate stdin, stdout and stderr if they are valid
* duid: Adjust option so the type can be specified
* logerr: Don't leak logfile fd to scripts
* privsep: Run the launcher process in the sandbox
* BSD: Use `ifi_link_state` as the single source of truth about carrier
* BSD: Ignore vether(4) devices by default
into '_' to meet sh variable name rules) into a shell string processing
loop.
On my test system, this reduces the total elapsed time for the bin/sh ATF
tests from about 109 secs to about 102 (user cpu from 24.5 to 21, sys cpu
from 34 to 30) and the usr.bin/make tests elapsed time from 42.5 to 40
secs (user from a bit over 15 to a bit over 13, and sys from 16+ to 13+).
(Recorded on an AMD64 domU).
These probably exaggerate the effect, as there are a bunch of quite small
tests, which means the ATF overhead (which this change affects) is a greater
proportion of the total test time than for some other tests where most of
the time is spent actually testing.
But I am fairly confident that there will be at least some improvement.
This could be further improved by removing the cmdsub invocation method,
and instead passing the name of a variable containing the string to
normalise (with the result returned in that same var) - but that would
mean altering all the callers as well. Some other time maybe.
* route: ensure IPv4LL routes come last in priority
* DHCP: fix many issues with extending the last lease
* privsep: don't read control group from config in privsep
* privsep: only the master process responds to signals
* privsep: use a socketpair for stderr/stdin rather than dupping /dev/null
* privsep: right limit stdin/stderr/stdout
* privsep: dumping a lease is now run in a sandbox
* options: check if kernel supports INET or INET6 before enabling default
* options: let clientid override a prior duid
* options: allow -1 to represent infinity for requested lease time
* dhcpcd: fix a crash initing a new interface after route overflow
right now. new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.
apply to a bunch of the tree. mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it. (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.) clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
Some highlights in no particular order:
%destructor was somehow lost from the list that follows, it should be
part of it.
Use .Ic for yacc directives when they are defined, .Ql otherwise.
Use explicit .Sq Li (instead of .Ql) in description of %destructor to
make sure the result is consistently quoted. It more readable that
way.
Use .Va and .Vt where appropriate.
C preprocessor directives are marked up with .No (a nop), so that it's
easy to switch them to something else if need be. For now just use
them as plain words.
If there is no matching interface given, but interface matching is enabled
then all interfaces on the system will try to be initialized.
Non wireless interfaces will fail and the loopback device will be one
of these, so just log a diagnostic rather than an error.
Fix crash due to out-of-bounds access with Ctrl-W.
PR is only for nottywerase, but also fix ttywerase case, taken from
OpenBSD via nvi2:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/vi/vi/v_txt.c#rev1.235d5365d358
Also, comment there is no worry for altwerase specific code, which
seems suspicious at a glance.
Reported by Azuma OKAMOTO.
Thanks for detailed explanation how to reproduce the problem!
Update kyua-cli to C++11 and use unique_ptr instead of auto_ptr,
(with std::move() where appropriate), to avoid deprecated warning by g++ 8.
(I didn't change some of the code that could arguably be refactored
to use unique_ptr or shared_ptr instead of raw pointers
and therefore remove the special case destructor handling).
* inet6: Add support for reporting Mobile IPv6 RA's
* inet6: Report RA Proxy flag if set
* BSD: Allow non NetBSD and OpenBSD to set IN6_IFF_AUTOCONF
* privsep: Don't handle any signals meant for the main process
* eloop: Try and survive a signal storm
* dhcpcd: Add an option to poll the interface carrier state
* script: Make visible some link level parameters to lease dumping
* inet6: Don't regen temp addresses we didn't add
* privsep: Don't limit file writes if logging to a file
* DHCP6: Fix lease timings with nodelay option
* NetBSD: free ARP state once IPv4LL address announced
* NetBSD: Mark RA dervied addresses as AUTOCONF
* BSD: Only mark static routes from dhcpcd.conf as static
* DHCP6: Ensure requested addresses are requested
* DHCP6: Fix prefix length calculation when no prefix specified
* privsep: Implement a resource limited sandbox
* Remove unused subtype_mime (Steve Grubb)
* Remove unused check in okstat (Steve Grubb)
* Fix mime-type in elf binaries by making sure $x is set
* Fix indirect negative offsets broken by OFFNEGATIVE
* Fix GUID equality check
* PR/165: Handle empty array and strings in JSON
* PR/162: Add --exclude-quiet
* Fix memory leak in ascmagic (Steve Grubb)
* Fix string comparison length with ignore whitespace
* Fix mingwin 64 compilation
* PR/159: whitelist getpid needed for file_pipe2file()
* Indicate negative offsets with a flag OFFNEGATIVE
so that -0 works.
* Introduce "offset" magic type that can be used to
detect the file size, and bail on short files.
* document DER better in the magic man page.
* fix memory leaks (SonarQube)
* rewrite confusing loops (SonarQube)
* fix bogus test (SonarQube)
* pass a sized buffer to file_fmttime() (SonarQube)
* Don't allow * in printf formats, or the code itself (Christoph Biedl)
* Introduce a printf output size checker to avoid DoS attacks
* Avoid memory leak on error (oss-fuzz)
* Check length of string on DER before derefercing and add new types
* Add missing DER string (oss-fuzz)
* Add missing DER types, and debugging
* PR/140: Avoid abort with hand-crafted magic file (gockelhahn)
* PR/139: Avoid DoS in printf with hand-crafted magic file (gockelhahn)
* PR/138: Avoid crash with hand-crafted magic file (gockelhahn)
* PR/136: Fix static build by adding a libmagic.pc (Fabrice Fontaine)
* add guid support native support via the "guid" type.
This logic correctly uses strncpy(3) to fully initialize a fixed-width field, and also ensures
NUL-termination on the next line as other users of the field expect.
Add -Werror=stringop-truncation to prevent build failure, when run with MKSANITIZER=yes.
Error was reported when build.sh was run with MKSANITIZER=yes flag.
Reviewed by: kamil@
* Restore dumping leases from stdin
* auth: Only accept RECONFIGURE messages from LL addresses
* auth: Access the RDM monotonic counter file via privsep
* ARP: call arp_announced() when cancelling it
* BSD: fwip(4) interfaces are now ignored by default
* privsep: Ensure IPC buffers are large enough to carry messages
* privsep: Only open RAW sockets for the needed protocols
* privsep: Fix indirect ioctls returning data
* privsep: wait for processes on SIGCHLD rather than when sent a STOP cmd
* eloop: just use ppoll/pollts(2), falling back to pselect(2)
Provide the hook from modern jemalloc to avoid using TSD for the thread
destruction cleanup as it can result in reentrancy crashes if fork is
called from a thread that never called malloc as it will result in a
late malloc from the pre-fork synchronisation handler.
* Leases are stored outside the chroot again
* The chroot directory can now be (and should be) empty [1]
* ARP is now per address rather than per interface
* Filter allowed ioctls in the privileged actioneer
* Filter allowed UDP ports used by sendto(2) in the privileged actioneer
* Filter allowed file paths in the privileged actioneer
* route socket is now drained on overflow as it cannot be
re-opened by the unpriviledged user
* hostname can no longer be clobbered by SLAAC
* grep is no longer used by the test hook
* Interface hardware address type changes are now picked up
* Fixed some RA timing issues
* Fixed nd_* option parsing in dhcpcd.conf
* Allow SIGPIPE in scripts
* Default dhcpcd.conf no longer sends the current hostname
* Default dhcpcd.conf no longer sends a vendorclassid
* [Sec 3610] process_control() should bail earlier on short packets. stenn@
- Reported by Philippe Antoine
* [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org>
- Reported by Miroslav Lichvar
* [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org>
- Reported by Miroslav Lichvar
* [Bug 3637] Emit the version of ntpd in saveconfig. stenn@
* [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org>
* [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org>
* [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@
* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
- implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
- integrated patch by Cy Schubert
* [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@ntp.org>
- integrated patch by Richard Steedman
* [Bug 3615] accelerate refclock startup <perlinger@ntp.org>
* [Bug 3613] Propagate noselect to mobilized pool servers <stenn@ntp.org>
- Reported by Martin Burnicki
* [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
- Reported by Philippe Antoine
* [Bug 3611] NMEA time interpreted incorrectly <perlinger@ntp.org>
- officially document new "trust date" mode bit for NMEA driver
- restore the (previously undocumented) "trust date" feature lost with [bug 3577]
* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
- mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
* [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org>
- removed ffs() and fls() prototypes as per Brian Utterback
* [Bug 3604] Wrong param byte order passing into record_raw_stats() in
ntp_io.c <perlinger@ntp.org>
- fixed byte and paramter order as suggested by wei6410@sina.com
* [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@ntp.org>
* [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
- added padding as suggested by John Paul Adrian Glaubitz
* [Bug 3594] ntpd discards messages coming through nmead <perlinger@ntp.org>
* [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@ntp.org>
* [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@ntp.org>
* [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org>
- stdout+stderr are set to line buffered during test setup now
* [Bug 3583] synchronization error <perlinger@ntp.org>
- set clock to base date if system time is before that limit
* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@ntp.org>
* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
- Reported by Paulo Neves
* [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@ntp.org>
- also updates for refclock_nmea.c and refclock_jupiter.c
* [Bug 3576] New GPS date function API <perlinger@ntp.org>
* [Bug 3573] nptdate: missleading error message <perlinger@ntp.org>
* [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@ntp.org>
* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@ntp.org>
- sidekick: service port resolution in 'ntpdate'
* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@ntp.org>
- applied patch by Douglas Royds
* [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@ntp.org>
* [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
- try to harden 'decodenetnum()' against 'getaddrinfo()' errors
- fix wrong cond-compile tests in unit tests
* [Bug 3517] Reducing build noise <perlinger@ntp.org>
* [Bug 3516] Require tooling from this decade <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@ntp.org>
- partial application of patch by Philipp Prindeville
* [Bug 3491] Signed values of LFP datatypes should always display a sign
- applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
* [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@ntp.org>
- applied (modified) patch by Richard Steedman
* [Bug 3473] RefID of refclocks should always be text format <perlinger@ntp.org>
- applied patch by Gerry Garvey (with minor formatting changes)
* [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network
<perlinger@ntp.org>
* [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user
is specified with -u <perlinger@ntp.org>
- monitor daemon child startup & propagate exit codes
* [Bug 1433] runtime check whether the kernel really supports capabilities
- (modified) patch by Kurt Roeckx <perlinger@ntp.org>
* Clean up sntp/networking.c:sendpkt() error message. <stenn@ntp.org>
* Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org>
* Startup log improvements. <stenn@ntp.org>
* Update the copyright year.
