Commit Graph

3125 Commits

Author SHA1 Message Date
spz 76387d3839 merge bind-9-9-2-P1 and adjust build as needed
fixes CVE-2012-5688, see:
http://www.isc.org/software/bind/advisories/cve-2012-5688
2012-12-04 23:38:37 +00:00
spz aecb6b8491 Upstream changelog since 9.9.1:
--- 9.9.2-P1 released ---

3407.	[security]	Named could die on specific queries with dns64 enabled.
			[Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]

	--- 9.9.2 released ---

3383.	[security]	A certain combination of records in the RBT could
                        cause named to hang while populating the additional
                        section of a response. [RT #31090]

3373.	[bug]		win32: open raw files in binary mode. [RT #30944]

3364.	[security]	Named could die on specially crafted record.
			[RT #30416]

	--- 9.9.2rc1 released ---

3370.	[bug]		Address use after free while shutting down. [RT #30241]

3369.	[bug]		nsupdate terminated unexpectedly in interactive mode
			if built with readline support. [RT #29550]

3368.	[bug]		<dns/iptable.h>, <dns/private.h> and <dns/zone.h>
			were not C++ safe.

3367.	[bug]		dns_dnsseckey_create() result was not being checked.
			[RT #30685]

3366.	[bug]		Fixed Read-After-Write dependency violation for IA64
			atomic operations. [RT #25181]

3365.	[bug]		Removed spurious newlines from log messages in
			zone.c [RT #30675]

3363.	[bug]		Need to allow "forward" and "fowarders" options
			in static-stub zones; this had been overlooked.
			[RT #30482]

3362.	[bug]		Setting some option values to 0 in named.conf
			could trigger an assertion failure on startup.
			[RT #27730]

3361.	[bug]		"rndc signing -nsec3param" didn't work correctly
			when salt was set to '-' (no salt). [RT #30099]

3360.	[bug]		'host -w' could die.  [RT #18723]

3359.	[bug]		An improperly-formed TSIG secret could cause a
			memory leak. [RT #30607]

3357.	[port]		Add support for libxml2-2.8.x [RT #30440]

3356.	[bug]		Cap the TTL of signed RRsets when RRSIGs are
			approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]

3355.	[port]		Use more portable awk in verify system test.

3354.	[func]		Improve OpenSSL error logging. [RT #29932]

	--- 9.9.2b1 released ---

3353.	[bug]		Use a single task for task exclusive operations.
			[RT #29872]

3352.	[bug]		Ensure that learned server attributes timeout of the
			adb cache. [RT #29856]

3351.	[bug]		isc_mem_put and isc_mem_putanddetach didn't report
			caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
			memory debugging flags are set. [RT #30243]

3350.	[bug]		Memory read overrun in isc___mem_reallocate if
			ISC_MEM_DEBUGCTX memory debugging flag is set.
			[RT #30240]

3349.	[bug]		Change #3345 was incomplete. [RT #30233]

3348.	[bug]		Prevent RRSIG data from being cached if a negative
			record matching the covering type exists at a higher
			trust level. Such data already can't be retrieved from
			the cache since change 3218 -- this prevents it
			being inserted into the cache as well. [RT #26809]

3347.	[bug]		dnssec-settime: Issue a warning when writing a new
			private key file would cause a change in the
			permissions of the existing file. [RT #27724]

3346.	[security]	Bad-cache data could be used before it was
			initialized, causing an assert. [RT #30025]

3345.	[bug]		Addressed race condition when removing the last item
			or inserting the first item in an ISC_QUEUE.
			[RT #29539]

3344.	[func]		New "dnssec-checkds" command checks a zone to
			determine which DS records should be published
			in the parent zone, or which DLV records should be
			published in a DLV zone, and queries the DNS to
			ensure that it exists. (Note: This tool depends
			on python; it will not be built or installed on
			systems that do not have a python interpreter.)
			[RT #28099]

3342.	[bug]		Change #3314 broke saving of stub zones to disk
			resulting in excessive cpu usage in some cases.
			[RT #29952]

3341.	[func]		New "dnssec-verify" command checks a signed zone
			to ensure correctness of signatures and of NSEC/NSEC3
			chains. [RT #23673]

3339.	[func]		Allow the maximum supported rsa exponent size to be
			specified: "max-rsa-exponent-size <value>;" [RT #29228]

