CVS commit: [netbsd-5-2] src/sys/ufs/lfs
Module Name:src Committed By: snj Date: Mon Nov 9 22:50:18 UTC 2015 Modified Files: src/sys/ufs/lfs [netbsd-5-2]: lfs_segment.c Log Message: Fix ticket #1974 fallout. To generate a diff of this commit: cvs rdiff -u -r1.213.22.1 -r1.213.22.2 src/sys/ufs/lfs/lfs_segment.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/ufs/lfs/lfs_segment.c diff -u src/sys/ufs/lfs/lfs_segment.c:1.213.22.1 src/sys/ufs/lfs/lfs_segment.c:1.213.22.2 --- src/sys/ufs/lfs/lfs_segment.c:1.213.22.1 Sat Nov 7 20:31:22 2015 +++ src/sys/ufs/lfs/lfs_segment.c Mon Nov 9 22:50:18 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: lfs_segment.c,v 1.213.22.1 2015/11/07 20:31:22 snj Exp $ */ +/* $NetBSD: lfs_segment.c,v 1.213.22.2 2015/11/09 22:50:18 snj Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc. @@ -60,7 +60,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: lfs_segment.c,v 1.213.22.1 2015/11/07 20:31:22 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: lfs_segment.c,v 1.213.22.2 2015/11/09 22:50:18 snj Exp $"); #ifdef DEBUG # define vndebug(vp, str) do { \ @@ -1700,7 +1700,7 @@ lfs_rewind(struct lfs *fs, int newsn) panic("lfs_rewind: no clean segments"); if (newsn >= 0 && sn >= newsn) return ENOENT; - fs->lfs_nextseg = lfs_sntod(fs, sn); + fs->lfs_nextseg = sntod(fs, sn); lfs_newseg(fs); fs->lfs_offset = fs->lfs_curseg;
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Sat Nov 7 20:57:58 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: tickets 1974, 1978-1981 To generate a diff of this commit: cvs rdiff -u -r1.1.2.35 -r1.1.2.36 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.35 src/doc/CHANGES-5.2.4:1.1.2.36 --- src/doc/CHANGES-5.2.4:1.1.2.35 Fri Aug 14 06:00:34 2015 +++ src/doc/CHANGES-5.2.4 Sat Nov 7 20:57:58 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.35 2015/08/14 06:00:34 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.36 2015/11/07 20:57:58 snj Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2696,3 +2696,76 @@ crypto/dist/openssl/util/mkerr.pl patch POODLE fix in October last year that caused the SSL server side to fail to handshake. [spz, ticket#1976] + +sys/ufs/lfs/lfs_segment.c 1.247 via patch + + Fix catastrophic bug in lfs_rewind() that changed segment + numbers (lfs_curseg/lfs_nextseg in the superblock) using the + wrong units. These fields are for whatever reason the start + addresses of segments (measured in frags) rather than the + segment numbers 0..n. Only affects dumping from a mounted + file system. + [dholland, ticket #1974] + +sys/dev/mii/atphy.c1.17 + + Fix incorrect argument of mii_anar(). Fixes PR#50206. + [msaitoh, ticket #1978] + +sys/kern/kern_exec.c1.419, 1.420 +sys/kern/kern_exit.c1.246, 1.247 +sys/kern/kern_synch.c1.309 + + In execve_runproc(), update the p_waited entry for the process + being moved to SSTOP state, not for its parent. If the value is + not already zero, it could prevent its parent from waiting for + the process. Fixes PR kern/50298 + -- + When clearing out the scheduler queues during system shutdown, + we move all processes to the SSTOP state. Make sure we update + each process's p_waited and the parents' p_nstopchild counters + to maintain consistent values. Fixes PR kern/50318 + -- + Currently, if a process is exiting and its parent has indicated + no intent of reaping the process (nor any other children), the + process will get reparented to init. Since the state of the + exiting process at this point is SDEAD, proc_reparent() will not + update either the old or new parent's p_nstopchild counters. + This change causes both old and new parents to be properly + updated. Fixes PR kern/50300 + -- + For processes marked with PS_STOPEXIT, update the process's + p_waited value, and update its parent's p_nstopchild value when + marking the process's p_stat to SSTOP. The process needed to be + SACTIVE to get here, so this transition represents an additional + process for which the parent needs to wait. Fixes PR kern/50308 + -- + In spawn_return() we temporarily move the process state to SSTOP, + but without updating its p_waited value or its parent's + p_nstopchild counter. Later, we restore the original state, + again without any adjustment of the related values. This leaves + a relatively short window when the values are inconsistent and + could interfere with the proper operation of sys_wait() for the + parent. If during this window, any of the checks being made + result in an error, we call exit1() which will eventually migrate + the process's state to SDEAD (with an intermediate transition to + SDYING). At this point the other variables get updated, and we + finally restore a consistent state. + This change updates the p_waited and parent's p_nstopchild at each + step to eliminate any windows during which the values could lead + to incorrect decisions. Fixes PR kern/50330 + [pgoyette, ticket #1979] + +sys/kern/kern_sig.c1.321 + + When delivering a signal, it's possible that the process's state + in p_stat is SACTIVE yet p_sflag is PS_STOPPING (while waiting + for other lwp's to stop). In that case, we don't want to adjust + the parent's p_nstopchild count. + [pgoyette, ticket #1980] + +sys/kern/kern_exit.c1.248 + + Update value of p_stat before we release the proc_lock. + [pgoyette, ticket #1981] +
CVS commit: [netbsd-5-2] src/sys/kern
Module Name:src Committed By: snj Date: Sat Nov 7 20:48:58 UTC 2015 Modified Files: src/sys/kern [netbsd-5-2]: kern_exit.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1981): sys/kern/kern_exit.c: revision 1.248 Update value of p_stat before we release the proc_lock. Thanks to Robert Elz. To generate a diff of this commit: cvs rdiff -u -r1.214.4.2.6.1 -r1.214.4.2.6.2 src/sys/kern/kern_exit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exit.c diff -u src/sys/kern/kern_exit.c:1.214.4.2.6.1 src/sys/kern/kern_exit.c:1.214.4.2.6.2 --- src/sys/kern/kern_exit.c:1.214.4.2.6.1 Sat Nov 7 20:42:25 2015 +++ src/sys/kern/kern_exit.c Sat Nov 7 20:48:58 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exit.c,v 1.214.4.2.6.1 2015/11/07 20:42:25 snj Exp $ */ +/* $NetBSD: kern_exit.c,v 1.214.4.2.6.2 2015/11/07 20:48:58 snj Exp $ */ /*- * Copyright (c) 1998, 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.214.4.2.6.1 2015/11/07 20:42:25 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.214.4.2.6.2 2015/11/07 20:48:58 snj Exp $"); #include "opt_ktrace.h" #include "opt_perfctrs.h" @@ -242,8 +242,8 @@ exit1(struct lwp *l, int rv) } p->p_waited = 0; p->p_pptr->p_nstopchild++; - mutex_exit(proc_lock); p->p_stat = SSTOP; + mutex_exit(proc_lock); lwp_lock(l); p->p_nrlwps--; l->l_stat = LSSTOP;
CVS commit: [netbsd-5-2] src/sys/kern
Module Name:src Committed By: snj Date: Sat Nov 7 20:47:08 UTC 2015 Modified Files: src/sys/kern [netbsd-5-2]: kern_sig.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1980): sys/kern/kern_sig.c: revision 1.321 When delivering a signal, it's possible that the process's state in p_stat is SACTIVE yet p_sflag is PS_STOPPING (while waiting for other lwp's to stop). In that case, we don't want to adjust the parent's p_nstopchild count. Found by Robert Elz. To generate a diff of this commit: cvs rdiff -u -r1.289.4.8 -r1.289.4.8.2.1 src/sys/kern/kern_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_sig.c diff -u src/sys/kern/kern_sig.c:1.289.4.8 src/sys/kern/kern_sig.c:1.289.4.8.2.1 --- src/sys/kern/kern_sig.c:1.289.4.8 Sat Mar 17 19:14:08 2012 +++ src/sys/kern/kern_sig.c Sat Nov 7 20:47:08 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_sig.c,v 1.289.4.8 2012/03/17 19:14:08 bouyer Exp $ */ +/* $NetBSD: kern_sig.c,v 1.289.4.8.2.1 2015/11/07 20:47:08 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.289.4.8 2012/03/17 19:14:08 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.289.4.8.2.1 2015/11/07 20:47:08 snj Exp $"); #include "opt_ptrace.h" #include "opt_compat_sunos.h" @@ -1402,14 +1402,13 @@ kpsignal2(struct proc *p, ksiginfo_t *ks } if ((prop & SA_CONT) != 0 || signo == SIGKILL) { /* - * Re-adjust p_nstopchild if the process wasn't - * collected by its parent. + * Re-adjust p_nstopchild if the process was + * stopped but not yet collected by its parent. */ + if (p->p_stat == SSTOP && !p->p_waited) +p->p_pptr->p_nstopchild--; p->p_stat = SACTIVE; p->p_sflag &= ~PS_STOPPING; - if (!p->p_waited) { -p->p_pptr->p_nstopchild--; - } if (p->p_slflag & PSL_TRACED) { KASSERT(signo == SIGKILL); goto deliver;
CVS commit: [netbsd-5-2] src/sys/kern
Module Name:src Committed By: snj Date: Sat Nov 7 20:42:26 UTC 2015 Modified Files: src/sys/kern [netbsd-5-2]: kern_exec.c kern_exit.c kern_synch.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1979): sys/kern/kern_synch.c: revision 1.309 sys/kern/kern_exit.c: revisions 1.246, 1.247 sys/kern/kern_exec.c: revision 1.419 In execve_runproc(), update the p_waited entry for the process being moved to SSTOP state, not for its parent. (It is correct to update the parent's p_nstopchild count.) If the value is not already zero, it could prevent its parent from waiting for the process. Fixes PR kern/50298 -- When clearing out the scheduler queues during system shutdown, we move all processes to the SSTOP state. Make sure we update each process's p_waited and the parents' p_nstopchild counters to maintain consistent values. Should not make any real difference this late in the shutdown process, but we should still be consistent just in case. Fixes PR kern/50318 -- Currently, if a process is exiting and its parent has indicated no intent of reaping the process (nor any other children), the process wil get reparented to init. Since the state of the exiting process at this point is SDEAD, proc_reparent() will not update either the old or new parent's p_nstopchild counters. This change causes both old and new parents to be properly updated. Fixes PR kern/50300 -- For processes marked with PS_STOPEXIT, update the process's p_waited value, and update its parent's p_nstopchild value when marking the process's p_stat to SSTOP. The process needed to be SACTIVE to get here, so this transition represents an additional process for which the parent needs to wait. Fixes PR kern/50308 To generate a diff of this commit: cvs rdiff -u -r1.280.4.3 -r1.280.4.3.10.1 src/sys/kern/kern_exec.c cvs rdiff -u -r1.214.4.2 -r1.214.4.2.6.1 src/sys/kern/kern_exit.c cvs rdiff -u -r1.254.2.6 -r1.254.2.6.10.1 src/sys/kern/kern_synch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exec.c diff -u src/sys/kern/kern_exec.c:1.280.4.3 src/sys/kern/kern_exec.c:1.280.4.3.10.1 --- src/sys/kern/kern_exec.c:1.280.4.3 Wed Apr 1 21:03:04 2009 +++ src/sys/kern/kern_exec.c Sat Nov 7 20:42:25 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exec.c,v 1.280.4.3 2009/04/01 21:03:04 snj Exp $ */ +/* $NetBSD: kern_exec.c,v 1.280.4.3.10.1 2015/11/07 20:42:25 snj Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -59,7 +59,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.280.4.3 2009/04/01 21:03:04 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.280.4.3.10.1 2015/11/07 20:42:25 snj Exp $"); #include "opt_ktrace.h" #include "opt_syscall_debug.h" @@ -1104,7 +1104,7 @@ execve1(struct lwp *l, const char *path, if (p->p_sflag & PS_STOPEXEC) { KERNEL_UNLOCK_ALL(l, &l->l_biglocks); p->p_pptr->p_nstopchild++; - p->p_pptr->p_waited = 0; + p->p_waited = 0; mutex_enter(p->p_lock); ksiginfo_queue_init(&kq); sigclearall(p, &contsigmask, &kq); Index: src/sys/kern/kern_exit.c diff -u src/sys/kern/kern_exit.c:1.214.4.2 src/sys/kern/kern_exit.c:1.214.4.2.6.1 --- src/sys/kern/kern_exit.c:1.214.4.2 Wed Jul 1 22:30:30 2009 +++ src/sys/kern/kern_exit.c Sat Nov 7 20:42:25 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exit.c,v 1.214.4.2 2009/07/01 22:30:30 snj Exp $ */ +/* $NetBSD: kern_exit.c,v 1.214.4.2.6.1 2015/11/07 20:42:25 snj Exp $ */ /*- * Copyright (c) 1998, 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.214.4.2 2009/07/01 22:30:30 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.214.4.2.6.1 2015/11/07 20:42:25 snj Exp $"); #include "opt_ktrace.h" #include "opt_perfctrs.h" @@ -234,8 +234,15 @@ exit1(struct lwp *l, int rv) if (__predict_false(p->p_sflag & PS_STOPEXIT)) { KERNEL_UNLOCK_ALL(l, &l->l_biglocks); sigclearall(p, &contsigmask, &kq); + + if (!mutex_tryenter(proc_lock)) { + mutex_exit(p->p_lock); + mutex_enter(proc_lock); + mutex_enter(p->p_lock); + } p->p_waited = 0; - membar_producer(); + p->p_pptr->p_nstopchild++; + mutex_exit(proc_lock); p->p_stat = SSTOP; lwp_lock(l); p->p_nrlwps--; @@ -1011,7 +1018,7 @@ proc_reparent(struct proc *child, struct if (child->p_pptr == parent) return; - if (child->p_stat == SZOMB || + if (child->p_stat == SZOMB || child->p_stat == SDEAD || (child->p_stat == SSTOP && !child->p_waited)) { child->p_pptr->p_nstopchild--; parent->p_nstopchild++; Index: src/sys/kern/kern_synch.c diff -u src/sys/kern/kern_synch.c:1.254.2.6 src/sys/kern/kern_synch.c:1.254.2.6.10.1 --- src/sys/kern/kern_synch.c:1.254.2.6 Thu Apr 23 17:47:13 2009 +++ src/sys/kern/kern_synch.c Sat Nov 7 20:42:25 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_synch.c,v 1.254.2.6 2009/04/23 17:4
CVS commit: [netbsd-5-2] src/sys/dev/mii
Module Name:src Committed By: snj Date: Sat Nov 7 20:37:09 UTC 2015 Modified Files: src/sys/dev/mii [netbsd-5-2]: atphy.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1978): sys/dev/mii/atphy.c: revision 1.17 Fix incorrect argument of mii_anar(). Fixes PR#50206. To generate a diff of this commit: cvs rdiff -u -r1.5.2.2 -r1.5.2.2.6.1 src/sys/dev/mii/atphy.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/mii/atphy.c diff -u src/sys/dev/mii/atphy.c:1.5.2.2 src/sys/dev/mii/atphy.c:1.5.2.2.6.1 --- src/sys/dev/mii/atphy.c:1.5.2.2 Sun May 3 23:45:47 2009 +++ src/sys/dev/mii/atphy.c Sat Nov 7 20:37:09 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: atphy.c,v 1.5.2.2 2009/05/03 23:45:47 snj Exp $ */ +/* $NetBSD: atphy.c,v 1.5.2.2.6.1 2015/11/07 20:37:09 snj Exp $ */ /* $OpenBSD: atphy.c,v 1.1 2008/09/25 20:47:16 brad Exp $ */ /*- @@ -33,7 +33,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: atphy.c,v 1.5.2.2 2009/05/03 23:45:47 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: atphy.c,v 1.5.2.2.6.1 2015/11/07 20:37:09 snj Exp $"); #include #include @@ -202,7 +202,7 @@ atphy_service(struct mii_softc *sc, stru return EINVAL; } - anar = mii_anar(ife->ifm_media); + anar = mii_anar(IFM_SUBTYPE(ife->ifm_media)); if (((ife->ifm_media & IFM_GMASK) & IFM_FDX) != 0) { bmcr |= BMCR_FDX; /* Enable pause. */
CVS commit: [netbsd-5-2] src/sys/ufs/lfs
Module Name:src Committed By: snj Date: Sat Nov 7 20:31:22 UTC 2015 Modified Files: src/sys/ufs/lfs [netbsd-5-2]: lfs_segment.c Log Message: Pull up following revision(s) (requested by dholland in ticket #1974): sys/ufs/lfs/lfs_segment.c: revision 1.247 via patch Fix catastrophic bug in lfs_rewind() that changed segment numbers (lfs_curseg/lfs_nextseg in the superblock) using the wrong units. These fields are for whatever reason the start addresses of segments (measured in frags) rather than the segment numbers 0..n. This only apparently affects dumping from a mounted fs; however, it trashes the fs. I would really, really like to have a static analysis tool that can keep track of the units things are measured in, since fs code is full of conversion macros and the macros are named inscrutable things like "sntod" whose letters don't necessarily even correspond to the units they convert. It is surprising that more of these are not wrong. To generate a diff of this commit: cvs rdiff -u -r1.213 -r1.213.22.1 src/sys/ufs/lfs/lfs_segment.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/ufs/lfs/lfs_segment.c diff -u src/sys/ufs/lfs/lfs_segment.c:1.213 src/sys/ufs/lfs/lfs_segment.c:1.213.22.1 --- src/sys/ufs/lfs/lfs_segment.c:1.213 Mon Jun 2 16:25:34 2008 +++ src/sys/ufs/lfs/lfs_segment.c Sat Nov 7 20:31:22 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: lfs_segment.c,v 1.213 2008/06/02 16:25:34 ad Exp $ */ +/* $NetBSD: lfs_segment.c,v 1.213.22.1 2015/11/07 20:31:22 snj Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc. @@ -60,7 +60,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: lfs_segment.c,v 1.213 2008/06/02 16:25:34 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: lfs_segment.c,v 1.213.22.1 2015/11/07 20:31:22 snj Exp $"); #ifdef DEBUG # define vndebug(vp, str) do { \ @@ -1669,7 +1669,7 @@ lfs_updatemeta(struct segment *sp) } /* - * Move lfs_offset to a segment earlier than sn. + * Move lfs_offset to a segment earlier than newsn. */ int lfs_rewind(struct lfs *fs, int newsn) @@ -1700,7 +1700,7 @@ lfs_rewind(struct lfs *fs, int newsn) panic("lfs_rewind: no clean segments"); if (newsn >= 0 && sn >= newsn) return ENOENT; - fs->lfs_nextseg = sn; + fs->lfs_nextseg = lfs_sntod(fs, sn); lfs_newseg(fs); fs->lfs_offset = fs->lfs_curseg;
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: riz Date: Tue Sep 15 00:03:37 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.1 Log Message: Fix file list for ticket 1865; add a missing "/" To generate a diff of this commit: cvs rdiff -u -r1.1.2.22 -r1.1.2.23 src/doc/CHANGES-5.2.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.1 diff -u src/doc/CHANGES-5.2.1:1.1.2.22 src/doc/CHANGES-5.2.1:1.1.2.23 --- src/doc/CHANGES-5.2.1:1.1.2.22 Sun Sep 22 22:43:10 2013 +++ src/doc/CHANGES-5.2.1 Tue Sep 15 00:03:37 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.1,v 1.1.2.22 2013/09/22 22:43:10 riz Exp $ +# $NetBSD: CHANGES-5.2.1,v 1.1.2.23 2015/09/15 00:03:37 riz Exp $ A complete list of changes from the NetBSD 5.2 release to the NetBSD 5.2.1 release: @@ -107,54 +107,54 @@ distrib/utils/sysinst/menus.mi 1.35, 1. public servers. [msaitoh, ticket #1846] -xsrc/external/mitMesaLib/dist/src/glx/x11/XF86dri.c patch -xsrc/external/mitlibFS/dist/src/FSOpenServ.c patch -xsrc/external/mitlibX11/dist/modules/im/ximcp/imLcPrs.c patch -xsrc/external/mitlibX11/dist/modules/im/ximcp/imTrX.c patch -xsrc/external/mitlibX11/dist/src/AllCells.c patch -xsrc/external/mitlibX11/dist/src/Font.c patch -xsrc/external/mitlibX11/dist/src/FontInfo.c patch -xsrc/external/mitlibX11/dist/src/FontNames.c patch -xsrc/external/mitlibX11/dist/src/GetFPath.c patch -xsrc/external/mitlibX11/dist/src/GetImage.c patch -xsrc/external/mitlibX11/dist/src/GetMoEv.c patch -xsrc/external/mitlibX11/dist/src/GetPntMap.c patch -xsrc/external/mitlibX11/dist/src/GetProp.c patch -xsrc/external/mitlibX11/dist/src/LiHosts.c patch -xsrc/external/mitlibX11/dist/src/ListExt.c patch -xsrc/external/mitlibX11/dist/src/ModMap.c patch -xsrc/external/mitlibX11/dist/src/Xrm.c patch -xsrc/external/mitlibX11/dist/src/xcms/cmsColNm.c patch -xsrc/external/mitlibX11/dist/src/xkb/XKBExtDev.c patch -xsrc/external/mitlibX11/dist/src/xkb/XKBGeom.c patch -xsrc/external/mitlibX11/dist/src/xkb/XKBGetMap.c patch -xsrc/external/mitlibX11/dist/src/xkb/XKBNames.c patch -xsrc/external/mitlibXcursor/dist/src/file.c patch -xsrc/external/mitlibXext/dist/src/XEVI.c patch -xsrc/external/mitlibXext/dist/src/XShape.c patch -xsrc/external/mitlibXext/dist/src/XSync.c patch -xsrc/external/mitlibXext/dist/src/Xcup.c patch -xsrc/external/mitlibXext/dist/src/Xdbe.c patch -xsrc/external/mitlibXfixes/dist/src/Cursor.c patch -xsrc/external/mitlibXi/dist/src/XGMotion.c patch -xsrc/external/mitlibXi/dist/src/XGetBMap.c patch -xsrc/external/mitlibXi/dist/src/XGetDCtl.c patch -xsrc/external/mitlibXi/dist/src/XGetDProp.c patch -xsrc/external/mitlibXi/dist/src/XGetFCtl.c patch -xsrc/external/mitlibXi/dist/src/XGetProp.c patch -xsrc/external/mitlibXi/dist/src/XListDev.c patch -xsrc/external/mitlibXi/dist/src/XQueryDv.c patch -xsrc/external/mitlibXinerama/dist/src/Xinerama.c patch -xsrc/external/mitlibXrandr/dist/src/XrrProperty.c patch -xsrc/external/mitlibXrender/dist/src/Filter.c patch -xsrc/external/mitlibXrender/dist/src/Xrender.c patch -xsrc/external/mitlibXres/dist/src/XRes.c patch -xsrc/external/mitlibXt/dist/src/ResConfig.c patch -xsrc/external/mitlibXt/dist/src/Selection.c patch -xsrc/external/mitlibXv/dist/src/Xv.c patch -xsrc/external/mitlibXvMC/dist/src/XvMC.c patch -xsrc/external/mitlibXxf86dga/dist/src/XF86DGA2.c patch -xsrc/external/mitlibXxf86vm/dist/src/XF86VMode.c patch +xsrc/external/mit/MesaLib/dist/src/glx/x11/XF86dri.c patch +xsrc/external/mit/libFS/dist/src/FSOpenServ.c patch +xsrc/external/mit/libX11/dist/modules/im/ximcp/imLcPrs.c patch +xsrc/external/mit/libX11/dist/modules/im/ximcp/imTrX.c patch +xsrc/external/mit/libX11/dist/src/AllCells.c patch +xsrc/external/mit/libX11/dist/src/Font.c patch +xsrc/external/mit/libX11/dist/src/FontInfo.c patch +xsrc/external/mit/libX11/dist/src/FontNames.c patch +xsrc/external/mit/libX11/dist/src/GetFPath.c patch +xsrc/external/mit/libX11/dist/src/GetImage.c patch +xsrc/external/mit/libX11/dist/src/GetMoEv.c patch +xsrc/external/mit/libX11/dist/src/GetPntMap.c patch +xsrc/external/mit/libX11/dist/src/GetProp.c patch +xsrc/external/mit/libX11/dist/src/LiHosts.c patch +xsrc/external/mit/libX11/dist/src/ListExt.c patch +xsrc/external/mit/libX11/dist/src/ModMap.c patch +xsrc/external/mit/libX11/dist/src/Xrm.c patch +xsrc/external/mit/libX11/dist/src/xcms/cmsColNm.c patch +xsrc/external/mit/libX11/dist/src/xkb/XKBExtDev.c patch +xsrc/external/mit/libX11/dist/src/xkb/XKBGeom.c patch +xsrc/external/mit/libX11/dist/src/xkb/XKBGetMap.c patch +xsrc/external/mit/libX11/dist/src/xkb/XKBNames.c patch +xsrc/external/mit/libXcursor/dist/src/file.c patch +xsrc/external/mit/libXext/dist/src/XEVI.c patch +xsrc/external/mit/libXext/dist/src/XShape.c patch +xsrc/external/mit/libXext/dist/src/XSync.c patch +xsrc/external/mit/libXext/dist/src/Xcup.c patch +xsrc/external/mit/libXext/d
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Fri Aug 14 06:00:34 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket 1976. To generate a diff of this commit: cvs rdiff -u -r1.1.2.34 -r1.1.2.35 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.34 src/doc/CHANGES-5.2.4:1.1.2.35 --- src/doc/CHANGES-5.2.4:1.1.2.34 Fri Jul 24 07:46:03 2015 +++ src/doc/CHANGES-5.2.4 Fri Aug 14 06:00:34 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.34 2015/07/24 07:46:03 martin Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.35 2015/08/14 06:00:34 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2655,3 +2655,44 @@ sys/netinet/tcp_output.c 1.184 Make sure that snd_win doesn't go negative. [matt, ticket #1973] +crypto/dist/openssl/e_os2.h patch +crypto/dist/openssl/crypto/asn1/a_int.c patch +crypto/dist/openssl/crypto/asn1/tasn_new.c patch +crypto/dist/openssl/crypto/bn/bn.h patch +crypto/dist/openssl/crypto/bn/bn_err.c patch +crypto/dist/openssl/crypto/bn/bn_print.c patch +crypto/dist/openssl/crypto/bn/bn_rand.c patch +crypto/dist/openssl/crypto/bn/bn_shift.c patch +crypto/dist/openssl/crypto/cms/cms_smime.c patch +crypto/dist/openssl/crypto/ec/ec2_smpl.c patch +crypto/dist/openssl/crypto/ec/ec_check.c patch +crypto/dist/openssl/crypto/ec/ec_key.c patch +crypto/dist/openssl/crypto/ec/ec_lib.c patch +crypto/dist/openssl/crypto/ec/ecp_smpl.c patch +crypto/dist/openssl/crypto/ec/ectest.c patch +crypto/dist/openssl/crypto/ecdsa/ecdsatest.c patch +crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c patch +crypto/dist/openssl/crypto/objects/obj_dat.c patch +crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c patch +crypto/dist/openssl/crypto/pem/pem_pk8.c patch +crypto/dist/openssl/crypto/pkcs7/pk7_doit.c patch +crypto/dist/openssl/crypto/x509/x509_lu.c patch +crypto/dist/openssl/crypto/x509/x509_vfy.c patch +crypto/dist/openssl/doc/crypto/BN_rand.pod patch +crypto/dist/openssl/doc/crypto/BN_set_bit.pod patch +crypto/dist/openssl/doc/crypto/pem.pod patch +crypto/dist/openssl/ssl/d1_lib.c patch +crypto/dist/openssl/ssl/s3_clnt.c patch +crypto/dist/openssl/ssl/s3_srvr.c patch +crypto/dist/openssl/ssl/ssl.h patch +crypto/dist/openssl/ssl/ssl_err.c patch +crypto/dist/openssl/ssl/ssl_lib.c patch +crypto/dist/openssl/ssl/ssl_locl.h patch +crypto/dist/openssl/ssl/ssl_sess.c patch +crypto/dist/openssl/util/mkerr.pl patch + + This change covers the vulnerabilities relevant to netbsd-5 from the + June OpenSSL advisory, and also fixes a regression introduced with the + POODLE fix in October last year that caused the SSL server side to + fail to handshake. + [spz, ticket#1976]
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: msaitoh Date: Fri Aug 14 05:58:12 UTC 2015 Modified Files: src/crypto/dist/openssl [netbsd-5-2]: e_os2.h src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_int.c tasn_new.c src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn.h bn_err.c bn_print.c bn_rand.c bn_shift.c src/crypto/dist/openssl/crypto/cms [netbsd-5-2]: cms_smime.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec2_smpl.c ec_check.c ec_key.c ec_lib.c ecp_smpl.c ectest.c src/crypto/dist/openssl/crypto/ecdsa [netbsd-5-2]: ecdsatest.c ecs_ossl.c src/crypto/dist/openssl/crypto/objects [netbsd-5-2]: obj_dat.c src/crypto/dist/openssl/crypto/ocsp [netbsd-5-2]: ocsp_vfy.c src/crypto/dist/openssl/crypto/pem [netbsd-5-2]: pem_pk8.c src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-2]: pk7_doit.c src/crypto/dist/openssl/crypto/x509 [netbsd-5-2]: x509_lu.c x509_vfy.c src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: BN_rand.pod BN_set_bit.pod pem.pod src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_lib.c s3_clnt.c s3_srvr.c ssl.h ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c src/crypto/dist/openssl/util [netbsd-5-2]: mkerr.pl Log Message: Pull up following revision(s) (requested by spz in ticket #1976): crypto/dist/openssl/e_os2.h patch crypto/dist/openssl/crypto/asn1/a_int.c patch crypto/dist/openssl/crypto/asn1/tasn_new.c patch crypto/dist/openssl/crypto/bn/bn.h patch crypto/dist/openssl/crypto/bn/bn_err.c patch crypto/dist/openssl/crypto/bn/bn_print.cpatch crypto/dist/openssl/crypto/bn/bn_rand.c patch crypto/dist/openssl/crypto/bn/bn_shift.cpatch crypto/dist/openssl/crypto/cms/cms_smime.c patch crypto/dist/openssl/crypto/ec/ec2_smpl.cpatch crypto/dist/openssl/crypto/ec/ec_check.cpatch crypto/dist/openssl/crypto/ec/ec_key.c patch crypto/dist/openssl/crypto/ec/ec_lib.c patch crypto/dist/openssl/crypto/ec/ecp_smpl.cpatch crypto/dist/openssl/crypto/ec/ectest.c patch crypto/dist/openssl/crypto/ecdsa/ecdsatest.cpatch crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c patch crypto/dist/openssl/crypto/objects/obj_dat.cpatch crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c patch crypto/dist/openssl/crypto/pem/pem_pk8.cpatch crypto/dist/openssl/crypto/pkcs7/pk7_doit.c patch crypto/dist/openssl/crypto/x509/x509_lu.c patch crypto/dist/openssl/crypto/x509/x509_vfy.c patch crypto/dist/openssl/doc/crypto/BN_rand.pod patch crypto/dist/openssl/doc/crypto/BN_set_bit.pod patch crypto/dist/openssl/doc/crypto/pem.pod patch crypto/dist/openssl/ssl/d1_lib.cpatch crypto/dist/openssl/ssl/s3_clnt.c patch crypto/dist/openssl/ssl/s3_srvr.c patch crypto/dist/openssl/ssl/ssl.h patch crypto/dist/openssl/ssl/ssl_err.c patch crypto/dist/openssl/ssl/ssl_lib.c patch crypto/dist/openssl/ssl/ssl_locl.h patch crypto/dist/openssl/ssl/ssl_sess.c patch crypto/dist/openssl/util/mkerr.pl patch This change covers the vulnerabilities relevant to netbsd-5 from the June OpenSSL advisory, and also fixes a regression introduced with the POODLE fix in October last year that caused the SSL server side to fail to handshake. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.7.2.1 src/crypto/dist/openssl/e_os2.h cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \ src/crypto/dist/openssl/crypto/asn1/a_int.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ src/crypto/dist/openssl/crypto/asn1/tasn_new.c cvs rdiff -u -r1.12.2.1 -r1.12.2.2 src/crypto/dist/openssl/crypto/bn/bn.h cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ src/crypto/dist/openssl/crypto/bn/bn_err.c cvs rdiff -u -r1.9 -r1.9.2.1 src/crypto/dist/openssl/crypto/bn/bn_print.c cvs rdiff -u -r1.1.1.6 -r1.1.1.6.38.1 \ src/crypto/dist/openssl/crypto/bn/bn_rand.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.38.1 \ src/crypto/dist/openssl/crypto/bn/bn_shift.c cvs rdiff -u -r1.1.1.1.8.1 -r1.1.1.1.8.1.10.1 \ src/crypto/dist/openssl/crypto/cms/cms_smime.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ src/crypto/dist/openssl/crypto/ec/ec2_smpl.c \ src/crypto/dist/openssl/crypto/ec/ectest.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.38.1 \ src/crypto/dist/openssl/crypto/ec/ec_check.c cvs rdiff -u -r1.1.1.1.38.1 -r1.1.1.1.38.2 \ src/crypto/dist/openssl/crypto/ec/ec_key.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ src/crypto/dist/openssl/crypto/ec/ec_lib.c cvs rdiff -u -r1.1.1.4.38.1 -r1.1.1.4.38.2 \ src/crypto/dist/openssl/crypto/ec/ecp_smpl.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ src/crypto/dist/openssl/crypto/ecdsa/ecdsatest.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ src/crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c cv
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: martin Date: Fri Jul 24 07:46:03 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1973 To generate a diff of this commit: cvs rdiff -u -r1.1.2.33 -r1.1.2.34 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.33 src/doc/CHANGES-5.2.4:1.1.2.34 --- src/doc/CHANGES-5.2.4:1.1.2.33 Wed Jul 1 07:19:30 2015 +++ src/doc/CHANGES-5.2.4 Fri Jul 24 07:46:03 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.33 2015/07/01 07:19:30 bouyer Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.34 2015/07/24 07:46:03 martin Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2647,3 +2647,11 @@ usr.bin/calendar/calendar.c 1.51 are serious if they happen. [dholland, ticket #1971] +sys/netinet/tcp_input.c1.343 +sys/netinet/tcp_output.c 1.184 + + If we are sending a window probe and there's unacked data in the + socket, make sure at least the persist timer is running. + Make sure that snd_win doesn't go negative. + [matt, ticket #1973] +