* html/confopt.html: cleanup. <stenn@ntp.org>
---
(4.2.8p13) 2019/03/07 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3565] Crafted null dereference attack in authenticated
mode 6 packet <perlinger@ntp.org>
- reported by Magnus Stubman
* [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org>
- applied patch by Ian Lepore
* [Bug 3558] Crash and integer size bug <perlinger@ntp.org>
- isolate and fix linux/windows specific code issue
* [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org>
- provide better function for incremental string formatting
* [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
- original finding by Gerry Garvey, additional cleanup needed
* [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org>
- patch by Christous Zoulas
* [Bug 3548] Signature not verified on windows system <perlinger@ntp.org>
- finding by Chen Jiabin, plus another one by me
* [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org>
- applied patch by Maciej Szmigiero
* [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org>
- applied patch by Andre Charbonneau
* [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org>
- refactored handling of GPS era based on 'tos basedate' for
parse (TSIP) and JUPITER clocks
* [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org>
- patch by Daniel J. Luke; this does not fix a potential linker
regression issue on MacOS.
* [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
anomaly <perlinger@ntp.org>, reported by GGarvey.
- --enable-bug3527-fix support by HStenn
* [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org>
- added missing check, reported by Reinhard Max <perlinger@ntp.org>
* [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64
- this is a variant of [bug 3558] and should be fixed with it
* Implement --disable-signalled-io
- lock all relevant mutexes just before fork
- unlock all mutexes just after fork in the parent
- full reinit non-spinlocks in the child
This is not using the normal pthread_atfork interface to ensure order of
operation, malloc is used as implementation detail too often.
Add -Wno-error=sign-conversion to prevent build failure, when run with MKLIBCSANITIZER=yes.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
This avoids leaking NO_STATIC_MODULES into the public header, which
has led to considerable confusion and workarounds in pkgrsc.
PR security/39313
PR security/55216
ok christos
* Control sockets are not opened in test mode
* privsep: no longer aborts if protocol not available
* inet6: Don't regen temporary addresses without a state
* inet6: Reduce RA log spam
* dhcp6: Don't log when things consitently fail
* inet6: Add temporary directive to slaac option [1]
* Ensure current interface flags persist when setting a flag
* DHCP via BPF is now aligned correctly
* CMSG buffers are now aligned correctly
* hostnames are no longer clobbered when being forced and a RA is recieved
[1] dhcpcd no longer looks at any possible kernel settings when deciding to
manage IPv6 temporary addresses or not. You now instruct dhcpcd to do this
in dhcpcd.conf. Playing whack-a-mole with various kernel knobs wasn't fun
and some OS's have or are removing RA and thus temporary address managemnt
from the kernel so said knobs are no longer there.
repository, don't attempt to install it, and don't expect it to
be installed. If a better fix is to return 02-dump, then this
change can be reverted (by anyone, just go ahead and do it).
dhcpcd(8) should also have mention of 02-dump removed, if removing
it was intentional.
0x60006003, which blocks SIGTERM by default, so running something simple
from a hook, like /etc/rc.d/racoon restart does not work. The script
is then stuck waiting for the daemon to die, which it won't since it will
never receive the signal, and the hook never terminates.
* Decode interface complex interface names eth0.100:2 eth0i100:2.
This allows us to ignore some virtual interfaces by default
* ARP: Report L2 header address on conflict for more clarity
* DHCP: Support jumbo frames (untested)
* DHCP6: Clean up old lease on failure to confirm/rebind, etc
* RA: Prefer older routers
* INET6: Obscure prefixes are now calculated correctly
* Privilege Separation
* default hostname is now a blank string rather than localhost
* Leases are now dumped over the control socket - you get RA's now as well.
* Better support for many IPv6 routers
* RTM_MISS filtering
* RA: Deprecate stale addresses by setting pltime 0
* DHCP6: Deprecate stale addresses by setting pltime 0
The noted argument is wrong - if it's already been deleted then the id we
have for it is invalid.
Because we don't track deletions to the ruleset, working it out is
problematic at best.
Instead, if we have already added the rule treat it as a non-op.
This is a valid use case because we might receive a burst of messages
in the downstream application for the same address and process them
one by one. It's not the job of the downstream application to track
blacklistd state.
fd -1 is invalid, so don't query it for protocol, port or address.
fd is supposed to represent how the client is connected, but if we are
parsing route(4) messages or log files then there is no client connection
to interogate.
Cherry-pick upstream patch:
From 2cfda000bc5159d46fd8ead7d1bd3ea1f66f7948 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin@matuska.org>
Date: Thu, 27 Feb 2020 01:54:19 +0100
Subject: [PATCH] XAR reader: initialize file_queue with 0 and memcpy() if
allocated only
Fixes#1338
Cherry-pick upstream patch:
Fix Undefined Behavior in hash.h
hash.h:200:27, left shift of 250 by 24 places cannot be represented in type 'int'
7fd22f7b2e
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname). This fixes the check so we
actually avoid overflowing the rhostname array.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
From:
8d7970b8f3
Add -Wno-error=maybe-uninitialized in ipsopt.c to prevent build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
Add -Wno-error=format-overflow in ipmon.c to prevent build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
Add GCC_NO_STRINGOP_TRUNCATION to refclock_jjy.c to prevent build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
Type cast uint16_t to size_t to prevent implicit type conversion.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
gcc version 8.3.0
Reviewed by: roy@, kamil@
Now that both hostapd and wpa_supplicant react to interface flag
changes, there is no need to set or remove IFF_UP.
It should be an administrative flag only.
* INET6: Support a /128 prefix advertised via RA
* BSD: More address validation from route(4) messages
* DHCP: Fix a potential segfault on DaD failure
* IPv4LL: Fix a potential segfault when dropping IPv4LL addresses
since it did not get removed before for us. If we wanted to do this
right, we would do the mk*temp() file generation and trying to link
instead of open, and finally when we got the link to succeed, we
would rename the temp link to the final destination name, making
hard link creation atomic. For now we just remove first.
When libarchive encounters an existing symbolic link during extraction
it removes that symbolic link first before overwriting it, unless
it is told that it can trust symlinks from the archive.
Placing symbolic links on known paths in the extracting subdirectory
is a simple way that a system administrator can place data at a
different location without having the overhead of a mountpoint.
Trusting symlinks from an archive is never safe because they can
maliciously overwrite files outside of the extraction directory.
This patch adds a linked-list to track of the symbolic links that
were created during extraction so that it does not trust them. This
way during extraction, libarchive can remove the symlinks it created,
but leave the pre-existing ones alone.
Unit-tests were adjusted for this new behavior.
(this is pull request 1300)
This flag changes the way that regular files are extracted:
Instead of removing existing files first and re-creating them in
order to replace their contents, a temporary file is created and
when writing to the temporary file is completed, the file is
rename(2)d to the final destination name.
