From owner-svn-src-releng@freebsd.org Thu Mar 19 16:34:11 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D7C90263ABB; Thu, 19 Mar 2020 16:34:11 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jstW4D1Lz4HqP; Thu, 19 Mar 2020 16:34:11 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 73CD1DD79; Thu, 19 Mar 2020 16:34:11 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGYBgB018235; Thu, 19 Mar 2020 16:34:11 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGYBfx018234; Thu, 19 Mar 2020 16:34:11 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191634.02JGYBfx018234@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:34:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359134 - releng/12.1/crypto/openssh X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: releng/12.1/crypto/openssh X-SVN-Commit-Revision: 359134 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:34:12 -0000 Author: gordon Date: Thu Mar 19 16:34:11 2020 New Revision: 359134 URL: https://svnweb.freebsd.org/changeset/base/359134 Log: Fix misleading log messages upon successful sshd login. Approved by: so Security: FreeBSD-EN-20:03.sshd Modified: releng/12.1/crypto/openssh/monitor.c Modified: releng/12.1/crypto/openssh/monitor.c ============================================================================== --- releng/12.1/crypto/openssh/monitor.c Thu Mar 19 15:40:05 2020 (r359133) +++ releng/12.1/crypto/openssh/monitor.c Thu Mar 19 16:34:11 2020 (r359134) @@ -193,7 +193,7 @@ struct mon_table mon_dispatch_proto20[] = { #endif {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, #ifdef HAVE_LOGIN_CAP - {MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass}, + {MONITOR_REQ_GETPWCLASS, MON_ISAUTH, mm_answer_login_getpwclass}, #endif {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, From owner-svn-src-releng@freebsd.org Thu Mar 19 16:35:16 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 58868263B39; Thu, 19 Mar 2020 16:35:16 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jsvm1G3Kz4L5Q; Thu, 19 Mar 2020 16:35:16 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 141FDDD7A; Thu, 19 Mar 2020 16:35:16 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGZFWL018353; Thu, 19 Mar 2020 16:35:15 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGZFpm018351; Thu, 19 Mar 2020 16:35:15 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191635.02JGZFpm018351@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:35:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359135 - releng/11.3/sys/netpfil/pf X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: releng/11.3/sys/netpfil/pf X-SVN-Commit-Revision: 359135 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:35:16 -0000 Author: gordon Date: Thu Mar 19 16:35:15 2020 New Revision: 359135 URL: https://svnweb.freebsd.org/changeset/base/359135 Log: Fix missing pfctl(8) tunable. Approved by: so Security: FreeBSD-EN-20:04.pfctl Modified: releng/11.3/sys/netpfil/pf/pf.c releng/11.3/sys/netpfil/pf/pf_ioctl.c Modified: releng/11.3/sys/netpfil/pf/pf.c ============================================================================== --- releng/11.3/sys/netpfil/pf/pf.c Thu Mar 19 16:34:11 2020 (r359134) +++ releng/11.3/sys/netpfil/pf/pf.c Thu Mar 19 16:35:15 2020 (r359135) @@ -363,11 +363,14 @@ u_long pf_hashmask; u_long pf_srchashmask; static u_long pf_hashsize; static u_long pf_srchashsize; +u_long pf_ioctl_maxcount = 65535; SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN, &pf_hashsize, 0, "Size of pf(4) states hashtable"); SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN, &pf_srchashsize, 0, "Size of pf(4) source nodes hashtable"); +SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RDTUN, + &pf_ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call"); VNET_DEFINE(void *, pf_swi_cookie); Modified: releng/11.3/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- releng/11.3/sys/netpfil/pf/pf_ioctl.c Thu Mar 19 16:34:11 2020 (r359134) +++ releng/11.3/sys/netpfil/pf/pf_ioctl.c Thu Mar 19 16:35:15 2020 (r359135) @@ -86,8 +86,6 @@ __FBSDID("$FreeBSD$"); #include #endif -#define PF_TABLES_MAX_REQUEST 65535 /* Maximum tables per request. */ - static struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t, u_int8_t, u_int8_t, u_int8_t); @@ -215,6 +213,8 @@ pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; /* pflog */ pflog_packet_t *pflog_packet_ptr = NULL; +extern u_long pf_ioctl_maxcount; + static void pfattach_vnet(void) { @@ -2528,7 +2528,8 @@ DIOCCHANGEADDR_error: break; } - if (io->pfrio_size < 0 || io->pfrio_size > PF_TABLES_MAX_REQUEST) { + if (io->pfrio_size < 0 || io->pfrio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_table))) { error = ENOMEM; break; } @@ -2559,7 +2560,8 @@ DIOCCHANGEADDR_error: break; } - if (io->pfrio_size < 0 || io->pfrio_size > PF_TABLES_MAX_REQUEST) { + if (io->pfrio_size < 0 || io->pfrio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_table))) { error = ENOMEM; break; } @@ -2732,6 +2734,7 @@ DIOCCHANGEADDR_error: break; } if (io->pfrio_size < 0 || + io->pfrio_size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { error = EINVAL; break; @@ -2769,6 +2772,7 @@ DIOCCHANGEADDR_error: break; } if (io->pfrio_size < 0 || + io->pfrio_size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { error = EINVAL; break; @@ -2810,7 +2814,8 @@ DIOCCHANGEADDR_error: break; } count = max(io->pfrio_size, io->pfrio_size2); - if (WOULD_OVERFLOW(count, sizeof(struct pfr_addr))) { + if (count > pf_ioctl_maxcount || + WOULD_OVERFLOW(count, sizeof(struct pfr_addr))) { error = EINVAL; break; } @@ -2848,6 +2853,7 @@ DIOCCHANGEADDR_error: break; } if (io->pfrio_size < 0 || + io->pfrio_size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { error = EINVAL; break; @@ -2879,6 +2885,7 @@ DIOCCHANGEADDR_error: break; } if (io->pfrio_size < 0 || + io->pfrio_size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_astats))) { error = EINVAL; break; @@ -2910,6 +2917,7 @@ DIOCCHANGEADDR_error: break; } if (io->pfrio_size < 0 || + io->pfrio_size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { error = EINVAL; break; @@ -2947,6 +2955,7 @@ DIOCCHANGEADDR_error: break; } if (io->pfrio_size < 0 || + io->pfrio_size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { error = EINVAL; break; @@ -2984,6 +2993,7 @@ DIOCCHANGEADDR_error: break; } if (io->pfrio_size < 0 || + io->pfrio_size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { error = EINVAL; break; @@ -3036,6 +3046,7 @@ DIOCCHANGEADDR_error: break; } if (io->size < 0 || + io->size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) { error = EINVAL; break; @@ -3112,6 +3123,7 @@ DIOCCHANGEADDR_error: break; } if (io->size < 0 || + io->size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) { error = EINVAL; break; @@ -3189,6 +3201,7 @@ DIOCCHANGEADDR_error: } if (io->size < 0 || + io->size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) { error = EINVAL; break; @@ -3407,6 +3420,7 @@ DIOCCHANGEADDR_error: } if (io->pfiio_size < 0 || + io->pfiio_size > pf_ioctl_maxcount || WOULD_OVERFLOW(io->pfiio_size, sizeof(struct pfi_kif))) { error = EINVAL; break; From owner-svn-src-releng@freebsd.org Thu Mar 19 16:41:30 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CBA2D263F1E; Thu, 19 Mar 2020 16:41:30 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jt2y45dFz4bff; Thu, 19 Mar 2020 16:41:30 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7625ADDDE; Thu, 19 Mar 2020 16:41:30 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGfUXm023298; Thu, 19 Mar 2020 16:41:30 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGfTr2023294; Thu, 19 Mar 2020 16:41:29 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191641.02JGfTr2023294@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:41:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359136 - in releng/12.1/sys: dev/mlx5/mlx5_en netinet netinet6 sys X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng/12.1/sys: dev/mlx5/mlx5_en netinet netinet6 sys X-SVN-Commit-Revision: 359136 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:41:30 -0000 Author: gordon Date: Thu Mar 19 16:41:29 2020 New Revision: 359136 URL: https://svnweb.freebsd.org/changeset/base/359136 Log: Fix packet forwarding performance in mlx5en(4) driver. Approved by: so Security: FreeBSD-EN-20:05.mlx5en Modified: releng/12.1/sys/dev/mlx5/mlx5_en/mlx5_en_tx.c releng/12.1/sys/netinet/ip_output.c releng/12.1/sys/netinet6/ip6_output.c releng/12.1/sys/sys/mbuf.h Modified: releng/12.1/sys/dev/mlx5/mlx5_en/mlx5_en_tx.c ============================================================================== --- releng/12.1/sys/dev/mlx5/mlx5_en/mlx5_en_tx.c Thu Mar 19 16:35:15 2020 (r359135) +++ releng/12.1/sys/dev/mlx5/mlx5_en/mlx5_en_tx.c Thu Mar 19 16:41:29 2020 (r359136) @@ -609,7 +609,8 @@ mlx5e_xmit(struct ifnet *ifp, struct mbuf *mb) struct mlx5e_sq *sq; int ret; - if (mb->m_pkthdr.snd_tag != NULL) { + if ((mb->m_pkthdr.csum_flags & CSUM_SND_TAG) != 0 && + (mb->m_pkthdr.snd_tag != NULL)) { sq = mlx5e_select_queue_by_send_tag(ifp, mb); if (unlikely(sq == NULL)) { /* Check for route change */ Modified: releng/12.1/sys/netinet/ip_output.c ============================================================================== --- releng/12.1/sys/netinet/ip_output.c Thu Mar 19 16:35:15 2020 (r359135) +++ releng/12.1/sys/netinet/ip_output.c Thu Mar 19 16:41:29 2020 (r359136) @@ -653,6 +653,7 @@ sendit: in_pcboutput_txrtlmt(inp, ifp, m); /* stamp send tag on mbuf */ m->m_pkthdr.snd_tag = inp->inp_snd_tag; + m->m_pkthdr.csum_flags |= CSUM_SND_TAG; } else { m->m_pkthdr.snd_tag = NULL; } @@ -705,6 +706,7 @@ sendit: in_pcboutput_txrtlmt(inp, ifp, m); /* stamp send tag on mbuf */ m->m_pkthdr.snd_tag = inp->inp_snd_tag; + m->m_pkthdr.csum_flags |= CSUM_SND_TAG; } else { m->m_pkthdr.snd_tag = NULL; } Modified: releng/12.1/sys/netinet6/ip6_output.c ============================================================================== --- releng/12.1/sys/netinet6/ip6_output.c Thu Mar 19 16:35:15 2020 (r359135) +++ releng/12.1/sys/netinet6/ip6_output.c Thu Mar 19 16:41:29 2020 (r359136) @@ -966,6 +966,7 @@ passout: in_pcboutput_txrtlmt(inp, ifp, m); /* stamp send tag on mbuf */ m->m_pkthdr.snd_tag = inp->inp_snd_tag; + m->m_pkthdr.csum_flags |= CSUM_SND_TAG; } else { m->m_pkthdr.snd_tag = NULL; } @@ -1081,6 +1082,7 @@ sendorfree: in_pcboutput_txrtlmt(inp, ifp, m); /* stamp send tag on mbuf */ m->m_pkthdr.snd_tag = inp->inp_snd_tag; + m->m_pkthdr.csum_flags |= CSUM_SND_TAG; } else { m->m_pkthdr.snd_tag = NULL; } Modified: releng/12.1/sys/sys/mbuf.h ============================================================================== --- releng/12.1/sys/sys/mbuf.h Thu Mar 19 16:35:15 2020 (r359135) +++ releng/12.1/sys/sys/mbuf.h Thu Mar 19 16:41:29 2020 (r359136) @@ -519,6 +519,8 @@ struct mbuf { #define CSUM_L5_VALID 0x20000000 /* checksum is correct */ #define CSUM_COALESCED 0x40000000 /* contains merged segments */ +#define CSUM_SND_TAG 0x80000000 /* Packet header has send tag */ + /* * CSUM flag description for use with printf(9) %b identifier. */ @@ -528,7 +530,7 @@ struct mbuf { "\12CSUM_IP6_UDP\13CSUM_IP6_TCP\14CSUM_IP6_SCTP\15CSUM_IP6_TSO" \ "\16CSUM_IP6_ISCSI" \ "\31CSUM_L3_CALC\32CSUM_L3_VALID\33CSUM_L4_CALC\34CSUM_L4_VALID" \ - "\35CSUM_L5_CALC\36CSUM_L5_VALID\37CSUM_COALESCED" + "\35CSUM_L5_CALC\36CSUM_L5_VALID\37CSUM_COALESCED\40CSUM_SND_TAG" /* CSUM flags compatibility mappings. */ #define CSUM_IP_CHECKED CSUM_L3_CALC From owner-svn-src-releng@freebsd.org Thu Mar 19 16:43:39 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 