3338.	[bug]		Address race condition in units tests: asyncload_zone
			and asyncload_zt. [RT #26100]

3337.	[bug]		Change #3294 broke support for the multiple keys
			in controls. [RT #29694]

3335.	[func]		nslookup: return a nonzero exit code when unable
			to get an answer. [RT #29492]

3334.	[bug]		Hold a zone table reference while performing a
			asyncronous load of a zone. [RT #28326]

3333.	[bug]		Setting resolver-query-timeout too low can cause
			named to not recover if it loses connectivity.
			[RT #29623]

3332.	[bug]		Re-use cached DS rrsets if possible. [RT #29446]

3331.	[security]	dns_rdataslab_fromrdataset could produce bad
			rdataslabs. [RT #29644]

3330.	[func]		Fix missing signatures on NOERROR results despite
			RPZ rewriting.  Also
			 - add optional "recursive-only yes|no" to the
			   response-policy statement
			 - add optional "max-policy-ttl" to the response-policy
			    statement to limit the false data that
			    "recursive-only no" can introduce into
			    resolvers' caches
			 - add a RPZ performance test to bin/tests/system/rpz
			     when queryperf is available.
			 - the encoding of PASSTHRU action to "rpz-passthru".
			     (The old encoding is still accepted.)
		       [RT #26172]


3329.	[bug]		Handle RRSIG signer-name case consistently: We
			generate RRSIG records with the signer-name in
			lower case.  We accept them with any case, but if
			they fail to validate, we try again in lower case.
			[RT #27451]

3328.	[bug]		Fixed inconsistent data checking in dst_parse.c.
			[RT #29401]

3317.	[func]		Add ECDSA support (RFC 6605). [RT #21918]
2012-12-04 19:21:12 +00:00
apb ee9a2498cf Adjust everything under src (but outside src/tools) to use
the TOOLDIR version of libnbcompat, associated include files,
and associated defs.mk file, instead of the version from the
.OBJDIR of src/tools/compat.  This should fix PR 47188.
2012-12-02 12:55:27 +00:00
chs 11c69f2d20 adapt the cyclic module and profile dtrace provider to netbsd.
for now, just hook the cyclic callback into hardclock().
2012-12-02 01:05:16 +00:00
chs a32db86a29 update cyclic module to the freebsd 8-stable version as of svn r219520. 2012-12-02 00:05:38 +00:00
jkunz 32c0cb2823 According to the i.MX23 Reference Manual section 3.1, Page 3-3:
"The i.MX23 always operates in litle-endian mode."
So build elftosb and bootloader for this processor only for evbarm(-el).
2012-11-27 20:00:38 +00:00
drochner 6eb7501d2c collect common rules in the shared Makefile, this propagates the .OBJDIR
fix done for i386 last year to all other ports
2012-11-26 18:57:33 +00:00
christos f60f86a673 XXX: rename data() to getdata(). This is to avoid an assembler botch on the
ppc64 toolchain where function names are prefixed with a period, so "data"
becomes ".data" and ".data" is confused by the assembler with the segment
directive with the same name. Clearly this is a toolchain issue; we should
be able to call functions "text" and "data" but it is simpler to fix the
code rather than the toolchain.
2012-11-24 22:29:09 +00:00
agc d055d5654e add definition for libnetpgpverify 2012-11-20 16:24:30 +00:00
apb eaa724a770 Use -Wno-array-bounds when building two files that read past the end of
an array.  It's not clear how to fix the real bug.  This hack allows
the build to complete with clang.
2012-11-18 08:24:02 +00:00
joerg 6ae8c21c8e Update LLVM/Clang snapshot to r168187 for various bug fixes. 2012-11-17 04:57:25 +00:00
christos ca01c6a423 Eat all targets 2012-11-16 05:39:25 +00:00
christos 3a65f09395 Don't install lib.a on platforms this is not supported. 2012-11-16 02:54:55 +00:00
jkunz 993229b6fe Add elftosb tools to evbarm userland and toolchain.
Elftosb is used to create a digitaly signed "secure boot" file.
This sb file can be booted by the first stage boot loader found in
Freescale i.MX23 and i.MX28 application processors.

