7.x, 8.x and 9.x with pf(4) imports: pfsync(4) should suppress CARP
preemption, while it is running its bulk update.
However, reimplement the feature in more elegant manner, that is
partially inspired by newer OpenBSD:
- Rename term "suppression" to "demotion", to match with OpenBSD.
- Keep a global demotion factor, that can be raised by several
conditions, for now these are:
- interface goes down
- carp(4) has problems with ip_output() or ip6_output()
- pfsync performs bulk update
- Unlike in OpenBSD the demotion factor isn't a counter, but
is actual value added to advskew. The adjustment values for
particular error conditions are also configurable, and their
defaults are maximum advskew value, so a single failure bumps
demotion to maximum. This is for POLA compatibility, and should
satisfy most users.
- Demotion factor is a writable sysctl, so user can do
foot shooting, if he desires to.
against icmp6_hdr::icmp6_type is done incorrectly. (This fix has
already been applied upstream, but we do not have the latest version of
tcpdump.)
MFC after: 1 week
without conversion warnings. This code desparately needs a good dose of
const poison, but fixing all the issues would be rather disruptive.
MFC after: 1 week
literals. Also, change the direction argument to move_rel() from char
to int; K&R function definions cause it to be promoted to an int anyway,
and this way we avoid clang warning about it.
MFC after: 1 week
__COUNTER__ allows one to obtain incrementing (read: unique) numbers
from the C preprocesor. This is useful when implementing things like a
robust implementation of CTASSERT(), which currently fails when using
it more than once on a single line of code. Probably not likely to cause
any breakage, but still.
__COUNTER__ was also added to GCC 4.3, but since that implementation is
GPLv3 licensed, I took the liberty of implementing it without looking at
any upstream sources. Therefore, this version is licensed under the same
license as the rest of the code; GPLv2.
attack vector against applications that allow the applicant to specify
which policy to apply.
Submitted by: Matthias Drochner <drochner@netbsd.org>
MFC after: 1 week
with clang, by removing two unneeded using declarations. Otherwise, you
would get errors similar to:
/usr/include/c++/4.2/debug/map.h:77:20: error: dependent using declaration resolved to type without 'typename'
using _Base::value_compare;
^
N.B.: Take care when you actually use the debug versions of any
libstdc++ header. They are more likely to contain problems, because
they are exercised far less often, and since the standard library
complexity guarantees don't always apply anymore, compile times can
drastically increase.
MFC after: 2 weeks
MK_LIBCPLUSPLUS=yes to enable). This is a work-in-progress. It works for
me, but is not guaranteed to work for anyone else and may eat your dog.
To build C++ using libc++, add -stdlib=libc++ to your CXX and LD flags.
Bug reports welcome, bug fixes even more welcome...
Approved by: dim (mentor)
load of _l suffixed versions of various standard library functions that use
the global locale, making them take an explicit locale parameter. Also
adds support for per-thread locales. This work was funded by the FreeBSD
Foundation.
Please test any code you have that uses the C standard locale functions!
Reviewed by: das (gdtoa changes)
Approved by: dim (mentor)
Fix the signature of the getcontext builtin, eliminating incorrect
warnings about its prototype.
This also adds a -W(no-)builtin-requires-header option, which can be
used to enable or disable warnings of this kind.
MFC after: 1 week
Mark the overloaded atomic builtins as having custom type checking,
which they do. This avoids all of the default argument promotions that
we (1) don't want, and (2) undo during that custom type checking, and
makes sure that we don't run into trouble during template
instantiation. Fixes llvm/clang PR11320.
MFC after: 1 week
Recursive name servers are failing with an assertion:
INSIST(! dns_rdataset_isassociated(sigrdataset))
At this time it is not thought that authoritative-only servers
are affected, but information about this bug is evolving rapidly.
Because it may be possible to trigger this bug even on networks
that do not allow untrusted users to access the recursive name
servers (perhaps via specially crafted e-mail messages, and/or
malicious web sites) it is recommended that ALL operators of
recursive name servers upgrade immediately.
For more information see:
https://www.isc.org/software/bind/advisories/cve-2011-tbd
which will be updated as more information becomes available.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
declares the proper size of a function. Without this macro recent GNU as will
complain about with:
'Error: .size expression for main does not evaluate to a constant.'
Up to now we produce this:
.L.main:
....
