[PATCH] Fix isakmp fragmentation bug in CVE-2016-10396 patch#9
Closed
rdratlos wants to merge 1 commit into
Closed
Conversation
rdratlos
force-pushed
the
PR_security/53646
branch
2 times, most recently
from
c8cb6c4 to
8289f8b
Compare
Author
|
Patch reworked as commit 8d8ca1d5d provides a better solution. This updated patch adds missing debug info to the handler for error and blackballing analysis. |
Contributor
|
Hello |
rdratlos
force-pushed
the
PR_security/53646
branch
from
8289f8b to
7305a18
Compare
In 2017 a CVE was detected for racoon. The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. This security issue was fixed by implementing a strict fragment control. The strict control may blackball VPN clients from VPN service (see PR/53646). The implemented failure notifications are laconic. On the other hand current racoon server dumps complete IKE messages into the logs in debug mode. Add minimum debug information for fragment handler to ease root cause analysis in case of VPN connection rejects or attacks. Signed-off-by: Thomas Reim <reimth@gmail.com>
rdratlos
force-pushed
the
PR_security/53646
branch
from
7305a18 to
74a6556
Compare
Author
|
@sevan Sorry for the confusion. Should have read the instructions. Submission will be filed to gnats. |
skrll
pushed a commit
to skrll/src
that referenced
this pull request
Oct 26, 2018
ifconfig gif0 create ifconfig gif0 up [ 50.682919] kASan: Unauthorized Access In 0xffffffff80f22655: Addr 0xffffffff81b997a0 [8 bytes, read] [ 50.682919] #0 0xffffffff8021ce6a in kasan_memcpy <netbsd> [ 50.692999] #1 0xffffffff80f22655 in m_copyback_internal <netbsd> [ 50.692999] #2 0xffffffff80f22e81 in m_copyback <netbsd> [ 50.692999] #3 0xffffffff8103109a in rt_msg1 <netbsd> [ 50.692999] #4 0xffffffff8159109a in compat_70_rt_newaddrmsg1 <netbsd> [ 50.692999] #5 0xffffffff81031b0f in rt_newaddrmsg <netbsd> [ 50.692999] #6 0xffffffff8102c35e in rt_ifa_addlocal <netbsd> [ 50.692999] #7 0xffffffff80a5287c in in6_update_ifa1 <netbsd> [ 50.692999] #8 0xffffffff80a54149 in in6_update_ifa <netbsd> [ 50.692999] NetBSD#9 0xffffffff80a59176 in in6_ifattach <netbsd> [ 50.692999] NetBSD#10 0xffffffff80a56dd4 in in6_if_up <netbsd> [ 50.692999] NetBSD#11 0xffffffff80fc5cb8 in if_up_locked <netbsd> [ 50.703622] NetBSD#12 0xffffffff80fcc4c1 in ifioctl_common <netbsd> [ 50.703622] NetBSD#13 0xffffffff80fde694 in gif_ioctl <netbsd> [ 50.703622] NetBSD#14 0xffffffff80fcdb1f in doifioctl <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 13, 2018
[ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 21, 2018
sys/net/rtsock.c: revision 1.244 Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 28, 2018
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 28, 2018
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 28, 2018
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 9, 2019
…ch 2019). --- 9.13.5-W1 released --- 5113. [port] Fixed a Windows build error. --- 9.13.5 released --- 5108. [bug] Named could fail to determine bottom of zone when removing out of date keys leading to invalid NSEC and NSEC3 records being added to the zone. [GL #771] 5107. [bug] 'host -U' did not work. [GL #769] 5106. [experimental] A new "plugin" mechanism has been added to allow extension of query processing functionality through the use of dynamically loadable libraries. A "filter-aaaa.so" plugin has been implemented, replacing the filter-aaaa feature that was formerly implemented as a native part of BIND. The "filter-aaaa", "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options can no longer be configured using native named.conf syntax. However, loading the filter-aaaa.so plugin and setting its parameters provides identical functionality. Note that the plugin API is a work in progress and is likely to evolve as further plugins are implemented. [GL #15] 5105. [bug] Fix a race between process_fd and socketclose in unix socket code. [GL #744] 5104. [cleanup] Log clearer informational message when a catz zone is overridden by a zone in named.conf. Thanks to Tony Finch. [GL !1157] 5103. [bug] Add missing design by contract tests to dns_catz*. [GL #748] 5102. [bug] dnssec-coverage failed to use the default TTL when checking KSK deletion times leading to a exception. [GL #585] 5101. [bug] Fix default installation path for Python modules and remove the dnspython dependency accidentally introduced by change 4970. [GL #730] 5100. [func] Pin resolver tasks to specific task queues. [GL !1117] 5099. [func] Failed mutex and conditional creations are always fatal. [GL #674] --- 9.13.4 released --- 5098. [func] Failed memory allocations are now fatal. [GL #674] 5097. [cleanup] Remove embedded ATF unit testing framework from BIND source distribution. [GL !875] 5096. [func] Use multiple event loops in socket code, and make network threads CPU-affinitive. This significantly improves performance on large systems. [GL #666] 5095. [test] Converted all unit tests from ATF to CMocka; removed the source code for the ATF libraries. Build with "configure --with-cmocka" to enable unit testing. [GL #620] 5094. [func] Add 'dig -r' to disable reading of .digrc. [GL !970] 5093. [bug] Log lame qname-minimization servers only if they're really lame. [GL #671] 5092. [bug] Address memory leak on SIGTERM in nsupdate when using GSS-TSIG. [GL #558] 5091. [func] Two new global and per-view options min-cache-ttl and min-ncache-ttl [GL #613] 5090. [bug] dig and mdig failed to properly preparse dash value pairs when value was a seperate argument and started with a dash. [GL #584] 5089. [bug] Restore localhost fallback in dig and host which is used when no nameserver addresses present in /etc/resolv.conf are usable due to the requested address family restrictions. [GL #433] 5088. [bug] dig/host/nslookup could crash when interrupted close to a query timeout. [GL #599] 5087. [test] Check that result tables are complete. [GL #676] 5086. [func] Log of RPZ now includes the QTYPE and QCLASS. [GL #623] 5085. [bug] win32: Restore looking up nameservers, search list, etc. [GL #186] 5084. [placeholder] 5083. [func] Add autoconf macro AX_POSIX_SHELL, so we can use POSIX-compatible shell features in the scripts. 5082. [bug] Fixed a race that could cause a crash in dig/host/nslookup. [GL #650] 5081. [func] Use per-worker queues in task manager, make task runners CPU-affine. [GL #659] 5080. [func] Improvements to "rndc nta" user interface: - catch and report invalid command line options - when removing an NTA from all views, do not abort with an error if the NTA was not found in one of the views - include the view name in "rndc nta -dump" output, for consistency with the add and remove actions Thanks to Tony Finch. [GL !816] 5079. [func] Disable IDN processing in dig and nslookup when not on a tty. [GL #653] 5078. [cleanup] Require python components to be explicitly disabled if python is not available on unix platforms. [GL #601] 5077. [cleanup] Remove ip6.int support (-i) from dig and mdig. [GL !969] 5076. [bug] "require-server-cookie" was not effective if "rate-limit" was configured. [GL #617] 5075. [bug] Refresh nameservers from cache when sending final query in qname minimization. [GL #16] 5074. [cleanup] Remove vector socket functions - isc_socket_recvv(), isc_socket_sendtov(), isc_socket_sendtov2(), isc_socket_sendv() - in order to simplify socket code. [GL #645] 5073. [bug] Destroy a task first when destroying rpzs and catzs. [GL #84] 5072. [bug] Add unit tests for isc_buffer_copyregion() and fix its behavior for auto-reallocated buffers. [GL #644] 5071. [bug] Comparision of NXT records was broken. [GL #631] 5070. [bug] Record types which support a empty rdata field were not handling the empty rdata field case. [GL #638] 5069. [bug] Fix a hang on in RPZ when named is shutdown during RPZ zone update. [GL !907] 5068. [bug] Fix a race in RPZ with min-update-interval set to 0. [GL #643] 5067. [bug] Don't minimize qname when sending the query to a forwarder. [GL #361] 5066. [cleanup] Allow unquoted strings to be used as a zone names in response-policy statements. [GL #641] 5065. [bug] Only set IPV6_USE_MIN_MTU on IPv6. [GL #553] 5064. [test] Initalize TZ environment variable before calling dns_test_begin in dnstap_test. [GL #624] 5063. [test] In statschannel test try a few times before failing when checking if the compressed output is the same as uncompressed. [GL !909] 5062. [func] Use non-crypto-secure PRNG to generate nonces for cookies. [GL !887] 5061. [protocol] Add support for EID and NIMLOC. [GL #626] 5060. [bug] GID, UID and UINFO could not be loaded using unknown record format. [GL #627] 5059. [bug] Display a per-view list of zones in the web interface. [GL #427] 5058. [func] Replace old message digest and hmac APIs with more generic isc_md and isc_hmac APIs, and convert their respective tests to cmocka. [GL #305] 5057. [protocol] Add support for ATMA. [GL #619] 5056. [placeholder] 5055. [func] A default list of primary servers for the root zone is now built into named, allowing the "masters" statement to be omitted when configuring an IANA root zone mirror. [GL #564] 5054. [func] Attempts to use mirror zones with recursion disabled are now considered a configuration error. [GL #564] 5053. [func] The only valid zone-level NOTIFY settings for mirror zones are now "notify no;" and "notify explicit;". [GL #564] 5052. [func] Mirror zones are now configured using "type mirror;" rather than "mirror yes;". [GL #564] 5051. [doc] Documentation incorrectly stated that the "server-addresses" static-stub zone option accepts custom port numbers. [GL #582] 5050. [bug] The libirs version of getaddrinfo() was unable to parse scoped IPv6 addresses present in /etc/resolv.conf. [GL #187] 5049. [cleanup] QNAME minimization has been deeply refactored. [GL #16] 5048. [func] Add configure option to enable and enforce FIPS mode in BIND 9. [GL #506] 5047. [bug] Messages logged for certain query processing failures now include a more specific error description if it is available. [GL #572] 5046. [bug] named could crash during shutdown if an RPZ reload was in progress. [RT #46210] 5045. [func] Remove support for DNSSEC algorithms 3 (DSA) and 6 (DSA-NSEC3-SHA1). [GL #22] 5044. [cleanup] If "dnssec-enable" is no, then "dnssec-validation" now also defaults to no. [GL #388] 5043. [bug] Fix creating and validating EdDSA signatures. [GL #579] 5042. [test] Make the chained delegations in reclimit behave like they would in a regular name server. [GL #578] 5041. [test] The chain test contains a incomplete delegation. [GL #568] 5040. [func] Extended dnstap so that it can log UPDATE requests and responses as separate message types. Thanks to Greg Rabil. [GL #570] 5039. [bug] Named could fail to preserve owner name case of new RRset. [GL #420] 5038. [bug] Chaosnet addresses were compared incorrectly. [GL #562] 5037. [func] "allow-recursion-on" and "allow-query-cache-on" each now default to the other if only one of them is set, in order to be more consistent with the way "allow-recursion" and "allow-query-cache" work. Also we now ensure that both query-cache ACLs are checked when determining cache access. [GL #319] 5036. [cleanup] Fixed a spacing/formatting error in some RPZ-related error messages in the log. [GL !805] 5035. [test] Fixed errors that prevented the DNSRPS subtests from running in the rpz and rpzrecurse system tests. [GL #503] 5034. [bug] A race between threads could prevent zone maintenance scheduled immediately after zone load from being performed. [GL #542] 5033. [bug] When adding NTAs to multiple views using "rndc nta", the text returned via rndc was incorrectly terminated after the first line, making it look as if only one NTA had been added. Also, it was not possible to differentiate between views with the same name but different classes; this has been corrected with the addition of a "-class" option. [GL #105] 5032. [func] Add krb5-selfsub and ms-selfsub update policy rules. [GL #511] 5031. [cleanup] Various defines in platform.h has been either dropped if always or never triggered on supported platforms or replaced with config.h equivalents if the defines didn't have any impact on public headers. Workarounds for LinuxThreads have been removed because NPTL is available since Linux kernel 2.6.0. [GL #525] 5030. [bug] Align CMSG buffers to a 64-bit boundary, fixes crash on architectures with strict alignment. [GL #521] --- 9.13.3 released --- 5029. [func] Workarounds for servers that misbehave when queried with EDNS have been removed, because these broken servers and the workarounds for their noncompliance cause unnecessary delays, increase code complexity, and prevent deployment of new DNS features. See https://dnsflagday.net for further details. [GL #150] 5028. [bug] Spread the initial RRSIG expiration times over the entire working sig-validity-interval when signing a zone in named to even out re-signing and transfer loads. [GL #418] 5027. [func] Set SO_SNDBUF size on sockets. [GL #74] 5026. [bug] rndc reconfig should not touch already loaded zones. [GL #276] 5025. [cleanup] Remove isc_keyboard family of functions. [GL #178] 5024. [func] Replace custom assembly for atomic operations with atomic support from the compiler. The code will now use C11 stdatomic, or __atomic, or __sync builtins with GCC or Clang compilers, and Interlocked functions with MSVC. [GL #10] 5023. [cleanup] Remove wrappers that try to fix broken or incomplete implementations of IPv6, pthreads and other core functionality required and used by BIND. [GL #192] 5022. [doc] Update ms-self, ms-subdomain, krb5-self, and krb5-subdomain documentation. [GL !708] 5021. [bug] dig returned a non-zero exit code when it received a reply over TCP after a retry. [GL #487] 5020. [func] RNG uses thread-local storage instead of locks, if supported by platform. [GL #496] 5019. [cleanup] A message is now logged when ixfr-from-differences is set at zone level for an inline-signed zone. [GL #470] 5018. [bug] Fix incorrect sizeof arguments in lib/isc/pk11.c. [GL !588] 5017. [bug] lib/isc/pk11.c failed to unlink the session before releasing the lock which is unsafe. [GL !589] 5016. [bug] Named could assert with overlapping filter-aaaa and dns64 acls. [GL #445] 5015. [bug] Reloading all zones caused zone maintenance to cease for inline-signed zones. [GL #435] 5014. [bug] Signatures loaded from the journal for the signed version of an inline-signed zone were not scheduled for refresh. [GL #482] 5013. [bug] A referral response with a non-empty ANSWER section was inadvertently being treated as an error. [GL #390] 5012. [bug] Fix lock order reversal in pk11_initialize. [GL !590] 5011. [func] Remove support for unthreaded named. [GL #478] 5010. [func] New "validate-except" option specifies a list of domains beneath which DNSSEC validation should not be performed. [GL #237] 5009. [bug] Upon an OpenSSL failure, the first error in the OpenSSL error queue was not logged. [GL #476] 5008. [bug] "rndc signing -nsec3param ..." requests were silently ignored for zones which were not yet loaded or transferred. [GL #468] 5007. [cleanup] Replace custom ISC boolean and integer data types with C99 stdint.h and stdbool.h types. [GL #9] 5006. [cleanup] Code preparing a delegation response was extracted from query_delegation() and query_zone_delegation() into a separate function in order to decrease code duplication. [GL #431] 5005. [bug] dnssec-verify, and dnssec-signzone at the verification step, failed on some validly signed zones. [GL #442] 5004. [bug] 'rndc reconfig' could cause inline zones to stop re-signing. [GL #439] 5003. [bug] dns_acl_isinsecure did not handle geoip elements. [GL #406] 5002. [bug] mdig: Handle malformed +ednsopt option, support 100 +ednsopt options per query rather than 100 total and address memory leaks if +ednsopt was specified. [GL #410] 5001. [bug] Fix refcount errors on error paths. [GL !563] 5000. [bug] named_server_servestale() could leave the server in exclusive mode if an error occured. [GL #441] 4999. [cleanup] Remove custom printf implementation in lib/isc/print.c. [GL #261] 4998. [test] Make resolver and cacheclean tests more civilized. 4997. [security] named could crash during recursive processing of DNAME records when "deny-answer-aliases" was in use. (CVE-2018-5740) [GL #387] 4996. [bug] dig: Handle malformed +ednsopt option. [GL #403] 4995. [test] Add tests for "tcp-self" update policy. [GL !282] 4994. [bug] Trust anchor telemetry queries were not being sent upstream for locally served zones. [GL #392] 4993. [cleanup] Remove support for silently ignoring 'no-change' deltas from BIND 8 when processing an IXFR stream. 'no-change' deltas will now trigger a fallback to AXFR as the recovery mechanism. [GL #369] 4992. [bug] The wrong address was being logged for trust anchor telemetry queries. [GL #379] 4991. [bug] "rndc reconfig" was incorrectly handling zones whose "mirror" setting was changed. [GL #381] 4990. [bug] Prevent a possible NULL reference in pkcs11-keygen. [GL #401] 4989. [cleanup] IDN support in dig has been reworked. IDNA2003 fallbacks were removed in the process. [GL #384] 4988. [bug] Don't synthesize NXDOMAIN from NSEC for records under a DNAME. --- 9.13.2 released --- 4987. [cleanup] dns_rdataslab_tordataset() and its related dns_rdatasetmethods_t callbacks were removed as they were not being used by anything in BIND. [GL #371] 4986. [func] When built on Linux, BIND now requires the libcap library to set process privileges, unless capability support is explicitly overridden with "configure --disable-linux-caps". [GL #321] 4985. [func] Add a new slave zone option, "mirror", to enable serving a non-authoritative copy of a zone that is subject to DNSSEC validation before being used. For now, this option is only meant to facilitate deployment of an RFC 7706-style local copy of the root zone. [GL #33] 4984. [bug] Improve handling of very large incremental zone transfers to prevent journal corruption. [GL #339] 4983. [func] Add the ability to not return a DNS COOKIE option when one is present in the request (answer-cookie no;). [GL #173] 4982. [cleanup] Return FORMERR if the question section is empty and no COOKIE option is present; this restores older behavior except in the newly specified COOKIE case. [GL #260] 4981. [bug] Fix race in cmsg buffer usage in socket code. [GL #180] 4980. [bug] Named-checkconf failed to detect bad in-view targets. [GL #288] 4979. [placeholder] 4978. [test] Fix error handling and resolver configuration in the "rpz" system test. [GL #312] 4977. [func] When starting up, log the same details that would be reported by 'named -V'. [GL #247] 4976. [bug] Log the label with invalid prefix length correctly when loading RPZ zones. [GL #254] 4975. [bug] The server cookie computation for sha1 and sha256 did not match the method described in RFC 7873. [GL #356] 4974. [bug] Restore default rrset-order to random. [GL #336] 4973. [func] verifyzone() and the functions it uses were moved to libdns and refactored to prevent exit() from being called upon failure. A side effect of that is that dnssec-signzone and dnssec-verify now check for memory leaks upon shutdown. [GL #266] 4972. [func] Declare the 'rdata' argument for dns_rdata_tostruct() to be const. [GL #341] 4971. [bug] dnssec-signzone and dnssec-verify did not treat records below a DNAME as out-of-zone data. [GL #298] 4970. [func] Add QNAME minimization option to resolver. [GL #16] 4969. [cleanup] Refactor zone logging functions. [GL #269] --- 9.13.1 released --- 4968. [bug] If glue records are signed, attempt to validate them. [GL #209] 4967. [cleanup] Add "answer-cookie" to the parser, marked obsolete. 4966. [placeholder] 4965. [func] Add support for marking options as deprecated. [GL #322] 4964. [bug] Reduce the probabilty of double signature when deleting a DNSKEY by checking if the node is otherwise signed by the algorithm of the key to be deleted. [GL #240] 4963. [test] ifconfig.sh now uses "ip" instead of "ifconfig", if available, to configure the test interfaces on linux. [GL #302] 4962. [cleanup] Move 'named -T' processing to its own function. [GL #316] 4961. [protocol] Remove support for ECC-GOST (GOST R 34.11-94). [GL #295] 4960. [security] When recursion is enabled, but the "allow-recursion" and "allow-query-cache" ACLs are not specified, they should be limited to local networks, but were inadvertently set to match the default "allow-query", thus allowing remote queries. (CVE-2018-5738) [GL #309] 4959. [func] NSID logging (enabled by the "request-nsid" option) now has its own "nsid" category, instead of using the "resolver" category. [GL !332] 4958. [bug] Remove redundant space from NSEC3 record. [GL #281] 4957. [func] The default setting for "dnssec-validation" is now "auto", which activates DNSSEC validation using the IANA root key. (The default can be changed back to "yes", which activates DNSSEC validation only when keys are explicitly configured in named.conf, by building BIND with "configure --disable-auto-validation".) [GL #30] 4956. [func] Change isc_random() to be just PRNG using xoshiro128**, and add isc_nonce_buf() that uses CSPRNG. [GL #289] 4955. [cleanup] Silence cppcheck warnings in lib/dns/master.c. [GL #286] 4954. [func] Messages about serving of stale answers are now directed to the "serve-stale" logging category. Also clarified serve-stale documentation. [GL !323] 4953. [bug] Removed the option to build the red black tree database without a hash table; the non-hashing version was buggy and is not needed. [GL #184] 4952. [func] Authoritative server support in named for the EDNS CLIENT-SUBNET option (which was experimental and not practical to deploy) has been removed. The ECS option is still supported in dig and mdig via the +subnet option, and can be parsed and logged when received by named, but it is no longer used for ACL processing. The "geoip-use-ecs" option is now obsolete; a warning will be logged if it is used in named.conf. "ecs" tags in an ACL definition are also obsolete and will cause the configuration to fail to load. [GL #32] 4951. [protocol] Add "HOME.ARPA" to list of built in empty zones as per RFC 8375. [GL #273] --- 9.13.0 released --- 4950. [bug] ISC_SOCKEVENTATTR_TRUNC was not be set. [GL #238] 4949. [placeholder] 4948. [bug] When request-nsid is turned on, EDNS NSID options should be logged at level info. Since change 3741 they have been logged at debug(3) by mistake. [GL !290] 4947. [func] Replace all random functions with isc_random(), isc_random_buf() and isc_random_uniform() API. [GL #221] 4946. [bug] Additional glue was not being returned by resolver for unsigned zones since change 4596. [GL #209] 4945. [func] BIND can no longer be built without DNSSEC support. A cryptography provder (i.e., OpenSSL or a hardware service module with PKCS#11 support) must be available. [GL #244] 4944. [cleanup] Silence cppcheck portability warnings in lib/isc/tests/buffer_test.c. [GL #239] 4943. [bug] Change 4687 consumed too much memory when running system tests with --with-tuning=large. Reduced the hash table size to 512 entries for 'named -m record' restoring the previous memory footprint. [GL #248] 4942. [cleanup] Consolidate multiple instances of splitting of batchline in dig into a single function. [GL #196] 4941. [cleanup] Silence clang static analyzer warnings. [GL #196] 4940. [cleanup] Extract the loop in dns__zone_updatesigs() into separate functions to improve code readability. [GL #135] 4939. [test] Add basic unit tests for update_sigs(). [GL #135] 4938. [placeholder] 4937. [func] Remove support for OpenSSL < 1.0.0 [GL #191] 4936. [func] Always use OpenSSL or PKCS#11 random data providers, and remove the --{enable,disable}-crypto-rand configure options. [GL #165] 4935. [func] Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0 call were added). [GL #191] 4934. [security] The serve-stale feature could cause an assertion failure in rbtdb.c even when stale-answer-enable was false. Simultaneous use of stale cache records and NSEC aggressive negative caching could trigger a recursion loop. (CVE-2018-5737) [GL #185] 4933. [bug] Not creating signing keys for an inline signed zone prevented changes applied to the raw zone from being reflected in the secure zone until signing keys were made available. [GL #159] 4932. [bug] Bumped signed serial of an inline signed zone was logged even when an error occurred while updating signatures. [GL #159] 4931. [func] Removed the "rbtdb64" database implementation. [GL #217] 4930. [bug] Remove a bogus check in nslookup command line argument processing. [GL #206] 4929. [func] Add the ability to set RA and TC in queries made by dig (+[no]raflag, +[no]tcflag). [GL #213] 4928. [func] The "dnskey-sig-validity" option allows "sig-validity-interval" to be overriden for signatures covering DNSKEY RRsets. [GL #145] 4927. [placeholder] 4926. [func] Add root key sentinel support. To disable, add 'root-key-sentinel no;' to named.conf. [GL #37] 4925. [func] Several configuration options that define intervals can now take TTL value suffixes (for example, 2h or 1d) in addition to integer parameters. These include max-cache-ttl, max-ncache-ttl, max-policy-ttl, fstrm-set-reopen-interval, interface-interval, and min-update-interval. [GL #203] 4924. [cleanup] Clean up the isc_string_* namespace and leave only strlcpy and strlcat. [GL #178] 4923. [cleanup] Refactor socket and socket event options into enum types. [GL !135] 4922. [bug] dnstap: Log the destination address of client packets rather than the interface address. [GL #197] 4921. [cleanup] Add dns_fixedname_initname() and refactor the caller code to make usage of the new function, as a part of refactoring dns_fixedname_*() macros were turned into functions. [GL #183] 4920. [cleanup] Clean up libdns removing most of the backwards compatibility wrappers. 