CVS commit: [netbsd-5-2] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Jul 24 07:44:35 UTC 2015 Modified Files: src/sys/netinet [netbsd-5-2]: tcp_input.c tcp_output.c Log Message: Pull up following revision(s) (requested by matt in ticket #1973): sys/netinet/tcp_output.c: revision 1.184 sys/netinet/tcp_input.c: revision 1.343 If we are sending a window probe and there's unacked data in the socket, make sure at least the persist timer is running. Make sure that snd_win doesn't go negative. To generate a diff of this commit: cvs rdiff -u -r1.291.4.5 -r1.291.4.5.6.1 src/sys/netinet/tcp_input.c cvs rdiff -u -r1.167.10.1 -r1.167.10.1.2.1 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.291.4.5 src/sys/netinet/tcp_input.c:1.291.4.5.6.1 --- src/sys/netinet/tcp_input.c:1.291.4.5 Fri Jun 11 23:36:07 2010 +++ src/sys/netinet/tcp_input.c Fri Jul 24 07:44:35 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.291.4.5 2010/06/11 23:36:07 riz Exp $ */ +/* $NetBSD: tcp_input.c,v 1.291.4.5.6.1 2015/07/24 07:44:35 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -145,7 +145,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.291.4.5 2010/06/11 23:36:07 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.291.4.5.6.1 2015/07/24 07:44:35 martin Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -2438,7 +2438,10 @@ after_listen: tp->t_lastm = NULL; sbdrop(&so->so_snd, acked); tp->t_lastoff -= acked; - tp->snd_wnd -= acked; + if (tp->snd_wnd > acked) +tp->snd_wnd -= acked; + else +tp->snd_wnd = 0; ourfinisacked = 0; } sowwakeup(so); Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.167.10.1 src/sys/netinet/tcp_output.c:1.167.10.1.2.1 --- src/sys/netinet/tcp_output.c:1.167.10.1 Tue Mar 29 20:12:14 2011 +++ src/sys/netinet/tcp_output.c Fri Jul 24 07:44:35 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.167.10.1 2011/03/29 20:12:14 riz Exp $ */ +/* $NetBSD: tcp_output.c,v 1.167.10.1.2.1 2015/07/24 07:44:35 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.167.10.1 2011/03/29 20:12:14 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.167.10.1.2.1 2015/07/24 07:44:35 martin Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -1524,14 +1524,24 @@ send: * of retransmit time. */ timer: - if (TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0 && - ((sack_rxmit && tp->snd_nxt != tp->snd_max) || - tp->snd_nxt != tp->snd_una)) { - if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { -TCP_TIMER_DISARM(tp, TCPT_PERSIST); + if (TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0) { + if ((sack_rxmit && tp->snd_nxt != tp->snd_max) + || tp->snd_nxt != tp->snd_una) { +if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { + TCP_TIMER_DISARM(tp, TCPT_PERSIST); + tp->t_rxtshift = 0; +} +TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); + } else if (len == 0 && so->so_snd.sb_cc > 0 + && TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { +/* + * If we are sending a window probe and there's + * unacked data in the socket, make sure at + * least the persist timer is running. + */ tp->t_rxtshift = 0; +tcp_setpersist(tp); } - TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); } } else if (SEQ_GT(tp->snd_nxt + len, tp->snd_max))
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: bouyer Date: Wed Jul 1 07:19:30 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: ticket 1971 To generate a diff of this commit: cvs rdiff -u -r1.1.2.32 -r1.1.2.33 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.32 src/doc/CHANGES-5.2.4:1.1.2.33 --- src/doc/CHANGES-5.2.4:1.1.2.32 Thu Jun 4 09:05:29 2015 +++ src/doc/CHANGES-5.2.4 Wed Jul 1 07:19:30 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.32 2015/06/04 09:05:29 martin Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.33 2015/07/01 07:19:30 bouyer Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2633,3 +2633,17 @@ sys/arch/x86/x86/intel_busclock.c 1.10, [sborrill, ticket #1963] +usr.bin/calendar/calendar.c 1.51 + + Correct privilege handling problems in calendar -a (which runs as root + from /etc/daily); do not exec other programs while the real uid is + still 0. + + Also, clear the supplementary groups list up front and call initgroups + when becoming another user, to avoid leaking any extra group + privileges that we might have. + + And finally, don't silently ignore errors changing uid and gid; those + are serious if they happen. + [dholland, ticket #1971] +
CVS commit: [netbsd-5-2] src/usr.bin/calendar
Module Name:src Committed By: bouyer Date: Wed Jul 1 07:18:42 UTC 2015 Modified Files: src/usr.bin/calendar [netbsd-5-2]: calendar.c Log Message: Pull up following revision(s) (requested by dholland in ticket #1971): usr.bin/calendar/calendar.c: revision 1.51 Correct privilege handling problems in calendar -a (which runs as root from /etc/daily); do not exec other programs while the real uid is still 0. Also, clear the supplementary groups list up front and call initgroups when becoming another user, to avoid leaking any extra group privileges that we might have. And finally, don't silently ignore errors changing uid and gid; those are serious if they happen. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.47.2.1 src/usr.bin/calendar/calendar.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/calendar/calendar.c diff -u src/usr.bin/calendar/calendar.c:1.47 src/usr.bin/calendar/calendar.c:1.47.2.1 --- src/usr.bin/calendar/calendar.c:1.47 Tue Sep 30 05:51:41 2008 +++ src/usr.bin/calendar/calendar.c Wed Jul 1 07:18:42 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: calendar.c,v 1.47 2008/09/30 05:51:41 dholland Exp $ */ +/* $NetBSD: calendar.c,v 1.47.2.1 2015/07/01 07:18:42 bouyer Exp $ */ /* * Copyright (c) 1989, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1989, 19 #if 0 static char sccsid[] = "@(#)calendar.c 8.4 (Berkeley) 1/7/95"; #endif -__RCSID("$NetBSD: calendar.c,v 1.47 2008/09/30 05:51:41 dholland Exp $"); +__RCSID("$NetBSD: calendar.c,v 1.47.2.1 2015/07/01 07:18:42 bouyer Exp $"); #endif /* not lint */ #include @@ -48,6 +48,7 @@ __RCSID("$NetBSD: calendar.c,v 1.47 2008 #include #include +#include #include #include #include @@ -105,6 +106,7 @@ static const char *months[] = { static void atodays(int, char *, unsigned short *); static void cal(void); static void closecal(FILE *); +static void changeuser(void); static int getday(char *); static int getfield(char *, char **, int *); static void getmmdd(struct tm *, char *); @@ -164,12 +166,24 @@ main(int argc, char **argv) * XXX - This ignores the user's CALENDAR_DIR variable. * Run under user's login shell? */ + if (setgroups(0, NULL) == -1) { + err(EXIT_FAILURE, "setgroups"); + } while ((pw = getpwent()) != NULL) { - (void)setegid(pw->pw_gid); - (void)seteuid(pw->pw_uid); - if (chdir(pw->pw_dir) != -1) + if (setegid(pw->pw_gid) == -1) { +warn("%s: setegid", pw->pw_name); +continue; + } + if (seteuid(pw->pw_uid) == -1) { +warn("%s: seteuid", pw->pw_name); +continue; + } + if (chdir(pw->pw_dir) != -1) { cal(); - (void)seteuid(0); + } + if (seteuid(0) == -1) { +warn("%s: seteuid back to 0", pw->pw_name); + } } } else if ((caldir = getenv("CALENDAR_DIR")) != NULL) { if (chdir(caldir) != -1) @@ -405,6 +419,10 @@ opencal(void) (void)close(pdes[1]); } (void)close(pdes[0]); + if (doall) { + /* become the user properly */ + changeuser(); + } /* tell CPP to only open regular files */ if(!cpp_restricted && setenv("CPP_RESTRICTED", "", 1) == -1) err(EXIT_FAILURE, "Cannot restrict cpp"); @@ -469,6 +487,10 @@ closecal(FILE *fp) (void)close(pdes[0]); } (void)close(pdes[1]); + if (doall) { + /* become the user properly */ + changeuser(); + } (void)execl(_PATH_SENDMAIL, "sendmail", "-i", "-t", "-F", "\"Reminder Service\"", "-f", "root", NULL); err(EXIT_FAILURE, "Cannot exec `%s'", _PATH_SENDMAIL); @@ -492,6 +514,34 @@ done: (void)fclose(fp); continue; } +static void +changeuser(void) +{ + uid_t uid; + gid_t gid; + + uid = geteuid(); + gid = getegid(); + assert(uid == pw->pw_uid); + assert(gid == pw->pw_gid); + + if (seteuid(0) == -1) { + err(EXIT_FAILURE, "%s: changing user: cannot reassert uid 0", + pw->pw_name); + } + if (setgid(gid) == -1) { + err(EXIT_FAILURE, "%s: cannot assume gid %d", + pw->pw_name, (int)gid); + } + if (initgroups(pw->pw_name, gid) == -1) { + err(EXIT_FAILURE, "%s: cannot initgroups", pw->pw_name); + } + if (setuid(uid) == -1) { + err(EXIT_FAILURE, "%s: cannot assume uid %d", + pw->pw_name, (int)uid); + } +} + static int getmonth(char *s) {
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: martin Date: Thu Jun 4 09:05:30 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1963 To generate a diff of this commit: cvs rdiff -u -r1.1.2.31 -r1.1.2.32 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.31 src/doc/CHANGES-5.2.4:1.1.2.32 --- src/doc/CHANGES-5.2.4:1.1.2.31 Mon Jun 1 15:53:39 2015 +++ src/doc/CHANGES-5.2.4 Thu Jun 4 09:05:29 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.31 2015/06/01 15:53:39 sborrill Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.32 2015/06/04 09:05:29 martin Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2625,3 +2625,11 @@ sys/arch/x86/include/specialreg.h 1.72 compatibility. [msaitoh, ticket #1968] +sys/arch/x86/x86/intel_busclock.c 1.10, 1.13-23 via patch + + Update p[34]_get_bus_clock() to avoid panic in est(4). + Return correct bus clock on some CPUs. Use rdmsr_safe() + to access MSRs safely. + [sborrill, ticket #1963] + +
CVS commit: [netbsd-5-2] src/sys/arch/x86/x86
Module Name:src Committed By: martin Date: Thu Jun 4 08:57:03 UTC 2015 Modified Files: src/sys/arch/x86/x86 [netbsd-5-2]: intel_busclock.c Log Message: Pull up the following revisions, requested by sborrill in #1963: sys/arch/x86/x86/intel_busclock.c 1.10, 1.13-23 Update p[34]_get_bus_clock() to avoid panic in est(4). Return correct bus clock on some CPUs. Use rdmsr_safe() to access MSRs safely. To generate a diff of this commit: cvs rdiff -u -r1.5.10.5 -r1.5.10.5.2.1 src/sys/arch/x86/x86/intel_busclock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/x86/intel_busclock.c diff -u src/sys/arch/x86/x86/intel_busclock.c:1.5.10.5 src/sys/arch/x86/x86/intel_busclock.c:1.5.10.5.2.1 --- src/sys/arch/x86/x86/intel_busclock.c:1.5.10.5 Wed Aug 22 21:18:19 2012 +++ src/sys/arch/x86/x86/intel_busclock.c Thu Jun 4 08:57:03 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: intel_busclock.c,v 1.5.10.5 2012/08/22 21:18:19 bouyer Exp $ */ +/* $NetBSD: intel_busclock.c,v 1.5.10.5.2.1 2015/06/04 08:57:03 martin Exp $ */ /*- * Copyright (c) 1999, 2000, 2001 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: intel_busclock.c,v 1.5.10.5 2012/08/22 21:18:19 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: intel_busclock.c,v 1.5.10.5.2.1 2015/06/04 08:57:03 martin Exp $"); #include #include @@ -91,25 +91,24 @@ p3_get_bus_clock(struct cpu_info *ci) { uint64_t msr; int bus, bus_clock = 0; + uint32_t model; - switch (CPUID2MODEL(ci->ci_signature)) { + model = CPUID_TO_MODEL(ci->ci_signature); + + switch (model) { case 0x9: /* Pentium M (130 nm, Banias) */ bus_clock = 1; break; case 0xc: /* Core i7, Atom, model 1 */ /* - * XXX (See also case 0xe and 0xd) - * Some core i7 CPUs can report model 0xc. * Newer CPUs will GP when attemping to access MSR_FSB_FREQ. * In the long-term, use ACPI instead of all this. */ - switch (CPUID2EXTMODEL(ci->ci_signature)) { - case 0x2: - aprint_debug("%s: unable to determine bus speed", - device_xname(ci->ci_dev)); + if (rdmsr_safe(MSR_FSB_FREQ, &msr) == EFAULT) { + aprint_debug_dev(ci->ci_dev, + "unable to determine bus speed"); goto print_msr; } - msr = rdmsr(MSR_FSB_FREQ); bus = (msr >> 0) & 0x7; switch (bus) { case 1: @@ -121,20 +120,12 @@ p3_get_bus_clock(struct cpu_info *ci) goto print_msr; } break; - case 0xd: /* Pentium M (90 nm, Dothan), some Xeons */ - /* - * XXX (See also case 0xc and 0xd) - * Some Xeons can report model 0xd, e.g. E5-2630 - * Newer CPUs will GP when attemping to access MSR_FSB_FREQ. - * In the long-term, use ACPI instead of all this. - */ - switch (CPUID2EXTMODEL(ci->ci_signature)) { - case 0x2: - aprint_debug("%s: unable to determine bus speed", - device_xname(ci->ci_dev)); + case 0xd: /* Pentium M (90 nm, Dothan) */ + if (rdmsr_safe(MSR_FSB_FREQ, &msr) == EFAULT) { + aprint_debug_dev(ci->ci_dev, + "unable to determine bus speed"); goto print_msr; } - msr = rdmsr(MSR_FSB_FREQ); bus = (msr >> 0) & 0x7; switch (bus) { case 0: @@ -150,20 +141,13 @@ p3_get_bus_clock(struct cpu_info *ci) } break; case 0xe: /* Core Duo/Solo */ - /* - * XXX (See also case 0xc) - * Newer CPUs will GP when attemping to access MSR_FSB_FREQ. - * In the long-term, use ACPI instead of all this. - */ - switch (CPUID2EXTMODEL(ci->ci_signature)) { - case 0x1: - aprint_debug("%s: unable to determine bus speed", - device_xname(ci->ci_dev)); + case 0xf: /* Core Xeon */ + case 0x17: /* Xeon [35]000, Core 2 Quad [89]00 */ + if (rdmsr_safe(MSR_FSB_FREQ, &msr) == EFAULT) { + aprint_debug_dev(ci->ci_dev, + "unable to determine bus speed"); goto print_msr; } - /* FALLTHROUGH */ - case 0xf: /* Core Xeon */ - msr = rdmsr(MSR_FSB_FREQ); bus = (msr >> 0) & 0x7; switch (bus) { case 5: @@ -184,6 +168,9 @@ p3_get_bus_clock(struct cpu_info *ci) case 4: bus_clock = 3; break; + case 6: + bus_clock = 4; + break; default: aprint_debug("%s: unknown Core FSB_FREQ value %d", device_xname(ci->ci_dev), bus); @@ -210,16 +197,135 @@ p3_get_bus_clock(struct cpu_info *ci) case 2: bus_clock = 1; break; + case 3: + bus_clock = 10666; + break; default: aprint_debug("%s: unknown i686 EBL_CR_POWERON " "value %d ", device_xname(ci->ci_dev), bus); goto print_msr; } break; + case 0x1c: /* Atom */ + case 0x26: + case 0x27: + case 0x35: + case 0x36: + if (rdmsr_safe(MSR_FSB_FREQ, &msr) == EFAULT) { + aprint_debug_dev(ci->ci_dev, + "unable to determine bus speed"); + goto print_msr; + } + bus = (msr >> 0) & 0x7; + switch (bus) { + case 7: + bus_clock = 8333; + break; + case 5: + bus_clock = 1; + break; + case 1: + bus_clock = 1; + break; + case 3: +
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: sborrill Date: Mon Jun 1 15:52:41 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1968 To generate a diff of this commit: cvs rdiff -u -r1.1.2.29 -r1.1.2.30 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.29 src/doc/CHANGES-5.2.4:1.1.2.30 --- src/doc/CHANGES-5.2.4:1.1.2.29 Mon Jun 1 14:46:33 2015 +++ src/doc/CHANGES-5.2.4 Mon Jun 1 15:52:41 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.29 2015/06/01 14:46:33 sborrill Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.30 2015/06/01 15:52:41 sborrill Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2619,3 +2619,9 @@ sys/arch/i386/i386/cpufunc.S 1.16-1.17 Backport rdmsr_safe() to access MSR safely. [msaitoh, ticket #1969] +sys/arch/x86/include/specialreg.h 1.72 via patch + + Add CPUID_TO_*() macros to avoid bug. Old macros are kept for + compatibility. + [msaitoh, ticket #1968] +
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: sborrill Date: Mon Jun 1 15:53:39 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Reword ticket #1968 To generate a diff of this commit: cvs rdiff -u -r1.1.2.30 -r1.1.2.31 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.30 src/doc/CHANGES-5.2.4:1.1.2.31 --- src/doc/CHANGES-5.2.4:1.1.2.30 Mon Jun 1 15:52:41 2015 +++ src/doc/CHANGES-5.2.4 Mon Jun 1 15:53:39 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.30 2015/06/01 15:52:41 sborrill Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.31 2015/06/01 15:53:39 sborrill Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2621,7 +2621,7 @@ sys/arch/i386/i386/cpufunc.S 1.16-1.17 sys/arch/x86/include/specialreg.h 1.72 via patch - Add CPUID_TO_*() macros to avoid bug. Old macros are kept for + Backport CPUID_TO_*() macros. Old macros are kept for compatibility. [msaitoh, ticket #1968]
CVS commit: [netbsd-5-2] src/sys/arch/x86/include
Module Name:src Committed By: sborrill Date: Mon Jun 1 15:49:16 UTC 2015 Modified Files: src/sys/arch/x86/include [netbsd-5-2]: specialreg.h Log Message: Pull up the following revisions(s) (requested by msaitoh in ticket #1968): sys/arch/x86/include/specialreg.h: revision 1.72 via patch Backup CPUID_TO_*() macros. Old macros are kept for compatibility. To generate a diff of this commit: cvs rdiff -u -r1.31.4.2 -r1.31.4.2.2.1 src/sys/arch/x86/include/specialreg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/include/specialreg.h diff -u src/sys/arch/x86/include/specialreg.h:1.31.4.2 src/sys/arch/x86/include/specialreg.h:1.31.4.2.2.1 --- src/sys/arch/x86/include/specialreg.h:1.31.4.2 Wed Nov 28 04:39:03 2012 +++ src/sys/arch/x86/include/specialreg.h Mon Jun 1 15:49:16 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: specialreg.h,v 1.31.4.2 2012/11/28 04:39:03 riz Exp $ */ +/* $NetBSD: specialreg.h,v 1.31.4.2.2.1 2015/06/01 15:49:16 sborrill Exp $ */ /*- * Copyright (c) 1991 The Regents of the University of California. @@ -240,13 +240,39 @@ "\11TM2\12SSSE3\13CID\16CX16\17xTPR\20PDCM\23DCA" \ "\24SSE41\25SSE42\26X2APIC\30POPCNT" -#define CPUID2FAMILY(cpuid) (((cpuid) >> 8) & 0xf) -#define CPUID2MODEL(cpuid) (((cpuid) >> 4) & 0xf) -#define CPUID2STEPPING(cpuid) ((cpuid) & 0xf) - -/* Extended family and model are defined on amd64 processors */ -#define CPUID2EXTFAMILY(cpuid) (((cpuid) >> 20) & 0xff) -#define CPUID2EXTMODEL(cpuid) (((cpuid) >> 16) & 0xf) +/* CPUID Fn0001 %eax */ + +#define CPUID_TO_BASEFAMILY(cpuid) (((cpuid) >> 8) & 0xf) +#define CPUID_TO_BASEMODEL(cpuid) (((cpuid) >> 4) & 0xf) +#define CPUID_TO_STEPPING(cpuid) ((cpuid) & 0xf) + +/* Old macros for compatibility */ +#define CPUID2FAMILY(cpuid) CPUID_TO_BASEFAMILY(cpuid) +#define CPUID2MODEL(cpuid) CPUID_TO_BASEMODEL(cpuid) +#define CPUID2STEPPING(cpuid) CPUID_TO_STEPPING(cpuid) + +/* + * The Extended family bits should only be inspected when CPUID_TO_BASEFAMILY() + * returns 15. They are use to encode family value 16 to 270 (add 15). + * The Extended model bits are the high 4 bits of the model. + * They are only valid for family >= 15 or family 6 (intel, but all amd + * family 6 are documented to return zero bits for them). + */ +#define CPUID_TO_EXTFAMILY(cpuid) (((cpuid) >> 20) & 0xff) +#define CPUID_TO_EXTMODEL(cpuid) (((cpuid) >> 16) & 0xf) + +/* Old macros for compatibility */ +#define CPUID2EXTFAMILY(cpuid) CPUID_TO_EXTFAMILY(cpuid) +#define CPUID2EXTMODEL(cpuid) CPUID_TO_EXTMODEL(cpuid) + +/* The macros for the Display Family and the Display Model */ +#define CPUID_TO_FAMILY(cpuid) (CPUID_TO_BASEFAMILY(cpuid) \ + + ((CPUID_TO_BASEFAMILY(cpuid) != 0x0f) \ + ? 0 : CPUID_TO_EXTFAMILY(cpuid))) +#define CPUID_TO_MODEL(cpuid) (CPUID_TO_BASEMODEL(cpuid) \ + | ((CPUID_TO_BASEFAMILY(cpuid) != 0x0f) \ + && (CPUID_TO_BASEFAMILY(cpuid) != 0x06) \ + ? 0 : (CPUID_TO_EXTMODEL(cpuid) << 4))) /* * Model-specific registers for the i386 family
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: sborrill Date: Mon Jun 1 14:46:33 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1969 To generate a diff of this commit: cvs rdiff -u -r1.1.2.28 -r1.1.2.29 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.28 src/doc/CHANGES-5.2.4:1.1.2.29 --- src/doc/CHANGES-5.2.4:1.1.2.28 Fri May 22 11:45:01 2015 +++ src/doc/CHANGES-5.2.4 Mon Jun 1 14:46:33 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.28 2015/05/22 11:45:01 sborrill Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.29 2015/06/01 14:46:33 sborrill Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2612,3 +2612,10 @@ sys/arch/xen/xen/xenevt.c 1.42 Fix off by one error, addresses port-xen/49919. [bouyer, ticket #1965] +sys/arch/x86/include/cpufunc.h 1.13 +sys/arch/amd64/amd64/cpufunc.S 1.20-1.21 via patch +sys/arch/i386/i386/cpufunc.S 1.16-1.17, 1.21 via patch + + Backport rdmsr_safe() to access MSR safely. + [msaitoh, ticket #1969] +
CVS commit: [netbsd-5-2] src/sys/arch
Module Name:src Committed By: sborrill Date: Mon Jun 1 14:42:40 UTC 2015 Modified Files: src/sys/arch/amd64/amd64 [netbsd-5-2]: cpufunc.S src/sys/arch/i386/i386 [netbsd-5-2]: cpufunc.S src/sys/arch/x86/include [netbsd-5-2]: cpufunc.h Log Message: Pull up the following revisions(s) (requested by msaitoh in ticket #1969): sys/arch/x86/include/cpufunc.h: revision 1.13 sys/arch/amd64/amd64/cpufunc.S: revision 1.20-1.21 via patch sys/arch/i386/i386/cpufunc.S: revision 1.16-1.17, 1.21 via patch Backport rdmsr_safe() to access MSR safely. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.15.20.1 src/sys/arch/amd64/amd64/cpufunc.S cvs rdiff -u -r1.13 -r1.13.14.1 src/sys/arch/i386/i386/cpufunc.S cvs rdiff -u -r1.8.10.3 -r1.8.10.3.10.1 src/sys/arch/x86/include/cpufunc.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/cpufunc.S diff -u src/sys/arch/amd64/amd64/cpufunc.S:1.15 src/sys/arch/amd64/amd64/cpufunc.S:1.15.20.1 --- src/sys/arch/amd64/amd64/cpufunc.S:1.15 Tue Jun 24 16:32:53 2008 +++ src/sys/arch/amd64/amd64/cpufunc.S Mon Jun 1 14:42:40 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: cpufunc.S,v 1.15 2008/06/24 16:32:53 ad Exp $ */ +/* $NetBSD: cpufunc.S,v 1.15.20.1 2015/06/01 14:42:40 sborrill Exp $ */ /*- * Copyright (c) 1998, 2007, 2008 The NetBSD Foundation, Inc. @@ -33,6 +33,8 @@ * Functions to provide access to i386-specific instructions. */ +#include + #include #include #include @@ -215,6 +217,37 @@ ENTRY(wrmsr_locked) wrmsr ret +/* + * Support for reading MSRs in the safe manner (returns EFAULT on fault) + */ +/* int rdmsr_safe(u_int msr, uint64_t *data) */ +ENTRY(rdmsr_safe) + movq CPUVAR(CURLWP), %r8 + movq L_ADDR(%r8), %r8 + movq $_C_LABEL(msr_onfault), PCB_ONFAULT(%r8) + + movl %edi, %ecx /* u_int msr */ + rdmsr /* Read MSR pointed by %ecx. Returns + hi byte in edx, lo in %eax */ + salq $32, %rdx /* sign-shift %rdx left */ + movl %eax, %eax /* zero-extend %eax -> %rax */ + orq %rdx, %rax + movq %rax, (%rsi) /* *data */ + xorq %rax, %rax/* "no error" */ + + movq %rax, PCB_ONFAULT(%r8) + ret + +/* + * MSR operations fault handler + */ +NENTRY(msr_onfault) + movq CPUVAR(CURLWP), %r8 + movq L_ADDR(%r8), %r8 + movq $0, PCB_ONFAULT(%r8) + movl $EFAULT, %eax + ret + #ifndef XEN ENTRY(wbinvd) wbinvd Index: src/sys/arch/i386/i386/cpufunc.S diff -u src/sys/arch/i386/i386/cpufunc.S:1.13 src/sys/arch/i386/i386/cpufunc.S:1.13.14.1 --- src/sys/arch/i386/i386/cpufunc.S:1.13 Tue Sep 23 08:50:11 2008 +++ src/sys/arch/i386/i386/cpufunc.S Mon Jun 1 14:42:40 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: cpufunc.S,v 1.13 2008/09/23 08:50:11 ad Exp $ */ +/* $NetBSD: cpufunc.S,v 1.13.14.1 2015/06/01 14:42:40 sborrill Exp $ */ /*- * Copyright (c) 1998, 2007 The NetBSD Foundation, Inc. @@ -35,8 +35,10 @@ * These are shared with NetBSD/xen. */ +#include + #include -__KERNEL_RCSID(0, "$NetBSD: cpufunc.S,v 1.13 2008/09/23 08:50:11 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cpufunc.S,v 1.13.14.1 2015/06/01 14:42:40 sborrill Exp $"); #include "opt_xen.h" @@ -141,6 +143,39 @@ ENTRY(wrmsr_locked) ret END(wrmsr_locked) +/* + * Support for reading MSRs in the safe manner (returns EFAULT on fault) + */ +/* int rdmsr_safe(u_int msr, uint64_t *data) */ +ENTRY(rdmsr_safe) + movl CPUVAR(CURLWP), %ecx + movl L_ADDR(%ecx), %ecx + movl $_C_LABEL(msr_onfault), PCB_ONFAULT(%ecx) + + movl 4(%esp), %ecx /* u_int msr */ + rdmsr + movl 8(%esp), %ecx /* *data */ + movl %eax, (%ecx) /* low-order bits */ + movl %edx, 4(%ecx) /* high-order bits */ + xorl %eax, %eax/* "no error" */ + + movl CPUVAR(CURLWP), %ecx + movl L_ADDR(%ecx), %ecx + movl %eax, PCB_ONFAULT(%ecx) + + ret + +/* + * MSR operations fault handler + */ +NENTRY(msr_onfault) + movl CPUVAR(CURLWP), %ecx + movl L_ADDR(%ecx), %ecx + movl $0, PCB_ONFAULT(%ecx) + movl $EFAULT, %eax + ret +END(msr_onfault) + ENTRY(cpu_counter) rdtsc addl CPUVAR(CC_SKEW), %eax Index: src/sys/arch/x86/include/cpufunc.h diff -u src/sys/arch/x86/include/cpufunc.h:1.8.10.3 src/sys/arch/x86/include/cpufunc.h:1.8.10.3.10.1 --- src/sys/arch/x86/include/cpufunc.h:1.8.10.3 Mon Feb 2 21:38:50 2009 +++ src/sys/arch/x86/include/cpufunc.h Mon Jun 1 14:42:40 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: cpufunc.h,v 1.8.10.3 2009/02/02 21:38:50 snj Exp $ */ +/* $NetBSD: cpufunc.h,v 1.8.10.3.10.1 2015/06/01 14:42:40 sborrill Exp $ */ /*- * Copyright (c) 1998, 2007 The NetBSD Foundation, Inc. @@ -118,6 +118,7 @@ void x86_reset(void); uint64_t rdmsr(u_int); uint64_t rdmsr_locked(u_int, u_int); +int rdmsr_safe(u_int, uint64_t *); uint64_t rdtsc(void); uint64_t rdpmc(u_int); void wrmsr(u_int, uint64_t);
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: sborrill Date: Fri May 22 11:45:01 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1965 To generate a diff of this commit: cvs rdiff -u -r1.1.2.27 -r1.1.2.28 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.27 src/doc/CHANGES-5.2.4:1.1.2.28 --- src/doc/CHANGES-5.2.4:1.1.2.27 Sun Apr 26 12:53:34 2015 +++ src/doc/CHANGES-5.2.4 Fri May 22 11:45:01 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.27 2015/04/26 12:53:34 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.28 2015/05/22 11:45:01 sborrill Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2565,13 +2565,13 @@ xsrc/xfree/xc/lib/font/bitmap/bdfread.c (bdfReadCharacters: ensure metrics fit into xCharInfo struct) [mrg, ticket #1953] -crypto/dist/openssl/dist/crypto/asn1/a_type.c 1.2 -crypto/dist/openssl/dist/crypto/asn1/tasn_dec.c 1.2 -crypto/dist/openssl/dist/crypto/pkcs7/pk7_doit.c 1.2 -crypto/dist/openssl/dist/crypto/pkcs7/pk7_lib.c 1.2 -crypto/dist/openssl/dist/doc/crypto/d2i_X509.pod 1.2 -crypto/dist/openssl/dist/ssl/s2_lib.c 1.3 -crypto/dist/openssl/dist/ssl/s2_srvr.c 1.2 +crypto/dist/openssl/dist/crypto/asn1/a_type.c 1.2 +crypto/dist/openssl/dist/crypto/asn1/tasn_dec.c 1.2 +crypto/dist/openssl/dist/crypto/pkcs7/pk7_doit.c 1.2 +crypto/dist/openssl/dist/crypto/pkcs7/pk7_lib.c 1.2 +crypto/dist/openssl/dist/doc/crypto/d2i_X509.pod 1.2 +crypto/dist/openssl/dist/ssl/s2_lib.c 1.3 +crypto/dist/openssl/dist/ssl/s2_srvr.c 1.2 Address OpenSSL Security Advisory [19 Mar 2015]: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) @@ -2606,3 +2606,9 @@ sys/kern/sys_select.cpatch exceeded, then return EINVAL instead of silently truncating the list. Addresses PR/17507. [prlw1, ticket #1957] + +sys/arch/xen/xen/xenevt.c 1.42 + + Fix off by one error, addresses port-xen/49919. + [bouyer, ticket #1965] +
CVS commit: [netbsd-5-2] src/sys/arch/xen/xen
Module Name:src Committed By: sborrill Date: Fri May 22 11:44:25 UTC 2015 Modified Files: src/sys/arch/xen/xen [netbsd-5-2]: xenevt.c Log Message: Pull up the following revisions(s) (requested by bouyer in ticket #1965): sys/arch/xen/xen/xenevt.c: revision 1.42 Fix off by one error, addresses port-xen/49919. To generate a diff of this commit: cvs rdiff -u -r1.29.4.2 -r1.29.4.2.6.1 src/sys/arch/xen/xen/xenevt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/xen/xenevt.c diff -u src/sys/arch/xen/xen/xenevt.c:1.29.4.2 src/sys/arch/xen/xen/xenevt.c:1.29.4.2.6.1 --- src/sys/arch/xen/xen/xenevt.c:1.29.4.2 Wed Sep 30 00:08:03 2009 +++ src/sys/arch/xen/xen/xenevt.c Fri May 22 11:44:25 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: xenevt.c,v 1.29.4.2 2009/09/30 00:08:03 snj Exp $ */ +/* $NetBSD: xenevt.c,v 1.29.4.2.6.1 2015/05/22 11:44:25 sborrill Exp $ */ /* * Copyright (c) 2005 Manuel Bouyer. @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xenevt.c,v 1.29.4.2 2009/09/30 00:08:03 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xenevt.c,v 1.29.4.2.6.1 2015/05/22 11:44:25 sborrill Exp $"); #include "opt_xen.h" #include @@ -496,7 +496,7 @@ xenevt_fwrite(struct file *fp, off_t *of if (uio->uio_resid == 0) return (0); nentries = uio->uio_resid / sizeof(uint16_t); - if (nentries > NR_EVENT_CHANNELS) + if (nentries >= NR_EVENT_CHANNELS) return EMSGSIZE; chans = kmem_alloc(nentries * sizeof(uint16_t), KM_SLEEP); if (chans == NULL) @@ -580,7 +580,7 @@ xenevt_fioctl(struct file *fp, u_long cm { struct ioctl_evtchn_unbind *unbind = addr; - if (unbind->port > NR_EVENT_CHANNELS) + if (unbind->port >= NR_EVENT_CHANNELS) return EINVAL; if (devevent[unbind->port] != d) return ENOTCONN; @@ -596,7 +596,7 @@ xenevt_fioctl(struct file *fp, u_long cm { struct ioctl_evtchn_notify *notify = addr; - if (notify->port > NR_EVENT_CHANNELS) + if (notify->port >= NR_EVENT_CHANNELS) return EINVAL; if (devevent[notify->port] != d) return ENOTCONN;
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Sun Apr 26 12:53:34 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Update ticket 1958. To generate a diff of this commit: cvs rdiff -u -r1.1.2.26 -r1.1.2.27 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.26 src/doc/CHANGES-5.2.4:1.1.2.27 --- src/doc/CHANGES-5.2.4:1.1.2.26 Fri Apr 24 05:48:57 2015 +++ src/doc/CHANGES-5.2.4 Sun Apr 26 12:53:34 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.26 2015/04/24 05:48:57 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.27 2015/04/26 12:53:34 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2584,7 +2584,10 @@ crypto/dist/openssl/dist/ssl/s2_srvr.c 1 X509_to_X509_REQ NULL pointer deref (CVE-2015-0288) [spz, ticket #1954] -sys/arch/sparc/stand/ofwboot/Locore.c 1.14 +sys/arch/sparc/include/openfirm.h 1.7 +sys/arch/sparc/stand/ofwboot/Locore.c 1.11, 1.14 +sys/arch/sparc/stand/ofwboot/loadfile_machdep.c 1.7 +sys/arch/sparc/stand/ofwboot/openfirm.h 1.4 Fix kernel loading failures from partitions started from over first 4GB of disks on sparc64.