18625263FEA; Thu, 19 Mar 2020 16:43:39 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jt5Q4Ljnz3D38; Thu, 19 Mar 2020 16:43:38 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 51743DF49; Thu, 19 Mar 2020 16:43:38 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGhcjF024147; Thu, 19 Mar 2020 16:43:38 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGhc7J024145; Thu, 19 Mar 2020 16:43:38 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191643.02JGhc7J024145@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:43:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359137 - in releng: 11.3/sys/netinet6 12.1/sys/netinet6 X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/sys/netinet6 12.1/sys/netinet6 X-SVN-Commit-Revision: 359137 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:43:39 -0000 Author: gordon Date: Thu Mar 19 16:43:37 2020 New Revision: 359137 URL: https://svnweb.freebsd.org/changeset/base/359137 Log: Fix incorrect checksum calculations with IPv6 extension headers. Approved by: so Security: FreeBSD-EN-20:06.ipv6 Modified: releng/11.3/sys/netinet6/ip6_output.c releng/12.1/sys/netinet6/ip6_output.c Modified: releng/11.3/sys/netinet6/ip6_output.c ============================================================================== --- releng/11.3/sys/netinet6/ip6_output.c Thu Mar 19 16:41:29 2020 (r359136) +++ releng/11.3/sys/netinet6/ip6_output.c Thu Mar 19 16:43:37 2020 (r359137) @@ -206,6 +206,36 @@ in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_sho *(u_short *)mtodo(m, offset) = csum; } +static int +ip6_output_delayed_csum(struct mbuf *m, struct ifnet *ifp, int csum_flags, + int plen, int optlen, bool frag __unused) +{ + + KASSERT((plen >= optlen), ("%s:%d: plen %d < optlen %d, m %p, ifp %p " + "csum_flags %#x frag %d\n", + __func__, __LINE__, plen, optlen, m, ifp, csum_flags, frag)); + + if ((csum_flags & CSUM_DELAY_DATA_IPV6) || +#ifdef SCTP + (csum_flags & CSUM_SCTP_IPV6) || +#endif + false) { + if (csum_flags & CSUM_DELAY_DATA_IPV6) { + in6_delayed_cksum(m, plen - optlen, + sizeof(struct ip6_hdr) + optlen); + m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; + } +#ifdef SCTP + if (csum_flags & CSUM_SCTP_IPV6) { + sctp_delayed_cksum(m, sizeof(struct ip6_hdr) + optlen); + m->m_pkthdr.csum_flags &= ~CSUM_SCTP_IPV6; + } +#endif + } + + return (0); +} + int ip6_fragment(struct ifnet *ifp, struct mbuf *m0, int hlen, u_char nextproto, int mtu, uint32_t id) @@ -908,17 +938,10 @@ passout: * XXX-BZ Need a framework to know when the NIC can handle it, even * with ext. hdrs. */ - if (sw_csum & CSUM_DELAY_DATA_IPV6) { - sw_csum &= ~CSUM_DELAY_DATA_IPV6; - in6_delayed_cksum(m, plen, sizeof(struct ip6_hdr)); - } -#ifdef SCTP - if (sw_csum & CSUM_SCTP_IPV6) { - sw_csum &= ~CSUM_SCTP_IPV6; - sctp_delayed_cksum(m, sizeof(struct ip6_hdr)); - } -#endif - m->m_pkthdr.csum_flags &= ifp->if_hwassist; + error = ip6_output_delayed_csum(m, ifp, sw_csum, plen, optlen, false); + if (error != 0) + goto bad; + /* XXX-BZ m->m_pkthdr.csum_flags &= ~ifp->if_hwassist; */ tlen = m->m_pkthdr.len; if ((opt && (opt->ip6po_flags & IP6PO_DONTFRAG)) || tso) @@ -1002,16 +1025,11 @@ passout: * fragmented packets, then do it here. * XXX-BZ handle the hw offloading case. Need flags. */ - if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { - in6_delayed_cksum(m, plen, hlen); - m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; - } -#ifdef SCTP - if (m->m_pkthdr.csum_flags & CSUM_SCTP_IPV6) { - sctp_delayed_cksum(m, hlen); - m->m_pkthdr.csum_flags &= ~CSUM_SCTP_IPV6; - } -#endif + error = ip6_output_delayed_csum(m, ifp, m->m_pkthdr.csum_flags, + plen, optlen, true); + if (error != 0) + goto bad; + /* * Change the next header field of the last header in the * unfragmentable part. Modified: releng/12.1/sys/netinet6/ip6_output.c ============================================================================== --- releng/12.1/sys/netinet6/ip6_output.c Thu Mar 19 16:41:29 2020 (r359136) +++ releng/12.1/sys/netinet6/ip6_output.c Thu Mar 19 16:43:37 2020 (r359137) @@ -205,6 +205,36 @@ in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_sho *(u_short *)mtodo(m, offset) = csum; } +static int +ip6_output_delayed_csum(struct mbuf *m, struct ifnet *ifp, int csum_flags, + int plen, int optlen, bool frag __unused) +{ + + KASSERT((plen >= optlen), ("%s:%d: plen %d < optlen %d, m %p, ifp %p " + "csum_flags %#x frag %d\n", + __func__, __LINE__, plen, optlen, m, ifp, csum_flags, frag)); + + if ((csum_flags & CSUM_DELAY_DATA_IPV6) || +#ifdef SCTP + (csum_flags & CSUM_SCTP_IPV6) || +#endif + false) { + if (csum_flags & CSUM_DELAY_DATA_IPV6) { + in6_delayed_cksum(m, plen - optlen, + sizeof(struct ip6_hdr) + optlen); + m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; + } +#ifdef SCTP + if (csum_flags & CSUM_SCTP_IPV6) { + sctp_delayed_cksum(m, sizeof(struct ip6_hdr) + optlen); + m->m_pkthdr.csum_flags &= ~CSUM_SCTP_IPV6; + } +#endif + } + + return (0); +} + int ip6_fragment(struct ifnet *ifp, struct mbuf *m0, int hlen, u_char nextproto, int fraglen , uint32_t id) @@ -908,17 +938,10 @@ passout: * XXX-BZ Need a framework to know when the NIC can handle it, even * with ext. hdrs. */ - if (sw_csum & CSUM_DELAY_DATA_IPV6) { - sw_csum &= ~CSUM_DELAY_DATA_IPV6; - in6_delayed_cksum(m, plen, sizeof(struct ip6_hdr)); - } -#ifdef SCTP - if (sw_csum & CSUM_SCTP_IPV6) { - sw_csum &= ~CSUM_SCTP_IPV6; - sctp_delayed_cksum(m, sizeof(struct ip6_hdr)); - } -#endif - m->m_pkthdr.csum_flags &= ifp->if_hwassist; + error = ip6_output_delayed_csum(m, ifp, sw_csum, plen, optlen, false); + if (error != 0) + goto bad; + /* XXX-BZ m->m_pkthdr.csum_flags &= ~ifp->if_hwassist; */ tlen = m->m_pkthdr.len; if ((opt && (opt->ip6po_flags & IP6PO_DONTFRAG)) || tso) @@ -1018,16 +1041,11 @@ passout: * fragmented packets, then do it here. * XXX-BZ handle the hw offloading case. Need flags. */ - if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { - in6_delayed_cksum(m, plen, hlen); - m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; - } -#ifdef SCTP - if (m->m_pkthdr.csum_flags & CSUM_SCTP_IPV6) { - sctp_delayed_cksum(m, hlen); - m->m_pkthdr.csum_flags &= ~CSUM_SCTP_IPV6; - } -#endif + error = ip6_output_delayed_csum(m, ifp, m->m_pkthdr.csum_flags, + plen, optlen, true); + if (error != 0) + goto bad; + /* * Change the next header field of the last header in the * unfragmentable part. From owner-svn-src-releng@freebsd.org Thu Mar 19 16:46:02 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D5855264073; Thu, 19 Mar 2020 16:46:02 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jt8B4BDhz3Kgw; Thu, 19 Mar 2020 16:46:02 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7036BDF4A; Thu, 19 Mar 2020 16:46:02 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGk2wx024331; Thu, 19 Mar 2020 16:46:02 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGk2MG024329; Thu, 19 Mar 2020 16:46:02 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191646.02JGk2MG024329@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:46:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359138 - in releng: 11.3/sys/netinet 12.1/sys/netinet X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/sys/netinet 12.1/sys/netinet X-SVN-Commit-Revision: 359138 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:46:02 -0000 Author: gordon Date: Thu Mar 19 16:46:01 2020 New Revision: 359138 URL: https://svnweb.freebsd.org/changeset/base/359138 Log: Fix TCP IPv6 SYN cache kernel information disclosure. Approved by: so Security: FreeBSD-SA-20:04.tcp Security: CVE-2020-7451 Modified: releng/11.3/sys/netinet/tcp_syncache.c releng/12.1/sys/netinet/tcp_syncache.c Modified: releng/11.3/sys/netinet/tcp_syncache.c ============================================================================== --- releng/11.3/sys/netinet/tcp_syncache.c Thu Mar 19 16:43:37 2020 (r359137) +++ releng/11.3/sys/netinet/tcp_syncache.c Thu Mar 19 16:46:01 2020 (r359138) @@ -1679,7 +1679,8 @@ syncache_respond(struct syncache *sc, struct syncache_ ip6->ip6_dst = sc->sc_inc.inc6_faddr; ip6->ip6_plen = htons(tlen - hlen); /* ip6_hlim is set after checksum */ - ip6->ip6_flow &= ~IPV6_FLOWLABEL_MASK; + /* Zero out traffic class and flow label. */ + ip6->ip6_flow &= ~IPV6_FLOWINFO_MASK; ip6->ip6_flow |= sc->sc_flowlabel; th = (struct tcphdr *)(ip6 + 1); Modified: releng/12.1/sys/netinet/tcp_syncache.c ============================================================================== --- releng/12.1/sys/netinet/tcp_syncache.c Thu Mar 19 16:43:37 2020 (r359137) +++ releng/12.1/sys/netinet/tcp_syncache.c Thu Mar 19 16:46:01 2020 (r359138) @@ -1728,7 +1728,8 @@ syncache_respond(struct syncache *sc, struct syncache_ ip6->ip6_dst = sc->sc_inc.inc6_faddr; ip6->ip6_plen = htons(tlen - hlen); /* ip6_hlim is set after checksum */ - ip6->ip6_flow &= ~IPV6_FLOWLABEL_MASK; + /* Zero out traffic class and flow label. */ + ip6->ip6_flow &= ~IPV6_FLOWINFO_MASK; ip6->ip6_flow |= sc->sc_flowlabel; th = (struct tcphdr *)(ip6 + 1); From owner-svn-src-releng@freebsd.org Thu Mar 19 16:48:30 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A98F2264100; Thu, 19 Mar 2020 16:48:30 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jtC23Mx3z3RM0; Thu, 19 Mar 2020 16:48:30 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 38BB6DF4B; Thu, 19 Mar 2020 16:48:30 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGmT2T024511; Thu, 19 Mar 2020 16:48:29 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGmT6p024507; Thu, 19 Mar 2020 16:48:29 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191648.02JGmT6p024507@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:48:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359139 - in releng: 11.3/sys/dev/oce 12.1/sys/dev/oce X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/sys/dev/oce 12.1/sys/dev/oce X-SVN-Commit-Revision: 359139 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:48:30 -0000 Author: gordon Date: Thu Mar 19 16:48:29 2020 New Revision: 359139 URL: https://svnweb.freebsd.org/changeset/base/359139 Log: Fix insufficient oce(4) ioctl(2) privilege checking. Approved by: so Security: FreeBSD-SA-20:05.if_oce_ioctl Security: CVE-2019-15876 Modified: releng/11.3/sys/dev/oce/oce_if.c releng/11.3/sys/dev/oce/oce_if.h releng/12.1/sys/dev/oce/oce_if.c releng/12.1/sys/dev/oce/oce_if.h Modified: releng/11.3/sys/dev/oce/oce_if.c ============================================================================== --- releng/11.3/sys/dev/oce/oce_if.c Thu Mar 19 16:46:01 2020 (r359138) +++ releng/11.3/sys/dev/oce/oce_if.c Thu Mar 19 16:48:29 2020 (r359139) @@ -616,6 +616,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t d break; case SIOCGPRIVATE_0: + rc = priv_check(curthread, PRIV_DRIVER); + if (rc != 0) + break; rc = oce_handle_passthrough(ifp, data); break; default: Modified: releng/11.3/sys/dev/oce/oce_if.h ============================================================================== --- releng/11.3/sys/dev/oce/oce_if.h Thu Mar 19 16:46:01 2020 (r359138) +++ releng/11.3/sys/dev/oce/oce_if.h Thu Mar 19 16:48:29 2020 (r359139) @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include Modified: releng/12.1/sys/dev/oce/oce_if.c ============================================================================== --- releng/12.1/sys/dev/oce/oce_if.c Thu Mar 19 16:46:01 2020 (r359138) +++ releng/12.1/sys/dev/oce/oce_if.c Thu Mar 19 16:48:29 2020 (r359139) @@ -621,6 +621,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t d break; case SIOCGPRIVATE_0: + rc = priv_check(curthread, PRIV_DRIVER); + if (rc != 