notification of a failed auth attempt, and a notification of a
successful auth attempt.
Implements a third option - notification of abusive behavior, and
accepts, but does not act on a forth type - "bad username". It is
envisioned that a system administrator will configure a small list
of "known bad usernames" that should be blocked immediately.
From Kurt Lidl @ FreeBSD
they end up mis-ordering tm files.
revert the rs6000/netbsd64.h change and put it back as
SUBSUBTARGET_EXTRA_SPECS.
this seems to make the build work again, though mknative will
need a re-run for ppc*.
so that assembly specs get propagated (they were lost before)
- adjust the block register padding (like the other OS's) so that code compiles
- XXX: linker still broken for shared libraries because the os specific spec
is not chosen
PR port-alpha/54307.
If rtree.c and tcache.c are compiled with -O0, userland just works
without problems as far as I can see. Alternately, you can specify
-DJEMALLOC_DEBUG to avoid random crash. Smells like compiler bug,
or wrong coding which relies on some undefined behavior.
Anyway, we need to pull this up into netbsd-9 asap.
it -O0. The tm argument gets passed in as non-null and it is non-null after
the command execution, but then becomes null and causes a null dereference.
libsanitizer needs to match with the compiler concept of
TARGET_ASAN_SHADOW_OFFSET, since the compiler generates instructions
to access memory at that offset in the code, and expects the
sanitizer library to have mapped something there. If there is
disagreement, Mr. Segmentation Fault comes and resolves it for you.
Remove const from the 2nd argument.
const char ** and char ** are incompatible types and it was a cost to keep
the technically incompatible form for a more purist variation. NetBSD was
almost the last alive OS to still keep the const argument (known leftovers:
Minix and Illumos).
Keep the const form for the internal purposes inside citrus and rump.
Address the build breakage fallout in the same change.
There are no ABI changes.
Change accepted by core@.
5299. [security] A flaw in DNSSEC verification when transferring
mirror zones could allow data to be incorrectly
marked valid. (CVE-2019-6475) [GL #16P]
5298. [security] Named could assert if a forwarder returned a
referral, rather than resolving the query, when QNAME
minimization was enabled. (CVE-2019-6476) [GL #1051]
5297. [bug] Check whether a previous QNAME minimization fetch
is still running before starting a new one; return
SERVFAIL and log an error if so. [GL #1191]
5294. [func] Fallback to ACE name on output in locale, which does not
support converting it to unicode. [GL #846]
5293. [bug] On Windows, named crashed upon any attempt to fetch XML
statistics from it. [GL #1245]
5292. [bug] Queue 'rndc nsec3param' requests while signing inline
zone changes. [GL #1205]
--- 9.14.6 released ---
5289. [bug] Address NULL pointer dereference in rpz.c:rpz_detach.
[GL #1210]
5286. [contrib] Address potential NULL pointer dereferences in
dlz_mysqldyn_mod.c. [GL #1207]
5285. [port] win32: implement "-T maxudpXXX". [GL #837]
5283. [bug] When a response-policy zone expires, ensure that
its policies are removed from the RPZ summary
database. [GL #1146]
5282. [bug] Fixed a bug in searching for possible wildcard matches
for query names in the RPZ summary database. [GL #1146]
5281. [cleanup] Don't escape commas when reporting named's command
line. [GL #1189]
5280. [protocol] Add support for displaying EDNS option LLQ. [GL #1201]
5279. [bug] When loading, reject zones containing CDS or CDNSKEY
RRsets at the zone apex if they would cause DNSSEC
validation failures if published in the parent zone
as the DS RRset. [GL #1187]
have been converted to GCC_NO_FORMAT_TRUNCATION rather than
GCC_NO_STRINGOP_TRUNCATION which is what happened. This might unbreak
the build (olr at least get it further).
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
to copy the interface name. The kernel requires the interface to be NUL
terminated anyway and will fail with ENAMETOOLONG otherwise. Pointed out
by Robert Swindells.
* Fix carrier status after a route socket overflow
* Allow domain spaced options
* DHCP: Allow not sending Force Renew Nonce or Reconf Accept
* IPv4LL: Now passes Apple Bonjour test versions 1.4 and 1.5
* ARP: Fix a typo and remove pragma (thus working with old gcc)
* DHCP6: Fix a cosmetic issue with infinite leases
* DHCP6: SLA 0 and Prefix Len 0 will now add a delegatd /64 address
* Ignore some virtual interfaces such as Tap and Bridge by default
* BPF: Move validation logic out of BPF and back into dhcpcd
Summary of changes in tzdata2019c (2019-09-11 08:59:48 -0700):
Fiji observes DST from 2019-11-10 to 2020-01-12
Norfolk Island starts observing Australian-style DST
Plus historic corrections to time in Turkey (1940-85)
South Korea (1948-51) Detroit (US) (1967-8), Perry County
(Indiana, US) (pre 1970) Edmonton (CA) (1967, 1969)
Vancouver (CA) (1946), Vienna (AT) (1946), Kaliningrad (1945-6).
Louisville (US) (1946-50). Brussles (BE) (1892).
Hong Kong Winter Time (1941) now listed as being "DST".
Summary of changes in tzdata2019b (2019-07-01 00:09:53 -0700):
Brazil no longer observes DST
Predictions for Morocco extended to 2087.