This has the effect of presenting a consistent view of the file to
the system (either the file with the new contents or the file with
the old contents). Removing and overwriting the file has the
undesired side effect that the the system can either not see the
file at all (from the time it is being removed till the time it is
being re-created), or worse it can see partial file contents. This
is problematic when extracting system files (for example shared
libraries).
Perhaps there should be a flag to disable it, when for example it
is not desirable because of space constraints, but then again
one can specify to unlink the file before.
(this is pull request 1289)
* Do not require REG_STARTEND.
* Respawn panes or windows correctly if default-command is set.
* Add missing option for after-kill-pane hook.
* Fix for crash with a format variable that doesn't exist.
* Do not truncate list-keys output on some platforms.
* Do not crash when restoring a layout with only one pane.
CHANGES FROM 2.9 to 3.0
* Workaround invalid layout strings generated by older tmux versions and add
some additional sanity checks
* xterm 348 now disables margins when resized, so send DECLRMM again after
resize.
* Add support for the SD (scroll down) escape sequence.
* Expand arguments to C and s format modifiers to match the m modifier.
* Add support for underscore colours (Setulc capability must be added with
terminal-overrides as described in tmux(1)).
* Add a "fill" style attribute for the fill colour of the drawing area (where
appropriate).
* New -H flag to send-keys to send literal keys.
* Format variables for pane mouse modes (mouse_utf8_flag and mouse_sgr_flag)
and for origin mode (origin_flag).
* Add -F to refresh-client for flags for control mode clients, only one flag
(no-output) supported at the moment.
* Add a few vi(1) keys for menus.
* Add pane options, set with set-option -p and displayed with show-options -p.
Pane options inherit from window options (so every pane option is also
a window option). The pane style is now configured by setting window-style
and window-active-style in the pane options; select-pane -P and -g now change
the option but are no longer documented.
* Do not document set-window-option and show-window-options. set-option -w and
show-options -w should be used instead.
* Add a -A flag to show-options to show parent options as well (they are marked
with a *).
* Resize panes lazily - do not resize unless they are in an attached, active
window.
* Add regular expression support for the format search, match and substitute
modifiers and make them able to ignore case. find-window now accepts -r to
use regular expressions.
* Do not use $TMUX to find the session because for windows in multiple sessions
it is wrong as often as it is right, and for windows in one session it is
pointless. Instead use TMUX_PANE if it is present.
* Do not always resize the window back to its original size after applying a
layout, keep it at the layout size until it must be resized (for example when
attached and window-size is not manual).
* Add new-session -X and attach-session -x to send SIGHUP to parent when
detaching (like detach-client -P).
* Support for octal escapes in strings (such as \007) and improve list-keys
output so it parses correctly if copied into a configuration file.
* INCOMPATIBLE: Add a new {} syntax to the configuration file. This is a string
similar to single quotes but also includes newlines and allows commands that
take other commands as string arguments to be expressed more clearly and
without additional escaping.
A literal { and } or a string containing { or } must now be escaped or
quoted, for example '{' and '}' instead of { or }, or 'X#{foo}' instead of
X#{foo}.
* New <, >, <= and >= comparison operators for formats.
* Improve escaping of special characters in list-keys output.
* INCOMPATIBLE: tmux's configuration parsing has changed to use yacc(1). There
is one incompatible change: a \ on its own must be escaped or quoted as
either \\ or '\' (the latter works on older tmux versions).
Entirely the same parser is now used for parsing the configuration file
and for string commands. This means that constructs previously only
available in .tmux.conf, such as %if, can now be used in string commands
(for example, those given to if-shell - not commands invoked from the
shell, they are still parsed by the shell itself).
* Add support for the overline attribute (SGR 53). The Smol capability is
needed in terminal-overrides.
* Add the ability to create simple menus. Introduces new command
display-menu. Default menus are bound to MouseDown3 on the status line;
MouseDown3 or M-MouseDown3 on panes; MouseDown3 in tree, client and
buffer modes; and C-b C-m and C-b M-m.
* Allow panes to be empty (no command). They can be created either by piping to
split-window -I, or by passing an empty command ('') to split-window. Output
can be sent to an existing empty window with display-message -I.
* Add keys to jump between matching brackets (emacs C-M-f and C-M-b, vi %).
* Add a -e flag to new-window, split-window, respawn-window, respawn-pane to
pass environment variables into the newly created process.
* Hooks are now stored in the options tree as array options, allowing them to
have multiple separate commands. set-hook and show-hooks remain but
set-option and show-options can now also be used (show-options will only show
hooks if given the -H flag). Hooks with multiple commands are run in index
order.
* Automatically scroll if dragging to create a selection with the mouse and the
cursor reaches the top or bottom line.
* Add -no-clear variants of copy-selection and copy-pipe which do not clear the
selection after copying. Make copy-pipe clear the selection by default to be
consistent with copy-selection.
* Add an argument to copy commands to set the prefix for the buffer name, this
(for example) allows buffers for different sessions to be named separately.
* Update session activity on focus event.
* Pass target from source-file into the config file parser so formats in %if
and %endif have access to more useful variables.
* Add the ability to infer an option type (server, session, window) from its
name to show-options (it was already present in set-option).
* dhcpcd: Only report SSID when we have a carrier
* IPv6ND: Fix reachable test
* DHCP6: Work better with infinite addresses
* DHCP6: Suboption 3 of NTP Server is a FQDN
* DHCP6: Fix deprecating a delegated prefix
* DHCP: Ensure we have a lease to extract options from
- Always accept -S (no sandbox) even if we don't support sandboxing
- More syscalls elided for sandboxiing
- For ELF dynamic means having an interpreter not just PT_DYNAMIC
- Check for large ELF session header offset
- When saving and restoring a locale, keep the locale name in our
own storage.
- Add a flag to disable CSV file detection.
- Don't pass NULL/0 to memset to appease sanitizers.
- Avoid spurious prints when looks for extensions or apple strings
in fsmagic.
- Add builtin decompressors for xz and and bzip.
- Add a limit for the number of CDF elements.
- More checks for overflow in CDF.
- Fix#52: do not log transient network full errors unless higher
verbosity is set.
- Fix checkconf test for new error output string.
- tag for 4.2.4rc1 release.
27 November 2017 Jeroen
- Fix regressions in configparser.y
22 November 2019: Wouter
- Fix#48: Add make distclean that removes config.h made by configure.
And add maintainer-clean that removes bison and flex output.
18 November 2019: Wouter
- Detect fixed time memcmp for openssl 0.9.8 compatibility.
- Detect EC_KEY_new_by_curve_name for openssl 0.9.8.
- include limits.h for UINT_MAX.
- If no recvmmsg, dont use msg_flags member, but errno for error,
where our fallback function left it, msg_flags also does not exist
on some systems.
- Remove unused variable warning for portability.
14 November 2019: Wouter
- Fix checkconf test with filenames that sort in the same order.
- Tag for 4.2.3rc1. Branch master is 4.2.4 in development.
11 November 2019: Wouter
- Fix#44: document that remote-control is a top-level nsd.conf
attribute.
- Fix compile on OSX.
- Fix for #44: nicer top-level clause documentation.
22 October 2019: Jeroen
- Number of different UDP handlers has been reduced to one. recvmmsg
and sendmmsg implementations are now used on all platforms.
Compatible implementations are in place for systems that lack the
system calls.
- Socket options are now set in designated functions for easy reuse.
- Socket setup has been simplified for easy reuse.
- Configuration parser is now aware of the context in which an option
was specified.
21 October 2019: Wouter
- For #21 add
contrib/patch_for_s6_startup_and_other_service_supervisors.diff
that adds support for readiness notification with READY_FD from
Cameron Nemo.
17 October 2019: Jeroen
- Fix#40: Merge small fixes for confine-to-zone by Greg Bock.
15 October 2019: Jeroen
- For #39: Merge confine-to-zone feature contributes by Greg Bock.
26 September 2019: Wouter
- Fix#38: log address and failure reason with tls handshake errors,
squelches (the same as unbound) some unless high verbosity is used.
- Fixup clang analysis warning in xfrd_parse_received_xfr_packet
master dereference.
25 September 2019: Wouter
- The nsd.conf includes are sorted ascending, for include statements
with a '*' from glob.
16 September 2019: Wouter
- Fixup warnings during --disable-ipv6 compile.
- Fixup unit test executable to run without IPv6.
4 September 2019: Wouter
- Fix#35: excessive logging of ixfr failures, it stops the log when
fallback to axfr is possible. log is enabled at high verbosity.
2 September 2019: Wouter
- For #21: pidfile "" allows to run NSD without a pidfile, for
startup management tools like daemontools.
28 August 2019: Wouter
- In tests check for tls test tool availability.
19 August 2019: Wouter
- Tag for 4.2.2 release. Git master contains 4.2.3 in development.
13 August 2019: Wouter
- Fix error message for out of zone data to have more information.
- Tag for 4.2.2rc2.