4919. [cleanup] Clean up the isc_hash_* namespace and leave only the FNV-1a hash implementation. [GL #178] 4918. [bug] Fix double free after keygen error in dnssec-keygen when OpenSSL >= 1.1.0 is used and RSA_generate_key_ex fails. [GL #109] 4917. [func] Support 64 RPZ policy zones by default. [GL #123] 4916. [func] Remove IDNA2003 support and the bundled idnkit-1.0 library. 4915. [func] Implement IDNA2008 support in dig by adding support for libidn2. New dig option +idnin has been added, which allows to process invalid domain names much like dig without IDN support. libidn2 version 2.0 or higher is needed for +idnout enabled by default. 4914. [security] A bug in zone database reference counting could lead to a crash when multiple versions of a slave zone were transferred from a master in close succession. (CVE-2018-5736) [GL #134] 4913. [test] Re-implemented older unit tests in bin/tests as ATF, removed the lib/tests unit testing library. [GL #115] 4912. [test] Improved the reliability of the 'cds' system test. [GL #136] 4911. [test] Improved the reliability of the 'mkeys' system test. [GL #128] 4910. [func] Update util/check-changes to work on release branches. [GL #113] 4909. [bug] named-checkconf did not detect in-view zone collisions. [GL #125] 4908. [test] Eliminated unnecessary waiting in the allow_query system test. Also changed its name to allow-query. [GL #81] 4907. [test] Improved the reliability of the 'notify' system test. [GL #59] 4906. [func] Replace getquad() with inet_pton(), completing change #4900. [GL #56] 4905. [bug] irs_resconf_load() ignored resolv.conf syntax errors when "domain" or "search" options were present in that file. [GL #110] 4904. [bug] Temporarily revert change #4859. [GL #124] 4903. [bug] "check-mx fail;" did not prevent MX records containing IP addresses from being added to a zone by a dynamic update. [GL #112] 4902. [test] Improved the reliability of the 'ixfr' system test. [GL #66] 4901. [func] "dig +nssearch" now lists the name servers for a domain that time out, as well as the servers that respond. [GL #64] 4900. [func] Remove all uses of inet_aton(). As a result of this change, IPv4 addresses are now only accepted in dotted-quad format. [GL #13] 4899. [test] Convert most of the remaining system tests to be able to run in parallel, continuing the work from change #4895. To take advantage of this, use "make -jN check", where N is the number of processors to use. [GL #91] 4898. [func] Remove libseccomp based system-call filtering. [GL #93] 4897. [test] Update to rpz system test so that it doesn't recurse. [GL #68] 4896. [test] cacheclean system test was not robust. [GL #82] 4895. [test] Allow some system tests to run in parallel. [RT #46602] 4894. [bug] named could crash while rolling a dnstap output file. [RT #46942] 4893. [bug] Address various issues reported by cppcheck. [GL #51] 4892. [bug] named could leak memory when "rndc reload" was invoked before all zone loading actions triggered by a previous "rndc reload" command were completed. [RT #47076] 4891. [placeholder] 4890. [func] Remove unused ondestroy callback from libisc. [isc-projects/bind9!3] 4889. [func] Warn about the use of old root keys without the new root key being present. Warn about dlv.isc.org's key being present. Warn about both managed and trusted root keys being present. [RT #43670] 4888. [test] Initialize sockets correctly in sample-update so that the nsupdate system test will run on Windows. [RT #47097] 4887. [test] Enable the rpzrecurse test to run on Windows. [RT #47093] 4886. [doc] Document dig -u in manpage. [RT #47150] 4885. [security] update-policy rules that otherwise ignore the name field now require that it be set to "." to ensure that any type list present is properly interpreted. [RT #47126] 4884. [bug] named could crash on shutdown due to a race between shutdown_server() and ns__client_request(). [RT #47120] 4883. [cleanup] Improved debugging output from dnssec-cds. [RT #47026] 4882. [bug] Address potential memory leak in dns_update_signaturesinc. [RT #47084] 4881. [bug] Only include dst_openssl.h when OpenSSL is required. [RT #47068] 4880. [bug] Named wasn't returning the target of a cross-zone CNAME between two served zones when recursion was desired and available (RD=1, RA=1). (When this is not the case, the CNAME target is deliberately withheld to prevent accidental cache poisoning.) [RT #47078] 4879. [bug] dns_rdata_caa:value_len field was too small. [RT #47086] 4878. [bug] List 'ply' as a requirement for the 'isc' python package. [RT #47065] 4877. [bug] Address integer overflow when exponentially backing off retry intervals. [RT #47041] 4876. [bug] Address deadlock with accessing a keytable. [RT #47000] 4875. [bug] Address compile failures on older systems. [RT #47015] 4874. [bug] Wrong time display when reporting new keywarntime. [RT #47042] 4873. [doc] Grammars for named.conf included in the ARM are now automatically generated by the configuration parser itself. As a side effect of the work needed to separate zone type grammars from each other, this also makes checking of zone statements in named-checkconf more correct and consistent. [RT #36957] 4872. [bug] Don't permit loading meta RR types such as TKEY from master files. [RT #47009] 4871. [bug] Fix configure glitch in detecting stdatomic.h support on systems with multiple compilers. [RT #46959] 4870. [test] Update included ATF library to atf-0.21 preserving the ATF tool. [RT #46967] 4869. [bug] Address some cases where NULL with zero length could be passed to memmove which is undefined behavior and can lead to bad optimization. [RT #46888] 4868. [func] dnssec-keygen can no longer generate HMAC keys. Use tsig-keygen instead. [RT #46404] 4867. [cleanup] Normalize rndc on/off commands (validation, querylog, serve-stale) so they all accept the same synonyms for on/off (yes/no, true/false, enable/disable). Thanks to Tony Finch. [RT #47022] 4866. [port] DST library initialization verifies MD5 (when MD5 was not disabled) and SHA-1 hash and HMAC support. [RT #46764] 4865. [cleanup] Simplify handling isc_socket_sendto2() return values. [RT #46986] 4864. [bug] named acting as a slave for a catalog zone crashed if the latter contained a master definition without an IP address. [RT #45999] 4863. [bug] Fix various other bugs reported by Valgrind's memcheck tool. [RT #46978] 4862. [bug] The rdata flags for RRSIG were not being properly set when constructing a rdataslab. [RT #46978] 4861. [bug] The isc_crc64 unit test was not endian independent. [RT #46973] 4860. [bug] isc_int8_t should be signed char. [RT #46973] 4859. [bug] A loop was possible when attempting to validate unsigned CNAME responses from secure zones; this caused a delay in returning SERVFAIL and also increased the chances of encountering CVE-2017-3145. [RT #46839] 4858. [security] Addresses could be referenced after being freed in resolver.c, causing an assertion failure. (CVE-2017-3145) [RT #46839] 4857. [bug] Maintain attach/detach semantics for event->db, event->node, event->rdataset and event->sigrdataset in query.c. [RT #46891] 4856. [bug] 'rndc zonestatus' reported the wrong underlying type for a inline slave zone. [RT #46875] 4855. [bug] isc_time_formatshorttimestamp produced incorrect output. [RT #46938] 4854. [bug] query_synthcnamewildcard should stop generating the response if query_synthwildcard fails. [RT #46939] 4853. [bug] Add REQUIRE's and INSIST's to isc_time_formatISO8601L and isc_time_formatISO8601Lms. [RT #46916] 4852. [bug] Handle strftime() failing in isc_time_formatISO8601ms. Add REQUIRE's and INSIST's to isc_time_formattimestamp, isc_time_formathttptimestamp, isc_time_formatISO8601, isc_time_formatISO8601ms. [RT #46892] 4851. [port] Support using kyua as well as atf-run to run the unit tests. [RT #46853] 4850. [bug] Named failed to restart with multiple added zones in lmdb database. [RT #46889] 4849. [bug] Duplicate zones could appear in the .nzf file if addzone failed. [RT #46435] 4848. [func] Zone types "primary" and "secondary" can now be used as synonyms for "master" and "slave" in named.conf. [RT #46713] 4847. [bug] dnssec-dnskey-kskonly was not being honored for CDS and CDNSKEY. [RT #46755] 4846. [test] Adjust timing values in runtime system test. Address named.pid removal races in runtime system test. [RT #46800] 4845. [bug] Dig (non iOS) should exit on malformed names. [RT #46806] 4844. [test] Address memory leaks in libatf-c. [RT #46798] 4843. [bug] dnssec-signzone free hashlist on exit. [RT #46791] 4842. [bug] Conditionally compile opensslecdsa_link.c to avoid warnings about unused function. [RT #46790]
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 9, 2019
…ch 2019). --- 9.13.5-W1 released --- 5113. [port] Fixed a Windows build error. --- 9.13.5 released --- 5108. [bug] Named could fail to determine bottom of zone when removing out of date keys leading to invalid NSEC and NSEC3 records being added to the zone. [GL #771] 5107. [bug] 'host -U' did not work. [GL #769] 5106. [experimental] A new "plugin" mechanism has been added to allow extension of query processing functionality through the use of dynamically loadable libraries. A "filter-aaaa.so" plugin has been implemented, replacing the filter-aaaa feature that was formerly implemented as a native part of BIND. The "filter-aaaa", "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options can no longer be configured using native named.conf syntax. However, loading the filter-aaaa.so plugin and setting its parameters provides identical functionality. Note that the plugin API is a work in progress and is likely to evolve as further plugins are implemented. [GL #15] 5105. [bug] Fix a race between process_fd and socketclose in unix socket code. [GL #744] 5104. [cleanup] Log clearer informational message when a catz zone is overridden by a zone in named.conf. Thanks to Tony Finch. [GL !1157] 5103. [bug] Add missing design by contract tests to dns_catz*. [GL #748] 5102. [bug] dnssec-coverage failed to use the default TTL when checking KSK deletion times leading to a exception. [GL #585] 5101. [bug] Fix default installation path for Python modules and remove the dnspython dependency accidentally introduced by change 4970. [GL #730] 5100. [func] Pin resolver tasks to specific task queues. [GL !1117] 5099. [func] Failed mutex and conditional creations are always fatal. [GL #674] --- 9.13.4 released --- 5098. [func] Failed memory allocations are now fatal. [GL #674] 5097. [cleanup] Remove embedded ATF unit testing framework from BIND source distribution. [GL !875] 5096. [func] Use multiple event loops in socket code, and make network threads CPU-affinitive. This significantly improves performance on large systems. [GL #666] 5095. [test] Converted all unit tests from ATF to CMocka; removed the source code for the ATF libraries. Build with "configure --with-cmocka" to enable unit testing. [GL #620] 5094. [func] Add 'dig -r' to disable reading of .digrc. [GL !970] 5093. [bug] Log lame qname-minimization servers only if they're really lame. [GL #671] 5092. [bug] Address memory leak on SIGTERM in nsupdate when using GSS-TSIG. [GL #558] 5091. [func] Two new global and per-view options min-cache-ttl and min-ncache-ttl [GL #613] 5090. [bug] dig and mdig failed to properly preparse dash value pairs when value was a seperate argument and started with a dash. [GL #584] 5089. [bug] Restore localhost fallback in dig and host which is used when no nameserver addresses present in /etc/resolv.conf are usable due to the requested address family restrictions. [GL #433] 5088. [bug] dig/host/nslookup could crash when interrupted close to a query timeout. [GL #599] 5087. [test] Check that result tables are complete. [GL #676] 5086. [func] Log of RPZ now includes the QTYPE and QCLASS. [GL #623] 5085. [bug] win32: Restore looking up nameservers, search list, etc. [GL #186] 5084. [placeholder] 5083. [func] Add autoconf macro AX_POSIX_SHELL, so we can use POSIX-compatible shell features in the scripts. 5082. [bug] Fixed a race that could cause a crash in dig/host/nslookup. [GL #650] 5081. [func] Use per-worker queues in task manager, make task runners CPU-affine. [GL #659] 5080. [func] Improvements to "rndc nta" user interface: - catch and report invalid command line options - when removing an NTA from all views, do not abort with an error if the NTA was not found in one of the views - include the view name in "rndc nta -dump" output, for consistency with the add and remove actions Thanks to Tony Finch. [GL !816] 5079. [func] Disable IDN processing in dig and nslookup when not on a tty. [GL #653] 5078. [cleanup] Require python components to be explicitly disabled if python is not available on unix platforms. [GL #601] 5077. [cleanup] Remove ip6.int support (-i) from dig and mdig. [GL !969] 5076. [bug] "require-server-cookie" was not effective if "rate-limit" was configured. [GL #617] 5075. [bug] Refresh nameservers from cache when sending final query in qname minimization. [GL #16] 5074. [cleanup] Remove vector socket functions - isc_socket_recvv(), isc_socket_sendtov(), isc_socket_sendtov2(), isc_socket_sendv() - in order to simplify socket code. [GL #645] 5073. [bug] Destroy a task first when destroying rpzs and catzs. [GL #84] 5072. [bug] Add unit tests for isc_buffer_copyregion() and fix its behavior for auto-reallocated buffers. [GL #644] 5071. [bug] Comparision of NXT records was broken. [GL #631] 5070. [bug] Record types which support a empty rdata field were not handling the empty rdata field case. [GL #638] 5069. [bug] Fix a hang on in RPZ when named is shutdown during RPZ zone update. [GL !907] 5068. [bug] Fix a race in RPZ with min-update-interval set to 0. [GL #643] 5067. [bug] Don't minimize qname when sending the query to a forwarder. [GL #361] 5066. [cleanup] Allow unquoted strings to be used as a zone names in response-policy statements. [GL #641] 5065. [bug] Only set IPV6_USE_MIN_MTU on IPv6. [GL #553] 5064. [test] Initalize TZ environment variable before calling dns_test_begin in dnstap_test. [GL #624] 5063. [test] In statschannel test try a few times before failing when checking if the compressed output is the same as uncompressed. [GL !909] 5062. [func] Use non-crypto-secure PRNG to generate nonces for cookies. [GL !887] 5061. [protocol] Add support for EID and NIMLOC. [GL #626] 5060. [bug] GID, UID and UINFO could not be loaded using unknown record format. [GL #627] 5059. [bug] Display a per-view list of zones in the web interface. [GL #427] 5058. [func] Replace old message digest and hmac APIs with more generic isc_md and isc_hmac APIs, and convert their respective tests to cmocka. [GL #305] 5057. [protocol] Add support for ATMA. [GL #619] 5056. [placeholder] 5055. [func] A default list of primary servers for the root zone is now built into named, allowing the "masters" statement to be omitted when configuring an IANA root zone mirror. [GL #564] 5054. [func] Attempts to use mirror zones with recursion disabled are now considered a configuration error. [GL #564] 5053. [func] The only valid zone-level NOTIFY settings for mirror zones are now "notify no;" and "notify explicit;". [GL #564] 5052. [func] Mirror zones are now configured using "type mirror;" rather than "mirror yes;". [GL #564] 5051. [doc] Documentation incorrectly stated that the "server-addresses" static-stub zone option accepts custom port numbers. [GL #582] 5050. [bug] The libirs version of getaddrinfo() was unable to parse scoped IPv6 addresses present in /etc/resolv.conf. [GL #187] 5049. [cleanup] QNAME minimization has been deeply refactored. [GL #16] 5048. [func] Add configure option to enable and enforce FIPS mode in BIND 9. [GL #506] 5047. [bug] Messages logged for certain query processing failures now include a more specific error description if it is available. [GL #572] 5046. [bug] named could crash during shutdown if an RPZ reload was in progress. [RT #46210] 5045. [func] Remove support for DNSSEC algorithms 3 (DSA) and 6 (DSA-NSEC3-SHA1). [GL #22] 5044. [cleanup] If "dnssec-enable" is no, then "dnssec-validation" now also defaults to no. [GL #388] 5043. [bug] Fix creating and validating EdDSA signatures. [GL #579] 5042. [test] Make the chained delegations in reclimit behave like they would in a regular name server. [GL #578] 5041. [test] The chain test contains a incomplete delegation. [GL #568] 5040. [func] Extended dnstap so that it can log UPDATE requests and responses as separate message types. Thanks to Greg Rabil. [GL #570] 5039. [bug] Named could fail to preserve owner name case of new RRset. [GL #420] 5038. [bug] Chaosnet addresses were compared incorrectly. [GL #562] 5037. [func] "allow-recursion-on" and "allow-query-cache-on" each now default to the other if only one of them is set, in order to be more consistent with the way "allow-recursion" and "allow-query-cache" work. Also we now ensure that both query-cache ACLs are checked when determining cache access. [GL #319] 5036. [cleanup] Fixed a spacing/formatting error in some RPZ-related error messages in the log. [GL !805] 5035. [test] Fixed errors that prevented the DNSRPS subtests from running in the rpz and rpzrecurse system tests. [GL #503] 5034. [bug] A race between threads could prevent zone maintenance scheduled immediately after zone load from being performed. [GL #542] 5033. [bug] When adding NTAs to multiple views using "rndc nta", the text returned via rndc was incorrectly terminated after the first line, making it look as if only one NTA had been added. Also, it was not possible to differentiate between views with the same name but different classes; this has been corrected with the addition of a "-class" option. [GL #105] 5032. [func] Add krb5-selfsub and ms-selfsub update policy rules. [GL #511] 5031. [cleanup] Various defines in platform.h has been either dropped if always or never triggered on supported platforms or replaced with config.h equivalents if the defines didn't have any impact on public headers. Workarounds for LinuxThreads have been removed because NPTL is available since Linux kernel 2.6.0. [GL #525] 5030. [bug] Align CMSG buffers to a 64-bit boundary, fixes crash on architectures with strict alignment. [GL #521] --- 9.13.3 released --- 5029. [func] Workarounds for servers that misbehave when queried with EDNS have been removed, because these broken servers and the workarounds for their noncompliance cause unnecessary delays, increase code complexity, and prevent deployment of new DNS features. See https://dnsflagday.net for further details. [GL #150] 5028. [bug] Spread the initial RRSIG expiration times over the entire working sig-validity-interval when signing a zone in named to even out re-signing and transfer loads. [GL #418] 5027. [func] Set SO_SNDBUF size on sockets. [GL #74] 5026. [bug] rndc reconfig should not touch already loaded zones. [GL #276] 5025. [cleanup] Remove isc_keyboard family of functions. [GL #178] 5024. [func] Replace custom assembly for atomic operations with atomic support from the compiler. The code will now use C11 stdatomic, or __atomic, or __sync builtins with GCC or Clang compilers, and Interlocked functions with MSVC. [GL #10] 5023. [cleanup] Remove wrappers that try to fix broken or incomplete implementations of IPv6, pthreads and other core functionality required and used by BIND. [GL #192] 5022. [doc] Update ms-self, ms-subdomain, krb5-self, and krb5-subdomain documentation. [GL !708] 5021. [bug] dig returned a non-zero exit code when it received a reply over TCP after a retry. [GL #487] 5020. [func] RNG uses thread-local storage instead of locks, if supported by platform. [GL #496] 5019. [cleanup] A message is now logged when ixfr-from-differences is set at zone level for an inline-signed zone. [GL #470] 5018. [bug] Fix incorrect sizeof arguments in lib/isc/pk11.c. [GL !588] 5017. [bug] lib/isc/pk11.c failed to unlink the session before releasing the lock which is unsafe. [GL !589] 5016. [bug] Named could assert with overlapping filter-aaaa and dns64 acls. [GL #445] 5015. [bug] Reloading all zones caused zone maintenance to cease for inline-signed zones. [GL #435] 5014. [bug] Signatures loaded from the journal for the signed version of an inline-signed zone were not scheduled for refresh. [GL #482] 5013. [bug] A referral response with a non-empty ANSWER section was inadvertently being treated as an error. [GL #390] 5012. [bug] Fix lock order reversal in pk11_initialize. [GL !590] 5011. [func] Remove support for unthreaded named. [GL #478] 5010. [func] New "validate-except" option specifies a list of domains beneath which DNSSEC validation should not be performed. [GL #237] 5009. [bug] Upon an OpenSSL failure, the first error in the OpenSSL error queue was not logged. [GL #476] 5008. [bug] "rndc signing -nsec3param ..." requests were silently ignored for zones which were not yet loaded or transferred. [GL #468] 5007. [cleanup] Replace custom ISC boolean and integer data types with C99 stdint.h and stdbool.h types. [GL #9] 5006. [cleanup] Code preparing a delegation response was extracted from query_delegation() and query_zone_delegation() into a separate function in order to decrease code duplication. [GL #431] 5005. [bug] dnssec-verify, and dnssec-signzone at the verification step, failed on some validly signed zones. [GL #442] 5004. [bug] 'rndc reconfig' could cause inline zones to stop re-signing. [GL #439] 5003. [bug] dns_acl_isinsecure did not handle geoip elements. [GL #406] 5002. [bug] mdig: Handle malformed +ednsopt option, support 100 +ednsopt options per query rather than 100 total and address memory leaks if +ednsopt was specified. [GL #410] 5001. [bug] Fix refcount errors on error paths. [GL !563] 5000. [bug] named_server_servestale() could leave the server in exclusive mode if an error occured. [GL #441] 4999. [cleanup] Remove custom printf implementation in lib/isc/print.c. [GL #261] 4998. [test] Make resolver and cacheclean tests more civilized. 