0) + break; rc = oce_handle_passthrough(ifp, data); break; default: Modified: releng/12.1/sys/dev/oce/oce_if.h ============================================================================== --- releng/12.1/sys/dev/oce/oce_if.h Thu Mar 19 16:46:01 2020 (r359138) +++ releng/12.1/sys/dev/oce/oce_if.h Thu Mar 19 16:48:29 2020 (r359139) @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include From owner-svn-src-releng@freebsd.org Thu Mar 19 16:49:34 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 658E7264172; Thu, 19 Mar 2020 16:49:34 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jtDF2V54z3yyh; Thu, 19 Mar 2020 16:49:33 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 35AB2DF4C; Thu, 19 Mar 2020 16:49:33 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGnX7r024600; Thu, 19 Mar 2020 16:49:33 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGnWjd024598; Thu, 19 Mar 2020 16:49:32 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191649.02JGnWjd024598@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:49:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359140 - releng/12.1/sys/dev/ixl X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: releng/12.1/sys/dev/ixl X-SVN-Commit-Revision: 359140 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:49:34 -0000 Author: gordon Date: Thu Mar 19 16:49:32 2020 New Revision: 359140 URL: https://svnweb.freebsd.org/changeset/base/359140 Log: Fix insufficient ixl(4) ioctl(2) privilege checking. Approved by: so Security: FreeBSD-SA-20:06.if_ixl_ioctl Security: CVE-2019-15877 Modified: releng/12.1/sys/dev/ixl/if_ixl.c releng/12.1/sys/dev/ixl/ixl.h Modified: releng/12.1/sys/dev/ixl/if_ixl.c ============================================================================== --- releng/12.1/sys/dev/ixl/if_ixl.c Thu Mar 19 16:48:29 2020 (r359139) +++ releng/12.1/sys/dev/ixl/if_ixl.c Thu Mar 19 16:49:32 2020 (r359140) @@ -1625,11 +1625,29 @@ ixl_if_priv_ioctl(if_ctx_t ctx, u_long command, caddr_ struct ifdrv *ifd = (struct ifdrv *)data; int error = 0; - /* NVM update command */ - if (ifd->ifd_cmd == I40E_NVM_ACCESS) - error = ixl_handle_nvmupd_cmd(pf, ifd); - else - error = EINVAL; + /* + * The iflib_if_ioctl forwards SIOCxDRVSPEC and SIOGPRIVATE_0 without + * performing privilege checks. It is important that this function + * perform the necessary checks for commands which should only be + * executed by privileged threads. + */ + + switch(command) { + case SIOCGDRVSPEC: + case SIOCSDRVSPEC: + /* NVM update command */ + if (ifd->ifd_cmd == I40E_NVM_ACCESS) { + error = priv_check(curthread, PRIV_DRIVER); + if (error) + break; + error = ixl_handle_nvmupd_cmd(pf, ifd); + } else { + error = EINVAL; + } + break; + default: + error = EOPNOTSUPP; + } return (error); } Modified: releng/12.1/sys/dev/ixl/ixl.h ============================================================================== --- releng/12.1/sys/dev/ixl/ixl.h Thu Mar 19 16:48:29 2020 (r359139) +++ releng/12.1/sys/dev/ixl/ixl.h Thu Mar 19 16:49:32 2020 (r359140) @@ -52,6 +52,7 @@ #include #include #include +#include #include #include From owner-svn-src-releng@freebsd.org Thu Mar 19 16:50:38 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 85B7B2641F1; Thu, 19 Mar 2020 16:50:38 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jtFV0xq8z42Sq; Thu, 19 Mar 2020 16:50:38 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CC536DF5A; Thu, 19 Mar 2020 16:50:37 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGobew024738; Thu, 19 Mar 2020 16:50:37 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGoapr024731; Thu, 19 Mar 2020 16:50:36 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191650.02JGoapr024731@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:50:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359141 - in releng: 11.3/sys/net 12.1/sys/net X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/sys/net 12.1/sys/net X-SVN-Commit-Revision: 359141 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:50:38 -0000 Author: gordon Date: Thu Mar 19 16:50:36 2020 New Revision: 359141 URL: https://svnweb.freebsd.org/changeset/base/359141 Log: Fix incorrect user-controlled pointer use in epair. Approved by: so Security: FreeBSD-SA-20:07.epair Security: CVE-2020-7452 Modified: releng/11.3/sys/net/if_clone.c releng/11.3/sys/net/if_clone.h releng/11.3/sys/net/if_epair.c releng/12.1/sys/net/if_clone.c releng/12.1/sys/net/if_clone.h releng/12.1/sys/net/if_epair.c Modified: releng/11.3/sys/net/if_clone.c ============================================================================== --- releng/11.3/sys/net/if_clone.c Thu Mar 19 16:49:32 2020 (r359140) +++ releng/11.3/sys/net/if_clone.c Thu Mar 19 16:50:36 2020 (r359141) @@ -208,6 +208,17 @@ if_clone_create(char *name, size_t len, caddr_t params return (if_clone_createif(ifc, name, len, params)); } +void +if_clone_addif(struct if_clone *ifc, struct ifnet *ifp) +{ + + if_addgroup(ifp, ifc->ifc_name); + + IF_CLONE_LOCK(ifc); + IFC_IFLIST_INSERT(ifc, ifp); + IF_CLONE_UNLOCK(ifc); +} + /* * Create a clone network interface. */ @@ -230,11 +241,7 @@ if_clone_createif(struct if_clone *ifc, char *name, si if (ifp == NULL) panic("%s: lookup failed for %s", __func__, name); - if_addgroup(ifp, ifc->ifc_name); - - IF_CLONE_LOCK(ifc); - IFC_IFLIST_INSERT(ifc, ifp); - IF_CLONE_UNLOCK(ifc); + if_clone_addif(ifc, ifp); } return (err); Modified: releng/11.3/sys/net/if_clone.h ============================================================================== --- releng/11.3/sys/net/if_clone.h Thu Mar 19 16:49:32 2020 (r359140) +++ releng/11.3/sys/net/if_clone.h Thu Mar 19 16:50:36 2020 (r359141) @@ -72,7 +72,8 @@ int if_clone_list(struct if_clonereq *); struct if_clone *if_clone_findifc(struct ifnet *); void if_clone_addgroup(struct ifnet *, struct if_clone *); -/* The below interface used only by epair(4). */ +/* The below interfaces are used only by epair(4). */ +void if_clone_addif(struct if_clone *, struct ifnet *); int if_clone_destroyif(struct if_clone *, struct ifnet *); #endif /* _KERNEL */ Modified: releng/11.3/sys/net/if_epair.c ============================================================================== --- releng/11.3/sys/net/if_epair.c Thu Mar 19 16:49:32 2020 (r359140) +++ releng/11.3/sys/net/if_epair.c Thu Mar 19 16:50:36 2020 (r359141) @@ -704,6 +704,23 @@ epair_clone_match(struct if_clone *ifc, const char *na return (1); } +static void +epair_clone_add(struct if_clone *ifc, struct epair_softc *scb) +{ + struct ifnet *ifp; + uint8_t eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ + + ifp = scb->ifp; + /* Assign a hopefully unique, locally administered etheraddr. */ + eaddr[0] = 0x02; + eaddr[3] = (ifp->if_index >> 8) & 0xff; + eaddr[4] = ifp->if_index & 0xff; + eaddr[5] = 0x0b; + ether_ifattach(ifp, eaddr); + + if_clone_addif(ifc, ifp); +} + static int epair_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) { @@ -713,26 +730,6 @@ epair_clone_create(struct if_clone *ifc, char *name, s int error, unit, wildcard; uint8_t eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ - /* - * We are abusing params to create our second interface. - * Actually we already created it and called if_clone_create() - * for it to do the official insertion procedure the moment we knew - * it cannot fail anymore. So just do attach it here. - */ - if (params) { - scb = (struct epair_softc *)params; - ifp = scb->ifp; - /* Assign a hopefully unique, locally administered etheraddr. */ - eaddr[0] = 0x02; - eaddr[3] = (ifp->if_index >> 8) & 0xff; - eaddr[4] = ifp->if_index & 0xff; - eaddr[5] = 0x0b; - ether_ifattach(ifp, eaddr); - /* Correctly set the name for the cloner list. */ - strlcpy(name, scb->ifp->if_xname, len); - return (0); - } - /* Try to see if a special unit was requested. */ error = ifc_name2unit(name, &unit); if (error != 0) @@ -860,10 +857,11 @@ epair_clone_create(struct if_clone *ifc, char *name, s ifp->if_snd.ifq_maxlen = ifqmaxlen; /* We need to play some tricks here for the second interface. */ strlcpy(name, epairname, len); - error = if_clone_create(name, len, (caddr_t)scb); - if (error) - panic("%s: if_clone_create() for our 2nd iface failed: %d", - __func__, error); + + /* Correctly set the name for the cloner list. */ + strlcpy(name, scb->ifp->if_xname, len); + epair_clone_add(ifc, scb); + scb->if_qflush = ifp->if_qflush; ifp->if_qflush = epair_qflush; ifp->if_transmit = epair_transmit; Modified: releng/12.1/sys/net/if_clone.c ============================================================================== --- releng/12.1/sys/net/if_clone.c Thu Mar 19 16:49:32 2020 (r359140) +++ releng/12.1/sys/net/if_clone.c Thu Mar 19 16:50:36 2020 (r359141) @@ -211,6 +211,18 @@ if_clone_create(char *name, size_t len, caddr_t params return (if_clone_createif(ifc, name, len, params)); } +void +if_clone_addif(struct if_clone *ifc, struct ifnet *ifp) +{ + + if ((ifc->ifc_flags & IFC_NOGROUP) == 0) + if_addgroup(ifp, ifc->ifc_name); + + IF_CLONE_LOCK(ifc); + IFC_IFLIST_INSERT(ifc, ifp); + IF_CLONE_UNLOCK(ifc); +} + /* * Create a clone network interface. */ @@ -233,12 +245,7 @@ if_clone_createif(struct if_clone *ifc, char *name, si if (ifp == NULL) panic("%s: lookup failed for %s", __func__, name); - if ((ifc->ifc_flags & IFC_NOGROUP) == 0) - if_addgroup(ifp, ifc->ifc_name); - - IF_CLONE_LOCK(ifc); - IFC_IFLIST_INSERT(ifc, ifp); - IF_CLONE_UNLOCK(ifc); + if_clone_addif(ifc, ifp); } return (err); Modified: releng/12.1/sys/net/if_clone.h ============================================================================== --- releng/12.1/sys/net/if_clone.h Thu Mar 19 16:49:32 2020 (r359140) +++ releng/12.1/sys/net/if_clone.h Thu Mar 19 16:50:36 2020 (r359141) @@ -79,7 +79,8 @@ int if_clone_list(struct if_clonereq *); struct if_clone *if_clone_findifc(struct ifnet *); void if_clone_addgroup(struct ifnet *, struct if_clone *); -/* The below interface used only by epair(4). */ +/* The below interfaces are used only by epair(4). */ +void if_clone_addif(struct if_clone *, struct ifnet *); int if_clone_destroyif(struct if_clone *, struct ifnet *); #endif /* _KERNEL */ Modified: releng/12.1/sys/net/if_epair.c ============================================================================== --- releng/12.1/sys/net/if_epair.c Thu Mar 19 16:49:32 2020 (r359140) +++ releng/12.1/sys/net/if_epair.c Thu Mar 19 16:50:36 2020 (r359141) @@ -711,6 +711,21 @@ epair_clone_match(struct if_clone *ifc, const char *na return (1); } +static void +epair_clone_add(struct if_clone *ifc, struct epair_softc *scb) +{ + struct ifnet *ifp; + uint8_t eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ + + ifp = scb->ifp; + /* Copy epairNa etheraddr and change the last byte. */ + memcpy(eaddr, scb->oifp->if_hw_addr, ETHER_ADDR_LEN); + eaddr[5] = 0x0b; + ether_ifattach(ifp, eaddr); + + if_clone_addif(ifc, ifp); +} + static int epair_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) { @@ -723,24 +738,6 @@ epair_clone_create(struct if_clone *ifc, char *name, s uint32_t hash; uint8_t eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ - /* - * We are abusing params to create our second interface. - * Actually we already created it and called if_clone_create() - * for it to do the official insertion procedure the moment we knew - * it cannot fail anymore. So just do attach it here. - */ - if (params) { - scb = (struct epair_softc *)params; - ifp = scb->ifp; - /* Copy epairNa etheraddr and change the last byte. */ - memcpy(eaddr, scb->oifp->if_hw_addr, ETHER_ADDR_LEN); - eaddr[5] = 0x0b; - ether_ifattach(ifp, eaddr); - /* Correctly set the name for the cloner