Commit Graph

7435 Commits

Author SHA1 Message Date
kre
66b36a0ae7 Make this more automated - no longer requires editing the
script before use.   Also update to reflect a few changes
to procedures that have occurred here and there in the past.
2018-03-24 01:54:48 +00:00
kre
398771e150 Merge tzdata2018d 2018-03-24 01:47:49 +00:00
kre
99546511b5 Import tzdata2018d from ftp://ftp.iana.org/tz/releases/tzdata2018d.tar.gz
Summary of changes in tzdata2018d (2018-03-22 07:05:46 -0700):

	In 2018, Palestine starts DST on March 24 (today!), not March 31

	Casey Station in Antarctica changed from +11 to +08 on 2018-03-11
	at 04:00.

	Various adjustments to some historical conversions (several for
	Uruguay (1920 .. 1990), one fpr Enderbury and Kiritimati (1994/5),
	one for Portugal and colonies (1912) and Jamaica and Turks & Caicos
	(pre 1913)).
2018-03-24 01:45:23 +00:00
kre
6041acfc85 Import tzdata2018d from ftp://ftp.iana.org/tz/releases/tzdata2018d.tar.gz
Summary of changes in tzdata2018d (2018-03-22 07:05:46 -0700):

	In 2018, Palestine starts DST on March 24 (today!), not March 31

	Casey Station in Antarctica changed from +11 to +08 on 2018-03-11
	at 04:00.

	Various adjustments to some historical conversions (several for
	Uruguay (1920 .. 1990), one fpr Enderbury and Kiritimati (1994/5),
	one for Portugal and colonies (1912) and Jamaica and Turks & Caicos
	(pre 1913)).
2018-03-24 01:44:51 +00:00
jmcneill
bff7590cf4 Fix path to system.ctwmrc 2018-03-18 11:40:41 +00:00
nakayama
2819bbab3f Disable wchar_t support since our C library does not treat wchar_t
as UCS-4 in the case of non-UTF-8 locales.

This feature was controlled by USE_WCHAR and disabled on NetBSD 7.
2018-03-17 11:06:48 +00:00
mrg
5ae6500fa6 complete the switch to xorgproto over *proto split packages
- remove old package makefiles
- update makekeys for Xfuncproto.h being a real file now
- clean up deleted package X11SRCDIR.pkg settings

this should be functionally equivalent.
2018-03-14 23:41:05 +00:00
mrg
34d45f496e Xfuncproto.h is a normal file now. 2018-03-14 09:38:33 +00:00
mrg
5b6e3f750b obsolete fontcacheproto.
prepare for xorgproto - split the non replaced list out.
2018-03-14 09:09:46 +00:00
mrg
4bb54eb227 reacharound framework for xorgproto. functionally identical
to the split *proto packages except we're dropping the long
obsolete fontcacheproto.

not used yet.
2018-03-14 08:55:35 +00:00
mrg
96e436f227 update for libdrm 2.4.91. 2018-03-14 07:23:00 +00:00
mrg
c201ebe368 regenerate these for libxcb 1.13. 2018-03-14 06:47:28 +00:00
mrg
ba5804a5a5 build Tekparse.hin VTparse.hin normally. 2018-03-14 06:06:40 +00:00
mrg
7b319e81c3 fix the cleanfiles for hooks mechanism 2018-03-13 03:17:01 +00:00
mrg
76c587cf23 add the generated prog.conf.5 to CLEANFILES. 2018-03-13 03:07:51 +00:00
mrg
f0a3006c1d use CLEANFILES+= not CLEANFILES= to avoid overriding what was already
setup before now.
2018-03-13 03:03:33 +00:00
mrg
d28ac4e2bc add missing pcfwrite.c. 2018-03-13 02:23:28 +00:00
mrg
2f4e8debbd regen these files for xkeyboard-config 2.23.1. 2018-03-11 20:17:19 +00:00
christos
cf5485362c don't need sys/cdefs.h if tool. 2018-03-11 18:32:10 +00:00
mrg
2cca8ab520 move the src list from libXfont stuff to local stuff. 2018-03-11 11:01:07 +00:00
mrg
45c2b575db update for bdftopcf 1.4.0. 2018-03-11 10:48:38 +00:00
mrg
be73d44615 fix libXfont2 sources list. update for xfs 1.2.0. 2018-03-11 10:17:10 +00:00
mrg
8d3614ad11 build and install libXfont2. 2018-03-11 09:43:38 +00:00
mrg
5083d6789f use xorg-pkg-ver.mk. 2018-03-11 09:03:04 +00:00
mrg
6b967b0242 use xorg-pkg-ver.mk 2018-03-11 08:59:52 +00:00
mrg
be01acb109 use xorg-pkg-ver.mk and define HAVE_USLEEP. 2018-03-11 08:46:31 +00:00
mrg
e2ac71f7b9 look in man/ subdir for the manual 2018-03-11 08:21:24 +00:00
mrg
006d83878d use xorg-pkg-ver.mk 2018-03-11 08:03:20 +00:00
mrg
6e5b391377 stop building libXfontcache as it is obsolete for a decade. 2018-03-11 07:18:49 +00:00
htodd
ea01913fc3 Fix typo in function name. 2018-03-06 21:21:27 +00:00
christos
d9314bf1eb switch ppc64 from "long long" == int64 to "long" == int64 2018-03-05 00:19:41 +00:00
christos
0fd55fa7b9 Make the *int64 long long (32 bit) or long (64) bit. Now all those special
redefinitions could go away since this is the default behavior.
2018-03-05 00:17:09 +00:00
christos
9bf6fb1f8e _LP64 64 bit types are "long" not "long long". 2018-03-04 16:44:11 +00:00
christos
ce06c661cc Fix Reproducible builds by obeying MDNS_VERSIONSTR_NODTS in all cases.
Reported by wiz@
2018-03-03 16:09:56 +00:00
mrg
d6b5ffb54c xfs and xset don't need libXfontcache. 2018-03-03 03:34:17 +00:00
christos
4824f3b241 update upstream code changes in signal handling. 2018-02-25 21:06:40 +00:00
christos
e68081c947 merge conflicts; also:
- Do the reuse-port first like MacOS/X otherwise we can't bind
- Disable SO_RECV_ANYIF hack
2018-02-25 20:04:55 +00:00
christos
200e8a27b2 import latest 2018-02-25 19:25:33 +00:00
christos
58300083f7 zero out socket structures before bind. 2018-02-25 19:22:41 +00:00
chs
eec15c920c add some flag definitions from a newer version of FreeBSD's libproc
that are needed by the new dtrace.  these don't do anything yet,
but dtrace doesn't mind.  I'll do a full resync to the latest FreeBSD
libproc / librtld_db later.
2018-02-25 18:48:39 +00:00
uwe
5a14c3e55e Add FreeBSD 11.0 and 12.0 2018-02-25 12:46:49 +00:00
mrg
924dadf563 fix some types of netbsd arm builds. 2018-02-25 01:05:09 +00:00
mrg
2e19323388 add LIBKRB5_LDADD/LIBKRB5_DPADD and their static counterparts
to bsd.prog.mk.  use them instead of hard coding various lists
of libraries for krb5.

this fixes static builds.
2018-02-25 00:16:48 +00:00
mrg
a23ad621f4 remove this obsolete file that has a lot of dated info from
about the time we started switching some ports to GCC 5.3.
2018-02-23 01:01:22 +00:00
mrg
7d1f9b1bbb regen ppc64 mknative gcc 6 files with biarch support. 2018-02-22 22:25:16 +00:00
mrg
7b8aed4e4d fix powerpc64 bi-arch support: provide a LINK_SECURE_PLT_SPEC.
with this, and mknative-gcc for it, powerpc64 builds with GCC 6.
2018-02-22 22:20:44 +00:00
mrg
da58b5e34c re-port the patch from https://gcc.gnu.org/bugzilla/attachment.cgi?id=15492.
- local HOST_WIDE_INT_CONSTANT macro same as new HOST_WIDE_INT_C macro,
  so use it instead, and remove the local macro.
- re-port the genrecog.c change which was missed in early GCC-6 port.