4997. [security] named could crash during recursive processing of DNAME records when "deny-answer-aliases" was in use. (CVE-2018-5740) [GL #387] 4996. [bug] dig: Handle malformed +ednsopt option. [GL #403] 4995. [test] Add tests for "tcp-self" update policy. [GL !282] 4994. [bug] Trust anchor telemetry queries were not being sent upstream for locally served zones. [GL #392] 4993. [cleanup] Remove support for silently ignoring 'no-change' deltas from BIND 8 when processing an IXFR stream. 'no-change' deltas will now trigger a fallback to AXFR as the recovery mechanism. [GL #369] 4992. [bug] The wrong address was being logged for trust anchor telemetry queries. [GL #379] 4991. [bug] "rndc reconfig" was incorrectly handling zones whose "mirror" setting was changed. [GL #381] 4990. [bug] Prevent a possible NULL reference in pkcs11-keygen. [GL #401] 4989. [cleanup] IDN support in dig has been reworked. IDNA2003 fallbacks were removed in the process. [GL #384] 4988. [bug] Don't synthesize NXDOMAIN from NSEC for records under a DNAME. --- 9.13.2 released --- 4987. [cleanup] dns_rdataslab_tordataset() and its related dns_rdatasetmethods_t callbacks were removed as they were not being used by anything in BIND. [GL #371] 4986. [func] When built on Linux, BIND now requires the libcap library to set process privileges, unless capability support is explicitly overridden with "configure --disable-linux-caps". [GL #321] 4985. [func] Add a new slave zone option, "mirror", to enable serving a non-authoritative copy of a zone that is subject to DNSSEC validation before being used. For now, this option is only meant to facilitate deployment of an RFC 7706-style local copy of the root zone. [GL #33] 4984. [bug] Improve handling of very large incremental zone transfers to prevent journal corruption. [GL #339] 4983. [func] Add the ability to not return a DNS COOKIE option when one is present in the request (answer-cookie no;). [GL #173] 4982. [cleanup] Return FORMERR if the question section is empty and no COOKIE option is present; this restores older behavior except in the newly specified COOKIE case. [GL #260] 4981. [bug] Fix race in cmsg buffer usage in socket code. [GL #180] 4980. [bug] Named-checkconf failed to detect bad in-view targets. [GL #288] 4979. [placeholder] 4978. [test] Fix error handling and resolver configuration in the "rpz" system test. [GL #312] 4977. [func] When starting up, log the same details that would be reported by 'named -V'. [GL #247] 4976. [bug] Log the label with invalid prefix length correctly when loading RPZ zones. [GL #254] 4975. [bug] The server cookie computation for sha1 and sha256 did not match the method described in RFC 7873. [GL #356] 4974. [bug] Restore default rrset-order to random. [GL #336] 4973. [func] verifyzone() and the functions it uses were moved to libdns and refactored to prevent exit() from being called upon failure. A side effect of that is that dnssec-signzone and dnssec-verify now check for memory leaks upon shutdown. [GL #266] 4972. [func] Declare the 'rdata' argument for dns_rdata_tostruct() to be const. [GL #341] 4971. [bug] dnssec-signzone and dnssec-verify did not treat records below a DNAME as out-of-zone data. [GL #298] 4970. [func] Add QNAME minimization option to resolver. [GL #16] 4969. [cleanup] Refactor zone logging functions. [GL #269] --- 9.13.1 released --- 4968. [bug] If glue records are signed, attempt to validate them. [GL #209] 4967. [cleanup] Add "answer-cookie" to the parser, marked obsolete. 4966. [placeholder] 4965. [func] Add support for marking options as deprecated. [GL #322] 4964. [bug] Reduce the probabilty of double signature when deleting a DNSKEY by checking if the node is otherwise signed by the algorithm of the key to be deleted. [GL #240] 4963. [test] ifconfig.sh now uses "ip" instead of "ifconfig", if available, to configure the test interfaces on linux. [GL #302] 4962. [cleanup] Move 'named -T' processing to its own function. [GL #316] 4961. [protocol] Remove support for ECC-GOST (GOST R 34.11-94). [GL #295] 4960. [security] When recursion is enabled, but the "allow-recursion" and "allow-query-cache" ACLs are not specified, they should be limited to local networks, but were inadvertently set to match the default "allow-query", thus allowing remote queries. (CVE-2018-5738) [GL #309] 4959. [func] NSID logging (enabled by the "request-nsid" option) now has its own "nsid" category, instead of using the "resolver" category. [GL !332] 4958. [bug] Remove redundant space from NSEC3 record. [GL #281] 4957. [func] The default setting for "dnssec-validation" is now "auto", which activates DNSSEC validation using the IANA root key. (The default can be changed back to "yes", which activates DNSSEC validation only when keys are explicitly configured in named.conf, by building BIND with "configure --disable-auto-validation".) [GL #30] 4956. [func] Change isc_random() to be just PRNG using xoshiro128**, and add isc_nonce_buf() that uses CSPRNG. [GL #289] 4955. [cleanup] Silence cppcheck warnings in lib/dns/master.c. [GL #286] 4954. [func] Messages about serving of stale answers are now directed to the "serve-stale" logging category. Also clarified serve-stale documentation. [GL !323] 4953. [bug] Removed the option to build the red black tree database without a hash table; the non-hashing version was buggy and is not needed. [GL #184] 4952. [func] Authoritative server support in named for the EDNS CLIENT-SUBNET option (which was experimental and not practical to deploy) has been removed. The ECS option is still supported in dig and mdig via the +subnet option, and can be parsed and logged when received by named, but it is no longer used for ACL processing. The "geoip-use-ecs" option is now obsolete; a warning will be logged if it is used in named.conf. "ecs" tags in an ACL definition are also obsolete and will cause the configuration to fail to load. [GL #32] 4951. [protocol] Add "HOME.ARPA" to list of built in empty zones as per RFC 8375. [GL #273] --- 9.13.0 released --- 4950. [bug] ISC_SOCKEVENTATTR_TRUNC was not be set. [GL #238] 4949. [placeholder] 4948. [bug] When request-nsid is turned on, EDNS NSID options should be logged at level info. Since change 3741 they have been logged at debug(3) by mistake. [GL !290] 4947. [func] Replace all random functions with isc_random(), isc_random_buf() and isc_random_uniform() API. [GL #221] 4946. [bug] Additional glue was not being returned by resolver for unsigned zones since change 4596. [GL #209] 4945. [func] BIND can no longer be built without DNSSEC support. A cryptography provder (i.e., OpenSSL or a hardware service module with PKCS#11 support) must be available. [GL #244] 4944. [cleanup] Silence cppcheck portability warnings in lib/isc/tests/buffer_test.c. [GL #239] 4943. [bug] Change 4687 consumed too much memory when running system tests with --with-tuning=large. Reduced the hash table size to 512 entries for 'named -m record' restoring the previous memory footprint. [GL #248] 4942. [cleanup] Consolidate multiple instances of splitting of batchline in dig into a single function. [GL #196] 4941. [cleanup] Silence clang static analyzer warnings. [GL #196] 4940. [cleanup] Extract the loop in dns__zone_updatesigs() into separate functions to improve code readability. [GL #135] 4939. [test] Add basic unit tests for update_sigs(). [GL #135] 4938. [placeholder] 4937. [func] Remove support for OpenSSL < 1.0.0 [GL #191] 4936. [func] Always use OpenSSL or PKCS#11 random data providers, and remove the --{enable,disable}-crypto-rand configure options. [GL #165] 4935. [func] Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0 call were added). [GL #191] 4934. [security] The serve-stale feature could cause an assertion failure in rbtdb.c even when stale-answer-enable was false. Simultaneous use of stale cache records and NSEC aggressive negative caching could trigger a recursion loop. (CVE-2018-5737) [GL #185] 4933. [bug] Not creating signing keys for an inline signed zone prevented changes applied to the raw zone from being reflected in the secure zone until signing keys were made available. [GL #159] 4932. [bug] Bumped signed serial of an inline signed zone was logged even when an error occurred while updating signatures. [GL #159] 4931. [func] Removed the "rbtdb64" database implementation. [GL #217] 4930. [bug] Remove a bogus check in nslookup command line argument processing. [GL #206] 4929. [func] Add the ability to set RA and TC in queries made by dig (+[no]raflag, +[no]tcflag). [GL #213] 4928. [func] The "dnskey-sig-validity" option allows "sig-validity-interval" to be overriden for signatures covering DNSKEY RRsets. [GL #145] 4927. [placeholder] 4926. [func] Add root key sentinel support. To disable, add 'root-key-sentinel no;' to named.conf. [GL #37] 4925. [func] Several configuration options that define intervals can now take TTL value suffixes (for example, 2h or 1d) in addition to integer parameters. These include max-cache-ttl, max-ncache-ttl, max-policy-ttl, fstrm-set-reopen-interval, interface-interval, and min-update-interval. [GL #203] 4924. [cleanup] Clean up the isc_string_* namespace and leave only strlcpy and strlcat. [GL #178] 4923. [cleanup] Refactor socket and socket event options into enum types. [GL !135] 4922. [bug] dnstap: Log the destination address of client packets rather than the interface address. [GL #197] 4921. [cleanup] Add dns_fixedname_initname() and refactor the caller code to make usage of the new function, as a part of refactoring dns_fixedname_*() macros were turned into functions. [GL #183] 4920. [cleanup] Clean up libdns removing most of the backwards compatibility wrappers. 4919. [cleanup] Clean up the isc_hash_* namespace and leave only the FNV-1a hash implementation. [GL #178] 4918. [bug] Fix double free after keygen error in dnssec-keygen when OpenSSL >= 1.1.0 is used and RSA_generate_key_ex fails. [GL #109] 4917. [func] Support 64 RPZ policy zones by default. [GL #123] 4916. [func] Remove IDNA2003 support and the bundled idnkit-1.0 library. 4915. [func] Implement IDNA2008 support in dig by adding support for libidn2. New dig option +idnin has been added, which allows to process invalid domain names much like dig without IDN support. libidn2 version 2.0 or higher is needed for +idnout enabled by default. 4914. [security] A bug in zone database reference counting could lead to a crash when multiple versions of a slave zone were transferred from a master in close succession. (CVE-2018-5736) [GL #134] 4913. [test] Re-implemented older unit tests in bin/tests as ATF, removed the lib/tests unit testing library. [GL #115] 4912. [test] Improved the reliability of the 'cds' system test. [GL #136] 4911. [test] Improved the reliability of the 'mkeys' system test. [GL #128] 4910. [func] Update util/check-changes to work on release branches. [GL #113] 4909. [bug] named-checkconf did not detect in-view zone collisions. [GL #125] 4908. [test] Eliminated unnecessary waiting in the allow_query system test. Also changed its name to allow-query. [GL #81] 4907. [test] Improved the reliability of the 'notify' system test. [GL #59] 4906. [func] Replace getquad() with inet_pton(), completing change #4900. [GL #56] 4905. [bug] irs_resconf_load() ignored resolv.conf syntax errors when "domain" or "search" options were present in that file. [GL #110] 4904. [bug] Temporarily revert change #4859. [GL #124] 4903. [bug] "check-mx fail;" did not prevent MX records containing IP addresses from being added to a zone by a dynamic update. [GL #112] 4902. [test] Improved the reliability of the 'ixfr' system test. [GL #66] 4901. [func] "dig +nssearch" now lists the name servers for a domain that time out, as well as the servers that respond. [GL #64] 4900. [func] Remove all uses of inet_aton(). As a result of this change, IPv4 addresses are now only accepted in dotted-quad format. [GL #13] 4899. [test] Convert most of the remaining system tests to be able to run in parallel, continuing the work from change #4895. To take advantage of this, use "make -jN check", where N is the number of processors to use. [GL #91] 4898. [func] Remove libseccomp based system-call filtering. [GL #93] 4897. [test] Update to rpz system test so that it doesn't recurse. [GL #68] 4896. [test] cacheclean system test was not robust. [GL #82] 4895. [test] Allow some system tests to run in parallel. [RT #46602] 4894. [bug] named could crash while rolling a dnstap output file. [RT #46942] 4893. [bug] Address various issues reported by cppcheck. [GL #51] 4892. [bug] named could leak memory when "rndc reload" was invoked before all zone loading actions triggered by a previous "rndc reload" command were completed. [RT #47076] 4891. [placeholder] 4890. [func] Remove unused ondestroy callback from libisc. [isc-projects/bind9!3] 4889. [func] Warn about the use of old root keys without the new root key being present. Warn about dlv.isc.org's key being present. Warn about both managed and trusted root keys being present. [RT #43670] 4888. [test] Initialize sockets correctly in sample-update so that the nsupdate system test will run on Windows. [RT #47097] 4887. [test] Enable the rpzrecurse test to run on Windows. [RT #47093] 4886. [doc] Document dig -u in manpage. [RT #47150] 4885. [security] update-policy rules that otherwise ignore the name field now require that it be set to "." to ensure that any type list present is properly interpreted. [RT #47126] 4884. [bug] named could crash on shutdown due to a race between shutdown_server() and ns__client_request(). [RT #47120] 4883. [cleanup] Improved debugging output from dnssec-cds. [RT #47026] 4882. [bug] Address potential memory leak in dns_update_signaturesinc. [RT #47084] 4881. [bug] Only include dst_openssl.h when OpenSSL is required. [RT #47068] 4880. [bug] Named wasn't returning the target of a cross-zone CNAME between two served zones when recursion was desired and available (RD=1, RA=1). (When this is not the case, the CNAME target is deliberately withheld to prevent accidental cache poisoning.) [RT #47078] 4879. [bug] dns_rdata_caa:value_len field was too small. [RT #47086] 4878. [bug] List 'ply' as a requirement for the 'isc' python package. [RT #47065] 4877. [bug] Address integer overflow when exponentially backing off retry intervals. [RT #47041] 4876. [bug] Address deadlock with accessing a keytable. [RT #47000] 4875. [bug] Address compile failures on older systems. [RT #47015] 4874. [bug] Wrong time display when reporting new keywarntime. [RT #47042] 4873. [doc] Grammars for named.conf included in the ARM are now automatically generated by the configuration parser itself. As a side effect of the work needed to separate zone type grammars from each other, this also makes checking of zone statements in named-checkconf more correct and consistent. [RT #36957] 4872. [bug] Don't permit loading meta RR types such as TKEY from master files. [RT #47009] 4871. [bug] Fix configure glitch in detecting stdatomic.h support on systems with multiple compilers. [RT #46959] 4870. [test] Update included ATF library to atf-0.21 preserving the ATF tool. [RT #46967] 4869. [bug] Address some cases where NULL with zero length could be passed to memmove which is undefined behavior and can lead to bad optimization. [RT #46888] 4868. [func] dnssec-keygen can no longer generate HMAC keys. Use tsig-keygen instead. [RT #46404] 4867. [cleanup] Normalize rndc on/off commands (validation, querylog, serve-stale) so they all accept the same synonyms for on/off (yes/no, true/false, enable/disable). Thanks to Tony Finch. [RT #47022] 4866. [port] DST library initialization verifies MD5 (when MD5 was not disabled) and SHA-1 hash and HMAC support. [RT #46764] 4865. [cleanup] Simplify handling isc_socket_sendto2() return values. [RT #46986] 4864. [bug] named acting as a slave for a catalog zone crashed if the latter contained a master definition without an IP address. [RT #45999] 4863. [bug] Fix various other bugs reported by Valgrind's memcheck tool. [RT #46978] 4862. [bug] The rdata flags for RRSIG were not being properly set when constructing a rdataslab. [RT #46978] 4861. [bug] The isc_crc64 unit test was not endian independent. [RT #46973] 4860. [bug] isc_int8_t should be signed char. [RT #46973] 4859. [bug] A loop was possible when attempting to validate unsigned CNAME responses from secure zones; this caused a delay in returning SERVFAIL and also increased the chances of encountering CVE-2017-3145. [RT #46839] 4858. [security] Addresses could be referenced after being freed in resolver.c, causing an assertion failure. (CVE-2017-3145) [RT #46839] 4857. [bug] Maintain attach/detach semantics for event->db, event->node, event->rdataset and event->sigrdataset in query.c. [RT #46891] 4856. [bug] 'rndc zonestatus' reported the wrong underlying type for a inline slave zone. [RT #46875] 4855. [bug] isc_time_formatshorttimestamp produced incorrect output. [RT #46938] 4854. [bug] query_synthcnamewildcard should stop generating the response if query_synthwildcard fails. [RT #46939] 4853. [bug] Add REQUIRE's and INSIST's to isc_time_formatISO8601L and isc_time_formatISO8601Lms. [RT #46916] 4852. [bug] Handle strftime() failing in isc_time_formatISO8601ms. Add REQUIRE's and INSIST's to isc_time_formattimestamp, isc_time_formathttptimestamp, isc_time_formatISO8601, isc_time_formatISO8601ms. [RT #46892] 4851. [port] Support using kyua as well as atf-run to run the unit tests. [RT #46853] 4850. [bug] Named failed to restart with multiple added zones in lmdb database. [RT #46889] 4849. [bug] Duplicate zones could appear in the .nzf file if addzone failed. [RT #46435] 4848. [func] Zone types "primary" and "secondary" can now be used as synonyms for "master" and "slave" in named.conf. [RT #46713] 4847. [bug] dnssec-dnskey-kskonly was not being honored for CDS and CDNSKEY. [RT #46755] 4846. [test] Adjust timing values in runtime system test. Address named.pid removal races in runtime system test. [RT #46800] 4845. [bug] Dig (non iOS) should exit on malformed names. [RT #46806] 4844. [test] Address memory leaks in libatf-c. [RT #46798] 4843. [bug] dnssec-signzone free hashlist on exit. [RT #46791] 4842. [bug] Conditionally compile opensslecdsa_link.c to avoid warnings about unused function. [RT #46790]
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 26, 2019
1 March 2019: Wouter - output forwarder log in ssl_req_order test. 28 February 2019: Wouter - Remove memory leak on pythonmod python2 script file init. - Remove swig gcc8 python function cast warnings, they are ignored. - Print correct module that failed when module-config is wrong. 27 February 2019: Wouter - Fix #4229: Unbound man pages lack information, about access-control order and local zone tags, and elements in views. - Fix #14: contrib/unbound.init: Fix wrong comparison judgment before copying. - Fix for python module on Windows, fix fopen. 25 February 2019: Wouter - Fix #4227: pair event del and add for libevent for tcp_req_info. 21 February 2019: Wouter - Fix the error for unknown module in module-config is understandable, and explains it was not compiled in and where to see the list. - In example.conf explain where to put cachedb module in module-config. - In man page and example config explain that most modules have to be listed at the start of module-config. 20 February 2019: Wouter - Fix pythonmod include and sockaddr_un ifdefs for compile on Windows, and for libunbound. 18 February 2019: Wouter - Print query name with ip_ratelimit exceeded log lines. - Spaces instead of tabs in that log message. - Print query name and IP address when domain rate limit exceeded. 14 February 2019: Wouter - Fix capsforid canonical sort qsort callback. 11 February 2019: Wouter - Note default for module-config in man page. - Fix recursion lame test for qname minimisation asked queries, that were not present in the set of prepared answers. - Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for cert name matching, from man page. - make depend, with newer gcc, nicer layout. 7 February 2019: Wouter - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2. - Fix that qname minimisation does not skip a label when missing nameserver targets need to be fetched. - Fix #4225: clients seem to erroneously receive no answer with DNS-over-TLS and qname-minimisation. 4 February 2019: Wouter - Fix that log-replies prints the correct name for local-alias names, for names that have a CNAME in local-data configuration. It logs the original query name, not the target of the CNAME. - Add local-zone type inform_redirect, which logs like type inform, and redirects like type redirect. - Perform canonical sort for 0x20 capsforid compare of replies, this sorts rrsets in the authority and additional section before comparison, so that out of order rrsets do not cause failure. 31 January 2019: Wouter - Set ub_ctx_set_tls call signature in ltrace config file for libunbound in contrib/libunbound.so.conf. - improve documentation for tls-service-key and forward-first. - #10: fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of conditional section, fixes systemd builds, from Enrico Scholz. - #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks, still supports the set_id_callback previous API. And for 1.1.0 no locking callbacks are needed. - #8: Fix OpenSSL without ENGINE support compilation. - Wipe TLS session key data from memory on exit. 30 January 2019: Ralph - Fix case in which query timeout can result in marking delegation as edns_lame_known. 29 January 2019: Wouter - Fix spelling of tls-ciphers in example.conf.in. - Fix #4224: auth_xfr_notify.rpl test broken due to typo - Fix locking for libunbound context setup with broken port config. 28 January 2019: Wouter - ub_ctx_set_tls call for libunbound that enables DoT for the machines set with ub_ctx_set_fwd. Patch from Florian Obser. - Set build system for added call in the libunbound API. - List example config for root zone copy locally hosted with auth-zone as suggested from draft-ietf-dnsop-7706-bis-02. But with updated B root address. - set version to 1.9.0 for release. And this was released with the spelling for tls-ciphers fix as 1.9.0 on Feb 5. Trunk has 1.9.1 in development. 