12 August 2019: Wouter
- Fix#33: Fix segfault in service of remaining streams on exit.
6 August 2019: Wouter
- Tag for 4.2.2rc1.
5 August 2019: Wouter
- PR #31: nsd-control: Add missing stdio header.
- PR #32: tsig: Fix compilation without HAVE_SSL.
- Cleanup tls context on xfrd exit.
31 July 2019: Wouter
- Fix#29: SSHFP check NULL pointer dereference.
- Fix#30: SSHFP check failure due to missing domain name.
- Fix to timeval_add in minievent for remaining second in microseconds.
22 July 2019: Wouter
- Set timeout for refetch immediately, only spread load when there
are retries.
19 July 2019: Wouter
- Set no renegotiation on the SSL context to stop client
session renegotiation.
18 July 2019: Wouter
- Fix#25: NSD doesn't refresh zones after extended downtime,
it refreshes the old zones, with a random delay of a couple of
seconds to spread the load.
- Fix so that expired zones stay expired when server is down a
long time.
17 July 2019: Wouter
- Fix that NSD warns for wrong length of the hash in SSHFP records.
15 July 2019: Wouter
- PR #23: Fix typo in nsd.conf man-page.
4 July 2019: Wouter
- Set version to 4.2.2 in development.
- clean memory on exit of nsd-checkzone for memory debug.
- Fix#20: CVE-2019-13207 Stack-based Buffer Overflow in the
dname_concatenate() function. Reported by Frederic Cambus.
It causes the zone parser to crash on a malformed zone file,
with assertions enabled, an assertion catches it.
- Fix#19: Out-of-bounds read caused by improper validation of
array index. Reported by Frederic Cambus. The zone parser
fails on type SIG because of mismatched definition with RRSIG.
2 July 2019: Wouter
- Tag for 4.2.1rc1
27 June 2019: Wouter
- Fix unit test for added options and no dot after zone updated
log message.
- Fix compile without accept4.
21 June 2019: Wouter
- Omit remaining tcp processing if the list is empty.
- Fix output of nsd-checkconf -h.
20 June 2019: Wouter
- Initialize event structures before event_set, to stop uninitialized
values from setting event library lists and assertions, that would
sometimes also show after event_del.
- Added num.tls and num.tls6 stat counters.
- PR #12: send-buffer-size, receive-buffer-size,
tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
- Do not use symbol from libc, instead use own replacement, if not
available, for accept4.
- Fix#14, tcp connections have 1/10 to be active and have to work
every second, and then they get time to complete during a reload,
this is a process that lingers with the old version during a version
update.
19 June 2019: Wouter
- Fix tls handshake event callback function mistake, reported
by Mykhailo Danylenko.
18 June 2019: Wouter
- Fix#15: crash in SSL library, initialize variables for TCP access
when TLS is configured.
14 June 2019: Wouter
- Fix to init event not pointer, in reassignment.
12 June 2019: Wouter
- Fix to init event structure for reassignment.
11 June 2019: Wouter
- NSD 4.2.0 release. Current development is 4.2.1.
- Fixup of RELNOTES, corrected RFC reference for 4892.
- Fix#13: Stray dot at the end of some log entries, removes dot
after updated serial number in log entry.
- Fix TLS cipher selection, the previous was redundant, prefers
CHACHA20-POLY1305 over AESGCM and was not as readable as it could be.
- Consolidate server tls context create and remote control context
create, with hardening for the remote control tls context too.
6 June 2019: Wouter
- NSD 4.2.0rc1 tag.
4 June 2019: Wouter
- Fix unit test for outgoing interface to use random port numbers for
the outgoing interface config.
29 May 2019: Wouter
- Fix to guard _OPENBSD_SOURCE from redefinition.
28 May 2019: Wouter
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
16 May 2019: Wouter
- Fix#10: Fix memory leaks caused by duplicate rr and include
instructions.
6 May 2019: Wouter
- Note CII best practices badge for NSD on the README.md.
2 May 2019: Wouter
- Fix .gitignore for unit test generated files.
- Fix checkconf unit test for hide-identity and tls.
1 May 2019: Wouter
- Fix makedist.sh for use with git.
- Nicer output on travis for clang analysis.
- Add .gitignore file to exclude built files from version tracking.
- Add README.md file in repository with compile instructions.
- Fix .gitignore for dnstap files and aclocal temp.
- Add aclocal to README.md for pkgconfig for some configure options.
25 April 2019: Wouter
- Add tls.tpkg unit test for DNS over TLS functionality.
18 April 2019: Wouter
- Fix to avoid buffer alloc with global buffer in tls write handler.
- Fix to initialize event structure when accepting TCP connection.
- Use travis for build check, initial unit test and clang analysis.
- Disable SSLv2,3,TLSv1.0,1.1 if TLS1.2 is available in libssl.
- Disable weak ciphers, enable CIPHER_SERVER_PREFERENCE.
- further setup ssl ctx after the keys are loaded, for ECDH.
- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
patch from Andreas Schulze.
17 April 2019: Wouter
- Fix to share openssl init code, and perform it once.
16 April 2019: Andreas via Sara
- Patch to add support for TCP Fast Open
- Patch to add support for tls service on a specified tls port
16 April 2019: Wouter
- Fix#4249: The option hide-identity: yes stops NSD from responding
with the hostname for chaos class queries. Implements the RFC4829
security considerations.
- Remove starttls, this signalling method was not standardized.
- Remove TO bit, this signalling method was not standardized.
- Remove unused first_query and tls_ok states.
- Remove sign-compare warning in tls packet send code.
- Fix spelling in comment and log printout.
- Fix potential uninitialized variable.
- Fix documentation for DNS over TLS, and set default port 853.
- Fix to add missing comment.
- Fix that the TLS handshake routine sets the correct event to
continue when done.
- Fix that TLS renegotiation calls the read and write routines again
with the same parameters when the desired event has been satisfied.
- Fix that TCP Fastopen has better error message and supports OSX.
- Fix log for fastopen with verbosity.
- Squelch TLS handshake failure log until verbosity 3.
- Add per-zone statistics for TLS queries, and dnstap for TLS queries,
and rcode and TCflag statistics for TCP and TLS queries.
25 March 2019: Wouter
- Print IP address when bind socket fails with error.
21 March 2019: Wouter
- Fix spelling error in release notes.
- Fix to delete unused zparser.default_apex member.
6 December 2019: Wouter
- Fix ipsecmod compile.
- Fix Makefile.in for ipset module compile, from Adi Prasaja.
5 December 2019: Wouter
- unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1
replacements for unbound-fuzzme.c that gets created after applying
the contrib/unbound-fuzzme.patch. They are contributed by
Eric Sesterhenn from X41 D-Sec.
- tag for 1.9.6rc1.
4 December 2019: Wouter
- Fix lock type for memory purify log lock deletion.
- Fix testbound for alloccheck runs, memory purify and lock checks.
- update contrib/fastrpz.patch to apply more cleanly.
- Fix Make Test Fails when Configured With --enable-alloc-nonregional,
reported by X41 D-Sec.
3 December 2019: Wouter
- Merge pull request #124 from rmetrich: Changed log lock
from 'quick' to 'basic' because this is an I/O lock.
- Fix text around serial arithmatic used for RRSIG times to refer
to correct RFC number.
- Fix Assert Causing DoS in synth_cname(),
reported by X41 D-Sec.
- Fix similar code in auth_zone synth cname to add the extra checks.
- Fix Assert Causing DoS in dname_pkt_copy(),
reported by X41 D-Sec.
- Fix OOB Read in sldns_wire2str_dname_scan(),
reported by X41 D-Sec.
- Fix Out of Bounds Write in sldns_str2wire_str_buf(),
reported by X41 D-Sec.
- Fix Out of Bounds Write in sldns_b64_pton(),
fixed by check in sldns_str2wire_int16_data_buf(),
reported by X41 D-Sec.
- Fix Insufficient Handling of Compressed Names in dname_pkt_copy(),
reported by X41 D-Sec.
- Fix Out of Bound Write Compressed Names in rdata_copy(),
reported by X41 D-Sec.
- Fix Hang in sldns_wire2str_pkt_scan(),
reported by X41 D-Sec.
This further lowers the max to 256.
- Fix snprintf() supports the n-specifier,
reported by X41 D-Sec.
- Fix Bad Indentation, in dnscrypt.c,
reported by X41 D-Sec.
- Fix Client NONCE Generation used for Server NONCE,
reported by X41 D-Sec.
- Fix compile error in dnscrypt.
- Fix _vfixed not Used, removed from sbuffer code,
reported by X41 D-Sec.
- Fix Hardcoded Constant, reported by X41 D-Sec.
- make depend
2 December 2019: Wouter
- Merge pull request #122 from he32: In tcp_callback_writer(),
don't disable time-out when changing to read.
22 November 2019: George
- Fix compiler warnings.