this makes sh3 work again.
2018-02-22 07:24:19 +00:00
christos
6402a3dbee llvm detects infinite recursion, so don't infinitely recurse. 2018-02-18 23:51:20 +00:00
mrg
08873910d3 minimal basic support for ia64 and gcc6. i am not sure about the
bp part of the GetPcSpBp() port, cherry please look :-)
2018-02-16 07:59:05 +00:00
christos
a3a22b2ed2 we now has _UC_MACHINE_FP. 2018-02-15 19:02:06 +00:00
ryoon
2c4c2d277a Fix broken dig and host commands
OpenSSL 1.1 does not have GOST support, so restrict GOST support to 1.0.
2018-02-14 12:47:43 +00:00
christos
298caec6c7 need -lrt for shm_{open,close} 2018-02-14 03:37:39 +00:00
christos
4c0f6a5b74 depend on librt for shm_{open,close} 2018-02-14 02:12:35 +00:00
christos
74bd282433 Asan needs bits and pieces of ubsan now; go figure. 2018-02-14 02:12:07 +00:00
christos
d637e5b6a0 our __csa_atexit does not like NULL dso; use atexit(3) instead. 2018-02-14 02:11:22 +00:00
christos
be74da7a3a enable addr2line 2018-02-14 02:10:32 +00:00
christos
8ac5b43509 - enable netbsd
- add cast to (uptr) for _Unwind_GetIP
2018-02-14 02:10:06 +00:00
christos
ae5e37f8c6 PR/53008: Henning Petersen: Fix missing brace inside comment. 2018-02-11 15:56:25 +00:00
maya
0cca4bc316 Use bools with bool. NFCI.
From Henning Petersen in PR toolchain/53009.
(I completed for the rest of the function. Similar code exists in GCC trunk.)
2018-02-11 13:50:15 +00:00
christos
09f7d6a729 Use bsd.init.mk (instead of bsd.own.mk) consistently so that
Makefile.inc gets called before bsd.own.mk so that we get a chance
to use NOFOO easily in Makefile.inc. Use that to turn CTF off for
everything.
2018-02-11 02:12:28 +00:00
christos
d4a3515981 non-null arg. 2018-02-11 00:25:12 +00:00
christos
e8b7cd3e82 remove more unreachable code. 2018-02-10 23:46:44 +00:00
christos
4ac26a154e Convert to full recursive attr/die lookup instead of one level since gcc 6
creates indirect attributes that point to indirect attributes. The code is
smaller this way too :-)
2018-02-10 23:39:29 +00:00
christos
4a07650653 fix for OpenSSL 1.0 and 1.1 co-existance, merge conflicts. 2018-02-09 17:13:27 +00:00
christos
3fb6240442 NSD 4.1.19
Dec 11, 2017
Bugfixes
ignore fallthrough compiler warning in flex EOF rule.
Fix warnings emitted by clang for --enable-packed. Alignment is not a problem for x86_64, don't enable packed when the platform requires aligned access.
Fix spelling error in xfr-inspect.
Fix 3392: Fix regression in 4.1.18 for notify lists with ip4 and ip6 targets.
Add test for support of -Wno-address-of-packed-member for --enable-packed.

NSD 4.1.18
Nov 30, 2017
Features
xfr-inspect, it is not installed, it prints xfr files from /tmp made with 'make xfr-inspect' in the source dir.
retry timeout between sending notifies dropped from 15 to 3 sec.
NSD sends 16 notifies simultaneously.
configure --enable-packed reduces memory usage, at expense of unaligned reads. Saves about 17%.
Save memory by selectively allocate precompiled nsec3 hashes, saves about 16% memory.
make ip-transparent option work on OpenBSD.
Save about 2% memory by changing usage count size in name tree.
Fix #2871: Increase number of sockets for xfrd transfers.
Bugfixes
Fix gcc 7.1.1 warnings.
Fix writev compile warning on FreeBSD.
Fix #1446: A corrupted zone file "propagates" to good ones.
nsd-control zonestatus prints wait time between attempts, for zones that are in that waiting time.
Fix collision printout of nsec3 to print name, hash and reverse.
Fix #1567: Change crit to err log level for gettimeofday failure. Add defines for compile without syslog.
Fix crash for DS query when parent and child zones both configured in nsd.conf and parent zone has not loaded properly.

NSD 4.1.17
Jul 21, 2017
Features
zone parser parses type AVC (it has TXT format).
Fix #1272: use writev to put tcp length field with data for outgoing zone transfer requests.
Bugfixes
Fix potential null pointer in nsec3 adjustment tree.
Fix text format of deletes for CDS and CDNSKEY, single 0 to represent empty base64 or hex string.

NSD 4.1.16
Apr 25, 2017
Features
zone parser can parse acronyms for algorithms ED25519 and ED448.
Fix 1243: Option to make NSD emit really minimal responses, minimal-responses: yes in nsd.conf.
Bugfixes
Calculate new udb index after growing the array, fix from Chaofeng Liu.
Fix missing _t to _type conversion for disable-radix-tree option.
Printout serial error with hint it may be too big.
Fix 1228: OpenSSL include is not guarded with HAVE_SSL
Patch for expire state in multi-master when masters includes broken master, from Manabu Sonoda.
minor manpage fix.

NSD 4.1.15
Feb 16, 2017
Bugfixes
Fix nsd-control and ipv6 only.
Squelch zone transfer error address family not supported by protocol at low verbosity levels.
Fix #1195: Fix so that NSD fails on non-compliant values for Serial.
Fix to rename _t typedefs because POSIX reserves them.
Fix that nsec3 hash collisions only reported on verbosity level 3.
2018-02-09 16:52:53 +00:00
mrg
c46c969be6 adjust the list of subdirs to elide. don't need libitm, gnattools
or gotools.
2018-02-08 19:33:26 +00:00
mrg
7e43f9ab3a update for GCC 6:
do_process has vfork() vs clobber issues
2018-02-07 06:17:07 +00:00
mrg
7dc27d93dc for now, turn off biarch support in ppc64. it ends up enabling
secureplt support for 64 bit mode, which doesn't exist (or need it.)
2018-02-07 05:34:21 +00:00
mrg
0566bffd45 regen mknative gcc 6.4 for mipsel. sort of do it for vax, ia64 and ppc64. 2018-02-07 04:13:47 +00:00
mrg
7438970f7d make this actually work:
- use ${G_OBJS} directly, it avoids issues with .c vs .cc files.
- add a method to not rm -rf .ab for inspection.
- fix and add missing depends for many things.
- use -Wno-error for mips and arm insn-recog.c, due to eg:
    insn-recog.c:10304:7: error: this decimal constant is unsigned only in ISO C90 [-Werror]
    mips.md:3474:11: error: this decimal constant is unsigned only in ISO C90 [-Werror]
2018-02-07 02:33:05 +00:00
mrg
862de77331 some more/changed files need -O1 for vax. 2018-02-07 02:32:39 +00:00
mrg
af8e9facc2 port to hppa, m68k, m68000, vax, and sh3. this should complete
our list of ports.  it's only about obtaining some pointers in
this code, really.
2018-02-07 02:32:01 +00:00
mrg
ccb67c474f handle MKPICLIB=no builds. 2018-02-07 02:30:39 +00:00
mrg
fe6746514c regen mknative-gcc 6 for:
arm armeb earm earmeb earmhf earmhfeb earmv4eb earmv6 earmv6eb
  earmv6hf earmv6hfeb earmv7 earmv7eb earmv7hf earmv7hfeb