Panestine (March 2019) time zone change date corrected
(and guesses for future transitions revised).
Historic updates: Honk Kong (1941 - 1947), Italy (1866).
* test/btyacc/big_b.error, test/btyacc/big_l.error, test/btyacc/help.error, test/btyacc/no_b_opt.error, test/btyacc/no_output2.error, test/btyacc/no_p_opt.error, test/btyacc/nostdin.error, test/yacc/big_b.error, test/yacc/big_l.error, test/yacc/help.error, test/yacc/no_b_opt.error, test/yacc/no_output2.error, test/yacc/no_p_opt.error, test/yacc/nostdin.error:
regen
* test/run_test.sh: test "-H" rather than "-D"
2019-06-16 Thomas E. Dickey <dickey@invisible-island.net>
* main.c, yacc.1:
change "-D" option to "-H" (discussion with Ethan Sommer)
* VERSION, package/byacc.spec, package/debian/changelog, package/mingw-byacc.spec, package/pkgsrc/Makefile:
bump
* test/btyacc/defines1.calc.c, test/btyacc/defines2.calc.c, test/btyacc/defines3.calc.c:
RCS_BASE
* test/run_test.sh: in test_defines, save the ".c" file too
* test/yacc/defines3.calc.c, test/yacc/defines2.calc.c, test/yacc/defines1.calc.c:
RCS_BASE
* test/run_test.sh:
output of test_defines should be a header ".h", not ".c"
* test/btyacc/defines1.calc.h, test/btyacc/defines1.error, test/btyacc/defines1.output, test/btyacc/defines2.calc.h, test/btyacc/defines2.error, test/btyacc/defines2.output, test/btyacc/defines3.calc.h, test/btyacc/defines3.error, test/btyacc/defines3.output:
RCS_BASE
* main.c: however, a subsequent -d cancels -D
* test/yacc/defines1.calc.h, test/yacc/defines3.calc.h: RCS_BASE
* main.c: -D option implies -d
* test/yacc/defines1.error, test/yacc/defines1.output, test/yacc/defines2.calc.h, test/yacc/defines2.error, test/yacc/defines2.output, test/yacc/defines3.error, test/yacc/defines3.output:
RCS_BASE
* yacc.1: align macro definitions with my other manpages
* test/run_test.sh: add test for -D after -d or -b options
* test/btyacc/stdin1.calc.c, test/btyacc/stdin1.error, test/btyacc/stdin1.output, test/btyacc/stdin2.calc.c, test/btyacc/stdin2.error, test/btyacc/stdin2.output:
RCS_BASE
* test/btyacc/big_b.error, test/btyacc/big_b.output, test/btyacc/big_l.error, test/btyacc/big_l.output, test/btyacc/help.error, test/btyacc/help.output, test/btyacc/no_b_opt.error, test/btyacc/no_b_opt.output, test/btyacc/no_b_opt1.error, test/btyacc/no_b_opt1.output, test/btyacc/no_code_c.error, test/btyacc/no_code_c.output, test/btyacc/no_defines.error, test/btyacc/no_defines.output, test/btyacc/no_graph.error, test/btyacc/no_graph.output, test/btyacc/no_include.error, test/btyacc/no_include.output, test/btyacc/no_opts.error, test/btyacc/no_opts.output, test/btyacc/no_output.error, test/btyacc/no_output.output, test/btyacc/no_output1.error, test/btyacc/no_output1.output, test/btyacc/no_output2.error, test/btyacc/no_output2.output, test/btyacc/no_p_opt.error, test/btyacc/no_p_opt.output, test/btyacc/no_p_opt1.error, test/btyacc/no_p_opt1.output, test/btyacc/no_verbose.error, test/btyacc/no_verbose.output, test/btyacc/nostdin.error, test/btyacc/nostdin.output, test/yacc/big_b.error, test/yacc/big_b.output, test/yacc/big_l.error, test/yacc/big_l.output, test/yacc/help.error, test/yacc/help.output, test/yacc/no_b_opt.error, test/yacc/no_b_opt.output, test/yacc/no_b_opt1.error, test/yacc/no_b_opt1.output, test/yacc/no_code_c.error, test/yacc/no_code_c.output, test/yacc/no_defines.error, test/yacc/no_defines.output, test/yacc/no_graph.error, test/yacc/no_graph.output, test/yacc/no_include.error, test/yacc/no_include.output, test/yacc/no_opts.error, test/yacc/no_opts.output, test/yacc/no_output.error, test/yacc/no_output.output, test/yacc/no_output1.error, test/yacc/no_output1.output, test/yacc/no_output2.error, test/yacc/no_output2.output, test/yacc/no_p_opt.error, test/yacc/no_p_opt.output, test/yacc/no_p_opt1.error, test/yacc/no_p_opt1.output, test/yacc/no_verbose.error, test/yacc/no_verbose.output, test/yacc/nostdin.error, test/yacc/nostdin.output:
regen
* test/run_test.sh:
add a test for stdin "-" vs end-options "--", and correct a redirection
of stderr in test_flags
* test/yacc/stdin2.output, test/yacc/stdin2.calc.c, test/yacc/stdin1.calc.c, test/yacc/stdin1.error, test/yacc/stdin1.output, test/yacc/stdin2.error:
RCS_BASE
* test/btyacc/big_b.output, test/btyacc/big_l.output, test/btyacc/help.output, test/btyacc/no_b_opt.output, test/btyacc/no_output2.output, test/btyacc/no_p_opt.output, test/btyacc/nostdin.output, test/yacc/big_b.output, test/yacc/big_l.output, test/yacc/help.output, test/yacc/no_b_opt.output, test/yacc/no_output2.output, test/yacc/no_p_opt.output, test/yacc/nostdin.output:
regen
* main.c: add -D option, to specify filename vs y.tab.h for -d
* defs.h: add dflag2, for -D option
* yacc.1: document -D option
* config_h.in: updated with autoheader-252
* configure: regen
* package/debian/copyright: bump
* aclocal.m4: add CF_GETOPT_HEADER
* aclocal.m4: Improved autoconf macros:
+ CF_CC_ENV_FLAGS
putting preprocessor flags in CFLAGS also is a nuisance, which can be
addressed in the same way.