list. */ - strlcpy(name, ifp->if_xname, len); - return (0); - } - /* Try to see if a special unit was requested. */ error = ifc_name2unit(name, &unit); if (error != 0) @@ -891,10 +888,11 @@ epair_clone_create(struct if_clone *ifc, char *name, s if_setsendqready(ifp); /* We need to play some tricks here for the second interface. */ strlcpy(name, epairname, len); - error = if_clone_create(name, len, (caddr_t)scb); - if (error) - panic("%s: if_clone_create() for our 2nd iface failed: %d", - __func__, error); + + /* Correctly set the name for the cloner list. */ + strlcpy(name, scb->ifp->if_xname, len); + epair_clone_add(ifc, scb); + scb->if_qflush = ifp->if_qflush; ifp->if_qflush = epair_qflush; ifp->if_transmit = epair_transmit; From owner-svn-src-releng@freebsd.org Thu Mar 19 16:51:35 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D5CB12643C6; Thu, 19 Mar 2020 16:51:35 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jtGZ2ky0z44d2; Thu, 19 Mar 2020 16:51:34 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 153A0DFB4; Thu, 19 Mar 2020 16:51:34 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGpXpw025770; Thu, 19 Mar 2020 16:51:33 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGpX9E025769; Thu, 19 Mar 2020 16:51:33 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191651.02JGpX9E025769@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:51:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359142 - in releng: 11.3/sys/kern 12.1/sys/kern X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/sys/kern 12.1/sys/kern X-SVN-Commit-Revision: 359142 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:51:35 -0000 Author: gordon Date: Thu Mar 19 16:51:33 2020 New Revision: 359142 URL: https://svnweb.freebsd.org/changeset/base/359142 Log: Fix kernel memory disclosure with nested jails. Approved by: so Security: FreeBSD-SA-20:08.jail Security: CVE-2020-7453 Modified: releng/11.3/sys/kern/kern_jail.c releng/12.1/sys/kern/kern_jail.c Modified: releng/11.3/sys/kern/kern_jail.c ============================================================================== --- releng/11.3/sys/kern/kern_jail.c Thu Mar 19 16:50:36 2020 (r359141) +++ releng/11.3/sys/kern/kern_jail.c Thu Mar 19 16:51:33 2020 (r359142) @@ -881,8 +881,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i "osrelease cannot be changed after creation"); goto done_errmsg; } - if (len == 0 || len >= OSRELEASELEN) { + if (len == 0 || osrelstr[len - 1] != '\0') { error = EINVAL; + goto done_free; + } + if (len >= OSRELEASELEN) { + error = ENAMETOOLONG; vfs_opterror(opts, "osrelease string must be 1-%d bytes long", OSRELEASELEN - 1); @@ -1272,9 +1276,11 @@ kern_jail_set(struct thread *td, struct uio *optuio, i pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; if (osrelstr == NULL) - strcpy(pr->pr_osrelease, ppr->pr_osrelease); + strlcpy(pr->pr_osrelease, ppr->pr_osrelease, + sizeof(pr->pr_osrelease)); else - strcpy(pr->pr_osrelease, osrelstr); + strlcpy(pr->pr_osrelease, osrelstr, + sizeof(pr->pr_osrelease)); LIST_INIT(&pr->pr_children); mtx_init(&pr->pr_mtx, "jail mutex", NULL, MTX_DEF | MTX_DUPOK); Modified: releng/12.1/sys/kern/kern_jail.c ============================================================================== --- releng/12.1/sys/kern/kern_jail.c Thu Mar 19 16:50:36 2020 (r359141) +++ releng/12.1/sys/kern/kern_jail.c Thu Mar 19 16:51:33 2020 (r359142) @@ -862,8 +862,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i "osrelease cannot be changed after creation"); goto done_errmsg; } - if (len == 0 || len >= OSRELEASELEN) { + if (len == 0 || osrelstr[len - 1] != '\0') { error = EINVAL; + goto done_free; + } + if (len >= OSRELEASELEN) { + error = ENAMETOOLONG; vfs_opterror(opts, "osrelease string must be 1-%d bytes long", OSRELEASELEN - 1); @@ -1253,9 +1257,11 @@ kern_jail_set(struct thread *td, struct uio *optuio, i pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; if (osrelstr == NULL) - strcpy(pr->pr_osrelease, ppr->pr_osrelease); + strlcpy(pr->pr_osrelease, ppr->pr_osrelease, + sizeof(pr->pr_osrelease)); else - strcpy(pr->pr_osrelease, osrelstr); + strlcpy(pr->pr_osrelease, osrelstr, + sizeof(pr->pr_osrelease)); LIST_INIT(&pr->pr_children); mtx_init(&pr->pr_mtx, "jail mutex", NULL, MTX_DEF | MTX_DUPOK); From owner-svn-src-releng@freebsd.org Thu Mar 19 16:55:08 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 62451264584; Thu, 19 Mar 2020 16:55:08 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jtLg2XW9z4F8Q; Thu, 19 Mar 2020 16:55:07 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 41012E112; Thu, 19 Mar 2020 16:55:07 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JGt7G2030587; Thu, 19 Mar 2020 16:55:07 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JGqgYM030442; Thu, 19 Mar 2020 16:52:42 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191652.02JGqgYM030442@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 16:52:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359144 - in releng: 11.3/contrib/ntp 11.3/contrib/ntp/html 11.3/contrib/ntp/html/drivers 11.3/contrib/ntp/include 11.3/contrib/ntp/libntp 11.3/contrib/ntp/libparse 11.3/contrib/ntp/ntp... X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/contrib/ntp 11.3/contrib/ntp/html 11.3/contrib/ntp/html/drivers 11.3/contrib/ntp/include 11.3/contrib/ntp/libntp 11.3/contrib/ntp/libparse 11.3/contrib/ntp/ntpd 11.3/contrib/ntp/ntpdat... X-SVN-Commit-Revision: 359144 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 16:55:08 -0000 Author: gordon Date: Thu Mar 19 16:52:41 2020 New Revision: 359144 URL: https://svnweb.freebsd.org/changeset/base/359144 Log: Fix multiple denial of service in ntpd. Approved by: so Security: FreeBSD-SA-20:09.ntp Added: releng/11.3/contrib/ntp/include/ntp_calgps.h releng/11.3/contrib/ntp/include/ntp_psl.h releng/11.3/contrib/ntp/include/timexsup.h releng/11.3/contrib/ntp/libntp/ntp_calgps.c releng/11.3/contrib/ntp/libntp/timespecops.c releng/11.3/contrib/ntp/libntp/timexsup.c releng/11.3/contrib/ntp/ntpd/psl0.conf releng/11.3/contrib/ntp/ntpd/psl1.conf releng/11.3/contrib/ntp/ntpd/psl2.conf releng/12.1/contrib/ntp/include/ntp_calgps.h releng/12.1/contrib/ntp/include/ntp_psl.h releng/12.1/contrib/ntp/include/timexsup.h releng/12.1/contrib/ntp/libntp/ntp_calgps.c releng/12.1/contrib/ntp/libntp/timespecops.c releng/12.1/contrib/ntp/libntp/timexsup.c releng/12.1/contrib/ntp/ntpd/psl0.conf releng/12.1/contrib/ntp/ntpd/psl1.conf releng/12.1/contrib/ntp/ntpd/psl2.conf Modified: releng/11.3/contrib/ntp/COPYRIGHT releng/11.3/contrib/ntp/ChangeLog releng/11.3/contrib/ntp/CommitLog releng/11.3/contrib/ntp/NEWS releng/11.3/contrib/ntp/config.h.in releng/11.3/contrib/ntp/configure releng/11.3/contrib/ntp/configure.ac releng/11.3/contrib/ntp/html/accopt.html releng/11.3/contrib/ntp/html/clockopt.html releng/11.3/contrib/ntp/html/confopt.html releng/11.3/contrib/ntp/html/copyright.html releng/11.3/contrib/ntp/html/discipline.html releng/11.3/contrib/ntp/html/drivers/driver20.html releng/11.3/contrib/ntp/html/drivers/driver29.html releng/11.3/contrib/ntp/html/miscopt.html releng/11.3/contrib/ntp/include/Makefile.am releng/11.3/contrib/ntp/include/Makefile.in releng/11.3/contrib/ntp/include/ntp.h releng/11.3/contrib/ntp/include/ntp_calendar.h releng/11.3/contrib/ntp/include/ntp_config.h releng/11.3/contrib/ntp/include/ntp_control.h releng/11.3/contrib/ntp/include/ntp_fp.h releng/11.3/contrib/ntp/include/ntp_io.h releng/11.3/contrib/ntp/include/ntp_refclock.h releng/11.3/contrib/ntp/include/ntp_request.h releng/11.3/contrib/ntp/include/ntp_stdlib.h releng/11.3/contrib/ntp/include/ntp_syslog.h releng/11.3/contrib/ntp/include/ntpd.h releng/11.3/contrib/ntp/include/timespecops.h releng/11.3/contrib/ntp/libntp/Makefile.am releng/11.3/contrib/ntp/libntp/Makefile.in releng/11.3/contrib/ntp/libntp/decodenetnum.c releng/11.3/contrib/ntp/libntp/dofptoa.c releng/11.3/contrib/ntp/libntp/dolfptoa.c releng/11.3/contrib/ntp/libntp/mstolfp.c releng/11.3/contrib/ntp/libntp/msyslog.c releng/11.3/contrib/ntp/libntp/ntp_calendar.c releng/11.3/contrib/ntp/libntp/recvbuff.c releng/11.3/contrib/ntp/libntp/statestr.c releng/11.3/contrib/ntp/libntp/systime.c releng/11.3/contrib/ntp/libparse/Makefile.am releng/11.3/contrib/ntp/libparse/Makefile.in releng/11.3/contrib/ntp/libparse/clk_rawdcf.c releng/11.3/contrib/ntp/ntpd/Makefile.am releng/11.3/contrib/ntp/ntpd/Makefile.in releng/11.3/contrib/ntp/ntpd/cmd_args.c releng/11.3/contrib/ntp/ntpd/complete.conf.in releng/11.3/contrib/ntp/ntpd/invoke-ntp.conf.texi releng/11.3/contrib/ntp/ntpd/invoke-ntp.keys.texi releng/11.3/contrib/ntp/ntpd/invoke-ntpd.texi releng/11.3/contrib/ntp/ntpd/keyword-gen-utd releng/11.3/contrib/ntp/ntpd/keyword-gen.c releng/11.3/contrib/ntp/ntpd/ntp.conf.5man releng/11.3/contrib/ntp/ntpd/ntp.conf.5mdoc releng/11.3/contrib/ntp/ntpd/ntp.conf.def releng/11.3/contrib/ntp/ntpd/ntp.conf.html releng/11.3/contrib/ntp/ntpd/ntp.conf.man.in releng/11.3/contrib/ntp/ntpd/ntp.conf.mdoc.in releng/11.3/contrib/ntp/ntpd/ntp.keys.5man releng/11.3/contrib/ntp/ntpd/ntp.keys.5mdoc releng/11.3/contrib/ntp/ntpd/ntp.keys.html releng/11.3/contrib/ntp/ntpd/ntp.keys.man.in releng/11.3/contrib/ntp/ntpd/ntp.keys.mdoc.in releng/11.3/contrib/ntp/ntpd/ntp_config.c releng/11.3/contrib/ntp/ntpd/ntp_control.c releng/11.3/contrib/ntp/ntpd/ntp_io.c releng/11.3/contrib/ntp/ntpd/ntp_keyword.h releng/11.3/contrib/ntp/ntpd/ntp_leapsec.c releng/11.3/contrib/ntp/ntpd/ntp_leapsec.h releng/11.3/contrib/ntp/ntpd/ntp_loopfilter.c releng/11.3/contrib/ntp/ntpd/ntp_parser.c releng/11.3/contrib/ntp/ntpd/ntp_parser.h releng/11.3/contrib/ntp/ntpd/ntp_peer.c releng/11.3/contrib/ntp/ntpd/ntp_proto.c releng/11.3/contrib/ntp/ntpd/ntp_refclock.c releng/11.3/contrib/ntp/ntpd/ntp_request.c releng/11.3/contrib/ntp/ntpd/ntp_restrict.c releng/11.3/contrib/ntp/ntpd/ntp_scanner.c releng/11.3/contrib/ntp/ntpd/ntp_util.c releng/11.3/contrib/ntp/ntpd/ntpd-opts.c releng/11.3/contrib/ntp/ntpd/ntpd-opts.h releng/11.3/contrib/ntp/ntpd/ntpd.1ntpdman releng/11.3/contrib/ntp/ntpd/ntpd.1ntpdmdoc releng/11.3/contrib/ntp/ntpd/ntpd.c releng/11.3/contrib/ntp/ntpd/ntpd.html releng/11.3/contrib/ntp/ntpd/ntpd.man.in releng/11.3/contrib/ntp/ntpd/ntpd.mdoc.in releng/11.3/contrib/ntp/ntpd/refclock_gpsdjson.c releng/11.3/contrib/ntp/ntpd/refclock_jupiter.c releng/11.3/contrib/ntp/ntpd/refclock_nmea.c releng/11.3/contrib/ntp/ntpd/refclock_oncore.c releng/11.3/contrib/ntp/ntpd/refclock_palisade.c releng/11.3/contrib/ntp/ntpd/refclock_palisade.h releng/11.3/contrib/ntp/ntpd/refclock_parse.c releng/11.3/contrib/ntp/ntpd/refclock_zyfer.c releng/11.3/contrib/ntp/ntpdate/ntpdate.c releng/11.3/contrib/ntp/ntpdc/invoke-ntpdc.texi releng/11.3/contrib/ntp/ntpdc/layout.std releng/11.3/contrib/ntp/ntpdc/ntpdc-opts.c releng/11.3/contrib/ntp/ntpdc/ntpdc-opts.h releng/11.3/contrib/ntp/ntpdc/ntpdc.1ntpdcman releng/11.3/contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc releng/11.3/contrib/ntp/ntpdc/ntpdc.c releng/11.3/contrib/ntp/ntpdc/ntpdc.html releng/11.3/contrib/ntp/ntpdc/ntpdc.man.in releng/11.3/contrib/ntp/ntpdc/ntpdc.mdoc.in releng/11.3/contrib/ntp/ntpdc/ntpdc_ops.c releng/11.3/contrib/ntp/ntpq/Makefile.am releng/11.3/contrib/ntp/ntpq/Makefile.in releng/11.3/contrib/ntp/ntpq/invoke-ntpq.texi releng/11.3/contrib/ntp/ntpq/ntpq-opts.c releng/11.3/contrib/ntp/ntpq/ntpq-opts.h releng/11.3/contrib/ntp/ntpq/ntpq-subs.c releng/11.3/contrib/ntp/ntpq/ntpq.1ntpqman releng/11.3/contrib/ntp/ntpq/ntpq.1ntpqmdoc releng/11.3/contrib/ntp/ntpq/ntpq.c releng/11.3/contrib/ntp/ntpq/ntpq.h releng/11.3/contrib/ntp/ntpq/ntpq.html releng/11.3/contrib/ntp/ntpq/ntpq.man.in releng/11.3/contrib/ntp/ntpq/ntpq.mdoc.in releng/11.3/contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi releng/11.3/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c releng/11.3/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h releng/11.3/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman releng/11.3/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc releng/11.3/contrib/ntp/ntpsnmpd/ntpsnmpd.html releng/11.3/contrib/ntp/ntpsnmpd/ntpsnmpd.man.in releng/11.3/contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in releng/11.3/contrib/ntp/packageinfo.sh releng/11.3/contrib/ntp/parseutil/dcfd.c releng/11.3/contrib/ntp/scripts/build/mkver.in releng/11.