external/bsd/fetch/dist/libfetch/common.c: revision 1.3
external/bsd/fetch/dist/libfetch/common.c: revision 1.4
Use SNI.
Shut down SSL when closing connection.
sys/nfs/nfs_serv.c: revision 1.184
sys/nfs/nfs_srvsubs.c: revision 1.17
sys/nfs/nfsm_subs.h: revision 1.56
sys/nfs/nfsm_subs.h: revision 1.57
nfs: Use unsigned fhlen so we don't trip over negative values.
nfs: Avoid integer overflow in nfs_namei bounds check.
nfs: Use unsigned name lengths so we don't trip over negative ones.
- nfsm_strsiz is only used with uint32_t in callers, but let's not
leave it as a rake to step on.
- nfsm_srvnamesiz is abused with signed s. The internal conversion
to unsigned serves to reject both negative and too-large values in
such callers.
XXX Should make all callers use unsigned, rather than flipping back
and forth between signed and unsigned for name lengths.
nfs: Avoid free of uninitialized on bad name size in create, mknod.
XXX These error branches are a nightmare and need to be more
systematically cleaned up. Even if they are correct now, they are
impossible to audit and extremely fragile in case anyone ever needs
to make other changes to them.
distrib/amiga/stand/xdevtostream.uue: revision 1.1
distrib/amiga/stand/device-streams-2.2.1.lha.uue: revision 1.1
distrib/amiga/stand/rdbinfo.uue: revision 1.2
distrib/amiga/stand/device-streams.tar.gz.uue: file removal
distrib/amiga/stand/Makefile: revision 1.6
distrib/amiga/stand/device-streams-2.2.1-src.tar.gz.uue: revision 1.1
distrib/amiga/stand/device-streams.README.md: revision 1.1
distrib/amiga/stand/update: revision 1.1
distrib/amiga/stand/xstreamtodev.uue: revision 1.2
Update device-streams binaries from Roc Valles
- Split device-streams.tar.gz.uue into seperate source and
binaries device-streams-2.2.1-src.tar.gz and device-streams-2.2.1.lha
to match upstream
- Add device-streams.README.md from upstream
- Add simple 'update' script to help updating next time
- Binaries now avoid 32 bit file offset issues (they use 64 bit
offsets where supported, and otherwise avoid corrupting data due
to 32 bit limits)
- Binaries now built with updated bebbo/amiga-gcc toolchain
Pullup: netbsd-10, netbsd-9 and possibly netbsd-8
sys/netinet6/raw_ip6.c: revision 1.183 (via patch)
sys/netinet6/ip6_output.c: revision 1.233
in6: reject setting negative values but -1 via setsockopt(IPV6_CHECKSUM)
Same as OpenBSD.
in6: make sure a user-specified checksum field is within a packet
From OpenBSD
build.sh: revision 1.366 via patch
Avoid the dependency on a populated tooldir (or building the tools)
when simply doing mkrepro-timestamp and the current repository setups
does not actually require it.
sys/kern/vfs_syscalls.c: revision 1.557
open(2): Don't map ERESTART to EINTR.
If a file or device's open function returns ERESTART, respect that --
restart the syscall; don't pretend a signal has been delivered when
it was not. If an SA_RESTART signal was delivered, POSIX does not
allow it to fail with EINTR:
SA_RESTART
This flag affects the behavior of interruptible functions;
that is, those specified to fail with errno set to [EINTR].
If set, and a function specified as interruptible is
interrupted by this signal, the function shall restart and
shall not fail with [EINTR] unless otherwise specified. If
an interruptible function which uses a timeout is restarted,
the duration of the timeout following the restart is set to
an unspecified value that does not exceed the original
timeout value. If the flag is not set, interruptible
functions interrupted by this signal shall fail with errno
set to [EINTR].
https://pubs.opengroup.org/onlinepubs/9699919799/functions/sigaction.html
Nothing in the POSIX definition of open specifies otherwise.
