0.pool.* returns only IPv4 addresses.
2.pool.* returns both, IPv6 and IPv4 addresses.
conservatively extend our IPv4 only pool configuration by adding a
second pool, which also returns IPv6 addresses.
PR: 270536
Reported by: Lapo Luchini <lapo@lapo.it>
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/731
Differential Revision: https://reviews.freebsd.org/D39954
When starting, ntpd calls setrlimit(2) to limit maximum size of its
stack. The stack limit chosen by ntpd is 200K, so when stack gap
is enabled, the stack gap is larger than this limit, which results
in ntpd crashing.
Submitted by: Dawid Gorecki <dgr@semihalf.com>
Reviewed by: cy, imp
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D29553
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend
DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options
See share/mk/dirdeps-options.mk
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22469
pages to page as necessary.
To restore historic BSD behaviour add the following to ntp.conf:
rlimit memlock 32
Discussed on: freebsd-current@ between Sept 6-9, 2019
Reported by: Users using ASLR with stack gap != 0
Reviewed by: ian, kib, rgrimes (all previous versions)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D21581
leap-seconds file from NIST at ftp://ftp.nist.gov/pub/time.
Future updates should use the NIST version of file, available
at ftp://ftp.nist.gov/pub/time/leap-seconds.list .
Requested by: ian@
Obtained from: ftp://ftp.nist.gov/pub/time/leap-seconds.3676924800
MFC after: 3 days
As per https://datacenter.iers.org/data/latestVersion/16_BULLETIN_C16.txt:
INTERNATIONAL EARTH ROTATION AND REFERENCE SYSTEMS SERVICE (IERS)
SERVICE INTERNATIONAL DE LA ROTATION TERRESTRE ET DES SYSTEMES DE REFERENCE
SERVICE DE LA ROTATION TERRESTRE DE L'IERS
OBSERVATOIRE DE PARIS
61, Av. de l'Observatoire 75014 PARIS (France)
Tel. : +33 1 40 51 23 35
e-mail : services.iers@obspm.frhttp://hpiers.obspm.fr/eop-pc
Paris, 07 January 2019
Bulletin C 57
To authorities responsible
for the measurement and
distribution of time
INFORMATION ON UTC - TAI
NO leap second will be introduced at the end of June 2019.
The difference between Coordinated Universal Time UTC and the
International Atomic Time TAI is :
from 2017 January 1, 0h UTC, until further notice : UTC-TAI = -37 s
Leap seconds can be introduced in UTC at the end of the months of December
or June, depending on the evolution of UT1-TAI. Bulletin C is mailed every
six months, either to announce a time step in UTC, or to confirm that there
will be no time step at the next possible date.
Christian BIZOUARD
Director
Earth Orientation Center of IERS
Observatoire de Paris, France
Requested by: rgrimes
Obtained from: ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.3757622400
MFC after: 3 days
This helps with pkgbase by using CONFS to tag these as config files.
Approved by: allanjude (mentor), ian, cy
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16661
- Use SRCTOP-relative paths to other directories instead of
.CURDIR-relative ones. This simplifies pathing in make/displayed output.
- Also, use :H where possible/sensical to manipulate .CURDIR-relative
paths
- Remove superfluous bsd.own.mk .includes which are already handled via
src.opts.mk .includes
MFC after: 1 week
Sponsored by: Dell EMC Isilon
These are no longer needed after the recent 'beforebuild: depend' changes
and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports
skipping 'make depend'.
Sponsored by: EMC / Isilon Storage Division
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
remove the now-redundant checks for RELEASE_CRUNCH. This originally
was defined for building smaller sysinstall images, but was later also
used by picobsd builds for a similar purpose. Now that we've moved
away from sysinstall, picobsd is the only remaining consumer of this
interface. Adding these two options reduces the RELEASE_CRUNCH
special cases in the tree by half.
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
sntp includes a copy of libopts in itself in vendor code, rewrite the
Makefile to compile and use only one copy. It is an internal library, not
installed.
MFC after: 2 weeks
It does survive « make release ».
Uses an upcoming patch from the vendor branch (ntp-stable) of ntp-keygen.
Submitted by: Marius Strobl <marius@alchemy.franken.de>