22 November 2019: Wouter
- Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec.
- Add make distclean that removes everything configure produced,
and make maintainer-clean that removes bison and flex output.
20 November 2019: Wouter
- Fix Out of Bounds Read in rrinternal_get_owner(),
reported by X41 D-Sec.
- Fix Race Condition in autr_tp_create(),
reported by X41 D-Sec.
- Fix Shared Memory World Writeable,
reported by X41 D-Sec.
- Adjust unbound-control to make stats_shm a read only operation.
- Fix Weak Entropy Used For Nettle,
reported by X41 D-Sec.
- Fix Randomness Error not Handled Properly,
reported by X41 D-Sec.
- Fix Out-of-Bounds Read in dname_valid(),
reported by X41 D-Sec.
- Fix Config Injection in create_unbound_ad_servers.sh,
reported by X41 D-Sec.
- Fix Local Memory Leak in cachedb_init(),
reported by X41 D-Sec.
- Fix Integer Underflow in Regional Allocator,
reported by X41 D-Sec.
- Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD.
- Synchronize compat/getentropy_win.c with version 1.5 from
OpenBSD, no changes but makes the file, comments, identical.
- Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD.
- Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD.
- Changes to compat/getentropy files for,
no link to openssl if using nettle, and hence config.h for
HAVE_NETTLE variable.
compat definition of MAP_ANON, for older systems.
ifdef stdint.h inclusion for older systems.
ifdef sha2.h inclusion for older systems.
- Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec.
- Fix compile with --enable-alloc-checks, reported by X41 D-Sec.
- Fix Terminating Quotes not Written, reported by X41 D-Sec.
- Fix Useless memset() in validator, reported by X41 D-Sec.
- Fix Unrequired Checks, reported by X41 D-Sec.
- Fix Enum Name not Used, reported by X41 D-Sec.
- Fix NULL Pointer Dereference via Control Port,
reported by X41 D-Sec.
- Fix Bad Randomness in Seed, reported by X41 D-Sec.
- Fix python examples/calc.py for eval, reported by X41 D-Sec.
- Fix comments for doxygen in dns64.
19 November 2019: Wouter
- Fix CVE-2019-18934, shell execution in ipsecmod.
- 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development.
- Fix authzone printout buffer length check.
- Fixes to please lint checks.
- Fix Integer Overflow in Regional Allocator,
reported by X41 D-Sec.
- Fix Unchecked NULL Pointer in dns64_inform_super()
and ipsecmod_new(), reported by X41 D-Sec.
- Fix Out-of-bounds Read in rr_comment_dnskey(),
reported by X41 D-Sec.
- Fix Integer Overflows in Size Calculations,
reported by X41 D-Sec.
- Fix Integer Overflow to Buffer Overflow in
sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
- Fix Out of Bounds Read in sldns_str2wire_dname(),
reported by X41 D-Sec.
- Fix Out of Bounds Write in sldns_bget_token_par(),
reported by X41 D-Sec.
18 November 2019: Wouter
- In unbound-host use separate variable for get_option to please
code checkers.
- update to bison output of 3.4.1 in code repository.
- Provide a prototype for compat malloc to remove compile warning.
- Portable grep usage for reuseport configure test.
- Check return type of HMAC_Init_ex for openssl 0.9.8.
- gitignore .source tempfile used for compatible make.
13 November 2019: Wouter
- iana portlist updated.
- contrib/fastrpz.patch updated to apply for current code.
- fixes for splint cleanliness, long vs int in SSL set_mode.
11 November 2019: Wouter
- Fix#109: check number of arguments for stdin-pipes in
unbound-control and fail if too many arguments.
- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
24 October 2019: Wouter
- Fix#99: Memory leak in ub_ctx (event_base will never be freed).
23 October 2019: George
- Add new configure option `--enable-fully-static` to enable full static
build if requested; in relation to #91.
23 October 2019: Wouter
- Merge #97: manpage: Add missing word on unbound.conf,
from Erethon.
22 October 2019: Wouter
- drop-tld.diff: adds option drop-tld: yesno that drops 2 label
queries, to stop random floods. Apply with
patch -p1 < contrib/drop-tld.diff and compile.
From Saksham Manchanda (Secure64). Please note that we think this
will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
lookups for downstream clients.
7 October 2019: Wouter
- Add doxygen comments to unbound-anchor source address code, in #86.
3 October 2019: Wouter
- Merge #90 from vcunat: fix build with nettle-3.5.
- Merge 1.9.4 release with fix for vulnerability CVE-2019-16866.
- Continue with development of 1.9.5.
- Merge #86 from psquarejho: Added -b source address option to
smallapp/unbound-anchor.c, from Lukas Wunner.
26 September 2019: Wouter
- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
Drop CAP_KILL, use + prefix for ExecReload= instead.
25 September 2019: Wouter
- The unbound.conf includes are sorted ascending, for include
statements with a '*' from glob.
23 September 2019: Wouter
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
service file to fix that systemctl reload fails.
20 September 2019: Wouter
- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
in unbound.service.
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
of /dev/random in scripts and docs.
- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
into the background.
19 September 2019: Wouter
- Fix#78: Memory leak in outside_network.c.
- Merge pull request #76 from Maryse47: Improvements and fixes for
systemd unbound.service.
- oss-fuzz badge on README.md.
- Fix fix for #78 to also free service callback struct.
- Fix for oss-fuzz build warning.
- Fix wrong response ttl for prepended short CNAME ttls, this would
create a wrong zero_ttl response count with serve-expired enabled.
- Merge #80 from stasic: Improve wording in man page.
11 September 2019: Wouter
- Use explicit bzero for wiping clear buffer of hash in cachedb,
reported by Eric Sesterhenn from X41 D-Sec.
9 September 2019: Wouter
- Fix#72: configure --with-syslog-facility=LOCAL0-7 with default
LOG_DAEMON (as before) can set the syslog facility that the server
uses to log messages.
4 September 2019: Wouter
- Fix#71: fix openssl error squelch commit compilation error.
3 September 2019: Wouter
- squelch DNS over TLS errors 'ssl handshake failed crypto error'
on low verbosity, they show on verbosity 3 (query details), because
there is a high volume and the operator cannot do anything for the
remote failure. Specifically filters the high volume errors.
2 September 2019: Wouter
- ipset module #28: log that an address is added, when verbosity high.
- ipset: refactor long routine into three smaller ones.
- updated Makefile dependencies.
23 August 2019: Wouter
- Fix contrib/fastrpz.patch asprintf return value checks.
22 August 2019: Wouter
- Fix that pkg-config is setup before --enable-systemd needs it.
- 1.9.3rc2 release candidate tag. And this became the 1.9.3 release.
Master is 1.9.4 in development.
21 August 2019: Wouter
- Fix log_dns_msg to log irrespective of minimal responses config.
19 August 2019: Ralph
- Document limitation of pidfile removal outside of chroot directory.
16 August 2019: Wouter
- Fix unittest valgrind false positive uninitialised value report,
where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
issues an uninitialised value for the token buffer at the str2wire.c
rrinternal_get_owner() strcmp with the '@' value. Rewritten to use
straight character comparisons removes the false positive. Also
valgrinds --expensive-definedness-checks=yes can stop this false
positive.
- Please doxygen's parser for "@" occurrence in doxygen comment.
- Fixup contrib/fastrpz.patch
- Remove warning about unknown cast-function-type warning pragma.
15 August 2019: Wouter
- iana portlist updated.
- Fix autotrust temp file uniqueness windows compile.
- avoid warning about upcast on 32bit systems for autotrust.
- escape commandline contents for -V.
- Fix character buffer size in ub_ctx_hosts.
- 1.9.3rc1 release candidate tag.
- Option -V prints if TCP fastopen is available.
14 August 2019: George
- Fix#59, when compiled with systemd support check that we can properly
communicate with systemd through the `NOTIFY_SOCKET`.
14 August 2019: Wouter
- Generate configlexer with newer flex.
- Fix warning for unused variable for compilation without systemd.
12 August 2019: George
- Introduce `-V` option to print the version number and build options.
Previously reported build options like linked libs and linked modules
are now moved from `-h` to `-V` as well for consistency.
- PACKAGE_BUGREPORT now also includes link to GitHub issues.
1 August 2019: Wouter
- For #52#53, second context does not close logfile override.
- Fix#52#53, fix for example fail program.
- Fix to return after failed auth zone http chunk write.
- Fix to remove unused test for task_probe existance.
- Fix to timeval_add for remaining second in microseconds.
- Check repinfo in worker_handle_request, if null, drop it.
29 July 2019: Wouter
- Add verbose log message when auth zone file is written, at level 4.
- Add hex print of trust anchor pointer to trust anchor file temp
name to make it unique, for libunbound created multiple contexts.
23 July 2019: Wouter
- Fix question section mismatch in local zone redirect.