CVS commit: [netbsd-5-2] src/sys/arch/sparc
Module Name:src Committed By: msaitoh Date: Sun Apr 26 12:52:12 UTC 2015 Modified Files: src/sys/arch/sparc/include [netbsd-5-2]: openfirm.h src/sys/arch/sparc/stand/ofwboot [netbsd-5-2]: Locore.c loadfile_machdep.c openfirm.h Log Message: Pullup another commit for ticket #1958 requested by martin: sys/arch/sparc/include/openfirm.h 1.7 sys/arch/sparc/stand/ofwboot/Locore.c 1.11 sys/arch/sparc/stand/ofwboot/loadfile_machdep.c 1.7 sys/arch/sparc/stand/ofwboot/openfirm.h 1.4 Make ofwboot can handle over 4GB physical memory by using OpenFirmware calls properly, and some cosmetic changes. Idea from OpenBSD. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.6.96.1 src/sys/arch/sparc/include/openfirm.h cvs rdiff -u -r1.10.44.1 -r1.10.44.2 \ src/sys/arch/sparc/stand/ofwboot/Locore.c cvs rdiff -u -r1.6 -r1.6.18.1 \ src/sys/arch/sparc/stand/ofwboot/loadfile_machdep.c cvs rdiff -u -r1.3 -r1.3.86.1 src/sys/arch/sparc/stand/ofwboot/openfirm.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/sparc/include/openfirm.h diff -u src/sys/arch/sparc/include/openfirm.h:1.6 src/sys/arch/sparc/include/openfirm.h:1.6.96.1 --- src/sys/arch/sparc/include/openfirm.h:1.6 Sat Mar 4 02:56:21 2006 +++ src/sys/arch/sparc/include/openfirm.h Sun Apr 26 12:52:12 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: openfirm.h,v 1.6 2006/03/04 02:56:21 uwe Exp $ */ +/* $NetBSD: openfirm.h,v 1.6.96.1 2015/04/26 12:52:12 msaitoh Exp $ */ /* * Copyright (C) 1995, 1996 Wolfgang Solfrank. @@ -49,6 +49,9 @@ typedef uint64_t cell_t; #define HDL2CELL(x) (cell_t)(u_int)(int)(x) #define ADR2CELL(x) (cell_t)(u_int)(int)(x) #endif +#define HDQ2CELL_HI(x) (cell_t)(0) +#define HDQ2CELL_LO(x) (cell_t)(x) +#define CELL2HDQ(hi,lo) (lo) #else /* SUN4U */ /* All cells are 4 byte slots */ typedef uint32_t cell_t; Index: src/sys/arch/sparc/stand/ofwboot/Locore.c diff -u src/sys/arch/sparc/stand/ofwboot/Locore.c:1.10.44.1 src/sys/arch/sparc/stand/ofwboot/Locore.c:1.10.44.2 --- src/sys/arch/sparc/stand/ofwboot/Locore.c:1.10.44.1 Fri Apr 17 10:51:15 2015 +++ src/sys/arch/sparc/stand/ofwboot/Locore.c Sun Apr 26 12:52:12 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: Locore.c,v 1.10.44.1 2015/04/17 10:51:15 msaitoh Exp $ */ +/* $NetBSD: Locore.c,v 1.10.44.2 2015/04/26 12:52:12 msaitoh Exp $ */ /* * Copyright (C) 1995, 1996 Wolfgang Solfrank. @@ -36,15 +36,6 @@ #include -vaddr_t OF_claim_virt(vaddr_t, int); -vaddr_t OF_alloc_virt(int, int); -int OF_free_virt(vaddr_t, int); -int OF_unmap_virt(vaddr_t, int); -vaddr_t OF_map_phys(paddr_t, off_t, vaddr_t, int); -paddr_t OF_alloc_phys(int, int); -paddr_t OF_claim_phys(paddr_t, int); -int OF_free_phys(paddr_t, int); - extern int openfirmware(void *); @@ -450,9 +441,9 @@ OF_claim_virt(vaddr_t vaddr, int len) args.align = 0; args.len = len; args.vaddr = ADR2CELL(vaddr); - if(openfirmware(&args) != 0) + if (openfirmware(&args) != 0) return -1LL; - return args.retaddr; /* Kluge till we go 64-bit */ + return (vaddr_t)args.retaddr; } /* @@ -486,13 +477,13 @@ OF_alloc_virt(int len, int align) args.nargs = 4; args.nreturns = 2; args.method = ADR2CELL("claim"); - args.ihandle = mmuh; + args.ihandle = HDL2CELL(mmuh); args.align = align; args.len = len; args.retaddr = ADR2CELL(&retaddr); - if(openfirmware(&args) != 0) + if (openfirmware(&args) != 0) return -1LL; - return (vaddr_t)args.retaddr; /* Kluge till we go 64-bit */ + return (vaddr_t)args.retaddr; } /* @@ -601,8 +592,8 @@ OF_map_phys(paddr_t paddr, off_t size, v args.mode = mode; args.size = size; args.vaddr = ADR2CELL(vaddr); - args.paddr_hi = ADR2CELL(paddr>>32); - args.paddr_lo = ADR2CELL(paddr); + args.paddr_hi = HDQ2CELL_HI(paddr); + args.paddr_lo = HDQ2CELL_LO(paddr); if (openfirmware(&args) == -1) return -1; @@ -620,7 +611,6 @@ OF_map_phys(paddr_t paddr, off_t size, v paddr_t OF_alloc_phys(int len, int align) { - paddr_t paddr; struct { cell_t name; cell_t nargs; @@ -647,10 +637,9 @@ OF_alloc_phys(int len, int align) args.ihandle = HDL2CELL(memh); args.align = align; args.len = len; - if(openfirmware(&args) != 0) + if (openfirmware(&args) != 0) return -1LL; - paddr = (paddr_t)(args.phys_hi<<32)|((unsigned int)(args.phys_lo)); - return paddr; /* Kluge till we go 64-bit */ + return (paddr_t)CELL2HDQ(args.phys_hi, args.phys_lo); } /* @@ -661,7 +650,6 @@ OF_alloc_phys(int len, int align) paddr_t OF_claim_phys(paddr_t phys, int len) { - paddr_t paddr; struct { cell_t name; cell_t nargs; @@ -691,12 +679,11 @@ OF_claim_phys(paddr_t phys, int len) args.ihandle = HDL2CELL(memh); args.align = 0; args.len = len; - args.phys_hi = HDL2CELL(phys>>32); - args.phys_lo = HDL2CELL(phys); - if(openfirmware(&args) != 0) + args.phys_hi = HDQ2CELL_HI(phys); + args.phys_lo = HDQ2CELL_LO(phys); + if
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Fri Apr 24 05:48:57 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket 1957. To generate a diff of this commit: cvs rdiff -u -r1.1.2.25 -r1.1.2.26 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.25 src/doc/CHANGES-5.2.4:1.1.2.26 --- src/doc/CHANGES-5.2.4:1.1.2.25 Sun Apr 19 07:46:18 2015 +++ src/doc/CHANGES-5.2.4 Fri Apr 24 05:48:57 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.25 2015/04/19 07:46:18 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.26 2015/04/24 05:48:57 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2595,3 +2595,11 @@ xsrc/xfree/xc/lib/X11/Xlibint.h1.2 Fix CVE-2013-7439: Buffer overflow in MakeBigReq macro in libX11. [mrg, ticket #1959] + +sys/kern/sys_select.cpatch + + Limit nfds arg to poll() to a large enough value that user programs + cannot allocate indefinite sized blocks of kvm. If the limit is + exceeded, then return EINVAL instead of silently truncating the list. + Addresses PR/17507. + [prlw1, ticket #1957]
CVS commit: [netbsd-5-2] src/sys/kern
Module Name:src Committed By: msaitoh Date: Fri Apr 24 05:46:09 UTC 2015 Modified Files: src/sys/kern [netbsd-5-2]: sys_select.c Log Message: Pull up following revision(s) (requested by prlw1 in ticket #1957): sys/kern/sys_select.c patch Limit nfds arg to poll() to a large enough value that user programs cannot allocate indefinite sized blocks of kvm. If the limit is exceeded, then return EINVAL instead of silently truncating the list. Addresses PR/17507. [prlw1, ticket #1957] To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.10.14.1 src/sys/kern/sys_select.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_select.c diff -u src/sys/kern/sys_select.c:1.10 src/sys/kern/sys_select.c:1.10.14.1 --- src/sys/kern/sys_select.c:1.10 Wed Oct 15 08:13:17 2008 +++ src/sys/kern/sys_select.c Fri Apr 24 05:46:09 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_select.c,v 1.10 2008/10/15 08:13:17 ad Exp $ */ +/* $NetBSD: sys_select.c,v 1.10.14.1 2015/04/24 05:46:09 msaitoh Exp $ */ /*- * Copyright (c) 2007, 2008 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sys_select.c,v 1.10 2008/10/15 08:13:17 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_select.c,v 1.10.14.1 2015/04/24 05:46:09 msaitoh Exp $"); #include #include @@ -432,9 +432,17 @@ pollcommon(lwp_t *l, register_t *retval, struct timeval sleeptv; selcpu_t *sc; - if (nfds > p->p_fd->fd_nfiles) { - /* forgiving; slightly wrong */ - nfds = p->p_fd->fd_nfiles; + if (nfds > 1000 + p->p_fd->fd_nfiles) { + /* + * Either the user passed in a very sparse 'fds' or junk! + * The kmem_alloc() call below would be bad news. + * We could process the 'fds' array in chunks, but that + * is a lot of code that isn't normally useful. + * (Or just move the copyin/out into pollscan().) + * Historically the code silently truncated 'fds' to + * dt_nfiles entries - but that does cause issues. + */ + return EINVAL; } ni = nfds * sizeof(struct pollfd); if (ni > sizeof(smallbits)) {
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Sun Apr 19 07:46:18 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket 1959. To generate a diff of this commit: cvs rdiff -u -r1.1.2.24 -r1.1.2.25 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.24 src/doc/CHANGES-5.2.4:1.1.2.25 --- src/doc/CHANGES-5.2.4:1.1.2.24 Fri Apr 17 10:52:21 2015 +++ src/doc/CHANGES-5.2.4 Sun Apr 19 07:46:18 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.24 2015/04/17 10:52:21 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.25 2015/04/19 07:46:18 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2589,3 +2589,9 @@ sys/arch/sparc/stand/ofwboot/Locore.c 1 Fix kernel loading failures from partitions started from over first 4GB of disks on sparc64. [nakayama, ticket #1958] + +xsrc/external/mit/libX11/dist/include/X11/Xlibint.h patch +xsrc/xfree/xc/lib/X11/Xlibint.h1.2 + + Fix CVE-2013-7439: Buffer overflow in MakeBigReq macro in libX11. + [mrg, ticket #1959]
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Fri Apr 17 10:52:21 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket 1958. To generate a diff of this commit: cvs rdiff -u -r1.1.2.23 -r1.1.2.24 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.23 src/doc/CHANGES-5.2.4:1.1.2.24 --- src/doc/CHANGES-5.2.4:1.1.2.23 Thu Mar 19 18:14:01 2015 +++ src/doc/CHANGES-5.2.4 Fri Apr 17 10:52:21 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.23 2015/03/19 18:14:01 riz Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.24 2015/04/17 10:52:21 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2584,3 +2584,8 @@ crypto/dist/openssl/dist/ssl/s2_srvr.c 1 X509_to_X509_REQ NULL pointer deref (CVE-2015-0288) [spz, ticket #1954] +sys/arch/sparc/stand/ofwboot/Locore.c 1.14 + + Fix kernel loading failures from partitions started from over first + 4GB of disks on sparc64. + [nakayama, ticket #1958]
CVS commit: [netbsd-5-2] src/sys/arch/sparc/stand/ofwboot
Module Name:src Committed By: msaitoh Date: Fri Apr 17 10:51:15 UTC 2015 Modified Files: src/sys/arch/sparc/stand/ofwboot [netbsd-5-2]: Locore.c Log Message: Pull up following revision(s) (requested by nakayama in ticket #1958): sys/arch/sparc/stand/ofwboot/Locore.c: revision 1.14 Fix kernel loading failures from partitions started from over first 4GB of disks on sparc64. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.10.44.1 src/sys/arch/sparc/stand/ofwboot/Locore.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/sparc/stand/ofwboot/Locore.c diff -u src/sys/arch/sparc/stand/ofwboot/Locore.c:1.10 src/sys/arch/sparc/stand/ofwboot/Locore.c:1.10.44.1 --- src/sys/arch/sparc/stand/ofwboot/Locore.c:1.10 Wed Oct 17 19:57:16 2007 +++ src/sys/arch/sparc/stand/ofwboot/Locore.c Fri Apr 17 10:51:15 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: Locore.c,v 1.10 2007/10/17 19:57:16 garbled Exp $ */ +/* $NetBSD: Locore.c,v 1.10.44.1 2015/04/17 10:51:15 msaitoh Exp $ */ /* * Copyright (C) 1995, 1996 Wolfgang Solfrank. @@ -311,8 +311,8 @@ OF_seek(int handle, u_quad_t pos) args.nargs = 3; args.nreturns = 1; args.handle = HDL2CELL(handle); - args.poshi = HDL2CELL(pos >> 32); - args.poslo = HDL2CELL(pos); + args.poshi = HDQ2CELL_HI(pos); + args.poslo = HDQ2CELL_LO(pos); if (openfirmware(&args) == -1) { return -1; }
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: riz Date: Thu Mar 19 18:14:01 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Fix paths in previous. To generate a diff of this commit: cvs rdiff -u -r1.1.2.22 -r1.1.2.23 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.22 src/doc/CHANGES-5.2.4:1.1.2.23 --- src/doc/CHANGES-5.2.4:1.1.2.22 Thu Mar 19 16:41:13 2015 +++ src/doc/CHANGES-5.2.4 Thu Mar 19 18:14:01 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.22 2015/03/19 16:41:13 riz Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.23 2015/03/19 18:14:01 riz Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2565,13 +2565,13 @@ xsrc/xfree/xc/lib/font/bitmap/bdfread.c (bdfReadCharacters: ensure metrics fit into xCharInfo struct) [mrg, ticket #1953] -crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c 1.2 -crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c 1.2 -crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c 1.2 -crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c 1.2 -crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod 1.2 -crypto/external/bsd/openssl/dist/ssl/s2_lib.c 1.3 -crypto/external/bsd/openssl/dist/ssl/s2_srvr.c 1.2 +crypto/dist/openssl/dist/crypto/asn1/a_type.c 1.2 +crypto/dist/openssl/dist/crypto/asn1/tasn_dec.c 1.2 +crypto/dist/openssl/dist/crypto/pkcs7/pk7_doit.c 1.2 +crypto/dist/openssl/dist/crypto/pkcs7/pk7_lib.c 1.2 +crypto/dist/openssl/dist/doc/crypto/d2i_X509.pod 1.2 +crypto/dist/openssl/dist/ssl/s2_lib.c 1.3 +crypto/dist/openssl/dist/ssl/s2_srvr.c 1.2 Address OpenSSL Security Advisory [19 Mar 2015]: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: riz Date: Thu Mar 19 16:41:13 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket 1594. To generate a diff of this commit: cvs rdiff -u -r1.1.2.21 -r1.1.2.22 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.21 src/doc/CHANGES-5.2.4:1.1.2.22 --- src/doc/CHANGES-5.2.4:1.1.2.21 Tue Mar 17 18:44:37 2015 +++ src/doc/CHANGES-5.2.4 Thu Mar 19 16:41:13 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.21 2015/03/17 18:44:37 snj Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.22 2015/03/19 16:41:13 riz Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2565,3 +2565,22 @@ xsrc/xfree/xc/lib/font/bitmap/bdfread.c (bdfReadCharacters: ensure metrics fit into xCharInfo struct) [mrg, ticket #1953] +crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c 1.2 +crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c 1.2 +crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c 1.2 +crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c 1.2 +crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod 1.2 +crypto/external/bsd/openssl/dist/ssl/s2_lib.c 1.3 +crypto/external/bsd/openssl/dist/ssl/s2_srvr.c 1.2 + + Address OpenSSL Security Advisory [19 Mar 2015]: + RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) + Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) + ASN.1 structure reuse memory corruption (CVE-2015-0287) + PKCS7 NULL pointer dereferences (CVE-2015-0289) + Base64 decode (CVE-2015-0292) + DoS via reachable assert in SSLv2 servers (CVE-2015-0293) + Use After Free following d2i_ECPrivatekey error (CVE-2015-0209) + X509_to_X509_REQ NULL pointer deref (CVE-2015-0288) + [spz, ticket #1954] +
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: riz Date: Thu Mar 19 16:40:51 UTC 2015 Modified Files: src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_type.c tasn_dec.c src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-2]: pk7_doit.c pk7_lib.c src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: d2i_X509.pod src/crypto/dist/openssl/ssl [netbsd-5-2]: s2_lib.c s2_srvr.c Log Message: Pull up following revision(s) (requested by spz in ticket #1954): crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3 crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2 crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2 crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2 crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2 crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2 crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2 patches for todays' OpenSSL security advisory from OpenSSL, as relevant to NetBSD base: OpenSSL Security Advisory [19 Mar 2015] === Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) Severity: High This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high". This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common. This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. ** issue already committed see last release ** OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015. Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) === Severity: Moderate The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit ee5a1253285e5c9f406c8b57b0686319b70c07d8 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit 1e3ca524cb38ec92deea37629718e98aba43bc5d OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33 This issue was discovered and fixed by Stephen Henson of the OpenSSL development team. ASN.1 structure reuse memory corruption (CVE-2015-0287) === Severity: Moderate Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit d96692c933fe02829c3e922bf7f239e0bd003759 OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a This issue was discovered by Emilia K�sper and a fix developed by Stephen Henson of the OpenSSL development team. PKCS7 NULL pointer dereferences (CVE-2015-0289) === Severity: Moderate The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and serve
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Tue Mar 17 18:44:37 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: 1953 To generate a diff of this commit: cvs rdiff -u -r1.1.2.20 -r1.1.2.21 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.20 src/doc/CHANGES-5.2.4:1.1.2.21 --- src/doc/CHANGES-5.2.4:1.1.2.20 Mon Mar 16 21:21:50 2015 +++ src/doc/CHANGES-5.2.4 Tue Mar 17 18:44:37 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.20 2015/03/16 21:21:50 bouyer Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.21 2015/03/17 18:44:37 snj Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2556,3 +2556,12 @@ distrib/utils/x_gzip/Makefile patch Sync gzip core with HEAD. [mrg, ticket #1951] +xsrc/external/mit/libXfont/dist/src/bitmap/bdfread.c patch +xsrc/xfree/xc/lib/font/bitmap/bdfread.c patch + + Fix CVE-2015-1802 (bdfReadProperties: property count needs + range check), CVE-2015-1803 (bdfReadCharacters: bailout if a + char's bitmap cannot be read), and CVE-2015-1804 + (bdfReadCharacters: ensure metrics fit into xCharInfo struct) + [mrg, ticket #1953] +
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: bouyer Date: Mon Mar 16 21:21:51 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: complete list for ticket #1951 To generate a diff of this commit: cvs rdiff -u -r1.1.2.19 -r1.1.2.20 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.19 src/doc/CHANGES-5.2.4:1.1.2.20 --- src/doc/CHANGES-5.2.4:1.1.2.19 Sun Mar 15 21:17:27 2015 +++ src/doc/CHANGES-5.2.4 Mon Mar 16 21:21:50 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.19 2015/03/15 21:17:27 snj Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.20 2015/03/16 21:21:50 bouyer Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2551,6 +2551,7 @@ usr.bin/gzip/Makefilepatch usr.bin/gzip/gzip.11.20-1.24 usr.bin/gzip/gzip.c1.98-1.107 usr.bin/gzip/zuncompress.c 1.7-1.8 +distrib/utils/x_gzip/Makefile patch Sync gzip core with HEAD. [mrg, ticket #1951]
CVS commit: [netbsd-5-2] src/distrib/utils/x_gzip
Module Name:src Committed By: bouyer Date: Mon Mar 16 21:21:08 UTC 2015 Modified Files: src/distrib/utils/x_gzip [netbsd-5-2]: Makefile Log Message: usr.bin/gzip/Makefile patch usr.bin/gzip/gzip.1 1.20-1.24 usr.bin/gzip/gzip.c 1.98-1.107 usr.bin/gzip/zuncompress.c 1.7-1.8 distrib/utils/x_gzip/Makefile patch Sync gzip core with HEAD. [mrg, ticket #1951] To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.7.56.1 src/distrib/utils/x_gzip/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/utils/x_gzip/Makefile diff -u src/distrib/utils/x_gzip/Makefile:1.7 src/distrib/utils/x_gzip/Makefile:1.7.56.1 --- src/distrib/utils/x_gzip/Makefile:1.7 Sun Mar 28 04:10:43 2004 +++ src/distrib/utils/x_gzip/Makefile Mon Mar 16 21:21:08 2015 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.7 2004/03/28 04:10:43 mrg Exp $ +# $NetBSD: Makefile,v 1.7.56.1 2015/03/16 21:21:08 bouyer Exp $ # Build a tiny limited gzip (i.e. for tiny boot media) SRCDIR= ${.CURDIR}/../../../usr.bin/gzip @@ -6,7 +6,7 @@ SRCDIR= ${.CURDIR}/../../../usr. PROG= gzip NOMAN= # defined -CPPFLAGS+= -DSMALL -DNO_BZIP2_SUPPORT -DNO_COMPRESS_SUPPORT +CPPFLAGS+= -DSMALL -DNO_BZIP2_SUPPORT -DNO_COMPRESS_SUPPORT -DNO_XZ_SUPPORT DPADD= ${LIBZ} LDADD= -lz
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Sun Mar 15 21:17:27 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: 1951 To generate a diff of this commit: cvs rdiff -u -r1.1.2.18 -r1.1.2.19 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.18 src/doc/CHANGES-5.2.4:1.1.2.19 --- src/doc/CHANGES-5.2.4:1.1.2.18 Mon Feb 23 09:40:44 2015 +++ src/doc/CHANGES-5.2.4 Sun Mar 15 21:17:27 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.18 2015/02/23 09:40:44 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.19 2015/03/15 21:17:27 snj Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2546,3 +2546,12 @@ dist/bind/lib/dns/zone.c patch an untrusted replacement could cause named to crash with an assertion failure. [spz, ticket #1950] + +usr.bin/gzip/Makefilepatch +usr.bin/gzip/gzip.11.20-1.24 +usr.bin/gzip/gzip.c1.98-1.107 +usr.bin/gzip/zuncompress.c 1.7-1.8 + + Sync gzip core with HEAD. + [mrg, ticket #1951] +
CVS commit: [netbsd-5-2] src/usr.bin/gzip
Module Name:src Committed By: snj Date: Sun Mar 15 21:15:22 UTC 2015 Modified Files: src/usr.bin/gzip [netbsd-5-2]: Makefile gzip.1 gzip.c zuncompress.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1951): usr.bin/gzip/Makefile: patch usr.bin/gzip/gzip.1: revisions 1.20-1.24 usr.bin/gzip/gzip.c: revisions 1.98-1.107 usr.bin/gzip/zuncompress.c: revisions 1.7-1.8 Sync gzip core with HEAD. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.2.1 src/usr.bin/gzip/Makefile cvs rdiff -u -r1.19 -r1.19.2.1 src/usr.bin/gzip/gzip.1 cvs rdiff -u -r1.93.4.3 -r1.93.4.3.6.1 src/usr.bin/gzip/gzip.c cvs rdiff -u -r1.6.28.1 -r1.6.28.1.2.1 src/usr.bin/gzip/zuncompress.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/gzip/Makefile diff -u src/usr.bin/gzip/Makefile:1.12 src/usr.bin/gzip/Makefile:1.12.2.1 --- src/usr.bin/gzip/Makefile:1.12 Fri Aug 29 00:02:24 2008 +++ src/usr.bin/gzip/Makefile Sun Mar 15 21:15:21 2015 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.12 2008/08/29 00:02:24 gmcgarry Exp $ +# $NetBSD: Makefile,v 1.12.2.1 2015/03/15 21:15:21 snj Exp $ USE_FORT?= yes # data-driven bugs? @@ -30,3 +30,6 @@ LINKS+= ${BINDIR}/gzip ${BINDIR}/gunzip .if (defined(HAVE_GCC) && ${HAVE_GCC} == 4) || defined(HAVE_PCC) COPTS.gzip.c+= -Wno-pointer-sign .endif + +# NetBSD-5 has no -lzma +CPPFLAGS+= -DNO_XZ_SUPPORT Index: src/usr.bin/gzip/gzip.1 diff -u src/usr.bin/gzip/gzip.1:1.19 src/usr.bin/gzip/gzip.1:1.19.2.1 --- src/usr.bin/gzip/gzip.1:1.19 Thu May 29 14:51:27 2008 +++ src/usr.bin/gzip/gzip.1 Sun Mar 15 21:15:21 2015 @@ -1,4 +1,4 @@ -.\" $NetBSD: gzip.1,v 1.19 2008/05/29 14:51:27 mrg Exp $ +.\" $NetBSD: gzip.1,v 1.19.2.1 2015/03/15 21:15:21 snj Exp $ .\" .\" Copyright (c) 1997, 2003, 2004 Matthew R. Green .\" All rights reserved. @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd April 27, 2004 +.Dd January 13, 2015 .Dt GZIP 1 .Os .Sh NAME @@ -138,8 +138,8 @@ embedded in the file. This option causes the stored filename in the input file to be used as the output file. .It Fl n , -no-name -This option stops the filename from being stored in the output -file. +This option stops the filename and timestamp from being stored in +the output file. .It Fl q , -quiet With this option, no warnings or errors are printed. .It Fl r , -recursive @@ -171,6 +171,7 @@ Options on the command line will overrid .Sh SEE ALSO .Xr bzip2 1 , .Xr compress 1 , +.Xr xz 1 , .Xr fts 3 , .Xr zlib 3 .Sh HISTORY @@ -190,9 +191,9 @@ program for This manual documents .Nx .Nm -version 20040427. +version 20150113. .Sh AUTHORS This implementation of .Nm was written by -.An Matthew R. Green Aq m...@eterna.com.au . +.An Matthew R. Green Aq Mt m...@eterna.com.au . Index: src/usr.bin/gzip/gzip.c diff -u src/usr.bin/gzip/gzip.c:1.93.4.3 src/usr.bin/gzip/gzip.c:1.93.4.3.6.1 --- src/usr.bin/gzip/gzip.c:1.93.4.3 Sun Nov 8 22:55:24 2009 +++ src/usr.bin/gzip/gzip.c Sun Mar 15 21:15:22 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: gzip.c,v 1.93.4.3 2009/11/08 22:55:24 snj Exp $ */ +/* $NetBSD: gzip.c,v 1.93.4.3.6.1 2015/03/15 21:15:22 snj Exp $ */ /* * Copyright (c) 1997, 1998, 2003, 2004, 2006 Matthew R. Green @@ -30,7 +30,7 @@ #ifndef lint __COPYRIGHT("@(#) Copyright (c) 1997, 1998, 2003, 2004, 2006\ Matthew R. Green. All rights reserved."); -__RCSID("$NetBSD: gzip.c,v 1.93.4.3 2009/11/08 22:55:24 snj Exp $"); +__RCSID("$NetBSD: gzip.c,v 1.93.4.3.6.1 2015/03/15 21:15:22 snj Exp $"); #endif /* not lint */ /* @@ -81,6 +81,9 @@ enum filetype { #ifndef NO_PACK_SUPPORT FT_PACK, #endif +#ifndef NO_XZ_SUPPORT + FT_XZ, +#endif FT_LAST, FT_UNKNOWN }; @@ -101,6 +104,12 @@ enum filetype { #define PACK_MAGIC "\037\036" #endif +#ifndef NO_XZ_SUPPORT +#include +#define XZ_SUFFIX ".xz" +#define XZ_MAGIC "\3757zXZ" +#endif + #define GZ_SUFFIX ".gz" #define BUFLEN (64 * 1024) @@ -141,6 +150,9 @@ static suffixes_t suffixes[] = { #ifndef NO_COMPRESS_SUPPORT SUFFIX(Z_SUFFIX, ""), #endif +#ifndef NO_XZ_SUPPORT + SUFFIX(XZ_SUFFIX, ""), +#endif SUFFIX(GZ_SUFFIX, ""), /* Overwritten by -S "" */ #endif /* SMALL */ #undef SUFFIX @@ -148,7 +160,7 @@ static suffixes_t suffixes[] = { #define NUM_SUFFIXES (sizeof suffixes / sizeof suffixes[0]) #define SUFFIX_MAXLEN 30 -static const char gzip_version[] = "NetBSD gzip 20091011"; +static const char gzip_version[] = "NetBSD gzip 20150113"; static int cflag; /* stdout mode */ static int dflag; /* decompress mode */ @@ -157,6 +169,7 @@ static int numflag = 6; /* gzip -1..-9 #ifndef SMALL static int fflag; /* force mode */ +static int kflag; /* don't delete input files */ static int nflag; /* don't save name/timestamp */ static int Nflag; /* don't restore name/timestamp */ static int qflag; /* quiet mode *
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Mon Feb 23 09:40:44 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Remove extra line. To generate a diff of this commit: cvs rdiff -u -r1.1.2.17 -r1.1.2.18 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.17 src/doc/CHANGES-5.2.4:1.1.2.18 --- src/doc/CHANGES-5.2.4:1.1.2.17 Mon Feb 23 09:38:29 2015 +++ src/doc/CHANGES-5.2.4 Mon Feb 23 09:40:44 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.17 2015/02/23 09:38:29 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.18 2015/02/23 09:40:44 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2540,7 +2540,6 @@ sys/dev/usb/usbdi.c1.163 (via patch) Clip xfer->actlen also in the !DIAGNOSTIC case. [aymeric, ticket #1948] -Pull up following revision(s) (requested by spz in ticket #1950): dist/bind/lib/dns/zone.c patch Patch for CVE-2015-1349: Revoking a managed trust anchor and supplying