.size main, .-main
With the macro defined the output is this:
.L.main:
....
.size main,.-.L.main
This affects only the 64-bit compiler.
Tested with world and kernel on both, 32 and 64-bit powerpc.
- Fiji will end DST on 22 January 2012.
- Moldova split into two timezones has been cancelled.
- Cuba will end DST on 13 November 2011
Obtained from: ftp://ftp.iana.org/tz/releases/
-march=native" on AMD K10 family processors no longer errors out with
"unknown target CPU 'amdfam10'". This also enables use of SSE4A.
Reported by: David Marec <david.marec@davenulle.org>
MFC after: 3 days
Europe:
- Pridnestrovian Moldavian Republic (PMR, also known as
"Pridnestrovie") has abolished seasonal clock change (no transition
to the Winter Time).
- The recent change to the Ukranian time zone (Europe/Kiev) to
introduce permanent daylight saving time (similar to Russia) was
reverted.
South America:
- Bahia: The President signed a decree that includes Bahia in summer
time.
zone.tab:
- Add Europe/Tiraspol Pridnestrovie
Obtained from: ftp://ftp.iana.org/tz/releases/
Changes in 2011i:
Africa
- Added South Sudan: Africa/Juba
Australasia:
- Samoa will go forward 24 hours at 30 December 2011 to better match
the day of the week with its neighbours.
Europe:
- Europe/Kaliningrad will have the timezone KALT.
North America:
- Updates to Metlakatla historical data
- Newfoundland, Labrador and Resolute will do something which I
can't figure out.
iso3166tab;
- Add SS for South Sudan.
Changes in 2011j:
- Samoa will go from 29 December 23:59:59 to 31 December 00:00:00.
- Samoa DST will end on 1 April 2012
Changes in 2011k:
- Gaza / West Bank goes back to standard time on 02 August 2011.
- West Bank went bac kto DST on 30 August 2011.
- Lots of changes in Minsk (GMT+3 without DST) and other Russian
regions. A new timezone has been created for them, FET: Further-eastern
European Time aka GMT+3.
- Add Asian/Hebron to the zone.tab file.
Changes in 2011l:
- West Bank came out of DST on 30 September 2011.
- Fiji will g oin DST on 23 October and out of it on 26 Februari
- State Bahia might go back to DST in 16 October 2011
Due to legal problems, ado and Paul Eggert have to temporary suspend
their work on the timezone database
(http://thread.gmane.org/gmane.comp.time.tz/4133). Their work has
been continued by volunteers on the tz community and the hosting
of the data files is done by Robert Elz at ftp://munnari.oz.au/pub/.
Obtained from: ftp://munnari.oz.au/pub, ftp://elsie.nci.nih.gov/pub/
too-thorough cleanup of unused files, in r213695. Also make sure these
get installed under /usr/share/doc.
Submitted by: rwatson, brooks
Pointy hat to: dim
MFC after: 3 days
which is less likely to block a remote system from boot.
Submitted by: Garrett Cooper <yanegomi@gmail.com>
PR: doc/160775
MFC after: 1 month
Approved by: re (kib)
as anonymous namespaces are local to the current translation.
GCC PR: c++/33094
Reviewed by: uqs
Approved by: re (kib)
Obtained from: gcc (branches/redhat/gcc-4_1-branch, rev. 129554, GPLv2)
MFC after: 1 week
to the maximum number of CPUs to ensure that lcpustates[] array is always
allocated to the maximum size. Previously, if top was started without
per-CPU stats it would allocate a smaller lcpustates[] array. When
per-CPU stats were then enabled, it would overflow the array and trash
the cpustates_columns[] array causing the CPU stats to be printed in the
wrong locations.
Approved by: re (kib)
MFC after: 1 week
'C' and 'H' flags at runtime. This matches messages output for other
toggles which leave the first column in the message blank to hold the
cursor.
PR: bin/158775
Submitted by: arundel
MFC after: 3 days
ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY
This update addresses the following vulnerability:
CVE-2011-2464
=============
Severity: High
Exploitable: Remotely
Description:
A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464https://www.isc.org/software/bind/advisories/cve-2011-2464
- Implement -Wvariable-decl.
- Port -Wtrampolines support from gcc3.
(all three also via OpenBSD)
PR: gnu/127136, gnu/157019
Submitted by: Henning Petersen, Pedro Giffuni
MFC after: 6 weeks
for resolving by a child process that, upon success, will add the entry
to the config of the running running parent process.