+ CF_GCC_WARNINGS
factor out workaround for XTSTRINGDEFINES as CF_CONST_X_STRING
+ CF_GNU_SOURCE
The check for _DEFAULT_SOURCE should apply to "recent" Cygwin (since early 2016),
and except for "NEWLIB" vs "GLIBC" in the test, acts the same if I pretend
that "newlib" is the GNU C library. Without this, the check falls through
to the _XOPEN_SOURCE test, which breaks the pseudoterminal checks for xterm.
+ CF_POSIX_C_SOURCE
add/use CF_POSIX_VISIBLE
+ CF_TRY_XOPEN_SOURCE
use CF_APPEND_TEXT
+ CF_WITH_MAN2HTML
use sed to work around non-POSIX tail utility
+ CF_XOPEN_SOURCE
use CF_APPEND_TEXT
add/use CF_POSIX_VISIBLE
* VERSION, package/byacc.spec, package/debian/changelog, package/mingw-byacc.spec, package/pkgsrc/Makefile:
bump
2019-06-10 Thomas E. Dickey <dickey@invisible-island.net>
* config.guess: 2019-06-10
2019-05-22 Thomas E. Dickey <dickey@invisible-island.net>
* config.sub: 2019-05-22
zfs_netbsd_{create,mknod,link,etc..} that call functions called
zfs_{create,mknod,link,etc..}. These later functions may return a
error code along with a *vpp that is NULL. This situation was not
handled by the zfs_netbsd_* functions and would result in a panic in a
number of cases. The simplest to trigger it was filling up a dataset
or pool resulting in a over quota condition. An attempt to create
another file, or directory at that point would panic.
- file has looks bogus maybe-uninitialized
- llvm triggers an attribute violation:
ScheduleDAGInstrs.cpp:1430:14: error: declaration of
'llvm::raw_ostream& llvm::operator<<(llvm::raw_ostream&, const llvm::ILPValue&)'
with attribute 'noinline' follows inline declaration [-Werror=attributes]
- ntp and pkg_install have obvious restrict violations, should be
fixed but i'm avoiding patching upstream code in this pass
- tftp has an array bounds that doesn't seem real issue
- sysinst's partman.c has major problem with passing the same
string as source and dest in snprintf, as a way to strcat
with formatting which trip restrict violations. non trivial
to fix so for now the warning is elided.
- Xext's XEVI.c has similar issue as partman.c
everyone and GCC 8 gets these warnings turned off for now:
-Wno-format-truncation
-Wno-stringop-overflow
-Wno-stringop-truncation
-Wno-cast-function-type
as they trip a large amount of code. most of them should be
investigated, but the few i looked at were not finding actually
real bugs, vs instances of poor coding, so skipping for now.
avoid passing the same pointer in multiple arguments for restrict
marked arguments:
- sigaction() wants separate in/out
- use memmove() not memcpy() for overlapping regions (this may fix
a real bug in nvi -- but it seems unlikely)
- select() wants separate read/write/except
- sigprocmask() wants separate set/oset
- netbsd/arm64 uses 64 byte malloc alignment
- make lsan compile on sparc*, mips*, ppc and arm64 again
- add missing sparc, alpha and i386 abi compat for struct __sanitizer_addrinfo
- avoid linux includes on arm64
- avoid multiply defined __ubsan_handle_cfi_bad_type when UBSAN_CAN_USE_CXXABI
isn't defined, and, undefine it
- bad_array_length.cc and bad_array_new.cc lose special build rules
- regen arm64 mknative
Synchromize the struct field format with other BSDs and Darwin.
No ABI change between older and newer struct form on the ports.
The change will require no changes to most C users during the transition
period as the header keeps a caller cast.
Discussed with core@ and there were no objections for this move.
- sanitizer_procmaps_netbsd.cc is obsolete.
- fix merge botches where upstrem has as slightly different version
is upstream than prior local
- libstdc++ default is now gnu++17
- ubsan needs UBSAN_CAN_USE_CXXABI set
- properly use $G_RTL_BASE_H not (empty) $RTL_BASE_H
- libbackend HH gains new generated insn-modes-inline.h, and read-md.c
gains the HH dep.
- update sanitizer makefiles
also, reduce diffs to upstream:
- remove or1k support
- re-order various lines to match upstream
- move regex map code into file-prefix-map.[ch]
XXX: our change for e500 has moved into 'powerpcspe' port, which has
XXX: been marked deprecated in GCC 8. this may affect what ppc ports
XXX: can update to GCC 8 easily, and we may need to add support for
XXX: 'powerpcspe' while we can.