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Mon Feb 23 09:38:29 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket 1950. To generate a diff of this commit: cvs rdiff -u -r1.1.2.16 -r1.1.2.17 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.16 src/doc/CHANGES-5.2.4:1.1.2.17 --- src/doc/CHANGES-5.2.4:1.1.2.16 Wed Feb 11 15:43:00 2015 +++ src/doc/CHANGES-5.2.4 Mon Feb 23 09:38:29 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.16 2015/02/11 15:43:00 martin Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.17 2015/02/23 09:38:29 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2540,3 +2540,10 @@ sys/dev/usb/usbdi.c1.163 (via patch) Clip xfer->actlen also in the !DIAGNOSTIC case. [aymeric, ticket #1948] +Pull up following revision(s) (requested by spz in ticket #1950): +dist/bind/lib/dns/zone.c patch + + Patch for CVE-2015-1349: Revoking a managed trust anchor and supplying + an untrusted replacement could cause named to crash with an assertion + failure. + [spz, ticket #1950]
CVS commit: [netbsd-5-2] src/dist/bind/lib/dns
Module Name:src Committed By: msaitoh Date: Mon Feb 23 09:37:48 UTC 2015 Modified Files: src/dist/bind/lib/dns [netbsd-5-2]: zone.c Log Message: Pull up following revision(s) (requested by spz in ticket #1950): dist/bind/lib/dns/zone.cpatch Patch for CVE-2015-1349: Revoking a managed trust anchor and supplying an untrusted replacement could cause named to crash with an assertion failure. To generate a diff of this commit: cvs rdiff -u -r1.1.1.6.4.4 -r1.1.1.6.4.4.2.1 src/dist/bind/lib/dns/zone.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/bind/lib/dns/zone.c diff -u src/dist/bind/lib/dns/zone.c:1.1.1.6.4.4 src/dist/bind/lib/dns/zone.c:1.1.1.6.4.4.2.1 --- src/dist/bind/lib/dns/zone.c:1.1.1.6.4.4 Wed Jul 25 11:58:51 2012 +++ src/dist/bind/lib/dns/zone.c Mon Feb 23 09:37:48 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: zone.c,v 1.1.1.6.4.4 2012/07/25 11:58:51 jdc Exp $ */ +/* $NetBSD: zone.c,v 1.1.1.6.4.4.2.1 2015/02/23 09:37:48 msaitoh Exp $ */ /* * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") @@ -7671,8 +7671,15 @@ keyfetch_done(isc_task_t *task, isc_even namebuf, tag); trustkey = ISC_TRUE; } + } else { + /* + * No previously known key, and the key is not + * secure, so skip it. + */ + continue; } + /* Delete old version */ if (deletekey || !newkey) CHECK(update_one_rr(kfetch->db, ver, &diff, @@ -7717,7 +7724,7 @@ keyfetch_done(isc_task_t *task, isc_even trust_key(zone, keyname, &dnskey, mctx); } - if (!deletekey) + if (secure && !deletekey) set_refreshkeytimer(zone, &keydata, now); }
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: martin Date: Wed Feb 11 15:43:00 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1948 To generate a diff of this commit: cvs rdiff -u -r1.1.2.15 -r1.1.2.16 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.15 src/doc/CHANGES-5.2.4:1.1.2.16 --- src/doc/CHANGES-5.2.4:1.1.2.15 Wed Feb 11 15:34:30 2015 +++ src/doc/CHANGES-5.2.4 Wed Feb 11 15:43:00 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.15 2015/02/11 15:34:30 martin Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.16 2015/02/11 15:43:00 martin Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2535,3 +2535,8 @@ xfree/xc/programs/Xserver/xkb/xkb.c 1.2 Information leak in the XkbSetGeometry request of X servers. [mrg, ticket #1949] +sys/dev/usb/usbdi.c1.163 (via patch) + + Clip xfer->actlen also in the !DIAGNOSTIC case. + [aymeric, ticket #1948] +
CVS commit: [netbsd-5-2] src/sys/dev/usb
Module Name:src Committed By: martin Date: Wed Feb 11 15:40:12 UTC 2015 Modified Files: src/sys/dev/usb [netbsd-5-2]: usbdi.c Log Message: Pull up following revision(s) (requested by aymeric in ticket #1948): sys/dev/usb/usbdi.c: revision 1.163 clip xfer->actlen also in the !DIAGNOSTIC case To generate a diff of this commit: cvs rdiff -u -r1.124.4.2 -r1.124.4.2.6.1 src/sys/dev/usb/usbdi.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/usbdi.c diff -u src/sys/dev/usb/usbdi.c:1.124.4.2 src/sys/dev/usb/usbdi.c:1.124.4.2.6.1 --- src/sys/dev/usb/usbdi.c:1.124.4.2 Wed Jan 27 20:56:45 2010 +++ src/sys/dev/usb/usbdi.c Wed Feb 11 15:40:12 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: usbdi.c,v 1.124.4.2 2010/01/27 20:56:45 sborrill Exp $ */ +/* $NetBSD: usbdi.c,v 1.124.4.2.6.1 2015/02/11 15:40:12 martin Exp $ */ /* $FreeBSD: src/sys/dev/usb/usbdi.c,v 1.28 1999/11/17 22:33:49 n_hibma Exp $ */ /* @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.124.4.2 2010/01/27 20:56:45 sborrill Exp $"); +__KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.124.4.2.6.1 2015/02/11 15:40:12 martin Exp $"); #include "opt_compat_netbsd.h" @@ -773,13 +773,13 @@ usb_transfer_complete(usbd_xfer_handle x if (!(xfer->flags & USBD_NO_COPY) && xfer->actlen != 0 && usbd_xfer_isread(xfer)) { -#ifdef DIAGNOSTIC if (xfer->actlen > xfer->length) { +#ifdef DIAGNOSTIC printf("usb_transfer_complete: actlen > len %d > %d\n", xfer->actlen, xfer->length); +#endif xfer->actlen = xfer->length; } -#endif memcpy(xfer->buffer, KERNADDR(dmap, 0), xfer->actlen); }
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: martin Date: Wed Feb 11 15:34:30 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1949 To generate a diff of this commit: cvs rdiff -u -r1.1.2.14 -r1.1.2.15 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.14 src/doc/CHANGES-5.2.4:1.1.2.15 --- src/doc/CHANGES-5.2.4:1.1.2.14 Wed Feb 4 04:49:53 2015 +++ src/doc/CHANGES-5.2.4 Wed Feb 11 15:34:30 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.14 2015/02/04 04:49:53 snj Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.15 2015/02/11 15:34:30 martin Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2528,3 +2528,10 @@ lib/libevent/buffer.cpatch Fix CVE-2014-6272. [spz, ticket #1947] +external/mit/xorg-server/dist/xkb/xkb.c 1.2 (via patch) +xfree/xc/programs/Xserver/xkb/xkb.c 1.2 (via patch) + + Apply fixes for CVE-2015-0255: + Information leak in the XkbSetGeometry request of X servers. + [mrg, ticket #1949] +
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Wed Feb 4 04:49:54 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: ticke 1947 To generate a diff of this commit: cvs rdiff -u -r1.1.2.13 -r1.1.2.14 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.13 src/doc/CHANGES-5.2.4:1.1.2.14 --- src/doc/CHANGES-5.2.4:1.1.2.13 Mon Jan 26 11:03:46 2015 +++ src/doc/CHANGES-5.2.4 Wed Feb 4 04:49:53 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.13 2015/01/26 11:03:46 martin Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.14 2015/02/04 04:49:53 snj Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2523,3 +2523,8 @@ lib/libssl/shlib_version Bignum squaring may produce incorrect results (CVE-2014-3570) [spz, ticket #1945] +lib/libevent/buffer.cpatch + + Fix CVE-2014-6272. + [spz, ticket #1947] +
CVS commit: [netbsd-5-2] src/lib/libevent
Module Name:src Committed By: snj Date: Wed Feb 4 04:48:43 UTC 2015 Modified Files: src/lib/libevent [netbsd-5-2]: buffer.c Log Message: Apply patch (requested by spz in ticket 1947): Fix CVE-2014-6272. To generate a diff of this commit: cvs rdiff -u -r1.4.4.1 -r1.4.4.1.6.1 src/lib/libevent/buffer.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libevent/buffer.c diff -u src/lib/libevent/buffer.c:1.4.4.1 src/lib/libevent/buffer.c:1.4.4.1.6.1 --- src/lib/libevent/buffer.c:1.4.4.1 Tue Aug 4 18:32:08 2009 +++ src/lib/libevent/buffer.c Wed Feb 4 04:48:43 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: buffer.c,v 1.4.4.1 2009/08/04 18:32:08 snj Exp $ */ +/* $NetBSD: buffer.c,v 1.4.4.1.6.1 2015/02/04 04:48:43 snj Exp $ */ /* * Copyright (c) 2002, 2003 Niels Provos * All rights reserved. @@ -120,7 +120,8 @@ evbuffer_add_vprintf(struct evbuffer *bu va_list aq; /* make sure that at least some space is available */ - evbuffer_expand(buf, 64); + if (evbuffer_expand(buf, 64) < 0) + return (-1); for (;;) { size_t used = buf->misalign + buf->off; buffer = (char *)buf->buffer + buf->off; @@ -233,31 +234,47 @@ evbuffer_align(struct evbuffer *buf) buf->misalign = 0; } +#ifndef SIZE_MAX +#define SIZE_MAX ((size_t)-1) +#endif + /* Expands the available space in the event buffer to at least datlen */ int evbuffer_expand(struct evbuffer *buf, size_t datlen) { - size_t need = buf->misalign + buf->off + datlen; + size_t used = buf->misalign + buf->off; + + assert(buf->totallen >= used); /* If we can fit all the data, then we don't have to do anything */ - if (buf->totallen >= need) + if (buf->totallen - used >= datlen) return (0); + /* If we would need to overflow to fit this much data, we can't + * do anything. */ + if (datlen > SIZE_MAX - buf->off) + return (-1); /* * If the misalignment fulfills our data needs, we just force an * alignment to happen. Afterwards, we have enough space. */ - if (buf->misalign >= datlen) { + if (buf->totallen - buf->off >= datlen) { evbuffer_align(buf); } else { void *newbuf; size_t length = buf->totallen; + size_t need = buf->off + datlen; if (length < 256) length = 256; - while (length < need) - length <<= 1; + if (need < SIZE_MAX / 2) { + while (length < need) { +length <<= 1; + } + } else { + length = need; + } if (buf->orig_buffer != buf->buffer) evbuffer_align(buf); @@ -274,10 +291,10 @@ evbuffer_expand(struct evbuffer *buf, si int evbuffer_add(struct evbuffer *buf, const void *data, size_t datlen) { - size_t need = buf->misalign + buf->off + datlen; + size_t used = buf->misalign + buf->off; size_t oldoff = buf->off; - if (buf->totallen < need) { + if (buf->totallen - used < datlen) { if (evbuffer_expand(buf, datlen) == -1) return (-1); }
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: martin Date: Mon Jan 26 11:03:46 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1945 To generate a diff of this commit: cvs rdiff -u -r1.1.2.12 -r1.1.2.13 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.12 src/doc/CHANGES-5.2.4:1.1.2.13 --- src/doc/CHANGES-5.2.4:1.1.2.12 Wed Jan 7 18:43:39 2015 +++ src/doc/CHANGES-5.2.4 Mon Jan 26 11:03:46 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.12 2015/01/07 18:43:39 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.13 2015/01/26 11:03:46 martin Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -2449,3 +2449,77 @@ etc/rc.d/ntpd 1.15 New ntpd wants to be able to translate ntp into a port number after chroot, so give it its own small copy of /etc/services in the chroot [he, ticket #1940] + +crypto/dist/openssl/apps/s_client.c patch +crypto/dist/openssl/apps/s_server.c patch +crypto/dist/openssl/apps/speed.c patch +crypto/dist/openssl/crypto/Makefile patch +crypto/dist/openssl/crypto/constant_time_locl.h patch +crypto/dist/openssl/crypto/cversion.c patch +crypto/dist/openssl/crypto/asn1/a_bitstr.cpatch +crypto/dist/openssl/crypto/asn1/a_type.c patch +crypto/dist/openssl/crypto/asn1/a_verify.cpatch +crypto/dist/openssl/crypto/asn1/asn1.hpatch +crypto/dist/openssl/crypto/asn1/asn1_err.cpatch +crypto/dist/openssl/crypto/asn1/tasn_dec.cpatch +crypto/dist/openssl/crypto/asn1/x_algor.c patch +crypto/dist/openssl/crypto/bio/bio.h patch +crypto/dist/openssl/crypto/bio/bss_dgram.cpatch +crypto/dist/openssl/crypto/bn/bn_asm.cpatch +crypto/dist/openssl/crypto/bn/bntest.cpatch +crypto/dist/openssl/crypto/bn/asm/mips3.s patch +crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.cpatch +crypto/dist/openssl/crypto/dsa/dsa_vrf.c patch +crypto/dist/openssl/crypto/ec/ec_mult.c patch +crypto/dist/openssl/crypto/ec/ec_pmeth.c patch +crypto/dist/openssl/crypto/ecdsa/ecs_vrf.cpatch +crypto/dist/openssl/crypto/evp/Makefile patch +crypto/dist/openssl/crypto/evp/evp_enc.c patch +crypto/dist/openssl/crypto/objects/obj_xref.h patch +crypto/dist/openssl/crypto/objects/objxref.pl patch +crypto/dist/openssl/crypto/ts/ts_rsp_sign.c patch +crypto/dist/openssl/crypto/x509/x509.hpatch +crypto/dist/openssl/crypto/x509/x509_vpm.cpatch +crypto/dist/openssl/crypto/x509/x_all.c patch +crypto/dist/openssl/ssl/d1_both.c patch +crypto/dist/openssl/ssl/d1_clnt.c patch +crypto/dist/openssl/ssl/d1_enc.c patch +crypto/dist/openssl/ssl/d1_lib.c patch +crypto/dist/openssl/ssl/d1_pkt.c patch +crypto/dist/openssl/ssl/d1_srvr.c patch +crypto/dist/openssl/ssl/dtls1.h patch +crypto/dist/openssl/ssl/s23_srvr.cpatch +crypto/dist/openssl/ssl/s2_enc.c patch +crypto/dist/openssl/ssl/s2_pkt.c patch +crypto/dist/openssl/ssl/s2_srvr.c patch +crypto/dist/openssl/ssl/s3_both.c patch +crypto/dist/openssl/ssl/s3_clnt.c patch +crypto/dist/openssl/ssl/s3_enc.c patch +crypto/dist/openssl/ssl/s3_lib.c patch +crypto/dist/openssl/ssl/s3_pkt.c patch +crypto/dist/openssl/ssl/s3_srvr.c patch +crypto/dist/openssl/ssl/ssl.h patch +crypto/dist/openssl/ssl/ssl_cert.cpatch +crypto/dist/openssl/ssl/ssl_lib.c patch +crypto/dist/openssl/ssl/ssl_locl.hpatch +crypto/dist/openssl/util/libeay.num patch +crypto/dist/openssl/util/mk1mf.pl
CVS commit: [netbsd-5-2] src
Module Name:src Committed By: martin Date: Mon Jan 26 11:02:37 UTC 2015 Modified Files: src/crypto/dist/openssl/apps [netbsd-5-2]: s_client.c s_server.c speed.c src/crypto/dist/openssl/crypto [netbsd-5-2]: Makefile constant_time_locl.h cversion.c src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_bitstr.c a_type.c a_verify.c asn1.h asn1_err.c tasn_dec.c x_algor.c src/crypto/dist/openssl/crypto/bio [netbsd-5-2]: bio.h bss_dgram.c src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn_asm.c bntest.c src/crypto/dist/openssl/crypto/bn/asm [netbsd-5-2]: mips3.s x86_64-gcc.c src/crypto/dist/openssl/crypto/dsa [netbsd-5-2]: dsa_vrf.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec_mult.c ec_pmeth.c src/crypto/dist/openssl/crypto/ecdsa [netbsd-5-2]: ecs_vrf.c src/crypto/dist/openssl/crypto/evp [netbsd-5-2]: Makefile evp_enc.c src/crypto/dist/openssl/crypto/objects [netbsd-5-2]: obj_xref.h objxref.pl src/crypto/dist/openssl/crypto/ts [netbsd-5-2]: ts_rsp_sign.c src/crypto/dist/openssl/crypto/x509 [netbsd-5-2]: x509.h x509_vpm.c x_all.c src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_both.c d1_clnt.c d1_enc.c d1_lib.c d1_pkt.c d1_srvr.c dtls1.h s23_srvr.c s2_enc.c s2_pkt.c s2_srvr.c s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c ssl.h ssl_cert.c ssl_lib.c ssl_locl.h src/crypto/dist/openssl/util [netbsd-5-2]: libeay.num mk1mf.pl src/distrib/sets/lists/base [netbsd-5-2]: md.amd64 md.sparc64 shl.mi src/lib/libcrypto [netbsd-5-2]: shlib_version src/lib/libssl [netbsd-5-2]: shlib_version Log Message: Change the following, requested by spz in ticket #1945: crypto/dist/openssl/apps/s_client.c patch crypto/dist/openssl/apps/s_server.c patch crypto/dist/openssl/apps/speed.c patch crypto/dist/openssl/crypto/Makefile patch crypto/dist/openssl/crypto/constant_time_locl.h patch crypto/dist/openssl/crypto/cversion.cpatch crypto/dist/openssl/crypto/asn1/a_bitstr.c patch crypto/dist/openssl/crypto/asn1/a_type.c patch crypto/dist/openssl/crypto/asn1/a_verify.c patch crypto/dist/openssl/crypto/asn1/asn1.h patch crypto/dist/openssl/crypto/asn1/asn1_err.c patch crypto/dist/openssl/crypto/asn1/tasn_dec.c patch crypto/dist/openssl/crypto/asn1/x_algor.cpatch crypto/dist/openssl/crypto/bio/bio.h patch crypto/dist/openssl/crypto/bio/bss_dgram.c patch crypto/dist/openssl/crypto/bn/bn_asm.c patch crypto/dist/openssl/crypto/bn/bntest.c patch crypto/dist/openssl/crypto/bn/asm/mips3.spatch crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c patch crypto/dist/openssl/crypto/dsa/dsa_vrf.c patch crypto/dist/openssl/crypto/ec/ec_mult.c patch crypto/dist/openssl/crypto/ec/ec_pmeth.c patch crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c patch crypto/dist/openssl/crypto/evp/Makefile patch crypto/dist/openssl/crypto/evp/evp_enc.c patch crypto/dist/openssl/crypto/objects/obj_xref.hpatch crypto/dist/openssl/crypto/objects/objxref.plpatch crypto/dist/openssl/crypto/ts/ts_rsp_sign.c patch crypto/dist/openssl/crypto/x509/x509.h patch crypto/dist/openssl/crypto/x509/x509_vpm.c patch crypto/dist/openssl/crypto/x509/x_all.c patch crypto/dist/openssl/ssl/d1_both.cpatch crypto/dist/openssl/ssl/d1_clnt.cpatch crypto/dist/openssl/ssl/d1_enc.c patch crypto/dist/openssl/ssl/d1_lib.c patch crypto/dist/openssl/ssl/d1_pkt.c patch crypto/dist/openssl/ssl/d1_srvr.cpatch crypto/dist/openssl/ssl/dtls1.h patch crypto/dist/openssl/ssl/s23_srvr.c patch crypto/dist/openssl/ssl/s2_enc.c patch crypto/dist/openssl/ssl/s2_pkt.c patch crypto/dist/openssl/ssl/s2_srvr.cpatch
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Wed Jan 7 18:43:39 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket 1938 and 1940. To generate a diff of this commit: cvs rdiff -u -r1.1.2.11 -r1.1.2.12 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.11 src/doc/CHANGES-5.2.4:1.1.2.12 --- src/doc/CHANGES-5.2.4:1.1.2.11 Mon Jan 5 23:33:26 2015 +++ src/doc/CHANGES-5.2.4 Wed Jan 7 18:43:39 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.11 2015/01/05 23:33:26 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.12 2015/01/07 18:43:39 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -151,3 +151,2301 @@ usr.sbin/bind/include/isc/platform.h 1. setup can cause BIND to issue an unlimited sequence of queries to follow a delegation. [spz, ticket #1937] + +dist/ntp/COPYRIGHT delete +dist/ntp/ChangeLog delete +dist/ntp/CommitLog delete +dist/ntp/CommitLog-4.1.0 delete +dist/ntp/ElectricFence/CHANGES delete +dist/ntp/ElectricFence/COPYING delete +dist/ntp/ElectricFence/Makefile.amdelete +dist/ntp/ElectricFence/Makefile.indelete +dist/ntp/ElectricFence/README delete +dist/ntp/ElectricFence/efence.c delete +dist/ntp/ElectricFence/efence.h delete +dist/ntp/ElectricFence/eftest.c delete +dist/ntp/ElectricFence/libefence.3delete +dist/ntp/ElectricFence/page.c delete +dist/ntp/ElectricFence/print.c delete +dist/ntp/ElectricFence/tstheap.cdelete +dist/ntp/INSTALL delete +dist/ntp/Makefile.am delete +dist/ntp/Makefile.in delete +dist/ntp/NEWS delete +dist/ntp/NOTES.y2kfixes delete +dist/ntp/README delete +dist/ntp/README.bk delete +dist/ntp/README.hackers delete +dist/ntp/README.patches delete +dist/ntp/README.refclocks delete +dist/ntp/README.versions delete +dist/ntp/TODO delete +dist/ntp/WHERE-TO-START delete +dist/ntp/aclocal.m4 delete +dist/ntp/adjtimed/Makefile.am delete +dist/ntp/adjtimed/Makefile.in delete +dist/ntp/adjtimed/README delete +dist/ntp/adjtimed/adjtimed.c delete +dist/ntp/arlib/COPYING delete +dist/ntp/arlib/INSTALL delete +dist/ntp/arlib/Makefile.am delete +dist/ntp/arlib/Makefile.in delete +dist/ntp/arlib/README delete +dist/ntp/arlib/UNSHAR.HDR delete +dist/ntp/arlib/aclocal.m4 delete +dist/ntp/arlib/arlib.3 delete +dist/ntp/arlib/arlib.c delete +dist/ntp/arlib/arlib.h delete +dist/ntp/arlib/arplib.h delete +dist/ntp/arlib/configure delete +dist/ntp/arlib/configure.in delete +dist/ntp/arlib/depcomp delete +dist/ntp/arlib/install-sh delete +dist/ntp/arlib/missing delete +dist/ntp/arlib/sample.c delete +dist/ntp/bincheck.mf delete +dist/ntp/bootstrap delete +dist/ntp/build delete +dist/ntp/clockstuff/Makefile.am delete +dist/ntp/clockstuff/Makefile.in delete +dist/ntp/clockstuff/README delete +dist/ntp/clockstuff/chutest.c delete +dist/ntp/clockstuff/clktest.c delete +dist/ntp/clockstuff/propdelay.c delete +dist/ntp/compile delete +dist/ntp/conf/README delete +dist/ntp/conf/baldwin.conf delete +dist/ntp/conf/beauregard.conf delete +dist/ntp/conf/grundoon.conf delete +dist/ntp/conf/malarky.conf delete +dist/ntp/conf/pogo.conf delete +dist/ntp/conf/rackety.conf delete +dist/ntp/config.guess delete +dist/ntp/config.h.in delete +dist/ntp/config.sub delete +dist/ntp/configure delete +dist/ntp/configure.ac delete +dist/ntp/depcomp delete +dist/ntp/dot.emacs delete +dist/ntp/excludes delete +dist/ntp/flock-build delete +dist/ntp/html/accopt.html delete +dist/ntp/html/assoc.html delete +dist/ntp/html/audio.html delete +dist/ntp/html/authopt.html delete +dist/ntp/html/build/build.html delete +dist/ntp/html/build/config.html delete +dist/ntp/html/build/hints.html delete +dist/ntp/html/build/hints/a-ux delete +dist/ntp/html/build/hints/aix delete +dist/ntp/html/build/hints/bsdi delete +dist/ntp/html/build/hints/changesdelete +dist/ntp/html/build/hints/decosf1delete +dist/ntp/html/build/hints/decosf2delete +dist/ntp/html/build/hints/freebsddelete +dist/ntp/html/build/hints/hpux delete +dist/ntp/html/build/hints/linux delete +dist/ntp/html/build/hints/mpeix delete +dist/ntp/html/build/hints/netbsddelete +dist/ntp/html/build/hints/notes-xntp-v3delete +dist/ntp/html/build/hints/parse delete +dist/ntp/html/build/hints/refclocksdelete +dist/ntp/html/build/hints/rs6000delete +dist/ntp/html/build/hints/sco.htmldelete +dist/ntp/html/build/hints/sgi delete +dist/ntp/html/build/hints/solaris-dosynctod
CVS commit: [netbsd-5-2] src/etc/rc.d
Module Name:src Committed By: msaitoh Date: Wed Jan 7 18:41:06 UTC 2015 Modified Files: src/etc/rc.d [netbsd-5-2]: ntpd Log Message: Pull up following revision(s) (requested by he in ticket #1940): etc/rc.d/ntpd: revision 1.15 new ntpd wants to be able to translate ntp into a port number after chroot, so give it its own small copy of /etc/services in the chroot To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.13.60.1 src/etc/rc.d/ntpd Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/etc/rc.d/ntpd diff -u src/etc/rc.d/ntpd:1.13 src/etc/rc.d/ntpd:1.13.60.1 --- src/etc/rc.d/ntpd:1.13 Fri Aug 13 18:08:03 2004 +++ src/etc/rc.d/ntpd Wed Jan 7 18:41:06 2015 @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: ntpd,v 1.13 2004/08/13 18:08:03 mycroft Exp $ +# $NetBSD: ntpd,v 1.13.60.1 2015/01/07 18:41:06 msaitoh Exp $ # # PROVIDE: ntpd @@ -49,6 +49,21 @@ ntpd_precmd() fi ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift + if [ ! -d "${ntpd_chrootdir}/etc" ]; then + mkdir "${ntpd_chrootdir}/etc" + fi + if [ ! -f "${ntpd_chrootdir}/etc/services" ]; then + getent services ntp/udp ntp/tcp \ + > "${ntpd_chrootdir}/etc/services" + fi + if [ ! -d "${ntpd_chrootdir}/var/db" ]; then + mkdir -p "${ntpd_chrootdir}/var/db" + fi + if [ ! -f "${ntpd_chrootdir}/var/db/services.cdb" ]; then + services_mkdb -o "${ntpd_chrootdir}/var/db/services.cdb" \ + "${ntpd_chrootdir}/etc/services" + fi + # Change run_rc_commands()'s internal copy of $ntpd_flags # rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags"
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Mon Jan 5 23:33:26 UTC 2015 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Update ticket 1937. To generate a diff of this commit: cvs rdiff -u -r1.1.2.10 -r1.1.2.11 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.10 src/doc/CHANGES-5.2.4:1.1.2.11 --- src/doc/CHANGES-5.2.4:1.1.2.10 Thu Dec 25 23:31:43 2014 +++ src/doc/CHANGES-5.2.4 Mon Jan 5 23:33:26 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.10 2014/12/25 23:31:43 he Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.11 2015/01/05 23:33:26 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -144,6 +144,7 @@ dist/bind/lib/isc/include/isc/types.h dist/bind/lib/isccfg/namedconf.cpatch lib/libisc/Makefile patch usr.sbin/bind/Makefile.inc patch +usr.sbin/bind/include/isc/platform.h 1.18 Apply fix for BIND, backported from the patch for 9.8.8 from ISC. This is a fix for CVE-2014-8500, where a maliciously constructed
CVS commit: [netbsd-5-2] src/usr.sbin/bind/include/isc
Module Name:src Committed By: msaitoh Date: Mon Jan 5 23:27:01 UTC 2015 Modified Files: src/usr.sbin/bind/include/isc [netbsd-5-2]: platform.h Log Message: Pullup the following revision (requested by he in ticket #1937): src/external/bsd/bind/include/isc/platform.hrev. 1.18 What ISC wraps under ISC_PLATFORM_HAVEXADD appears to be 32-bit atomic adds, and I beleive all our platforms can do that. Therefore, no need to conditionalize that definition under __HAVE_ATOMIC64_OPS. To generate a diff of this commit: cvs rdiff -u -r1.9.4.1 -r1.9.4.1.2.1 src/usr.sbin/bind/include/isc/platform.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/bind/include/isc/platform.h diff -u src/usr.sbin/bind/include/isc/platform.h:1.9.4.1 src/usr.sbin/bind/include/isc/platform.h:1.9.4.1.2.1 --- src/usr.sbin/bind/include/isc/platform.h:1.9.4.1 Thu Jan 6 21:42:52 2011 +++ src/usr.sbin/bind/include/isc/platform.h Mon Jan 5 23:27:01 2015 @@ -258,9 +258,7 @@ * If the "xadd" operation is available on this architecture, * ISC_PLATFORM_HAVEXADD will be defined. */ -#ifdef __HAVE_ATOMIC64_OPS #define ISC_PLATFORM_HAVEXADD 1 -#endif /* * If the "xaddq" operation (64bit xadd) is available on this architecture,
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: he Date: Thu Dec 25 23:31:43 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket 1937. To generate a diff of this commit: cvs rdiff -u -r1.1.2.9 -r1.1.2.10 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.9 src/doc/CHANGES-5.2.4:1.1.2.10 --- src/doc/CHANGES-5.2.4:1.1.2.9 Mon Dec 22 12:58:13 2014 +++ src/doc/CHANGES-5.2.4 Thu Dec 25 23:31:43 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.9 2014/12/22 12:58:13 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.10 2014/12/25 23:31:43 he Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -128,3 +128,25 @@ xsrc/xfree/xc/programs/Xserver/render/re CVE-2013-6424 [mrg, ticket #1935] +dist/bind/lib/isc/counter.c new, via patch +dist/bind/lib/isc/include/isc/counter.h new, via patch +dist/bind/bin/named/config.cpatch +dist/bind/bin/named/query.c patch +dist/bind/bin/named/server.cpatch +dist/bind/lib/dns/adb.c patch +dist/bind/lib/dns/resolver.cpatch +dist/bind/lib/dns/include/dns/adb.h patch +dist/bind/lib/dns/include/dns/resolver.hpatch +dist/bind/lib/export/isc/Makefile.inpatch +dist/bind/lib/isc/Makefile.in patch +dist/bind/lib/isc/include/isc/Makefile.in patch +dist/bind/lib/isc/include/isc/types.h patch +dist/bind/lib/isccfg/namedconf.cpatch +lib/libisc/Makefile patch +usr.sbin/bind/Makefile.inc patch + + Apply fix for BIND, backported from the patch for 9.8.8 from ISC. + This is a fix for CVE-2014-8500, where a maliciously constructed + setup can cause BIND to issue an unlimited sequence of queries to + follow a delegation. + [spz, ticket #1937]
CVS commit: [netbsd-5-2] src