In 1990, Kirk McKusick added these lines with a mysterious commit
message:
Author: Kirk McKusick <mckusick>
Date: Tue Apr 10 19:36:33 1990 -0800
eliminate longjmp from the kernel (for karels)
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 7bc7b39bbf..d572d3a32d 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -14,7 +14,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * @(#)vfs_syscalls.c 7.42 (Berkeley) 3/26/90
+ * @(#)vfs_syscalls.c 7.43 (Berkeley) 4/10/90
*/
#include "param.h"
@@ -530,8 +530,10 @@ copen(scp, fmode, cmode, ndp, resultfd)
if (error = vn_open(ndp, fmode, (cmode & 07777) &~ S_ISVTX)) {
crfree(fp->f_cred);
fp->f_count--;
- if (error == -1) /* XXX from fdopen */
- return (0); /* XXX from fdopen */
+ if (error == EJUSTRETURN) /* XXX from fdopen */
+ return (0); /* XXX from fdopen */
+ if (error == ERESTART)
+ error = EINTR;
scp->sc_ofile[indx] = NULL;
return (error);
}
(found via this git import of the CSRG history:
cce2869b7a
This change appears to have served two related purposes:
1. The fdopen function (the erstwhile open routine for /dev/fd/N)
used to return -1 as a hack to mean it had just duplicated the fd;
it was recently changed by Mike Karels, in kern_descrip.c 7.9, to
return EJUSTRETURN, now defined to be -2, presumably to avoid a
conflict with ERESTART, defined to be -1. So this change finished
part of the change by Mike Karels to use a different magic return
code from fdopen.
Of course, today we use still another disgusting hack, EDUPFD, for
the same purpose, so none of this is relevant any more.
2. Prior to April 1990, the kernel handled signals during tsleep(9)
by longjmping out to the system call entry point or similar. In
April 1990, Mike Karels worked to convert all of that into
explicit unwind logic by passing through EINTR or ERESTART as
appropriate, instead of setjmp at each entry point.
However, it's not clear to me why this setjmp/longjmp and
fdopen/-1/EJUSTRETURN renovation justifies unconditional logic to map
ERESTART to EINTR in open(2). I suspect it was a mistake.
In 2013, the corresponding logic to map ERESTART to EINTR in open(2)
was removed from FreeBSD:
r246472 | kib | 2013-02-07 14:53:33 +0000 (Thu, 07 Feb 2013) | 11 lines
Stop translating the ERESTART error from the open(2) into EINTR.
Posix requires that open(2) is restartable for SA_RESTART.
For non-posix objects, in particular, devfs nodes, still disable
automatic restart of the opens. The open call to a driver could have
significant side effects for the hardware.
Noted and reviewed by: jilles
Discussed with: bde
MFC after: 2 weeks
Index: vfs_syscalls.c
===================================================================
--- vfs_syscalls.c (revision 246471)
+++ vfs_syscalls.c (revision 246472)
@@ -1106,8 +1106,6 @@
goto success;
}
- if (error == ERESTART)
- error = EINTR;
goto bad;
}
td->td_dupfd = 0;
https://cgit.freebsd.org/src/commit/sys/kern/vfs_syscalls.c?id=2ca49983425886121b506cb5126b60a705afc38c">https://cgit.freebsd.org/src/commit/sys/kern/vfs_syscalls.c?id=2ca49983425886121b506cb5126b60a705afc38c
It's not clear to me that there's any reason to treat device nodes
specially here; in fact, if a driver's .d_open routine sleeps and is
woken by a concurrent revoke without a signal pending or with an
SA_RESTART signal pending, it is wrong for it to fail with EINTR.
But it MUST restart the whole system call rather than continue
sleeping in a loop or just exit the loop and continue to open,
because it is mandatory in the security model of revoke for open(2)
to retry the permissions check at that point.
PR kern/57260
sys/dev/ata/satavar.h: revision 1.10
sys/dev/ata/sata_subr.c: revision 1.24
split the port status reporting to new function sata_interpret_det()
so it can be called separately from sata_reset_interface()
do not treat PHY offline as an error, it's pretty normal when there
is no device actually connected
debugging aid for PR kern/52372
sys/kern/subr_prf.c: revision 1.171
Make identification of accounted aprint_error()s possible by putting a
big ugly "autoconfiguration error: " in the log when they occur.
sys/arch/amiga/stand/loadbsd/loadbsd.c: revision 1.37
distrib/amiga/stand/loadbsd.uue: revision 1.3
sys/arch/amiga/stand/loadbsd/Makefile: revision 1.4
sys/arch/amiga/stand/loadbsd/README: revision 1.5
Update loadbsd source and distribution binary to version 3.2.