Copyright (c) 2004-2010 Freescale Semiconductor, Inc.
2012-11-15 19:49:11 +00:00
njoly 856537a70d Use mdoc macro for literal block display. 2012-11-14 08:26:29 +00:00
joerg 66eae2a69d Merge r163231 from upstream to fix xulrunner build with Clang. 2012-11-08 18:13:53 +00:00
joerg 6677762418 Provide copy constructor and copy assignment operators for C++11.
Clang implements the C++11 semantics properly that require the default
to be implicitly deleted.
2012-11-08 11:24:00 +00:00
apb 418a93cd57 Mark inline function in_word_set(str, len) as static.
The function uses a static variable (stringpool_contents)
and this is not allowed in an inline function with external linkage.
Found by clang -Wstatic-in-inline.
2012-11-08 08:46:26 +00:00
alnsn 21d85b1e97 Add makefiles to build libsljit as a private userspace library. 2012-11-05 00:23:18 +00:00
christos 7c1cb982d4 we have _SC_PHYS_PAGES now 2012-11-04 19:12:41 +00:00
christos 98b021fd71 make the utime and utimes cases work too. 2012-11-03 17:33:01 +00:00
skrll 8f942710bb Re-run mknative for mips gdb 7.3.1 - not being used just yet. 2012-11-03 17:07:49 +00:00
christos 0a00da6dcc use utimensat(2) and correct and centralize file times handling. 2012-11-03 15:39:23 +00:00
skrll 7639cf466f Typo in previous 2012-11-03 15:07:40 +00:00
skrll 70142c72b9 Supply MIPS_ZERO_REGNUM and MIPS_UNUSED_REGNUM (as zero). Idea stolen from
mips-linux-tdep.c
2012-11-03 15:06:55 +00:00
skrll 2334c5671b Bring across target kvm support for mips from gdb6. 2012-11-03 14:59:44 +00:00
skrll db35d67e76 Tidyup 2012-11-03 14:38:17 +00:00
joerg 0ee52b72c8 Update LLVM/Clang snapshot to r166772. Now builds without RTTI and
exceptions. Also features the first round of a loop vectorizer.
2012-10-28 17:07:44 +00:00
nakayama b41cd0dbf9 Remove ipl overwrite. Which was missed in previous. 2012-10-27 20:07:12 +00:00
joerg 7ad1c4e7c0 Appease shift vs substract warning for clang. 2012-10-27 06:55:54 +00:00
christos f29054e9cf copy structures for alignment purposes 2012-10-26 23:05:14 +00:00
skrll 33c51f6938 Add the raspberry pi firmware distribution under the license shown
below.

OK'ed by board@ some time ago.

This version of the firmware allows the gpu/arm memory split to be
configured in config.txt using the gpu_mem= option.

Copyright (c) 2006, Broadcom Corporation.
All rights reserved.

Redistribution.  Redistribution and use in binary form, without
modification, are permitted provided that the following conditions are
met:

* This software may only be used for the purposes of developing for,
  running or using a Raspberry Pi device.
* Redistributions must reproduce the above copyright notice and the
  following disclaimer in the documentation and/or other materials
  provided with the distribution.
* Neither the name of Broadcom Corporation nor the names of its suppliers
  may be used to endorse or promote products derived from this software
  without specific prior written permission.

DISCLAIMER.  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
2012-10-26 10:22:42 +00:00
drochner d18545dea2 pull in upstream rev. 191413 to fix integer overflow in objalloc_alloc
(CVE-2012-3509)
2012-10-25 17:00:16 +00:00
christos 48c5746230 Don't play stupid pet tricks with alignments and simplify the code not
to allocate/copy.
2012-10-22 04:35:17 +00:00
christos 83ff0d3d9d missed a const commit 2012-10-22 01:21:57 +00:00
christos 2f6d4dae96 - fix alignment issues in ipmon
- protoize ipmon.c, use void *, size_t instead of char *, int.
2012-10-21 22:57:48 +00:00
riastradh d9310ec72a Use 0 for MS_NOMNTTAB since we have no mnttab anyway. 2012-10-20 22:11:38 +00:00
joerg fdd8614af9 Hack to avoid missing macro to unbuild the tree. 2012-10-20 11:37:37 +00:00
riastradh 0041a2c6fe Let's try that again without the static... 2012-10-19 22:19:15 +00:00
riastradh e75d983bfe Add omitted secpolicy_vnode_utime_modify, for zfs. 2012-10-19 19:58:33 +00:00
riastradh 4797828821 Back out accidental commit of errno kludge for rmdir(".") &c.
Solaris returns EEXIST, whereas we want to return ENOTEMPTY (POSIX
allows both), but this got included in an unrelated commit and should
be separated into a common commit for other related error code fixes.
2012-10-18 14:29:44 +00:00
riastradh 2111fc7126 Take a first whack at making zfs permissions work.
zfs_access uses secpolicy_vnode_access, so it makes no sense for the
latter to call VOP_ACCESS!

