Add new defines:
- CPU_FPU_SAVE (15)
int: FPU Instructions layout
* to use this, CPU_OSFXSR must be true
* 0: FSAVE
* 1: FXSAVE
* 2: XSAVE
* 3: XSAVEOPT
- CPU_FPU_SAVE_SIZE (16)
int: FPU Instruction layout size
- CPU_XSAVE_FEATURES (17)
quad: FPU XSAVE features
Bump CPU_MAXID from 15 to 18.
These values were prepared originally to be exported without ASCIIZ name to
be used as handler. These values are useful to get FPU accessors in a
debugger easier to implement on x86 (PT_SETFPREG, PT_GETFPREG).
This interface handles all supported x86 targets. In the older (i386) and
less featured CPUs check first osfxsr (OS uses FXSAVE/FXRSTOR).
According to sys/arch/x86/include/cpu.h r.1.65 this was prepared to be
exported beyond simple CTL_CREATE node.
Sponsored by <The NetBSD Foundation>
- Check if setkey correctly handles algorithms for AH/ESP
- Check IPsec of transport mode with AH/ESP over IPv4/IPv6
- Check IPsec of tunnel mode with AH/ESP over IPv4/IPv6
Note that we should modularize netipsec and reduce reverse symbol references
(referencing symbols of netipsec from net, netinet and netinet6) though,
the task needs lots of code changes. Prior to doing so, rumpifying it and
having ATF tests should be useful.
(4.2.8p10)
* [Sec 3389] NTP-01-016: Denial of Service via Malformed Config
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3388] NTP-01-014: Buffer Overflow in DPTS Clock
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3387] NTP-01-012: Authenticated DoS via Malicious Config Option
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3386] NTP-01-011: ntpq_stripquotes() returns incorrect Value
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3385] NTP-01-010: ereallocarray()/eallocarray() underused. HStenn
* [Sec 3384] NTP-01-009: Privileged execution of User Library code
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3383] NTP-01-008: Stack Buffer Overflow from Command Line
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3382] NTP-01-007: Data Structure terminated insufficiently
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3380] NTP-01-005: Off-by-one in Oncore GPS Receiver
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3379] NTP-01-004: Potential Overflows in ctl_put() functions
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3378] NTP-01-003: Improper use of snprintf() in mx4200_send()
(Pentest report 01.2017) <perlinger@ntp.org>
* [Sec 3377] NTP-01-002: Buffer Overflow in ntpq when fetching reslist
(Pentest report 01.2017) <perlinger@ntp.org
* [Sec 3376] Support build "hardening" flags. stenn@ntp.org
* [Sec 3361] 0rigin (zero origin) DoS. HStenn.
* [Bug 3393] clang scan-build findings <perlinger@ntp.org>
* [Bug 3363] Support for openssl-1.1.0 without compatibility modes
- rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
* [Bug 3356] Bugfix 3072 breaks multicastclient <perlinger@ntp.org>
* [Bug 3216] libntp audio ioctl() args incorrectly cast to int
on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
- original patch by Majdi S. Abbas
* [Bug 3215] 'make distcheck' fails with new BK repo format <perlinger@ntp.org>
* [Bug 3173] forking async worker: interrupted pipe I/O <perlinger@ntp.org>
- initial patch by Christos Zoulas
* [Bug 3139] (...) time_pps_create: Exec format error <perlinger@ntp.org>
- move loader API from 'inline' to proper source
- augment pathless dlls with absolute path to NTPD
- use 'msyslog()' instead of 'printf() 'for reporting trouble
* [Bug 3107] Incorrect Logic for Peer Event Limiting <perlinger@ntp.org>
- applied patch by Matthew Van Gundy
* [Bug 3065] Quiet warnings on NetBSD <perlinger@ntp.org>
- applied some of the patches provided by Havard. Not all of them
still match the current code base, and I did not touch libopt.
* [Bug 3062] Change the process name of forked DNS worker <perlinger@ntp.org>
- applied patch by Reinhard Max. See bugzilla for limitations.
* [Bug 2923] Trap Configuration Fail <perlinger@ntp.org>
- fixed dependency inversion from [Bug 2837]
* [Bug 2896] Nothing happens if minsane < maxclock < minclock
- produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
* [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
- applied patch by Miroslav Lichvar for ntp4.2.6 compat
* [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
- Fixed these and some more locations of this pattern.
Probably din't get them all, though. <perlinger@ntp.org>
* Update copyright year.
* bk-7 trigger updates
eXtensible Host Controller Interface Specification(rev 1.1), 4.6.6:
"A0 shall be set to 1 and refer to section 6.2.2.2 for the Slot Context fields
used by the Configure Endpoint Command."
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
--- 9.10.4-P7 released ---
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