25 January 2019: Wouter - Fix that tcp for auth zone and outgoing does not remove and then gets the ssl read again applied to the deleted commpoint. - updated contrib/fastrpz.patch to cleanly diff. - no lock when threads disabled in tcp request buffer count. - remove compile warnings from libnettle compile. - output of newer lex 2.6.1 and bison 3.0.5. 24 January 2019: Wouter - Newer aclocal and libtoolize used for generating configure scripts, aclocal 1.16.1 and libtoolize 2.4.6. - Fix unit test for python 3.7 new keyword 'async'. - clang analysis fixes, assert arc4random buffer in init, no check for already checked delegation pointer in iterator, in testcode check for NULL packet matches, in perf do not copy from NULL start list when growing capacity. Adjust host and file only when present in test header read to please checker. In testcode for unknown macro operand give zero result. Initialise the passed argv array in test code. In test code add EDNS data segment copy only when nonempty. - Patch from Florian Obser fixes some compiler warnings: include mini_event.h to have a prototype for mini_ev_cmp include edns.h to have a prototype for apply_edns_options sldns_wire2str_edns_keepalive_print is only called in the wire2str, module declare it static to get rid of compiler warning: no previous prototype for function infra_find_ip_ratedata() is only called in the infra module, declare it static to get rid of compiler warning: no previous prototype for function do not shadow local variable buf in authzone auth_chunks_delete and az_nsec3_findnode are only called in the authzone module, declare them static to get rid of compiler warning: no previous prototype for function... copy_rrset() is only called in the respip module, declare it static to get rid of compiler warning: no previous prototype for function 'copy_rrset' no need for another variable "r"; gets rid of compiler warning: declaration shadows a local variable in libunbound.c no need for another variable "ns"; gets rid of compiler warning: declaration shadows a local variable in iterator.c - Moved includes and make depend. 23 January 2019: Wouter - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites options for unbound.conf. - Fixes for the patch, and man page entry. - Fix configure to detect SSL_CTX_set_ciphersuites, for better library compatibility when compiling. - Patch for TLS session resumption from Manabu Sonoda, enable with tls-session-ticket-keys in unbound.conf. - Fixes for patch (includes, declarations, warnings). Free at end and keep config options in order read from file to keep the first one as the first one. - Fix for IXFR fallback to reset counter when IXFR does not timeout. 22 January 2019: Wouter - Fix space calculation for tcp req buffer size. - Doc for stream-wait-size and unit test. - unbound-control stats has mem.streamwait that counts TCP and TLS waiting result buffers. - Fix for #4219: secondaries not updated after serial change, unbound falls back to AXFR after IXFR gives several timeout failures. - Fix that auth zone after IXFR fallback tries the same master. 21 January 2019: Wouter - Fix tcp idle timeout test, for difference in the tcp reply code. - Unit test for tcp request reorder and timeouts. - Unit tests for ssl out of order processing. - Fix that multiple dns fragments can be carried in one TLS frame. - Add stream-wait-size: 4m config option to limit the maximum memory used by waiting tcp and tls stream replies. This avoids a denial of service where these replies use up all of the memory. 17 January 2019: Wouter - For caps-for-id fallback, use the whitelist to avoid timeout starting a fallback sequence for it. - increase mesh max activation count for capsforid long fetches. 16 January 2019: Ralph - Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query without EDNS after timeout. 15 January 2019: Wouter - In the out of order processing, reset byte count for (potential) partial read. - Review fixes in out of order processing. 14 January 2019: Wouter - streamtcp option -a send queries consecutively and prints answers as they arrive. - Fix for out of order processing administration quit cleanup. - unit test for tcp out of order processing. 11 January 2019: Wouter - Initial commit for out-of-order processing for TCP and TLS. 9 January 2019: Wouter - Log query name for looping module errors. 8 January 2019: Wouter - Fix syntax in comment of local alias processing. - Fix NSEC3 record that is returned in wildcard replies from auth-zone zones with NSEC3 and wildcards. 7 January 2019: Wouter - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, and server tcp fastopen is enabled at compile time. - Document interaction between the tls-upstream option in the server section and forward-tls-upstream option in the forward-zone sections. - Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews, the patch adds a program used for fuzzing. 12 December 2018: Wouter - Fix for crash in dns64 module if response is null. 10 December 2018: Wouter - Fix config parser memory leaks. - ip-ratelimit-factor of 1 allows all traffic through, instead of the previous blocking everything. - Fix for FreeBSD port make with dnscrypt and dnstap enabled. - Fix #4206: support openssl 1.0.2 for TLS hostname verification, alongside the 1.1.0 and later support that is already there. - Fixup openssl 1.0.2 compile 6 December 2018: Wouter - Fix dns64 allocation in wrong region for returned internal queries. 3 December 2018: Wouter - Fix icon, no ragged edges and nicer resolutions available, for eg. Win 7 and Windows 10 display. - cache-max-ttl also defines upperbound of initial TTL in response. 30 November 2018: Wouter - Patch for typo in unbound.conf man page. - log-tag-queryreply: yes in unbound.conf tags the log-queries and log-replies in the log file for easier log filter maintenance. 29 November 2018: Wouter - iana portlist updated. - Fix chroot auth-zone fix to remove chroot prefix. - tag for 1.8.2rc1, which became 1.8.2 on 4 dec 2018, with icon updated. Trunk contains 1.8.3 in development. Which became 1.8.3 on 11 december with only the dns64 fix of 6 dec. Trunk then became 1.8.4 in development. - Fix that unbound-checkconf does not complains if the config file is not placed inside the chroot. - Refuse to start with no ports. - Remove clang analysis warnings. 28 November 2018: Wouter - Fix leak in chroot fix for auth-zone. - Fix clang analysis for outside directory build test. 27 November 2018: Wouter - Fix DNS64 to not store intermediate results in cache, this avoids other threads from picking up the wrong data. The module restores the previous no_cache_store setting when the the module is finished. - Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work. - New and better fix for Fix #4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL. - auth-zone give SERVFAIL when expired, fallback activates when expired, and this is documented in the man page. - stat count SERVFAIL downstream auth-zone queries for expired zones. - Put new logos into windows installer. - Fix windows compile for new rrset roundrobin fix. - Update contrib fastrpz patch for latest release. 26 November 2018: Wouter - Fix to not set GLOB_NOSORT so the unbound.conf include: files are sorted and in a predictable order. - Fix #4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL. - Add unbound-control view_local_datas command, like local_datas. - Fix that unbound-control can send file for view_local_datas. 22 November 2018: Wouter - With ./configure --with-pyunbound --with-pythonmodule PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests succeed for the python module. - pythonmod logs the python error and traceback on failure. - ignore debug python module for test in doxygen output. - review fixes for python module. - Fix #4209: Crash in libunbound when called from getdns. - auth zone zonefiles can be in a chroot, the chroot directory components are removed before use. - Fix that empty zonefile means the zonefile is not set and not used. - make depend. 21 November 2018: Wouter - Scrub NS records from NODATA responses as well. 20 November 2018: Wouter - Scrub NS records from NXDOMAIN responses to stop fragmentation poisoning of the cache. - Add patch from Jan Vcelak for pythonmod, add sockaddr_storage getters, add support for query callbacks, allow raw address access via comm_reply and update API documentation. - Removed compile warnings in pythonmod sockaddr routines. 19 November 2018: Wouter - Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes option in unbound.conf. 6 November 2018: Ralph - Bugfix min-client-subnet-ipv6 25 October 2018: Ralph - Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options. 25 October 2018: Wouter - Fix #4191: NXDOMAIN vs SERVFAIL during dns64 PTR query. - Fix #4190: Please create a "ANY" deny option, adds the option deny-any: yes in unbound.conf. This responds with an empty message to queries of type ANY. - Fix #4141: More randomness to rrset-roundrobin. - Fix #4132: Openness/closeness of RANGE intervals in rpl files. - Fix #4126: RTT_band too low on VSAT links with 600+ms latency, adds the option unknown-server-time-limit to unbound.conf that can be increased to avoid the problem. - remade makefile dependencies. - Fix #4152: Logs shows wrong time when using log-time-ascii: yes. 24 October 2018: Ralph - Add markdel function to ECS slabhash. - Limit ECS scope returned to client to the scope used for caching. - Make lint like previous #4154 fix. 22 October 2018: Wouter - Fix #4192: unbound-control-setup generates keys not readable by group. - check that the dnstap socket file can be opened and exists, print error if not. - Fix #4154: make ECS_MAX_TREESIZE configurable, with the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options. 22 October 2018: Ralph - Change fast-server-num default to 3. 8 October 2018: Ralph - Add fast-server-permil and fast-server-num options. - Deprecate low-rtt and low-rtt-permil options. 8 October 2018: Wouter - Squelch log of failed to tcp initiate after TCP Fastopen failure. 5 October 2018: Wouter - Squelch EADDRNOTAVAIL errors when the interface goes away, this omits 'can't assign requested address' errors unless verbosity is set to a high value. - Set default for so-reuseport to no for FreeBSD. It is enabled by default for Linux and DragonFlyBSD. The setting can be configured in unbound.conf to override the default. - iana port update. 2 October 2018: Wouter - updated contrib/fastrpz.patch to apply for this version - dnscrypt.c removed sizeof to get array bounds. - Fix testlock code to set noreturn on error routine. - Remove unused variable from contrib fastrpz/rpz.c and remove unused diagnostic pragmas that themselves generate warnings - clang analyze test is used only when assertions are enabled. 1 October 2018: Wouter - tag for release 1.8.1rc1. Became release 1.8.1 on 8 oct, with fastrpz.patch fix included. Trunk has 1.8.2 in development. 27 September 2018: Wouter - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes qname minimisation with a forwarder when connectivity has issues from rejecting responses. 25 September 2018: Wouter - Perform TLS SNI indication of the host that is being contacted for DNS over TLS service. It sets the configured tls auth name. This is useful for hosts that apart from the DNS over TLS services also provide other (web) services. - Fix #4149: Add SSL cleanup for tcp timeout. 17 September 2018: Wouter - Fix compile on Mac for unbound, provide explicit_bzero when libc does not have it. - Fix unbound for openssl in FIPS mode, it uses the digests with the EVP call contexts. - Fix that with harden-below-nxdomain and qname minisation enabled some iterator states for nonresponsive domains can get into a state where they waited for an empty list. - Stop UDP to TCP failover after timeouts that causes the ping count to be reset by the TCP time measurement (that exists for TLS), because that causes the UDP part to not be measured as timeout. - Fix #4156: Fix systemd service manager state change notification. 13 September 2018: Wouter - Fix seed for random backup code to use explicit zero when wiped. - exit log routine is annotated as noreturn function. - free memory leaks in config strlist and str2list insert functions. - do not move unused argv variable after getopt. - Remove unused if clause in testcode. - in testcode, free async ids, initialise array, and check for null pointer during test of the test. And use exit for return to note irregular program stop. - Free memory leak in config strlist append. - make sure nsec3 comparison salt is initialized. - unit test has clang analysis. - remove unused variable assignment from iterator scrub routine. - check for null in delegation point during iterator refetch in forward zone. - neater pointer cast in libunbound context quit routine. - initialize statistics totals for printout. - in authzone check that node exists before adding rrset. - in unbound-anchor, use readwrite memory BIO. - assertion in autotrust that packed rrset is formed correctly. - Fix memory leak when message parse fails partway through copy. - remove unused udpsize assignment in message encode. - nicer bio free code in unbound-anchor. - annotate exit functions with noreturn in unbound-control. 11 September 2018: Wouter - Fixed unused return value warnings in contrib/fastrpz.patch for asprintf. - Fix to squelch respip warning in unit test, it is printed at higher verbosity settings. - Fix spelling errors. - Fix initialisation in remote.c 10 September 2018: Wouter - 1.8.1 in svn trunk. (changes from 4,5,.. sep apply). - iana port update. 5 September 2018: Wouter - Fix spelling error in header, from getdns commit by Andreas Gelmini. 4 September 2018: Ralph - More explicitly mention the type of ratelimit when applying ip-ratelimit. 4 September 2018: Wouter - Tag for 1.8.0rc1 release, became 1.8.0 release on 10 Sep 2018. 31 August 2018: Wouter - Disable minimal-responses in subnet unit tests. 30 August 2018: Wouter - Fix that a local-zone with a local-zone-type that is transparent in a view with view-first, makes queries check for answers from the local-zones defined outside of views. 28 August 2018: Ralph - Disable minimal-responses in ipsecmod unit tests. - Added serve-expired-ttl and serve-expired-ttl-reset options. 27 August 2018: Wouter - Set defaults to yes for a number of options to increase speed and resilience of the server. The so-reuseport, harden-below-nxdomain, and minimal-responses options are enabled by default. They used to be disabled by default, waiting to make sure they worked. They are enabled by default now, and can be disabled explicitly by setting them to "no" in the unbound.conf config file. The reuseport and minimal options increases speed of the server, and should be otherwise harmless. The harden-below-nxdomain option works well together with the recently default enabled qname minimisation, this causes more fetches to use information from the cache. - next release is called 1.8.0. - Fix lintflags for lint on FreeBSD. 22 August 2018: George - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This gives access to reply information for the client's communication point when the callback is called before the mesh state (modules). Changes to C and Python's inplace_callback signatures were also necessary. 21 August 2018: Wouter - log-local-actions: yes option for unbound.conf that logs all the local zone actions, a patch from Saksham Manchanda (Secure64). - #4146: num.query.subnet and num.query.subnet_cache counters. - Fix only misc failure from log-servfail when val-log-level is not enabled. 17 August 2018: Ralph - Fix classification for QTYPE=CNAME queries when QNAME minimisation is enabled. 17 August 2018: Wouter - Set libunbound to increase current, because the libunbound change to the event callback function signature. That needs programs, that use it, to recompile against the new header definition. - print servfail info to log as error. - added more servfail printout statements, to the iterator. - log-servfail: yes prints log lines that say why queries are returning SERVFAIL to clients. 16 August 2018: Wouter - Fix warning on compile without threads. - Fix contrib/fastrpz.patch. 15 August 2018: Wouter - Fix segfault in auth-zone read and reorder of RRSIGs. 14 August 2018: Wouter - Fix that printout of error for cycle targets is a verbosity 4 printout and does not wrongly print it is a memory error. - Upgraded crosscompile script to include libunbound DLL in the zipfile. 10 August 2018: Wouter - Fix #4144: dns64 module caches wrong (negative) information. 9 August 2018: Wouter - unbound-checkconf checks if modules exist and prints if they are not compiled in the name of the wrong module. - document --enable-subnet in doc/README. - Patch for stub-no-cache and forward-no-cache options that disable caching for the contents of that stub or forward, for when you want immediate changes visible, from Bjoern A. Zeeb. 7 August 2018: Ralph - Make capsforid fallback QNAME minimisation aware. 7 August 2018: Wouter - Fix #4142: unbound.service.in: improvements and fixes. Add unit dependency ordering (based on systemd-resolved). Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings about missing privileges during startup). Add 'AF_INET6' to 'RestrictAddressFamilies' (without it IPV6 can't work). From Guido Shanahan. - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). This limits the number of simultaneous TCP client connections from a nominated netblock. - make depend, yacc, lex, doc, headers. And log the limit exceeded message only on high verbosity, so as to not spam the logs when it is busy. 6 August 2018: Wouter - Fix for #4136: Fix to unconditionally call destroy in daemon.c. 3 August 2018: George - Expose if a query (or a subquery) was ratelimited (not src IP ratelimiting) to libunbound under 'ub_result.was_ratelimited'. This also introduces a change to 'ub_event_callback_type' in libunbound/unbound-event.h. - Tidy pylib tests. 3 August 2018: Wouter - Revert previous change for #4136: because it introduces build problems. - New fix for #4136: This one ignores lex without without yylex_destroy. 1 August 2018: Wouter - Fix to remove systemd sockaddr function check, that is not always present. Make socket activation more lenient. But not different when socket activation is not used. - iana port list update. 31 July 2018: Wouter - Patches from Jim Hague (Sinodun) for EDNS KeepAlive. - Sort out test runs when the build directory isn't the project root directory. - Add config tcp-idle-timeout (default 30s). This applies to client connections only; the timeout on TCP connections upstream is unaffected. - Error if EDNS Keepalive received over UDP. - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options and implement option in client responses. - Correct and expand manual page entries for keepalive and idle timeout. - Implement progressive backoff of TCP idle/keepalive timeout. - Fix 'make depend' to work when build dir is not project root. - Add delay parameter to streamtcp, -d secs. To be used when testing idle timeout. - From Wouter: make depend, the dependencies in the patches did not apply cleanly. Also remade yacc and lex. - Fix mesh.c incompatible pointer pass. - Please doxygen so it passes. - Fix #4139: Fix unbound-host leaks memory on ANY. 30 July 2018: Wouter - Fix #4136: insufficiency from mismatch of FLEX capability between released tarball and build host. 27 July 2018: Wouter - Fix man page, say that chroot is enabled by default. 26 July 2018: Wouter - Fix #4135: 64-bit Windows Installer Creates Entries Under The Wrong Registry Key, reported by Brian White. 23 July 2018: Wouter - Fix use-systemd readiness signalling, only when use-systemd is yes and not in signal handler. 20 July 2018: Wouter - Fix #4130: print text describing -dd and unbound-checkconf on config file read error at startup, the errors may have been moved away by the startup process. - Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared. 19 July 2018: Wouter - Fix #4129 unbound-control error message with wrong cert permissions is too cryptic. 17 July 2018: Wouter - Fix #4127 unbound -h does not list -p help. - Print error if SSL name verification configured but not available in the ssl library. - Fix that ratelimit and ip-ratelimit are applied after reload of changed config file. - Resize ratelimit and ip-ratelimit caches if changed on reload. 16 July 2018: Wouter - Fix qname minimisation NXDOMAIN validation lookup failures causing error_supers assertion fails. - Squelch can't bind socket errors with Permission denied unless verbosity is 4 or higher, for UDP outgoing sockets. 12 July 2018: Wouter - Fix to improve systemd socket activation code file descriptor assignment. - Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more easily changed to adjust default rtt assumptions. 10 July 2018: Wouter - Note in documentation that the cert name match code needs OpenSSL 1.1.0 or later to be enabled. 6 July 2018: Wouter - Fix documentation ambiguity for tls-win-cert in tls-upstream and forward-tls-upstream docs. - iana port update. - Note RFC8162 support. SMIMEA record type can be read in by the zone record parser. - Fix round robin for failed addresses with prefer-ip6: yes 4 July 2018: Wouter - Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass if DNSSEC is not enabled. New option -R allows fallback from resolv.conf to direct queries. 3 July 2018: Wouter - Better documentation for unblock-lan-zones and insecure-lan-zones config statements. - Fix permission denied printed for auth zone probe random port nrs. 2 July 2018: Wouter - Fix checking for libhiredis printout in configure output. - Fix typo on man page in ip-address description. - Update libunbound/python/examples/dnssec_test.py example code to also set the 20326 trust anchor for the root in the example code. 29 June 2018: Wouter - dns64-ignore-aaaa: config option to list domain names for which the existing AAAA is ignored and dns64 processing is used on the A record. 28 June 2018: Wouter - num.queries.tls counter for queries over TLS. - log port number with err_addr logs. 27 June 2018: Wouter - #4109: Fix that package config depends on python unconditionally. - Patch, do not export python from pkg-config, from Petr Menšík. 26 June 2018: Wouter - Partial fix for permission denied on IPv6 address on FreeBSD. - Fix that auth-zone master reply with current SOA serial does not stop scan of masters for an updated zone. - Fix that auth-zone does not start the wait timer without checking if the wait timer has already been started. 21 June 2018: Wouter - #4108: systemd reload hang fix. - Fix usage printout for unbound-host, hostname has to be last argument on BSDs and Windows.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 26, 2019