19 July 2019: Wouter
- Fix#49: Set no renegotiation on the SSL context to stop client
session renegotiation.
12 July 2019: Wouter
- Fix#48: Unbound returns additional records on NODATA response,
if minimal-responses is enabled, also the additional for negative
responses is removed.
9 July 2019: Ralph
- Fix in respip addrtree selection. Absence of addr_tree_init_parents()
call made it impossible to go up the tree when the matching netmask is
too specific.
5 July 2019: Ralph
- Fix for possible assertion failure when answering respip CNAME from
cache.
25 June 2019: Wouter
- For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
when do-not-query-localhost is turned on, or at default on,
unbound-checkconf prints a warning if it is found in forward-addr or
stub-addr statements.
24 June 2019: Wouter
- Fix memleak in unit test, reported from the clang 8.0 static analyzer.
18 June 2019: Wouter
- PR #28: IPSet module, by Kevin Chou. Created a module to support
the ipset that could add the domain's ip to a list easily.
Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md.
- Fix to omit RRSIGs from addition to the ipset.
- Fix to make unbound-control with ipset, remove unused variable,
use unsigned type because of comparison, and assign null instead
of compare with it. Remade lex and yacc output.
- make depend
- Added documentation to the ipset files (for doxygen output).
- Merge PR #6: Python module: support multiple instances
- Merge PR #5: Python module: define constant MODULE_RESTART_NEXT
- Merge PR #4: Python module: assign something useful to the
per-query data store 'qdata'
- Fix python dict reference and double free in config.
17 June 2019: Wouter
- Master contains version 1.9.3 in development.
- Fix#39: In libunbound, leftover logfile is close()d unpredictably.
- Fix for #24: Fix abort due to scan of auth zone masters using old
address from previous scan.
12 June 2019: Wouter
- Fix another spoolbuf storage code point, in prefetch.
- 1.9.2rc3 release candidate tag. Which became the 1.9.2 release
on 17 June 2019.
11 June 2019: Wouter
- Fix that fixes the Fix that spoolbuf is not used to store tcp
pipelined response between mesh send and callback end, this fixes
error cases that did not use the correct spoolbuf.
- 1.9.2rc2 release candidate tag.
6 June 2019: Wouter
- 1.9.2rc1 release candidate tag.
4 June 2019: Wouter
- iana portlist updated.
29 May 2019: Wouter
- Fix to guard _OPENBSD_SOURCE from redefinition.
28 May 2019: Wouter
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
- gitignore config.h.in~.
27 May 2019: Wouter
- Fix double file close in tcp pipelined response code.
24 May 2019: Wouter
- Fix that spoolbuf is not used to store tcp pipelined response
between mesh send and callback end.
20 May 2019: Wouter
- Note that so-reuseport at extreme load is better turned off,
otherwise queries are not distributed evenly, on Linux 4.4.x.
16 May 2019: Wouter
- Fix#31: swig 4.0 and python module.
13 May 2019: Wouter
- Squelch log messages from tcp send about connection reset by peer.
They can be enabled with verbosity at higher values for diagnosing
network connectivity issues.
- Attempt to fix malformed tcp response.
9 May 2019: Wouter
- Revert fix for oss-fuzz, error is in that build script that
unconditionally includes .o files detected by configure, also
when the machine architecture uses different LIBOBJS files.
8 May 2019: Wouter
- Attempt to fix build failure in oss-fuzz because of reallocarray.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14648.
Does not omit compile flags from commandline.
7 May 2019: Wouter
- Fix edns-subnet locks, in error cases the lock was not unlocked.
- Fix doxygen output error on readme markdown vignettes.
6 May 2019: Wouter
- Fix#29: Solaris 11.3 and missing symbols be64toh, htobe64.
- Fix#30: AddressSanitizer finding in lookup3.c. This sets the
hash function to use a slower but better auditable code that does
not read beyond array boundaries. This makes code better security
checkable, and is better for security. It is fixed to be slower,
but not read outside of the array.
2 May 2019: Wouter
- contrib/fastrpz.patch updated for code changes, and with git diff.
- Fix .gitignore, add pythonmod and dnstap generated files.
And unit test generated files, and generated doc files.
1 May 2019: Wouter
- Update makedist for git.
- Nicer travis output for clang analysis.
- PR #16: XoT support, AXFR over TLS, turn it on with
master: <ip>#<authname> in unbound.conf. This uses TLS to
download the AXFR (or IXFR).
25 April 2019: Wouter
- Fix wrong query name in local zone redirect answers with a CNAME,
the copy of the local alias is in unpacked form.
18 April 2019: Ralph
- Scrub RRs from answer section when reusing NXDOMAIN message for
subdomain answers.
- For harden-below-nxdomain: do not consider a name to be non-exitent
when message contains a CNAME record.
18 April 2019: Wouter
- travis build file.
16 April 2019: Wouter
- Better braces in if statement in TCP fastopen code.
- iana portlist updated.
15 April 2019: Wouter
- Fix tls write event for read state change to re-call SSL_write and
not resume the TLS handshake.
11 April 2019: George
- Update python documentation for init_standard().
- Typos.
11 April 2019: Wouter
- Fix that auth zone uses correct network type for sockets for
SOA serial probes. This fixes that probes fail because earlier
probe addresses are unreachable.
- Fix that auth zone fails over to next master for timeout in tcp.
- Squelch SSL read and write connection reset by peer and broken pipe
messages. Verbosity 2 and higher enables them.
8 April 2019: Wouter
- Fix to use event_assign with libevent for thread-safety.
- verbose information about auth zone lookup process, also lookup
start, timeout and fail.
- Fix#17: Add python module example from Jan Janak, that is a
plugin for the Unbound DNS resolver to resolve DNS records in
multicast DNS [RFC 6762] via Avahi. The plugin communicates
with Avahi via DBus. The comment section at the beginning of
the file contains detailed documentation.
- Fix to wipe ssl ticket keys from memory with explicit_bzero,
if available.
5 April 2019: Wouter
- Fix to reinit event structure for accepted TCP (and TLS) sockets.
4 April 2019: Wouter
- Fix spelling error in log output for event method.
3 April 2019: Wouter
- Move goto label in answer_from_cache to the end of the function
where it is more visible.
- Fix auth-zone NSEC3 response for wildcard nodata answers,
include the closest encloser in the answer.
2 April 2019: Wouter
- Fix auth-zone NSEC3 response for empty nonterminals with exact
match nsec3 records.
- Fix for out of bounds integers, thanks to OSTIF audit. It is in
allocation debug code.
- Fix for auth zone nsec3 ent fix for wildcard nodata.
25 March 2019: Wouter
- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
disables the tls session ticker key calls into the OpenSSL API.
- Fix crash if tls-servic-pem not filled in when necessary.
21 March 2019: Wouter
- Fix#4240: Fix whitespace cleanup in example.conf.
19 March 2019: Wouter
- add type CAA to libpyunbound (accessing libunbound from python).
18 March 2019: Wouter
- Add log message, at verbosity 4, that says the query is encrypted
with TLS, if that is enabled for the query.
- Fix#4239: set NOTIMPL when deny-any is enabled, for RFC8482.
7 March 2019: Wouter
- Fix for #4233: guard use of NDEBUG, so that it can be passed in
CFLAGS into configure.
PT_LWPINFO from FreeBSD is almost never intended to be expressed with
PT_LWPINFO in NetBSD. PT_GET_SIGINFO reads siginfo_t with the signal
information about the event, on FreeBSD siginfo_t is merged into
ptrace_lwpinfo and returns the thread that received the event (not the
first one in a list like on NetBSD).
* hooks: STOPPED is now run on timeout and exit
* BSD: Use IP_REVCIF rather than IN_PKTINFO
* DHCP: When rebinding, ensure we have a DHCP ARP state
* RA: Sort routers when reachability changes
* RA: Apply hoplimit, reachable and retrans timer values to kernel
* RA: Warn if advertised MTU > interface MTU
* dhcpcd: Report SSID connection to when we gain carrier
* DHCP: Fix corruption of address flags when renewing
It is plainly obvious that the init value cannot be used (the
var was never used uninit'd - could not be) but gcc apparently cannot
work that out. Revert this if we ever get a compiler with a brain.
* Fix bugs in select-pane and the main-horizontal and main-vertical layouts.
CHANGES FROM 2.8 to 2.9
* Attempt to preserve horizontal cursor position as well as vertical with
reflow.
* Rewrite main-vertical and horizontal and change layouts to better handle the
case where all panes won't fit into the window size, reduce problems with
pane border status lines and fix other bugs mostly found by Thomas Sattler.
* Add format variables for the default formats in the various modes
(tree_mode_format and so on) and add a -a flag to display-message to list
variables with values.
* Add a -v flag to display-message to show verbose messages as the format is
parsed, this allows formats to be debugged
* Add support for HPA (\033[`).
* Add support for origin mode (\033[?6h).
