different version has been committed upstream in the libpcap vendor branch.
This will allow people to experiment with zero-copy bpf(4) without requiring
external patches.
Note to enable this functionality:
sysctl net.bpf.zerocopy_enable=1
By default, libpcap will use the legacy buffering method unless this sysctl
variable is set to 1.
For the details about zero-copy bpf(4) implementation see svn change r177548.
Requested by: many
Discussed with: sam
In collaboration with: rwatson
loop pointed out by cognet@ that occurs when calling strtod() with a
string representing a number between DBL_MAX and 2*DBL_MAX, when the
rounding mode is anything other than the default.
Note: As the first merge since the conversion to svn, it includes many
propset changes to get the proper svn:eol-style and svn:mime-type on the
files (as merged from the fixed up vendor/dist area).
MFC after: 3 days
operating systems. Previously, gcc would inhibit the generation of
fsqrt, fsin, and several other floating point instructions, for the
benefit of the old in-kernel math emulator, which was removed over 5
years ago.
This works around a bug in HP-UX's telnet client and also gives a much
saner user experience when using FreeBSD's telnet client.
PR: bin/19405
Submitted by: Joel Ray Holveck joelh of gnu.org
MFC after: 1 month
own purposes. To pull this off, it defines _KERNEL before including the
headers where these structures are defined. This leads to no end of
trouble when some of these headers, or other headers that they include,
change, as demonstrated by r180755.
The quick fix in this particular case is to define _WANT_FILE instead of
_KERNEL, conditional on __FreeBSD__. A better long-term fix is left as
an exercise to the reader.
The xgetpass() function pushes a cleanup entry for &osa, but then
attempts to flush the stack until an entry matching &sa. The two
object pointers do not match, so the stack is popped too much,
and then cleanup_until calls abort() when it unexpectedly hits
the bottom of the cleanup stack.
Reported by: Paul B. Mahol, onemda at gmail.com,
Pietro Cerutti, gahr at gahr.ch
PR: bin/124191
Reviewed by: mp, kris
MFC after: 2 days
the patch from ISC for lib/bind9/check.c and deletion of unused
files in lib/bind.
This version will by default randomize the UDP query source port
(and sequence number of course) for every query.
In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] options.
The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.
Also please note, this issue applies only to UDP query ports. A random
ephemeral port is always chosen for TCP queries.
This issue applies primarily to name servers whose main purpose is to
resolve random queries (sometimes referred to as "caching" servers, or
more properly as "resolving" servers), although even an "authoritative"
name server will make some queries, primarily at startup time.
All users of BIND are strongly encouraged to upgrade to the latest
version, and to utilize the source port randomization feature.
This update addresses issues raised in:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447http://www.kb.cert.org/vuls/id/800113http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
conflicts due to radically different approaches to security and bug fixes.
In some cases I re-started from the vendor version and reimplemented our
patches. Fortunately, this is not enabled by default in -current.