1 March 2019: Wouter - output forwarder log in ssl_req_order test. 28 February 2019: Wouter - Remove memory leak on pythonmod python2 script file init. - Remove swig gcc8 python function cast warnings, they are ignored. - Print correct module that failed when module-config is wrong. 27 February 2019: Wouter - Fix #4229: Unbound man pages lack information, about access-control order and local zone tags, and elements in views. - Fix #14: contrib/unbound.init: Fix wrong comparison judgment before copying. - Fix for python module on Windows, fix fopen. 25 February 2019: Wouter - Fix #4227: pair event del and add for libevent for tcp_req_info. 21 February 2019: Wouter - Fix the error for unknown module in module-config is understandable, and explains it was not compiled in and where to see the list. - In example.conf explain where to put cachedb module in module-config. - In man page and example config explain that most modules have to be listed at the start of module-config. 20 February 2019: Wouter - Fix pythonmod include and sockaddr_un ifdefs for compile on Windows, and for libunbound. 18 February 2019: Wouter - Print query name with ip_ratelimit exceeded log lines. - Spaces instead of tabs in that log message. - Print query name and IP address when domain rate limit exceeded. 14 February 2019: Wouter - Fix capsforid canonical sort qsort callback. 11 February 2019: Wouter - Note default for module-config in man page. - Fix recursion lame test for qname minimisation asked queries, that were not present in the set of prepared answers. - Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for cert name matching, from man page. - make depend, with newer gcc, nicer layout. 7 February 2019: Wouter - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2. - Fix that qname minimisation does not skip a label when missing nameserver targets need to be fetched. - Fix #4225: clients seem to erroneously receive no answer with DNS-over-TLS and qname-minimisation. 4 February 2019: Wouter - Fix that log-replies prints the correct name for local-alias names, for names that have a CNAME in local-data configuration. It logs the original query name, not the target of the CNAME. - Add local-zone type inform_redirect, which logs like type inform, and redirects like type redirect. - Perform canonical sort for 0x20 capsforid compare of replies, this sorts rrsets in the authority and additional section before comparison, so that out of order rrsets do not cause failure. 31 January 2019: Wouter - Set ub_ctx_set_tls call signature in ltrace config file for libunbound in contrib/libunbound.so.conf. - improve documentation for tls-service-key and forward-first. - #10: fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of conditional section, fixes systemd builds, from Enrico Scholz. - #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks, still supports the set_id_callback previous API. And for 1.1.0 no locking callbacks are needed. - #8: Fix OpenSSL without ENGINE support compilation. - Wipe TLS session key data from memory on exit. 30 January 2019: Ralph - Fix case in which query timeout can result in marking delegation as edns_lame_known. 29 January 2019: Wouter - Fix spelling of tls-ciphers in example.conf.in. - Fix #4224: auth_xfr_notify.rpl test broken due to typo - Fix locking for libunbound context setup with broken port config. 28 January 2019: Wouter - ub_ctx_set_tls call for libunbound that enables DoT for the machines set with ub_ctx_set_fwd. Patch from Florian Obser. - Set build system for added call in the libunbound API. - List example config for root zone copy locally hosted with auth-zone as suggested from draft-ietf-dnsop-7706-bis-02. But with updated B root address. - set version to 1.9.0 for release. And this was released with the spelling for tls-ciphers fix as 1.9.0 on Feb 5. Trunk has 1.9.1 in development. 25 January 2019: Wouter - Fix that tcp for auth zone and outgoing does not remove and then gets the ssl read again applied to the deleted commpoint. - updated contrib/fastrpz.patch to cleanly diff. - no lock when threads disabled in tcp request buffer count. - remove compile warnings from libnettle compile. - output of newer lex 2.6.1 and bison 3.0.5. 24 January 2019: Wouter - Newer aclocal and libtoolize used for generating configure scripts, aclocal 1.16.1 and libtoolize 2.4.6. - Fix unit test for python 3.7 new keyword 'async'. - clang analysis fixes, assert arc4random buffer in init, no check for already checked delegation pointer in iterator, in testcode check for NULL packet matches, in perf do not copy from NULL start list when growing capacity. Adjust host and file only when present in test header read to please checker. In testcode for unknown macro operand give zero result. Initialise the passed argv array in test code. In test code add EDNS data segment copy only when nonempty. - Patch from Florian Obser fixes some compiler warnings: include mini_event.h to have a prototype for mini_ev_cmp include edns.h to have a prototype for apply_edns_options sldns_wire2str_edns_keepalive_print is only called in the wire2str, module declare it static to get rid of compiler warning: no previous prototype for function infra_find_ip_ratedata() is only called in the infra module, declare it static to get rid of compiler warning: no previous prototype for function do not shadow local variable buf in authzone auth_chunks_delete and az_nsec3_findnode are only called in the authzone module, declare them static to get rid of compiler warning: no previous prototype for function... copy_rrset() is only called in the respip module, declare it static to get rid of compiler warning: no previous prototype for function 'copy_rrset' no need for another variable "r"; gets rid of compiler warning: declaration shadows a local variable in libunbound.c no need for another variable "ns"; gets rid of compiler warning: declaration shadows a local variable in iterator.c - Moved includes and make depend. 23 January 2019: Wouter - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites options for unbound.conf. - Fixes for the patch, and man page entry. - Fix configure to detect SSL_CTX_set_ciphersuites, for better library compatibility when compiling. - Patch for TLS session resumption from Manabu Sonoda, enable with tls-session-ticket-keys in unbound.conf. - Fixes for patch (includes, declarations, warnings). Free at end and keep config options in order read from file to keep the first one as the first one. - Fix for IXFR fallback to reset counter when IXFR does not timeout. 22 January 2019: Wouter - Fix space calculation for tcp req buffer size. - Doc for stream-wait-size and unit test. - unbound-control stats has mem.streamwait that counts TCP and TLS waiting result buffers. - Fix for #4219: secondaries not updated after serial change, unbound falls back to AXFR after IXFR gives several timeout failures. - Fix that auth zone after IXFR fallback tries the same master. 21 January 2019: Wouter - Fix tcp idle timeout test, for difference in the tcp reply code. - Unit test for tcp request reorder and timeouts. - Unit tests for ssl out of order processing. - Fix that multiple dns fragments can be carried in one TLS frame. - Add stream-wait-size: 4m config option to limit the maximum memory used by waiting tcp and tls stream replies. This avoids a denial of service where these replies use up all of the memory. 17 January 2019: Wouter - For caps-for-id fallback, use the whitelist to avoid timeout starting a fallback sequence for it. - increase mesh max activation count for capsforid long fetches. 16 January 2019: Ralph - Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query without EDNS after timeout. 15 January 2019: Wouter - In the out of order processing, reset byte count for (potential) partial read. - Review fixes in out of order processing. 14 January 2019: Wouter - streamtcp option -a send queries consecutively and prints answers as they arrive. - Fix for out of order processing administration quit cleanup. - unit test for tcp out of order processing. 11 January 2019: Wouter - Initial commit for out-of-order processing for TCP and TLS. 9 January 2019: Wouter - Log query name for looping module errors. 8 January 2019: Wouter - Fix syntax in comment of local alias processing. - Fix NSEC3 record that is returned in wildcard replies from auth-zone zones with NSEC3 and wildcards. 7 January 2019: Wouter - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, and server tcp fastopen is enabled at compile time. - Document interaction between the tls-upstream option in the server section and forward-tls-upstream option in the forward-zone sections. - Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews, the patch adds a program used for fuzzing. 12 December 2018: Wouter - Fix for crash in dns64 module if response is null. 10 December 2018: Wouter - Fix config parser memory leaks. - ip-ratelimit-factor of 1 allows all traffic through, instead of the previous blocking everything. - Fix for FreeBSD port make with dnscrypt and dnstap enabled. - Fix #4206: support openssl 1.0.2 for TLS hostname verification, alongside the 1.1.0 and later support that is already there. - Fixup openssl 1.0.2 compile 6 December 2018: Wouter - Fix dns64 allocation in wrong region for returned internal queries. 3 December 2018: Wouter - Fix icon, no ragged edges and nicer resolutions available, for eg. Win 7 and Windows 10 display. - cache-max-ttl also defines upperbound of initial TTL in response. 30 November 2018: Wouter - Patch for typo in unbound.conf man page. - log-tag-queryreply: yes in unbound.conf tags the log-queries and log-replies in the log file for easier log filter maintenance. 29 November 2018: Wouter - iana portlist updated. - Fix chroot auth-zone fix to remove chroot prefix. - tag for 1.8.2rc1, which became 1.8.2 on 4 dec 2018, with icon updated. Trunk contains 1.8.3 in development. Which became 1.8.3 on 11 december with only the dns64 fix of 6 dec. Trunk then became 1.8.4 in development. - Fix that unbound-checkconf does not complains if the config file is not placed inside the chroot. - Refuse to start with no ports. - Remove clang analysis warnings. 28 November 2018: Wouter - Fix leak in chroot fix for auth-zone. - Fix clang analysis for outside directory build test. 27 November 2018: Wouter - Fix DNS64 to not store intermediate results in cache, this avoids other threads from picking up the wrong data. The module restores the previous no_cache_store setting when the the module is finished. - Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work. - New and better fix for Fix #4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL. - auth-zone give SERVFAIL when expired, fallback activates when expired, and this is documented in the man page. - stat count SERVFAIL downstream auth-zone queries for expired zones. - Put new logos into windows installer. - Fix windows compile for new rrset roundrobin fix. - Update contrib fastrpz patch for latest release. 26 November 2018: Wouter - Fix to not set GLOB_NOSORT so the unbound.conf include: files are sorted and in a predictable order. - Fix #4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL. - Add unbound-control view_local_datas command, like local_datas. - Fix that unbound-control can send file for view_local_datas. 22 November 2018: Wouter - With ./configure --with-pyunbound --with-pythonmodule PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests succeed for the python module. - pythonmod logs the python error and traceback on failure. - ignore debug python module for test in doxygen output. - review fixes for python module. - Fix #4209: Crash in libunbound when called from getdns. - auth zone zonefiles can be in a chroot, the chroot directory components are removed before use. - Fix that empty zonefile means the zonefile is not set and not used. - make depend. 21 November 2018: Wouter - Scrub NS records from NODATA responses as well. 20 November 2018: Wouter - Scrub NS records from NXDOMAIN responses to stop fragmentation poisoning of the cache. - Add patch from Jan Vcelak for pythonmod, add sockaddr_storage getters, add support for query callbacks, allow raw address access via comm_reply and update API documentation. - Removed compile warnings in pythonmod sockaddr routines. 19 November 2018: Wouter - Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes option in unbound.conf. 6 November 2018: Ralph - Bugfix min-client-subnet-ipv6 25 October 2018: Ralph - Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options. 25 October 2018: Wouter - Fix #4191: NXDOMAIN vs SERVFAIL during dns64 PTR query. - Fix #4190: Please create a "ANY" deny option, adds the option deny-any: yes in unbound.conf. This responds with an empty message to queries of type ANY. - Fix #4141: More randomness to rrset-roundrobin. - Fix #4132: Openness/closeness of RANGE intervals in rpl files. - Fix #4126: RTT_band too low on VSAT links with 600+ms latency, adds the option unknown-server-time-limit to unbound.conf that can be increased to avoid the problem. - remade makefile dependencies. - Fix #4152: Logs shows wrong time when using log-time-ascii: yes. 24 October 2018: Ralph - Add markdel function to ECS slabhash. - Limit ECS scope returned to client to the scope used for caching. - Make lint like previous #4154 fix. 22 October 2018: Wouter - Fix #4192: unbound-control-setup generates keys not readable by group. - check that the dnstap socket file can be opened and exists, print error if not. - Fix #4154: make ECS_MAX_TREESIZE configurable, with the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options. 22 October 2018: Ralph - Change fast-server-num default to 3. 8 October 2018: Ralph - Add fast-server-permil and fast-server-num options. - Deprecate low-rtt and low-rtt-permil options. 8 October 2018: Wouter - Squelch log of failed to tcp initiate after TCP Fastopen failure. 5 October 2018: Wouter - Squelch EADDRNOTAVAIL errors when the interface goes away, this omits 'can't assign requested address' errors unless verbosity is set to a high value. - Set default for so-reuseport to no for FreeBSD. It is enabled by default for Linux and DragonFlyBSD. The setting can be configured in unbound.conf to override the default. - iana port update. 2 October 2018: Wouter - updated contrib/fastrpz.patch to apply for this version - dnscrypt.c removed sizeof to get array bounds. - Fix testlock code to set noreturn on error routine. - Remove unused variable from contrib fastrpz/rpz.c and remove unused diagnostic pragmas that themselves generate warnings - clang analyze test is used only when assertions are enabled. 1 October 2018: Wouter - tag for release 1.8.1rc1. Became release 1.8.1 on 8 oct, with fastrpz.patch fix included. Trunk has 1.8.2 in development. 27 September 2018: Wouter - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes qname minimisation with a forwarder when connectivity has issues from rejecting responses. 25 September 2018: Wouter - Perform TLS SNI indication of the host that is being contacted for DNS over TLS service. It sets the configured tls auth name. This is useful for hosts that apart from the DNS over TLS services also provide other (web) services. - Fix #4149: Add SSL cleanup for tcp timeout. 17 September 2018: Wouter - Fix compile on Mac for unbound, provide explicit_bzero when libc does not have it. - Fix unbound for openssl in FIPS mode, it uses the digests with the EVP call contexts. - Fix that with harden-below-nxdomain and qname minisation enabled some iterator states for nonresponsive domains can get into a state where they waited for an empty list. - Stop UDP to TCP failover after timeouts that causes the ping count to be reset by the TCP time measurement (that exists for TLS), because that causes the UDP part to not be measured as timeout. - Fix #4156: Fix systemd service manager state change notification. 13 September 2018: Wouter - Fix seed for random backup code to use explicit zero when wiped. - exit log routine is annotated as noreturn function. - free memory leaks in config strlist and str2list insert functions. - do not move unused argv variable after getopt. - Remove unused if clause in testcode. - in testcode, free async ids, initialise array, and check for null pointer during test of the test. And use exit for return to note irregular program stop. - Free memory leak in config strlist append. - make sure nsec3 comparison salt is initialized. - unit test has clang analysis. - remove unused variable assignment from iterator scrub routine. - check for null in delegation point during iterator refetch in forward zone. - neater pointer cast in libunbound context quit routine. - initialize statistics totals for printout. - in authzone check that node exists before adding rrset. - in unbound-anchor, use readwrite memory BIO. - assertion in autotrust that packed rrset is formed correctly. - Fix memory leak when message parse fails partway through copy. - remove unused udpsize assignment in message encode. - nicer bio free code in unbound-anchor. - annotate exit functions with noreturn in unbound-control. 11 September 2018: Wouter - Fixed unused return value warnings in contrib/fastrpz.patch for asprintf. - Fix to squelch respip warning in unit test, it is printed at higher verbosity settings. - Fix spelling errors. - Fix initialisation in remote.c 10 September 2018: Wouter - 1.8.1 in svn trunk. (changes from 4,5,.. sep apply). - iana port update. 5 September 2018: Wouter - Fix spelling error in header, from getdns commit by Andreas Gelmini. 4 September 2018: Ralph - More explicitly mention the type of ratelimit when applying ip-ratelimit. 4 September 2018: Wouter - Tag for 1.8.0rc1 release, became 1.8.0 release on 10 Sep 2018. 31 August 2018: Wouter - Disable minimal-responses in subnet unit tests. 30 August 2018: Wouter - Fix that a local-zone with a local-zone-type that is transparent in a view with view-first, makes queries check for answers from the local-zones defined outside of views. 28 August 2018: Ralph - Disable minimal-responses in ipsecmod unit tests. - Added serve-expired-ttl and serve-expired-ttl-reset options. 27 August 2018: Wouter - Set defaults to yes for a number of options to increase speed and resilience of the server. The so-reuseport, harden-below-nxdomain, and minimal-responses options are enabled by default. They used to be disabled by default, waiting to make sure they worked. They are enabled by default now, and can be disabled explicitly by setting them to "no" in the unbound.conf config file. The reuseport and minimal options increases speed of the server, and should be otherwise harmless. The harden-below-nxdomain option works well together with the recently default enabled qname minimisation, this causes more fetches to use information from the cache. - next release is called 1.8.0. - Fix lintflags for lint on FreeBSD. 22 August 2018: George - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This gives access to reply information for the client's communication point when the callback is called before the mesh state (modules). Changes to C and Python's inplace_callback signatures were also necessary. 21 August 2018: Wouter - log-local-actions: yes option for unbound.conf that logs all the local zone actions, a patch from Saksham Manchanda (Secure64). - #4146: num.query.subnet and num.query.subnet_cache counters. - Fix only misc failure from log-servfail when val-log-level is not enabled. 17 August 2018: Ralph - Fix classification for QTYPE=CNAME queries when QNAME minimisation is enabled. 17 August 2018: Wouter - Set libunbound to increase current, because the libunbound change to the event callback function signature. That needs programs, that use it, to recompile against the new header definition. - print servfail info to log as error. - added more servfail printout statements, to the iterator. - log-servfail: yes prints log lines that say why queries are returning SERVFAIL to clients. 16 August 2018: Wouter - Fix warning on compile without threads. - Fix contrib/fastrpz.patch. 15 August 2018: Wouter - Fix segfault in auth-zone read and reorder of RRSIGs. 14 August 2018: Wouter - Fix that printout of error for cycle targets is a verbosity 4 printout and does not wrongly print it is a memory error. - Upgraded crosscompile script to include libunbound DLL in the zipfile. 10 August 2018: Wouter - Fix #4144: dns64 module caches wrong (negative) information. 9 August 2018: Wouter - unbound-checkconf checks if modules exist and prints if they are not compiled in the name of the wrong module. - document --enable-subnet in doc/README. - Patch for stub-no-cache and forward-no-cache options that disable caching for the contents of that stub or forward, for when you want immediate changes visible, from Bjoern A. Zeeb. 7 August 2018: Ralph - Make capsforid fallback QNAME minimisation aware. 7 August 2018: Wouter - Fix #4142: unbound.service.in: improvements and fixes. Add unit dependency ordering (based on systemd-resolved). Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings about missing privileges during startup). Add 'AF_INET6' to 'RestrictAddressFamilies' (without it IPV6 can't work). From Guido Shanahan. - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). This limits the number of simultaneous TCP client connections from a nominated netblock. - make depend, yacc, lex, doc, headers. And log the limit exceeded message only on high verbosity, so as to not spam the logs when it is busy. 6 August 2018: Wouter - Fix for #4136: Fix to unconditionally call destroy in daemon.c. 3 August 2018: George - Expose if a query (or a subquery) was ratelimited (not src IP ratelimiting) to libunbound under 'ub_result.was_ratelimited'. This also introduces a change to 'ub_event_callback_type' in libunbound/unbound-event.h. - Tidy pylib tests. 3 August 2018: Wouter - Revert previous change for #4136: because it introduces build problems. - New fix for #4136: This one ignores lex without without yylex_destroy. 1 August 2018: Wouter - Fix to remove systemd sockaddr function check, that is not always present. Make socket activation more lenient. But not different when socket activation is not used. - iana port list update. 31 July 2018: Wouter - Patches from Jim Hague (Sinodun) for EDNS KeepAlive. - Sort out test runs when the build directory isn't the project root directory. - Add config tcp-idle-timeout (default 30s). This applies to client connections only; the timeout on TCP connections upstream is unaffected. - Error if EDNS Keepalive received over UDP. - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options and implement option in client responses. - Correct and expand manual page entries for keepalive and idle timeout. - Implement progressive backoff of TCP idle/keepalive timeout. - Fix 'make depend' to work when build dir is not project root. - Add delay parameter to streamtcp, -d secs. To be used when testing idle timeout. - From Wouter: make depend, the dependencies in the patches did not apply cleanly. Also remade yacc and lex. - Fix mesh.c incompatible pointer pass. - Please doxygen so it passes. - Fix #4139: Fix unbound-host leaks memory on ANY. 30 July 2018: Wouter - Fix #4136: insufficiency from mismatch of FLEX capability between released tarball and build host. 27 July 2018: Wouter - Fix man page, say that chroot is enabled by default. 26 July 2018: Wouter - Fix #4135: 64-bit Windows Installer Creates Entries Under The Wrong Registry Key, reported by Brian White. 23 July 2018: Wouter - Fix use-systemd readiness signalling, only when use-systemd is yes and not in signal handler. 20 July 2018: Wouter - Fix #4130: print text describing -dd and unbound-checkconf on config file read error at startup, the errors may have been moved away by the startup process. - Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared. 19 July 2018: Wouter - Fix #4129 unbound-control error message with wrong cert permissions is too cryptic. 17 July 2018: Wouter - Fix #4127 unbound -h does not list -p help. - Print error if SSL name verification configured but not available in the ssl library. - Fix that ratelimit and ip-ratelimit are applied after reload of changed config file. - Resize ratelimit and ip-ratelimit caches if changed on reload. 16 July 2018: Wouter - Fix qname minimisation NXDOMAIN validation lookup failures causing error_supers assertion fails. - Squelch can't bind socket errors with Permission denied unless verbosity is 4 or higher, for UDP outgoing sockets. 12 July 2018: Wouter - Fix to improve systemd socket activation code file descriptor assignment. - Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more easily changed to adjust default rtt assumptions. 10 July 2018: Wouter - Note in documentation that the cert name match code needs OpenSSL 1.1.0 or later to be enabled. 6 July 2018: Wouter - Fix documentation ambiguity for tls-win-cert in tls-upstream and forward-tls-upstream docs. - iana port update. - Note RFC8162 support. SMIMEA record type can be read in by the zone record parser. - Fix round robin for failed addresses with prefer-ip6: yes 4 July 2018: Wouter - Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass if DNSSEC is not enabled. New option -R allows fallback from resolv.conf to direct queries. 3 July 2018: Wouter - Better documentation for unblock-lan-zones and insecure-lan-zones config statements. - Fix permission denied printed for auth zone probe random port nrs. 2 July 2018: Wouter - Fix checking for libhiredis printout in configure output. - Fix typo on man page in ip-address description. - Update libunbound/python/examples/dnssec_test.py example code to also set the 20326 trust anchor for the root in the example code. 29 June 2018: Wouter - dns64-ignore-aaaa: config option to list domain names for which the existing AAAA is ignored and dns64 processing is used on the A record. 28 June 2018: Wouter - num.queries.tls counter for queries over TLS. - log port number with err_addr logs. 27 June 2018: Wouter - #4109: Fix that package config depends on python unconditionally. - Patch, do not export python from pkg-config, from Petr Menšík. 26 June 2018: Wouter - Partial fix for permission denied on IPv6 address on FreeBSD. - Fix that auth-zone master reply with current SOA serial does not stop scan of masters for an updated zone. - Fix that auth-zone does not start the wait timer without checking if the wait timer has already been started. 21 June 2018: Wouter - #4108: systemd reload hang fix. - Fix usage printout for unbound-host, hostname has to be last argument on BSDs and Windows.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 25, 2019