Including the following changes by Gunther Nikl:
- Added detection of A600.
- Fix handling of multiple -n options.
Make it compile with recent AmigaOS gcc ports (for example gcc6), as
older ports no longer work with current NetBSD header files.
etc/ssh/Makefile: revision 1.4
usr.bin/mail/Makefile: revision 1.41
external/ibm-public/postfix/etc/Makefile: revision 1.2
etc/bluetooth/Makefile: revision 1.6
crypto/external/bsd/openssh/bin/Makefile: revision 1.5
etc/root/Makefile: revision 1.5
etc/iscsi/Makefile: revision 1.4
/root: Install .cshrc and .profile links with the same mode.
Previously we would:
1. Install /root/.cshrc and /root/.profile with mode FILESMODE=644 as
requested in src/etc/root/Makefile and as echoed in
/etc/mtree/special.
2. Create hard links at /.cshrc and /.profile through CONFIGLINKS.
3. Because LINKSMODE was unset and defaults to NOBINMODE=444, change
the mode to 444.
This scenario is confusing, and mtree objects to it, which is bad for
warning fatigue in a security-relevant mechanism. (There are also
several other files mtree objects to out of the box -- we should fix
those too.)
With this change we install the links with the same mode as the
original files, in agreement with the mtree. The files, .cshrc and
.profile, are intended to be editable configuration files, so 644
makes sense while 444 makes no sense and gets in the way of editors
like vi.
Discussed on tech-userlevel:
https://mail-index.netbsd.org/tech-userlevel/2022/08/29/msg013498.html
etc: Fix permissions of various editable configuration files.
This way they match the mtree and make sense and don't cause editors
to ask to override read-only files when editing them.
Exception: Not sure /etc/bluetooth/protocols makes as much sense to
edit, but the mtree says 644, so if you want to change it, make sure
to change it in both places -- Makefile and mtree.
/etc/ssh: Install ssh_known_hosts with mode 644.
Makes it agree with the mtree and more convenient for admin to edit.
sys/arch/x86/x86/efi_machdep.c: revision 1.3
(applied to sys/arch/x86/x86/efi.c)
x86/efi: Print uuids in slightly more standard notation.
Anyone need a spare hyphen? We had a few extras, apparently.
tests/lib/libc/string/t_swab.c: revision 1.3
lib/libc/string/swab.c: revision 1.20
swab(3): Rewrite this to be understandable.
And make the tests work, and exercise all lengths up to 100.
Evidently the previous definition, presumably tightly optimized for
1980s-era compilers and CPUs, was too hard to understand, because it
was incorrectly tested for two decades and broken for years.
PR lib/57141
sys/dev/pci/files.pci 1.442
sys/dev/pci/ixgbe/ix_txrx.c 1.99-1.100
sys/dev/pci/ixgbe/ixgbe.c 1.320-1.324 via patch
sys/dev/pci/ixgbe/ixgbe_82598.c 1.19
sys/dev/pci/ixgbe/ixgbe_api.c 1.28
sys/dev/pci/ixgbe/ixgbe_common.c 1.43
sys/dev/pci/ixgbe/ixgbe_netbsd.h 1.17
sys/dev/pci/ixgbe/ixv.c 1.183
- Add an option for Tx to use deferred softint regardless of whether
can get txq lock or not. It's off by default.
- Call txeof first, then rxeof for the consistency.
- Make three "Unsupported SFP+ module..." messages the same.
- KNF. Modify comment. Fix typo.
usr.bin/locate/locate/updatedb.sh: revision 1.18
locate.updatedb: Add -- to the invocation of locate.code
A bigram can start with a dash/minus, don't let getopt misinterpret it
as an option.
From Hakan Engvall in PR misc/57191
lib/libc/gen/err.3: revision 1.23
Add errc() and verrc() to the list of functions which do not return,
but exit() instead.