Unfortunately there are a couple of bugs with this, fixed in various
later versions of upstream in potentially different ways due to other
code changes:
1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving
which does not work. Make sure we always pass the name (or IP there).
2) The intermediate file to carry the information to the child process
does not know about -4/-6 restrictions, so that a dual-stacked host
could resolve to an IPv6 address but that might be unreachable (see
r223626) leading to no working synchronization ignoring a IPv4 record.
Thus alter the intermediate format to also pass the address family
(AF_UNSPEC (default), AF_INET or AF_INET6) to the child process
depending on -4 or -6.
3) Make the child process to parse the new intermediate file format and
save the address family for getaddrinfo() hints flags.
4) Change child to always reload resolv.conf calling res_init() before
trying to resolve names. This will pick up resolv.conf changes or
new resolv.confs should they have not existed or been empty or
unusable on ntp startup. This fix is more conditional in upstream
versions but given FreeBSD has res_init there is no need for the
configure logic as well.
Approved by: roberto
Sponsored by: Sandvine Incorporated
MFC after: 9 days
in host byte order, so we need to compare them as such.
Properly compare IPv6 addresses as well.
This allows the, by default, 8 badaddrs slots per address
family to work correctly and only print sendto() errors once.
The change is no longer applicable to any latest upstream versions.
Approved by: roberto
Sponsored by: Sandvine Incorporated
MFC after: 1 week
In userland, sign extend the offset for JA instructions.
We currently use that to implement "ip6 protochain", and "pc" might be
wider than "pc->k", in which case we need to arrange that "pc->k" be
sign-extended, by casting it to bpf_int32.
PR: kern/157188
Submitted by: plosher
MFC after: 2 weeks
is defined, but then proceeds to use a hardcoded maximum hostname length
of 64 anyway. Fix this by checking against MAXHOSTNAMELEN instead.
PR: bin/157732
MFC after: 3 days
64-bit PowerPC or 32-bit PowerPC.
- Make gdb work on powerpc64, the code for this is obtained from
ppc-linux-tdep.c.
- Remove non-elf core read functionality. Implement core read functionality
similar like other FreeBSD targets.
- Set long double limitations.
This allows one to force consistent printing of numeric port numbers like
we do with -n for other tools like netstat (just that -n was already taken)
rather than the service names.
-P is currently unused in OpenBSD so the change is eligible for upstreaming.
PR: misc/151015
Submitted by: Matt Koivisto (mkoivisto sandvine.com)
Sponsored by: Sandvine Incorporated
MFC after: 1 week
This also replaces the local fix in r219209 that made .Ac emit
ASCII angle quotes with an official fix. In the official fix,
ASCII quotes are output when using the .Aq, .Ao and .Ac calls,
but only when nested into the .An macro.
PR: gnu/154822
It seems there have only been a small amount to the compiler-rt source
code in the mean time. I'd rather have the code in sync as much as
possible by the time we release 9.0. Changes:
- The libcompiler_rt library is now dual licensed under both the
University of Illinois "BSD-Like" license and the MIT license.
- Our local modifications for using .hidden instead of .private_extern
have been upstreamed, meaning our changes to lib/assembly.h can now be
reverted.
- A possible endless recursion in __modsi3() has been fixed.
- Support for ARM EABI has been added, but it has no effect on FreeBSD
(yet).
- The functions __udivmodsi4 and __divmodsi4 have been added.
Requested by: many, including bf@ and Pedro Giffuni
buffers. This fixes a segfault on exit due to calling free on a bogus pointer.
This should be considered a temporary stop gap fix to avoid the crash. The
complete fix re-shuffles the initializations of some of the clean-up pointers.
The details of the fix can be found in the libpcap git repository:
commit bc8209b71e928870b0f172d43b174ab27ba24394
Proded by: kevlo, rpaulo
MFC after: 2 weeks
Submitted by: Anton Yuzhaninov
The binutils update in r218822 caused the MIPS n64 dynamic binaries to
fail because the ".interp" section is not in the initial sections.
This happens because elf64bmip-defs.sh overrides INITIAL_READONLY_SECTIONS
to add ".MIPS.options" sections instead of the ".reginfo" section used
by n32.
This used to work fine, but after r218822, INITIAL_READONLY_SECTIONS also
contains the .interp section, so the override has to be done differently.