mipsel, ppc64 and ia64 didn't work properly this time, and vax
has a problem with libstdc++.
2018-02-07 02:29:06 +00:00
mrg
acf2ba3732 fix alpha gcc 6.4 mknative. now works. 2018-02-06 23:12:35 +00:00
mrg
8c973b6499 build and install gcov-dump. 2018-02-06 23:12:01 +00:00
roy
f206af0326 Restore default paths to what they were before prior import. 2018-02-06 21:27:49 +00:00
mrg
77cfa0ba5f more mknative-gcc 6.4 for m68k, mips*, powerpc, sh*, sparc* and amd64. 2018-02-06 19:57:57 +00:00
mrg
74059485b4 regen for GCC 6.4 (no real change) 2018-02-06 09:36:34 +00:00
mrg
dff6d09fe0 port to mips and alpha. 2018-02-06 09:31:56 +00:00
mrg
d79d5e15a2 rebuild mknative GCC 6.4 for these targets:
arm armeb earmeb earmhf earmhfeb earmv4eb
	earmv6 earmv6eb earmv6hf earmv6hfeb
	earmv7 earmv7eb earmv7hf earmv7hfeb
	hppa ia64 m68000 m68k
	mips64eb mips64el mipseb mipsel
	powerpc64 sh3eb sh3el vax
2018-02-06 09:18:14 +00:00
christos
69e7f0ccfa put back all the build info in one place (Makefile.inc) 2018-02-06 03:30:18 +00:00
christos
d164780ad1 provide 2 configs: one for openssl-1.0 and one for openssl-1.1 since they
chose to configure each function separately.
2018-02-06 03:29:57 +00:00
christos
74a545eecc merge conflicts 2018-02-06 03:05:47 +00:00
christos
0cd9f4ecf4 Unbound 1.6.8
Download: unbound-1.6.8.tar.gz
SHA1 checksum: 492737be9647c26ee39d4d198f2755062803b412
SHA256 checksum: e3b428e33f56a45417107448418865fe08d58e0e7fea199b855515f60884dd49
PGP signature: unbound-1.6.8.tar.gz.asc
Date: 19 Jan, 2018
Bug Fixes
Fix for CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records.
Older versions
Unbound 1.6.7
Download: unbound-1.6.7.tar.gz
SHA1 checksum: 098f8acfc3e9d1cab54f07863e61eabbb67c80dc
SHA256 checksum: 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f
PGP signature: unbound-1.6.7.tar.gz.asc
Date: 10 Oct, 2017
Features
Set trust-anchor-signaling default to yes
#1440: [dnscrypt] client nonce cache.
#1435: Allow UDP to be disabled separately upstream and downstream.
Bug Fixes
Fix that looping modules always stop the query, and don't pass control.
Fix unbound-host to report error for DNSSEC state of failed lookups.
Spelling fixes, from Josh Soref.
Fix #1400: allowing use of global cache on ECS-forwarding unless always-forward.
use a cachedb answer even if it's "expired" when serve-expired is yes (patch from Jinmei Tatuya).
trigger refetching of the answer in that case (this will bypass cachedb lookup)
allow storing a 0-TTL answer from cachedb in the in-memory message cache when serve-expired is yes
Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff.
Log name of looping module
Fix #1450: Generate again patch contrib/aaaa-filter-iterator.patch (by Danilo G. Baio).
Fix param unused warning for windows exportsymbol compile.
Use RCODE from A query on DNS64 synthesized answer.
Fix trust-anchor-signaling works in libunbound.
Fix spelling in unbound-control man page.
Unbound 1.6.6
Download: unbound-1.6.6.tar.gz
SHA1 checksum: d205c03a402f5d900d5bad3d036849a12804a49e
SHA256 checksum: 972b14dc33093e672652a7b2b5f159bab2198b0fe9c9e1c5707e1895d4d4b390
PGP signature: unbound-1.6.6.tar.gz.asc
Date: 18 Sep, 2017
Features
unbound-control dump_infra prints port number for address if not 53.
Fix #1344: RFC6761-reserved domains: test. and invalid.
Fix #1349: allow suppression of pidfiles (from Daniel Kahn Gillmor). With the -p option unbound does not create a pidfile.
Added stats for queries that have been ratelimited by domain recursion.
Patch to show DNSCrypt status in help output, from Carsten Strotmann.
Fix #1407: Add ECS options check to unbound-checkconf.
Fix #1415: [dnscrypt] shared secret cache, patch from Manu Bretelle.
Bug Fixes
fixup of dnscrypt_cert_chacha test (from Manu Bretelle).
First fix for zero b64 and hex text zone format in sldns.
Better fixup of dnscrypt_cert_chacha test for different escapes.
Fix that infra cache host hash does not change after reconfig.
Fix python example0 return module wait instead of error for pass.
enhancement for hardened-tls for DNS over TLS. Removed duplicated security settings.
Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned on.
Fix #1331: libunbound segfault in threaded mode when context is deleted.
Fix pythonmod link line option flag.
Fix openssl 1.1.0 load of ssl error strings from ssl init.
Fix 1332: Bump verbosity of failed chown'ing of the control socket.
Redirect all localhost names to localhost address for RFC6761.
Fix #1350: make cachedb backend configurable (from JINMEI Tatuya).
Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg.
upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), config.sub(2016-09-05).
annotate case statement fallthrough for gcc 7.1.1.
flex output from flex 2.6.1.
snprintf of thread number does not warn about truncated string.
squelch TCP fast open error on FreeBSD when kernel has it disabled, unless verbosity is high.
remove warning from windows compile.
Fix compile with libnettle
Fix DSA configure switch (--disable dsa) for libnettle and libnss.
Fix #1365: Add Ed25519 support using libnettle.
Fix #1394: mix of serve-expired and response-ip could cause a crash.
Remove unused iter_env member (ip6arpa_dname)
Do not reset rrset.bogus stats when called using stats_noreset.
Do not add rrset_bogus and query ratelimiting stats per thread, these module stats are global.
Fix #1397: Recursive DS lookups for AS112 zones names should recurse.
Fix #1398: make cachedb secret configurable.
Remove spaces from Makefile.
Fix issue on macOX 10.10 where TCP fast open is detected but not implemented causing TCP to fail. The fix allows fallback to regular TCP in this case and is also more robust for cases where connectx() fails for some reason.
Fix #1402: squelch invalid argument error for fd_set_block on windows.
Fix to reclaim tcp handler when it is closed due to dnscrypt buffer allocation failure.
Fix #1415: patch to free dnscrypt environment on reload.
iana portlist update
Small fixes for the shared secret cache patch.
Fix WKS records on kvm autobuild host, with default protobyname entries for udp and tcp.
Fix #1414: fix segfault on parse failure and log_replies.
zero qinfo in handle_request, this zeroes local_alias and also the qname member.
new keys and certs for dnscrypt tests.
fixup WKS test on buildhost without servicebyname.
updated contrib/fastrpz.patch to apply with configparser changes.
Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs.
Fix #1424: cachedb:testframe is not thread safe.
Fix #1417: [dnscrypt] shared secret cache counters, and works when dnscrypt is not enabled. And cache size configuration option.
Fix #1418: [ip ratelimit] initialize slabhash using ip-ratelimit-slabs.
Recommend 1472 buffer size in unbound.conf
Fix #1412: QNAME minimisation strict mode not honored
Fix #1434: Fix windows openssl 1.1.0 linking.
Add dns64 for client-subnet in unbound-checkconf.
Unbound 1.6.5
Download: unbound-1.6.5.tar.gz
SHA1 checksum: ecb260b94d139d84fae2bff80f9701f53a329e26
SHA256 checksum: e297aa1229015f25bf24e4923cb1dadf1f29b84f82a353205006421f82cc104e
PGP signature: unbound-1.6.5.tar.gz.asc
Date: 21 Aug, 2017
Bug Fixes
Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017.
Unbound 1.6.4
Download: unbound-1.6.4.tar.gz
SHA1 checksum: 836ecc48518b9159f600a738c276423ef1f95021
SHA256 checksum: df0a88816ec31ccb8284c9eb132e1166fbf6d9cde71fbc4b8cd08a91ee777fed
PGP signature: unbound-1.6.4.tar.gz.asc
Date: 27 Jun, 2017
Features
Implemented trust anchor signaling using key tag query.
unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt.
unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames.
Implemented opportunistic IPsec support module (ipsecmod).
Added redirect-bogus.patch to contrib directory.
Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
renumbering B-Root's IPv6 address to 2001:500:200::b.
Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
Fix #1277: disable domain ratelimit by setting value to 0.
Added fastrpz patch to contrib
Bug Fixes
Added ECS unit test (from Manu Bretelle).
ECS documentation fix (from Manu Bretelle).
Fix #1252: more indentation inconsistencies.
Fix #1253: unused variable in edns-subnet/addrtree.c:getbit().
Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
iana portlist update
Based on #1257: check parse limit before t increment in sldns RR string parse routine.
Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86).
Fix #1259: "--disable-ecdsa" argument overwritten by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