Everything seems to return EACCES instead of EPERM, probably because
that's what kauth returns.  This should be fixed, but that may
require some nontrivial surgery to zfs's calls to secpolicy_*, which
is where kauth gets involved.

This commit imports some code from illumos to implement the routine
secpolicy_vnode_setattr.  This shouldn't be outside dist/, but for
now it is expedient to do so.  We ought to fix that, along with all
the other CDDL code outside dist/, when we next import a newer
version of zfs.
2012-10-18 14:22:57 +00:00
riastradh 8e972045d7 Restore _PC_NO_TRUNC in zfs_netbsd_pathconf.
Accidentally clobbered it in a previous commit while moving patches
around between source trees -- oops.
2012-10-16 00:04:15 +00:00
riastradh 6d6cb07bff Fail lookup of .. in a deleted directory with ENOENT.
Don't try to zget the parent, whose znode id may have been recycled
by now.

It's not clear to me how Solaris avoids this, but maybe I'm just
missing something obvious.
2012-10-15 23:51:11 +00:00
riastradh 1baf22d09c Fix various issues in zfs life cycle, locking, and vop protocol.
- Restore some zfs locking and unlocking that got lost randomly.

- Enable use of the BSD vnode lock.  Lock order: all BSD vnode locks
are taken before all zfs internal locks.  There remains an issue with
O_EXCL, to be solved later (famous last words).  KASSERT the locking
scheme up the wazoo.

- Take our cruft out of zfs_lookup and move it to zfs_netbsd_lookup.
Restore much of the way zfs_lookup looked to make merging future
versions easier.  Disable use of the namecache for now because its
locking dance is too scary to contemplate.

- Implement BSD semantics for rename, to appease our tests.  This is
a provisional kludge; eventually we need VOP_RENAME to take a flag
specifying whether to use BSD semantics or POSIX semantics.

- Simplify zfs_netbsd_reclaim and make it work.  Now that getnewvnode
never tries to vclean anything itself, we need not worry about
recursion of ZFS_OBJ_MUTEX locks.

- Clarify and fix genfs node initialization and destruction.

zfs passes most of our atf vfs tests now, including the rename races.

Still to do:

- fix the impedance mismatch between our permissions model and zfs's;
- fix O_EXCL (nontrivial);
- throw dirconc at it and see how badly it explodes;
- find why zpool sometimes wedges itself during mkfs; and
- find why pool caches sometimes seem to get corrupted.
2012-10-15 23:08:19 +00:00
riastradh 1b44cf7c91 secpolicy_vnode_access must be called with the vnode lock held.
Don't unlock the vnode and then tell the caller about what the world
was like while the vnode was locked.  The world changes fast.
2012-10-15 22:50:25 +00:00
riastradh 2ea30100de Simplify zfs dirlock reference counting.
No need to pass dzp around; dl has a pointer to it.
2012-10-15 22:43:50 +00:00
riastradh b2ba8fafaa Do reference counting for zfs range lock waiters.
Avoid cv_broadcast(&cv); cv_destroy(&cv); which works in Solaris only
by abuse of the condvar abstraction.

There are parts of this code that should be factored into smaller
subroutines, mainly range lock allocation and initialization, but
that would make it harder to merge newer versions of zfs, so for now
I've just expanded those parts further in-line.
2012-10-15 14:15:59 +00:00
riastradh f1e3330bc7 Do reference counting for zfs dirlock waiters.
Solaris relies on cv_broadcast(&cv); cv_destroy(&cv) working, but
that hoses our cv_wait, which needs to continue using cv after it is
woken.  Solaris's idiom is an abuse of the condvar abstraction, but
we can get the same effect with reference counting.
2012-10-15 14:03:06 +00:00
msaitoh 237b58e244 Remove OLD manunal to install correct manual. 2012-10-12 18:41:59 +00:00