into the kernel if the "IPSEC" kernel option is given.
The old implementation is still available as KAME_IPSEC.
Do some minimal manpage adjustment -- kame_ipsec(4) is a copy
of the old ipsec(4) and the latter is now a copy of fast_ipsec(4).
Ethernet, SLIP, and PPP being supported, and no network types with
variable-length headers (such as 802.11).
Document BIOCSRSIG and BIOCGRSIG.
From Guy Harris in PR#40703.
implementation. Rewrite pseudodevice code to use cprng_strong(9).
The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key. Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.
The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256. This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.
Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.
For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved. For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.
- minor tweak to the handler example: it leaks 't' (on stack)
when passed to sysctl_lookup(9), as it copyout its content via
sysctl_data. That would not be the case if CTLFLAG_IMMEDIATE flag
was set for this node but the example does not preclude that.
from the bootloader. This can fix the problem of poor quality keys
for other kernel modules which call arc4random() early in kernel startup
(NFS startup, in particular, causes this).
We continue to rely on the etc/rc.d/random_seed script to save entropy
to the seed file at shutdown and erase the seed file at startup.
Boot loader support implemented only for i386 and amd64 ports for now but
it should be easy for other ports to do the same or similar.
power switch handler of pow(4) deleted before.
Benefits than pow(4):
- separate a front switch (= powsw0) and an EXPWON line (= powsw1)
completely. Only powsw0 is enabled in GENERIC by default.
- prevent chattering in some hardware individuals.
thank you for a report and a test: Yasushi Oshima and Y.Sugahara.
Probably the combination of pow(4) ioctl and rtcalarm(8) does
not work for a long time, and nobody uses them.
I'll rewrite a part about power switch handler as a new device.
At the moment this only provides an example for a "Hello world" program
for powerpc. (Bear with me: this is my very first assembly program in
powerpc; if you find anything stupid in the code, please fix it!)
There are three changes of note - most urgently, Cuba (America/Havana)
has extended summer time by two weeks, now to end on Nov 13, rather than
the (already past) Oct 30. Second, the Pridnestrovian Moldavian Republic
(Europe/Tiraspol) decided not to split from the rest of Moldova after
all, and consequently that zone has been removed (again) and reinstated
in the "backward" file as a link to Europe/Chisinau. And third, the
end date for Fiji's summer time this summer was moved forward from the
earlier planned Feb 26, to Jan 22.
The executive summary:
europe Pridnestrovian Moldavian Republic (Europe/Tiraspol)
has followed much of Russia, and will retain "summer time"
year round (that is no time transition is due Oct 30).
This reintroduces a zone that had earlier been removed,
and so removes the "backward" link.
On the other hand, Ukraine have decided not to follow,
so the change which had been made in preparation for
that in tzdata2011k is now reverted, and there will be
a transition on Oct 30.
southamerica
The change to Bahia, Brazil, that introduced summer time
(following the regular Brazil rules, so commencing this
year on Oct 16 - last SUnday) that was mooted before
tzdata2011l was released, but withdrawn becase the
change was not yet official, has now been ratified.
This release was prepared by Robert Elz after a lawsuit
caused Arthur Olson to shut down the tz mailing list and the
FTP site at ftp://elsie.nci.nih.gov/pub/
Notable changes:
* Change in the end date for daylight savings time in Asia/Hebron (West Bank).
* Change in daylight savings time rules for Fiji.
Notable changes:
* New time zone Asia/Hebron (West Bank), which no longer
follows the same rules as Asia/Gaza (Gaza Strip).
* Several Eastern European countries abolish
daylight svings time and move from +02:00 to +03:00.
for platforms with shlibs already (and are.)
this obsoletes our hacks for the libgcc specs to use libgcc_pic, and
fixes a couple of other issues reported to me directly.
specific flags to drivers being attached at gpio pins. gpioiic(4)
uses this to reverse the SDA/SCL signal order. gpioctl(8) accepts
the flag values as optional argument to the attach command.
While here, make sure we retain backwards compatability and wrap compat
code in #ifdef COMPAT_50/#endif.