Summary for 1.9.1 libpcap release
Mention pcap_get_required_select_timeout() in the main pcap man page
Fix pcap-usb-linux.c build on systems with musl
Fix assorted man page and other documentation issues
Plug assorted memory leaks
Documentation changes to use https:
Changes to how time stamp calculations are done
Lots of tweaks to make newer compilers happier and warning-free and
to fix instances of C undefined behavior
Warn if AC_PROG_CC_C99 can't enable C99 support
Rename pcap_set_protocol() to pcap_set_protocol_linux().
Align pcap_t private data on an 8-byte boundary.
Fix various error messages
Use 64-bit clean API in dag_findalldevs()
Fix cleaning up after some errors
Work around some ethtool ioctl bugs in newer Linux kernels (GitHub
issue #689)
Add backwards compatibility sections to some man pages (GitHub issue
#745)
Fix autotool configuration on AIX and macOS
Don't export bpf_filter_with_aux_data() or struct bpf_aux_data;
they're internal-only and subject to change
Fix pcapng block size checking
On macOS, don't build rpcapd or test programs any fatter than they
need to be
Fix reading of capture statistics for Linux USB
Fix packet size values for Linux USB packets (GitHub issue #808)
Check only VID in VLAN test in filterss (GitHub issue #461)
Fix pcap_list_datalinks on 802.11 devices on macOS
Fix overflows with very large snapshot length in pcap file
Improve parsing of rpcapd configuration file (GitHub issue #767)
Handle systems without strlcpy() or strlcat() better
Fix crashes and other errors with invalid filter expressions
Fix use of uninitialized file descriptor in remote capture
Fix some CMake issues
Fix some divide-by-zero issues with the filter compiler
Work around a GNU libc bug in pcap_nametonetaddr()
Add support for DLT_LINUX_SLL2
Fix handling of the packet-count argument for Myricom SNF devices
Fix --disable-rdma in configure script (GitHub issue #782)
Fix compilation of TurboCap support (GitHub issue #764)
Constify first argument to pcap_findalldevs_ex()
Fix a number of issues when running rpcapd as an inetd-style daemon
Fix CMake issues with D-Bus libraries
In rpcapd, clean up termination of a capture session
Redo remote capture protocol negotiation
In rpcapd, report the same error for "invalid user name" and
"invalid password", to make brute-forcing harder
For remote captures, add an error code for "the server requires TLS"
Fix pcap_dump_fopen() on Windows to avoid clashes between
{Win,N}Pcap and application C runtimes
Fix exporting of functions from Windows DLLs (GitHub issue #810)
Fix building as part of Npcap
Allow rpcapd to rebind more rapidly
Fix building shared libpcap library on midipix (midipix.org)
Fix hack to detect UTF-16LE adapter names on Windows not to go past
the end of the string
Fix handling of "wireless WAN" (mobile phone network modems) on
Windows with WinPcap/Npcap (GitHub issue #824)
Have pcap_dump_open_append() create the dump file if it doesn't
exists (GitHub issue #247)
Fix the maxmum snapshot length for DLT_USBPCAP
Use -fPIC when building for 64-bit SPARC on Linux (GitHub issue #837)
Fix CMake 64-bit library installation directory on some Linux
distributions
Boost the TPACKET_V3 timeout to the maximum if a timeout of 0 was
specified
Five CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165
Fixes for CVE-2018-16301, errors in pcapng reading.
PCAPNG reader applies some sanity checks before doing malloc().
- many optimisations improved: inter-procedural, profile-directed,
LTO, loops including user-controllable unroll support, and more.
- columns numbers added to line numbers in dwarf
- gcov extended significantly
- many sanitizer updates
- many new warning messages
- many better hints and more useful error messages
- minor ABI changes on x86-64 libstdc++, and some c++17 modes
- draft c++2a features
- better c++17 experimental support
- Armv8.4-A supported, better 8.2-A and 8.3-A support, including
32 bit arm port. cortex a-55, a-75 and a-55.a-75 combo support.
- in the GCC bugzilla, 8.1 shows 1149 bugs fixed, 8.2 shows 100, and
8.3 shows 158.
A lot of files are now living outside of dist, since they're not in the
distributed sources: they're generated, usually by python/meson.
The remaining changes are due to files being moved around.
Do so, so we don't rely on the build machine to have <endian.h> for
this macro check.
Using ${CPPFLAGS} rather than my own encoding of --sysroot, since it
already includes it.
Tested by agc, thanks.
breaks for some setups which lack it (netbsd<8, possibly other things).
Use the compiler targetting netbsd that uses netbsd headers to figure out
PACKAGE_VERSION to avoid this problem.
by /sbin/{zfs,zpool,mount_zfs}. The general effect is to move them
from /usr/lib to /lib. Compatibility links are installed in /usr/lib
and nothing that is installed, say in /usr/pkg, appears to break.
With this, it is possible to have a /var and /usr mount using ZFS
legacy mounting early on in the boot process.
Run tested on amd64 and i386 and compile tested on evbarm.