* No longer clear history on RIS.
* Extend the #[] style syntax and use that together with previous format
changes to allow the status line to be entirely configured with a single
option.
Now that it is possible to configure their content, enable the existing code
that lets the status line be multiple lines in height. The status option can
now take a value of 2, 3, 4 or 5 (as well as the previous on or off) to
configure more than one line. The new status-format array option configures
the format of each line, the default just references the existing status-*
options, although some of the more obscure status options may be eliminated
in time.
Additions to the #[] syntax are: "align" to specify alignment (left, centre,
right), "list" for the window list and "range" to configure ranges of text
for the mouse bindings.
The "align" keyword can also be used to specify alignment of entries in tree
mode and the pane status lines.
* Add E: and T: format modifiers to expand a format twice (useful to expand the
value of an option).
* The individual -fg, -bg and -attr options have been removed; they
were superseded by -style options in tmux 1.9.
* Allow more than one mode to be opened in a pane. Modes are kept on a stack
and retrieved if the same mode is entered again. Exiting the active mode goes
back to the previous one.
* When showing command output in copy mode, call it view mode instead (affects
pane_mode format).
* Add -b to display-panes like run-shell.
* Handle UTF-8 in word-separators option.
* New "terminal" colour allowing options to use the terminal default colour
rather than inheriting the default from a parent option.
* Do not move the cursor in copy mode when the mouse wheel is used.
* Use the same working directory rules for jobs as new windows rather than
always starting in the user's home.
* Allow panes to be one line or column in size.
* Go to last line when goto-line number is out of range in copy mode.
* Yank previously cut text if any with C-y in the command prompt, only use the
buffer if no text has been cut.
* Add q: format modifier to quote shell special characters.
* Add StatusLeft and StatusRight mouse locations (keys such as
MouseDown1StatusLeft) for the status-left and status-right areas of the
status line.
* Add -Z to find-window.
* Support for windows larger than the client. This adds two new options,
window-size and default-size, and a new command, resize-window. The
force-width and force-height options and the session_width and session_height
formats have been removed.
The new window-size option tells tmux how to work out the size of windows:
largest means it picks the size of the largest session, smallest the smallest
session (similar to the old behaviour) and manual means that it does not
automatically resize windows. aggressive-resize modifies the choice of
session for largest and smallest as it did before.
If a window is in a session attached to a client that is too small, only part
of the window is shown. tmux attempts to keep the cursor visible, so the part
of the window displayed is changed as the cursor moves (with a small delay,
to try and avoid excess redrawing when applications redraw status lines or
similar that are not currently visible).
Drawing windows which are larger than the client is not as efficient as those
which fit, particularly when the cursor moves, so it is recommended to avoid
using this on slow machines or networks (set window-size to smallest or
manual).
The resize-window command can be used to resize a window manually. If it is
used, the window-size option is automatically set to manual for the window
(undo this with "setw -u window-size"). resize-window works in a similar way
to resize-pane (-U -D -L -R -x -y flags) but also has -a and -A flags. -a
sets the window to the size of the smallest client (what it would be if
window-size was smallest) and -A the largest.
For the same behaviour as force-width or force-height, use resize-window -x
or -y.
If the global window-size option is set to manual, the default-size option is
used for new windows. If -x or -y is used with new-session, that sets the
default-size option for the new session.
The maximum size of a window is 10000x10000. But expect applications to
complain and higher memory use if making a window that big. The minimum size
is the size required for the current layout including borders.
The refresh-client command can be used to pan around a window, -U -D -L -R
moves up, down, left or right and -c returns to automatic cursor
tracking. The position is reset when the current window is changed.
notification of a failed auth attempt, and a notification of a
successful auth attempt.
Implements a third option - notification of abusive behavior, and
accepts, but does not act on a forth type - "bad username". It is
envisioned that a system administrator will configure a small list
of "known bad usernames" that should be blocked immediately.
From Kurt Lidl @ FreeBSD
PR port-alpha/54307.
If rtree.c and tcache.c are compiled with -O0, userland just works
without problems as far as I can see. Alternately, you can specify
-DJEMALLOC_DEBUG to avoid random crash. Smells like compiler bug,
or wrong coding which relies on some undefined behavior.
Anyway, we need to pull this up into netbsd-9 asap.
it -O0. The tm argument gets passed in as non-null and it is non-null after
the command execution, but then becomes null and causes a null dereference.
Remove const from the 2nd argument.
const char ** and char ** are incompatible types and it was a cost to keep
the technically incompatible form for a more purist variation. NetBSD was
almost the last alive OS to still keep the const argument (known leftovers:
Minix and Illumos).
Keep the const form for the internal purposes inside citrus and rump.
Address the build breakage fallout in the same change.
There are no ABI changes.
Change accepted by core@.
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
to copy the interface name. The kernel requires the interface to be NUL
terminated anyway and will fail with ENAMETOOLONG otherwise. Pointed out
by Robert Swindells.
* Fix carrier status after a route socket overflow
* Allow domain spaced options
* DHCP: Allow not sending Force Renew Nonce or Reconf Accept
* IPv4LL: Now passes Apple Bonjour test versions 1.4 and 1.5
* ARP: Fix a typo and remove pragma (thus working with old gcc)
* DHCP6: Fix a cosmetic issue with infinite leases
* DHCP6: SLA 0 and Prefix Len 0 will now add a delegatd /64 address
* Ignore some virtual interfaces such as Tap and Bridge by default
* BPF: Move validation logic out of BPF and back into dhcpcd
* test/btyacc/big_b.error, test/btyacc/big_l.error, test/btyacc/help.error, test/btyacc/no_b_opt.error, test/btyacc/no_output2.error, test/btyacc/no_p_opt.error, test/btyacc/nostdin.error, test/yacc/big_b.error, test/yacc/big_l.error, test/yacc/help.error, test/yacc/no_b_opt.error, test/yacc/no_output2.error, test/yacc/no_p_opt.error, test/yacc/nostdin.error:
regen
* test/run_test.sh: test "-H" rather than "-D"
2019-06-16 Thomas E. Dickey <dickey@invisible-island.net>
* main.c, yacc.1:
change "-D" option to "-H" (discussion with Ethan Sommer)
* VERSION, package/byacc.spec, package/debian/changelog, package/mingw-byacc.spec, package/pkgsrc/Makefile:
bump
* test/btyacc/defines1.calc.c, test/btyacc/defines2.calc.c, test/btyacc/defines3.calc.c:
RCS_BASE
* test/run_test.sh: in test_defines, save the ".c" file too
* test/yacc/defines3.calc.c, test/yacc/defines2.calc.c, test/yacc/defines1.calc.c:
RCS_BASE
* test/run_test.sh:
output of test_defines should be a header ".h", not ".c"
* test/btyacc/defines1.calc.h, test/btyacc/defines1.error, test/btyacc/defines1.output, test/btyacc/defines2.calc.h, test/btyacc/defines2.error, test/btyacc/defines2.output, test/btyacc/defines3.calc.h, test/btyacc/defines3.error, test/btyacc/defines3.output:
RCS_BASE
* main.c: however, a subsequent -d cancels -D
* test/yacc/defines1.calc.h, test/yacc/defines3.calc.h: RCS_BASE
* main.c: -D option implies -d
* test/yacc/defines1.error, test/yacc/defines1.output, test/yacc/defines2.calc.h, test/yacc/defines2.error, test/yacc/defines2.output, test/yacc/defines3.error, test/yacc/defines3.output:
RCS_BASE
* yacc.1: align macro definitions with my other manpages
* test/run_test.sh: add test for -D after -d or -b options
* test/btyacc/stdin1.calc.c, test/btyacc/stdin1.error, test/btyacc/stdin1.output, test/btyacc/stdin2.calc.c, test/btyacc/stdin2.error, test/btyacc/stdin2.output:
RCS_BASE
* test/btyacc/big_b.error, test/btyacc/big_b.output, test/btyacc/big_l.error, test/btyacc/big_l.output, test/btyacc/help.error, test/btyacc/help.output, test/btyacc/no_b_opt.error, test/btyacc/no_b_opt.output, test/btyacc/no_b_opt1.error, test/btyacc/no_b_opt1.output, test/btyacc/no_code_c.error, test/btyacc/no_code_c.output, test/btyacc/no_defines.error, test/btyacc/no_defines.output, test/btyacc/no_graph.error, test/btyacc/no_graph.output, test/btyacc/no_include.error, test/btyacc/no_include.output, test/btyacc/no_opts.error, test/btyacc/no_opts.output, test/btyacc/no_output.error, test/btyacc/no_output.output, test/btyacc/no_output1.error, test/btyacc/no_output1.output, test/btyacc/no_output2.error, test/btyacc/no_output2.output, test/btyacc/no_p_opt.error, test/btyacc/no_p_opt.output, test/btyacc/no_p_opt1.error, test/btyacc/no_p_opt1.output, test/btyacc/no_verbose.error, test/btyacc/no_verbose.output, test/btyacc/nostdin.error, test/btyacc/nostdin.output, test/yacc/big_b.error, test/yacc/big_b.output, test/yacc/big_l.error, test/yacc/big_l.output, test/yacc/help.error, test/yacc/help.output, test/yacc/no_b_opt.error, test/yacc/no_b_opt.output, test/yacc/no_b_opt1.error, test/yacc/no_b_opt1.output, test/yacc/no_code_c.error, test/yacc/no_code_c.output, test/yacc/no_defines.error, test/yacc/no_defines.output, test/yacc/no_graph.error, test/yacc/no_graph.output, test/yacc/no_include.error, test/yacc/no_include.output, test/yacc/no_opts.error, test/yacc/no_opts.output, test/yacc/no_output.error, test/yacc/no_output.output, test/yacc/no_output1.error, test/yacc/no_output1.output, test/yacc/no_output2.error, test/yacc/no_output2.output, test/yacc/no_p_opt.error, test/yacc/no_p_opt.output, test/yacc/no_p_opt1.error, test/yacc/no_p_opt1.output, test/yacc/no_verbose.error, test/yacc/no_verbose.output, test/yacc/nostdin.error, test/yacc/nostdin.output:
regen
* test/run_test.sh:
add a test for stdin "-" vs end-options "--", and correct a redirection
of stderr in test_flags
* test/yacc/stdin2.output, test/yacc/stdin2.calc.c, test/yacc/stdin1.calc.c, test/yacc/stdin1.error, test/yacc/stdin1.output, test/yacc/stdin2.error:
RCS_BASE
* test/btyacc/big_b.output, test/btyacc/big_l.output, test/btyacc/help.output, test/btyacc/no_b_opt.output, test/btyacc/no_output2.output, test/btyacc/no_p_opt.output, test/btyacc/nostdin.output, test/yacc/big_b.output, test/yacc/big_l.output, test/yacc/help.output, test/yacc/no_b_opt.output, test/yacc/no_output2.output, test/yacc/no_p_opt.output, test/yacc/nostdin.output:
regen
* main.c: add -D option, to specify filename vs y.tab.h for -d
* defs.h: add dflag2, for -D option
* yacc.1: document -D option
* config_h.in: updated with autoheader-252
* configure: regen
* package/debian/copyright: bump
* aclocal.m4: add CF_GETOPT_HEADER
* aclocal.m4: Improved autoconf macros:
+ CF_CC_ENV_FLAGS
putting preprocessor flags in CFLAGS also is a nuisance, which can be
addressed in the same way.
