'C' and 'H' flags at runtime. This matches messages output for other
toggles which leave the first column in the message blank to hold the
cursor.
PR: bin/158775
Submitted by: arundel
MFC after: 3 days
ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY
This update addresses the following vulnerability:
CVE-2011-2464
=============
Severity: High
Exploitable: Remotely
Description:
A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464https://www.isc.org/software/bind/advisories/cve-2011-2464
- Implement -Wvariable-decl.
- Port -Wtrampolines support from gcc3.
(all three also via OpenBSD)
PR: gnu/127136, gnu/157019
Submitted by: Henning Petersen, Pedro Giffuni
MFC after: 6 weeks
for resolving by a child process that, upon success, will add the entry
to the config of the running running parent process.
Unfortunately there are a couple of bugs with this, fixed in various
later versions of upstream in potentially different ways due to other
code changes:
1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving
which does not work. Make sure we always pass the name (or IP there).
2) The intermediate file to carry the information to the child process
does not know about -4/-6 restrictions, so that a dual-stacked host
could resolve to an IPv6 address but that might be unreachable (see
r223626) leading to no working synchronization ignoring a IPv4 record.
Thus alter the intermediate format to also pass the address family
(AF_UNSPEC (default), AF_INET or AF_INET6) to the child process
depending on -4 or -6.
3) Make the child process to parse the new intermediate file format and
save the address family for getaddrinfo() hints flags.
4) Change child to always reload resolv.conf calling res_init() before
trying to resolve names. This will pick up resolv.conf changes or
new resolv.confs should they have not existed or been empty or
unusable on ntp startup. This fix is more conditional in upstream
versions but given FreeBSD has res_init there is no need for the
configure logic as well.
Approved by: roberto
Sponsored by: Sandvine Incorporated
MFC after: 9 days
in host byte order, so we need to compare them as such.
Properly compare IPv6 addresses as well.
This allows the, by default, 8 badaddrs slots per address
family to work correctly and only print sendto() errors once.
The change is no longer applicable to any latest upstream versions.
Approved by: roberto
Sponsored by: Sandvine Incorporated
MFC after: 1 week
In userland, sign extend the offset for JA instructions.
We currently use that to implement "ip6 protochain", and "pc" might be
wider than "pc->k", in which case we need to arrange that "pc->k" be
sign-extended, by casting it to bpf_int32.
PR: kern/157188
Submitted by: plosher
MFC after: 2 weeks
is defined, but then proceeds to use a hardcoded maximum hostname length
of 64 anyway. Fix this by checking against MAXHOSTNAMELEN instead.
PR: bin/157732
MFC after: 3 days
64-bit PowerPC or 32-bit PowerPC.
- Make gdb work on powerpc64, the code for this is obtained from
ppc-linux-tdep.c.
- Remove non-elf core read functionality. Implement core read functionality
similar like other FreeBSD targets.
- Set long double limitations.
This allows one to force consistent printing of numeric port numbers like
we do with -n for other tools like netstat (just that -n was already taken)
rather than the service names.
-P is currently unused in OpenBSD so the change is eligible for upstreaming.
PR: misc/151015
Submitted by: Matt Koivisto (mkoivisto sandvine.com)
Sponsored by: Sandvine Incorporated
MFC after: 1 week
This also replaces the local fix in r219209 that made .Ac emit
ASCII angle quotes with an official fix. In the official fix,
ASCII quotes are output when using the .Aq, .Ao and .Ac calls,
but only when nested into the .An macro.
PR: gnu/154822
It seems there have only been a small amount to the compiler-rt source
code in the mean time. I'd rather have the code in sync as much as
possible by the time we release 9.0. Changes:
- The libcompiler_rt library is now dual licensed under both the
University of Illinois "BSD-Like" license and the MIT license.
- Our local modifications for using .hidden instead of .private_extern
have been upstreamed, meaning our changes to lib/assembly.h can now be
reverted.
- A possible endless recursion in __modsi3() has been fixed.
- Support for ARM EABI has been added, but it has no effect on FreeBSD
(yet).
- The functions __udivmodsi4 and __divmodsi4 have been added.
Requested by: many, including bf@ and Pedro Giffuni
buffers. This fixes a segfault on exit due to calling free on a bogus pointer.
This should be considered a temporary stop gap fix to avoid the crash. The
complete fix re-shuffles the initializations of some of the clean-up pointers.
The details of the fix can be found in the libpcap git repository:
commit bc8209b71e928870b0f172d43b174ab27ba24394
Proded by: kevlo, rpaulo
MFC after: 2 weeks
Submitted by: Anton Yuzhaninov
The binutils update in r218822 caused the MIPS n64 dynamic binaries to
fail because the ".interp" section is not in the initial sections.
This happens because elf64bmip-defs.sh overrides INITIAL_READONLY_SECTIONS
to add ".MIPS.options" sections instead of the ".reginfo" section used
by n32.
This used to work fine, but after r218822, INITIAL_READONLY_SECTIONS also
contains the .interp section, so the override has to be done differently.
Reported by : aduane at juniper
Obtained from: gonzo (Initial version)
rather than at the bottom of the manpage.
- Remove an obsolete comment about SWAIT being a stale state. It was
resurrected for a different purpose in FreeBSD 5 to mark idle ithreads.
- Add a comment documenting that the SLEEP and LOCK states typically
display the name of the event being waited on with lock names being
prefixed with an asterisk and sleep event names not having a prefix.
MFC after: 1 week
idle threads). The process is displayed by default (subject to whether or
not system processes are displayed) to preserve existing behavior. The
system idle process can be hidden via the '-z' command line argument or the
'z' key while top is running. When it is hidden, top more closely matches
the behavior of FreeBSD <= 4.x where idle time was not accounted to any
process.
MFC after: 2 weeks
system and is decided upon by configure and could be an u_int or a
u_char. For FreeBSD it is a u_char.
For IPv6 however RFC 3493, 5.2 defines the argument to
IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always
use that using a second variable for the IPV6 case.
This is to get rid of these error messages every 5 minutes on some
systems:
ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument
on socket 22, addr fe80::... for multicast address ff02::101
While here also fix the copy&paste error in the log message for
IPV6_MULTICAST_LOOP.
Reviewed by: roberto
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
MFC after: 10 days
Filed as: Bug 1936 on ntp.org
1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.
This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.
2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.
Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.