iana portlist update
Added test for leak of stub information.
Fix sldns wire2str printout of RR type CAA tags.
Fix sldns int16_data parse.
Fix sldns parse and printout of TSIG RRs.
sldns SMIMEA and AVC definitions, same as getdns definitions.
Fix tcp-mss failure printout text.
Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations).
Add 'c' to getopt() in testbound.
Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there.
Fix queries for nameservers under a stub leaking to the internet.
document trust-anchor-signaling in example config file.
updated configure, dependencies and flex output.
better module memory lookup, fix of unbound-control shm names for module memory printout of statistics.
Fix type AVC sldns rrdef.
Some whitespace fixup.
Fix #1265: contrib/unbound.service contains hardcoded path.
Fix #1265 to use /bin/kill.
Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL.
Fix #1268: SIGSEGV after log_reopen.
exec_prefix is by default equal to prefix.
printout localzone for duplicate local-zone warnings.
Fix assertion for low buffer size and big edns payload when worker overrides udpsize.
Support for openssl EVP_DigestVerify.
Fix #1269: inconsistent use of built-in local zones with views.
Add defaults for new local-zone trees added to views using unbound-control.
Fix #1273: cachedb.c doesn't compile with -Wextra.
If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
Also use global local-zones when there is a matching view that does not have any local-zone specified.
Fix fastopen EPIPE fallthrough to perform connect.
Fix #1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle).
Fix #1275: cached data in cachedb is never used.
Fix that unbound-control can set val_clean_additional and val_permissive_mode.
Add dnscrypt XChaCha20 tests.
Detect chacha for dnscrypt at configure time.
dnscrypt unit tests with chacha.
Added domain name based ECS whitelist.
Fix #1278: Incomplete wildcard proof.
Fix #1279: Memory leak on reload when python module is enabled.
Fix #1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly.
More fixes in depth for buffer checks in 0x20 qname checks.
Fix stub zone queries leaking to the internet for harden-referral-path ns checks.
Fix query for refetch_glue of stub leaking to internet.
Fix #1301: memory leak in respip and tests.
Free callback in edns-subnetmod on exit and restart.
Fix memory leak in sldns_buffer_new_frm_data.
Fix memory leak in dnscrypt config read.
Fix dnscrypt chacha cert support ifdefs.
Fix dnscrypt chacha cert unit test escapes in grep.
Fix to unlock view in view test.
Fix warning in pythonmod under clang compiler.
Fix lintian typo.
Fix #1316: heap read buffer overflow in parse_edns_options.
Unbound 1.6.3
Download: unbound-1.6.3.tar.gz
SHA1 checksum: 4477627c31e8728058565f3bae3a12a1544d8a9c
SHA256 checksum: 4c7e655c1d0d2d133fdeb81bc1ab3aa5c155700f66c9f5fb53fa6a5c3ea9845f
PGP signature: unbound-1.6.3.tar.gz.asc
Date: 13 Jun, 2017
Bug Fixes
Fix #1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly.
Unbound 1.6.2
Download: unbound-1.6.2.tar.gz
SHA1 checksum: de370b1ac8e260db9c4c1504453752713dd8818f
SHA256 checksum: 1a323d72c32180b7141c9e6ebf199fc68a0208dfebad4640cd2c4c27235e3b9c
PGP signature: unbound-1.6.2.tar.gz.asc
Date: 24 Apr, 2017
Features
Add trustanchor.unbound CH TXT that gets a response with a number of TXT RRs with a string like "example.com. 2345 1234" with the trust anchors and their keytags.
Patch for view functionality for local-data-ptr from Björn Ketelaars.
Response actions based on IP address from Jinmei Tatuya (Infoblox).
Patch from Luiz Fernando Softov for Stats Shared Memory.
unbound-control stats_shm command prints stats using shared memory, which uses less cpu.
--disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and DS records. NSEC3 is not disabled.
#1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then enabled in the config file from Manu Bretelle.
Merge EDNS Client subnet implementation from feature branch into main branch, using new EDNS processing framework.
harden-algo-downgrade: no also makes unbound more lenient about digest algorithms in DS records.
Bug Fixes
sldns has ED25519 and ED448 algorithm number and name for display.
sldns updated for vfixed and buffer resize indication from getdns.
iana portlist update
Fix #1224: Fix that defaults should not fall back to "Program Files (x86) if Unbound is 64bit by default on windows.
Fix doc/CNAME-basedRedirectionDesignNotes.pdf zone static to redirect.
make depend, autoconf, doxygen and lint fixed up.
include sys/time.h for new shm code on NetBSD.
Fix #1227: Fix that Unbound control allows weak ciphersuits.
Fix #1226: provide official 32bit binary for windows.
For #1227: if we have sha256, set the cipher list to have no known vulns.
Fix testpkts.c, check if DO bit is set, not only if there is an OPT record.
Fix #1229: Systemd service sandboxing in contrib/unbound.service.
Fix #1230: swig version 2.0.1 is required for pythonmod, with 1.3.40 it crashes when running repeatly unbound-control reload.
fix enum conversion warnings
fake-sha1 test option; print warning if used. To make unit tests.
unbound-control list local zone and data commands listed in the help output.
Fix #1234: shortening DNAME loop produces duplicate DNAME records in ANSWER section.
testbound understands Deckard MATCH rcode question answer commands.
Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead of YXDOMAIN + query loop, reported by Petr Spacek.
Fix that SHM is not inited if not enabled.
Fix that looped DNAMEs do not cause unbound to spend effort.
trustanchor tags are sorted. reusable routine to fetch taglist.
Fix #1237 - Wrong resolving in chain, for norec queries that get SERVFAIL returned.
make depend, autoconf, remove warnings about statement before var.
lru_demote and lruhash_insert_or_retrieve functions for getdns.
fixup for lruhash (whitespace and header file comment).
dnscrypt tests.
Fix doxygen for dnscrypt files.
Fix #1238: segmentation fault when adding through the remote interface a per-view local zone to a view with no previous (configured) local zones.
Fix #1229: Systemd service sandboxing, options in wrong sections.
Fix #1239: configure fails to find python distutils if python prints warning.
Fix to prevent non-referal query from being cached as referal when the no_cache_store flag was set.
Remove (now unused) event2 include from dnscrypt code.
Fix #1217: Add metrics to unbound-control interface showing crypted, cert request, plaintext and malformed queries (from Manu Bretelle).
Do not add current time twice to TTL before ECS cache store.
Do not touch rrset cache after ECS cache message generation.
Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode.
Fix #1244: document that use of chroot requires trust anchor file to be under chroot.
Small fixup for documentation.
Fix respip for braces when locks arent used.
Fix pythonmod for cb changes.
Generalise inplace callback (de)registration
(de)register inplace callbacks for module id
No unbound-control set_option for ECS options
Deprecated client-subnet-opcode config option
Introduced client-subnet-always-forward config option
Changed max-client-subnet-ipv6 default to 56 (as in RFC)
Removed extern ECS config options
module_restart_next now calls clear on all following modules
Also create ECS module qstate on module_event_pass event
remove malloc from inplace_cb_register
Unlock view in respip unit test
Some whitespace fixup.
Remove ECS option after REFUSED answer.
Fix small memory leak in edns_opt_copy_alloc.
Respip dereference after NULL check.
Zero initialize addrtree allocation.
Use correct identifier for SHM destroy.
Display ECS module memory usage.
Fix #1247: unbound does not shorten source prefix length when forwarding ECS.
Properly check for allocation failure in local_data_find_tag_datas.
Fix #1249: unbound doesn't return FORMERR to bogus ECS.
Set SHM ECS memory usage to 0 when module not loaded.
subnet mem value is available in shm, also when not enabled, to make the struct easier to memmap by other applications, independent of the configuration of unbound.
Fix #1250: inconsistent indentation in services/listen_dnsport.c.
Unbound 1.6.1
Download: unbound-1.6.1.tar.gz
SHA1 checksum: 41369fcfd37844b02b7293b37ec78e69f0db34c7
SHA256 checksum: 42df63f743c0fe8424aeafcf003ad4b880b46c14149d696057313f5c1ef51400
PGP signature: unbound-1.6.1.tar.gz.asc
Date: 21 Feb, 2017
Features