Release 2.2.8 Fri Septemper 13 2019
Security fixes:
#317#318 CVE-2019-15903 -- Fix heap overflow triggered by
XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
and deny internal entities closing the doctype;
fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
Bug fixes:
#240 Fix cases where XML_StopParser did not have any effect
when called from inside of an end element handler
#341 xmlwf: Fix exit code for operation without "-d DIRECTORY";
previously, only "-d DIRECTORY" would give you a proper
exit code:
# xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
2
# xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
0
Now both cases return exit code 2.
Other changes:
#299#302 Windows: Replace LoadLibrary hack to access
unofficial API function SystemFunction036 (RtlGenRandom)
by using official API function rand_s (needs WinXP+)
#325 Windows: Drop support for Visual Studio <=7.1/2003
and document supported compilers in README.md
#286 Windows: Remove COM code from xmlwf; in case it turns
out needed later, there will be a dedicated repository
below https://github.com/libexpat/ for that code
#322 Windows: Remove explicit MSVC solution and project files.
You can generate Visual Studio solution files through
CMake, e.g.: cmake -G"Visual Studio 15 2017" .
#338 xmlwf: Make "xmlwf -h" help output more friendly
#339 examples: Improve elements.c
#244#264 Autotools: Add argument --enable-xml-attr-info
#239#301 Autotools: Add arguments
--with-getrandom
--without-getrandom
--with-sys-getrandom
--without-sys-getrandom
#312#343 Autotools: Fix linking issues with "./configure LD=clang"
Autotools: Fix "make run-xmltest" for out-of-source builds
#329#336 CMake: Pull all options from Expat <=2.2.7 into namespace
prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
- BUILD_doc -> EXPAT_BUILD_DOCS (plural)
- BUILD_examples -> EXPAT_BUILD_EXAMPLES
- BUILD_shared -> EXPAT_SHARED_LIBS
- BUILD_tests -> EXPAT_BUILD_TESTS
- BUILD_tools -> EXPAT_BUILD_TOOLS
- DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged)
- INSTALL -> EXPAT_ENABLE_INSTALL
- MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT
- USE_libbsd -> EXPAT_WITH_LIBBSD
- WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS
- XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES
- XML_DEV_URANDOM -> EXPAT_DEV_URANDOM
- XML_DTD -> EXPAT_DTD
- XML_NS -> EXPAT_NS
- XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!)
- XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!)
#244#264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
default OFF
#326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
default OFF
#328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
default OFF
#239#277 CMake: Add arguments
-DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
-DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
#326 CMake: Install expat_config.h to include directory
#326 CMake: Generate and install configuration files for
future find_package(expat [..] CONFIG [..])
CMake: Now produces a summary of applied configuration
CMake: Require C++ compiler only when tests are enabled
#330 CMake: Fix compilation for 16bit character types,
i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
#265 CMake: Fix linking with MinGW
#330 CMake: Add full support for MinGW; to enable, use
-DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
#330 CMake: Port "make run-xmltest" from GNU Autotools to CMake
#316 CMake: Windows: Make binary postfix match MSVC
Old: expat[d].lib
New: expat[w][d][MD|MT].lib
CMake: Migrate files from Windows to Unix line endings
#308 CMake: Integrate OSS-Fuzz fuzzers, option
-DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
#14 Drop an OpenVMS support leftover
#235#268 ..
#270#310 ..
#313#331#333 Address compiler warnings
#282#283 ..
#284#285 Address cppcheck warnings
#294#295 Address Clang Static Analyzer warnings
#24#293 Mass-apply clang-format 9 (and ensure conformance during CI)
Version info bumped from 7:9:6 to 7:10:6
Special thanks to:
David Loffredo
Joonun Jang
Khajapasha Mohammed
Kishore Kunche
Marco Maggi
Mitch Phillips
Rolf Ade
xantares
Zhongyuan Zhou
This is the tool fc-cache built as a native binary on the host
during the build.
The host might be non-netbsd, and we don't run configure, so we can't
know what kind of random functions it supports.
in the ZFS properties of the dataset and a simple man page for
mount_zfs. With this, it is possible to put ZFS filesystems in
/etc/fstab as file system type zfs.
Add a rc.d script that kicks the module ZFS load mostly before
mountall runs simular to what LVM does. This allows for any legacy
mounts to be specified in critical_local_filesystems and allows for
ZFS pools on top of cgd (probably among other things). Introduce a
rc.conf variable called zfs which needs to be set to YES, in the usual
manor of things, to get zvols and ZFS dataset support rather then just
assume that 'zfs mount' does that in mountall. Fix a problem in
mountall if ZFS is not compiled into the system.
"VAX does not fully populate the register move costs table, so do not
access it w/o checks.
Hack to work around PR toolchain/53176."
Will commit a more upstream-friendly variant shortly.
* inet6: Fix default route not being installed
* DHCP: If root fs is network mounted, enable last lease extend
* man: Fix lint errors.
* DHCP: Give a better message when packet validation fails
* DHCP: Ensure we have enough data to checksum IP and UDP
The last change fixes a potential DoS attack introduced in dhcpcd-8.0.3 when
the checksuming code was changed to accomodate variable length IP headers.
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
* dnsmasq: clear cache after updating servers via dbus
* pdns_recursor: Fix global forwards (thus now installed by default)
* man: layout and misc fixes
Fixes toolchain/54508 by Tobias Ulmer
commit 766f883622ef008230250aa5aecef9fb9b29f233
Author: Alan Hayward <alan.hayward@arm.com>
Date: Tue May 28 10:07:54 2019 +0100
Suppress SIGTTOU when handling errors
Calls to error () can cause SIGTTOU to send gdb to the background.