external/gpl3/gcc/lib/libstdc++-v3/arch/mips64eb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/config/locale/generic/time_members.cc: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/arm/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/vax/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc64/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/hppa/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68000/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/mipsel/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/c++config.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/armeb/tm.h: revision 1.10 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/vax/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/symver-config.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/armeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/alpha/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/include/bits/locale_facets_nonio.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/auto-host.h: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/hppa/tm.h: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/sparc/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/ia64/defs.mk: revision 1.9 external/gpl3/gcc/lib/libstdc++-v3/arch/mips64el/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/sparc/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/defs.mk: revision 1.19 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/defs.mk: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68000/defs.mk: revision 1.15 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/defs.mk: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhf/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68k/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhfeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/arm/tm.h: revision 1.9 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/defs.mk: revision 1.17 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/powerpc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/auto-host.h: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7eb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3el/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/i386/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/gstdint.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/x86_64/defs.mk: revision 1.15 external/gpl3/gcc/lib/libiberty/defs.mk: revision 1.22 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmeb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/symver-config.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/Makefile: revision 1.48 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/defs.mk: revision 1.5 external/gpl3/gcc/dist/libstdc++-v3/src/c++11/ctype.cc: revision 1.2 external/gpl3/gcc/lib/libstdc++-v3/arch/earm/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/riscv64/multilib.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/m68k/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earm/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/i386/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/armeb/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/arm/auto-host.h: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68k/tm.h: revision 1.7 external/gpl3/gcc/lib/libstdc++-v3/arch/mipseb/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/i386/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/armeb/auto-host.h: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/i386/auto-host.h: revision 1.15 external/gpl3/gcc/dist/libstdc++-v3/configure: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/hppa/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/alpha/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/tm.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/alpha/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/arm/defs.mk: revision 1.11 external/gpl3/gcc/dist/libstdc++-v3/acinclude.m4: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/ia64/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/vax/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/c++config.h: revision 1.8 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/c++config.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/auto-host.h: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/defs.mk: revision 1.19 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/defs.mk: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/m68000/tm.h: revision 1.6 Arrange so that the Makefile works for both the generic and the dragonfly locale code. There is no specialized constructor for ctype<char> so the destructor ends up trying to free uninitialized memory for _M_c_locale_ctype. Add a forward declaration for the specialized __timepunct<wchar_t> destructor that the dragonfly code needs to avoid "instantiation before specialization", and an empty implementation for the generic code. Use the dragonfly locale code for NetBSD too. Manually patch the locale configuration to use the dragonfly code instead of generic. regen mknative for everyone after: - NETBSD_ENABLE_PTHREADS removed (default always) - HAVE_GNU_INDIRECT_FUNCTION enabled for some platforms - switch to dragondfly bsd locale routines after christos made them work for us
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Oct 19, 2019
external/gpl3/gcc/lib/libstdc++-v3/arch/mips64eb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/config/locale/generic/time_members.cc: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/arm/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/vax/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc64/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/hppa/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68000/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/mipsel/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/c++config.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/armeb/tm.h: revision 1.10 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/vax/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/symver-config.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/armeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/alpha/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/include/bits/locale_facets_nonio.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/auto-host.h: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/hppa/tm.h: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/sparc/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/ia64/defs.mk: revision 1.9 external/gpl3/gcc/lib/libstdc++-v3/arch/mips64el/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/sparc/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/defs.mk: revision 1.19 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/defs.mk: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68000/defs.mk: revision 1.15 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/defs.mk: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhf/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68k/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhfeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/arm/tm.h: revision 1.9 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/defs.mk: revision 1.17 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/powerpc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/auto-host.h: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7eb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3el/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/i386/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/gstdint.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/x86_64/defs.mk: revision 1.15 external/gpl3/gcc/lib/libiberty/defs.mk: revision 1.22 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmeb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/symver-config.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/Makefile: revision 1.48 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/defs.mk: revision 1.5 external/gpl3/gcc/dist/libstdc++-v3/src/c++11/ctype.cc: revision 1.2 external/gpl3/gcc/lib/libstdc++-v3/arch/earm/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/riscv64/multilib.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/m68k/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earm/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/i386/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/armeb/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/arm/auto-host.h: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68k/tm.h: revision 1.7 external/gpl3/gcc/lib/libstdc++-v3/arch/mipseb/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/i386/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/armeb/auto-host.h: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/i386/auto-host.h: revision 1.15 external/gpl3/gcc/dist/libstdc++-v3/configure: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/hppa/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/alpha/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/tm.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/alpha/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/arm/defs.mk: revision 1.11 external/gpl3/gcc/dist/libstdc++-v3/acinclude.m4: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/ia64/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/vax/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/c++config.h: revision 1.8 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/c++config.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/auto-host.h: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/defs.mk: revision 1.19 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/defs.mk: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/m68000/tm.h: revision 1.6 Arrange so that the Makefile works for both the generic and the dragonfly locale code. There is no specialized constructor for ctype<char> so the destructor ends up trying to free uninitialized memory for _M_c_locale_ctype. Add a forward declaration for the specialized __timepunct<wchar_t> destructor that the dragonfly code needs to avoid "instantiation before specialization", and an empty implementation for the generic code. Use the dragonfly locale code for NetBSD too. Manually patch the locale configuration to use the dragonfly code instead of generic. regen mknative for everyone after: - NETBSD_ENABLE_PTHREADS removed (default always) - HAVE_GNU_INDIRECT_FUNCTION enabled for some platforms - switch to dragondfly bsd locale routines after christos made them work for us
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 1, 2019
external/gpl3/gcc/lib/libstdc++-v3/arch/mips64eb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/config/locale/generic/time_members.cc: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/arm/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/vax/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc64/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/hppa/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68000/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/mipsel/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/c++config.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/armeb/tm.h: revision 1.10 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/vax/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/symver-config.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/armeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/alpha/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/include/bits/locale_facets_nonio.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/auto-host.h: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/hppa/tm.h: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/sparc/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/ia64/defs.mk: revision 1.9 external/gpl3/gcc/lib/libstdc++-v3/arch/mips64el/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/sparc/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/defs.mk: revision 1.19 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/defs.mk: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68000/defs.mk: revision 1.15 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/defs.mk: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhf/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68k/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhfeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/arm/tm.h: revision 1.9 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/defs.mk: revision 1.17 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/powerpc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/auto-host.h: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7eb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3el/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/i386/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/gstdint.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/x86_64/defs.mk: revision 1.15 external/gpl3/gcc/lib/libiberty/defs.mk: revision 1.22 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmeb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/symver-config.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/Makefile: revision 1.48 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/defs.mk: revision 1.5 external/gpl3/gcc/dist/libstdc++-v3/src/c++11/ctype.cc: revision 1.2 external/gpl3/gcc/lib/libstdc++-v3/arch/earm/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/riscv64/multilib.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/m68k/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earm/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/i386/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/armeb/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/arm/auto-host.h: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68k/tm.h: revision 1.7 external/gpl3/gcc/lib/libstdc++-v3/arch/mipseb/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/i386/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/armeb/auto-host.h: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/i386/auto-host.h: revision 1.15 external/gpl3/gcc/dist/libstdc++-v3/configure: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/hppa/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/alpha/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/tm.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/alpha/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/arm/defs.mk: revision 1.11 external/gpl3/gcc/dist/libstdc++-v3/acinclude.m4: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/ia64/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/vax/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/c++config.h: revision 1.8 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/c++config.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/auto-host.h: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/defs.mk: revision 1.19 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/defs.mk: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/m68000/tm.h: revision 1.6 Arrange so that the Makefile works for both the generic and the dragonfly locale code. There is no specialized constructor for ctype<char> so the destructor ends up trying to free uninitialized memory for _M_c_locale_ctype. Add a forward declaration for the specialized __timepunct<wchar_t> destructor that the dragonfly code needs to avoid "instantiation before specialization", and an empty implementation for the generic code. Use the dragonfly locale code for NetBSD too. Manually patch the locale configuration to use the dragonfly code instead of generic. regen mknative for everyone after: - NETBSD_ENABLE_PTHREADS removed (default always) - HAVE_GNU_INDIRECT_FUNCTION enabled for some platforms - switch to dragondfly bsd locale routines after christos made them work for us
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 23, 2020
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 23, 2020
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 5, 2020
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 5, 2020
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 8, 2020
external/gpl3/gcc/lib/libstdc++-v3/arch/mips64eb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/config/locale/generic/time_members.cc: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/arm/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/vax/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc64/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/hppa/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68000/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/mipsel/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/c++config.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/armeb/tm.h: revision 1.10 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/vax/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/symver-config.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/armeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/alpha/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/include/bits/locale_facets_nonio.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/auto-host.h: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/hppa/tm.h: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/sparc/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/ia64/defs.mk: revision 1.9 external/gpl3/gcc/lib/libstdc++-v3/arch/mips64el/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/sparc/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/defs.mk: revision 1.19 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/defs.mk: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68000/defs.mk: revision 1.15 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/defs.mk: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhf/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68k/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhfeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/arm/tm.h: revision 1.9 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/defs.mk: revision 1.17 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/powerpc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/auto-host.h: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7eb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3el/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/i386/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/gstdint.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/x86_64/defs.mk: revision 1.15 external/gpl3/gcc/lib/libiberty/defs.mk: revision 1.22 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmeb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/symver-config.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/Makefile: revision 1.48 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/defs.mk: revision 1.5 external/gpl3/gcc/dist/libstdc++-v3/src/c++11/ctype.cc: revision 1.2 external/gpl3/gcc/lib/libstdc++-v3/arch/earm/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/riscv64/multilib.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/m68k/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earm/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/i386/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/armeb/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/arm/auto-host.h: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68k/tm.h: revision 1.7 external/gpl3/gcc/lib/libstdc++-v3/arch/mipseb/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/i386/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/armeb/auto-host.h: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/i386/auto-host.h: revision 1.15 external/gpl3/gcc/dist/libstdc++-v3/configure: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/hppa/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/alpha/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/tm.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/alpha/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/arm/defs.mk: revision 1.11 external/gpl3/gcc/dist/libstdc++-v3/acinclude.m4: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/ia64/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/vax/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/c++config.h: revision 1.8 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/c++config.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/auto-host.h: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/defs.mk: revision 1.19 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/defs.mk: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/m68000/tm.h: revision 1.6 Arrange so that the Makefile works for both the generic and the dragonfly locale code. There is no specialized constructor for ctype<char> so the destructor ends up trying to free uninitialized memory for _M_c_locale_ctype. Add a forward declaration for the specialized __timepunct<wchar_t> destructor that the dragonfly code needs to avoid "instantiation before specialization", and an empty implementation for the generic code. Use the dragonfly locale code for NetBSD too. Manually patch the locale configuration to use the dragonfly code instead of generic. regen mknative for everyone after: - NETBSD_ENABLE_PTHREADS removed (default always) - HAVE_GNU_INDIRECT_FUNCTION enabled for some platforms - switch to dragondfly bsd locale routines after christos made them work for us
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 8, 2020
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 8, 2020
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 8, 2020
sys/net/rtsock.c: revision 1.244 Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 8, 2020
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 30, 2020
external/gpl3/gcc/lib/libstdc++-v3/arch/mips64eb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/config/locale/generic/time_members.cc: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/arm/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/vax/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc64/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/hppa/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68000/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/mipsel/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/c++config.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/armeb/tm.h: revision 1.10 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/vax/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/symver-config.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/armeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/alpha/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/include/bits/locale_facets_nonio.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/auto-host.h: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/hppa/tm.h: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/sparc/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/ia64/defs.mk: revision 1.9 external/gpl3/gcc/lib/libstdc++-v3/arch/mips64el/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/sparc/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/defs.mk: revision 1.19 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/defs.mk: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68000/defs.mk: revision 1.15 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/defs.mk: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhf/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68k/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhfeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/arm/tm.h: revision 1.9 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/defs.mk: revision 1.17 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/powerpc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/auto-host.h: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7eb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3el/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/i386/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/gstdint.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/x86_64/defs.mk: revision 1.15 external/gpl3/gcc/lib/libiberty/defs.mk: revision 1.22 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmeb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/symver-config.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/Makefile: revision 1.48 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/defs.mk: revision 1.5 external/gpl3/gcc/dist/libstdc++-v3/src/c++11/ctype.cc: revision 1.2 external/gpl3/gcc/lib/libstdc++-v3/arch/earm/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/riscv64/multilib.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/m68k/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earm/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/i386/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/armeb/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/arm/auto-host.h: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68k/tm.h: revision 1.7 external/gpl3/gcc/lib/libstdc++-v3/arch/mipseb/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/i386/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/armeb/auto-host.h: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/i386/auto-host.h: revision 1.15 external/gpl3/gcc/dist/libstdc++-v3/configure: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/hppa/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/alpha/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/tm.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/alpha/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/arm/defs.mk: revision 1.11 external/gpl3/gcc/dist/libstdc++-v3/acinclude.m4: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/ia64/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/vax/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/c++config.h: revision 1.8 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/c++config.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/auto-host.h: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/defs.mk: revision 1.19 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/defs.mk: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/m68000/tm.h: revision 1.6 Arrange so that the Makefile works for both the generic and the dragonfly locale code. There is no specialized constructor for ctype<char> so the destructor ends up trying to free uninitialized memory for _M_c_locale_ctype. Add a forward declaration for the specialized __timepunct<wchar_t> destructor that the dragonfly code needs to avoid "instantiation before specialization", and an empty implementation for the generic code. Use the dragonfly locale code for NetBSD too. Manually patch the locale configuration to use the dragonfly code instead of generic. regen mknative for everyone after: - NETBSD_ENABLE_PTHREADS removed (default always) - HAVE_GNU_INDIRECT_FUNCTION enabled for some platforms - switch to dragondfly bsd locale routines after christos made them work for us
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 30, 2020
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 30, 2020
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 4, 2020
Version 4.4.2
22 January 2020
Release Notes
NEW FEATURES
Please note that that ISC DHCP is now licensed under the Mozilla Public License,
MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
license terms.
While release 4.4.2 is primarily a maintenance release that addresses a number
of defects, it does introduce a few new features:
- Keama - Keama is a migration utility that assists in converting ISC DHCP
server configuration files to Kea configuration files. It is found in the
keama subdirectory and includes a README.md file with instructions on how
to build it as well as a manpage on its usage.
- Two new server parameters related to ping checking were added:
1. ping-cltt-secs which allows the user to specify the number of seconds
that must elapse since CLTT before a ping check is conducted.
2. ping-timeout-ms which allows the user to specify the amount of time the
server waits for a ping-check response in milliseconds rather than in
seconds.
In general, the areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
Dynamic DNS Improvements:
- We added three new server configuration parameters which influence DDNS
conflict resolution:
1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
to mitigate issues with non-compliant clients in dual stack environments.
2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
requirement of DNS conflict resolution.
3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
allow unguarded DNS entries to be overwritten in certain cases
- The server now honors update-static-leases parameter for static DHCPv6
hosts.
dhclient Improvements:
- We've added three command line parameters to dhclient:
1. --prefix-len-hint - directs dhclient to use the given length as
the prefix length hint when requesting prefixes
2. --decline-wait-time - instructs the client to wait the given number
of seconds after declining an IPv4 address before issuing a discover
3. --address-prefix-len - specifies the prefix length passed by dhclient
into the client script (via the environment variable ip6_prefixlen) with
each IPv6 address. We added this parameter because we have changed the
default value from 64 to 128 in order to be compliant with RFC3315bis
draft (-09, page 64) and RFC5942, Section 4, point 1.
**WARNING**: The new default value of 128 may not be backwardly compatible
with your environment. If you are operating without a router, such as
between VMs on a host, you may find they cannot see each other with prefix
length of 128. In such cases, you'll need to either provide routing or use
the command line parameter to set the value to 64. Alternatively you may
change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
in includes/site.h.
- dhclient will now generate a DHCPv6 DECLINE message when the client script
indicates a DAD failure
Dynamic shared library support:
Configure script, configure.ac+lt, which supports libtool is now provided
with the source tar ball. This script can be used to configure ISC DHCP
to build with libtool and thus use dynamic shared libraries.
Other Highlights:
- The server now supports dhcp-cache-threshold for DHCPv6 operations
- The server now supports DHPv6 address allocation based on EUI-64 DUIDs
- Experimental support for alternate relay port in the both the server
and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.
The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.
ISC DHCP is open source software maintained by Internet Systems
Consortium. This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).
Changes since 4.4.2b1 (Bug Fixes)
- Added a clarification on DHCPINFORMs and server authority to
dhcpd.conf.5
[Gitlab #37]
- Only emit lease scrubbing log messages when DEBUG_FAILOVER_MESSAGES
is defined.
[Gitlab #72]
- Added the interface name to socket initialization failure log messages.
Prior to this the log messages stated only the error reason without
stating the target interface.
[Gitlab #75]
- Corrected buffer pointer logic in dhcrelay functions that manipulate
agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
& Mitigations for reporting the issue.
[#71]
- Corrected unresolved symbol errors building relay_unittests when
configured to build using libtool.
[#80]
Changes since 4.4.1 (New Features)
- A new configuration parameter, ping-cltt-secs (v4 operation only), has
been added to allow the user to specify the number of seconds that must
elapse since CLTT before a ping check is conducted. Prior to this, the
value was hard coded at 60 seconds. Please see the server man pages for
a more detailed discussion.
[ISC-Bugs #36283]
- A new configuration parameter, ping-timeout-ms (v4 operation only),
has been added that allows the user to specify the amount of time
the server waits for a ping-check response in milliseconds rather
than in seconds (via ping-timeout). When greater than zero, the value
of ping-timeout-ms will override the value of ping-timeout. Thanks
to Jay Doran from Bluecat Networks for suggesting this feature.
[Gitlab #10]
- An experimental tool called, Keama (KEA Migration Assistant), which helps
translate ISC DHCP configurations to Kea configurations, is now included
in the distribution.
[Gitlab #34]
Changes since 4.4.1 (Bug Fixes)
- Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
carried out over TCP rather than UDP. The coding error was exposed by
migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for
reporting the issue.
[ISC-Bugs #47757]
- Bind9 now defaults to requiring python to build. The Makefile for
building Bind9 when bundled with ISC DHCP was modified to turn off
this dependency.
[Gitlab #3]
- Corrected a dual-stack mixed-mode issue that occurs when both
ddns-guard-id-must-match and ddns-other-guard-is-dynamic
are enabled and that caused the server to incorrectly interpret
the presence of a guard record belonging to another client as
a case of no guard record at all. Thanks to Fernando Soto
from BlueCat Networks for reporting this issue.
[Gitlab #1]
- Corrected a compilation issue that occurred when building without DNS
update ability (e.g. by undefining NSUPDATE).
[Gitlab #16]
- Corrected an issue that was causing the server, when running in
DHPCv4 mode, to segfault when class lease limits are reached.
Thanks to Peter Nagy at Porion-Digital for reporting the matter
and submitting a patch.
[Gitlab #13]
- Made minor changes to eliminate warnings when compiled with GCC 9.
Thanks to Brett Neumeier for bringing the matter to our attention.
[Gitlab #15]
- Fixed potential memory leaks in parser error message generation
spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
[Gitlab #30]
- Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
to Tommy Smith for contributing the patch.
[Gitlab #26]
- Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
reporting the issue.
[GitLab #19]
- Applied a patch from OpenBSD to always set the scope id of outbound
DHPCv6 packets. Note this change only applies when compiling under
OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our
attention.
[Gitlab #33]
- Modified dhclient to not discard config file leases that are
duplicates of server-provided leases and to retain such leases
after they have been used as the fallback active lease and
DHCP service has been restored. This allows them to be used
more than once during the lifetime of a dhclient instance.
This applies to DHCPv4 operation only.
[Gitlab #9]
- Corrected a number of reference counter and zero-length buffer leaks.
Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
pointing them out.
[Gitlab #57]
- Closed a small window of time between the installation of graceful
shutdown signal handlers and application context startup, during which
the receipt of shutdown signal would cause a REQUIRE() assertion to
occur. Note this issue is only visible when compiling with
ENABLE_GENTLE_SHUTDOWN defined.
[Gitlab #53]
- Corrected a buffer overflow that can occur when retrieving zone
names that are more than 255 characters in length.
[Gitlab #20]
- The "d" domain name option format was incorrectly handled as text
instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
for reporting this issue.
[Gitlab #2]
- Improved the error message issued when a host declaration has both
a uid and a dhcp-client-identifier. Server configuration parsing will
now fail if a host declaration specifies more than one uid.
[Gitlab #7]
- Updated developer's documentation on building and running unit tests.
Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
source.
[Gitlab #35]
- Fixed a syntax error in ldap.c which cropped up under Ubuntu
18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
[Gitlab #51]
- Added clarification to dhcp-options.5 section on ip-address values
describing the first-use DNS resolution of options with hostnames as
values (e.g. next-server).
[Gitlab #28]
- The option format for the server option omapi-key was changed to a
format type 'k' (key name); while server options ldap-port and
ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
three options were inadvertantly broken when the 'd' format content
was changed to comply with RFC 1035 wire format (see Gitlab #2).
[Gitlab #68]
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 4, 2020
Version 4.4.2
22 January 2020
Release Notes
NEW FEATURES
Please note that that ISC DHCP is now licensed under the Mozilla Public License,
MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
license terms.
While release 4.4.2 is primarily a maintenance release that addresses a number
of defects, it does introduce a few new features:
- Keama - Keama is a migration utility that assists in converting ISC DHCP
server configuration files to Kea configuration files. It is found in the
keama subdirectory and includes a README.md file with instructions on how
to build it as well as a manpage on its usage.
- Two new server parameters related to ping checking were added:
1. ping-cltt-secs which allows the user to specify the number of seconds
that must elapse since CLTT before a ping check is conducted.
2. ping-timeout-ms which allows the user to specify the amount of time the
server waits for a ping-check response in milliseconds rather than in
seconds.
In general, the areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
Dynamic DNS Improvements:
- We added three new server configuration parameters which influence DDNS
conflict resolution:
1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
to mitigate issues with non-compliant clients in dual stack environments.
2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
requirement of DNS conflict resolution.
3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
allow unguarded DNS entries to be overwritten in certain cases
- The server now honors update-static-leases parameter for static DHCPv6
hosts.
dhclient Improvements:
- We've added three command line parameters to dhclient:
1. --prefix-len-hint - directs dhclient to use the given length as
the prefix length hint when requesting prefixes
2. --decline-wait-time - instructs the client to wait the given number
of seconds after declining an IPv4 address before issuing a discover
3. --address-prefix-len - specifies the prefix length passed by dhclient
into the client script (via the environment variable ip6_prefixlen) with
each IPv6 address. We added this parameter because we have changed the
default value from 64 to 128 in order to be compliant with RFC3315bis
draft (-09, page 64) and RFC5942, Section 4, point 1.
**WARNING**: The new default value of 128 may not be backwardly compatible
with your environment. If you are operating without a router, such as
between VMs on a host, you may find they cannot see each other with prefix
length of 128. In such cases, you'll need to either provide routing or use
the command line parameter to set the value to 64. Alternatively you may
change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
in includes/site.h.
- dhclient will now generate a DHCPv6 DECLINE message when the client script
indicates a DAD failure
Dynamic shared library support:
Configure script, configure.ac+lt, which supports libtool is now provided
with the source tar ball. This script can be used to configure ISC DHCP
to build with libtool and thus use dynamic shared libraries.
Other Highlights:
- The server now supports dhcp-cache-threshold for DHCPv6 operations
- The server now supports DHPv6 address allocation based on EUI-64 DUIDs
- Experimental support for alternate relay port in the both the server
and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.
The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.
ISC DHCP is open source software maintained by Internet Systems
Consortium. This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).
Changes since 4.4.2b1 (Bug Fixes)
- Added a clarification on DHCPINFORMs and server authority to
dhcpd.conf.5
[Gitlab #37]
- Only emit lease scrubbing log messages when DEBUG_FAILOVER_MESSAGES
is defined.
[Gitlab #72]
- Added the interface name to socket initialization failure log messages.
Prior to this the log messages stated only the error reason without
stating the target interface.
[Gitlab #75]
- Corrected buffer pointer logic in dhcrelay functions that manipulate
agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
& Mitigations for reporting the issue.
[#71]
- Corrected unresolved symbol errors building relay_unittests when
configured to build using libtool.
[#80]
Changes since 4.4.1 (New Features)
- A new configuration parameter, ping-cltt-secs (v4 operation only), has
been added to allow the user to specify the number of seconds that must
elapse since CLTT before a ping check is conducted. Prior to this, the
value was hard coded at 60 seconds. Please see the server man pages for
a more detailed discussion.
[ISC-Bugs #36283]
- A new configuration parameter, ping-timeout-ms (v4 operation only),
has been added that allows the user to specify the amount of time
the server waits for a ping-check response in milliseconds rather
than in seconds (via ping-timeout). When greater than zero, the value
of ping-timeout-ms will override the value of ping-timeout. Thanks
to Jay Doran from Bluecat Networks for suggesting this feature.
[Gitlab #10]
- An experimental tool called, Keama (KEA Migration Assistant), which helps
translate ISC DHCP configurations to Kea configurations, is now included
in the distribution.
[Gitlab #34]
Changes since 4.4.1 (Bug Fixes)
- Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
carried out over TCP rather than UDP. The coding error was exposed by
migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for
reporting the issue.
[ISC-Bugs #47757]
- Bind9 now defaults to requiring python to build. The Makefile for
building Bind9 when bundled with ISC DHCP was modified to turn off
this dependency.
[Gitlab #3]
- Corrected a dual-stack mixed-mode issue that occurs when both
ddns-guard-id-must-match and ddns-other-guard-is-dynamic
are enabled and that caused the server to incorrectly interpret
the presence of a guard record belonging to another client as
a case of no guard record at all. Thanks to Fernando Soto
from BlueCat Networks for reporting this issue.
[Gitlab #1]
- Corrected a compilation issue that occurred when building without DNS
update ability (e.g. by undefining NSUPDATE).
[Gitlab #16]
- Corrected an issue that was causing the server, when running in
DHPCv4 mode, to segfault when class lease limits are reached.
Thanks to Peter Nagy at Porion-Digital for reporting the matter
and submitting a patch.
[Gitlab #13]
- Made minor changes to eliminate warnings when compiled with GCC 9.
Thanks to Brett Neumeier for bringing the matter to our attention.
[Gitlab #15]
- Fixed potential memory leaks in parser error message generation
spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
[Gitlab #30]
- Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
to Tommy Smith for contributing the patch.
[Gitlab #26]
- Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
reporting the issue.
[GitLab #19]
- Applied a patch from OpenBSD to always set the scope id of outbound
DHPCv6 packets. Note this change only applies when compiling under
OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our
attention.
[Gitlab #33]
- Modified dhclient to not discard config file leases that are
duplicates of server-provided leases and to retain such leases
after they have been used as the fallback active lease and
DHCP service has been restored. This allows them to be used
more than once during the lifetime of a dhclient instance.