+ CF_GCC_WARNINGS
factor out workaround for XTSTRINGDEFINES as CF_CONST_X_STRING
+ CF_GNU_SOURCE
The check for _DEFAULT_SOURCE should apply to "recent" Cygwin (since early 2016),
and except for "NEWLIB" vs "GLIBC" in the test, acts the same if I pretend
that "newlib" is the GNU C library. Without this, the check falls through
to the _XOPEN_SOURCE test, which breaks the pseudoterminal checks for xterm.
+ CF_POSIX_C_SOURCE
add/use CF_POSIX_VISIBLE
+ CF_TRY_XOPEN_SOURCE
use CF_APPEND_TEXT
+ CF_WITH_MAN2HTML
use sed to work around non-POSIX tail utility
+ CF_XOPEN_SOURCE
use CF_APPEND_TEXT
add/use CF_POSIX_VISIBLE
* VERSION, package/byacc.spec, package/debian/changelog, package/mingw-byacc.spec, package/pkgsrc/Makefile:
bump
2019-06-10 Thomas E. Dickey <dickey@invisible-island.net>
* config.guess: 2019-06-10
2019-05-22 Thomas E. Dickey <dickey@invisible-island.net>
* config.sub: 2019-05-22
- file has looks bogus maybe-uninitialized
- llvm triggers an attribute violation:
ScheduleDAGInstrs.cpp:1430:14: error: declaration of
'llvm::raw_ostream& llvm::operator<<(llvm::raw_ostream&, const llvm::ILPValue&)'
with attribute 'noinline' follows inline declaration [-Werror=attributes]
- ntp and pkg_install have obvious restrict violations, should be
fixed but i'm avoiding patching upstream code in this pass
- tftp has an array bounds that doesn't seem real issue
- sysinst's partman.c has major problem with passing the same
string as source and dest in snprintf, as a way to strcat
with formatting which trip restrict violations. non trivial
to fix so for now the warning is elided.
- Xext's XEVI.c has similar issue as partman.c
everyone and GCC 8 gets these warnings turned off for now:
-Wno-format-truncation
-Wno-stringop-overflow
-Wno-stringop-truncation
-Wno-cast-function-type
as they trip a large amount of code. most of them should be
investigated, but the few i looked at were not finding actually
real bugs, vs instances of poor coding, so skipping for now.
avoid passing the same pointer in multiple arguments for restrict
marked arguments:
- sigaction() wants separate in/out
- use memmove() not memcpy() for overlapping regions (this may fix
a real bug in nvi -- but it seems unlikely)
- select() wants separate read/write/except
- sigprocmask() wants separate set/oset
Synchromize the struct field format with other BSDs and Darwin.
No ABI change between older and newer struct form on the ports.
The change will require no changes to most C users during the transition
period as the header keeps a caller cast.
Discussed with core@ and there were no objections for this move.
Summary for 1.9.1 libpcap release
Mention pcap_get_required_select_timeout() in the main pcap man page
Fix pcap-usb-linux.c build on systems with musl
Fix assorted man page and other documentation issues
Plug assorted memory leaks
Documentation changes to use https:
Changes to how time stamp calculations are done
Lots of tweaks to make newer compilers happier and warning-free and
to fix instances of C undefined behavior
Warn if AC_PROG_CC_C99 can't enable C99 support
Rename pcap_set_protocol() to pcap_set_protocol_linux().
Align pcap_t private data on an 8-byte boundary.
Fix various error messages
Use 64-bit clean API in dag_findalldevs()
Fix cleaning up after some errors
Work around some ethtool ioctl bugs in newer Linux kernels (GitHub
issue #689)
Add backwards compatibility sections to some man pages (GitHub issue
#745)
Fix autotool configuration on AIX and macOS
Don't export bpf_filter_with_aux_data() or struct bpf_aux_data;
they're internal-only and subject to change
Fix pcapng block size checking
On macOS, don't build rpcapd or test programs any fatter than they
need to be
Fix reading of capture statistics for Linux USB
Fix packet size values for Linux USB packets (GitHub issue #808)
Check only VID in VLAN test in filterss (GitHub issue #461)
Fix pcap_list_datalinks on 802.11 devices on macOS
Fix overflows with very large snapshot length in pcap file
Improve parsing of rpcapd configuration file (GitHub issue #767)
Handle systems without strlcpy() or strlcat() better
Fix crashes and other errors with invalid filter expressions
Fix use of uninitialized file descriptor in remote capture
Fix some CMake issues
Fix some divide-by-zero issues with the filter compiler
Work around a GNU libc bug in pcap_nametonetaddr()
Add support for DLT_LINUX_SLL2
Fix handling of the packet-count argument for Myricom SNF devices
Fix --disable-rdma in configure script (GitHub issue #782)
Fix compilation of TurboCap support (GitHub issue #764)
Constify first argument to pcap_findalldevs_ex()
Fix a number of issues when running rpcapd as an inetd-style daemon
Fix CMake issues with D-Bus libraries
In rpcapd, clean up termination of a capture session
Redo remote capture protocol negotiation
In rpcapd, report the same error for "invalid user name" and
"invalid password", to make brute-forcing harder
For remote captures, add an error code for "the server requires TLS"
Fix pcap_dump_fopen() on Windows to avoid clashes between
{Win,N}Pcap and application C runtimes
Fix exporting of functions from Windows DLLs (GitHub issue #810)
Fix building as part of Npcap
Allow rpcapd to rebind more rapidly
Fix building shared libpcap library on midipix (midipix.org)
Fix hack to detect UTF-16LE adapter names on Windows not to go past
the end of the string
Fix handling of "wireless WAN" (mobile phone network modems) on
Windows with WinPcap/Npcap (GitHub issue #824)
Have pcap_dump_open_append() create the dump file if it doesn't
exists (GitHub issue #247)
Fix the maxmum snapshot length for DLT_USBPCAP
Use -fPIC when building for 64-bit SPARC on Linux (GitHub issue #837)
Fix CMake 64-bit library installation directory on some Linux
distributions
Boost the TPACKET_V3 timeout to the maximum if a timeout of 0 was
specified
Five CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165
Fixes for CVE-2018-16301, errors in pcapng reading.
PCAPNG reader applies some sanity checks before doing malloc().
martin