For example, on an Arm build:
(gdb) b main
Breakpoint 1 at 0x10774: file /build/gdb/testsuite/../../../src/binutils-gdb/gdb/testsuite/gdb.base/watchpoint.c, line 174.
(gdb) r
Starting program: /build/gdb/testsuite/outputs/gdb.base/watchpoint/watchpoint
[1]+ Stopped ../gdb ./outputs/gdb.base/watchpoint/watchpoint
localhost$ fg
../gdb ./outputs/gdb.base/watchpoint/watchpoint
Cannot parse expression `.L1199 4@r4'.
warning: Probes-based dynamic linker interface failed.
Reverting to original interface.
The SIGTTOU is raised whilst inside a syscall during the call to tcdrain.
Fix is to use scoped_ignore_sigttou to ensure SIGTTOU is blocked.
In addition fix include comments - job_control is not included via terminal.h
gdb/ChangeLog:
* event-top.c: Remove include comment.
* inflow.c (class scoped_ignore_sigttou): Move from here...
* inflow.h (class scoped_ignore_sigttou): ...to here.
* ser-unix.c (hardwire_drain_output): Block SIGTTOU during drain.
* top.c: Remove include comment.
5277. [bug] Cache DB statistics could underflow when serve-stale
was in use, because of a bug in counter maintenance
when RRsets become stale.
Functions for dumping statistics have been updated
to dump active, stale, and ancient statistic
counters. Ancient RRset counters are prefixed
with '~'; stale RRset counters are still prefixed
with '#'. [GL #602]
5275. [bug] Mark DS records included in referral messages
with trust level "pending" so that they can be
validated and cached immediately, with no need to
re-query. [GL #964]
5274. [bug] Address potential use after free race when shutting
down rpz. [GL #1175]
5273. [bug] Check that bits [64..71] of a dns64 prefix are zero.
[GL #1159]
5269. [port] cygwin: can return ETIMEDOUT on connect() with a
non-blocking socket. [GL #1133]
5268. [bug] named could crash during configuration if
configured to use "geoip continent" ACLs with
legacy GeoIP. [GL #1163]
5266. [bug] named-checkconf failed to report dnstap-output
missing from named.conf when dnstap was specified.
[GL #1136]
5265. [bug] DNS64 and RPZ nodata (CNAME *.) rules interacted badly
[GL #1106]
5264. [func] New DNS Cookie algorithm - siphash24 - has been added
to BIND 9. [GL #605]
5236. [func] Add SipHash 2-4 implementation in lib/isc/siphash.c
and switch isc_hash_function() to use SipHash 2-4.
[GL #605]
--- 9.14.4 released ---
5260. [bug] dnstap-read was producing malformed output for large
packets. [GL #1093]
5258. [func] Added support for the GeoIP2 API from MaxMind,
when BIND is compiled using "configure --with-geoip2".
The legacy GeoIP API can be enabled by using
"configure --with-geoip" instead. These options
cannot be used together.
Certain geoip ACL settings that were available with
legacy GeoIP are not available when using GeoIP2.
See the ARM for details. [GL #182]
5257. [bug] Some statistics data was not being displayed.
Add shading to the zone tables. [GL #1030]
5256. [bug] Ensure that glue records are included in root
priming responses if "minimal-responses" is not
set to "yes". [GL #1092]
5255. [bug] Errors encountered while reloading inline-signing
zones could be ignored, causing the zone content to
be left in an incompletely updated state rather than
reverted. [GL #1109]
5254. [func] Collect metrics to report to the statistics-channel
DNSSEC signing operations (dnssec-sign) and refresh
operations (dnssec-refresh) per zone and per keytag.
[GL #513]
5253. [port] Support platforms that don't define ULLONG_MAX.
[GL #1098]
5251. [bug] Statistics were broken in x86 Windows builds.
[GL #1081]
5249. [bug] Fix a possible underflow in recursion clients
statistics when hitting recursive clients
soft quota. [GL #1067]
--- 9.14.3 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
5243. [bug] Fix a possible race between dispatcher and socket
code in a high-load cold-cache resolver scenario.
[GL #943]
5242. [bug] In relaxed qname minimizatiom mode, fall back to
normal resolution when encountering a lame
delegation, and use _.domain/A queries rather
than domain/NS. [GL #1055]
5241. [bug] Fix Ed448 private and public key ASN.1 prefix blobs.
[GL #225]
5240. [bug] Remove key id calculation for RSAMD5. [GL #996]
5238. [bug] Fix a possible deadlock in TCP code. [GL #1046]
5237. [bug] Recurse to find the root server list with 'dig +trace'.
[GL #1028]
5234. [port] arm: just use the compiler's default support for
yield. [GL #981]
--- 9.14.2 released ---
5233. [bug] Negative trust anchors did not work with "forward only;"
to validating resolvers. [GL #997]
5231. [protocol] Add support for displaying CLIENT-TAG and SERVER-TAG.
