Add build rules for LLVM in all the supported variations for NetBSD/amd64:
- asan
- xray
- tsan, dd
- libfuzzer
- msan
- safestack
- ubsan
These build rules compile functional sanitizers.
The build rules are still not hooked into the distribution build, as there
is pending work on backporting improvements for the llvm-8 branch needed
for netbsd-9 and newer.
Added libldap OpenSSL Elliptic Curve support (ITS#7595)
Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671)
Added slapd-monitor support for slapd-mdb (ITS#7770)
Fixed liblber leaks (ITS#8727)
Fixed liblber with partial flush (ITS#8864)
Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674)
Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754)
Fixed libldap to correctly close TLS connection (ITS#8755)
Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
Fixed liblunicode case correspondance (ITS#8508)
Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
Fixed slapd config parser variable for Windows64 (ITS#9012)
Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038)
Fixed slapd to initialize SASL SSF per connection (ITS#9052)
Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997)
Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
Fixed slapd-meta assertion when network interface goes down (ITS#8841)
Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
Fixed slapo-accesslog possible assert with exops (ITS#8971)
Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
Fixed slapo-memberof for group name change to itself (ITS#9000)
Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
Fixed slapo-rwm to not free original filter (ITS#8964)
Fixed slapo-syncprov contextCSN generation (ITS#9015)
Build Environment
Fixed slapd to only link to BDB libraries with static build (ITS#8948)
Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794)
Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
Documentation
General - Fixed minor typos (ITS#8764, ITS#8761)
admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031)
slapd.access(5) - Note MDB is the primary backend (ITS#8881)
slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
slapd-ldap(5) - Document starttls parameter (ITS#8693)
Contrib
Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)
OpenLDAP 2.4.47 Release (2018/12/19)
Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
Added slapd-sock ability to send extended operations to external listeners (ITS#8714)
Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752)
Fixed libldap dn to domain parsing with bad input (ITS#8842)
Fixed slapd slapcat to correctly honor -g option (ITS#8667)
Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923)
Fixed slapd to check status of rdnNormalize (ITS#8932)
Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616)
Fixed slapd sasl authz-policy "all" behavior (ITS#8909)
Fixed slapd sasl minor typo (ITS#8918)
Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912)
Fixed slapd domainScope control to match Microsoft specification (ITS#8840)
Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868)
Fixed slapo-accesslog deadlock during cleanup (ITS#8752)
Fixed slapo-memberof cn=config modifications (ITS#8663)
Fixed slapo-ppolicy with multimaster replication (ITS#8927)
Fixed slapo-syncprov with NULL modlist (ITS#8843)
Build Environment
Added slapd reproducible build support (ITS#8928)
Fixed missing includes with OpenSSL 1.0.2 (ITS#8809)
Contrib
Fixed slapo-pbkdf2 hash generation (ITS#8878)
Documentation
admin24 fixed minor typo (ITS#8887)
OpenLDAP 2.4.46 Release (2018/03/22)
Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717)
Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373)
Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687)
Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791)
Fixed libldap MozNSS CA certificate hash matching (ITS#7374)
Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389)
Fixed libldap MozNSS initialization (ITS#8484)
Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650)
Fixed libldap memory leak with cancel operations (ITS#8782)
Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705)
Fixed slapd to maintain SSF across SASL binds (ITS#8796)
Fixed slapd syncrepl deadlock when updating cookie (ITS#8752)
Fixed slapd syncrepl callback to always be last in the stack (ITS#8752)
Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778)
Fixed slapd CSN queue processing (ITS#8801)
Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720)
Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520)
Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226)
Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404)
Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692)
Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752)
Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100)
Fixed slapo-syncprov memory leak with delete operations (ITS#8690)
Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444)
Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100)
Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607)
Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800)
Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486)
Build Environment
Fixed Windows build with newer MINGW version (ITS#8697)
Fixed compiler warnings and removed unused variables (ITS#8578)
Contrib
Fixed ldapc++ Control structure (ITS#8583)
Documentation
Delete stub manpage for back-ldbm (ITS#8713)
Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121)
Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818)
Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715)
Fixed slapo-syncprov(5) indexing requirements (ITS#5048)
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).
Signed-off-by: Jouni Malinen <j@w1.fi>
(cherry picked from commit cd803299ca485eb857e37c88f973fccfbb8600e5)
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).
Signed-off-by: Jouni Malinen <j@w1.fi>
(cherry picked from commit 147bf7b88a9c231322b5b574263071ca6dbb0503)
This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
differences in runtime and memory access patterns depending on the
leading bytes of the BIGNUM value.
OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
are still using the previous implementation where the BN_num_bytes()
call may result in different memory access pattern.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
(cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3)
Currently,
- offset of underline is fixed to 1-row from bottom of characters, and
- height of underline is fixed to 1.
Both are good for standard 8x16 fonts. However, it is too thin for
larger fonts, especially when used on display of high resolution.
Also, 1-row offset of underline is ugly for small fonts, e.g.,
spleen5x8.
Therefore, adjust offset and height as,
- no changes for standard 16-height fonts.
- scaling by font height for larger fonts.
- set offset to zero for fonts of height smaller than 16.
- remove ri_buf and friends.
- remove ri_stamp and frieds.
- introduce ri_ul, which will be used for scaling underline with font.
Also add hack for ri_ul; adjust its size to obsoleted member, ri_delta,
which was only used rasops routines internally. Now, size and offsets of
all members of struct rasops_info become same with netbsd-9, -8, and -7,
again. So we can safelly pull up fixes to any release branches!
rasops.h, it is not safe to use kmem_alloc(9) in rasops_init();
rasops routines can be used for early putchar, which means that
UVM is not fully initialized.
Should fix a problem reported by macallan:
http://mail-index.netbsd.org/tech-kern/2019/08/02/msg025327.html
Instead of using ri_buf, inline function rasops_memcpy32() is
introduced to fill 32bit data efficiently.
Instead of using ri_stamp (per device stamp), stamp_ri is
introduced to distinguish for which device stamp is calculated.
- Use static masks similar to that used in rasops_bitops.h,
rather than generating them on the fly.
- Use pointer for proper type to avoid unnecessary casts.
skrll