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj-opts releng/11.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman releng/11.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc releng/11.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.html releng/11.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in releng/11.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in releng/11.3/contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi releng/11.3/contrib/ntp/scripts/invoke-plot_summary.texi releng/11.3/contrib/ntp/scripts/invoke-summary.texi releng/11.3/contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi releng/11.3/contrib/ntp/scripts/ntp-wait/ntp-wait-opts releng/11.3/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman releng/11.3/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc releng/11.3/contrib/ntp/scripts/ntp-wait/ntp-wait.html releng/11.3/contrib/ntp/scripts/ntp-wait/ntp-wait.man.in releng/11.3/contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in releng/11.3/contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi releng/11.3/contrib/ntp/scripts/ntpsweep/ntpsweep-opts releng/11.3/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman releng/11.3/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc releng/11.3/contrib/ntp/scripts/ntpsweep/ntpsweep.html releng/11.3/contrib/ntp/scripts/ntpsweep/ntpsweep.man.in releng/11.3/contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in releng/11.3/contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi releng/11.3/contrib/ntp/scripts/ntptrace/ntptrace-opts releng/11.3/contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman releng/11.3/contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc releng/11.3/contrib/ntp/scripts/ntptrace/ntptrace.html releng/11.3/contrib/ntp/scripts/ntptrace/ntptrace.man.in releng/11.3/contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in releng/11.3/contrib/ntp/scripts/plot_summary-opts releng/11.3/contrib/ntp/scripts/plot_summary.1plot_summaryman releng/11.3/contrib/ntp/scripts/plot_summary.1plot_summarymdoc releng/11.3/contrib/ntp/scripts/plot_summary.html releng/11.3/contrib/ntp/scripts/plot_summary.man.in releng/11.3/contrib/ntp/scripts/plot_summary.mdoc.in releng/11.3/contrib/ntp/scripts/summary-opts releng/11.3/contrib/ntp/scripts/summary.1summaryman releng/11.3/contrib/ntp/scripts/summary.1summarymdoc releng/11.3/contrib/ntp/scripts/summary.html releng/11.3/contrib/ntp/scripts/summary.man.in releng/11.3/contrib/ntp/scripts/summary.mdoc.in releng/11.3/contrib/ntp/scripts/update-leap/invoke-update-leap.texi releng/11.3/contrib/ntp/scripts/update-leap/update-leap-opts releng/11.3/contrib/ntp/scripts/update-leap/update-leap.1update-leapman releng/11.3/contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc releng/11.3/contrib/ntp/scripts/update-leap/update-leap.html releng/11.3/contrib/ntp/scripts/update-leap/update-leap.man.in releng/11.3/contrib/ntp/scripts/update-leap/update-leap.mdoc.in releng/11.3/contrib/ntp/sntp/COPYRIGHT releng/11.3/contrib/ntp/sntp/configure releng/11.3/contrib/ntp/sntp/configure.ac releng/11.3/contrib/ntp/sntp/crypto.c releng/11.3/contrib/ntp/sntp/include/copyright.def releng/11.3/contrib/ntp/sntp/include/version.def releng/11.3/contrib/ntp/sntp/include/version.texi releng/11.3/contrib/ntp/sntp/invoke-sntp.texi releng/11.3/contrib/ntp/sntp/libevent/build-aux/ar-lib releng/11.3/contrib/ntp/sntp/libevent/build-aux/compile releng/11.3/contrib/ntp/sntp/libevent/build-aux/config.guess releng/11.3/contrib/ntp/sntp/libevent/build-aux/config.sub releng/11.3/contrib/ntp/sntp/libevent/build-aux/depcomp releng/11.3/contrib/ntp/sntp/libevent/build-aux/install-sh releng/11.3/contrib/ntp/sntp/libevent/build-aux/missing releng/11.3/contrib/ntp/sntp/libevent/build-aux/test-driver releng/11.3/contrib/ntp/sntp/libevent/build-aux/ylwrap releng/11.3/contrib/ntp/sntp/libevent/test/regress.gen.c releng/11.3/contrib/ntp/sntp/libevent/test/regress.gen.h releng/11.3/contrib/ntp/sntp/libopts/m4/libopts.m4 releng/11.3/contrib/ntp/sntp/m4/ntp_problemtests.m4 releng/11.3/contrib/ntp/sntp/m4/version.m4 releng/11.3/contrib/ntp/sntp/main.c releng/11.3/contrib/ntp/sntp/networking.c releng/11.3/contrib/ntp/sntp/scm-rev releng/11.3/contrib/ntp/sntp/sntp-opts.c releng/11.3/contrib/ntp/sntp/sntp-opts.h releng/11.3/contrib/ntp/sntp/sntp.1sntpman releng/11.3/contrib/ntp/sntp/sntp.1sntpmdoc releng/11.3/contrib/ntp/sntp/sntp.html releng/11.3/contrib/ntp/sntp/sntp.man.in releng/11.3/contrib/ntp/sntp/sntp.mdoc.in releng/11.3/contrib/ntp/sntp/tests/run-crypto.c releng/11.3/contrib/ntp/sntp/tests/run-keyFile.c releng/11.3/contrib/ntp/sntp/tests/run-kodDatabase.c releng/11.3/contrib/ntp/sntp/tests/run-kodFile.c releng/11.3/contrib/ntp/sntp/tests/run-networking.c releng/11.3/contrib/ntp/sntp/tests/run-packetHandling.c releng/11.3/contrib/ntp/sntp/tests/run-packetProcessing.c releng/11.3/contrib/ntp/sntp/tests/run-t-log.c releng/11.3/contrib/ntp/sntp/tests/run-utilities.c releng/11.3/contrib/ntp/sntp/tests/testconf.yml releng/11.3/contrib/ntp/sntp/version.c releng/11.3/contrib/ntp/util/invoke-ntp-keygen.texi releng/11.3/contrib/ntp/util/ntp-keygen-opts.c releng/11.3/contrib/ntp/util/ntp-keygen-opts.h releng/11.3/contrib/ntp/util/ntp-keygen.1ntp-keygenman releng/11.3/contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc releng/11.3/contrib/ntp/util/ntp-keygen.html releng/11.3/contrib/ntp/util/ntp-keygen.man.in releng/11.3/contrib/ntp/util/ntp-keygen.mdoc.in releng/11.3/contrib/ntp/util/ntptime.c releng/11.3/usr.sbin/ntp/config.h releng/11.3/usr.sbin/ntp/libntp/Makefile releng/12.1/contrib/ntp/COPYRIGHT releng/12.1/contrib/ntp/ChangeLog releng/12.1/contrib/ntp/CommitLog releng/12.1/contrib/ntp/NEWS releng/12.1/contrib/ntp/config.h.in releng/12.1/contrib/ntp/configure releng/12.1/contrib/ntp/configure.ac releng/12.1/contrib/ntp/html/accopt.html releng/12.1/contrib/ntp/html/clockopt.html releng/12.1/contrib/ntp/html/confopt.html releng/12.1/contrib/ntp/html/copyright.html releng/12.1/contrib/ntp/html/discipline.html releng/12.1/contrib/ntp/html/drivers/driver20.html releng/12.1/contrib/ntp/html/drivers/driver29.html releng/12.1/contrib/ntp/html/miscopt.html releng/12.1/contrib/ntp/include/Makefile.am releng/12.1/contrib/ntp/include/Makefile.in releng/12.1/contrib/ntp/include/ntp.h releng/12.1/contrib/ntp/include/ntp_calendar.h releng/12.1/contrib/ntp/include/ntp_config.h releng/12.1/contrib/ntp/include/ntp_control.h releng/12.1/contrib/ntp/include/ntp_fp.h releng/12.1/contrib/ntp/include/ntp_io.h releng/12.1/contrib/ntp/include/ntp_refclock.h releng/12.1/contrib/ntp/include/ntp_request.h releng/12.1/contrib/ntp/include/ntp_stdlib.h releng/12.1/contrib/ntp/include/ntp_syslog.h releng/12.1/contrib/ntp/include/ntpd.h releng/12.1/contrib/ntp/include/timespecops.h releng/12.1/contrib/ntp/libntp/Makefile.am releng/12.1/contrib/ntp/libntp/Makefile.in releng/12.1/contrib/ntp/libntp/decodenetnum.c releng/12.1/contrib/ntp/libntp/dofptoa.c releng/12.1/contrib/ntp/libntp/dolfptoa.c releng/12.1/contrib/ntp/libntp/mstolfp.c releng/12.1/contrib/ntp/libntp/msyslog.c releng/12.1/contrib/ntp/libntp/ntp_calendar.c releng/12.1/contrib/ntp/libntp/recvbuff.c releng/12.1/contrib/ntp/libntp/statestr.c releng/12.1/contrib/ntp/libntp/systime.c releng/12.1/contrib/ntp/libparse/Makefile.am releng/12.1/contrib/ntp/libparse/Makefile.in releng/12.1/contrib/ntp/libparse/clk_rawdcf.c releng/12.1/contrib/ntp/ntpd/Makefile.am releng/12.1/contrib/ntp/ntpd/Makefile.in releng/12.1/contrib/ntp/ntpd/cmd_args.c releng/12.1/contrib/ntp/ntpd/complete.conf.in releng/12.1/contrib/ntp/ntpd/invoke-ntp.conf.texi releng/12.1/contrib/ntp/ntpd/invoke-ntp.keys.texi releng/12.1/contrib/ntp/ntpd/invoke-ntpd.texi releng/12.1/contrib/ntp/ntpd/keyword-gen-utd releng/12.1/contrib/ntp/ntpd/keyword-gen.c releng/12.1/contrib/ntp/ntpd/ntp.conf.5man releng/12.1/contrib/ntp/ntpd/ntp.conf.5mdoc releng/12.1/contrib/ntp/ntpd/ntp.conf.def releng/12.1/contrib/ntp/ntpd/ntp.conf.html releng/12.1/contrib/ntp/ntpd/ntp.conf.man.in releng/12.1/contrib/ntp/ntpd/ntp.conf.mdoc.in releng/12.1/contrib/ntp/ntpd/ntp.keys.5man releng/12.1/contrib/ntp/ntpd/ntp.keys.5mdoc releng/12.1/contrib/ntp/ntpd/ntp.keys.html releng/12.1/contrib/ntp/ntpd/ntp.keys.man.in releng/12.1/contrib/ntp/ntpd/ntp.keys.mdoc.in releng/12.1/contrib/ntp/ntpd/ntp_config.c releng/12.1/contrib/ntp/ntpd/ntp_control.c releng/12.1/contrib/ntp/ntpd/ntp_io.c releng/12.1/contrib/ntp/ntpd/ntp_keyword.h releng/12.1/contrib/ntp/ntpd/ntp_leapsec.c releng/12.1/contrib/ntp/ntpd/ntp_leapsec.h releng/12.1/contrib/ntp/ntpd/ntp_loopfilter.c releng/12.1/contrib/ntp/ntpd/ntp_parser.c releng/12.1/contrib/ntp/ntpd/ntp_parser.h releng/12.1/contrib/ntp/ntpd/ntp_peer.c releng/12.1/contrib/ntp/ntpd/ntp_proto.c releng/12.1/contrib/ntp/ntpd/ntp_refclock.c releng/12.1/contrib/ntp/ntpd/ntp_request.c releng/12.1/contrib/ntp/ntpd/ntp_restrict.c releng/12.1/contrib/ntp/ntpd/ntp_scanner.c releng/12.1/contrib/ntp/ntpd/ntp_util.c releng/12.1/contrib/ntp/ntpd/ntpd-opts.c releng/12.1/contrib/ntp/ntpd/ntpd-opts.h releng/12.1/contrib/ntp/ntpd/ntpd.1ntpdman releng/12.1/contrib/ntp/ntpd/ntpd.1ntpdmdoc releng/12.1/contrib/ntp/ntpd/ntpd.c releng/12.1/contrib/ntp/ntpd/ntpd.html releng/12.1/contrib/ntp/ntpd/ntpd.man.in releng/12.1/contrib/ntp/ntpd/ntpd.mdoc.in releng/12.1/contrib/ntp/ntpd/refclock_gpsdjson.c releng/12.1/contrib/ntp/ntpd/refclock_jupiter.c releng/12.1/contrib/ntp/ntpd/refclock_nmea.c releng/12.1/contrib/ntp/ntpd/refclock_oncore.c releng/12.1/contrib/ntp/ntpd/refclock_palisade.c releng/12.1/contrib/ntp/ntpd/refclock_palisade.h releng/12.1/contrib/ntp/ntpd/refclock_parse.c releng/12.1/contrib/ntp/ntpd/refclock_zyfer.c releng/12.1/contrib/ntp/ntpdate/ntpdate.c releng/12.1/contrib/ntp/ntpdc/invoke-ntpdc.texi releng/12.1/contrib/ntp/ntpdc/layout.std releng/12.1/contrib/ntp/ntpdc/ntpdc-opts.c releng/12.1/contrib/ntp/ntpdc/ntpdc-opts.h releng/12.1/contrib/ntp/ntpdc/ntpdc.1ntpdcman releng/12.1/contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc releng/12.1/contrib/ntp/ntpdc/ntpdc.c releng/12.1/contrib/ntp/ntpdc/ntpdc.html releng/12.1/contrib/ntp/ntpdc/ntpdc.man.in releng/12.1/contrib/ntp/ntpdc/ntpdc.mdoc.in releng/12.1/contrib/ntp/ntpdc/ntpdc_ops.c releng/12.1/contrib/ntp/ntpq/Makefile.am releng/12.1/contrib/ntp/ntpq/Makefile.in releng/12.1/contrib/ntp/ntpq/invoke-ntpq.texi releng/12.1/contrib/ntp/ntpq/ntpq-opts.c releng/12.1/contrib/ntp/ntpq/ntpq-opts.h releng/12.1/contrib/ntp/ntpq/ntpq-subs.c releng/12.1/contrib/ntp/ntpq/ntpq.1ntpqman releng/12.1/contrib/ntp/ntpq/ntpq.1ntpqmdoc releng/12.1/contrib/ntp/ntpq/ntpq.c releng/12.1/contrib/ntp/ntpq/ntpq.h releng/12.1/contrib/ntp/ntpq/ntpq.html releng/12.1/contrib/ntp/ntpq/ntpq.man.in releng/12.1/contrib/ntp/ntpq/ntpq.mdoc.in releng/12.1/contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi releng/12.1/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c releng/12.1/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h releng/12.1/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman releng/12.1/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc releng/12.1/contrib/ntp/ntpsnmpd/ntpsnmpd.html releng/12.1/contrib/ntp/ntpsnmpd/ntpsnmpd.man.in releng/12.1/contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in releng/12.1/contrib/ntp/packageinfo.sh releng/12.1/contrib/ntp/parseutil/dcfd.c releng/12.1/contrib/ntp/scripts/build/mkver.in releng/12.