configure --enable-systemd and lets unbound use systemd sockets if you enable use-systemd: yes in unbound.conf. Also there are contrib/unbound.socket and contrib/unbound.service: systemd files for unbound, install them in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov.
[bugzilla: 1187 ]
Source IP rate limiting, patch from Larissa Feng.
[bugzilla: 1184 ]
Log DNS replies. This includes the same logging information that DNS queries and response code and response size, patch from Larissa Feng.
Include root trust anchor id 20326 in unbound-anchor.
64bit is default for windows builds.
Bug Fixes
[bugzilla: 1176 ]
Fix stack size too small for Alpine Linux.
Fix unbound-control and ipv6 only.
[bugzilla: 1182 ]
Fix Resource leak (socket), at startup.
[bugzilla: 1178 ]
Fix attempt to fix setup error at end, pop result values at end of install.
iana portlist update
Fix inet_ntop and inet_pton warnings in windows compile.
[bugzilla: 1191 ]
Fix remove comment about view deletion.
[bugzilla: 1188 ]
Fix unresolved symbol 'fake_dsa' in libunbound.so when built with Nettle
[bugzilla: 1190 ]
Fix to not echo back EDNS options in local-zone error response.
[bugzilla: 1194 ]
Fix if cross build fails when $host isn't `uname` for getentropy.
Fix reload chdir failure when also chrooted to that directory.
Fix to return formerr for queries for meta-types, to avoid packet amplification if this meta-type is sent on to upstream.
[bugzilla: 1201 ]
Fix missing unlock in answer_from_cache error condition.
[bugzilla: 1202 ]
Fix code comment that packed_rrset_data is not always 'packed'.
Fix to also block meta types 128 through to 248 with formerr.
[bugzilla: 1206 ]
Fix that some view-related commands are missing from 'unbound-control -h'
Fix to rename ub_callback_t to ub_callback_type, because POSIX reserves _t typedefs.
Fix to rename internally used types from _t to _type, because _t type names are reserved by POSIX.
Increase MAX_MODULE to 16.
[bugzilla: 1211 ]
Fix can't enable interface-automatic if no IPv6 with more helpful error message.
fix root_anchor test for updated icannbundle.pem lower certificates.
Fix compile on solaris of the fix to use $host detect.
Fix for type name change and fix warning on windows compile.
Fix pythonmod for typedef changes.
Fix dnstap for warning of set but not used.
Fix autoconf of systemd check for lack of pkg-config.
Unbound 1.6.0
Download: unbound-1.6.0.tar.gz
SHA1 checksum: 9b7606b016b447dc837efc108cee94f3fecf4ede
SHA256 checksum: 6b7db874e6debda742fee8869d722e5a17faf1086e93c911b8564532aeeffab7
PGP signature: unbound-1.6.0.tar.gz.asc
Date: 15 Dec, 2016
Features
Added generic EDNS code for registering known EDNS option codes, bypassing the cache response stage and uniquifying mesh states. Four EDNS option lists were added to module_qstate (module_qstate.edns_opts_*) to store EDNS options from/to front/back side.
Added two flags to module_qstate (no_cache_lookup, no_cache_store) that control the modules' cache interactions.
Added code for registering inplace callback functions. The registered functions can be called just before replying with local data or Chaos, replying from cache, replying with SERVFAIL, replying with a resolved query, sending a query to a nameserver. The functions can inspect the available data and maybe change response/query related data (i.e. append EDNS options).
Updated Python module for the above.
Updated Python documentation.
Added views functionality.
Added qname-minimisation-strict config option.
Patch that resolves CNAMEs entered in local-data conf statements that point to data on the internet, from Jinmei Tatuya (Infoblox).
serve-expired config option: serve expired responses with TTL 0.
.gitattributes line for githubs code language display.
log-identity: config option to set sys log identity, patch from "Robin H. Johnson" (robbat2@gentoo.org).
Added stub-ssl-upstream and forward-ssl-upstream options.
Added local-zones and local-data bulk addition and removal functionality in unbound-control (local_zones, local_zones_remove, local_datas and local_datas_remove).
Bug Fixes
Fix #836: unbound could echo back EDNS options in an error response.
Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX.
Fix #839: Memory grows unexpectedly with large RPZ files.
Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile.
Fix #841: big local-zone's make it consume large amounts of memory.
Fix dnstap relaying "random" messages instead of resolver/forwarder responses, from Nikolay Edigaryev.
Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav.
Fix #1117: spelling errors, from Robert Edmonds.
iana portlist update.
fix memoryleak logfile when in debug mode.
Re-fix #839 from view commit overwrite.
Fixup const void cast warning.
Removed patch comments from acllist.c and msgencode.c
Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf, from Jinmei Tatuya (Infoblox).
Fix #1125: unbound could reuse an answer packet incorrectly for clients with different EDNS parameters, from Jinmei Tatuya.
Fix #1118: libunbound.pc sets strange Libs, Libs.private values.
Added Requires line to libunbound.pc
Fix #1130: whitespace in example.conf.in more consistent.
suppress compile warning in lex files.
init lzt variable, for older gcc compiler warnings.
fix --enable-dsa to work, instead of copying ecdsa enable.
Fix DNSSEC validation of query type ANY with DNAME answers.
Fixup query_info local_alias init.
Ported tests for local_cname unit test to testbound framework.
g.root-servers.net has AAAA address.
Fix #1134: unbound-control set_option -- val-override-date: -1 works immediately to ignore datetime, or back to 0 to enable it again. The -- is to ignore the '-1' as an option flag.
Patch for server.num.zero_ttl stats for count of expired replies, from Pavel Odintsov.
Fix failure to build on arm64 with no sbrk.
Set OpenSSL security level to 0 when using aNULL ciphers.
configure detects ssl security level API function in the autoconf manner. Every function on its own, so that other libraries (eg. LibreSSL) can develop their API without hindrance.
Fix #1154: segfault when reading config with duplicate zones.
Note that for harden-below-nxdomain the nxdomain must be secure, this means nsec3 with optout is insufficient.
Fix #1155: test status code of unbound-control in 04-checkconf, not the status code from the tee command.
Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath" for the harden-below-nxdomain option.
patch from Dag-Erling Smorgrav that removes code that relies on sbrk().
Make access-control-tag-data RDATA absolute. This makes the RDATA origin consistent between local-data and access-control-tag-data.
Fix NSEC ENT wildcard check. Matching wildcard does not have to be a subdomain of the NSEC owner.
QNAME minimisation uses QTYPE=A, therefore always check cache for this type in harden-below-nxdomain functionality.
Added unit test for QNAME minimisation + harden below nxdomain synergy.
Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using no encryption over the unix socket.
hyphen as minus fix, by Andreas Schulze
Fix #1170: document that 'inform' local-zone uses local-data.
Fix #1173: differ local-zone type deny from unset tag_actions element.
Add DSA support for OpenSSL 1.1.0
Fix remote control without cert for LibreSSL
Fix downcast warnings from visual studio in sldns code.
Unbound 1.5.10
Download: unbound-1.5.10.tar.gz
SHA1 checksum: 6102849c400db3a4195b1f16df8f312568a6ec57
SHA256 checksum: a39b8b4fcca2a2b35a2daa53fe35150cc3f09038dc9acede09c912fc248a9486
PGP signature: unbound-1.5.10.tar.gz.asc
Date: 27 Sep, 2016
Features
Create a pkg-config file for libunbound in contrib.
TCP Fast open patch from Sara Dickinson.
Finegrained localzone control with define-tag, access-control-tag, access-control-tag-action, access-control-tag-data, local-zone-tag, and local-zone-override. And added types always_transparent, always_refuse, always_nxdomain with that.
If more than half of tcp connections are in use, a shorter timeout is used (200 msec, vs 2 minutes) to pressure tcp for new connects.
[bugzilla: 787 ]
Fix #787: outgoing-interface netblock/64 ipv6 option to use linux freebind to use 64bits of entropy for every query with random local part.
For #787: prefer-ip6 option for unbound.conf prefers to send upstream queries to ipv6 servers.
Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e.
keep debug symbols in windows build.
Bug Fixes
[bugzilla: 778 ]
Fix unbound 1.5.9: -h segfault (null deref).
Fix unbound-anchor.exe file location defaults to Program Files with (x86) appended.
Fix to not ignore return value of chown() in daemon startup.
Better help text from -h (from Ray Griffith).
[bugzilla: 773 ]
Fix Non-standard Python location build failure with pyunbound.
Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures.
Revert fix for NetworkService account on windows due to breakage it causes.
Fix that windows install will not overwrite existing service.conf file (and ignore gui config choices if it exists).
And delete service.conf.shipped on uninstall.
In unbound.conf directory: dir immediately changes to that directory, so that include: file below that is relative to that directory. With chroot, make the directory an absolute path inside chroot.
do not delete service.conf on windows uninstall.
document directory immediate fix and allow EXECUTABLE syntax in it on windows.
Fix directory: fix for unbound-checkconf, it restores cwd.
Use QTYPE=A for QNAME minimisation.
Keep track of number of time-outs when performing QNAME minimisation. Stop minimising when number of time-outs for a QNAME/QTYPE pair is more than three.
[bugzilla: 775 ]
Fix unbound-host and unbound-anchor crash on windows, ignore null delete for wsaevent.
Fix spelling in freebind option man page text.
Fix windows link of ssl with crypt32.
[bugzilla: 779 ]
Fix Union casting is non-portable.
[bugzilla: 780 ]
Fix MAP_ANON not defined in HP-UX 11.31.
[bugzilla: 781 ]
Fix prealloc() is an HP-UX system library call.
Decrease dp attempts at each QNAME minimisation iteration
[bugzilla: 784 ]
Fix Build configure assumess that having getpwnam means there is endpwent function available.
Updated repository with newer flex and bison output.
Fix static compile on windows missing gdi32.
Fix dynamic link of anchor-update.exe on windows.
Fix detect of mingw for MXE package build.
Fixes for 64bit windows compile.
[bugzilla: 788 ]
Fix for nettle 3.0: Failed to build with Nettle >= 3.0 and --with-libunbound-only --with-nettle.
Fixed unbound.doxygen for 1.8.11.
[bugzilla: 798 ]
Fix Client-side TCP fast open fails (Linux).
[bugzilla: 801 ]
Fix missing error condition handling in daemon_create_workers().
[bugzilla: 802 ]
Fix workaround for function parameters that are "unused" without log_assert.
[bugzilla: 803 ]
Fix confusing (and incorrect) code comment in daemon_cleanup().
[bugzilla: 806 ]
Fix wrong comment removed.
use sendmsg instead of sendto for TFO.
[bugzilla: 807 ]
Fix workaround for possible some "unused" function parameters in test code, from Jinmei Tatuya.
Note that OPENPGPKEY type is RFC 7929.
[bugzilla: 804 ]
Fix #804: unbound stops responding after outage. Fixes queries that attempt to wait for an empty list of subqueries.
Fix for #804: lower num_target_queries for iterator also for failed lookups.
[bugzilla: 820 ]
Fix set sldns_str2wire_rr_buf() dual meaning len parameter in each iteration in find_tag_datas().
[bugzilla: 777 ]
Fix OpenSSL 1.1.0 compatibility, patch from Sebastian A. Siewior.
RFC 7958 is now out, updated docs for unbound-anchor.
Fix for compile without warnings with openssl 1.1.0.
[bugzilla: 826 ]
Fix refuse_non_local could result in a broken response.
iana portlist update.
Fix compile with openssl 1.1.0 with api=1.1.0.
[bugzilla: 829 ]
Fix doc of sldns_wire2str_rdata_buf() return value has an off-by-one typo, from Jinmei Tatuya (Infoblox).
Fix incomplete prototypes reported by Dag-Erling Smørgrav.
[bugzilla: 828 ]
Fix missing type in access-control-tag-action redirect results in NXDOMAIN.
Take configured minimum TTL into consideration when reducing TTL to original TTL from RRSIG.
[bugzilla: 831 ]
Fix workaround for spurious fread_chk warning against petal.c
Silenced flex-generated sign-unsigned warning print with gcc diagnostic pragma.
Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len.
fix potential memory leak in daemon/remote.c and nullpointer dereference in validator/autotrust.
[bugzilla: 883 ]
Fix error for duplicate local zone entry.
[bugzilla: 835 ]
Fix --disable-dsa with nettle verify.
2018-02-06 02:39:25 +00:00
christos
fbfb70ad60 merge conflicts 2018-02-06 01:57:23 +00:00
christos
648e71e52f OpenLDAP 2.4.45 Release (2017/06/01)
Added slapd support for OpenSSL 1.1.0 series (ITS#8353, ITS#8533, ITS#8634)
	Fixed libldap to fail ldap_result if the handle is already bad (ITS#8585)
	Fixed libldap to expose error if user specified CA doesn't exist (ITS#8529)
	Fixed libldap handling of Diffie-Hellman parameters (ITS#7506)
	Fixed libldap GnuTLS use after free (ITS#8385)
	Fixed libldap SASL initialization (ITS#8648)
	Fixed slapd bconfig rDN escape handling (ITS#8574)
	Fixed slapd segfault with invalid hostname (ITS#8631)
	Fixed slapd sasl SEGV rebind in same session (ITS#8568)
	Fixed slapd syncrepl filter handling (ITS#8413)
	Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS#8432)
	Fixed slapd callback struct so older modules without writewait should function.
                    Custom modules may need to be updated for sc_writewait callback (ITS#8435)
	Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS#8576)
	Fixed slapd-mdb so it passes ITS6794 regression test (ITS#6794)
	Fixed slapd-mdb double free with size zero paged result (ITS#8655)
	Fixed slapd-meta uninitialized diagnostic message (ITS#8442)
	Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS#8423)
	Fixed slapo-accesslog with multiple modifications to the same attribute (ITS#6545)
	Fixed slapo-relay to correctly initialize sc_writewait (ITS#8428)
	Fixed slapo-sssvlv double free (ITS#8592)
	Fixed slapo-unique with empty modifications (ITS#8266)
	Build Environment
		Added test065 for proxyauthz (ITS#8571)
		Fix test008 to be portable (ITS#8414)
		Fix test064 to wait for slapd to start (ITS#8644)
		Fix its4336 regression test (ITS#8534)
		Fix its4337 regression test (ITS#8535)
		Fix regression tests to execute on all backends (ITS#8539)
	Contrib
		Added slapo-autogroup(5) man page (ITS#8569)
		Added passwd missing conversion scripts for apr1 (ITS#6826)
		Fixed contrib modules where the writewait callback was not correctly initialized (ITS#8435)
		Fixed smbk5pwd to build with newer OpenSSL releases (ITS#8525)
	Documentation
		admin24 fixed tls_cipher_suite bindconf option (ITS#8099)
		admin24 fixed typo cn=config to be slapd.d (ITS#8449)
		admin24 fixed slapo-syncprov information to be curent (ITS#8253)
		admin24 fixed typo in access control docs (ITS#7341, ITS#8391)
		admin24 fixed minor typo in tuning guide (ITS#8499)
		admin24 fixed information about the limits option (ITS#7700)
		admin24 fixed missing options for syncrepl configuration (ITS#7700)
		admin24 fixed accesslog documentation to note it should not be replicated (ITS#8344)
		Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS#7177)
		Fixed ldapsearch(1) information on the V[V] flag behavior (ITS#7177, ITS#6339)
		Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for refreshAndPersist (ITS#8538)
		Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS#8635)
		Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS#8123)
		Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS#8565)
		Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS#8613)
		Fixed slapo-syncprov(5) documentation to be current (ITS#8253)
		Fixed slapadd(8) manpage to note slapd-mdb (ITS#8215)
		Fixed various minor grammar issues in the man pages (ITS#8544)
		Fixed various typos (ITS#8587)
2018-02-06 01:53:05 +00:00
mrg
6b182040a5 missing in previous:
mknative gcc 6.4 and powerpc / earmv4.
2018-02-05 22:11:42 +00:00
mrg
9dd74e3a6c mknative gcc 6.4 and powerpc / earmv4. earmv4 seems to work.
powerpc not properly tested yet, but builds.
2018-02-05 22:06:44 +00:00
mrg
85028157d6 - enable powerpc and arm support.
- port GetPcSpBp() to netbsd/powerpc* and netbsd/arm.
2018-02-05 22:04:54 +00:00
christos
95741dd42e undo previous. 2018-02-05 12:13:54 +00:00
martin
cf29848b33 Adapt the version hack for openssl provided inline functions: openssl 1.0.2k
already provides the colliding definitions.
2018-02-05 10:46:19 +00:00
martin
cd829b9d79 Try to fix the build: OpenSSL 1.0.2k already has the EVP inline functions. 2018-02-05 10:26:06 +00:00
mrg
b8a26bd00d more mknative-gcc 6.5 for sparc, sparc64 and amd64. 2018-02-05 06:13:33 +00:00
christos
e7011cce36 optval is int not long 2018-02-04 20:38:41 +00:00
mrg
b3953390c8 regen mknative-gcc 6.4 and amd64. 2018-02-04 20:22:42 +00:00
mrg
51502cf62d updates for GCC 6.4:
- remove many _DIAGASSERT() checks against not NULL for functions
  with arguments with nonnull attributes.  (probably more to come,
  the set between x86 and sparc us disjoint.)