Module Name:src Committed By: he Date: Thu Dec 25 23:30:59 UTC 2014 Modified Files: src/dist/bind/bin/named [netbsd-5-2]: config.c query.c server.c src/dist/bind/lib/dns [netbsd-5-2]: adb.c resolver.c src/dist/bind/lib/dns/include/dns [netbsd-5-2]: adb.h resolver.h src/dist/bind/lib/export/isc [netbsd-5-2]: Makefile.in src/dist/bind/lib/isc [netbsd-5-2]: Makefile.in src/dist/bind/lib/isc/include/isc [netbsd-5-2]: Makefile.in types.h src/dist/bind/lib/isccfg [netbsd-5-2]: namedconf.c src/lib/libisc [netbsd-5-2]: Makefile src/usr.sbin/bind [netbsd-5-2]: Makefile.inc Added Files: src/dist/bind/lib/isc [netbsd-5-2]: counter.c src/dist/bind/lib/isc/include/isc [netbsd-5-2]: counter.h Log Message: Apply fix for BIND, backported from the patch for 9.8.8 from ISC. This is a fix for CVE-2014-8500, where a maliciously constructed setup can cause BIND to issue an unlimited sequence of queries to follow a delegation. [spz, ticket #1937] To generate a diff of this commit: cvs rdiff -u -r1.1.1.8.4.4 -r1.1.1.8.4.4.2.1 src/dist/bind/bin/named/config.c cvs rdiff -u -r1.8.4.7.2.1 -r1.8.4.7.2.2 src/dist/bind/bin/named/query.c cvs rdiff -u -r1.1.1.9.4.4 -r1.1.1.9.4.4.2.1 src/dist/bind/bin/named/server.c cvs rdiff -u -r1.6.4.4 -r1.6.4.4.2.1 src/dist/bind/lib/dns/adb.c cvs rdiff -u -r1.8.4.6 -r1.8.4.6.2.1 src/dist/bind/lib/dns/resolver.c cvs rdiff -u -r1.1.1.5.4.3 -r1.1.1.5.4.3.2.1 \ src/dist/bind/lib/dns/include/dns/adb.h cvs rdiff -u -r1.1.1.5.4.4 -r1.1.1.5.4.4.2.1 \ src/dist/bind/lib/dns/include/dns/resolver.h cvs rdiff -u -r1.1.2.3 -r1.1.2.3.2.1 src/dist/bind/lib/export/isc/Makefile.in cvs rdiff -u -r1.1.1.6.4.4 -r1.1.1.6.4.4.2.1 \ src/dist/bind/lib/isc/Makefile.in cvs rdiff -u -r0 -r1.1.4.2 src/dist/bind/lib/isc/counter.c cvs rdiff -u -r1.1.1.5.4.4 -r1.1.1.5.4.4.2.1 \ src/dist/bind/lib/isc/include/isc/Makefile.in \ src/dist/bind/lib/isc/include/isc/types.h cvs rdiff -u -r0 -r1.1.4.2 src/dist/bind/lib/isc/include/isc/counter.h cvs rdiff -u -r1.1.1.7.4.4 -r1.1.1.7.4.4.2.1 \ src/dist/bind/lib/isccfg/namedconf.c cvs rdiff -u -r1.2.4.2 -r1.2.4.2.2.1 src/lib/libisc/Makefile cvs rdiff -u -r1.32.4.1 -r1.32.4.1.2.1 src/usr.sbin/bind/Makefile.inc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/bind/bin/named/config.c diff -u src/dist/bind/bin/named/config.c:1.1.1.8.4.4 src/dist/bind/bin/named/config.c:1.1.1.8.4.4.2.1 --- src/dist/bind/bin/named/config.c:1.1.1.8.4.4 Wed Jul 25 11:57:23 2012 +++ src/dist/bind/bin/named/config.c Thu Dec 25 23:30:58 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: config.c,v 1.1.1.8.4.4 2012/07/25 11:57:23 jdc Exp $ */ +/* $NetBSD: config.c,v 1.1.1.8.4.4.2.1 2014/12/25 23:30:58 he Exp $ */ /* * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") @@ -75,6 +75,8 @@ options {\n\ listen-on {any;};\n\ listen-on-v6 {none;};\n\ match-mapped-addresses no;\n\ + max-recursion-depth 7;\n\ + max-recursion-queries 50;\n\ memstatistics-file \"named.memstats\";\n\ multiple-cnames no;\n\ # named-xfer ;\n\ Index: src/dist/bind/bin/named/query.c diff -u src/dist/bind/bin/named/query.c:1.8.4.7.2.1 src/dist/bind/bin/named/query.c:1.8.4.7.2.2 --- src/dist/bind/bin/named/query.c:1.8.4.7.2.1 Wed Jan 15 10:11:43 2014 +++ src/dist/bind/bin/named/query.c Thu Dec 25 23:30:58 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: query.c,v 1.8.4.7.2.1 2014/01/15 10:11:43 bouyer Exp $ */ +/* $NetBSD: query.c,v 1.8.4.7.2.2 2014/12/25 23:30:58 he Exp $ */ /* * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") @@ -3338,11 +3338,11 @@ query_recurse(ns_client_t *client, dns_r peeraddr = &client->peeraddr; else peeraddr = NULL; - result = dns_resolver_createfetch2(client->view->resolver, + result = dns_resolver_createfetch3(client->view->resolver, client->query.qname, qtype, qdomain, nameservers, NULL, peeraddr, client->message->id, - client->query.fetchoptions, + client->query.fetchoptions, 0, NULL, client->task, query_resume, client, rdataset, sigrdataset, Index: src/dist/bind/bin/named/server.c diff -u src/dist/bind/bin/named/server.c:1.1.1.9.4.4 src/dist/bind/bin/named/server.c:1.1.1.9.4.4.2.1 --- src/dist/bind/bin/named/server.c:1.1.1.9.4.4 Wed Jul 25 11:57:25 2012 +++ src/dist/bind/bin/named/server.c Thu Dec 25 23:30:58 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: server.c,v 1.1.1.9.4.4 2012/07/25 11:57:25 jdc Exp $ */ +/* $NetBSD: server.c,v 1.1.1.9.4.4.2.1 2014/12/25 23:30:58 he Exp $ */ /* * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") @@ -1837,6 +1837,16 @@ configure_view(dns_view_t *view, cfg_obj udpsize = 4096; dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize); + obj = NULL; + result = ns_config_get(maps, "max-recursion-depth", &obj); + INSIST(result == ISC_R_SUCCESS); +
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Mon Dec 22 12:58:13 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Update ticket 1935. To generate a diff of this commit: cvs rdiff -u -r1.1.2.8 -r1.1.2.9 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.8 src/doc/CHANGES-5.2.4:1.1.2.9 --- src/doc/CHANGES-5.2.4:1.1.2.8 Mon Dec 15 07:14:22 2014 +++ src/doc/CHANGES-5.2.4 Mon Dec 22 12:58:13 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.8 2014/12/15 07:14:22 snj Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.9 2014/12/22 12:58:13 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -53,6 +53,7 @@ xsrc/external/mit/xorg-server/dist/Xi/se xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c patch xsrc/external/mit/xorg-server/dist/dbe/dbe.cpatch xsrc/external/mit/xorg-server/dist/dix/dispatch.c patch +xsrc/external/mit/xorg-server/dist/exa/exa_render.c 1.2 xsrc/external/mit/xorg-server/dist/glx/glxcmds.c patch xsrc/external/mit/xorg-server/dist/glx/glxcmdsswap.c patch xsrc/external/mit/xorg-server/dist/glx/glxserver.h patch @@ -74,6 +75,7 @@ xsrc/external/mit/xorg-server/dist/inclu xsrc/external/mit/xorg-server/dist/os/access.c patch, 1.3 via patch xsrc/external/mit/xorg-server/dist/os/rpcauth.c patch xsrc/external/mit/xorg-server/dist/randr/rrsdispatch.c patch +xsrc/external/mit/xorg-server/dist/render/picture.h 1.2 xsrc/external/mit/xorg-server/dist/render/render.c patch xsrc/external/mit/xorg-server/dist/xfixes/select.c patch xsrc/xfree/xc/programs/Xserver/GL/glx/glxcmds.c 1.2 @@ -121,5 +123,8 @@ xsrc/xfree/xc/programs/Xserver/render/re CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 + If t->bottom is close to MIN_INT, removing top can wraparound, so do + the check properly. + CVE-2013-6424 [mrg, ticket #1935]
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Mon Dec 15 07:14:22 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: update 1935 To generate a diff of this commit: cvs rdiff -u -r1.1.2.7 -r1.1.2.8 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.7 src/doc/CHANGES-5.2.4:1.1.2.8 --- src/doc/CHANGES-5.2.4:1.1.2.7 Fri Dec 12 06:59:16 2014 +++ src/doc/CHANGES-5.2.4 Mon Dec 15 07:14:22 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.7 2014/12/12 06:59:16 snj Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.8 2014/12/15 07:14:22 snj Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -80,12 +80,14 @@ xsrc/xfree/xc/programs/Xserver/GL/glx/gl xsrc/xfree/xc/programs/Xserver/GL/glx/glxcmdsswap.c 1.2 xsrc/xfree/xc/programs/Xserver/GL/glx/glxserver.h 1.2 xsrc/xfree/xc/programs/Xserver/GL/glx/rensize.c 1.2 -xsrc/xfree/xc/programs/Xserver/GL/glx/single2.c 1.2 -xsrc/xfree/xc/programs/Xserver/GL/glx/single2swap.c 1.2 -xsrc/xfree/xc/programs/Xserver/GL/glx/singlepix.c 1.2 -xsrc/xfree/xc/programs/Xserver/GL/glx/singlepixswap.c 1.2 +xsrc/xfree/xc/programs/Xserver/GL/glx/single2.c 1.2, patch +xsrc/xfree/xc/programs/Xserver/GL/glx/single2swap.c 1.2, patch +xsrc/xfree/xc/programs/Xserver/GL/glx/singlepix.c 1.2, patch +xsrc/xfree/xc/programs/Xserver/GL/glx/singlepixswap.c 1.2, patch xsrc/xfree/xc/programs/Xserver/GL/glx/unpack.h 1.2 +xsrc/xfree/xc/programs/Xserver/Xext/EVI.c patch xsrc/xfree/xc/programs/Xserver/Xext/xcmisc.c 1.3 +xsrc/xfree/xc/programs/Xserver/Xext/xf86vmode.c patch xsrc/xfree/xc/programs/Xserver/Xext/xvdisp.c 1.2 xsrc/xfree/xc/programs/Xserver/Xi/chgdctl.c 1.2 xsrc/xfree/xc/programs/Xserver/Xi/chgfctl.c 1.2
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Fri Dec 12 06:59:16 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: update 1935 To generate a diff of this commit: cvs rdiff -u -r1.1.2.6 -r1.1.2.7 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.6 src/doc/CHANGES-5.2.4:1.1.2.7 --- src/doc/CHANGES-5.2.4:1.1.2.6 Wed Dec 10 23:00:36 2014 +++ src/doc/CHANGES-5.2.4 Fri Dec 12 06:59:16 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.6 2014/12/10 23:00:36 snj Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.7 2014/12/12 06:59:16 snj Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -76,6 +76,28 @@ xsrc/external/mit/xorg-server/dist/os/rp xsrc/external/mit/xorg-server/dist/randr/rrsdispatch.c patch xsrc/external/mit/xorg-server/dist/render/render.c patch xsrc/external/mit/xorg-server/dist/xfixes/select.c patch +xsrc/xfree/xc/programs/Xserver/GL/glx/glxcmds.c 1.2 +xsrc/xfree/xc/programs/Xserver/GL/glx/glxcmdsswap.c 1.2 +xsrc/xfree/xc/programs/Xserver/GL/glx/glxserver.h 1.2 +xsrc/xfree/xc/programs/Xserver/GL/glx/rensize.c 1.2 +xsrc/xfree/xc/programs/Xserver/GL/glx/single2.c 1.2 +xsrc/xfree/xc/programs/Xserver/GL/glx/single2swap.c 1.2 +xsrc/xfree/xc/programs/Xserver/GL/glx/singlepix.c 1.2 +xsrc/xfree/xc/programs/Xserver/GL/glx/singlepixswap.c 1.2 +xsrc/xfree/xc/programs/Xserver/GL/glx/unpack.h 1.2 +xsrc/xfree/xc/programs/Xserver/Xext/xcmisc.c 1.3 +xsrc/xfree/xc/programs/Xserver/Xext/xvdisp.c 1.2 +xsrc/xfree/xc/programs/Xserver/Xi/chgdctl.c 1.2 +xsrc/xfree/xc/programs/Xserver/Xi/chgfctl.c 1.2 +xsrc/xfree/xc/programs/Xserver/Xi/sendexev.c 1.2 +xsrc/xfree/xc/programs/Xserver/dbe/dbe.c 1.3 +xsrc/xfree/xc/programs/Xserver/dix/dispatch.c 1.2 +xsrc/xfree/xc/programs/Xserver/include/dix.h 1.2 +xsrc/xfree/xc/programs/Xserver/include/misc.h 1.2 +xsrc/xfree/xc/programs/Xserver/os/access.c 1.7 +xsrc/xfree/xc/programs/Xserver/os/rpcauth.c 1.2 +xsrc/xfree/xc/programs/Xserver/randr/randr.c 1.2 +xsrc/xfree/xc/programs/Xserver/render/render.c 1.4 apply fixes for X.Org Security Advisory: Dec. 9, 2014 Protocol handling issues in X Window System servers
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Wed Dec 10 23:00:36 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: update 1935 To generate a diff of this commit: cvs rdiff -u -r1.1.2.5 -r1.1.2.6 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.5 src/doc/CHANGES-5.2.4:1.1.2.6 --- src/doc/CHANGES-5.2.4:1.1.2.5 Tue Dec 9 20:00:15 2014 +++ src/doc/CHANGES-5.2.4 Wed Dec 10 23:00:36 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.5 2014/12/09 20:00:15 snj Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.6 2014/12/10 23:00:36 snj Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -69,9 +69,9 @@ xsrc/external/mit/xorg-server/dist/glx/s xsrc/external/mit/xorg-server/dist/glx/swap_interval.c patch xsrc/external/mit/xorg-server/dist/glx/unpack.h patch xsrc/external/mit/xorg-server/dist/hw/xfree86/dri2/dri2ext.c patch -xsrc/external/mit/xorg-server/dist/include/dix.h patch +xsrc/external/mit/xorg-server/dist/include/dix.h patch, 1.3 xsrc/external/mit/xorg-server/dist/include/misc.h patch -xsrc/external/mit/xorg-server/dist/os/access.c patch +xsrc/external/mit/xorg-server/dist/os/access.c patch, 1.3 via patch xsrc/external/mit/xorg-server/dist/os/rpcauth.c patch xsrc/external/mit/xorg-server/dist/randr/rrsdispatch.c patch xsrc/external/mit/xorg-server/dist/render/render.c patch
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Tue Dec 9 20:00:16 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: 1935 To generate a diff of this commit: cvs rdiff -u -r1.1.2.4 -r1.1.2.5 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.4 src/doc/CHANGES-5.2.4:1.1.2.5 --- src/doc/CHANGES-5.2.4:1.1.2.4 Sun Nov 23 05:00:24 2014 +++ src/doc/CHANGES-5.2.4 Tue Dec 9 20:00:15 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.4 2014/11/23 05:00:24 snj Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.5 2014/12/09 20:00:15 snj Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -45,3 +45,57 @@ share/zoneinfo/zone1970.tab patch * Changes to historical data. [apb, ticket #1934] +xsrc/external/mit/xorg-server/dist/Xext/xcmisc.c patch +xsrc/external/mit/xorg-server/dist/Xext/xvdisp.c patch +xsrc/external/mit/xorg-server/dist/Xi/chgdctl.c patch +xsrc/external/mit/xorg-server/dist/Xi/chgfctl.c patch +xsrc/external/mit/xorg-server/dist/Xi/sendexev.c patch +xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c patch +xsrc/external/mit/xorg-server/dist/dbe/dbe.cpatch +xsrc/external/mit/xorg-server/dist/dix/dispatch.c patch +xsrc/external/mit/xorg-server/dist/glx/glxcmds.c patch +xsrc/external/mit/xorg-server/dist/glx/glxcmdsswap.c patch +xsrc/external/mit/xorg-server/dist/glx/glxserver.h patch +xsrc/external/mit/xorg-server/dist/glx/indirect_program.c patch +xsrc/external/mit/xorg-server/dist/glx/indirect_reqsize.c patch +xsrc/external/mit/xorg-server/dist/glx/indirect_reqsize.h patch +xsrc/external/mit/xorg-server/dist/glx/indirect_texture_compression.c patch +xsrc/external/mit/xorg-server/dist/glx/indirect_util.c patch +xsrc/external/mit/xorg-server/dist/glx/rensize.c patch +xsrc/external/mit/xorg-server/dist/glx/single2.c patch +xsrc/external/mit/xorg-server/dist/glx/single2swap.c patch +xsrc/external/mit/xorg-server/dist/glx/singlepix.c patch +xsrc/external/mit/xorg-server/dist/glx/singlepixswap.c patch +xsrc/external/mit/xorg-server/dist/glx/swap_interval.c patch +xsrc/external/mit/xorg-server/dist/glx/unpack.h patch +xsrc/external/mit/xorg-server/dist/hw/xfree86/dri2/dri2ext.c patch +xsrc/external/mit/xorg-server/dist/include/dix.h patch +xsrc/external/mit/xorg-server/dist/include/misc.h patch +xsrc/external/mit/xorg-server/dist/os/access.c patch +xsrc/external/mit/xorg-server/dist/os/rpcauth.c patch +xsrc/external/mit/xorg-server/dist/randr/rrsdispatch.c patch +xsrc/external/mit/xorg-server/dist/render/render.c patch +xsrc/external/mit/xorg-server/dist/xfixes/select.c patch + + apply fixes for X.Org Security Advisory: Dec. 9, 2014 + Protocol handling issues in X Window System servers + included are fixes for: + denial of service due to unchecked malloc in client authentication + CVE-2014-8091 + integer overflows calculating memory needs for requests + CVE-2014-8092 + CVE-2014-8093 + CVE-2014-8094 + out of bounds access due to not validating length or offset values + in requests + CVE-2014-8095 + CVE-2014-8096 + CVE-2014-8097 + CVE-2014-8098 + CVE-2014-8099 + CVE-2014-8100 + CVE-2014-8101 + CVE-2014-8102 + CVE-2014-8103 + [mrg, ticket #1935] +
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Sun Nov 23 05:00:24 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: addition to ticket 1934 To generate a diff of this commit: cvs rdiff -u -r1.1.2.3 -r1.1.2.4 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.3 src/doc/CHANGES-5.2.4:1.1.2.4 --- src/doc/CHANGES-5.2.4:1.1.2.3 Fri Nov 21 09:19:38 2014 +++ src/doc/CHANGES-5.2.4 Sun Nov 23 05:00:24 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.3 2014/11/21 09:19:38 sborrill Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.4 2014/11/23 05:00:24 snj Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -20,6 +20,7 @@ sys/dev/raidframe/rf_reconstruct.c 1.12 Fixes PR kern/49244. [oster, ticket #1933] +distrib/sets/lists/base/mi 1.1090 doc/3RDPARTY patch share/zoneinfo/NEWSnew share/zoneinfo/africapatch
CVS commit: [netbsd-5-2] src/distrib/sets/lists/base
Module Name:src Committed By: snj Date: Sun Nov 23 04:59:33 UTC 2014 Modified Files: src/distrib/sets/lists/base [netbsd-5-2]: mi Log Message: Pull up following revision(s) (requested by apb in ticket #1934): distrib/sets/lists/base/mi: revision 1.1090 Add ./usr/share/zoneinfo/Pacific/Bougainville for tzdata2014i To generate a diff of this commit: cvs rdiff -u -r1.780.2.25.2.3 -r1.780.2.25.2.4 src/distrib/sets/lists/base/mi Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/base/mi diff -u src/distrib/sets/lists/base/mi:1.780.2.25.2.3 src/distrib/sets/lists/base/mi:1.780.2.25.2.4 --- src/distrib/sets/lists/base/mi:1.780.2.25.2.3 Fri Aug 15 23:06:18 2014 +++ src/distrib/sets/lists/base/mi Sun Nov 23 04:59:32 2014 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.780.2.25.2.3 2014/08/15 23:06:18 riz Exp $ +# $NetBSD: mi,v 1.780.2.25.2.4 2014/11/23 04:59:32 snj Exp $ # # Note: Don't delete entries from here - mark them as "obsolete" instead, # unless otherwise stated below. @@ -4880,6 +4880,7 @@ ./usr/share/zoneinfo/Pacific base-sys-share ./usr/share/zoneinfo/Pacific/Apia base-sys-share share ./usr/share/zoneinfo/Pacific/Auckland base-sys-share share +./usr/share/zoneinfo/Pacific/Bougainville base-sys-share share ./usr/share/zoneinfo/Pacific/Chatham base-sys-share share ./usr/share/zoneinfo/Pacific/Chuuk base-sys-share share ./usr/share/zoneinfo/Pacific/Easter base-sys-share share
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: sborrill Date: Fri Nov 21 09:19:38 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1934 To generate a diff of this commit: cvs rdiff -u -r1.1.2.2 -r1.1.2.3 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.2 src/doc/CHANGES-5.2.4:1.1.2.3 --- src/doc/CHANGES-5.2.4:1.1.2.2 Fri Nov 21 08:25:52 2014 +++ src/doc/CHANGES-5.2.4 Fri Nov 21 09:19:38 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.2 2014/11/21 08:25:52 sborrill Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.3 2014/11/21 09:19:38 sborrill Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -20,3 +20,27 @@ sys/dev/raidframe/rf_reconstruct.c 1.12 Fixes PR kern/49244. [oster, ticket #1933] +doc/3RDPARTY patch +share/zoneinfo/NEWSnew +share/zoneinfo/africapatch +share/zoneinfo/antarctica patch +share/zoneinfo/asiapatch +share/zoneinfo/australasia patch +share/zoneinfo/backwardpatch +share/zoneinfo/backzonenew +share/zoneinfo/europepatch +share/zoneinfo/leapseconds patch +share/zoneinfo/leapseconds.awk patch +share/zoneinfo/northamerica patch +share/zoneinfo/southamerica patch +share/zoneinfo/zone.tabpatch +share/zoneinfo/zone1970.tab patch + + Update tzdata from 2014f to 2014j. Some of the changes are: + * A new Zone Pacific/Bougainville, for the part of Papua New Guinea + that plans to switch from UTC+10 to UTC+11 on 2014-12-28 at 02:00. + * Changes for Fiji, Belarus, and Turks & Caicos that take effect + at various times in 2014. + * Changes to historical data. + [apb, ticket #1934] +
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: sborrill Date: Fri Nov 21 08:25:52 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Ticket #1933 To generate a diff of this commit: cvs rdiff -u -r1.1.2.1 -r1.1.2.2 src/doc/CHANGES-5.2.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.4 diff -u src/doc/CHANGES-5.2.4:1.1.2.1 src/doc/CHANGES-5.2.4:1.1.2.2 --- src/doc/CHANGES-5.2.4:1.1.2.1 Wed Nov 19 06:47:26 2014 +++ src/doc/CHANGES-5.2.4 Fri Nov 21 08:25:52 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.4,v 1.1.2.1 2014/11/19 06:47:26 snj Exp $ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.2 2014/11/21 08:25:52 sborrill Exp $ A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 release: @@ -11,3 +11,12 @@ sys/sys/param.h patched by hand Welcome to 5.2.3_PATCH. [snj] +sys/dev/raidframe/raidframevar.h 1.17 +sys/dev/raidframe/rf_netbsdkintf.c 1.316 +sys/dev/raidframe/rf_reconstruct.c 1.121 via patch + + Fix a long-standing bug related to rebooting while a + reconstruct-to-spare is underway but not yet complete. + Fixes PR kern/49244. + [oster, ticket #1933] +
CVS commit: [netbsd-5-2] src/sys/dev/raidframe
Module Name:src Committed By: sborrill Date: Thu Nov 20 12:25:10 UTC 2014 Modified Files: src/sys/dev/raidframe [netbsd-5-2]: raidframevar.h rf_netbsdkintf.c rf_reconstruct.c Log Message: Pull up the following revisions(s) (requested by oster in ticket #1933): sys/dev/raidframe/raidframevar.h: revision 1.17 sys/dev/raidframe/rf_netbsdkintf.c: revision 1.316 sys/dev/raidframe/rf_reconstruct.c: revision 1.121 via patch Fix a long-standing bug related to rebooting while a reconstruct-to-spare is underway but not yet complete. Fixes PR kern/49244. To generate a diff of this commit: cvs rdiff -u -r1.12.10.3 -r1.12.10.3.2.1 src/sys/dev/raidframe/raidframevar.h cvs rdiff -u -r1.250.4.13 -r1.250.4.13.2.1 \ src/sys/dev/raidframe/rf_netbsdkintf.c cvs rdiff -u -r1.105.4.6 -r1.105.4.6.2.1 \ src/sys/dev/raidframe/rf_reconstruct.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/raidframe/raidframevar.h diff -u src/sys/dev/raidframe/raidframevar.h:1.12.10.3 src/sys/dev/raidframe/raidframevar.h:1.12.10.3.2.1 --- src/sys/dev/raidframe/raidframevar.h:1.12.10.3 Wed Jun 13 14:00:49 2012 +++ src/sys/dev/raidframe/raidframevar.h Thu Nov 20 12:25:10 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: raidframevar.h,v 1.12.10.3 2012/06/13 14:00:49 sborrill Exp $ */ +/* $NetBSD: raidframevar.h,v 1.12.10.3.2.1 2014/11/20 12:25:10 sborrill Exp $ */ /*- * Copyright (c) 1996, 1997, 1998 The NetBSD Foundation, Inc. * All rights reserved. @@ -384,17 +384,17 @@ struct RF_SparetWait_s { * IF YOU ADD A STATE, CHECK TO SEE IF YOU NEED TO MODIFY RF_DEAD_DISK(). */ enum RF_DiskStatus_e { -rf_ds_optimal, /* no problems */ -rf_ds_failed, /* reconstruction ongoing */ -rf_ds_reconstructing, /* reconstruction complete to spare, dead disk - * not yet replaced */ -rf_ds_dist_spared, /* reconstruction complete to distributed + rf_ds_optimal, /* no problems */ + rf_ds_failed, /* disk has failed */ + rf_ds_reconstructing, /* reconstruction ongoing */ + rf_ds_dist_spared, /* reconstruction complete to distributed * spare space, dead disk not yet replaced */ -rf_ds_spared, /* reconstruction complete to distributed - * spare space, dead disk not yet replaced */ -rf_ds_spare,/* an available spare disk */ -rf_ds_used_spare/* a spare which has been used, and hence is + rf_ds_spared, /* reconstruction complete, dead disk not + yet replaced */ + rf_ds_spare,/* an available spare disk */ + rf_ds_used_spare, /* a spare which has been used, and hence is * not available */ + rf_ds_rebuilding_spare /* a spare which is being rebuilt to */ }; typedef enum RF_DiskStatus_e RF_DiskStatus_t; Index: src/sys/dev/raidframe/rf_netbsdkintf.c diff -u src/sys/dev/raidframe/rf_netbsdkintf.c:1.250.4.13 src/sys/dev/raidframe/rf_netbsdkintf.c:1.250.4.13.2.1 --- src/sys/dev/raidframe/rf_netbsdkintf.c:1.250.4.13 Wed Oct 24 03:03:53 2012 +++ src/sys/dev/raidframe/rf_netbsdkintf.c Thu Nov 20 12:25:10 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: rf_netbsdkintf.c,v 1.250.4.13 2012/10/24 03:03:53 riz Exp $ */ +/* $NetBSD: rf_netbsdkintf.c,v 1.250.4.13.2.1 2014/11/20 12:25:10 sborrill Exp $ */ /*- * Copyright (c) 1996, 1997, 1998, 2008 The NetBSD Foundation, Inc. * All rights reserved. @@ -139,7 +139,7 @@ ***/ #include -__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.250.4.13 2012/10/24 03:03:53 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: rf_netbsdkintf.c,v 1.250.4.13.2.1 2014/11/20 12:25:10 sborrill Exp $"); #include #include @@ -1466,6 +1466,10 @@ raidioctl(dev_t dev, u_long cmd, void *d } for (j = d_cfg->cols, i = 0; i < d_cfg->nspares; i++, j++) { d_cfg->spares[i] = raidPtr->Disks[j]; + if (d_cfg->spares[i].status == rf_ds_rebuilding_spare) { +/* XXX: raidctl(8) expects to see this as a used spare */ +d_cfg->spares[i].status = rf_ds_used_spare; + } } retcode = copyout(d_cfg, *ucfgp, sizeof(RF_DeviceConfig_t)); RF_Free(d_cfg, sizeof(RF_DeviceConfig_t)); Index: src/sys/dev/raidframe/rf_reconstruct.c diff -u src/sys/dev/raidframe/rf_reconstruct.c:1.105.4.6 src/sys/dev/raidframe/rf_reconstruct.c:1.105.4.6.2.1 --- src/sys/dev/raidframe/rf_reconstruct.c:1.105.4.6 Wed Jun 13 14:00:49 2012 +++ src/sys/dev/raidframe/rf_reconstruct.c Thu Nov 20 12:25:10 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: rf_reconstruct.c,v 1.105.4.6 2012/06/13 14:00:49 sborrill Exp $ */ +/* $NetBSD: rf_reconstruct.c,v 1.105.4.6.2.1 2014/11/20 12:25:10 sborrill Exp $ */ /* * Copyright (c) 1995 Carnegie-Mellon University. * All rights reserved. @@ -33,7 +
CVS commit: [netbsd-5-2] src
Module Name:src Committed By: snj Date: Wed Nov 19 06:47:26 UTC 2014 Modified Files: src/doc [netbsd-5-2]: LAST_MINUTE README.files src/gnu/usr.bin/groff/tmac [netbsd-5-2]: mdoc.local src/sys/sys [netbsd-5-2]: param.h Added Files: src/doc [netbsd-5-2]: CHANGES-5.2.4 Log Message: Oh hi, 5.2.3_PATCH. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1.2.1 src/doc/CHANGES-5.2.4 cvs rdiff -u -r1.2.30.3.2.3 -r1.2.30.3.2.4 src/doc/LAST_MINUTE cvs rdiff -u -r1.4.10.4.2.5 -r1.4.10.4.2.6 src/doc/README.files cvs rdiff -u -r1.43.4.18.2.5 -r1.43.4.18.2.6 \ src/gnu/usr.bin/groff/tmac/mdoc.local cvs rdiff -u -r1.330.4.18.2.6 -r1.330.4.18.2.7 src/sys/sys/param.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/LAST_MINUTE diff -u src/doc/LAST_MINUTE:1.2.30.3.2.3 src/doc/LAST_MINUTE:1.2.30.3.2.4 --- src/doc/LAST_MINUTE:1.2.30.3.2.3 Sat Nov 15 08:13:01 2014 +++ src/doc/LAST_MINUTE Wed Nov 19 06:47:26 2014 @@ -1,6 +1,6 @@ -# $NetBSD: LAST_MINUTE,v 1.2.30.3.2.3 2014/11/15 08:13:01 snj Exp $ +# $NetBSD: LAST_MINUTE,v 1.2.30.3.2.4 2014/11/19 06:47:26 snj Exp $ -This file contains important information on the NetBSD 5.2.3 release that +This file contains important information on the NetBSD 5.2.4 release that did not make it into the main documentation. [all] Index: src/doc/README.files diff -u src/doc/README.files:1.4.10.4.2.5 src/doc/README.files:1.4.10.4.2.6 --- src/doc/README.files:1.4.10.4.2.5 Mon Jan 27 21:30:24 2014 +++ src/doc/README.files Wed Nov 19 06:47:26 2014 @@ -1,4 +1,4 @@ -# $NetBSD: README.files,v 1.4.10.4.2.5 2014/01/27 21:30:24 bouyer Exp $ +# $NetBSD: README.files,v 1.4.10.4.2.6 2014/11/19 06:47:26 snj Exp $ What's in this directory: @@ -16,6 +16,8 @@ CHANGES-5.2.2 Changes between the 5.2.1 CHANGES-5.2.3 Changes between the 5.2.2 and 5.2.3 releases. +CHANGES-5.2.4 Changes between the 5.2.3 and 5.2.4 releases. + CHANGES.prev Changes in previous NetBSD releases. LAST_MINUTE Last minute changes and notes about the release. @@ -30,7 +32,7 @@ source/sets/ Source distribution sets; s In addition to the files and directories listed above, there is one directory per architecture, for each of the architectures for which -NetBSD 5.2.3 has a binary distribution. The contents of each +NetBSD 5.2.4 has a binary distribution. The contents of each architecture's directory are described in an "INSTALL" file found in that directory. Index: src/gnu/usr.bin/groff/tmac/mdoc.local diff -u src/gnu/usr.bin/groff/tmac/mdoc.local:1.43.4.18.2.5 src/gnu/usr.bin/groff/tmac/mdoc.local:1.43.4.18.2.6 --- src/gnu/usr.bin/groff/tmac/mdoc.local:1.43.4.18.2.5 Mon Jan 27 21:21:24 2014 +++ src/gnu/usr.bin/groff/tmac/mdoc.local Wed Nov 19 06:47:26 2014 @@ -1,4 +1,4 @@ -.\" $NetBSD: mdoc.local,v 1.43.4.18.2.5 2014/01/27 21:21:24 bouyer Exp $ +.\" $NetBSD: mdoc.local,v 1.43.4.18.2.6 2014/11/19 06:47:26 snj Exp $ .\" .\" Copyright (c) 2003, 2004 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -44,9 +44,9 @@ .as doc-str-St--ieee1275-94 " (\*[Lq]\*[doc-Tn-font-size]Open Firmware\*[doc-str-St]\*[Rq]) . .\" Default .Os value -.ds doc-operating-system NetBSD\~5.2.3 +.ds doc-operating-system NetBSD\~5.2.3_PATCH .\" Default footer operating system value -.ds doc-default-operating-system NetBSD\~5.2.3 +.ds doc-default-operating-system NetBSD\~5.2.3_PATCH .\" Other known versions, not yet in groff distribution .ds doc-operating-system-NetBSD-1.3.3 1.3.3 .ds doc-operating-system-NetBSD-1.6.3 1.6.3 Index: src/sys/sys/param.h diff -u src/sys/sys/param.h:1.330.4.18.2.6 src/sys/sys/param.h:1.330.4.18.2.7 --- src/sys/sys/param.h:1.330.4.18.2.6 Sat Nov 15 08:13:01 2014 +++ src/sys/sys/param.h Wed Nov 19 06:47:26 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: param.h,v 1.330.4.18.2.6 2014/11/15 08:13:01 snj Exp $ */ +/* $NetBSD: param.h,v 1.330.4.18.2.7 2014/11/19 06:47:26 snj Exp $ */ /*- * Copyright (c) 1982, 1986, 1989, 1993 @@ -63,7 +63,7 @@ * 2.99.9 (299000900) */ -#define __NetBSD_Version__ 502000300 /* NetBSD 5.2.3 */ +#define __NetBSD_Version__ 502000300 /* NetBSD 5.2.3_PATCH */ #define __NetBSD_Prereq__(M,m,p) (M) * 1) + \ (m) * 100) + (p) * 100) <= __NetBSD_Version__) Added files: Index: src/doc/CHANGES-5.2.4 diff -u /dev/null src/doc/CHANGES-5.2.4:1.1.2.1 --- /dev/null Wed Nov 19 06:47:26 2014 +++ src/doc/CHANGES-5.2.4 Wed Nov 19 06:47:26 2014 @@ -0,0 +1,13 @@ +# $NetBSD: CHANGES-5.2.4,v 1.1.2.1 2014/11/19 06:47:26 snj Exp $ + +A complete list of changes from the NetBSD 5.2.3 release to the NetBSD 5.2.4 +release: + +doc/LAST_MINUTE patched by hand +doc/README.filespatched by hand +gnu/usr.bin/groff/tmac/mdoc.local patched by hand +sys/sys/param.h patched by hand + + Welcome to 5.2.3_PATCH. + [snj] +
CVS commit: [netbsd-5-2] src
Module Name:src Committed By: snj Date: Sat Nov 15 08:13:01 UTC 2014 Modified Files: src/distrib/notes/common [netbsd-5-2]: main src/doc [netbsd-5-2]: CHANGES-5.2.3 LAST_MINUTE src/sys/sys [netbsd-5-2]: param.h Log Message: Welcome to 5.2.3! To generate a diff of this commit: cvs rdiff -u -r1.425.2.16.2.7 -r1.425.2.16.2.8 src/distrib/notes/common/main cvs rdiff -u -r1.1.2.25 -r1.1.2.26 src/doc/CHANGES-5.2.3 cvs rdiff -u -r1.2.30.3.2.2 -r1.2.30.3.2.3 src/doc/LAST_MINUTE cvs rdiff -u -r1.330.4.18.2.5 -r1.330.4.18.2.6 src/sys/sys/param.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/notes/common/main diff -u src/distrib/notes/common/main:1.425.2.16.2.7 src/distrib/notes/common/main:1.425.2.16.2.8 --- src/distrib/notes/common/main:1.425.2.16.2.7 Fri Nov 7 08:03:09 2014 +++ src/distrib/notes/common/main Sat Nov 15 08:13:01 2014 @@ -1,4 +1,4 @@ -.\" $NetBSD: main,v 1.425.2.16.2.7 2014/11/07 08:03:09 msaitoh Exp $ +.\" $NetBSD: main,v 1.425.2.16.2.8 2014/11/15 08:13:01 snj Exp $ .\" .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -50,7 +50,7 @@ .as MACHINE_LIST " sgimips shark sparc sparc64 sun2 sun3 vax x68k xen zaurus . .so \*[.CURDIR]/../common/macros . -.Dd January 18, 2014 +.Dd November 15, 2014 .Dt INSTALL 8 .Os NetBSD .Sh NAME @@ -452,47 +452,91 @@ possible, it's likely that wouldn't exist. . .if \n[FOR_RELEASE] \{\ +.Ss Changes Between The NetBSD 5.2.2 and 5.2.3 Releases +.Pp +.Nx +\*V +is the third critical/security update of the NetBSD 5.2 release branch. +It represents a selected subset of fixes deemed critical for security +or stability reasons. .Pp The complete list of changes can be found in the -CHANGES-5.2.2: -.Lk http://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.2.2/CHANGES-5.2.2 -file in the top level directory of the NetBSD 5.2.2 release tree. An abbreviated list is as follows: +CHANGES-5.2.3: +.Lk http://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.2.3/CHANGES-5.2.3 +file in the top level directory of the NetBSD 5.2.3 release tree. An abbreviated list is as follows: .Ss2 Security Advisory Fixes .(bullet -NetBSD-SA2013-010: -.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-010.txt.asc -Use after free in Xserver handling of ImageText requests (CVE-2013-4396) -.It -NetBSD-SA2013-011: -.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-011.txt.asc -embryonic TCP sockets local DoS -.It -NetBSD-SA2013-012: -.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-012.txt.asc -Router Advertisement sysctl local Denial of Service -.It -NetBSD-SA2014-001: -.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-001.txt.asc -Stack buffer overflow in libXfont (CVE-2013-6462) -.It -NetBSD-SA2014-002: -.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-002.txt.asc -ntpd used as DDoS amplifier +NetBSD-SA2014-005: +.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-005.txt.asc +libXfont multiple vulnerabilities +.It +NetBSD-SA2014-006: +.Lk http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-006.txt.asc +Multiple OpenSSL vulnerabilities +.It +NetBSD-SA2014-007: +.Lk http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc +bozohttpd basic http authentication bypass +.It +NetBSD-SA2014-008: +.Lk http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc +Multiple OpenSSL vulnerabilities +.It +NetBSD-SA2014-010: +.Lk http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-010.txt.asc +Multiple vulnerabilities in the compatibility layers +.It +NetBSD-SA2014-011: +.Lk http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-011.txt.asc +User-controlled memory allocation in the +.Xr modctl 2 +system call +.It +NetBSD-SA2014-012: +.Lk http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-012.txt.asc +Memory leak in the +.Xr setsockopt 2 +system call +.It +NetBSD-SA2014-013: +.Lk http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc +.Xr ftp 1 +can be made to execute arbitrary commands +.It +NetBSD-SA2014-014: +.Lk http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-014.txt.asc +Multiple vulnerabilities in the +.Xr mount 2 +system call +.It +NetBSD-SA2014-015: +.Lk http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc +OpenSSL and SSLv3 vulnerabilities .bullet) . .Pp -Advisories prior to NetBSD-SA2013-010 do not affect -NetBSD 5.2.2: -.Lk http://www.NetBSD.org/support/security/patches-5.2.2.html . -.Ss2 Other Security Fixes +Advisories prior to NetBSD-SA2014-005 do not affect +NetBSD 5.2.3: +.Lk http://www.NetBSD.org/support/security/patches-5.2.3.html . +.Ss2 Kernel .(bullet -bind: Fix CVE-2014-0591. +Reject unaligned PCI config register ioctl requests before we kassert
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Sun Nov 9 05:28:52 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Add some files for ticket 1931. To generate a diff of this commit: cvs rdiff -u -r1.1.2.24 -r1.1.2.25 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.24 src/doc/CHANGES-5.2.3:1.1.2.25 --- src/doc/CHANGES-5.2.3:1.1.2.24 Fri Nov 7 08:04:42 2014 +++ src/doc/CHANGES-5.2.3 Sun Nov 9 05:28:52 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.24 2014/11/07 08:04:42 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.25 2014/11/09 05:28:52 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -362,6 +362,14 @@ distrib/common/Makefile.bootcd 1.18 distrib/notes/common/main 1.484 distrib/notes/macppc/prep.OPENFIRMWARE 1.15 distrib/notes/sparc/install 1.57 +distrib/alpha/cdroms/installcd/Makefile 1.2 +distrib/pmax/cdroms/installcd/Makefile 1.2 +distrib/prep/cdroms/installcd/Makefile 1.3 +distrib/sgimips/cdroms/installcd/Makefile 1.2 +distrib/sparc/cdroms/installcd/Makefile 1.2 +distrib/sparc64/cdroms/installcd/Makefile 1.14 +distrib/sun3/cdroms/installcd/Makefile 1.2 +distrib/vax/cdroms/installcd/Makefile 1.2 etc/Makefile 1.394 share/man/man7/release.7 1.32
CVS commit: [netbsd-5-2] src/distrib
Module Name:src Committed By: msaitoh Date: Sat Nov 8 12:26:37 UTC 2014 Modified Files: src/distrib/alpha/cdroms/installcd [netbsd-5-2]: Makefile src/distrib/pmax/cdroms/installcd [netbsd-5-2]: Makefile src/distrib/prep/cdroms/installcd [netbsd-5-2]: Makefile src/distrib/sgimips/cdroms/installcd [netbsd-5-2]: Makefile src/distrib/sparc/cdroms/installcd [netbsd-5-2]: Makefile src/distrib/sparc64/cdroms/installcd [netbsd-5-2]: Makefile src/distrib/sun3/cdroms/installcd [netbsd-5-2]: Makefile src/distrib/vax/cdroms/installcd [netbsd-5-2]: Makefile Log Message: Pullup follwing revisions to fix build break of ticket 1931 on some archs. distrib/alpha/cdroms/installcd/Makefile 1.2 distrib/pmax/cdroms/installcd/Makefile 1.2 distrib/prep/cdroms/installcd/Makefile 1.3 distrib/sgimips/cdroms/installcd/Makefile 1.2 distrib/sparc/cdroms/installcd/Makefile 1.2 distrib/sparc64/cdroms/installcd/Makefile 1.14 distrib/sun3/cdroms/installcd/Makefile 1.2 distrib/vax/cdroms/installcd/Makefile 1.2 Use ${CDIMAGE} instead of ${CDBASE}.iso. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.1.40.1 src/distrib/alpha/cdroms/installcd/Makefile cvs rdiff -u -r1.1 -r1.1.40.1 src/distrib/pmax/cdroms/installcd/Makefile cvs rdiff -u -r1.2 -r1.2.22.1 src/distrib/prep/cdroms/installcd/Makefile cvs rdiff -u -r1.1 -r1.1.40.1 src/distrib/sgimips/cdroms/installcd/Makefile cvs rdiff -u -r1.1 -r1.1.40.1 src/distrib/sparc/cdroms/installcd/Makefile cvs rdiff -u -r1.1 -r1.1.34.1 src/distrib/sparc64/cdroms/installcd/Makefile cvs rdiff -u -r1.1 -r1.1.40.1 src/distrib/sun3/cdroms/installcd/Makefile cvs rdiff -u -r1.1 -r1.1.40.1 src/distrib/vax/cdroms/installcd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/alpha/cdroms/installcd/Makefile diff -u src/distrib/alpha/cdroms/installcd/Makefile:1.1 src/distrib/alpha/cdroms/installcd/Makefile:1.1.40.1 --- src/distrib/alpha/cdroms/installcd/Makefile:1.1 Tue Mar 6 21:56:49 2007 +++ src/distrib/alpha/cdroms/installcd/Makefile Sat Nov 8 12:26:36 2014 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.1 2007/03/06 21:56:49 bouyer Exp $ +# $NetBSD: Makefile,v 1.1.40.1 2014/11/08 12:26:36 msaitoh Exp $ CDBASE= alphacd # gives ${CDBASE}.iso CDINSTKERNEL= ../../instkernel/instkernel CDKERNELS= netbsd netbsd @@ -6,7 +6,7 @@ CDRELEASE= true # include $RELEASEDIR/ #make the CD bootable image_md_post: - ${TOOL_INSTALLBOOT} -m${MACHINE} ${CDBASE}.iso bootxx.${MACHINE} + ${TOOL_INSTALLBOOT} -m${MACHINE} ${CDIMAGE} bootxx.${MACHINE} .include "${.CURDIR}/../../../common/Makefile.bootcd" Index: src/distrib/pmax/cdroms/installcd/Makefile diff -u src/distrib/pmax/cdroms/installcd/Makefile:1.1 src/distrib/pmax/cdroms/installcd/Makefile:1.1.40.1 --- src/distrib/pmax/cdroms/installcd/Makefile:1.1 Tue Mar 6 21:57:16 2007 +++ src/distrib/pmax/cdroms/installcd/Makefile Sat Nov 8 12:26:36 2014 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.1 2007/03/06 21:57:16 bouyer Exp $ +# $NetBSD: Makefile,v 1.1.40.1 2014/11/08 12:26:36 msaitoh Exp $ CDBASE= pmaxcd # gives ${CDBASE}.iso CDRELEASE= true # include $RELEASEDIR/$MACHINE CDKERNELS= netbsd-INSTALL.gz netbsd @@ -6,6 +6,6 @@ CDINSTKERNEL= ../../instkernel #make the CD bootable image_md_post: - ${TOOL_INSTALLBOOT} -m${MACHINE} ${CDBASE}.iso bootxx.${MACHINE} + ${TOOL_INSTALLBOOT} -m${MACHINE} ${CDIMAGE} bootxx.${MACHINE} .include "${.CURDIR}/../../../common/Makefile.bootcd" Index: src/distrib/prep/cdroms/installcd/Makefile diff -u src/distrib/prep/cdroms/installcd/Makefile:1.2 src/distrib/prep/cdroms/installcd/Makefile:1.2.22.1 --- src/distrib/prep/cdroms/installcd/Makefile:1.2 Wed Apr 30 08:08:32 2008 +++ src/distrib/prep/cdroms/installcd/Makefile Sat Nov 8 12:26:37 2014 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.2 2008/04/30 08:08:32 garbled Exp $ +# $NetBSD: Makefile,v 1.2.22.1 2014/11/08 12:26:37 msaitoh Exp $ CDBASE= prepcd # gives ${CDBASE}.iso CDRELEASE= true # include $RELEASEDIR/$MACHINE CDMAKEFSOPTIONS=bootimage=powerpc;cdrom/prep/installation/floppy/sysinst_com0.fs @@ -8,7 +8,7 @@ CDMAKEFSOPTIONS=bootimage=powerpc;cdrom/ # it. image_md_post: - ${TOOL_FDISK} -F -f -b 1/255/16065 -0 -s 65/80/2799 -i ${CDBASE}.iso - ${TOOL_FDISK} -F -f -b 1/255/16065 -0 -s 65/80/2799 -u ${CDBASE}.iso + ${TOOL_FDISK} -F -f -b 1/255/16065 -0 -s 65/80/2799 -i ${CDIMAGE} + ${TOOL_FDISK} -F -f -b 1/255/16065 -0 -s 65/80/2799 -u ${CDIMAGE} .include "${.CURDIR}/../../../common/Makefile.bootcd" Index: src/distrib/sgimips/cdroms/installcd/Makefile diff -u src/distrib/sgimips/cdroms/installcd/Makefile:1.1 src/distrib/sgimips/cdroms/installcd/Makefile:1.1.40.1 --- src/distrib/sgimips/cdroms/installcd/Makefile:1.1 Tue Mar 6 21:57:22 2007 +++ src/distrib/sgimips/cdroms/installcd/Makefile Sat Nov 8 12:26:37 2014
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Fri Nov 7 08:04:42 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1931. To generate a diff of this commit: cvs rdiff -u -r1.1.2.23 -r1.1.2.24 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.23 src/doc/CHANGES-5.2.3:1.1.2.24 --- src/doc/CHANGES-5.2.3:1.1.2.23 Wed Nov 5 14:50:58 2014 +++ src/doc/CHANGES-5.2.3 Fri Nov 7 08:04:42 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.23 2014/11/05 14:50:58 sborrill Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.24 2014/11/07 08:04:42 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -358,3 +358,13 @@ share/man/man7/release.7 1.33-1.36 via this. [snj, ticket #1930] +distrib/common/Makefile.bootcd 1.18 +distrib/notes/common/main 1.484 +distrib/notes/macppc/prep.OPENFIRMWARE 1.15 +distrib/notes/sparc/install 1.57 +etc/Makefile 1.394 +share/man/man7/release.7 1.32 + + Change release ISO's more meaningful names like NetBSD-5.2.3-i386.iso + instead of i386cd.iso. Fix PR# install/44593. + [snj, ticket #1931]
CVS commit: [netbsd-5-2] src
Module Name:src Committed By: msaitoh Date: Fri Nov 7 08:03:09 UTC 2014 Modified Files: src/distrib/common [netbsd-5-2]: Makefile.bootcd src/distrib/notes/common [netbsd-5-2]: main src/distrib/notes/macppc [netbsd-5-2]: prep.OPENFIRMWARE src/distrib/notes/sparc [netbsd-5-2]: install src/etc [netbsd-5-2]: Makefile src/share/man/man7 [netbsd-5-2]: release.7 Log Message: Pull up following revision(s) (requested by snj in ticket #1931): share/man/man7/release.7: revision 1.32 distrib/common/Makefile.bootcd: revision 1.18 distrib/notes/macppc/prep.OPENFIRMWARE: revision 1.15 distrib/notes/sparc/install: revision 1.57 etc/Makefile: revision 1.394 distrib/notes/common/main: revision 1.484 PR# install/44593: Please give release ISO's more meaningful names Change release ISO filenames, what was once 'i386cd.iso' will now look like 'NetBSD-5.99.60-i386.iso'. ok snj@ To generate a diff of this commit: cvs rdiff -u -r1.14.2.1.10.1 -r1.14.2.1.10.2 \ src/distrib/common/Makefile.bootcd cvs rdiff -u -r1.425.2.16.2.6 -r1.425.2.16.2.7 src/distrib/notes/common/main cvs rdiff -u -r1.11.2.2.6.1 -r1.11.2.2.6.2 \ src/distrib/notes/macppc/prep.OPENFIRMWARE cvs rdiff -u -r1.55 -r1.55.14.1 src/distrib/notes/sparc/install cvs rdiff -u -r1.359.2.6 -r1.359.2.6.6.1 src/etc/Makefile cvs rdiff -u -r1.25.4.1.6.1 -r1.25.4.1.6.2 src/share/man/man7/release.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/common/Makefile.bootcd diff -u src/distrib/common/Makefile.bootcd:1.14.2.1.10.1 src/distrib/common/Makefile.bootcd:1.14.2.1.10.2 --- src/distrib/common/Makefile.bootcd:1.14.2.1.10.1 Wed Nov 5 14:50:10 2014 +++ src/distrib/common/Makefile.bootcd Fri Nov 7 08:03:09 2014 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.bootcd,v 1.14.2.1.10.1 2014/11/05 14:50:10 sborrill Exp $ +# $NetBSD: Makefile.bootcd,v 1.14.2.1.10.2 2014/11/07 08:03:09 msaitoh Exp $ # # Makefile snipped to create a CD/DVD ISO # @@ -52,6 +52,7 @@ CDRELEASE_EXCLUDE= -s ',./installation/c .include # For PRINTOBJDIR .include # For KERNSRCDIR +DISTRIBVER!= ${HOST_SH} ${KERNSRCDIR}/conf/osrelease.sh DISTRIBREV!= ${HOST_SH} ${KERNSRCDIR}/conf/osrelease.sh -s ISO_VOLID!= echo NETBSD_${DISTRIBREV} | tr a-z A-Z PUBLISHER?= The_NetBSD_Project @@ -67,8 +68,13 @@ RM?= rm MKDIR?= mkdir -p CHMOD?= chmod +.if ${CDRELEASE} == false +CDIMAGE= ${CDBASE}.iso +.else +CDIMAGE= NetBSD-${DISTRIBVER}-${CDBASE:S/cd$//}.iso +.endif -CLEANFILES+= ${CDBASE}.iso +CLEANFILES+= ${CDIMAGE} CLEANFILES+= bootxx.${MACHINE} @@ -109,7 +115,7 @@ prepare: # XXX include more than one directory on the image - HF # copy-releasedir: - ${RM} -f ${RELEASEDIR}/${CDROMS_RELEASEDIR}/${CDBASE}.iso + ${RM} -f ${RELEASEDIR}/${CDROMS_RELEASEDIR}/${CDIMAGE} if ${CDRELEASE}; then \ if [ ! -d ${RELEASEDIR}/${RELEASEMACHINEDIR} ]; then \ echo "Missing ${RELEASEDIR}/${RELEASEMACHINEDIR}, aborting"; \ @@ -176,12 +182,12 @@ copy-releasedir: fi image: - ${TOOL_MAKEFS} -t cd9660 -o ${_CDMAKEFSOPTIONS:Q} ${CDBASE}.iso cdrom + ${TOOL_MAKEFS} -t cd9660 -o ${_CDMAKEFSOPTIONS:Q} ${CDIMAGE} cdrom .if ${CDRELEASE} == false release: prepare .WAIT prepare_md_post .WAIT copy-releasedir .WAIT image .WAIT image_md_post ${MKDIR} ${RELEASEDIR}/${CDROMS_RELEASEDIR} - ${RELEASE_INSTALL} ${CDBASE}.iso ${RELEASEDIR}/${CDROMS_RELEASEDIR} + ${RELEASE_INSTALL} ${CDIMAGE} ${RELEASEDIR}/${CDROMS_RELEASEDIR} iso_image: .else @@ -189,7 +195,7 @@ release: iso_image: prepare .WAIT prepare_md_post .WAIT copy-releasedir .WAIT image .WAIT image_md_post ${MKDIR} ${RELEASEDIR}/${CDROMS_RELEASEDIR} - ${RELEASE_INSTALL} ${CDBASE}.iso ${RELEASEDIR}/${CDROMS_RELEASEDIR} + ${RELEASE_INSTALL} ${CDIMAGE} ${RELEASEDIR}/${CDROMS_RELEASEDIR} .endif clean: Index: src/distrib/notes/common/main diff -u src/distrib/notes/common/main:1.425.2.16.2.6 src/distrib/notes/common/main:1.425.2.16.2.7 --- src/distrib/notes/common/main:1.425.2.16.2.6 Wed Nov 5 14:50:10 2014 +++ src/distrib/notes/common/main Fri Nov 7 08:03:09 2014 @@ -1,4 +1,4 @@ -.\" $NetBSD: main,v 1.425.2.16.2.6 2014/11/05 14:50:10 sborrill Exp $ +.\" $NetBSD: main,v 1.425.2.16.2.7 2014/11/07 08:03:09 msaitoh Exp $ .\" .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -171,18 +171,18 @@ bootloader and the installation kernel .Pa macppc/binary/kernel/netbsd-GENERIC_MD.gz . If you have a CD-R, you can fetch the CD image, -.Pa macppccd-\*V.iso . +.Pa NetBSD-\*V-macppc.iso . .\} .if \n[sparc] \{\ Fetch a CD image, -.Pa sparccd-\*V.iso +.Pa NetBSD-\*V-sparc.iso or the floppy disk images, .Pa sparc/install/floppy/disk1.gz No and Pa sparc/install/floppy/disk2 . You need either the pair of floppies or the CD to boot your system. .\} .if \n[sparc64] \{\ This is either a CD image, -.Pa sparc64cd-\
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: sborrill Date: Wed Nov 5 14:50:58 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket #1930 To generate a diff of this commit: cvs rdiff -u -r1.1.2.22 -r1.1.2.23 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.22 src/doc/CHANGES-5.2.3:1.1.2.23 --- src/doc/CHANGES-5.2.3:1.1.2.22 Mon Nov 3 13:06:58 2014 +++ src/doc/CHANGES-5.2.3 Wed Nov 5 14:50:58 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.22 2014/11/03 13:06:58 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.23 2014/11/05 14:50:58 sborrill Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -345,3 +345,16 @@ usr.bin/ftp/version.h1.85 Change the version that ftp announces to 20141026. It can be a useful method to determine if CVE-2014-8517 is fixed. [lukem, ticket #1929] + +distrib/common/Makefile.bootcd 1.20 via patch +distrib/notes/arc/prep1.3 via patch +distrib/notes/cats/prep1.12 via patch +distrib/notes/common/main 1.512 via patch +distrib/notes/macppc/prep.OPENFIRMWARE 1.16 via patch +share/man/man7/release.7 1.33-1.36 via patch + + Install fully-populated .iso images in ${RELEASEDIR}/images + instead of ${RELEASEDIR}/iso. Update documentation to reflect + this. + [snj, ticket #1930] +
CVS commit: [netbsd-5-2] src
Module Name:src Committed By: sborrill Date: Wed Nov 5 14:50:10 UTC 2014 Modified Files: src/distrib/common [netbsd-5-2]: Makefile.bootcd src/distrib/notes/arc [netbsd-5-2]: prep src/distrib/notes/cats [netbsd-5-2]: prep src/distrib/notes/common [netbsd-5-2]: main src/distrib/notes/macppc [netbsd-5-2]: prep.OPENFIRMWARE src/share/man/man7 [netbsd-5-2]: release.7 Log Message: Apply patch (requested by snj in ticket 1930): Install fully-populated .iso images in ${RELEASEDIR}/images instead of ${RELEASEDIR}/iso To generate a diff of this commit: cvs rdiff -u -r1.14.2.1 -r1.14.2.1.10.1 src/distrib/common/Makefile.bootcd cvs rdiff -u -r1.1.6.1 -r1.1.6.1.10.1 src/distrib/notes/arc/prep cvs rdiff -u -r1.10.2.1 -r1.10.2.1.10.1 src/distrib/notes/cats/prep cvs rdiff -u -r1.425.2.16.2.5 -r1.425.2.16.2.6 src/distrib/notes/common/main cvs rdiff -u -r1.11.2.2 -r1.11.2.2.6.1 \ src/distrib/notes/macppc/prep.OPENFIRMWARE cvs rdiff -u -r1.25.4.1 -r1.25.4.1.6.1 src/share/man/man7/release.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/common/Makefile.bootcd diff -u src/distrib/common/Makefile.bootcd:1.14.2.1 src/distrib/common/Makefile.bootcd:1.14.2.1.10.1 --- src/distrib/common/Makefile.bootcd:1.14.2.1 Sat Dec 6 21:30:03 2008 +++ src/distrib/common/Makefile.bootcd Wed Nov 5 14:50:10 2014 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.bootcd,v 1.14.2.1 2008/12/06 21:30:03 snj Exp $ +# $NetBSD: Makefile.bootcd,v 1.14.2.1.10.1 2014/11/05 14:50:10 sborrill Exp $ # # Makefile snipped to create a CD/DVD ISO # @@ -42,7 +42,7 @@ CDSOURCE?= false .if ${CDRELEASE} == false CDROMS_RELEASEDIR?= ${MACHINE}/installation/cdrom .else -CDROMS_RELEASEDIR?= iso +CDROMS_RELEASEDIR?= images .endif .if defined(CDRELEASE_NOISOS) CDRELEASE_EXCLUDE= -s ',./installation/cdrom.*,,gp' Index: src/distrib/notes/arc/prep diff -u src/distrib/notes/arc/prep:1.1.6.1 src/distrib/notes/arc/prep:1.1.6.1.10.1 --- src/distrib/notes/arc/prep:1.1.6.1 Sat Apr 25 23:16:33 2009 +++ src/distrib/notes/arc/prep Wed Nov 5 14:50:10 2014 @@ -1,4 +1,4 @@ -.\" $NetBSD: prep,v 1.1.6.1 2009/04/25 23:16:33 snj Exp $ +.\" $NetBSD: prep,v 1.1.6.1.10.1 2014/11/05 14:50:10 sborrill Exp $ . First and foremost, before beginning the installation process, .Em make sure you have a reliable backup @@ -40,7 +40,7 @@ install kernel onto a CD-R. Go to one of the .Nx mirror sites and download CD-R image from the -.Pa pub/NetBSD/iso +.Pa pub/NetBSD/images directory. .Lk http://www.NetBSD.org/mirrors/#iso .Pp Index: src/distrib/notes/cats/prep diff -u src/distrib/notes/cats/prep:1.10.2.1 src/distrib/notes/cats/prep:1.10.2.1.10.1 --- src/distrib/notes/cats/prep:1.10.2.1 Sat Apr 25 23:16:33 2009 +++ src/distrib/notes/cats/prep Wed Nov 5 14:50:10 2014 @@ -1,4 +1,4 @@ -.\" $NetBSD: prep,v 1.10.2.1 2009/04/25 23:16:33 snj Exp $ +.\" $NetBSD: prep,v 1.10.2.1.10.1 2014/11/05 14:50:10 sborrill Exp $ . A \*M machine usually needs little or no preparation before installing .Nx , @@ -36,7 +36,7 @@ install kernel onto a CD-R. Go to one of the .Nx mirror sites and download CD-R image from the -.Pa pub/NetBSD/iso +.Pa pub/NetBSD/images directory. .Lk http://www.NetBSD.org/mirrors/#iso .Pp Index: src/distrib/notes/common/main diff -u src/distrib/notes/common/main:1.425.2.16.2.5 src/distrib/notes/common/main:1.425.2.16.2.6 --- src/distrib/notes/common/main:1.425.2.16.2.5 Sat Jan 18 11:23:44 2014 +++ src/distrib/notes/common/main Wed Nov 5 14:50:10 2014 @@ -1,4 +1,4 @@ -.\" $NetBSD: main,v 1.425.2.16.2.5 2014/01/18 11:23:44 bouyer Exp $ +.\" $NetBSD: main,v 1.425.2.16.2.6 2014/11/05 14:50:10 sborrill Exp $ .\" .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -118,7 +118,7 @@ Option 1: bootable CD-ROM images contain .Pp These can be found on an FTP site near you, usually located in the -.Pa /pub/NetBSD/iso/ +.Pa /pub/NetBSD/images/ directory. Check the NetBSD website for details. .Pp Index: src/distrib/notes/macppc/prep.OPENFIRMWARE diff -u src/distrib/notes/macppc/prep.OPENFIRMWARE:1.11.2.2 src/distrib/notes/macppc/prep.OPENFIRMWARE:1.11.2.2.6.1 --- src/distrib/notes/macppc/prep.OPENFIRMWARE:1.11.2.2 Fri Nov 5 07:29:48 2010 +++ src/distrib/notes/macppc/prep.OPENFIRMWARE Wed Nov 5 14:50:10 2014 @@ -1,4 +1,4 @@ -.\" $NetBSD: prep.OPENFIRMWARE,v 1.11.2.2 2010/11/05 07:29:48 snj Exp $ +.\" $NetBSD: prep.OPENFIRMWARE,v 1.11.2.2.6.1 2014/11/05 14:50:10 sborrill Exp $ .if \*[OF_VERSION_3] \{\ . .Ss2 Updating your BootROM @@ -1177,7 +1177,7 @@ Go to one of the mirror sites and download the CD-R image .Pa macppccd-\*V.iso from the -.Pa pub/NetBSD/iso +.Pa pub/NetBSD/images directory. .Lk http://www.NetBSD.org/mirrors/#iso .Pp Index: src/share/man/man7/release.7 diff -u src/share/man/man7/release.7:1.25.4.1 src/share/man/man7/release.7:1.25.4.1.6.1 --- src/share/man/
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Mon Nov 3 13:06:58 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1929. To generate a diff of this commit: cvs rdiff -u -r1.1.2.21 -r1.1.2.22 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.21 src/doc/CHANGES-5.2.3:1.1.2.22 --- src/doc/CHANGES-5.2.3:1.1.2.21 Mon Oct 27 12:45:50 2014 +++ src/doc/CHANGES-5.2.3 Mon Nov 3 13:06:58 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.21 2014/10/27 12:45:50 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.22 2014/11/03 13:06:58 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -339,3 +339,9 @@ usr.bin/ftp/fetch.c1.206 via patch Don't pay attention to special characters if they don't come from the command line. [jmcneill, ticket #1928] + +usr.bin/ftp/version.h1.85 + + Change the version that ftp announces to 20141026. It can be a + useful method to determine if CVE-2014-8517 is fixed. + [lukem, ticket #1929]
CVS commit: [netbsd-5-2] src/usr.bin/ftp
Module Name:src Committed By: msaitoh Date: Mon Nov 3 13:06:15 UTC 2014 Modified Files: src/usr.bin/ftp [netbsd-5-2]: version.h Log Message: Pull up following revision(s) (requested by lukem in ticket #1929): usr.bin/ftp/version.h: revision 1.85 Version 20141026 Ignore special characters unless they're from the command line. Fixes CVE-2014-8517 To generate a diff of this commit: cvs rdiff -u -r1.77 -r1.77.2.1 src/usr.bin/ftp/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/ftp/version.h diff -u src/usr.bin/ftp/version.h:1.77 src/usr.bin/ftp/version.h:1.77.2.1 --- src/usr.bin/ftp/version.h:1.77 Wed Aug 13 04:59:13 2008 +++ src/usr.bin/ftp/version.h Mon Nov 3 13:06:15 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: version.h,v 1.77 2008/08/13 04:59:13 lukem Exp $ */ +/* $NetBSD: version.h,v 1.77.2.1 2014/11/03 13:06:15 msaitoh Exp $ */ /*- * Copyright (c) 1999-2008 The NetBSD Foundation, Inc. @@ -34,5 +34,5 @@ #endif #ifndef FTP_VERSION -#define FTP_VERSION "20080813" +#define FTP_VERSION "20141026" #endif
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Mon Oct 27 12:45:50 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1926 and 1928. To generate a diff of this commit: cvs rdiff -u -r1.1.2.20 -r1.1.2.21 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.20 src/doc/CHANGES-5.2.3:1.1.2.21 --- src/doc/CHANGES-5.2.3:1.1.2.20 Sun Oct 19 20:11:59 2014 +++ src/doc/CHANGES-5.2.3 Mon Oct 27 12:45:50 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.20 2014/10/19 20:11:59 snj Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.21 2014/10/27 12:45:50 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -328,3 +328,14 @@ crypto/dist/openssl/test/constant_time_t and adding POODLE mitigation via support for TLS_FALLBACK_SCSV. [spz, ticket #1927] +sys/compat/freebsd/freebsd_sysctl.c 1.17 + + Do not access a userland pointer from kernel space directly, use + copyin() instead, avoiding a crash. + [maxv, ticket #1926] + +usr.bin/ftp/fetch.c1.206 via patch + + Don't pay attention to special characters if they don't come + from the command line. + [jmcneill, ticket #1928]
CVS commit: [netbsd-5-2] src/sys/compat/freebsd
Module Name:src Committed By: msaitoh Date: Mon Oct 27 12:38:15 UTC 2014 Modified Files: src/sys/compat/freebsd [netbsd-5-2]: freebsd_sysctl.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1926): sys/compat/freebsd/freebsd_sysctl.c: revision 1.17 I'm not sure reading from an unsanitized userland pointer is a good idea. Some users might be tempted to give 0x01, in which case the kernel will crash. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.14.20.1 src/sys/compat/freebsd/freebsd_sysctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/compat/freebsd/freebsd_sysctl.c diff -u src/sys/compat/freebsd/freebsd_sysctl.c:1.14 src/sys/compat/freebsd/freebsd_sysctl.c:1.14.20.1 --- src/sys/compat/freebsd/freebsd_sysctl.c:1.14 Mon Apr 28 20:23:41 2008 +++ src/sys/compat/freebsd/freebsd_sysctl.c Mon Oct 27 12:38:15 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: freebsd_sysctl.c,v 1.14 2008/04/28 20:23:41 martin Exp $ */ +/* $NetBSD: freebsd_sysctl.c,v 1.14.20.1 2014/10/27 12:38:15 msaitoh Exp $ */ /*- * Copyright (c) 2005 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: freebsd_sysctl.c,v 1.14 2008/04/28 20:23:41 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: freebsd_sysctl.c,v 1.14.20.1 2014/10/27 12:38:15 msaitoh Exp $"); #include #include @@ -84,7 +84,7 @@ freebsd_sys_sysctl(struct lwp *l, const } */ int error; int name[CTL_MAXNAME]; - size_t newlen, *oldlenp; + size_t newlen, *oldlenp, oldlen; u_int namelen; void *new, *old; @@ -135,9 +135,14 @@ freebsd_sys_sysctl(struct lwp *l, const old = SCARG(uap, old); oldlenp = SCARG(uap, oldlenp); - if (old == NULL || oldlenp == NULL || *oldlenp < sizeof(int)) + if (old == NULL || oldlenp == NULL) return(EINVAL); + if ((error = copyin(oldlenp, &oldlen, sizeof(oldlen + return (error); + if (oldlen < sizeof(int)) + return (EINVAL); + if ((locnew = (char *) malloc(newlen + 1, M_TEMP, M_WAITOK)) == NULL) return(ENOMEM); @@ -157,11 +162,11 @@ freebsd_sys_sysctl(struct lwp *l, const oidlen *= sizeof(int); error = copyout(oid, SCARG(uap, old), -MIN(oidlen, *SCARG(uap, oldlenp))); +MIN(oidlen, oldlen)); if (error) return(error); ktrmibio(-1, UIO_READ, SCARG(uap, old), - MIN(oidlen, *SCARG(uap, oldlenp)), 0); + MIN(oidlen, oldlen), 0); error = copyout(&oidlen, SCARG(uap, oldlenp), sizeof(u_int));
CVS commit: [netbsd-5-2] src/usr.bin/ftp
Module Name:src Committed By: msaitoh Date: Mon Oct 27 12:21:34 UTC 2014 Modified Files: src/usr.bin/ftp [netbsd-5-2]: fetch.c Log Message: Pull up following revision(s) (requested by jmcneill in ticket #1928): usr.bin/ftp/fetch.c: revision 1.206 via patch don't pay attention to special characters if they don't come from the command line (from jmcneill) To generate a diff of this commit: cvs rdiff -u -r1.185.6.2 -r1.185.6.2.4.1 src/usr.bin/ftp/fetch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/ftp/fetch.c diff -u src/usr.bin/ftp/fetch.c:1.185.6.2 src/usr.bin/ftp/fetch.c:1.185.6.2.4.1 --- src/usr.bin/ftp/fetch.c:1.185.6.2 Sat Nov 20 01:03:18 2010 +++ src/usr.bin/ftp/fetch.c Mon Oct 27 12:21:34 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: fetch.c,v 1.185.6.2 2010/11/20 01:03:18 riz Exp $ */ +/* $NetBSD: fetch.c,v 1.185.6.2.4.1 2014/10/27 12:21:34 msaitoh Exp $ */ /*- * Copyright (c) 1997-2008 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ #include #ifndef lint -__RCSID("$NetBSD: fetch.c,v 1.185.6.2 2010/11/20 01:03:18 riz Exp $"); +__RCSID("$NetBSD: fetch.c,v 1.185.6.2.4.1 2014/10/27 12:21:34 msaitoh Exp $"); #endif /* not lint */ /* @@ -537,7 +537,7 @@ fetch_url(const char *url, const char *p url_decode(decodedpath); if (outfile) - savefile = ftp_strdup(outfile); + savefile = outfile; else { cp = strrchr(decodedpath, '/'); /* find savefile */ if (cp != NULL) @@ -561,8 +561,7 @@ fetch_url(const char *url, const char *p rangestart = rangeend = entitylen = -1; mtime = -1; if (restartautofetch) { - if (strcmp(savefile, "-") != 0 && *savefile != '|' && - stat(savefile, &sb) == 0) + if (stat(savefile, &sb) == 0) restart_point = sb.st_size; } if (urltype == FILE_URL_T) { /* file:// URLs */ @@ -1077,18 +1076,27 @@ fetch_url(const char *url, const char *p } } /* end of ftp:// or http:// specific setup */ - /* Open the output file. */ - if (strcmp(savefile, "-") == 0) { - fout = stdout; - } else if (*savefile == '|') { - oldintp = xsignal(SIGPIPE, SIG_IGN); - fout = popen(savefile + 1, "w"); - if (fout == NULL) { - warn("Can't execute `%s'", savefile + 1); - goto cleanup_fetch_url; + /* Open the output file. */ + + /* + * Only trust filenames with special meaning if they came from + * the command line + */ + + if (savefile == outfile) { + if (strcmp(savefile, "-") == 0) { + fout = stdout; + } else if (*savefile == '|') { + oldintp = xsignal(SIGPIPE, SIG_IGN); + fout = popen(savefile + 1, "w"); + if (fout == NULL) { +warn("Can't execute `%s'", savefile + 1); +goto cleanup_fetch_url; + } + closefunc = pclose; } - closefunc = pclose; - } else { + } + if (fout == NULL) { if ((rangeend != -1 && rangeend <= restart_point) || (rangestart == -1 && filesize != -1 && filesize <= restart_point)) { /* already done */ @@ -1298,7 +1306,8 @@ fetch_url(const char *url, const char *p (*closefunc)(fout); if (res0) freeaddrinfo(res0); - FREEPTR(savefile); + if (savefile != outfile) + FREEPTR(savefile); FREEPTR(user); if (pass != NULL) memset(pass, 0, strlen(pass));
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: snj Date: Sun Oct 19 20:11:59 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: 1927 To generate a diff of this commit: cvs rdiff -u -r1.1.2.19 -r1.1.2.20 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.19 src/doc/CHANGES-5.2.3:1.1.2.20 --- src/doc/CHANGES-5.2.3:1.1.2.19 Wed Aug 27 13:46:40 2014 +++ src/doc/CHANGES-5.2.3 Sun Oct 19 20:11:59 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.19 2014/08/27 13:46:40 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.20 2014/10/19 20:11:59 snj Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -267,3 +267,64 @@ sys/netinet6/ip6_output.c 1.158 via pa Fix a memory leak in calling setsockopt() on an INET6 socket. [maxv ticket #1920] + +crypto/dist/openssl/apps/s_client.c patch +crypto/dist/openssl/crypto/LPdir_vms.c patch +crypto/dist/openssl/crypto/LPdir_win.c patch +crypto/dist/openssl/crypto/Makefile patch +crypto/dist/openssl/crypto/constant_time_locl.h patch +crypto/dist/openssl/crypto/constant_time_test.c patch +crypto/dist/openssl/crypto/bn/bn_exp.c patch +crypto/dist/openssl/crypto/bn/exptest.c patch +crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c patch +crypto/dist/openssl/crypto/dsa/dsa_ameth.c patch +crypto/dist/openssl/crypto/ec/ec.h patch +crypto/dist/openssl/crypto/ec/ec_ameth.c patch +crypto/dist/openssl/crypto/ec/ec_asn1.c patch +crypto/dist/openssl/crypto/ec/ec_key.c patch +crypto/dist/openssl/crypto/ec/ecp_smpl.c patch +crypto/dist/openssl/crypto/err/openssl.ec patch +crypto/dist/openssl/crypto/evp/Makefile patch +crypto/dist/openssl/crypto/evp/evp_enc.c patch +crypto/dist/openssl/crypto/pkcs7/pkcs7.h patch +crypto/dist/openssl/crypto/rsa/Makefile patch +crypto/dist/openssl/crypto/rsa/rsa.h patch +crypto/dist/openssl/crypto/rsa/rsa_err.c patch +crypto/dist/openssl/crypto/rsa/rsa_oaep.c patch +crypto/dist/openssl/crypto/rsa/rsa_pk1.c patch +crypto/dist/openssl/crypto/rsa/rsa_sign.c patch +crypto/dist/openssl/doc/apps/s_client.pod patch +crypto/dist/openssl/doc/crypto/BIO_s_accept.pod patch +crypto/dist/openssl/doc/crypto/CMS_add1_signer.pod patch +crypto/dist/openssl/doc/crypto/EVP_DigestInit.pod patch +crypto/dist/openssl/doc/crypto/EVP_DigestVerifyInit.pod patch +crypto/dist/openssl/doc/crypto/EVP_EncryptInit.pod patch +crypto/dist/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod patch +crypto/dist/openssl/doc/crypto/EVP_PKEY_sign.pod patch +crypto/dist/openssl/doc/ssl/SSL_CTX_set_mode.pod patch +crypto/dist/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod patch +crypto/dist/openssl/ssl/Makefile patch +crypto/dist/openssl/ssl/s23_clnt.c patch +crypto/dist/openssl/ssl/s23_srvr.c patch +crypto/dist/openssl/ssl/s2_lib.c patch +crypto/dist/openssl/ssl/s3_clnt.c patch +crypto/dist/openssl/ssl/s3_enc.c patch +crypto/dist/openssl/ssl/s3_lib.c patch +crypto/dist/openssl/ssl/s3_pkt.c patch +crypto/dist/openssl/ssl/s3_srvr.c patch +crypto/dist/openssl/ssl/ssl-lib.com patch +crypto/dist/openssl/ssl/ssl.h patch +crypto/dist/openssl/ssl/ssl3.h patch +crypto/dist/openssl/ssl/ssl_err.c patch +crypto/dist/openssl/ssl/ssl_lib.c patch +crypto/dist/openssl/ssl/t1_enc.c patch +crypto/dist/openssl/ssl/t1_lib.c patch +crypto/dist/openssl/ssl/tls1.h patch +crypto/dist/openssl/test/Makefile patch +crypto/dist/openssl/test/constant_time_test.c patch + + OpenSSL security fixes derived from the diff between + OpenSSL 1.0.0n and 1.0.0o, fixing CVE-2014-3567, CVE-2014-3568, + and adding POODLE mitigation via support for TLS_FALLBACK_SCSV. + [spz, ticket #1927] +
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: snj Date: Sun Oct 19 20:11:09 UTC 2014 Modified Files: src/crypto/dist/openssl/apps [netbsd-5-2]: s_client.c src/crypto/dist/openssl/crypto [netbsd-5-2]: LPdir_vms.c LPdir_win.c Makefile src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn_exp.c exptest.c src/crypto/dist/openssl/crypto/bn/asm [netbsd-5-2]: x86_64-gcc.c src/crypto/dist/openssl/crypto/dsa [netbsd-5-2]: dsa_ameth.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec.h ec_ameth.c ec_asn1.c ec_key.c ecp_smpl.c src/crypto/dist/openssl/crypto/err [netbsd-5-2]: openssl.ec src/crypto/dist/openssl/crypto/evp [netbsd-5-2]: Makefile evp_enc.c src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-2]: pkcs7.h src/crypto/dist/openssl/crypto/rsa [netbsd-5-2]: Makefile rsa.h rsa_err.c rsa_oaep.c rsa_pk1.c rsa_sign.c src/crypto/dist/openssl/doc/apps [netbsd-5-2]: s_client.pod src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: BIO_s_accept.pod EVP_DigestInit.pod EVP_DigestVerifyInit.pod EVP_EncryptInit.pod EVP_PKEY_set1_RSA.pod EVP_PKEY_sign.pod src/crypto/dist/openssl/doc/ssl [netbsd-5-2]: SSL_CTX_set_mode.pod SSL_CTX_set_tmp_dh_callback.pod src/crypto/dist/openssl/ssl [netbsd-5-2]: Makefile s23_clnt.c s23_srvr.c s2_lib.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c ssl-lib.com ssl.h ssl3.h ssl_err.c ssl_lib.c t1_enc.c t1_lib.c tls1.h src/crypto/dist/openssl/test [netbsd-5-2]: Makefile Added Files: src/crypto/dist/openssl/crypto [netbsd-5-2]: constant_time_locl.h constant_time_test.c src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: CMS_add1_signer.pod src/crypto/dist/openssl/test [netbsd-5-2]: constant_time_test.c Log Message: Apply patch (requested by spz in ticket #1927): Apply OpenSSL security fixes derived from the diff between OpenSSL 1.0.0n and 1.0.0o, fixing CVE-2014-3567, CVE-2014-3568, and adding POODLE mitigation via support for TLS_FALLBACK_SCSV. To generate a diff of this commit: cvs rdiff -u -r1.1.1.11 -r1.1.1.11.2.1 \ src/crypto/dist/openssl/apps/s_client.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.38.1 \ src/crypto/dist/openssl/crypto/LPdir_vms.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ src/crypto/dist/openssl/crypto/LPdir_win.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 src/crypto/dist/openssl/crypto/Makefile cvs rdiff -u -r0 -r1.1.6.2 \ src/crypto/dist/openssl/crypto/constant_time_locl.h \ src/crypto/dist/openssl/crypto/constant_time_test.c cvs rdiff -u -r1.3 -r1.3.2.1 src/crypto/dist/openssl/crypto/bn/bn_exp.c cvs rdiff -u -r1.4 -r1.4.2.1 src/crypto/dist/openssl/crypto/bn/exptest.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.36.1 \ src/crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \ src/crypto/dist/openssl/crypto/dsa/dsa_ameth.c cvs rdiff -u -r1.6 -r1.6.2.1 src/crypto/dist/openssl/crypto/ec/ec.h cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \ src/crypto/dist/openssl/crypto/ec/ec_ameth.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.30.1 \ src/crypto/dist/openssl/crypto/ec/ec_asn1.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.38.1 \ src/crypto/dist/openssl/crypto/ec/ec_key.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.38.1 \ src/crypto/dist/openssl/crypto/ec/ecp_smpl.c cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ src/crypto/dist/openssl/crypto/err/openssl.ec cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ src/crypto/dist/openssl/crypto/evp/Makefile cvs rdiff -u -r1.1.1.8 -r1.1.1.8.30.1 \ src/crypto/dist/openssl/crypto/evp/evp_enc.c cvs rdiff -u -r1.8 -r1.8.2.1 src/crypto/dist/openssl/crypto/pkcs7/pkcs7.h cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ src/crypto/dist/openssl/crypto/rsa/Makefile cvs rdiff -u -r1.14 -r1.14.2.1 src/crypto/dist/openssl/crypto/rsa/rsa.h cvs rdiff -u -r1.7 -r1.7.2.1 src/crypto/dist/openssl/crypto/rsa/rsa_err.c cvs rdiff -u -r1.1.1.7 -r1.1.1.7.38.1 \ src/crypto/dist/openssl/crypto/rsa/rsa_oaep.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.50.1 \ src/crypto/dist/openssl/crypto/rsa/rsa_pk1.c cvs rdiff -u -r1.5 -r1.5.2.1 src/crypto/dist/openssl/crypto/rsa/rsa_sign.c cvs rdiff -u -r1.8 -r1.8.2.1 src/crypto/dist/openssl/doc/apps/s_client.pod cvs rdiff -u -r1.1.1.2 -r1.1.1.2.50.1 \ src/crypto/dist/openssl/doc/crypto/BIO_s_accept.pod cvs rdiff -u -r0 -r1.1.6.2 \ src/crypto/dist/openssl/doc/crypto/CMS_add1_signer.pod cvs rdiff -u -r1.6 -r1.6.38.1 \ src/crypto/dist/openssl/doc/crypto/EVP_DigestInit.pod \ src/crypto/dist/openssl/doc/crypto/EVP_EncryptInit.pod cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \ src/crypto/dist/openssl/doc/crypto/EVP_DigestVerifyInit.pod \ src/crypto/dist/openssl/doc/crypto/EVP_PKEY_sign.pod cvs rdiff -u -r1.1.1.1 -r1.1.1.1.50.1 \ src/crypto/dist/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod cvs rdiff -u -r1.1.1.2 -r1.1.1.2.50.1 \ src/crypto/dist/openssl/doc/ssl/SSL_CTX_set_mode.po
CVS commit: [netbsd-5-2] src/sys/netinet6
Module Name:src Committed By: msaitoh Date: Wed Aug 27 17:06:10 UTC 2014 Modified Files: src/sys/netinet6 [netbsd-5-2]: ip6_output.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1920): sys/netinet6/ip6_output.c 1.158 via patch Fix a memory leak in calling setsockopt() on an INET6 socket. To generate a diff of this commit: cvs rdiff -u -r1.135.2.1 -r1.135.2.1.10.1 src/sys/netinet6/ip6_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/ip6_output.c diff -u src/sys/netinet6/ip6_output.c:1.135.2.1 src/sys/netinet6/ip6_output.c:1.135.2.1.10.1 --- src/sys/netinet6/ip6_output.c:1.135.2.1 Mon Apr 20 22:56:04 2009 +++ src/sys/netinet6/ip6_output.c Wed Aug 27 17:06:10 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.135.2.1 2009/04/20 22:56:04 snj Exp $ */ +/* $NetBSD: ip6_output.c,v 1.135.2.1.10.1 2014/08/27 17:06:10 msaitoh Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.135.2.1 2009/04/20 22:56:04 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.135.2.1.10.1 2014/08/27 17:06:10 msaitoh Exp $"); #include "opt_inet.h" #include "opt_inet6.h" @@ -1794,6 +1794,8 @@ else \ optp = &in6p->in6p_outputopts; error = ip6_pcbopt(optname, optbuf, optbuflen, optp, privileged, uproto); + + free(optbuf, M_IP6OPT); break; } #undef OPTSET
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Wed Aug 27 13:46:40 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1920. To generate a diff of this commit: cvs rdiff -u -r1.1.2.18 -r1.1.2.19 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.18 src/doc/CHANGES-5.2.3:1.1.2.19 --- src/doc/CHANGES-5.2.3:1.1.2.18 Wed Aug 27 13:35:30 2014 +++ src/doc/CHANGES-5.2.3 Wed Aug 27 13:46:40 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.18 2014/08/27 13:35:30 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.19 2014/08/27 13:46:40 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -262,3 +262,8 @@ crypto/dist/openssl/ssl/t1_lib.c patch - OpenSSL TLS protocol downgrade attack (CVE-2014-3511) Backported from the recent 1.0.1i OpenSSL release. [spz, ticket #1918] + +sys/netinet6/ip6_output.c 1.158 via patch + + Fix a memory leak in calling setsockopt() on an INET6 socket. + [maxv ticket #1920]
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Wed Aug 27 13:35:30 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1918. To generate a diff of this commit: cvs rdiff -u -r1.1.2.17 -r1.1.2.18 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.17 src/doc/CHANGES-5.2.3:1.1.2.18 --- src/doc/CHANGES-5.2.3:1.1.2.17 Wed Aug 27 07:39:22 2014 +++ src/doc/CHANGES-5.2.3 Wed Aug 27 13:35:30 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.17 2014/08/27 07:39:22 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.18 2014/08/27 13:35:30 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -242,3 +242,23 @@ sys/dev/pci/pci_usrreq.c 1.26 via patc writes before feeding them to a kassert in pci_conf_read/write or to a trap in the hardware itself. [riastradh, ticket #1922] + +crypto/dist/openssl/crypto/asn1/a_object.c patch +crypto/dist/openssl/crypto/asn1/asn1.h patch +crypto/dist/openssl/crypto/asn1/asn1_err.c patch +crypto/dist/openssl/crypto/objects/obj_dat.c patch +crypto/dist/openssl/ssl/d1_both.c patch +crypto/dist/openssl/ssl/s23_srvr.c patch +crypto/dist/openssl/ssl/s3_clnt.c patch +crypto/dist/openssl/ssl/t1_lib.c patch + + Patches for the following vulnerabilities: + - Information leak in pretty printing functions (CVE-2014-3508) + - Double Free when processing DTLS packets (CVE-2014-3505) + - DTLS memory exhaustion (CVE-2014-3506) + - DTLS memory leak from zero-length fragments (CVE-2014-3507) + - OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) + - Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) + - OpenSSL TLS protocol downgrade attack (CVE-2014-3511) + Backported from the recent 1.0.1i OpenSSL release. + [spz, ticket #1918]
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: msaitoh Date: Wed Aug 27 13:30:49 UTC 2014 Modified Files: src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_object.c asn1.h asn1_err.c src/crypto/dist/openssl/crypto/objects [netbsd-5-2]: obj_dat.c src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_both.c s23_srvr.c s3_clnt.c t1_lib.c Log Message: Pull up following revision(s) (requested by spz in ticket #1918): crypto/dist/openssl/crypto/asn1/a_object.c patch crypto/dist/openssl/crypto/asn1/asn1.h patch crypto/dist/openssl/crypto/asn1/asn1_err.c patch crypto/dist/openssl/crypto/objects/obj_dat.cpatch crypto/dist/openssl/ssl/d1_both.c patch crypto/dist/openssl/ssl/s23_srvr.c patch crypto/dist/openssl/ssl/s3_clnt.c patch crypto/dist/openssl/ssl/t1_lib.cpatch Patches for the following vulnerabilities: Information leak in pretty printing functions (CVE-2014-3508) Double Free when processing DTLS packets (CVE-2014-3505) DTLS memory exhaustion (CVE-2014-3506) DTLS memory leak from zero-length fragments (CVE-2014-3507) OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) OpenSSL TLS protocol downgrade attack (CVE-2014-3511) backported from the recent 1.0.1i OpenSSL release. To generate a diff of this commit: cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ src/crypto/dist/openssl/crypto/asn1/a_object.c cvs rdiff -u -r1.9.4.1 -r1.9.4.1.10.1 \ src/crypto/dist/openssl/crypto/asn1/asn1.h cvs rdiff -u -r1.1.1.8.4.1 -r1.1.1.8.4.1.10.1 \ src/crypto/dist/openssl/crypto/asn1/asn1_err.c cvs rdiff -u -r1.10 -r1.10.2.1 \ src/crypto/dist/openssl/crypto/objects/obj_dat.c cvs rdiff -u -r1.3.4.2.6.1 -r1.3.4.2.6.2 \ src/crypto/dist/openssl/ssl/d1_both.c cvs rdiff -u -r1.6 -r1.6.2.1 src/crypto/dist/openssl/ssl/s23_srvr.c cvs rdiff -u -r1.12.4.3.4.1 -r1.12.4.3.4.2 \ src/crypto/dist/openssl/ssl/s3_clnt.c cvs rdiff -u -r1.2.4.3 -r1.2.4.3.2.1 src/crypto/dist/openssl/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/openssl/crypto/asn1/a_object.c diff -u src/crypto/dist/openssl/crypto/asn1/a_object.c:1.1.1.7 src/crypto/dist/openssl/crypto/asn1/a_object.c:1.1.1.7.2.1 --- src/crypto/dist/openssl/crypto/asn1/a_object.c:1.1.1.7 Fri May 9 21:34:16 2008 +++ src/crypto/dist/openssl/crypto/asn1/a_object.c Wed Aug 27 13:30:49 2014 @@ -95,7 +95,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, if (num == 0) return(0); else if (num == -1) - num=strlen(buf); + num=(int)strlen(buf); p=buf; c= *(p++); @@ -239,7 +239,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT if ((a == NULL) || (a->data == NULL)) return(BIO_write(bp,"NULL",4)); - i=i2t_ASN1_OBJECT(buf,sizeof buf,a); + i=i2t_ASN1_OBJECT(buf,(int)sizeof buf,a); if (i > (int)(sizeof(buf) - 1)) { p = OPENSSL_malloc(i + 1); @@ -289,7 +289,21 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT ASN1_OBJECT *ret=NULL; const unsigned char *p; unsigned char *data; - int i; + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 + */ + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; /* only the ASN1_OBJECTs from the 'table' will have values * for ->sn or ->ln */ @@ -300,28 +314,27 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT } else ret=(*a); - p= *pp; /* detach data from object */ data = (unsigned char *)ret->data; ret->data = NULL; /* once detached we can change it */ - if ((data == NULL) || (ret->length < len)) + if ((data == NULL) || (ret->length < length)) { ret->length=0; if (data != NULL) OPENSSL_free(data); - data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + data=(unsigned char *)OPENSSL_malloc(length); if (data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; } - memcpy(data,p,(int)len); + memcpy(data,p,length); /* reattach data to object, after which it remains const */ ret->data =data; - ret->length=(int)len; + ret->length=length; ret->sn=NULL; ret->ln=NULL; /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; Index: src/crypto/dist/openssl/crypto/asn1/asn1.h diff -u src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1 src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1.10.1 --- src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1 Mon Mar 30 16:29:38 2009 +++ src/cry
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Wed Aug 27 07:39:22 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: s/a/an/ To generate a diff of this commit: cvs rdiff -u -r1.1.2.16 -r1.1.2.17 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.16 src/doc/CHANGES-5.2.3:1.1.2.17 --- src/doc/CHANGES-5.2.3:1.1.2.16 Wed Aug 27 06:58:14 2014 +++ src/doc/CHANGES-5.2.3 Wed Aug 27 07:39:22 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.16 2014/08/27 06:58:14 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.17 2014/08/27 07:39:22 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -233,7 +233,7 @@ doc/3RDPARTY patch sys/miscfs/umapfs/umap_vfsops.c 1.94 - Fix a overflow and a memory corruption bug in umapfs. + Fix an overflow and a memory corruption bug in umapfs. [maxv, ticket #1921] sys/dev/pci/pci_usrreq.c 1.26 via patch
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Wed Aug 27 06:58:14 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1912, 1921 and 1922. To generate a diff of this commit: cvs rdiff -u -r1.1.2.15 -r1.1.2.16 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.15 src/doc/CHANGES-5.2.3:1.1.2.16 --- src/doc/CHANGES-5.2.3:1.1.2.15 Fri Aug 15 23:07:24 2014 +++ src/doc/CHANGES-5.2.3 Wed Aug 27 06:58:14 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.15 2014/08/15 23:07:24 riz Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.16 2014/08/27 06:58:14 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -225,3 +225,20 @@ share/zoneinfo/zone1970.tabpatch and zone1970.dat). [apb, ticket #1917] +etc/namedb/root.cache patch +doc/3RDPARTY patch + + Sync root.cache with the latest -current (rev. 1.18). + [taca, ticket #1912] + +sys/miscfs/umapfs/umap_vfsops.c 1.94 + + Fix a overflow and a memory corruption bug in umapfs. + [maxv, ticket #1921] + +sys/dev/pci/pci_usrreq.c 1.26 via patch + + Fix to make pci(4) reject unaligned configuration register reads and + writes before feeding them to a kassert in pci_conf_read/write or to a + trap in the hardware itself. + [riastradh, ticket #1922]
CVS commit: [netbsd-5-2] src/sys/dev/pci
Module Name:src Committed By: msaitoh Date: Wed Aug 27 06:17:06 UTC 2014 Modified Files: src/sys/dev/pci [netbsd-5-2]: pci_usrreq.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1922): sys/dev/pci/pci_usrreq.c1.26 via patch Fix to make pci(4) reject unaligned configuration register reads and writes before feeding them to a kassert in pci_conf_read/write or to a trap in the hardware itself. To generate a diff of this commit: cvs rdiff -u -r1.16.6.3 -r1.16.6.3.6.1 src/sys/dev/pci/pci_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/pci/pci_usrreq.c diff -u src/sys/dev/pci/pci_usrreq.c:1.16.6.3 src/sys/dev/pci/pci_usrreq.c:1.16.6.3.6.1 --- src/sys/dev/pci/pci_usrreq.c:1.16.6.3 Tue Sep 15 06:48:49 2009 +++ src/sys/dev/pci/pci_usrreq.c Wed Aug 27 06:17:06 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: pci_usrreq.c,v 1.16.6.3 2009/09/15 06:48:49 snj Exp $ */ +/* $NetBSD: pci_usrreq.c,v 1.16.6.3.6.1 2014/08/27 06:17:06 msaitoh Exp $ */ /* * Copyright 2001 Wasabi Systems, Inc. @@ -40,7 +40,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pci_usrreq.c,v 1.16.6.3 2009/09/15 06:48:49 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pci_usrreq.c,v 1.16.6.3.6.1 2014/08/27 06:17:06 msaitoh Exp $"); #include #include @@ -83,7 +83,7 @@ pciioctl(dev_t dev, u_long cmd, void *da case PCI_IOC_BDF_CFGREAD: case PCI_IOC_BDF_CFGWRITE: if (bdfr->bus > 255 || bdfr->device >= sc->sc_maxndevs || - bdfr->function > 7) + bdfr->function > 7 || ISSET(bdfr->cfgreg.reg, 3)) return (EINVAL); tag = pci_make_tag(sc->sc_pc, bdfr->bus, bdfr->device, bdfr->function);
CVS commit: [netbsd-5-2] src/sys/miscfs/umapfs
Module Name:src Committed By: msaitoh Date: Wed Aug 27 06:04:00 UTC 2014 Modified Files: src/sys/miscfs/umapfs [netbsd-5-2]: umap_vfsops.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1921): sys/miscfs/umapfs/umap_vfsops.c: revision 1.94 1) 'error' is returned while it does not even hold an error code. Which means that zero is returned, and the kernel keeps mounting (and it probably ends up in a deadlock/memory corruption somewhere). 2) 'nentries' and 'gnentries' are int and user-controlled, and there's no check to ensure they are greater than zero. Since they are used to compute the size of two copyin's, a user can control the copied size by giving a negative value (like 128-2^29), and thus overwrite kernel memory. Both triggerable from root only. To generate a diff of this commit: cvs rdiff -u -r1.80.16.1 -r1.80.16.2 src/sys/miscfs/umapfs/umap_vfsops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/miscfs/umapfs/umap_vfsops.c diff -u src/sys/miscfs/umapfs/umap_vfsops.c:1.80.16.1 src/sys/miscfs/umapfs/umap_vfsops.c:1.80.16.2 --- src/sys/miscfs/umapfs/umap_vfsops.c:1.80.16.1 Mon Apr 28 16:05:37 2014 +++ src/sys/miscfs/umapfs/umap_vfsops.c Wed Aug 27 06:04:00 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: umap_vfsops.c,v 1.80.16.1 2014/04/28 16:05:37 sborrill Exp $ */ +/* $NetBSD: umap_vfsops.c,v 1.80.16.2 2014/08/27 06:04:00 msaitoh Exp $ */ /* * Copyright (c) 1992, 1993 @@ -41,7 +41,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: umap_vfsops.c,v 1.80.16.1 2014/04/28 16:05:37 sborrill Exp $"); +__KERNEL_RCSID(0, "$NetBSD: umap_vfsops.c,v 1.80.16.2 2014/08/27 06:04:00 msaitoh Exp $"); #include #include @@ -152,9 +152,10 @@ umapfs_mount(mp, path, data, data_len) /* * Now copy in the number of entries and maps for umap mapping. */ - if (args->nentries > MAPFILEENTRIES || args->gnentries > GMAPFILEENTRIES) { + if (args->nentries < 0 || args->nentries > MAPFILEENTRIES || + args->gnentries < 0 || args->gnentries > GMAPFILEENTRIES) { vput(lowerrootvp); - return (error); + return (EINVAL); } amp->info_nentries = args->nentries;
CVS commit: [netbsd-5-2] src
Module Name:src Committed By: msaitoh Date: Wed Aug 27 05:19:54 UTC 2014 Modified Files: src/doc [netbsd-5-2]: 3RDPARTY src/etc/namedb [netbsd-5-2]: root.cache Log Message: Pull up following revision(s) (requested by taca in ticket #1912): etc/namedb/root.cache patch doc/3RDPARTYpatch Sync root.cache with the latest -current (rev. 1.18). To generate a diff of this commit: cvs rdiff -u -r1.647.2.23.2.4 -r1.647.2.23.2.5 src/doc/3RDPARTY cvs rdiff -u -r1.13.24.1 -r1.13.24.2 src/etc/namedb/root.cache Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.647.2.23.2.4 src/doc/3RDPARTY:1.647.2.23.2.5 --- src/doc/3RDPARTY:1.647.2.23.2.4 Fri Aug 15 23:06:18 2014 +++ src/doc/3RDPARTY Wed Aug 27 05:19:54 2014 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.647.2.23.2.4 2014/08/15 23:06:18 riz Exp $ +# $NetBSD: 3RDPARTY,v 1.647.2.23.2.5 2014/08/27 05:19:54 msaitoh Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -801,8 +801,8 @@ Notes: Beta versions are available from Purdue (ftp.cs.purdue.edu:/pub/RCS). Package: root.cache -Version: 2007110100 (Nov 01, 2007) -Current Vers: 2007110100 (Nov 01, 2007) +Version: 2014060201 (June 2, 2014) +Current Vers: 2014060201 (June 2, 2014) Maintainer: InterNIC Archive Site: ftp://ftp.internic.net/domain/named.root Home Page: ftp://ftp.internic.net/domain/named.root Index: src/etc/namedb/root.cache diff -u src/etc/namedb/root.cache:1.13.24.1 src/etc/namedb/root.cache:1.13.24.2 --- src/etc/namedb/root.cache:1.13.24.1 Sun Jan 13 17:07:34 2013 +++ src/etc/namedb/root.cache Wed Aug 27 05:19:54 2014 @@ -1,4 +1,4 @@ -; $NetBSD: root.cache,v 1.13.24.1 2013/01/13 17:07:34 bouyer Exp $ +; $NetBSD: root.cache,v 1.13.24.2 2014/08/27 05:19:54 msaitoh Exp $ ; ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers @@ -7,12 +7,12 @@ ; ; This file is made available by InterNIC ; under anonymous FTP as -; file/domain/db.cache +; file/domain/named.cache ; on server FTP.INTERNIC.NET ; -OR-RS.INTERNIC.NET ; -; last update:Feb 04, 2008 -; related version of root zone: 2008020400 +; last update:June 2, 2014 +; related version of root zone: 2014060201 ; ; formerly NS.INTERNIC.NET ; @@ -20,69 +20,73 @@ A.ROOT-SERVERS.NET. 360 A 198.41.0.4 A.ROOT-SERVERS.NET. 360 2001:503:BA3E::2:30 ; -; formerly NS1.ISI.EDU +; FORMERLY NS1.ISI.EDU ; .360 NSB.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 360 A 192.228.79.201 +B.ROOT-SERVERS.NET. 360 2001:500:84::B ; -; formerly C.PSI.NET +; FORMERLY C.PSI.NET ; .360 NSC.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 360 A 192.33.4.12 +C.ROOT-SERVERS.NET. 360 2001:500:2::C ; -; formerly TERP.UMD.EDU +; FORMERLY TERP.UMD.EDU ; .360 NSD.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 360 A 199.7.91.13 D.ROOT-SERVERS.NET. 360 2001:500:2D::D ; -; formerly NS.NASA.GOV +; FORMERLY NS.NASA.GOV ; .360 NSE.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 360 A 192.203.230.10 ; -; formerly NS.ISC.ORG +; FORMERLY NS.ISC.ORG ; .360 NSF.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 360 A 192.5.5.241 -F.ROOT-SERVERS.NET. 360 2001:500:2f::f +F.ROOT-SERVERS.NET. 360 2001:500:2F::F ; -; formerly NS.NIC.DDN.MIL +; FORMERLY NS.NIC.DDN.MIL ; .360 NSG.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 360 A 192.112.36.4 ; -; formerly AOS.ARL.ARMY.MIL +; FORMERLY AOS.ARL.ARMY.MIL ; .360 NSH.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 360 A 128.63.2.53 -H.ROOT-SERVERS.NET. 360 2001:500:1::803f:235 +H.ROOT-SERVERS.NET. 360 2001:500:1::803F:235 ; -; formerly NIC.NORDU.NET +; FORMERLY NIC.NORDU.NET ; .360 NSI.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 360 A 192.36.148.17 +I.ROOT-SERVERS.NET. 360 2001:7FE::53 ; -; operated by VeriSign, Inc. +; OPERATED BY VERISIGN, INC. ; .360 NSJ.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 360 A 192.58.128.30 J.ROOT-SERVERS.NET. 360 2001:503:C27::2:30 ; -; operated by RIPE NCC +; OPERA
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: riz Date: Fri Aug 15 23:07:24 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Fix whitespace in previous. To generate a diff of this commit: cvs rdiff -u -r1.1.2.14 -r1.1.2.15 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.14 src/doc/CHANGES-5.2.3:1.1.2.15 --- src/doc/CHANGES-5.2.3:1.1.2.14 Fri Aug 15 23:06:37 2014 +++ src/doc/CHANGES-5.2.3 Fri Aug 15 23:07:24 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.14 2014/08/15 23:06:37 riz Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.15 2014/08/15 23:07:24 riz Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -196,6 +196,7 @@ sys/compat/linux32/common/linux32_socket If SCARG(uap, what) = 0, copyin() will copy (size_t)-1 bytes, and it's not a good idea; but not proven harmful. With the help of njoly@. [maxv, ticket #1916] + distrib/sets/lists/base/mipatch doc/3RDPARTY patch share/zoneinfo/Makefile patch
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: riz Date: Fri Aug 15 23:06:37 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1917. To generate a diff of this commit: cvs rdiff -u -r1.1.2.13 -r1.1.2.14 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.13 src/doc/CHANGES-5.2.3:1.1.2.14 --- src/doc/CHANGES-5.2.3:1.1.2.13 Fri Aug 8 06:59:13 2014 +++ src/doc/CHANGES-5.2.3 Fri Aug 15 23:06:37 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.13 2014/08/08 06:59:13 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.14 2014/08/15 23:06:37 riz Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -196,3 +196,31 @@ sys/compat/linux32/common/linux32_socket If SCARG(uap, what) = 0, copyin() will copy (size_t)-1 bytes, and it's not a good idea; but not proven harmful. With the help of njoly@. [maxv, ticket #1916] +distrib/sets/lists/base/mipatch +doc/3RDPARTY patch +share/zoneinfo/Makefile patch +share/zoneinfo/africa patch +share/zoneinfo/antarcticapatch +share/zoneinfo/asia patch +share/zoneinfo/australasiapatch +share/zoneinfo/backward patch +share/zoneinfo/etcetera patch +share/zoneinfo/europe patch +share/zoneinfo/factory patch +share/zoneinfo/iso3166.tabpatch +share/zoneinfo/leap-seconds.list patch +share/zoneinfo/northamericapatch +share/zoneinfo/pacificnewpatch +share/zoneinfo/southamericapatch +share/zoneinfo/systemv patch +share/zoneinfo/yearistype.shpatch +share/zoneinfo/zone.tab patch +share/zoneinfo/zone1970.tabpatch + + Update timezone database from tzdata2014c to tzdata2014f. + This adds two new timezones (Asia/Chita and Asia/Srednekolymsk), + updates many other timezones, and adds two new + data files in the /usr/share/zoneinfo directory (leapseconds + and zone1970.dat). + [apb, ticket #1917] +
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Fri Aug 8 06:59:13 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1916. To generate a diff of this commit: cvs rdiff -u -r1.1.2.12 -r1.1.2.13 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.12 src/doc/CHANGES-5.2.3:1.1.2.13 --- src/doc/CHANGES-5.2.3:1.1.2.12 Mon Jul 14 09:16:12 2014 +++ src/doc/CHANGES-5.2.3 Fri Aug 8 06:59:13 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.12 2014/07/14 09:16:12 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.13 2014/08/08 06:59:13 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -189,3 +189,10 @@ sys/kern/sys_module.c1.15 via patch Fix a user-controlled memory allocation. [maxv, ticket #1914] + +sys/compat/linux/common/linux_socketcall.c 1.44 +sys/compat/linux32/common/linux32_socketcall.c 1.9 + + If SCARG(uap, what) = 0, copyin() will copy (size_t)-1 bytes, and it's + not a good idea; but not proven harmful. With the help of njoly@. + [maxv, ticket #1916]
CVS commit: [netbsd-5-2] src/sys/compat
Module Name:src Committed By: msaitoh Date: Fri Aug 8 06:56:35 UTC 2014 Modified Files: src/sys/compat/linux/common [netbsd-5-2]: linux_socketcall.c src/sys/compat/linux32/common [netbsd-5-2]: linux32_socketcall.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1916): sys/compat/linux32/common/linux32_socketcall.c: revision 1.9 sys/compat/linux/common/linux_socketcall.c: revision 1.44 If SCARG(uap, what) = 0, copyin() will copy (size_t)-1 bytes, and it's not a good idea; but not proven harmful. With the help of njoly@ To generate a diff of this commit: cvs rdiff -u -r1.39 -r1.39.42.1 \ src/sys/compat/linux/common/linux_socketcall.c cvs rdiff -u -r1.6 -r1.6.30.1 \ src/sys/compat/linux32/common/linux32_socketcall.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/compat/linux/common/linux_socketcall.c diff -u src/sys/compat/linux/common/linux_socketcall.c:1.39 src/sys/compat/linux/common/linux_socketcall.c:1.39.42.1 --- src/sys/compat/linux/common/linux_socketcall.c:1.39 Thu Jul 3 14:07:09 2008 +++ src/sys/compat/linux/common/linux_socketcall.c Fri Aug 8 06:56:35 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: linux_socketcall.c,v 1.39 2008/07/03 14:07:09 njoly Exp $ */ +/* $NetBSD: linux_socketcall.c,v 1.39.42.1 2014/08/08 06:56:35 msaitoh Exp $ */ /*- * Copyright (c) 1995, 1998 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: linux_socketcall.c,v 1.39 2008/07/03 14:07:09 njoly Exp $"); +__KERNEL_RCSID(0, "$NetBSD: linux_socketcall.c,v 1.39.42.1 2014/08/08 06:56:35 msaitoh Exp $"); #include #include @@ -123,7 +123,7 @@ linux_sys_socketcall(struct lwp *l, cons struct linux_socketcall_dummy_args lda; int error; - if (SCARG(uap, what) < 0 || SCARG(uap, what) > LINUX_MAX_SOCKETCALL) + if (SCARG(uap, what) <= 0 || SCARG(uap, what) > LINUX_MAX_SOCKETCALL) return ENOSYS; if ((error = copyin(SCARG(uap, args), &lda, Index: src/sys/compat/linux32/common/linux32_socketcall.c diff -u src/sys/compat/linux32/common/linux32_socketcall.c:1.6 src/sys/compat/linux32/common/linux32_socketcall.c:1.6.30.1 --- src/sys/compat/linux32/common/linux32_socketcall.c:1.6 Thu Dec 20 23:02:58 2007 +++ src/sys/compat/linux32/common/linux32_socketcall.c Fri Aug 8 06:56:34 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: linux32_socketcall.c,v 1.6 2007/12/20 23:02:58 dsl Exp $ */ +/* $NetBSD: linux32_socketcall.c,v 1.6.30.1 2014/08/08 06:56:34 msaitoh Exp $ */ /*- * Copyright (c) 2006 Emmanuel Dreyfus, all rights reserved. @@ -31,7 +31,7 @@ * POSSIBILITY OF SUCH DAMAGE. */ #include -__KERNEL_RCSID(0, "$NetBSD: linux32_socketcall.c,v 1.6 2007/12/20 23:02:58 dsl Exp $"); +__KERNEL_RCSID(0, "$NetBSD: linux32_socketcall.c,v 1.6.30.1 2014/08/08 06:56:34 msaitoh Exp $"); #include "opt_ktrace.h" #include @@ -95,7 +95,7 @@ linux32_sys_socketcall(struct lwp *l, co union linux32_socketcall_args ua; int error; - if (SCARG(uap, what) < 0 || SCARG(uap, what) > LINUX32_MAX_SOCKETCALL) + if (SCARG(uap, what) <= 0 || SCARG(uap, what) > LINUX32_MAX_SOCKETCALL) return ENOSYS; if ((error = copyin(SCARG_P32(uap, args), &ua,
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Mon Jul 14 09:16:12 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1914. To generate a diff of this commit: cvs rdiff -u -r1.1.2.11 -r1.1.2.12 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.11 src/doc/CHANGES-5.2.3:1.1.2.12 --- src/doc/CHANGES-5.2.3:1.1.2.11 Wed Jul 9 16:11:45 2014 +++ src/doc/CHANGES-5.2.3 Mon Jul 14 09:16:12 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.11 2014/07/09 16:11:45 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.12 2014/07/14 09:16:12 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -184,3 +184,8 @@ libexec/httpd/testsuite/data/index.html Update bozohttpd from 20080303+patches to 20140708. [mrg, ticket #1913] + +sys/kern/sys_module.c1.15 via patch + + Fix a user-controlled memory allocation. + [maxv, ticket #1914]
CVS commit: [netbsd-5-2] src/sys/kern
Module Name:src Committed By: msaitoh Date: Mon Jul 14 09:09:37 UTC 2014 Modified Files: src/sys/kern [netbsd-5-2]: sys_module.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1914): sys/kern/sys_module.c: revision 1.15 via patch Fix a user-controlled memory allocation. kmem_alloc(0) will panic the system. ok christos@ To generate a diff of this commit: cvs rdiff -u -r1.8.4.1 -r1.8.4.1.6.1 src/sys/kern/sys_module.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_module.c diff -u src/sys/kern/sys_module.c:1.8.4.1 src/sys/kern/sys_module.c:1.8.4.1.6.1 --- src/sys/kern/sys_module.c:1.8.4.1 Sun May 3 13:07:39 2009 +++ src/sys/kern/sys_module.c Mon Jul 14 09:09:37 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_module.c,v 1.8.4.1 2009/05/03 13:07:39 bouyer Exp $ */ +/* $NetBSD: sys_module.c,v 1.8.4.1.6.1 2014/07/14 09:09:37 msaitoh Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sys_module.c,v 1.8.4.1 2009/05/03 13:07:39 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_module.c,v 1.8.4.1.6.1 2014/07/14 09:09:37 msaitoh Exp $"); #include #include @@ -43,6 +43,11 @@ __KERNEL_RCSID(0, "$NetBSD: sys_module.c #include #include +/* + * Arbitrary limit to avoid DoS for excessive memory allocation. + */ +#define MAXPROPSLEN 4096 + static int handle_modctl_load(modctl_load_t *ml) { @@ -63,6 +68,11 @@ handle_modctl_load(modctl_load_t *ml) if (error != 0) goto out2; + if (ml->ml_propslen > MAXPROPSLEN) { + error = ENOMEM; + goto out2; + } + propslen = ml->ml_propslen + 1; props = (char *)kmem_alloc(propslen, KM_SLEEP); if (props == NULL) {
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Wed Jul 9 16:11:45 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket #1913. To generate a diff of this commit: cvs rdiff -u -r1.1.2.10 -r1.1.2.11 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.10 src/doc/CHANGES-5.2.3:1.1.2.11 --- src/doc/CHANGES-5.2.3:1.1.2.10 Mon Jun 30 10:58:42 2014 +++ src/doc/CHANGES-5.2.3 Wed Jul 9 16:11:45 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.10 2014/06/30 10:58:42 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.11 2014/07/09 16:11:45 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -125,3 +125,62 @@ sys/compat/freebsd/freebsd_sched.c 1.20 Avoid NULL dereference and fix sched param conversion. Pointed out by Maxime Villard. [maxv, ticket #1909] + +libexec/httpd/CHANGES1.3-1.18 +libexec/httpd/Makefile1.8-1.22 via patch +libexec/httpd/Makefile.boot 1.3-1.6 +libexec/httpd/auth-bozo.c 1.5-1.13 +libexec/httpd/bozohttpd.8 1.6-1.46 +libexec/httpd/bozohttpd.c 1.8,1.12-1.54 +libexec/httpd/bozohttpd.h 1.8-1.32 +libexec/httpd/cgi-bozo.c 1.11-1.25 +libexec/httpd/content-bozo.c 1.4-1.10 +libexec/httpd/daemon-bozo.c 1.5-1.16 +libexec/httpd/dir-index-bozo.c 1.6-1.19 +libexec/httpd/ssl-bozo.c 1.5-1.16 +libexec/httpd/tilde-luzah-bozo.c 1.5-1.10 +libexec/httpd/lua-bozo.c 1.1-1.9 +libexec/httpd/main.c1.1-1.7 +libexec/httpd/netbsd_queue.h 1.1 +libexec/httpd/printenv.lua 1.1-1.2 +libexec/httpd/debug/Makefile 1.1 +libexec/httpd/libbozohttpd/Makefile 1.2 +libexec/httpd/libbozohttpd/libbozohttpd.3 1.3 +libexec/httpd/libbozohttpd/shlib_version 1.1 +libexec/httpd/lua/Makefile 1.1 +libexec/httpd/lua/bozo.lua 1.1 +libexec/httpd/lua/glue.c 1.1 +libexec/httpd/lua/optparse.lua 1.1 +libexec/httpd/lua/shlib_version 1.1 +libexec/httpd/small/Makefile 1.1-1.2 +libexec/httpd/testsuite/Makefile 1.4 +libexec/httpd/testsuite/html_cmp 1.4 +libexec/httpd/testsuite/t1.in 1.3 +libexec/httpd/testsuite/t1.out 1.3 +libexec/httpd/testsuite/t10.in 1.1 +libexec/httpd/testsuite/t10.out 1.1 +libexec/httpd/testsuite/t2.in 1.3 +libexec/httpd/testsuite/t2.out 1.3 +libexec/httpd/testsuite/t3.in 1.3 +libexec/httpd/testsuite/t3.out 1.3 +libexec/httpd/testsuite/t4.in 1.3 +libexec/httpd/testsuite/t4.out 1.3 +libexec/httpd/testsuite/t5.in 1.3 +libexec/httpd/testsuite/t5.out 1.3 +libexec/httpd/testsuite/t6.in 1.3 +libexec/httpd/testsuite/t6.out 1.3 +libexec/httpd/testsuite/t7.in 1.3 +libexec/httpd/testsuite/t7.out 1.3 +libexec/httpd/testsuite/t8.in 1.3 +libexec/httpd/testsuite/t8.out 1.3 +libexec/httpd/testsuite/t9.in 1.3 +libexec/httpd/testsuite/t9.out 1.3 +libexec/httpd/testsuite/test-bigfile 1.1 +libexec/httpd/testsuite/data/bigfile 1.1 +libexec/httpd/testsuite/data/bigfile.partial4000 1.1 +libexec/httpd/testsuite/data/bigfile.partial8000 1.1 +libexec/httpd/testsuite/data/file 1.3 +libexec/httpd/testsuite/data/index.html 1.3 + + Update bozohttpd from 20080303+patches to 20140708. + [mrg, ticket #1913]
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Mon Jun 30 10:58:42 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1909. To generate a diff of this commit: cvs rdiff -u -r1.1.2.9 -r1.1.2.10 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.9 src/doc/CHANGES-5.2.3:1.1.2.10 --- src/doc/CHANGES-5.2.3:1.1.2.9 Fri Jun 6 07:04:13 2014 +++ src/doc/CHANGES-5.2.3 Mon Jun 30 10:58:42 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.9 2014/06/06 07:04:13 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.10 2014/06/30 10:58:42 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -119,3 +119,9 @@ crypto/dist/openssl/ssl/ssl3.h patch Fix CVE-2014-0224, CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470. [spz, ticket #1908] + +sys/compat/freebsd/freebsd_sched.c 1.20-1.21 + + Avoid NULL dereference and fix sched param conversion. + Pointed out by Maxime Villard. + [maxv, ticket #1909]
CVS commit: [netbsd-5-2] src/sys/compat/freebsd
Module Name:src Committed By: msaitoh Date: Mon Jun 30 10:55:20 UTC 2014 Modified Files: src/sys/compat/freebsd [netbsd-5-2]: freebsd_sched.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1909): sys/compat/freebsd/freebsd_sched.c 1.20-1.21 Avoid NULL dereference and fix sched param conversion (at least make it do something). Pointed out by Maxime Villard. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.19.48.1 src/sys/compat/freebsd/freebsd_sched.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/compat/freebsd/freebsd_sched.c diff -u src/sys/compat/freebsd/freebsd_sched.c:1.19 src/sys/compat/freebsd/freebsd_sched.c:1.19.48.1 --- src/sys/compat/freebsd/freebsd_sched.c:1.19 Mon Apr 28 20:23:41 2008 +++ src/sys/compat/freebsd/freebsd_sched.c Mon Jun 30 10:55:20 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: freebsd_sched.c,v 1.19 2008/04/28 20:23:41 martin Exp $ */ +/* $NetBSD: freebsd_sched.c,v 1.19.48.1 2014/06/30 10:55:20 msaitoh Exp $ */ /*- * Copyright (c) 1999 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: freebsd_sched.c,v 1.19 2008/04/28 20:23:41 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: freebsd_sched.c,v 1.19.48.1 2014/06/30 10:55:20 msaitoh Exp $"); #include #include @@ -62,72 +62,72 @@ freebsd_sys_yield(struct lwp *l, const v */ static int sched_freebsd2native(int freebsd_policy, -struct freebsd_sched_param *freebsd_params, int *native_policy, +const struct freebsd_sched_param *freebsd_params, int *native_policy, struct sched_param *native_params) { - int error; - - error = 0; + int p; switch (freebsd_policy) { case FREEBSD_SCHED_OTHER: - *native_policy = SCHED_OTHER; + p = SCHED_OTHER; break; case FREEBSD_SCHED_FIFO: - *native_policy = SCHED_FIFO; + p = SCHED_FIFO; break; case FREEBSD_SCHED_RR: - *native_policy = SCHED_RR; + p = SCHED_RR; break; default: - error = EINVAL; - break; + return EINVAL; } - if (freebsd_params != NULL && native_params != NULL && !error) { - native_params = (struct sched_param *)freebsd_params; + if (native_policy != NULL) + *native_policy = p; + + if (freebsd_params != NULL && native_params != NULL) { + /* XXX: Needs adjustment to do a proper conversion. */ + native_params->sched_priority = freebsd_params->sched_priority; } - - return (error); + return 0; } /* - * XXX: Needs adjustment to do a proper conversion. */ static int -sched_native2freebsd(int native_policy, struct sched_param *native_params, +sched_native2freebsd(int native_policy, const struct sched_param *native_params, int *freebsd_policy, struct freebsd_sched_param *freebsd_params) { - int error; - - error = 0; + int p; switch (native_policy) { case SCHED_OTHER: - *freebsd_policy = FREEBSD_SCHED_OTHER; + p = FREEBSD_SCHED_OTHER; break; case SCHED_FIFO: - *freebsd_policy = FREEBSD_SCHED_FIFO; + p = FREEBSD_SCHED_FIFO; break; case SCHED_RR: - *freebsd_policy = FREEBSD_SCHED_RR; + p = FREEBSD_SCHED_RR; break; default: - error = EINVAL; - break; + return EINVAL; } - if (native_params != NULL && freebsd_params != NULL && !error) { - freebsd_params = (struct freebsd_sched_param *)native_params; + if (freebsd_policy != NULL) + *freebsd_policy = p; + + if (native_params != NULL && freebsd_params != NULL) { + /* XXX: Needs adjustment to do a proper conversion. */ + freebsd_params->sched_priority = native_params->sched_priority; } - - return (error); + + return 0; } int @@ -199,7 +199,7 @@ freebsd_sys_sched_getparam(struct lwp *l goto out; out: - return (error); + return error; } int
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Fri Jun 6 07:04:13 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket #1908 is not openssl 1.0.1h. To generate a diff of this commit: cvs rdiff -u -r1.1.2.8 -r1.1.2.9 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.8 src/doc/CHANGES-5.2.3:1.1.2.9 --- src/doc/CHANGES-5.2.3:1.1.2.8 Fri Jun 6 06:42:25 2014 +++ src/doc/CHANGES-5.2.3 Fri Jun 6 07:04:13 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.8 2014/06/06 06:42:25 msaitoh Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.9 2014/06/06 07:04:13 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -117,6 +117,5 @@ crypto/dist/openssl/ssl/s3_pkt.c patch crypto/dist/openssl/ssl/s3_srvr.c patch crypto/dist/openssl/ssl/ssl3.h patch - Update openssl to 1.0.1h which includes CVE-2014-0224, CVE-2014-0221, - CVE-2014-0195, CVE-2014-3470. + Fix CVE-2014-0224, CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470. [spz, ticket #1908]
CVS commit: [netbsd-5-2] src/doc
Module Name:src Committed By: msaitoh Date: Fri Jun 6 06:42:25 UTC 2014 Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.3 Log Message: Ticket 1908. To generate a diff of this commit: cvs rdiff -u -r1.1.2.7 -r1.1.2.8 src/doc/CHANGES-5.2.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-5.2.3 diff -u src/doc/CHANGES-5.2.3:1.1.2.7 src/doc/CHANGES-5.2.3:1.1.2.8 --- src/doc/CHANGES-5.2.3:1.1.2.7 Wed May 21 21:58:12 2014 +++ src/doc/CHANGES-5.2.3 Fri Jun 6 06:42:25 2014 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.3,v 1.1.2.7 2014/05/21 21:58:12 bouyer Exp $ +# $NetBSD: CHANGES-5.2.3,v 1.1.2.8 2014/06/06 06:42:25 msaitoh Exp $ A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3 release: @@ -108,3 +108,15 @@ distrib/sets/lists/base/mi patch [apb, ticket #1906] +crypto/dist/openssl/crypto/bn/bn.h patch +crypto/dist/openssl/crypto/bn/bn_lib.c patch +crypto/dist/openssl/crypto/ec/ec2_mult.c patch +crypto/dist/openssl/ssl/d1_both.c patch +crypto/dist/openssl/ssl/s3_clnt.c patch +crypto/dist/openssl/ssl/s3_pkt.c patch +crypto/dist/openssl/ssl/s3_srvr.c patch +crypto/dist/openssl/ssl/ssl3.h patch + + Update openssl to 1.0.1h which includes CVE-2014-0224, CVE-2014-0221, + CVE-2014-0195, CVE-2014-3470. + [spz, ticket #1908]
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: msaitoh Date: Fri Jun 6 06:42:08 UTC 2014 Modified Files: src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn.h bn_lib.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec2_mult.c src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_both.c s3_clnt.c s3_pkt.c s3_srvr.c ssl3.h Log Message: Pull up following revision(s) (requested by spz in ticket #1908): crypto/dist/openssl/crypto/bn/bn.h patch crypto/dist/openssl/crypto/bn/bn_lib.c patch crypto/dist/openssl/crypto/ec/ec2_mult.cpatch crypto/dist/openssl/ssl/d1_both.c patch crypto/dist/openssl/ssl/s3_clnt.c patch crypto/dist/openssl/ssl/s3_pkt.cpatch crypto/dist/openssl/ssl/s3_srvr.c patch crypto/dist/openssl/ssl/ssl3.h patch *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. (CVE-2014-0224) [KIKUCHI Masashi, Steve Henson] *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. (CVE-2014-0221) [Imre Rad, Steve Henson] *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) [Jüri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. Thanks to Felix Gröbert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) [Felix Gröbert, Ivan Fratric, Steve Henson] To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.2.1 src/crypto/dist/openssl/crypto/bn/bn.h cvs rdiff -u -r1.7 -r1.7.2.1 src/crypto/dist/openssl/crypto/bn/bn_lib.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ src/crypto/dist/openssl/crypto/ec/ec2_mult.c cvs rdiff -u -r1.3.4.2 -r1.3.4.2.6.1 src/crypto/dist/openssl/ssl/d1_both.c cvs rdiff -u -r1.12.4.3 -r1.12.4.3.4.1 src/crypto/dist/openssl/ssl/s3_clnt.c cvs rdiff -u -r1.9.4.3 -r1.9.4.3.6.1 src/crypto/dist/openssl/ssl/s3_pkt.c cvs rdiff -u -r1.15.4.4 -r1.15.4.4.4.1 src/crypto/dist/openssl/ssl/s3_srvr.c cvs rdiff -u -r1.8 -r1.8.2.1 src/crypto/dist/openssl/ssl/ssl3.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/openssl/crypto/bn/bn.h diff -u src/crypto/dist/openssl/crypto/bn/bn.h:1.12 src/crypto/dist/openssl/crypto/bn/bn.h:1.12.2.1 --- src/crypto/dist/openssl/crypto/bn/bn.h:1.12 Fri May 9 21:49:39 2008 +++ src/crypto/dist/openssl/crypto/bn/bn.h Fri Jun 6 06:42:08 2014 @@ -520,6 +520,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -742,11 +744,20 @@ int RAND_pseudo_bytes(unsigned char *buf #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Index: src/crypto/dist/openssl/crypto/bn/bn_lib.c diff -u src/crypto/dist/openssl/crypto/bn/bn_lib.c:1.7 src/crypto/dist/openssl/crypto/bn/bn_lib.c:1.7.2.1 --- src/crypto/dist/openssl/crypto/bn/bn_lib.c:1.7 Fri May 9 21:49:39 2008 +++ src/crypto/dist/openssl/crypto/bn/bn_lib.c Fri Jun 6 06:42:08 2014 @@ -843,3 +843,55 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nword