This was omitted when the *c() set of functions were added in 2014.
lib/libc/locale/setlocale.3: revision 1.22
lib/libc/locale/setlocale.3: revision 1.23
setlocale.3: minor updates to reflect the current implementation
Reflect a couple of amendments noted by John Marino on tech-userlevel:
https://mail-index.netbsd.org/tech-userlevel/2021/10/19/msg013091.html
setlocale.3: Reflect state of NetBSD locale support in the 21st century
Don't use LC_COLLATE in a real code example, since a real call to set
LC_COLLATE will fail. Mention this.
Inconsistencies noticed by khw on IRC.
bin/sh/miscbltin.c: revision 1.51
bin/sh/miscbltin.c: revision 1.52
PR bin/56972 Fix escape ('\') handling in sh read builtin.
In 1.35 (March 2005) (the big read fixup), most escape handling and IFS
processing in the read builtin was corrected. However 2 cases were missed,
one is a word (something to be assigned to any variable but the last) in
which every character is escaped (the code was relying on a non-escaped char
to set the "in a word" status), and second trailing IFS whitespace at
the end of the line was being deleted, even if the chars had been escaped
(the escape chars are no longer present).
See the PR for more details (including the case that detected the problem).
After fixing this, I looked at the FreeBSD code (normally might do it
before, but these fixes were trivial) to check their implementation.
Their code does similar things to ours now does, but in a completely
different way, their read builtin is more complex than ours needs to
be (they handle more options). For anyone tempted to simply incorporate
their code, note that it relies upon infrastructure changes elsewhere
in the shell, so would not be a simple cut and drop in exercise.
This needs pullups to -3 -4 -5 -6 -7 -8 and -9 (fortunately this is
happening before -10 is branched, so will never be broken this way there).
-
Don't output the error for bad usage (no var name given)
after already writing the prompt (set with the -p option).
That results in nonsense like:
$ read -p foo
fooread: arg count
While here, improve the error message so it means something.
Now we will get:
$ read -p foo
read: variable name required
Usage: read [-r] [-p prompt] var...
[Detected by code reading while doing the work for the previous fix]
sys/netinet6/frag6.c: revision 1.76
frag6: don't use spin mutex for frag6_lock
frag6_lock is held during sending a packet (icmp6_error), so we must
not use a spin mutex because we can acquire sleep locks on sending
a packet.
Also we don't need to use spin mutex for frag6_lock anymore because
frag6_lock is now not used from hardware interrupt context.
in ticket #1777:
external/public-domain/tz/dist/SECURITY up to 1.1.1.1
external/public-domain/tz/dist/CONTRIBUTING up to 1.1.1.7
external/public-domain/tz/dist/Makefile up to 1.1.1.33
external/public-domain/tz/dist/NEWS up to 1.1.1.38
external/public-domain/tz/dist/README up to 1.1.1.10
external/public-domain/tz/dist/TZDATA_VERSION up to 1.30
external/public-domain/tz/dist/africa up to 1.1.1.28
external/public-domain/tz/dist/antarctica up to 1.1.1.15
external/public-domain/tz/dist/asia up to 1.5
external/public-domain/tz/dist/australasia up to 1.5
external/public-domain/tz/dist/backward up to 1.5
external/public-domain/tz/dist/backzone up to 1.1.1.23
external/public-domain/tz/dist/calendars up to 1.1.1.2
external/public-domain/tz/dist/checktab.awk up to 1.1.1.11
external/public-domain/tz/dist/etcetera up to 1.1.1.6
external/public-domain/tz/dist/europe up to 1.1.1.34
external/public-domain/tz/dist/leap-seconds.list up to 1.4
external/public-domain/tz/dist/leapseconds up to 1.4
external/public-domain/tz/dist/northamerica up to 1.1.1.30
external/public-domain/tz/dist/southamerica up to 1.1.1.20
external/public-domain/tz/dist/theory.html up to 1.1.1.15
external/public-domain/tz/dist/version up to 1.5
external/public-domain/tz/dist/ziguard.awk up to 1.1.1.9
external/public-domain/tz/dist/zishrink.awk up to 1.1.1.8
external/public-domain/tz/dist/zone.tab up to 1.1.1.22
external/public-domain/tz/dist/zone1970.tab up to 1.1.1.23
distrib/sets/lists/base/mi (apply patch)
doc/3RDPARTY (apply patch)
Updata tzdata to 2022e.
martin