- port libsanitizer's GetPcSpBp() to sparc, sparc64 and amd64.
2018-02-04 20:22:17 +00:00
mrg
9f0e9a55d9 make libbackend.a build and fix the libcommon.a sources list.
now all the gcc parts link.
2018-02-04 10:16:07 +00:00
mrg
41868f0d0a partial work-in-progress to build GCC 6.4 natively:
- use -std=gnu++98 by default.
- add build support for new GCC generators, etc.
- regen i386 mknative files.
2018-02-04 09:22:03 +00:00
mrg
b9c2640a34 fix GCC 6.4 issues (finally a couple that aren't actual bugs,
but only weird code?):

amd's amfs_program_exec() has a missing {} issue.

flex's check_options() has odd inconsistent identation that
trips the new ident checker.

ntpd's oncore_check_leap_sec() and oncore_set_traim() have
missing {} issues.

sntp's optionLoadNested() an identation weirdness that
trips the new ident checker.

vi's cl_attr() has a wrong {} issue, and its vs_paint() has
an identation weirdness that trips the new ident checker.
2018-02-04 09:15:44 +00:00
maya
7c604edb4c Merge pkg_install-20171030
Bump version to 20171030 for netpgpverify fixes.
Add zsh to default_acceptable_licenses.
Undef bootstrap hack.

Fix OpenSSL 1.1.0 build
OpenSSL 1.1.0 makes xkusage and ex_flags opaque.
Use X509_check_ca rather than a custom and nearly identical implementation.
This is available since OpenSSL 0.9.8 (even in RHEL5).
This is also done because we cannot implement it identically under
OpenSSL 1.1.0 due to missing getters.
Test EXFLAG_XKUSAGE rather than zero xkusage test no usage to avoid openssl
1.1.0 getter returning a different code on this case.
Use getter for xkusage in the non-zero test case.
Provide fallback definitions for getters.

PR pkg/52298, PR pkg/52648
2018-02-04 09:00:51 +00:00
maya
34c9ee37a0 Import pkg_install-20171030 2018-02-04 08:20:39 +00:00
mrg
07967fb18a apply __attribute__((__used__)) for rcsid, etc. 2018-02-04 08:19:42 +00:00
christos
bdb24028e2 split out the child runner. 2018-02-04 03:37:59 +00:00
christos
0c048d5af5 switch everyone to openssl.old 2018-02-04 03:19:51 +00:00
mrg
d3af2a8373 ATF needs C++98 for now, and GCC 6.4 defaults to C++11.
fix a problem -Werror=misleading-indentation found but has zero
effect on the running code.
2018-02-04 01:41:05 +00:00
mrg
3d95d37864 mknative-gcc for alpha, earm, i386, mips64eb, powerpc, sparc,
sparc64, and x86-64.  tree does not fully build yet, however.
2018-02-04 01:17:40 +00:00
mrg
600075ca82 updates for GCC 6.4. 2018-02-04 01:16:32 +00:00
mrg
1df0d34461 fixes to build the sanitizer files. not tested, but builds. 2018-02-04 01:14:42 +00:00
mrg
af3c0cd56d updates for GCC 6.4: add gcc-6 specific headers, combine some
all-gcc files, bump the shlib versions on new libs.
2018-02-03 21:27:45 +00:00
mrg
c57c37fb6b updates for GCC 6.4.0:
- we install version specific headers into gcc-6.
- add missing include path for i386/cpuinfo.c.
- fix compile time warnings in libobjc/encoding.c
- adjust c++98/compatibility.cc to use a visible header
- Makefile.hacks gains a hack for x86 and insn-constants.h.  (should
  try to figure out how to build this earlier.)
- libgomp missing priority_queue.c (switch to mknative pulling it out?).
- build a libstdc++ version file and use it.
- fix the handling of -std= to default the same as normal builds.
2018-02-03 19:27:15 +00:00
mrg
bc903b6f5b install into gcc-6 subdir. 2018-02-02 20:57:53 +00:00
mrg
f313166862 updates to make it at least build in tools/gcc:
- fix -fdelete-null-pointer-checks default (needs more inspection)
- revert unnecessary local changes in gcc.h, system.h and freebsd-spec.h
- fix local changes to invoke.texi
- update man and info pages
- fix a typo in unwind-seh.c
2018-02-02 20:45:19 +00:00
mrg
cdbfa754b1 merge GCC 6.4.0. sanitizer stuff is probably busted, but most
other changes merged easily.

docs need to be regenerated with modern versions still.
2018-02-02 03:41:02 +00:00
mrg
f9a78e0e88 import GCC 6.4.0. see this url for details which are too large to
include here:

   http://gcc.gnu.org/gcc-6/changes.html

the main visible changes appear to be:

- The default mode for C++ is now -std=gnu++14 instead of -std=gnu++98.
- The C and C++ compilers now support attributes on enumerators.
- Diagnostics can now contain "fix-it hints"
- more warnings (some added to -Wall)
2018-02-02 01:58:35 +00:00
mrg
6d188dd0d7 convert HAVE_GCC handling to modern GCC release numbering:
- HAVE_GCC=5 is now the default (vs. HAVE_GCC=53 we've been using for
  GCC 5.4 and GCC 5.5.)
- remove some more GCC 4.8 code.  we don't support GCC 4 here.
- adjust set lists to gcc=5 from gcc=53.

add some basic HAVE_GCC=6 handling (totally unused so far.)
2018-02-02 01:02:39 +00:00
kamil
6c8e913a6f Install GCC (gcc) headers for Sanitizers
Sync this code with gcc.old.

PR 52265 by Kamil Rytarowski

Proposed and accepted on tech-toolchain@.

Sponsored by <The NetBSD Foundation>
2018-02-01 21:10:46 +00:00
kamil
413e439cd5 Install GCC (gcc.old/) headers for Sanitizers
Install:
 - allocator_interface.h
 - asan_interface.h
 - common_interface_defs.h
 - tsan_interface_atomic.h

Into:
 - /usr/include/gcc-5/sanitizer

Note headers in a comment headers for introduction in future:
 - dfsan_interface.h
 - lsan_interface.h
 - msan_interface.h

Skip a file that will never be relevant on NetBSD:
 - linux_syscall_hooks.h

PR 52265 by Kamil Rytarowski

Proposed and accepted on tech-toolchain@.

Sponsored by <The NetBSD Foundation>
2018-02-01 20:50:22 +00:00
christos
af5b018293 add a diff for smtpd 2018-02-01 03:32:31 +00:00
christos
ab311767f7 give one more reply to the client before we potentially block it. 2018-02-01 03:32:00 +00:00
christos
214a024004 Add support for blacklistd. 2018-02-01 03:29:41 +00:00
roy
d20bb8f953 Sync 2018-01-29 11:13:06 +00:00
roy
10383d8fc1 Import dhcpcd-7.0.1 with the following changes:
*  hooks: remove use of local builtin for better portability
*  dhcpcd: don't log errors working out carrier for departed interfaces
*  ipv4: allow configuration of static broadcast address
*  if: don't set MTU during interface discovery
*  if: don't activate non matching interfaces to commandline ones
*  eloop-bench: fix hangs when using a large number of cycles
*  dhcp: don't bind when we've just probed an address to inform
2018-01-29 11:11:22 +00:00
kre
8aab451628 Merge tzdata2018c 2018-01-24 13:52:47 +00:00
kre
35c0382b5f Import tzdata2018c from ftp://ftp.iana.org/tz/releases/tzdata2018c.tar.gz
Summary of changes in tzdata2018c (2018-01-22 23:00:44 -0800):
Summary of changes in tzdata2018b (2018-01-17 23:24:48 -0800):
Summary of changes in tzdata2018a (2018-01-12 22:29:21 -0800):

	2018a and 2018b were (kind of) released, but never announced.
	Some "issues" were found with them that caused the relatively
	quick updates...

	The updates are from the previous version (2017c) to the
	current one (2018c) - that 2018a & 2018b intervened is best
	forgotten... (changes in 2018a that were corrected (2018b) or
	reverted (2018c) are not mentioned).

  Briefly:

     Sao Tome and Principe (An island nation off west coast of Equatorial Africa)
     switched from +00 to +01.

     Brazil's DST will now start on November's first Sunday.

     Use Debian-style installation locations, instead of 4.3BSD-style.
	(this does not affect NetBSD, we do not use the tzdata Makefile)

  Changes to past and future time stamps

    Sao Tome and Principe switched from +00 to +01 on 2018-01-01 at
    01:00.  (Thanks to Steffen Thorsen and Michael Deckers.)

  Changes to future time stamps

    Starting in 2018 southern Brazil will begin DST on November's
    first Sunday instead of October's third Sunday.  (Thanks to
    Steffen Thorsen.)

  Changes to past time stamps

    Japanese DST transitions (1948-1951) were Sundays at 00:00, not
    Saturdays or Sundays at 02:00.  (Thanks to Takayuki Nikai.)

    A discrepancy of 4 s in timestamps before 1931 in South Sudan has
    been corrected.  The 'backzone' and 'zone.tab' files did not agree
    with the 'africa' and 'zone1970.tab' files.  (Problem reported by
    Michael Deckers.)

    The abbreviation invented for Bolivia Summer Time (1931-2) is now
    BST instead of BOST, to be more consistent with the convention
    used for Latvian Summer Time (1918-9) and for British Summer Time.
2018-01-24 13:51:56 +00:00
skrll
ac34435581 Remove port-acorn26
OK core@
2018-01-24 09:04:40 +00:00
christos
177e5524a5 make lint compile again. 2018-01-17 06:10:27 +00:00
christos
19e9df2ac8 remove Documents before import. 2018-01-14 22:51:12 +00:00
christos
5d4f18293e Add -I 2018-01-14 20:16:04 +00:00
christos
8307bba0ea resolve conflicts 2018-01-14 20:04:55 +00:00
christos
18d6f1d293 import latest version 2018-01-14 19:40:50 +00:00
christos
a7f8f91557 merge conflicts 2018-01-14 19:37:35 +00:00
christos
1ea71b3ac3 import latest mDNSResponder 2018-01-14 18:43:01 +00:00
uwe
eff95422ee Copy-paste a .Dx macro for DragonFly (from .Ox) and add a couple of
FreeBSD versions to make autofs(5) man pages cleanly format with groff.
2018-01-14 03:33:10 +00:00
christos
2ff51f0c66 Add the NONE/WIRED drivers. 2018-01-14 03:05:06 +00:00
uwe
47d66394b3 Fix trailing whitespace. 2018-01-13 14:00:50 +00:00
christos
8ffa3f42a9 Add one more file, still does not build. 2018-01-09 01:51:20 +00:00
christos
09767d34a5 Redo the previous alpha change differently (don't add a new file since we need
ifdefs anyway), and regen.
2018-01-08 18:56:20 +00:00
jmcneill
42e59c75c3 Add nvidia-firmware to SUBDIR 2018-01-08 11:05:02 +00:00
christos
00e542777c regen 2018-01-08 04:00:31 +00:00
christos
5d02074f2c don't do anything for NetBSD 2018-01-08 04:00:00 +00:00
christos
28a88be5e0 add a netbsd-specific alpha target to handle thread initialization. 2018-01-08 03:07:16 +00:00
jmcneill
a5c866b6cf Import NVIDIA Tegra XUSB firmware for Tegra124 and Tegra210. Installation
of this firmware is controlled by the MKTEGRAFIRMWARE option, which
defaults to yes on evbarm and evbarm64 and no everywhere else.
2018-01-07 20:59:24 +00:00
christos
bacfdb6969 add casts 2018-01-07 20:02:52 +00:00
christos
13c9c3f43b pass the lwp for the register calls. 2018-01-01 16:28:14 +00:00
roy
094d397286 Sync 2018-01-01 11:50:56 +00:00
roy
d92ae095f2 Import dhcpcd-7.0.0 with the following changes:
*  dhcp: when unicasting on L3, unicast on L2 as well
  *  dhcp: when rebooting, don't set cidaddr
  *  dhcp6: don't listen on IPv6 addresses when not using DHCPv6
  *  dhcp: only set probe state when probing (fixes REBOOT reason)
  *  ipv6: disable kernel RA if interface is active
  *  hooks: set protocol to link for link layer events
2018-01-01 11:48:51 +00:00
christos
7eaaf56ed8 add trivial handling for DW_ATE_UTF, does not work. 2017-12-31 03:08:49 +00:00
christos
64ad8045f2 remove unused code
XXX: we should remove this from all archs
2017-12-27 19:20:41 +00:00
christos
49bcf0f386 one more place to pass the thread id 2017-12-27 19:20:04 +00:00