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj-opts releng/12.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman releng/12.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc releng/12.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.html releng/12.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in releng/12.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in releng/12.1/contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi releng/12.1/contrib/ntp/scripts/invoke-plot_summary.texi releng/12.1/contrib/ntp/scripts/invoke-summary.texi releng/12.1/contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi releng/12.1/contrib/ntp/scripts/ntp-wait/ntp-wait-opts releng/12.1/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman releng/12.1/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc releng/12.1/contrib/ntp/scripts/ntp-wait/ntp-wait.html releng/12.1/contrib/ntp/scripts/ntp-wait/ntp-wait.man.in releng/12.1/contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in releng/12.1/contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi releng/12.1/contrib/ntp/scripts/ntpsweep/ntpsweep-opts releng/12.1/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman releng/12.1/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc releng/12.1/contrib/ntp/scripts/ntpsweep/ntpsweep.html releng/12.1/contrib/ntp/scripts/ntpsweep/ntpsweep.man.in releng/12.1/contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in releng/12.1/contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi releng/12.1/contrib/ntp/scripts/ntptrace/ntptrace-opts releng/12.1/contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman releng/12.1/contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc releng/12.1/contrib/ntp/scripts/ntptrace/ntptrace.html releng/12.1/contrib/ntp/scripts/ntptrace/ntptrace.man.in releng/12.1/contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in releng/12.1/contrib/ntp/scripts/plot_summary-opts releng/12.1/contrib/ntp/scripts/plot_summary.1plot_summaryman releng/12.1/contrib/ntp/scripts/plot_summary.1plot_summarymdoc releng/12.1/contrib/ntp/scripts/plot_summary.html releng/12.1/contrib/ntp/scripts/plot_summary.man.in releng/12.1/contrib/ntp/scripts/plot_summary.mdoc.in releng/12.1/contrib/ntp/scripts/summary-opts releng/12.1/contrib/ntp/scripts/summary.1summaryman releng/12.1/contrib/ntp/scripts/summary.1summarymdoc releng/12.1/contrib/ntp/scripts/summary.html releng/12.1/contrib/ntp/scripts/summary.man.in releng/12.1/contrib/ntp/scripts/summary.mdoc.in releng/12.1/contrib/ntp/scripts/update-leap/invoke-update-leap.texi releng/12.1/contrib/ntp/scripts/update-leap/update-leap-opts releng/12.1/contrib/ntp/scripts/update-leap/update-leap.1update-leapman releng/12.1/contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc releng/12.1/contrib/ntp/scripts/update-leap/update-leap.html releng/12.1/contrib/ntp/scripts/update-leap/update-leap.man.in releng/12.1/contrib/ntp/scripts/update-leap/update-leap.mdoc.in releng/12.1/contrib/ntp/sntp/COPYRIGHT releng/12.1/contrib/ntp/sntp/configure releng/12.1/contrib/ntp/sntp/configure.ac releng/12.1/contrib/ntp/sntp/crypto.c releng/12.1/contrib/ntp/sntp/include/copyright.def releng/12.1/contrib/ntp/sntp/include/version.def releng/12.1/contrib/ntp/sntp/include/version.texi releng/12.1/contrib/ntp/sntp/invoke-sntp.texi releng/12.1/contrib/ntp/sntp/libevent/build-aux/ar-lib releng/12.1/contrib/ntp/sntp/libevent/build-aux/compile releng/12.1/contrib/ntp/sntp/libevent/build-aux/config.guess releng/12.1/contrib/ntp/sntp/libevent/build-aux/config.sub releng/12.1/contrib/ntp/sntp/libevent/build-aux/depcomp releng/12.1/contrib/ntp/sntp/libevent/build-aux/install-sh releng/12.1/contrib/ntp/sntp/libevent/build-aux/missing releng/12.1/contrib/ntp/sntp/libevent/build-aux/test-driver releng/12.1/contrib/ntp/sntp/libevent/build-aux/ylwrap releng/12.1/contrib/ntp/sntp/libevent/test/regress.gen.c releng/12.1/contrib/ntp/sntp/libevent/test/regress.gen.h releng/12.1/contrib/ntp/sntp/libopts/m4/libopts.m4 releng/12.1/contrib/ntp/sntp/m4/ntp_problemtests.m4 releng/12.1/contrib/ntp/sntp/m4/version.m4 releng/12.1/contrib/ntp/sntp/main.c releng/12.1/contrib/ntp/sntp/networking.c releng/12.1/contrib/ntp/sntp/scm-rev releng/12.1/contrib/ntp/sntp/sntp-opts.c releng/12.1/contrib/ntp/sntp/sntp-opts.h releng/12.1/contrib/ntp/sntp/sntp.1sntpman releng/12.1/contrib/ntp/sntp/sntp.1sntpmdoc releng/12.1/contrib/ntp/sntp/sntp.html releng/12.1/contrib/ntp/sntp/sntp.man.in releng/12.1/contrib/ntp/sntp/sntp.mdoc.in releng/12.1/contrib/ntp/sntp/tests/run-crypto.c releng/12.1/contrib/ntp/sntp/tests/run-keyFile.c releng/12.1/contrib/ntp/sntp/tests/run-kodDatabase.c releng/12.1/contrib/ntp/sntp/tests/run-kodFile.c releng/12.1/contrib/ntp/sntp/tests/run-networking.c releng/12.1/contrib/ntp/sntp/tests/run-packetHandling.c releng/12.1/contrib/ntp/sntp/tests/run-packetProcessing.c releng/12.1/contrib/ntp/sntp/tests/run-t-log.c releng/12.1/contrib/ntp/sntp/tests/run-utilities.c releng/12.1/contrib/ntp/sntp/tests/testconf.yml releng/12.1/contrib/ntp/sntp/version.c releng/12.1/contrib/ntp/util/invoke-ntp-keygen.texi releng/12.1/contrib/ntp/util/ntp-keygen-opts.c releng/12.1/contrib/ntp/util/ntp-keygen-opts.h releng/12.1/contrib/ntp/util/ntp-keygen.1ntp-keygenman releng/12.1/contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc releng/12.1/contrib/ntp/util/ntp-keygen.html releng/12.1/contrib/ntp/util/ntp-keygen.man.in releng/12.1/contrib/ntp/util/ntp-keygen.mdoc.in releng/12.1/contrib/ntp/util/ntptime.c releng/12.1/usr.sbin/ntp/config.h releng/12.1/usr.sbin/ntp/libntp/Makefile Modified: releng/11.3/contrib/ntp/COPYRIGHT ============================================================================== --- releng/11.3/contrib/ntp/COPYRIGHT Thu Mar 19 16:51:57 2020 (r359143) +++ releng/11.3/contrib/ntp/COPYRIGHT Thu Mar 19 16:52:41 2020 (r359144) @@ -3,7 +3,7 @@ This file is automatically generated from html/copyrig jpg "Clone me," says Dolly sheepishly. - Last update: 2-Jan-2017 11:58 UTC + Last update: 4-Feb-2020 23:47 UTC __________________________________________________________________ The following copyright notice applies to all files collectively called @@ -32,7 +32,7 @@ This file is automatically generated from html/copyrig Burnicki is: *********************************************************************** * * -* Copyright (c) Network Time Foundation 2011-2017 * +* Copyright (c) Network Time Foundation 2011-2020 * * * * All Rights Reserved * * * Modified: releng/11.3/contrib/ntp/ChangeLog ============================================================================== --- releng/11.3/contrib/ntp/ChangeLog Thu Mar 19 16:51:57 2020 (r359143) +++ releng/11.3/contrib/ntp/ChangeLog Thu Mar 19 16:52:41 2020 (r359144) @@ -1,4 +1,100 @@ --- +(4.2.8p14) 2020/03/03 Released by Harlan Stenn + +* [Sec 3610] process_control() should bail earlier on short packets. stenn@ + - Reported by Philippe Antoine +* [Sec 3596] Highly predictable timestamp attack. + - Reported by Miroslav Lichvar +* [Sec 3592] DoS attack on client ntpd + - Reported by Miroslav Lichvar +* [Bug 3637] Emit the version of ntpd in saveconfig. stenn@ +* [Bug 3636] NMEA: combine time/date from multiple sentences +* [Bug 3635] Make leapsecond file hash check optional +* [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@ +* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence + - implement Zeller's congruence in libparse and libntp +* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap + - integrated patch by Cy Schubert +* [Bug 3620] memory leak in ntpq sysinfo + - applied patch by Gerry Garvey +* [Bug 3619] Honour drefid setting in cooked mode and sysinfo + - applied patch by Gerry Garvey +* [Bug 3617] Add support for ACE III and Copernicus II receivers + - integrated patch by Richard Steedman +* [Bug 3615] accelerate refclock startup +* [Bug 3613] Propagate noselect to mobilized pool servers + - Reported by Martin Burnicki +* [Bug 3612] Use-of-uninitialized-value in receive function + - Reported by Philippe Antoine +* [Bug 3611] NMEA time interpreted incorrectly + - officially document new "trust date" mode bit for NMEA driver + - restore the (previously undocumented) "trust date" feature lost with [bug 3577] +* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter + - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter' +* [Bug 3608] libparse fails to compile on S11.4SRU13 and later + - removed ffs() and fls() prototypes as per Brian Utterback +* [Bug 3604] Wrong param byte order passing into record_raw_stats() in + ntp_io.c + - fixed byte and paramter order as suggested by wei6410@sina.com +* [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no +* [Bug 3599] Build fails on linux-m68k due to alignment issues + - added padding as suggested by John Paul Adrian Glaubitz +* [Bug 3594] ntpd discards messages coming through nmead +* [Bug 3593] ntpd discards silently nmea messages after the 5th string +* [Bug 3590] Update refclock_oncore.c to the new GPS date API +* [Bug 3585] Unity tests mix buffered and unbuffered output + - stdout+stderr are set to line buffered during test setup now +* [Bug 3583] synchronization error + - set clock to base date if system time is before that limit +* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled +* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) + - Reported by Paulo Neves +* [Bug 3577] Update refclock_zyfer.c to the new GPS date API + - also updates for refclock_nmea.c and refclock_jupiter.c +* [Bug 3576] New GPS date function API +* [Bug 3573] nptdate: missleading error message +* [Bug 3570] NMEA driver docs: talker ID not mentioned, typo +* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' + - sidekick: service port resolution in 'ntpdate' +* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH + - applied patch by Douglas Royds +* [Bug 3542] ntpdc monlist parameters cannot be set +* [Bug 3533] ntpdc peer_info ipv6 issues + - applied patch by Gerry Garvey +* [Bug 3531] make check: test-decodenetnum fails + - try to harden 'decodenetnum()' against 'getaddrinfo()' errors + - fix wrong cond-compile tests in unit tests +* [Bug 3517] Reducing build noise +* [Bug 3516] Require tooling from this decade + - patch by Philipp Prindeville +* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code + - patch by Philipp Prindeville +* [Bug 3511] Get rid of AC_LANG_SOURCE() warnings + - patch by Philipp Prindeville +* [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() + - partial application of patch by Philipp Prindeville +* [Bug 3491] Signed values of LFP datatypes should always display a sign + - applied patch by Gerry Garvey & fixed unit tests +* [Bug 3490] Patch to support Trimble Resolution Receivers + - applied (modified) patch by Richard Steedman +* [Bug 3473] RefID of refclocks should always be text format + - applied patch by Gerry Garvey (with minor formatting changes) +* [Bug 3132] Building 4.2.8p8 with disabled local libopts fails + - applied patch by Miroslav Lichvar +* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network + +* [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user + is specified with -u + - monitor daemon child startup & propagate exit codes +* [Bug 1433] runtime check whether the kernel really supports capabilities + - (modified) patch by Kurt Roeckx +* Clean up sntp/networking.c:sendpkt() error message. +* Provide more detail on unrecognized config file parser tokens. +* Startup log improvements. +* Update the copyright year. +* html/confopt.html: cleanup. + +--- (4.2.8p13) 2019/03/07 Released by Harlan Stenn * [Sec 3565] Crafted null dereference attack in authenticated Modified: releng/11.3/contrib/ntp/CommitLog ============================================================================== --- releng/11.3/contrib/ntp/CommitLog Thu Mar 19 16:51:57 2020 (r359143) +++ releng/11.3/contrib/ntp/CommitLog Thu Mar 19 16:52:41 2020 (r359144) @@ -1,10 +1,3065 @@ -ChangeSet@1.3849, 2019-02-20 17:13:36-08:00, harlan@ntp-build.tal1.ntfo.org +ChangeSet@1.3896, 2020-03-03 17:42:43-08:00, ntpreleng@ntp-build.tal1.ntfo.org + NTP_4_2_8P14 + TAG: NTP_4_2_8P14 + + ChangeLog@1.1974 +1 -1 + NTP_4_2_8P14 + + ntpd/invoke-ntp.conf.texi@1.221 +1 -1 + NTP_4_2_8P14 + + ntpd/invoke-ntp.keys.texi@1.206 +1 -1 + NTP_4_2_8P14 + + ntpd/invoke-ntpd.texi@1.520 +2 -2 + NTP_4_2_8P14 + + ntpd/ntp.conf.5man@1.255 +2 -2 + NTP_4_2_8P14 + + ntpd/ntp.conf.5mdoc@1.255 +1 -1 + NTP_4_2_8P14 + + ntpd/ntp.conf.html@1.203 +1 -1 + NTP_4_2_8P14 + + ntpd/ntp.conf.man.in@1.255 +2 -2 + NTP_4_2_8P14 + + ntpd/ntp.conf.mdoc.in@1.255 +1 -1 + NTP_4_2_8P14 + + ntpd/ntp.keys.5man@1.240 +2 -2 + NTP_4_2_8P14 + + ntpd/ntp.keys.5mdoc@1.240 +1 -1 + NTP_4_2_8P14 + + ntpd/ntp.keys.html@1.201 +1 -1 + NTP_4_2_8P14 + + ntpd/ntp.keys.man.in@1.240 +2 -2 + NTP_4_2_8P14 + + ntpd/ntp.keys.mdoc.in@1.240 +1 -1 + NTP_4_2_8P14 + + ntpd/ntpd-opts.c@1.543 +7 -7 + NTP_4_2_8P14 + + ntpd/ntpd-opts.h@1.542 +3 -3 + NTP_4_2_8P14 + + ntpd/ntpd.1ntpdman@1.349 +2 -2 + NTP_4_2_8P14 + + ntpd/ntpd.1ntpdmdoc@1.349 +1 -1 + NTP_4_2_8P14 + + ntpd/ntpd.html@1.194 +2 -2 + NTP_4_2_8P14 + + ntpd/ntpd.man.in@1.349 +2 -2 + NTP_4_2_8P14 + + ntpd/ntpd.mdoc.in@1.349 +1 -1 + NTP_4_2_8P14 + + ntpdc/invoke-ntpdc.texi@1.517 +2 -2 + NTP_4_2_8P14 + + ntpdc/ntpdc-opts.c@1.536 +7 -7 + NTP_4_2_8P14 + + ntpdc/ntpdc-opts.h@1.535 +3 -3 + NTP_4_2_8P14 + + ntpdc/ntpdc.1ntpdcman@1.348 +2 -2 + NTP_4_2_8P14 + + ntpdc/ntpdc.1ntpdcmdoc@1.348 +1 -1 + NTP_4_2_8P14 + + ntpdc/ntpdc.html@1.363 +2 -2 + NTP_4_2_8P14 + + ntpdc/ntpdc.man.in@1.348 +2 -2 + NTP_4_2_8P14 + + ntpdc/ntpdc.mdoc.in@1.348 +1 -1 + NTP_4_2_8P14 + + ntpq/invoke-ntpq.texi@1.527 +2 -2 + NTP_4_2_8P14 + + ntpq/ntpq-opts.c@1.545 +7 -7 + NTP_4_2_8P14 + + ntpq/ntpq-opts.h@1.543 +3 -3 + NTP_4_2_8P14 + + ntpq/ntpq.1ntpqman@1.355 +2 -2 + NTP_4_2_8P14 + + ntpq/ntpq.1ntpqmdoc@1.355 +1 -1 + NTP_4_2_8P14 + + ntpq/ntpq.html@1.194 +2 -2 + NTP_4_2_8P14 + + ntpq/ntpq.man.in@1.355 +2 -2 + NTP_4_2_8P14 + + ntpq/ntpq.mdoc.in@1.355 +1 -1 + NTP_4_2_8P14 + + ntpsnmpd/invoke-ntpsnmpd.texi@1.519 +1 -1 + NTP_4_2_8P14 + + ntpsnmpd/ntpsnmpd-opts.c@1.538 +7 -7 + NTP_4_2_8P14 + + ntpsnmpd/ntpsnmpd-opts.h@1.537 +3 -3 + NTP_4_2_8P14 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.348 +2 -2 + NTP_4_2_8P14 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.348 +1 -1 + NTP_4_2_8P14 + + ntpsnmpd/ntpsnmpd.html@1.187 +1 -1 + NTP_4_2_8P14 + + ntpsnmpd/ntpsnmpd.man.in@1.348 +2 -2 + NTP_4_2_8P14 + + ntpsnmpd/ntpsnmpd.mdoc.in@1.348 +1 -1 + NTP_4_2_8P14 + + packageinfo.sh@1.544 +1 -1 + NTP_4_2_8P14 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.109 +2 -2 + NTP_4_2_8P14 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.110 +1 -1 + NTP_4_2_8P14 + + scripts/calc_tickadj/calc_tickadj.html@1.110 +1 -1 + NTP_4_2_8P14 + + scripts/calc_tickadj/calc_tickadj.man.in@1.108 +2 -2 + NTP_4_2_8P14 + + scripts/calc_tickadj/calc_tickadj.mdoc.in@1.110 +1 -1 + NTP_4_2_8P14 + + scripts/calc_tickadj/invoke-calc_tickadj.texi@1.113 +1 -1 + NTP_4_2_8P14 + + scripts/invoke-plot_summary.texi@1.131 +2 -2 + NTP_4_2_8P14 + + scripts/invoke-summary.texi@1.130 +2 -2 + NTP_4_2_8P14 + + scripts/ntp-wait/invoke-ntp-wait.texi@1.341 +2 -2 + NTP_4_2_8P14 + + scripts/ntp-wait/ntp-wait-opts@1.77 +2 -2 + NTP_4_2_8P14 + + scripts/ntp-wait/ntp-wait.1ntp-waitman@1.337 +2 -2 + NTP_4_2_8P14 + + scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.338 +1 -1 + NTP_4_2_8P14 + + scripts/ntp-wait/ntp-wait.html@1.359 +2 -2 + NTP_4_2_8P14 + + scripts/ntp-wait/ntp-wait.man.in@1.337 +2 -2 + NTP_4_2_8P14 + + scripts/ntp-wait/ntp-wait.mdoc.in@1.338 +1 -1 + NTP_4_2_8P14 + + scripts/ntpsweep/invoke-ntpsweep.texi@1.128 +2 -2 + NTP_4_2_8P14 + + scripts/ntpsweep/ntpsweep-opts@1.79 +2 -2 + NTP_4_2_8P14 + + scripts/ntpsweep/ntpsweep.1ntpsweepman@1.116 +2 -2 + NTP_4_2_8P14 + + scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.116 +1 -1 + NTP_4_2_8P14 + + scripts/ntpsweep/ntpsweep.html@1.131 +2 -2 + NTP_4_2_8P14 + + scripts/ntpsweep/ntpsweep.man.in@1.116 +2 -2 + NTP_4_2_8P14 + + scripts/ntpsweep/ntpsweep.mdoc.in@1.117 +1 -1 + NTP_4_2_8P14 + + scripts/ntptrace/invoke-ntptrace.texi@1.130 +2 -2 + NTP_4_2_8P14 + + scripts/ntptrace/ntptrace-opts@1.79 +2 -2 + NTP_4_2_8P14 + + scripts/ntptrace/ntptrace.1ntptraceman@1.116 +2 -2 + NTP_4_2_8P14 + + scripts/ntptrace/ntptrace.1ntptracemdoc@1.117 +1 -1 + NTP_4_2_8P14 + + scripts/ntptrace/ntptrace.html@1.132 +2 -2 + NTP_4_2_8P14 + + scripts/ntptrace/ntptrace.man.in@1.116 +2 -2 + NTP_4_2_8P14 + + scripts/ntptrace/ntptrace.mdoc.in@1.118 +1 -1 + NTP_4_2_8P14 + + scripts/plot_summary-opts@1.80 +2 -2 + NTP_4_2_8P14 + + scripts/plot_summary.1plot_summaryman@1.129 +2 -2 + NTP_4_2_8P14 + + scripts/plot_summary.1plot_summarymdoc@1.129 +1 -1 + NTP_4_2_8P14 + + scripts/plot_summary.html@1.134 +2 -2 + NTP_4_2_8P14 + + scripts/plot_summary.man.in@1.129 +2 -2 + NTP_4_2_8P14 + + scripts/plot_summary.mdoc.in@1.129 +1 -1 + NTP_4_2_8P14 + + scripts/summary-opts@1.79 +2 -2 + NTP_4_2_8P14 + + scripts/summary.1summaryman@1.128 +2 -2 + NTP_4_2_8P14 + + scripts/summary.1summarymdoc@1.128 +1 -1 + NTP_4_2_8P14 + + scripts/summary.html@1.133 +2 -2 + NTP_4_2_8P14 + + scripts/summary.man.in@1.128 +2 -2 + NTP_4_2_8P14 + + scripts/summary.mdoc.in@1.128 +1 -1 + NTP_4_2_8P14 + + scripts/update-leap/invoke-update-leap.texi@1.29 +1 -1 + NTP_4_2_8P14 + + scripts/update-leap/update-leap-opts@1.30 +2 -2 + NTP_4_2_8P14 + + scripts/update-leap/update-leap.1update-leapman@1.29 +2 -2 + NTP_4_2_8P14 + + scripts/update-leap/update-leap.1update-leapmdoc@1.29 +1 -1 + NTP_4_2_8P14 + + scripts/update-leap/update-leap.html@1.30 +1 -1 + NTP_4_2_8P14 + + scripts/update-leap/update-leap.man.in@1.29 +2 -2 + NTP_4_2_8P14 + + scripts/update-leap/update-leap.mdoc.in@1.29 +1 -1 + NTP_4_2_8P14 + + sntp/invoke-sntp.texi@1.519 +2 -2 + NTP_4_2_8P14 + + sntp/sntp-opts.c@1.539 +7 -7 + NTP_4_2_8P14 + + sntp/sntp-opts.h@1.537 +3 -3 + NTP_4_2_8P14 + + sntp/sntp.1sntpman@1.354 +2 -2 + NTP_4_2_8P14 + + sntp/sntp.1sntpmdoc@1.354 +1 -1 + NTP_4_2_8P14 + + sntp/sntp.html@1.535 +2 -2 + NTP_4_2_8P14 + + sntp/sntp.man.in@1.354 +2 -2 + NTP_4_2_8P14 + + sntp/sntp.mdoc.in@1.354 +1 -1 + NTP_4_2_8P14 + + util/invoke-ntp-keygen.texi@1.522 +2 -2 + NTP_4_2_8P14 + + util/ntp-keygen-opts.c@1.541 +7 -7 + NTP_4_2_8P14 + + util/ntp-keygen-opts.h@1.539 +3 -3 + NTP_4_2_8P14 + + util/ntp-keygen.1ntp-keygenman@1.350 +2 -2 + NTP_4_2_8P14 + + util/ntp-keygen.1ntp-keygenmdoc@1.350 +1 -1 + NTP_4_2_8P14 + + util/ntp-keygen.html@1.195 +2 -2 + NTP_4_2_8P14 + + util/ntp-keygen.man.in@1.350 +2 -2 + NTP_4_2_8P14 + + util/ntp-keygen.mdoc.in@1.350 +1 -1 + NTP_4_2_8P14 + +ChangeSet@1.3895, 2020-03-03 17:09:57-08:00, ntpreleng@ntp-build.tal1.ntfo.org + quiet some debug messages + + ntpd/ntp_config.c@1.375 +0 -2 + quiet some debug messages + + ntpd/ntp_peer.c@1.166 +2 -0 + quiet some debug messages + +ChangeSet@1.3894, 2020-03-03 16:49:54-08:00, ntpreleng@ntp-build.tal1.ntfo.org + NTP_4_2_8P13 + TAG: NTP_4_2_8P13 + + ChangeLog@1.1973 +1 -0 + NTP_4_2_8P13 + + ntpd/invoke-ntp.conf.texi@1.220 +31 -7 + NTP_4_2_8P13 + + ntpd/invoke-ntp.keys.texi@1.205 +1 -1 + NTP_4_2_8P13 + + ntpd/invoke-ntpd.texi@1.519 +3 -3 + NTP_4_2_8P13 + + ntpd/ntp.conf.5man@1.254 +34 -9 + NTP_4_2_8P13 + + ntpd/ntp.conf.5mdoc@1.254 +41 -6 + NTP_4_2_8P13 + + ntpd/ntp.conf.html@1.202 +33 -7 + NTP_4_2_8P13 + + ntpd/ntp.conf.man.in@1.254 +34 -9 + NTP_4_2_8P13 + + ntpd/ntp.conf.mdoc.in@1.254 +41 -6 + NTP_4_2_8P13 + + ntpd/ntp.keys.5man@1.239 +2 -2 + NTP_4_2_8P13 + + ntpd/ntp.keys.5mdoc@1.239 +3 -3 + NTP_4_2_8P13 + + ntpd/ntp.keys.man.in@1.239 +2 -2 + NTP_4_2_8P13 + + ntpd/ntp.keys.mdoc.in@1.239 +3 -3 + NTP_4_2_8P13 + + ntpd/ntpd-opts.c@1.542 +2 -2 + NTP_4_2_8P13 + + ntpd/ntpd-opts.h@1.541 +3 -3 + NTP_4_2_8P13 + + ntpd/ntpd.1ntpdman@1.348 +2 -2 + NTP_4_2_8P13 + + ntpd/ntpd.1ntpdmdoc@1.348 +2 -2 + NTP_4_2_8P13 + + ntpd/ntpd.man.in@1.348 +2 -2 + NTP_4_2_8P13 + + ntpd/ntpd.mdoc.in@1.348 +2 -2 + NTP_4_2_8P13 + + ntpdc/invoke-ntpdc.texi@1.516 +1 -1 + NTP_4_2_8P13 + + ntpdc/ntpdc-opts.c@1.535 +2 -2 + NTP_4_2_8P13 + + ntpdc/ntpdc-opts.h@1.534 +3 -3 + NTP_4_2_8P13 + + ntpdc/ntpdc.1ntpdcman@1.347 +2 -2 + NTP_4_2_8P13 + + ntpdc/ntpdc.1ntpdcmdoc@1.347 +2 -2 + NTP_4_2_8P13 + + ntpdc/ntpdc.html@1.362 +408 -353 + NTP_4_2_8P13 + + ntpdc/ntpdc.man.in@1.347 +2 -2 + NTP_4_2_8P13 + + ntpdc/ntpdc.mdoc.in@1.347 +2 -2 + NTP_4_2_8P13 + + ntpq/invoke-ntpq.texi@1.526 +1 -1 + NTP_4_2_8P13 + + ntpq/ntpq-opts.c@1.544 +2 -2 + NTP_4_2_8P13 + + ntpq/ntpq-opts.h@1.542 +3 -3 + NTP_4_2_8P13 + + ntpq/ntpq.1ntpqman@1.354 +2 -2 + NTP_4_2_8P13 + + ntpq/ntpq.1ntpqmdoc@1.354 +2 -2 + NTP_4_2_8P13 + + ntpq/ntpq.html@1.193 +1 -1 + NTP_4_2_8P13 + + ntpq/ntpq.man.in@1.354 +2 -2 + NTP_4_2_8P13 + + ntpq/ntpq.mdoc.in@1.354 +2 -2 + NTP_4_2_8P13 + + ntpsnmpd/invoke-ntpsnmpd.texi@1.518 +1 -1 + NTP_4_2_8P13 + + ntpsnmpd/ntpsnmpd-opts.c@1.537 +2 -2 + NTP_4_2_8P13 + + ntpsnmpd/ntpsnmpd-opts.h@1.536 +3 -3 + NTP_4_2_8P13 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.347 +2 -2 + NTP_4_2_8P13 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.347 +2 -2 + NTP_4_2_8P13 + + ntpsnmpd/ntpsnmpd.man.in@1.347 +2 -2 + NTP_4_2_8P13 + + ntpsnmpd/ntpsnmpd.mdoc.in@1.347 +2 -2 + NTP_4_2_8P13 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.108 +2 -2 + NTP_4_2_8P13 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.109 +2 -2 + NTP_4_2_8P13 + + scripts/calc_tickadj/calc_tickadj.html@1.109 +172 -128 + NTP_4_2_8P13 + + scripts/calc_tickadj/calc_tickadj.man.in@1.107 +2 -2 + NTP_4_2_8P13 + + scripts/calc_tickadj/calc_tickadj.mdoc.in@1.109 +2 -2 + NTP_4_2_8P13 + + scripts/calc_tickadj/invoke-calc_tickadj.texi@1.112 +2 -2 + NTP_4_2_8P13 + + scripts/invoke-plot_summary.texi@1.130 +2 -2 + NTP_4_2_8P13 + + scripts/invoke-summary.texi@1.129 +2 -2 + NTP_4_2_8P13 + + scripts/ntp-wait/invoke-ntp-wait.texi@1.340 +2 -2 + NTP_4_2_8P13 + + scripts/ntp-wait/ntp-wait-opts@1.76 +2 -2 + NTP_4_2_8P13 + + scripts/ntp-wait/ntp-wait.1ntp-waitman@1.336 +2 -2 + NTP_4_2_8P13 + + scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.337 +2 -2 + NTP_4_2_8P13 + + scripts/ntp-wait/ntp-wait.html@1.358 +181 -152 + NTP_4_2_8P13 + + scripts/ntp-wait/ntp-wait.man.in@1.336 +2 -2 + NTP_4_2_8P13 + + scripts/ntp-wait/ntp-wait.mdoc.in@1.337 +2 -2 + NTP_4_2_8P13 + + scripts/ntpsweep/invoke-ntpsweep.texi@1.127 +2 -2 + NTP_4_2_8P13 + + scripts/ntpsweep/ntpsweep-opts@1.78 +2 -2 + NTP_4_2_8P13 + + scripts/ntpsweep/ntpsweep.1ntpsweepman@1.115 +2 -2 + NTP_4_2_8P13 + + scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.115 +2 -2 + NTP_4_2_8P13 + + scripts/ntpsweep/ntpsweep.html@1.130 +188 -152 + NTP_4_2_8P13 + + scripts/ntpsweep/ntpsweep.man.in@1.115 +2 -2 + NTP_4_2_8P13 + + scripts/ntpsweep/ntpsweep.mdoc.in@1.116 +2 -2 + NTP_4_2_8P13 + + scripts/ntptrace/invoke-ntptrace.texi@1.129 +2 -2 + NTP_4_2_8P13 + + scripts/ntptrace/ntptrace-opts@1.78 +2 -2 + NTP_4_2_8P13 + + scripts/ntptrace/ntptrace.1ntptraceman@1.115 +2 -2 + NTP_4_2_8P13 + + scripts/ntptrace/ntptrace.1ntptracemdoc@1.116 +2 -2 + NTP_4_2_8P13 + + scripts/ntptrace/ntptrace.html@1.131 +179 -129 + NTP_4_2_8P13 + + scripts/ntptrace/ntptrace.man.in@1.115 +2 -2 + NTP_4_2_8P13 + + scripts/ntptrace/ntptrace.mdoc.in@1.117 +2 -2 + NTP_4_2_8P13 + + scripts/plot_summary-opts@1.79 +2 -2 + NTP_4_2_8P13 + + scripts/plot_summary.1plot_summaryman@1.128 +2 -2 + NTP_4_2_8P13 + + scripts/plot_summary.1plot_summarymdoc@1.128 +2 -2 + NTP_4_2_8P13 + + scripts/plot_summary.html@1.133 +203 -161 + NTP_4_2_8P13 + + scripts/plot_summary.man.in@1.128 +2 -2 + NTP_4_2_8P13 + + scripts/plot_summary.mdoc.in@1.128 +2 -2 + NTP_4_2_8P13 + + scripts/summary-opts@1.78 +2 -2 + NTP_4_2_8P13 + + scripts/summary.1summaryman@1.127 +2 -2 + NTP_4_2_8P13 + + scripts/summary.1summarymdoc@1.127 +2 -2 + NTP_4_2_8P13 + + scripts/summary.html@1.132 +184 -136 + NTP_4_2_8P13 + + scripts/summary.man.in@1.127 +2 -2 + NTP_4_2_8P13 + + scripts/summary.mdoc.in@1.127 +2 -2 + NTP_4_2_8P13 + + scripts/update-leap/invoke-update-leap.texi@1.28 +1 -1 + NTP_4_2_8P13 + + scripts/update-leap/update-leap-opts@1.29 +2 -2 + NTP_4_2_8P13 + + scripts/update-leap/update-leap.1update-leapman@1.28 +2 -2 + NTP_4_2_8P13 + + scripts/update-leap/update-leap.1update-leapmdoc@1.28 +2 -2 + NTP_4_2_8P13 + + scripts/update-leap/update-leap.html@1.29 +1 -1 + NTP_4_2_8P13 + + scripts/update-leap/update-leap.man.in@1.28 +2 -2 + NTP_4_2_8P13 + + scripts/update-leap/update-leap.mdoc.in@1.28 +2 -2 + NTP_4_2_8P13 + + sntp/invoke-sntp.texi@1.518 +1 -1 + NTP_4_2_8P13 + + sntp/sntp-opts.c@1.538 +2 -2 + NTP_4_2_8P13 + + sntp/sntp-opts.h@1.536 +3 -3 + NTP_4_2_8P13 + + sntp/sntp.1sntpman@1.353 +2 -2 + NTP_4_2_8P13 + + sntp/sntp.1sntpmdoc@1.353 +2 -2 + NTP_4_2_8P13 + + sntp/sntp.html@1.534 +472 -418 + NTP_4_2_8P13 + + sntp/sntp.man.in@1.353 +2 -2 + NTP_4_2_8P13 + + sntp/sntp.mdoc.in@1.353 +2 -2 + NTP_4_2_8P13 + + util/invoke-ntp-keygen.texi@1.521 +1 -1 + NTP_4_2_8P13 + + util/ntp-keygen-opts.c@1.540 +2 -2 + NTP_4_2_8P13 + + util/ntp-keygen-opts.h@1.538 +3 -3 + NTP_4_2_8P13 + + util/ntp-keygen.1ntp-keygenman@1.349 +2 -2 + NTP_4_2_8P13 + + util/ntp-keygen.1ntp-keygenmdoc@1.349 +2 -2 + NTP_4_2_8P13 + + util/ntp-keygen.html@1.194 +1 -1 + NTP_4_2_8P13 + + util/ntp-keygen.man.in@1.349 +2 -2 + NTP_4_2_8P13 + + util/ntp-keygen.mdoc.in@1.349 +2 -2 + NTP_4_2_8P13 + +ChangeSet@1.3893, 2020-03-03 16:25:14-08:00, ntpreleng@ntp-build.tal1.ntfo.org + Replace line with head -1 + + scripts/build/addChangeLogTag@1.6 +1 -1 + Replace line with head -1 + +ChangeSet@1.3892, 2020-03-03 16:05:38-08:00, ntpreleng@ntp-build.tal1.ntfo.org + provide get_pollskew() for simulator + + ntpd/ntp_config.c@1.374 +2 -2 + provide get_pollskew() for simulator + +ChangeSet@1.3844.24.1, 2020-03-03 03:30:13-08:00, ntpreleng@ntp-build.tal1.ntfo.org + NTP_4_2_8P13 + TAG: NTP_4_2_8P13 (currently on 1.3894) + + BitKeeper/triggers/2mirrors@1.11 +6 -2 + NTP_4_2_8P13 + + ntpd/ntpd-opts.c@1.539.1.1 +1 -1 + NTP_4_2_8P13 + + ntpd/ntpd-opts.h@1.538.1.1 +1 -1 + NTP_4_2_8P13 + + ntpd/ntpd.html@1.193 +3 -3 + NTP_4_2_8P13 + + ntpd/ntpdsim-opts.c@1.29 +372 -340 + NTP_4_2_8P13 + + ntpd/ntpdsim-opts.h@1.29 +44 -37 + NTP_4_2_8P13 + + ntpdc/ntpdc-opts.c@1.532.1.1 +1 -1 + NTP_4_2_8P13 + + ntpdc/ntpdc-opts.h@1.531.1.1 +1 -1 + NTP_4_2_8P13 + + ntpq/ntpq-opts.c@1.541.1.1 +1 -1 + NTP_4_2_8P13 + + ntpq/ntpq-opts.h@1.539.1.1 +1 -1 + NTP_4_2_8P13 + + ntpq/ntpq.html@1.192 +1 -1 + NTP_4_2_8P13 + + ntpsnmpd/ntpsnmpd-opts.c@1.534.1.1 +1 -1 + NTP_4_2_8P13 + + ntpsnmpd/ntpsnmpd-opts.h@1.533.1.1 +1 -1 + NTP_4_2_8P13 + + scripts/calc_tickadj/calc_tickadj-opts@1.10 +2 -2 + NTP_4_2_8P13 + + scripts/ntp-wait/invoke-ntp-wait.texi@1.337.1.1 +1 -1 + NTP_4_2_8P13 + + scripts/ntp-wait/ntp-wait-opts@1.73.1.1 +1 -1 + NTP_4_2_8P13 + + scripts/ntpsweep/ntpsweep-opts@1.75.1.1 +1 -1 + NTP_4_2_8P13 + + scripts/ntptrace/invoke-ntptrace.texi@1.126.1.1 +1 -1 + NTP_4_2_8P13 + + scripts/ntptrace/ntptrace-opts@1.75.1.1 +1 -1 + NTP_4_2_8P13 + + scripts/plot_summary-opts@1.76.1.1 +1 -1 + NTP_4_2_8P13 + + scripts/summary-opts@1.75.1.1 +1 -1 + NTP_4_2_8P13 + + scripts/update-leap/update-leap-opts@1.26.1.1 +1 -1 + NTP_4_2_8P13 + + sntp/sntp-opts.c@1.535.1.1 +1 -1 + NTP_4_2_8P13 + + sntp/sntp-opts.h@1.533.1.1 +1 -1 + NTP_4_2_8P13 + + util/ntp-keygen-opts.c@1.537.1.1 +1 -1 + NTP_4_2_8P13 + + util/ntp-keygen-opts.h@1.535.1.1 +1 -1 + NTP_4_2_8P13 + + util/ntp-keygen.html@1.193 +1 -1 + NTP_4_2_8P13 + +ChangeSet@1.3888, 2020-03-03 07:26:56+00:00, stenn@psp-deb1.ntp.org + cleanup + + NEWS@1.197.1.3 +3 -2 + cleanup + +ChangeSet@1.3887, 2020-02-18 05:11:26+00:00, stenn@psp-deb1.ntp.org + Cleanup distcheck psl* files + + ntpd/Makefile.am@1.138 +11 -0 + Cleanup distcheck psl* files + +ChangeSet@1.3886, 2020-02-18 05:10:35+00:00, stenn@psp-deb1.ntp.org + Distribute ntp_calgps.h + + include/Makefile.am@1.58 +1 -0 + Distribute ntp_calgps.h + +ChangeSet@1.3885, 2020-02-18 03:32:51+00:00, stenn@psp-deb1.ntp.org + Update the NEWS file for p14 + + NEWS@1.197.1.2 +107 -0 + Update the NEWS file for p14 + +ChangeSet@1.3884, 2020-02-17 11:05:46+00:00, stenn@psp-deb1.ntp.org + merge cleanup + + ntpd/ntp_proto.c@1.432 +1 -1 + merge cleanup + +ChangeSet@1.3881, 2020-02-17 08:50:00+00:00, stenn@psp-deb1.ntp.org + update + + ntpd/ntp_keyword.h@1.38 +545 -539 + update + +ChangeSet@1.3880, 2020-02-17 08:48:45+00:00, stenn@psp-deb1.ntp.org + Startp logging improvements. + Bug3596. + + html/accopt.html@1.48 +7 -2 + cleanup. + bug3596: document 'serverresponse fuzz' + + html/confopt.html@1.64.1.1 +22 -9 + Cleanup. + + Bug 3596: document xmtnonce + + html/miscopt.html@1.93 +19 -1 + Cleanup. + + bug3596: document pollskewlist + + include/Makefile.am@1.57 +1 -0 + pollskew upodates + + include/ntp.h@1.232 +8 -2 + bug3596 chagnes: + - srvfuzrft patches + - pollskew updates + - xmtnonce + + include/ntp_config.h@1.89 +27 -20 + bug3596 updates: + - pollskewlist + - srvfuzrft patches + + include/ntp_psl.h@1.1 +17 -0 + BitKeeper file include/ntp_psl.h + --- + bug3596 + + include/ntp_psl.h@1.0 +0 -0 + + include/ntp_request.h@1.54 +2 -1 + srvfuzrft patches + + include/ntp_stdlib.h@1.88 +1 -1 + randomizepoll/server response fuzz reftime fixes + + include/ntpd.h@1.207 +1 -1 + bug3596 cleanup + + libntp/statestr.c@1.31 +12 -5 + bug3596 srvrspfuz fixes + + ntpd/Makefile.am@1.137 +37 -7 + bug3596 pollskewlist changes + + ntpd/complete.conf.in@1.37 +4 -2 + bug3596: randompoll, pollskew xmtnonce + + ntpd/keyword-gen-utd@1.35 +1 -1 + Keyword table updates + + ntpd/keyword-gen.c@1.42 +3 -3 + bug3596: serverresponse fuzz, pollskewlist, xmtnonce + + ntpd/ntp.conf.def@1.34 +40 -4 + Cleanup. + bug3596: xmtnonce, serverresponse fuzz, pollskewlist, + + ntpd/ntp_config.c@1.373 +250 -26 + bug3596: serverresponse fuzz, pollskewlist, xmtnonce + + ntpd/ntp_loopfilter.c@1.195 +1 -1 + pollskew upodates + + ntpd/ntp_parser.c@1.117 +1298 -1283 + bug3596 *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-releng@freebsd.org Thu Mar 19 17:01:58 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9DEBC26487E; Thu, 19 Mar 2020 17:01:58 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jtVZ3ls0z4Sd0; Thu, 19 Mar 2020 17:01:58 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7C3CBE2C0; Thu, 19 Mar 2020 17:01:58 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JH1wNI035525; Thu, 19 Mar 2020 17:01:58 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02JH1va6035521; Thu, 19 Mar 2020 17:01:57 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202003191701.02JH1va6035521@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Mar 2020 17:01:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r359145 - in releng: 11.3 11.3/sys/conf 12.1 12.1/sys/conf X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3 11.3/sys/conf 12.1 12.1/sys/conf X-SVN-Commit-Revision: 359145 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 17:01:58 -0000 Author: gordon Date: Thu Mar 19 17:01:57 2020 New Revision: 359145 URL: https://svnweb.freebsd.org/changeset/base/359145 Log: Add UPDATING entries and bump version. Approved by: so Modified: releng/11.3/UPDATING releng/11.3/sys/conf/newvers.sh releng/12.1/UPDATING releng/12.1/sys/conf/newvers.sh Modified: releng/11.3/UPDATING ============================================================================== --- releng/11.3/UPDATING Thu Mar 19 16:52:41 2020 (r359144) +++ releng/11.3/UPDATING Thu Mar 19 17:01:57 2020 (r359145) @@ -16,6 +16,28 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20200319 p7 FreeBSD-EN-20:04.pfctl + FreeBSD-EN-20:06.ipv6 + FreeBSD-SA-20:04.tcp + FreeBSD-SA-20:05.if_oce_ioctl + FreeBSD-SA-20:07.epair + FreeBSD-SA-20:08.jail + FreeBSD-SA-20:09.ntp + + Fix missing pfctl(8) tunable [EN-20:04.pfctl] + + Fix incorrect checksum calculations with IPv6 extension headers [EN-20:06.ipv6] + + Fix TCP IPv6 SYN cache kernel information disclosure [SA-20:04.tcp] + + Fix insufficient oce(4) ioctl(2) privilege checking [SA-20:05.if_oce_ioctl] + + Fix incorrect user-controlled pointer use in epair [SA-20:07.epair] + + Fix kernel memory disclosure with nested jails [SA-20:08.jail] + + Fix multiple denial of service in ntpd [SA-20:09.ntp] + 20200128 p6 FreeBSD-EN-20:01.ssp FreeBSD-EN-20:02.nmount FreeBSD-SA-20:01.libfetch Modified: releng/11.3/sys/conf/newvers.sh ============================================================================== --- releng/11.3/sys/conf/newvers.sh Thu Mar 19 16:52:41 2020 (r359144) +++ releng/11.3/sys/conf/newvers.sh Thu Mar 19 17:01:57 2020 (r359145) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.3" -BRANCH="RELEASE-p6" +BRANCH="RELEASE-p7" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/12.1/UPDATING ============================================================================== --- releng/12.1/UPDATING Thu Mar 19 16:52:41 2020 (r359144) +++ releng/12.1/UPDATING Thu Mar 19 17:01:57 2020 (r359145) @@ -16,6 +16,34 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20200319 p3 FreeBSD-EN-20:03.sshd + FreeBSD-EN-20:05.mlx5en + FreeBSD-EN-20:06.ipv6 + FreeBSD-SA-20:04.tcp + FreeBSD-SA-20:05.if_oce_ioctl + FreeBSD-SA-20:06.if_ixl_ioctl + FreeBSD-SA-20:07.epair + FreeBSD-SA-20:08.jail + FreeBSD-SA-20:09.ntp + + Fix misleading log messages upon successful sshd login [EN-20:03.sshd] + + Fix packet forwarding performance in mlx5en(4) driver [EN-20:05.mlx5en] + + Fix incorrect checksum calculations with IPv6 extension headers [EN-20:06.ipv6] + + Fix TCP IPv6 SYN cache kernel information disclosure [SA-20:04.tcp] + + Fix insufficient oce(4) ioctl(2) privilege checking [SA-20:05.if_oce_ioctl] + + Fix insufficient ixl(4) ioctl(2) privilege checking [SA-20:06.if_ixl_ioctl] + + Fix incorrect user-controlled pointer use in epair [SA-20:07.epair] + + Fix kernel memory disclosure with nested jails [SA-20:08.jail] + + Fix multiple denial of service in ntpd [SA-20:09.ntp] + 20200128 p2 FreeBSD-EN-20:01.ssp FreeBSD-SA-20:01.libfetch FreeBSD-SA-20:03.thrmisc Modified: releng/12.1/sys/conf/newvers.sh ============================================================================== --- releng/12.1/sys/conf/newvers.sh Thu Mar 19 16:52:41 2020 (r359144) +++ releng/12.1/sys/conf/newvers.sh Thu Mar 19 17:01:57 2020 (r359145) @@ -46,7 +46,7 @@ TYPE="FreeBSD" REVISION="12.1" -BRANCH="RELEASE-p2" +BRANCH="RELEASE-p3" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi