daily CVS update output
Updating src tree: P src/doc/CHANGES P src/external/bsd/unbound/Makefile.inc P src/external/mit/xorg/lib/libdrm_nouveau/Makefile P src/external/mit/xorg/server/drivers/xf86-video-nouveau/Makefile P src/external/mit/xorg/server/drivers/xf86-video-openchrome/Makefile P src/external/mit/xorg/server/drivers/xf86-video-siliconmotion/Makefile P src/external/mit/xorg/server/drivers/xf86-video-sis/Makefile P src/external/mit/xorg/server/xorg-server/Makefile P src/sbin/mount_msdos/mount_msdos.c P src/sys/arch/amd64/amd64/gdt.c P src/sys/arch/amd64/amd64/locore.S P src/sys/arch/amd64/include/segments.h P src/sys/kern/kern_sig.c P src/sys/lib/libsa/ext2fs.c P src/tests/fs/vfs/t_vnops.c P src/usr.bin/pkill/pkill.1 Updating xsrc tree: P xsrc/external/mit/xf86-video-glint/dist/src/pm2_accel.c P xsrc/external/mit/xf86-video-glint/dist/src/pm_accel.c P xsrc/external/mit/xf86-video-openchrome/dist/src/via_display.c Killing core files: Running the SUP scanner: SUP Scan for current starting at Mon Aug 22 03:01:44 2016 SUP Scan for current completed at Mon Aug 22 03:02:00 2016 SUP Scan for mirror starting at Mon Aug 22 03:02:00 2016 SUP Scan for mirror completed at Mon Aug 22 03:04:11 2016 Updating release-6 src tree (netbsd-6): Updating release-6 xsrc tree (netbsd-6): Running the SUP scanner: SUP Scan for release-6 starting at Mon Aug 22 03:06:25 2016 SUP Scan for release-6 completed at Mon Aug 22 03:06:33 2016 Updating release-7 src tree (netbsd-7): Updating release-7 xsrc tree (netbsd-7): Running the SUP scanner: SUP Scan for release-7 starting at Mon Aug 22 03:08:56 2016 SUP Scan for release-7 completed at Mon Aug 22 03:09:03 2016 Updating file list: -rw-rw-r-- 1 srcmastr netbsd 55014984 Aug 22 03:10 ls-lRA.gz
Re: bind -> unbound/nsd
On 2016-08-21 15:38, chris...@zoulas.com wrote: On Aug 21, 10:28am, t...@panix.com (Thor Lancelot Simon) wrote: -- Subject: Re: bind -> unbound/nsd | I am strongly opposed to removing basic server functionality present | in BSD Unix for over 30 years -- and still in widespread use -- from NetBSD. | I don't mind replacing BIND but all its functionality should be replacd. | | If you want to have to guess which version of basic Internet server | software might happen to be on the system you're working on today, Linux | is -->over there. I agree with that; yes, pkgsrc is there, but it does not provide the tight integration and the "out of the box" usability. I am also running authoritative servers on NetBSD so I am biased :-) OK, I'll bite. Please describe how nsd has a "tighter integration" or (i assume better?) "out of the box usability" when in -base vs pkgsrc. Roy
unbound user and group fix-hint at end of installation ./build.sh
At the end of ./build.sh, I got a note about needing to include _unbound to user and group. Isn't that something that should just be handled by etcupdate (in fact, it looks like etcupdate does know about this)? Why would we suggest an error-prone manual update when the next step in the update (etcupdate) will do this for you in an automated way ? -bch
Re: bind -> unbound/nsd
On Sun, Aug 21, 2016 at 03:07:18PM -0700, John Nemeth wrote: > There are regular pullups for security issues. Thus your list > would only be correct for 6.0 itself, and not for subsequent 6.x > releases. And, if one didn't update from 6.0 at all, there would > be plenty of other issues (both OpenSSL and OpenSSH regularly get > CVEs for example). > Would we update for security reasons despite the license change?
Re: bind -> unbound/nsd
On Aug 21, 9:47pm, co...@sdf.org wrote: } On Thu, Aug 18, 2016 at 11:10:18AM -0400, Christos Zoulas wrote: } > } > The recent change of ISC/bind licensing from BSD to MPL for the } > next release has provided us with an opportunity to re-evaluate } > the preferred daemon status for NetBSD and DNS resolution. Board/Core } > have decided not to import the next version of bind, and instead } > import the current version of unbound/nsd. } > } > If you feel that this creates problems for you, let us know. } > Also you should be able to use newer versions of bind from pkgsrc. } > We are not planning to de-support or remove bind for NetBSD-8. } } This may not be 100% factually correct (I'm trying my best, but not too } familiar with BIND): } } NetBSD 6.0 was released in Oct 2012. If we had done such a decision } several months before the release, the version of BIND we would have in } base for 6.x is ~9.9.0. } } This is a list of the vulnerabilities that our 6.x base BIND would } contain in this scenario, which would resemble what we will see towards } the end of the 8.x supported life. There are regular pullups for security issues. Thus your list would only be correct for 6.0 itself, and not for subsequent 6.x releases. And, if one didn't update from 6.0 at all, there would be plenty of other issues (both OpenSSL and OpenSSH regularly get CVEs for example). } # CVE Number Short Description } 752016-2775 A query name which is too long can cause a segmentation fault in lwresd } [list elided] } } Obtained from https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html }-- End of excerpt from co...@sdf.org
Re: bind -> unbound/nsd
On Thu, Aug 18, 2016 at 11:10:18AM -0400, Christos Zoulas wrote: > > Hello, > > The recent change of ISC/bind licensing from BSD to MPL for the > next release has provided us with an opportunity to re-evaluate > the preferred daemon status for NetBSD and DNS resolution. Board/Core > have decided not to import the next version of bind, and instead > import the current version of unbound/nsd. > > If you feel that this creates problems for you, let us know. > Also you should be able to use newer versions of bind from pkgsrc. > We are not planning to de-support or remove bind for NetBSD-8. > > Best, > > christos Hi, This may not be 100% factually correct (I'm trying my best, but not too familiar with BIND): NetBSD 6.0 was released in Oct 2012. If we had done such a decision several months before the release, the version of BIND we would have in base for 6.x is ~9.9.0. This is a list of the vulnerabilities that our 6.x base BIND would contain in this scenario, which would resemble what we will see towards the end of the 8.x supported life. # CVE Number Short Description 75 2016-2775 A query name which is too long can cause a segmentation fault in lwresd 73 2016-1286 A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c 72 2016-1285 An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c 69 2015-8704 Specific APL data could trigger an INSIST in apl_42.c 67 2015-8000 Responses with a malformed class attribute can trigger an assertion failure in db.c 65 2015-5722 Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c 64 2015-5477 An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure 63 2015-4620 Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating 62 2015-1349 A Problem with Trust Anchor Management Can Cause named to Crash 60 2014-8500 A Defect in Delegation Handling Can Be Exploited to Crash BIND 57 2014-0591 A Crafted Query Against an NSEC3-signed Zone Can Crash BIND 56 2013-6230 A Winsock API Bug can cause a side-effect affecting BIND ACLs 55 2013-4854 A specially crafted query can cause BIND to terminate abnormally 53 2013-2266 A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named 52 2012-5689 BIND 9 with DNS64 enabled can unexpectedly terminate when resolving domains in RPZ 51 2012-5688 BIND 9 servers using DNS64 can be crashed by a crafted query 50 2012-5166 Specially crafted DNS data can cause a lockup in named 49 2012-4244 A specially crafted Resource Record could cause named to terminate 48 2012-3868 High TCP query load can trigger a memory leak 47 2012-3817 Heavy DNSSEC validation load can cause a "bad cache" assertion failure 46 2012-1667 Handling of zero length rdata can cause named to terminate unexpectedly Obtained from https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html
re: xorg-server 1.18 ready for testing on x86 and shark
> nbmake[13]: nbmake[13]: don't know how to make > /usr/obj/external/mit/xorg/server/xorg-server/glamor/libglamor.a. Stop ah, this is a simple ordering issue i had missed due to manually building this once.. please try with external/mit/xorg/server/xorg-server/Makefile rev 1.27. thanks for testing! .mrg.
Re: bind -> unbound/nsd
On Aug 21, 10:28am, Thor Lancelot Simon wrote: } On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: } > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: } > > For example, I would use nsd on exactly one machine in my environment, } > > my public facing DNS server which is exactly where it belongs. } > > } > > On the other hand, all my other BSD machines run unbound as a local } > > caching resolver. } > } > To slightly expand that. You don't need nsd if you just want to serve a } > few local host names for a local network. You only need nsd if you want } > to provide an authoritive DNS server. IMO that is a decently small use } > case that it doesn't justify the incluse into the base system. } } I am strongly opposed to removing basic server functionality present } in BSD Unix for over 30 years -- and still in widespread use -- from NetBSD. } I don't mind replacing BIND but all its functionality should be replacd. } } If you want to have to guess which version of basic Internet server } software might happen to be on the system you're working on today, Linux } is -->over there. I find this comment quite confusing. Having to guess which software (and how to configure it) that provides a particular functionality isn't much different then guessing whether or not the functionality is provided by default. I use NetBSD to provide authoritative name service for a small service provider. I'm also in the camp that if you're going to remove BIND from base, then it is probably better not to bother with providing an authoritative name server, especially since very few systems are going to need one. People that do need one are either installing something from pkgsrc, or going through the hassle of converting to a different program. The latter is likely more troublesome. }-- End of excerpt from Thor Lancelot Simon
Re: xorg-server 1.18 ready for testing on x86 and shark
On Sun, Aug 21, 2016 at 05:46:01PM +0100, Dave Tyson wrote: > cvs updated current src,xsrc earlier today and just had a try at building > this > with a clean obj directory and it blows up being unable to make libglamor.a > > ===> build.sh command:./build.sh -V HAVE_XORG_SERVER_VER=118 -u -U -x -T > /usr/tools -O /usr/obj -j 2 release > ===> build.sh started:Sun Aug 21 12:01:37 BST 2016 > ===> NetBSD version: 7.99.36 > ===> MACHINE: amd64 > ===> MACHINE_ARCH:x86_64 > ===> Build platform: NetBSD 7.99.36 amd64 > ===> HOST_SH: /bin/sh > ===> MAKECONF file: /etc/mk.conf > #objdir /usr/obj/tools > ===> TOOLDIR path:/usr/tools > ===> DESTDIR path:/usr/obj/destdir.amd64 > ===> RELEASEDIR path: /usr/obj/releasedir > ===> Updated makewrapper: /usr/tools/bin/nbmake-amd64 > --- release --- > distribution ===> . > --- distribution --- > build ===> .(with: NOPOSTINSTALL=1) > --- build --- > Build started at: Sun Aug 21 12:01:38 BST 2016 > ... > ... > ... > #create Xorg/dummy.d > CC=/usr/tools/bin/x86_64--netbsd-gcc /usr/tools/bin/nbmkdep -f dummy.d.tmp > -- > -std=gnu99--sysroot=/usr/obj/destdir.amd64 -I/usr/xsrc/external/mit/xorg- > server/dist/include > -I/usr/xsrc/external/mit/xorg-server/dist/Xext - > I/usr/obj/destdir.amd64/usr/X11R7/include/pixman-1 - > I/usr/xsrc/external/mit/xorg-server/dist/../include -I/usr/obj/destdir.amd64/ > usr/X11R7/include/X11 -I/usr/xsrc/external/mit/xorg-server/dist/fb - > I/usr/xsrc/external/mit/xorg-server/dist/mi -I/usr/xsrc/external/mit/xorg- > server/dist/include -I/usr/xsrc/e > xternal/mit/xorg-server/dist/os -I/usr/xsrc/external/mit/xorg- > server/dist/Xext -I/usr/obj/destdir.amd64/usr/X11R7/include/X11/extensions - > I/usr/obj/destdir.amd64/usr/X11R7/incl > ude/libdrm -I/usr/obj/destdir.amd64/usr/X11R7/include/pixman-1 - > I/usr/obj/destdir.amd64/usr/X11R7/include/xorg -I/usr/xsrc/external/mit/xorg- > server/dist/render -DHAVE_DIX_CONF > IG_H -DDDXOSINIT -DSERVER_LOCK -DDDXOSFATALERROR -DDDXOSVERRORF -DDDXTIME - > DUSB_HID -DHAVE_DIX_CONFIG_H -D_BSD_SOURCE -DHAS_FCHOWN -DHAS_STICKY_DIR_BIT > -D_POSIX_THREAD_SAFE_FUNC > TIONS -DHAVE_XORG_CONFIG_H -DMITMISC -DXTEST -DXTRAP -DXSYNC -DXCMISC - > DXRECORD -DMITSHM -DBIGREQS -DXF86VIDMODE -DXF86MISC -DDPMSExtension -DEVI - > DSCREENSAVER -DXV -DXVMC -D > GLXEXT -DRES -DSHAPE -DXINPUT -DXKB -DLBX -DXAPPGROUP -DXCSECURITY > -DTOGCUP > -DXF86BIGFONT -DDPMSExtension -DPIXPRIV -DPANORAMIX -DRENDER -DRANDR - > DXFIXES -DDAMAGE -DCOMPOSIT > E -DXEVIE -DGLXEXT -DXF86DRI -DGLX_DIRECT_RENDERING -DGLX_USE_DLOPEN - > DGLX_USE_MESA -DXF86VIDMODE -D__GLX_ALIGN64 -DCSRG_BASED -DFUNCPROTO=15 - > DNARROWPROTO -I/usr/obj/destdir.am > d64/usr/X11R7/include -D__AMD64__ dummy.c && mv dummy.d.tmp dummy.d > --- .depend --- > #create Xorg/.depend > rm -f .depend > CC=/usr/tools/bin/x86_64--netbsd-gcc /usr/tools/bin/nbmkdep -s .o\ .ln\ .d -d > -f .depend dummy.d > --- dependall --- > --- .gdbinit --- > rm -f .gdbinit > echo "set solib-absolute-prefix /usr/obj/destdir.amd64" > .gdbinit > nbmake[13]: nbmake[13]: don't know how to make > /usr/obj/external/mit/xorg/server/xorg-server/glamor/libglamor.a. Stop > nbmake[13]: stopped in /usr/src/external/mit/xorg/server/xorg- > server/hw/xfree86/Xorg > *** [dependall] Error code 2 > nbmake[12]: stopped in /usr/src/external/mit/xorg/server/xorg- > server/hw/xfree86/Xorg > 1 error > nbmake[12]: stopped in /usr/src/external/mit/xorg/server/xorg- > server/hw/xfree86/Xorg > *** [dependall-Xorg] Error code 2 > ... > > Dave > > -- > > Phone: 07805784357 > Open Source O/S: www.netbsd.org > Caving: http://www.wirralcavinggroup.org.uk > I had the exactly same error... (and as work-around I specified HAVE_XORG_GLAMOR=no in MAKECONF-after that all compiled fine). BTW, I tried new native xorg (I also tried modular-xorg from pkgsrc, 1.18.4)... Unfortunately it turned out to be unsuitable for me at this moment... The reason is simple: Videocard which I am now use (it's Geforce6, nv44 based video) is not supported by kernel-nouveau driver... (I think it should be supported, but in fact it does not work. So I use generic genfb with nv driver in old-xorg. This combination works well for me). And the new xorg with nv driver doesn't seem to support some kind of acceleration - so video works unbeleivebly slow...(Besides that xv extension doesn't work. Though it may be supported, and I just can't figure out how to make it work).
Re: bind -> unbound/nsd
On Sun, Aug 21, 2016 at 10:28:39AM -0400, Thor Lancelot Simon wrote: > On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: > > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: > > > For example, I would use nsd on exactly one machine in my environment, > > > my public facing DNS server which is exactly where it belongs. > > > > > > On the other hand, all my other BSD machines run unbound as a local > > > caching resolver. > > > > To slightly expand that. You don't need nsd if you just want to serve a > > few local host names for a local network. You only need nsd if you want > > to provide an authoritive DNS server. IMO that is a decently small use > > case that it doesn't justify the incluse into the base system. > > I am strongly opposed to removing basic server functionality present > in BSD Unix for over 30 years -- and still in widespread use -- from NetBSD. > I don't mind replacing BIND but all its functionality should be replacd. I find it quite dishonest to call authoritive DNS a basic server functionality. Joerg
Re: xorg-server 1.18 ready for testing on x86 and shark
cvs updated current src,xsrc earlier today and just had a try at building this with a clean obj directory and it blows up being unable to make libglamor.a ===> build.sh command:./build.sh -V HAVE_XORG_SERVER_VER=118 -u -U -x -T /usr/tools -O /usr/obj -j 2 release ===> build.sh started:Sun Aug 21 12:01:37 BST 2016 ===> NetBSD version: 7.99.36 ===> MACHINE: amd64 ===> MACHINE_ARCH:x86_64 ===> Build platform: NetBSD 7.99.36 amd64 ===> HOST_SH: /bin/sh ===> MAKECONF file: /etc/mk.conf #objdir /usr/obj/tools ===> TOOLDIR path:/usr/tools ===> DESTDIR path:/usr/obj/destdir.amd64 ===> RELEASEDIR path: /usr/obj/releasedir ===> Updated makewrapper: /usr/tools/bin/nbmake-amd64 --- release --- distribution ===> . --- distribution --- build ===> .(with: NOPOSTINSTALL=1) --- build --- Build started at: Sun Aug 21 12:01:38 BST 2016 ... ... ... #create Xorg/dummy.d CC=/usr/tools/bin/x86_64--netbsd-gcc /usr/tools/bin/nbmkdep -f dummy.d.tmp -- -std=gnu99--sysroot=/usr/obj/destdir.amd64 -I/usr/xsrc/external/mit/xorg- server/dist/include -I/usr/xsrc/external/mit/xorg-server/dist/Xext - I/usr/obj/destdir.amd64/usr/X11R7/include/pixman-1 - I/usr/xsrc/external/mit/xorg-server/dist/../include -I/usr/obj/destdir.amd64/ usr/X11R7/include/X11 -I/usr/xsrc/external/mit/xorg-server/dist/fb - I/usr/xsrc/external/mit/xorg-server/dist/mi -I/usr/xsrc/external/mit/xorg- server/dist/include -I/usr/xsrc/e xternal/mit/xorg-server/dist/os -I/usr/xsrc/external/mit/xorg- server/dist/Xext -I/usr/obj/destdir.amd64/usr/X11R7/include/X11/extensions - I/usr/obj/destdir.amd64/usr/X11R7/incl ude/libdrm -I/usr/obj/destdir.amd64/usr/X11R7/include/pixman-1 - I/usr/obj/destdir.amd64/usr/X11R7/include/xorg -I/usr/xsrc/external/mit/xorg- server/dist/render -DHAVE_DIX_CONF IG_H -DDDXOSINIT -DSERVER_LOCK -DDDXOSFATALERROR -DDDXOSVERRORF -DDDXTIME - DUSB_HID -DHAVE_DIX_CONFIG_H -D_BSD_SOURCE -DHAS_FCHOWN -DHAS_STICKY_DIR_BIT -D_POSIX_THREAD_SAFE_FUNC TIONS -DHAVE_XORG_CONFIG_H -DMITMISC -DXTEST -DXTRAP -DXSYNC -DXCMISC - DXRECORD -DMITSHM -DBIGREQS -DXF86VIDMODE -DXF86MISC -DDPMSExtension -DEVI - DSCREENSAVER -DXV -DXVMC -D GLXEXT -DRES -DSHAPE -DXINPUT -DXKB -DLBX -DXAPPGROUP -DXCSECURITY -DTOGCUP -DXF86BIGFONT -DDPMSExtension -DPIXPRIV -DPANORAMIX -DRENDER -DRANDR - DXFIXES -DDAMAGE -DCOMPOSIT E -DXEVIE -DGLXEXT -DXF86DRI -DGLX_DIRECT_RENDERING -DGLX_USE_DLOPEN - DGLX_USE_MESA -DXF86VIDMODE -D__GLX_ALIGN64 -DCSRG_BASED -DFUNCPROTO=15 - DNARROWPROTO -I/usr/obj/destdir.am d64/usr/X11R7/include -D__AMD64__ dummy.c && mv dummy.d.tmp dummy.d --- .depend --- #create Xorg/.depend rm -f .depend CC=/usr/tools/bin/x86_64--netbsd-gcc /usr/tools/bin/nbmkdep -s .o\ .ln\ .d -d -f .depend dummy.d --- dependall --- --- .gdbinit --- rm -f .gdbinit echo "set solib-absolute-prefix /usr/obj/destdir.amd64" > .gdbinit nbmake[13]: nbmake[13]: don't know how to make /usr/obj/external/mit/xorg/server/xorg-server/glamor/libglamor.a. Stop nbmake[13]: stopped in /usr/src/external/mit/xorg/server/xorg- server/hw/xfree86/Xorg *** [dependall] Error code 2 nbmake[12]: stopped in /usr/src/external/mit/xorg/server/xorg- server/hw/xfree86/Xorg 1 error nbmake[12]: stopped in /usr/src/external/mit/xorg/server/xorg- server/hw/xfree86/Xorg *** [dependall-Xorg] Error code 2 ... Dave -- Phone: 07805784357 Open Source O/S: www.netbsd.org Caving: http://www.wirralcavinggroup.org.uk
Re: bind -> unbound/nsd
On Sun, Aug 21, 2016 at 10:38:44AM -0400, Christos Zoulas wrote: > On Aug 21, 10:28am, t...@panix.com (Thor Lancelot Simon) wrote: > -- Subject: Re: bind -> unbound/nsd > | I am strongly opposed to removing basic server functionality present > | in BSD Unix for over 30 years -- and still in widespread use -- from NetBSD. > | I don't mind replacing BIND but all its functionality should be replacd. > > I agree with that; yes, pkgsrc is there, but it does not provide the > tight integration and the "out of the box" usability. I agree strongly with Thor about the basic functionality and Christos about the integration and usability. Dave -- David Young //\ Trestle Technology Consulting (217) 721-9981 Urbana, IL http://trestle.tech/
Re: bind -> unbound/nsd
On Aug 21, 10:28am, t...@panix.com (Thor Lancelot Simon) wrote: -- Subject: Re: bind -> unbound/nsd | I am strongly opposed to removing basic server functionality present | in BSD Unix for over 30 years -- and still in widespread use -- from NetBSD. | I don't mind replacing BIND but all its functionality should be replacd. | | If you want to have to guess which version of basic Internet server | software might happen to be on the system you're working on today, Linux | is -->over there. I agree with that; yes, pkgsrc is there, but it does not provide the tight integration and the "out of the box" usability. I am also running authoritative servers on NetBSD so I am biased :-) I am also the one who is doing the work... christos
Re: bind -> unbound/nsd
On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: > > For example, I would use nsd on exactly one machine in my environment, > > my public facing DNS server which is exactly where it belongs. > > > > On the other hand, all my other BSD machines run unbound as a local > > caching resolver. > > To slightly expand that. You don't need nsd if you just want to serve a > few local host names for a local network. You only need nsd if you want > to provide an authoritive DNS server. IMO that is a decently small use > case that it doesn't justify the incluse into the base system. I am strongly opposed to removing basic server functionality present in BSD Unix for over 30 years -- and still in widespread use -- from NetBSD. I don't mind replacing BIND but all its functionality should be replacd. If you want to have to guess which version of basic Internet server software might happen to be on the system you're working on today, Linux is -->over there. Thor
build breakage on -current (gdt.c)
--- gdt.o --- /disk/6/archive/foreign/src/sys/arch/amd64/amd64/gdt.c:212:1: error: 'gdt_grow' defined but not used [-Werror=unused-function] gdt_grow(void) ^ I think during building the xen kernels. I don't see any commit to that file. The only caller of that function is inside #if !defined(XEN) || defined(USER_LDT) so perhaps the function and its declaration should be too. Thomas