This applies to DHCPv4 operation only.
[Gitlab #9]
- Corrected a number of reference counter and zero-length buffer leaks.
Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
pointing them out.
[Gitlab #57]
- Closed a small window of time between the installation of graceful
shutdown signal handlers and application context startup, during which
the receipt of shutdown signal would cause a REQUIRE() assertion to
occur. Note this issue is only visible when compiling with
ENABLE_GENTLE_SHUTDOWN defined.
[Gitlab #53]
- Corrected a buffer overflow that can occur when retrieving zone
names that are more than 255 characters in length.
[Gitlab #20]
- The "d" domain name option format was incorrectly handled as text
instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
for reporting this issue.
[Gitlab #2]
- Improved the error message issued when a host declaration has both
a uid and a dhcp-client-identifier. Server configuration parsing will
now fail if a host declaration specifies more than one uid.
[Gitlab #7]
- Updated developer's documentation on building and running unit tests.
Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
source.
[Gitlab #35]
- Fixed a syntax error in ldap.c which cropped up under Ubuntu
18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
[Gitlab #51]
- Added clarification to dhcp-options.5 section on ip-address values
describing the first-use DNS resolution of options with hostnames as
values (e.g. next-server).
[Gitlab #28]
- The option format for the server option omapi-key was changed to a
format type 'k' (key name); while server options ldap-port and
ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
three options were inadvertantly broken when the 'd' format content
was changed to comply with RFC 1035 wire format (see Gitlab #2).
[Gitlab #68]
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 9, 2020
Version 4.4.2
22 January 2020
Release Notes
NEW FEATURES
Please note that that ISC DHCP is now licensed under the Mozilla Public License,
MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
license terms.
While release 4.4.2 is primarily a maintenance release that addresses a number
of defects, it does introduce a few new features:
- Keama - Keama is a migration utility that assists in converting ISC DHCP
server configuration files to Kea configuration files. It is found in the
keama subdirectory and includes a README.md file with instructions on how
to build it as well as a manpage on its usage.
- Two new server parameters related to ping checking were added:
1. ping-cltt-secs which allows the user to specify the number of seconds
that must elapse since CLTT before a ping check is conducted.
2. ping-timeout-ms which allows the user to specify the amount of time the
server waits for a ping-check response in milliseconds rather than in
seconds.
In general, the areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
Dynamic DNS Improvements:
- We added three new server configuration parameters which influence DDNS
conflict resolution:
1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
to mitigate issues with non-compliant clients in dual stack environments.
2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
requirement of DNS conflict resolution.
3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
allow unguarded DNS entries to be overwritten in certain cases
- The server now honors update-static-leases parameter for static DHCPv6
hosts.
dhclient Improvements:
- We've added three command line parameters to dhclient:
1. --prefix-len-hint - directs dhclient to use the given length as
the prefix length hint when requesting prefixes
2. --decline-wait-time - instructs the client to wait the given number
of seconds after declining an IPv4 address before issuing a discover
3. --address-prefix-len - specifies the prefix length passed by dhclient
into the client script (via the environment variable ip6_prefixlen) with
each IPv6 address. We added this parameter because we have changed the
default value from 64 to 128 in order to be compliant with RFC3315bis
draft (-09, page 64) and RFC5942, Section 4, point 1.
**WARNING**: The new default value of 128 may not be backwardly compatible
with your environment. If you are operating without a router, such as
between VMs on a host, you may find they cannot see each other with prefix
length of 128. In such cases, you'll need to either provide routing or use
the command line parameter to set the value to 64. Alternatively you may
change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
in includes/site.h.
- dhclient will now generate a DHCPv6 DECLINE message when the client script
indicates a DAD failure
Dynamic shared library support:
Configure script, configure.ac+lt, which supports libtool is now provided
with the source tar ball. This script can be used to configure ISC DHCP
to build with libtool and thus use dynamic shared libraries.
Other Highlights:
- The server now supports dhcp-cache-threshold for DHCPv6 operations
- The server now supports DHPv6 address allocation based on EUI-64 DUIDs
- Experimental support for alternate relay port in the both the server
and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.
The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.
ISC DHCP is open source software maintained by Internet Systems
Consortium. This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).
Changes since 4.4.2b1 (Bug Fixes)
- Added a clarification on DHCPINFORMs and server authority to
dhcpd.conf.5
[Gitlab #37]
- Only emit lease scrubbing log messages when DEBUG_FAILOVER_MESSAGES
is defined.
[Gitlab #72]
- Added the interface name to socket initialization failure log messages.
Prior to this the log messages stated only the error reason without
stating the target interface.
[Gitlab #75]
- Corrected buffer pointer logic in dhcrelay functions that manipulate
agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
& Mitigations for reporting the issue.
[#71]
- Corrected unresolved symbol errors building relay_unittests when
configured to build using libtool.
[#80]
Changes since 4.4.1 (New Features)
- A new configuration parameter, ping-cltt-secs (v4 operation only), has
been added to allow the user to specify the number of seconds that must
elapse since CLTT before a ping check is conducted. Prior to this, the
value was hard coded at 60 seconds. Please see the server man pages for
a more detailed discussion.
[ISC-Bugs #36283]
- A new configuration parameter, ping-timeout-ms (v4 operation only),
has been added that allows the user to specify the amount of time
the server waits for a ping-check response in milliseconds rather
than in seconds (via ping-timeout). When greater than zero, the value
of ping-timeout-ms will override the value of ping-timeout. Thanks
to Jay Doran from Bluecat Networks for suggesting this feature.
[Gitlab #10]
- An experimental tool called, Keama (KEA Migration Assistant), which helps
translate ISC DHCP configurations to Kea configurations, is now included
in the distribution.
[Gitlab #34]
Changes since 4.4.1 (Bug Fixes)
- Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
carried out over TCP rather than UDP. The coding error was exposed by
migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for
reporting the issue.
[ISC-Bugs #47757]
- Bind9 now defaults to requiring python to build. The Makefile for
building Bind9 when bundled with ISC DHCP was modified to turn off
this dependency.
[Gitlab #3]
- Corrected a dual-stack mixed-mode issue that occurs when both
ddns-guard-id-must-match and ddns-other-guard-is-dynamic
are enabled and that caused the server to incorrectly interpret
the presence of a guard record belonging to another client as
a case of no guard record at all. Thanks to Fernando Soto
from BlueCat Networks for reporting this issue.
[Gitlab #1]
- Corrected a compilation issue that occurred when building without DNS
update ability (e.g. by undefining NSUPDATE).
[Gitlab #16]
- Corrected an issue that was causing the server, when running in
DHPCv4 mode, to segfault when class lease limits are reached.
Thanks to Peter Nagy at Porion-Digital for reporting the matter
and submitting a patch.
[Gitlab #13]
- Made minor changes to eliminate warnings when compiled with GCC 9.
Thanks to Brett Neumeier for bringing the matter to our attention.
[Gitlab #15]
- Fixed potential memory leaks in parser error message generation
spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
[Gitlab #30]
- Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
to Tommy Smith for contributing the patch.
[Gitlab #26]
- Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
reporting the issue.
[GitLab #19]
- Applied a patch from OpenBSD to always set the scope id of outbound
DHPCv6 packets. Note this change only applies when compiling under
OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our
attention.
[Gitlab #33]
- Modified dhclient to not discard config file leases that are
duplicates of server-provided leases and to retain such leases
after they have been used as the fallback active lease and
DHCP service has been restored. This allows them to be used
more than once during the lifetime of a dhclient instance.
This applies to DHCPv4 operation only.
[Gitlab #9]
- Corrected a number of reference counter and zero-length buffer leaks.
Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
pointing them out.
[Gitlab #57]
- Closed a small window of time between the installation of graceful
shutdown signal handlers and application context startup, during which
the receipt of shutdown signal would cause a REQUIRE() assertion to
occur. Note this issue is only visible when compiling with
ENABLE_GENTLE_SHUTDOWN defined.
[Gitlab #53]
- Corrected a buffer overflow that can occur when retrieving zone
names that are more than 255 characters in length.
[Gitlab #20]
- The "d" domain name option format was incorrectly handled as text
instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
for reporting this issue.
[Gitlab #2]
- Improved the error message issued when a host declaration has both
a uid and a dhcp-client-identifier. Server configuration parsing will
now fail if a host declaration specifies more than one uid.
[Gitlab #7]
- Updated developer's documentation on building and running unit tests.
Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
source.
[Gitlab #35]
- Fixed a syntax error in ldap.c which cropped up under Ubuntu
18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
[Gitlab #51]
- Added clarification to dhcp-options.5 section on ip-address values
describing the first-use DNS resolution of options with hostnames as
values (e.g. next-server).
[Gitlab #28]
- The option format for the server option omapi-key was changed to a
format type 'k' (key name); while server options ldap-port and
ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
three options were inadvertantly broken when the 'd' format content
was changed to comply with RFC 1035 wire format (see Gitlab #2).
[Gitlab #68]
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 1, 2021
external/gpl3/gcc/lib/libstdc++-v3/arch/mips64eb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/config/locale/generic/time_members.cc: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/arm/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/vax/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc64/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/hppa/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68000/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/mipsel/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/c++config.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/armeb/tm.h: revision 1.10 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/vax/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/symver-config.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/armeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/alpha/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/include/bits/locale_facets_nonio.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/auto-host.h: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/hppa/tm.h: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/sparc/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/ia64/defs.mk: revision 1.9 external/gpl3/gcc/lib/libstdc++-v3/arch/mips64el/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/sparc/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/defs.mk: revision 1.19 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/defs.mk: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68000/defs.mk: revision 1.15 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/defs.mk: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhf/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68k/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhfeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/arm/tm.h: revision 1.9 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/defs.mk: revision 1.17 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/powerpc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/auto-host.h: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7eb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3el/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/i386/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/gstdint.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/x86_64/defs.mk: revision 1.15 external/gpl3/gcc/lib/libiberty/defs.mk: revision 1.22 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmeb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/symver-config.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/Makefile: revision 1.48 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/defs.mk: revision 1.5 external/gpl3/gcc/dist/libstdc++-v3/src/c++11/ctype.cc: revision 1.2 external/gpl3/gcc/lib/libstdc++-v3/arch/earm/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/riscv64/multilib.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/m68k/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earm/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/i386/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/armeb/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/arm/auto-host.h: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68k/tm.h: revision 1.7 external/gpl3/gcc/lib/libstdc++-v3/arch/mipseb/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/i386/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/armeb/auto-host.h: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/i386/auto-host.h: revision 1.15 external/gpl3/gcc/dist/libstdc++-v3/configure: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/hppa/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/alpha/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/tm.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/alpha/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/arm/defs.mk: revision 1.11 external/gpl3/gcc/dist/libstdc++-v3/acinclude.m4: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/ia64/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/vax/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/c++config.h: revision 1.8 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/c++config.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/auto-host.h: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/defs.mk: revision 1.19 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/defs.mk: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/m68000/tm.h: revision 1.6 Arrange so that the Makefile works for both the generic and the dragonfly locale code. There is no specialized constructor for ctype<char> so the destructor ends up trying to free uninitialized memory for _M_c_locale_ctype. Add a forward declaration for the specialized __timepunct<wchar_t> destructor that the dragonfly code needs to avoid "instantiation before specialization", and an empty implementation for the generic code. Use the dragonfly locale code for NetBSD too. Manually patch the locale configuration to use the dragonfly code instead of generic. regen mknative for everyone after: - NETBSD_ENABLE_PTHREADS removed (default always) - HAVE_GNU_INDIRECT_FUNCTION enabled for some platforms - switch to dragondfly bsd locale routines after christos made them work for us
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 8, 2021
external/gpl3/gcc/lib/libstdc++-v3/arch/mips64eb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/config/locale/generic/time_members.cc: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/arm/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/vax/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc64/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/hppa/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68000/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/mipsel/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/c++config.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/armeb/tm.h: revision 1.10 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/vax/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/sh3eb/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/symver-config.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/armeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3eb/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/alpha/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/defs.mk: revision 1.13 external/gpl3/gcc/dist/libstdc++-v3/include/bits/locale_facets_nonio.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/defs.mk: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/auto-host.h: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/hppa/tm.h: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/sparc/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/ia64/defs.mk: revision 1.9 external/gpl3/gcc/lib/libstdc++-v3/arch/mips64el/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/sparc/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/defs.mk: revision 1.19 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/defs.mk: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68000/defs.mk: revision 1.15 external/gpl3/gcc/lib/libstdc++-v3/arch/sparc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/defs.mk: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmeb/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhf/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/earm/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/sparc64/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/m68k/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/earmv4eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmhfeb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/arm/tm.h: revision 1.9 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/defs.mk: revision 1.17 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv4/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6eb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mips64eb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/sh3el/defs.mk: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/powerpc/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv4/auto-host.h: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7eb/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/sh3el/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/sparc/auto-host.h: revision 1.14 external/gpl3/gcc/lib/libstdc++-v3/arch/i386/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmv6eb/auto-host.h: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/gstdint.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv7eb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/x86_64/defs.mk: revision 1.15 external/gpl3/gcc/lib/libiberty/defs.mk: revision 1.22 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/mipseb/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmeb/defs.mk: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/ia64/symver-config.h: revision 1.2 external/gpl3/gcc/usr.bin/gcc/arch/x86_64/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/Makefile: revision 1.48 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/defs.mk: revision 1.5 external/gpl3/gcc/dist/libstdc++-v3/src/c++11/ctype.cc: revision 1.2 external/gpl3/gcc/lib/libstdc++-v3/arch/earm/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/riscv64/multilib.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/m68k/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earm/auto-host.h: revision 1.16 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hfeb/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/i386/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/armeb/defs.mk: revision 1.18 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/arm/auto-host.h: revision 1.14 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mips64el/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/m68k/tm.h: revision 1.7 external/gpl3/gcc/lib/libstdc++-v3/arch/mipseb/defs.mk: revision 1.12 external/gpl3/gcc/usr.bin/gcc/arch/i386/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hf/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv6hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/armeb/auto-host.h: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/tm.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/earmv6/tm.h: revision 1.6 external/gpl3/gcc/usr.bin/gcc/arch/i386/auto-host.h: revision 1.15 external/gpl3/gcc/dist/libstdc++-v3/configure: revision 1.12 external/gpl3/gcc/lib/libstdc++-v3/arch/earmv7hf/defs.mk: revision 1.11 external/gpl3/gcc/usr.bin/gcc/arch/hppa/defs.mk: revision 1.16 external/gpl3/gcc/usr.bin/gcc/arch/alpha/defs.mk: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/aarch64/tm.h: revision 1.3 external/gpl3/gcc/usr.bin/gcc/arch/earmv7hfeb/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/defs.mk: revision 1.17 external/gpl3/gcc/usr.bin/gcc/arch/mipsel/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/alpha/defs.mk: revision 1.11 external/gpl3/gcc/lib/libstdc++-v3/arch/arm/defs.mk: revision 1.11 external/gpl3/gcc/dist/libstdc++-v3/acinclude.m4: revision 1.7 external/gpl3/gcc/usr.bin/gcc/arch/ia64/tm.h: revision 1.5 external/gpl3/gcc/usr.bin/gcc/arch/vax/tm.h: revision 1.6 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv64/c++config.h: revision 1.8 external/gpl3/gcc/lib/libstdc++-v3/arch/riscv32/c++config.h: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmhf/auto-host.h: revision 1.15 external/gpl3/gcc/usr.bin/gcc/arch/earmhfeb/auto-host.h: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/powerpc/defs.mk: revision 1.19 external/gpl3/gcc/usr.bin/gcc/arch/earmv7/defs.mk: revision 1.13 external/gpl3/gcc/lib/libstdc++-v3/arch/aarch64/defs.mk: revision 1.8 external/gpl3/gcc/usr.bin/gcc/arch/earmv6hf/defs.mk: revision 1.13 external/gpl3/gcc/usr.bin/gcc/arch/m68000/tm.h: revision 1.6 Arrange so that the Makefile works for both the generic and the dragonfly locale code. There is no specialized constructor for ctype<char> so the destructor ends up trying to free uninitialized memory for _M_c_locale_ctype. Add a forward declaration for the specialized __timepunct<wchar_t> destructor that the dragonfly code needs to avoid "instantiation before specialization", and an empty implementation for the generic code. Use the dragonfly locale code for NetBSD too. Manually patch the locale configuration to use the dragonfly code instead of generic. regen mknative for everyone after: - NETBSD_ENABLE_PTHREADS removed (default always) - HAVE_GNU_INDIRECT_FUNCTION enabled for some platforms - switch to dragondfly bsd locale routines after christos made them work for us
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 20, 2022
usr.sbin/dumpfs/dumpfs.c: revision 1.67 usr.sbin/dumpfs/dumpfs.8: revision 1.21 dumpfs: remove confusing output for UFS2 remove the mention of "fslevel 5" because no such thing exists. the whole "fs level" concept really only applies to UFS1, so don't print the line with the level number and details for UFS2 file systems at all. try to clarify this in the manpage as well. prompted by PR 57082.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jul 30, 2023
usr.sbin/dumpfs/dumpfs.c: revision 1.67 usr.sbin/dumpfs/dumpfs.8: revision 1.21 dumpfs: remove confusing output for UFS2 remove the mention of "fslevel 5" because no such thing exists. the whole "fs level" concept really only applies to UFS1, so don't print the line with the level number and details for UFS2 file systems at all. try to clarify this in the manpage as well. prompted by PR 57082.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 20, 2023
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 20, 2023
usr.sbin/dumpfs/dumpfs.c: revision 1.67 usr.sbin/dumpfs/dumpfs.8: revision 1.21 dumpfs: remove confusing output for UFS2 remove the mention of "fslevel 5" because no such thing exists. the whole "fs level" concept really only applies to UFS1, so don't print the line with the level number and details for UFS2 file systems at all. try to clarify this in the manpage as well. prompted by PR 57082.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 20, 2023
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 20, 2023
sys/net/rtsock.c: revision 1.244 (adapted) Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0xffffffff80b7c44a in kleak_note <netbsd> [ 944.627332] #1 0xffffffff80b7c4ca in kleak_copyout <netbsd> [ 944.627332] #2 0xffffffff80c91698 in sysctl_iflist_if <netbsd> [ 944.637336] #3 0xffffffff80c91d3c in sysctl_iflist <netbsd> [ 944.647343] #4 0xffffffff80c93855 in sysctl_rtable <netbsd> [ 944.647343] #5 0xffffffff80b5b328 in sysctl_dispatch <netbsd> [ 944.657346] #6 0xffffffff80b5b62e in sys___sysctl <netbsd> [ 944.667354] #7 0xffffffff8025ab3c in sy_call <netbsd> [ 944.667354] #8 0xffffffff8025ad6e in sy_invoke <netbsd> [ 944.677365] #9 0xffffffff8025adf4 in syscall <netbsd>
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 16, 2025
crypto/external/apache2/openssl/lib/libssl/Makefile: revision 1.5 libssl: link against libcrypto like we did for OpenSSL < 3.5 Also matches what upstream does. Patch from RVP via current-users.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 16, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In 2017 a CVE was detected for racoon. The ipsec-tools racoon daemon
contains a remotely exploitable computational complexity attack when
parsing and storing isakmp fragments.
This security issue was fixed by implementing a strict fragment control.
The strict control may blackball VPN clients from VPN service (see
PR/53646). The implemented failure notifications are laconic. On the
other hand current racoon server dumps complete IKE messages into the
logs in debug mode.
The fragmentation bug PR/53646 has now been fixed by separate commit.
Add minimum debug information for fragment handler to ease root cause
analysis in case of VPN connection rejects or attacks.
Signed-off-by: Thomas Reim reimth@gmail.com