Reported by : aduane at juniper
Obtained from: gonzo (Initial version)
rather than at the bottom of the manpage.
- Remove an obsolete comment about SWAIT being a stale state. It was
resurrected for a different purpose in FreeBSD 5 to mark idle ithreads.
- Add a comment documenting that the SLEEP and LOCK states typically
display the name of the event being waited on with lock names being
prefixed with an asterisk and sleep event names not having a prefix.
MFC after: 1 week
idle threads). The process is displayed by default (subject to whether or
not system processes are displayed) to preserve existing behavior. The
system idle process can be hidden via the '-z' command line argument or the
'z' key while top is running. When it is hidden, top more closely matches
the behavior of FreeBSD <= 4.x where idle time was not accounted to any
process.
MFC after: 2 weeks
system and is decided upon by configure and could be an u_int or a
u_char. For FreeBSD it is a u_char.
For IPv6 however RFC 3493, 5.2 defines the argument to
IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always
use that using a second variable for the IPV6 case.
This is to get rid of these error messages every 5 minutes on some
systems:
ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument
on socket 22, addr fe80::... for multicast address ff02::101
While here also fix the copy&paste error in the log message for
IPV6_MULTICAST_LOOP.
Reviewed by: roberto
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
MFC after: 10 days
Filed as: Bug 1936 on ntp.org
1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.
This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.
2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.
Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
LLVM_HOSTTRIPLE that is defined during the cross-tools stage.
Using clang, you can now build amd64 world and kernel on i386, and vice
versa. Other arches still need work.
Change for Africa/Casablanca:
- The 3rd april 2011 at 00:00:00, [it] will be 3rd april 1:00:00
- The 31th july 2011 at 00:59:59, [it] will be 31th July 00:00:00
Update for SouthAmerica/Chili:
- Chile's clocks will go back an hour this year on the 7th of May instead
of this Saturday. They will go forward again the 3rd Saturday in
August, not in October as they have since 1968. This is a pilot plan
which will be reevaluated in 2012.
- Pacific/Apia will have DST on 2 April instead of 3 April in 2011.
- Turkye will go to DST on 28 April instead of 27 April in 2011.
- Cuba will go to DST on 20 April in 2011.
Obtained from: ftp://elsie.nci.nih.gov/pub/
* elf64-sparc.c (sparc64_elf_relocate_section): Adjust addend of
dynamic relocs against section symbols for the output section vma.
However, with the addition of TLS support in the upstream rev. 1.104
this fix was essentially reverted. After factoring out the common parts
of elf32-sparc.c and elf64-sparc.c a comment was added to elfxx-sparc.c
in the upstream rev. 1.27 as part of unrelated changes, saying that the
fix from elf64-sparc.c rev. 1.61 indeed should be implemented, but given
that some unspecified OS has a broken ld.so expecting broken relocations
deliberately is omitted.
As the current behavior actually violates the SPARC ABI, FreeBSD never
had such a broken ld.so and this is actually causing problems with at
least kernel modules linked with binutils 2.17.50 committed in r218822
without the workaround committed in r219340 in place, re-implement the
above fix in a way so that is only applied if the output format is
ELFOSABI_FREEBSD. In the upstream version it probably would make sense
to invert this check and only skip adjusting the addend for the OS with
the broken ld.so, once it's determine which one that is.
Approved by: dim
c65292b04b98d6a76d58c5a54ca8f81463bf24de to support new SIOCGIFDESCR
ioctl interface which was too late for libpcap 1.1.1.
Reported by: brucec
Noticed by: wxs
- No leapsecond in June 2011
- Add and update timezones for America/Juneau, America/Sitka,
America/Metlakatla
- Change of Summer time to Winter time in Chili happens in April
2011, not in March 2011.
These options are supported in this shape in all newer GCC versions.
PR: gnu/155308
Obtained from: gcc 4.3 (rev. 118090, 118973, 120846; GPLv2)
MFC after: 2 weeks
groff will try to produce fancy angle brackets like
Foo ⟨foo@FreeBSD.org⟩
This is nice and well, but no email client will understand them. For
ease of copy&paste keep the one-true pair of brackets 0x3c/0x3e.
See: RFC 822, RFC 2822
PR: gnu/154822
Submitted by: Dominic Fandrey <kamikaze@bsdforen.de>
MFC after: 2 weeks