[GL #960]
5229. [protocol] Enforce known SSHFP fingerprint lengths. [GL #852]
5228. [cleanup] If trusted-keys and managed-keys are configured
simultaneously for the same name, the key cannot
be rolled automatically. This configuration now
logs a warning. [GL #868]
5224. [bug] Only test provide-ixfr on TCP streams. [GL #991]
5223. [bug] Fixed a race in the filter-aaaa plugin accessing
the hash table. [GL #1005]
5222. [bug] 'delv -t ANY' could leak memory. [GL #983]
5221. [test] Enable parallel execution of system tests on
Windows. [GL !4101]
5220. [cleanup] Refactor the isc_stat structure to take advantage
of stdatomic. [GL !1493]
5219. [bug] Fixed a race in the filter-aaaa plugin that could
trigger a crash when returning an instance object
to the memory pool. [GL #982]
5218. [bug] Conditionally include <dlfcn.h>. [GL #995]
5217. [bug] Restore key id calculation for RSAMD5. [GL #996]
5216. [bug] Fetches-per-zone counter wasn't updated correctly
when doing qname minimization. [GL #992]
5215. [bug] Change #5124 was incomplete; named could still
return FORMERR instead of SERVFAIL in some cases.
[GL #990]
5214. [bug] win32: named now removes its lock file upon shutdown.
[GL #979]
5213. [bug] win32: Eliminated a race which allowed named.exe running
as a service to be killed prematurely during shutdown.
[GL #978]
5211. [bug] Allow out-of-zone additional data to be included
in authoritative responses if recursion is allowed
and "minimal-responses" is disabled. This behavior
was inadvertently removed in change #4605. [GL #817]
5210. [bug] When dnstap is enabled and recursion is not
available, incoming queries are now logged
as "auth". Previously, this depended on whether
recursion was requested by the client, not on
whether recursion was available. [GL #963]
5209. [bug] When update-check-ksk is true, add_sigs was not
considering offline keys, leaving record sets signed
with the incorrect type key. [GL #763]
5208. [test] Run valid rdata wire encodings through totext+fromtext
and tofmttext+fromtext methods to check these methods.
[GL #899]
5207. [test] Check delv and dig TTL values. [GL #965]
5206. [bug] Delv could print out bad TTLs. [GL #965]
5205. [bug] Enforce that a DS hash exists. [GL #899]
5204. [test] Check that dns_rdata_fromtext() produces a record that
will be accepted by dns_rdata_fromwire(). [GL #852]
5203. [bug] Enforce whether key rdata exists or not in KEY,
DNSKEY, CDNSKEY and RKEY. [GL #899]
5202. [bug] <dns/ecs.h> was missing ISC_LANG_ENDDECLS. [GL #976]
5190. [bug] Ignore trust anchors using disabled algorithms.
[GL #806]
* BSD: Fixed router reachability tests
* inet6: If router unreachable, just solicit a new one
* inet6: Fon't install a default route if only lladdresses
* inet6: Stop listening to NA messages
* BSD: Listen to RTM_MISS messages
* DHCP: Fix in_cksum for Big Endian
* DHCP{,6}: Don't log an error if the lease file is truncated
When we build netbsd on another OS, we produce a cross compiler without
these definitions.
Fixes some compiler crashes when building netbsd/vax on linux.
Define _REENTRANT for MKSANITIZER build. This is needed for at least stdio
code. This caused new build issued with duplicated symbols in few places
and rump kernel code picking different code paths borrowed from libc.
Handle all this in one go.
Add bsd.sanitizer.mk to share common code used by programs and libraries.
Switch from realall to beforeinstall target in .syms files. This is more
reliable in MKSANITIZER.
Fix generation of .a.syms files in LLVM sanitizers. The old rules weren't
functional and sometimes they were fatal in the build.
Add the .a.syms files to distribution sets.
These files are generated only in certain .a files in 64bit version of
sanitizers.
Correct the location of files with LLVM sanitizers. Move the LLVM sanitizer
entries from base to comp files.
Register external/bsd/compiler_rt as a _SUBDIR. This will allow to handle
properly includes specific for compiler_rt.
Centralize build_install target for external/bsd/compiler_rt.
With the above changes MKOBJDIR is now respected properly for me.
Do not install LLVM sanitizers into TOOLDIR for !HAVE_LLVM.
Do not error if a priority from 0 to 100 is used for constructor or
destructor.
Use -Wno-error to silence all errors from this warning type. There should
be used -Wno-prio-ctor-dtor, but it's not supported by GCC7.
Add i386 support for LLVM sanitizers.
Add new build phases do-sanitizer-* for building LLVM sanitizers after libs
and before other programs. This phase is important as sanitizers need
to link with libs and sanitized programs must link with sanitizer runtimes.
* DHCP: Work with IP headers with options
* script: Assert that env string are correctly terminated
* script: Terminate env strings with no value
* script: Don't attempt to use an invalid env string
* route: Fix NULL deference error when using static routes
* ARP: Respect IFF_NOARP
* DHCP: Allow full DHCP support for PtP interfaces, but not by default
* control: sends correct buffer to listeners
dhcpcd-ui now correctly reports SSD association and all the addresses obtained (regression from dhcpcd-7)
The sanitizers are special purpose piece of software that needs customized
build rules. Do not bother with generating debuginfo files for them.
Fixes MKDEBUG=yes build
Leak Sanitizer header is already needed in the distribution for built with
Address Sanitizer (MKSANITIZER):
- dist/llvm/utils/TableGen/TableGen.cpp
- dist/clang/utils/TableGen/TableGen.cpp
Next version of LLVM (9.0) will ship with LSan.
Enable in all the supported variations for NetBSD/amd64:
- Address Sanitizer
- Thread Sanitizer
- Memory Sanitizer
- Undefined Behavior Sanitizer
- SafeStack
- libFuzzer
- XRay
This change enables the features on amd64 for start.
Add build rules for LLVM in all the supported variations for NetBSD/amd64:
- asan
- xray
- tsan, dd
- libfuzzer
- msan
- safestack
- ubsan
These build rules compile functional sanitizers.
The build rules are still not hooked into the distribution build, as there
is pending work on backporting improvements for the llvm-8 branch needed
for netbsd-9 and newer.
Added libldap OpenSSL Elliptic Curve support (ITS#7595)
Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671)
Added slapd-monitor support for slapd-mdb (ITS#7770)
Fixed liblber leaks (ITS#8727)
Fixed liblber with partial flush (ITS#8864)
Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674)
Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754)
Fixed libldap to correctly close TLS connection (ITS#8755)
Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
Fixed liblunicode case correspondance (ITS#8508)
Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
Fixed slapd config parser variable for Windows64 (ITS#9012)
Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038)
Fixed slapd to initialize SASL SSF per connection (ITS#9052)
Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997)
Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
Fixed slapd-meta assertion when network interface goes down (ITS#8841)
Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
Fixed slapo-accesslog possible assert with exops (ITS#8971)
Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
Fixed slapo-memberof for group name change to itself (ITS#9000)
Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
Fixed slapo-rwm to not free original filter (ITS#8964)
Fixed slapo-syncprov contextCSN generation (ITS#9015)
Build Environment
Fixed slapd to only link to BDB libraries with static build (ITS#8948)
Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794)
Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
Documentation
General - Fixed minor typos (ITS#8764, ITS#8761)
admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031)
slapd.access(5) - Note MDB is the primary backend (ITS#8881)
slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
slapd-ldap(5) - Document starttls parameter (ITS#8693)
Contrib
Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)
OpenLDAP 2.4.47 Release (2018/12/19)
Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
Added slapd-sock ability to send extended operations to external listeners (ITS#8714)
Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752)
Fixed libldap dn to domain parsing with bad input (ITS#8842)
Fixed slapd slapcat to correctly honor -g option (ITS#8667)
Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923)
Fixed slapd to check status of rdnNormalize (ITS#8932)
Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616)
Fixed slapd sasl authz-policy "all" behavior (ITS#8909)
Fixed slapd sasl minor typo (ITS#8918)
Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912)
Fixed slapd domainScope control to match Microsoft specification (ITS#8840)
Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868)
Fixed slapo-accesslog deadlock during cleanup (ITS#8752)
Fixed slapo-memberof cn=config modifications (ITS#8663)
Fixed slapo-ppolicy with multimaster replication (ITS#8927)
Fixed slapo-syncprov with NULL modlist (ITS#8843)
Build Environment
Added slapd reproducible build support (ITS#8928)
Fixed missing includes with OpenSSL 1.0.2 (ITS#8809)
Contrib
Fixed slapo-pbkdf2 hash generation (ITS#8878)
Documentation
admin24 fixed minor typo (ITS#8887)
OpenLDAP 2.4.46 Release (2018/03/22)
Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717)
Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373)
Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687)
Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791)
Fixed libldap MozNSS CA certificate hash matching (ITS#7374)
Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389)
Fixed libldap MozNSS initialization (ITS#8484)
Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650)
Fixed libldap memory leak with cancel operations (ITS#8782)
Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705)
Fixed slapd to maintain SSF across SASL binds (ITS#8796)
Fixed slapd syncrepl deadlock when updating cookie (ITS#8752)
Fixed slapd syncrepl callback to always be last in the stack (ITS#8752)
Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778)
Fixed slapd CSN queue processing (ITS#8801)
Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720)
Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520)
Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226)
Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404)
Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692)
Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752)
Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100)
Fixed slapo-syncprov memory leak with delete operations (ITS#8690)
Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444)
Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100)
Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607)
Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800)
Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486)
Build Environment
Fixed Windows build with newer MINGW version (ITS#8697)
Fixed compiler warnings and removed unused variables (ITS#8578)
Contrib
Fixed ldapc++ Control structure (ITS#8583)
Documentation
Delete stub manpage for back-ldbm (ITS#8713)
Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121)
Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818)
Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715)
Fixed slapo-syncprov(5) indexing requirements (ITS#5048)
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).
Signed-off-by: Jouni Malinen <j@w1.fi>
(cherry picked from commit cd803299ca485eb857e37c88f973fccfbb8600e5)
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).
Signed-off-by: Jouni Malinen <j@w1.fi>
(cherry picked from commit 147bf7b88a9c231322b5b574263071ca6dbb0503)
This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
differences in runtime and memory access patterns depending on the
leading bytes of the BIGNUM value.
OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
are still using the previous implementation where the BN_num_bytes()
call may result in different memory access pattern.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
(cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3)
- NETBSD_ENABLE_PTHREADS removed (default always)
- HAVE_GNU_INDIRECT_FUNCTION enabled for some platforms
- switch to dragondfly bsd locale routines after christos made them work for us
only the first matches
Pick up some of the fixes from upstream:
- posix paren matching
- print \v \a
- some more fatal handling
- init all the character range.
