From owner-svn-src-releng@freebsd.org Mon May 11 19:10:24 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1A40C2E882B; Mon, 11 May 2020 19:10:24 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49LVrH6yyNz3wlV; Mon, 11 May 2020 19:10:23 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E637623211; Mon, 11 May 2020 19:10:23 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04BJANWc051687; Mon, 11 May 2020 19:10:23 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04BJANTP051686; Mon, 11 May 2020 19:10:23 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005111910.04BJANTP051686@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Mon, 11 May 2020 19:10:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360907 - releng/11.4/release/doc/en_US.ISO8859-1 X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/en_US.ISO8859-1 X-SVN-Commit-Revision: 360907 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2020 19:10:24 -0000 Author: gjb Date: Mon May 11 19:10:23 2020 New Revision: 360907 URL: https://svnweb.freebsd.org/changeset/base/360907 Log: Add the installation SUBDIR (commented for now). Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/en_US.ISO8859-1/Makefile Modified: releng/11.4/release/doc/en_US.ISO8859-1/Makefile ============================================================================== --- releng/11.4/release/doc/en_US.ISO8859-1/Makefile Mon May 11 19:08:03 2020 (r360906) +++ releng/11.4/release/doc/en_US.ISO8859-1/Makefile Mon May 11 19:10:23 2020 (r360907) @@ -4,6 +4,7 @@ RELN_ROOT?= ${.CURDIR}/.. SUBDIR = relnotes SUBDIR+= hardware +#SUBDIR+= installation SUBDIR+= readme SUBDIR+= errata From owner-svn-src-releng@freebsd.org Mon May 11 19:10:25 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3BE0D2E8838; Mon, 11 May 2020 19:10:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49LVrK0dDMz3wlW; Mon, 11 May 2020 19:10:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 10D1E23212; Mon, 11 May 2020 19:10:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04BJAO37051733; Mon, 11 May 2020 19:10:24 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04BJAOpc051732; Mon, 11 May 2020 19:10:24 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005111910.04BJAOpc051732@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Mon, 11 May 2020 19:10:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360908 - releng/11.4/release/doc/share/xml X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/share/xml X-SVN-Commit-Revision: 360908 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2020 19:10:25 -0000 Author: gjb Date: Mon May 11 19:10:24 2020 New Revision: 360908 URL: https://svnweb.freebsd.org/changeset/base/360908 Log: Update version number information in release.ent. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/share/xml/release.ent Modified: releng/11.4/release/doc/share/xml/release.ent ============================================================================== --- releng/11.4/release/doc/share/xml/release.ent Mon May 11 19:10:23 2020 (r360907) +++ releng/11.4/release/doc/share/xml/release.ent Mon May 11 19:10:24 2020 (r360908) @@ -6,7 +6,7 @@ - + - + - + @@ -37,10 +37,10 @@ or "release" --> - + - - + + From owner-svn-src-releng@freebsd.org Mon May 11 19:10:26 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8E3732E8855; Mon, 11 May 2020 19:10:26 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49LVrL24WGz3wlw; Mon, 11 May 2020 19:10:26 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3A27123213; Mon, 11 May 2020 19:10:26 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04BJAQXr051776; Mon, 11 May 2020 19:10:26 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04BJAQfu051775; Mon, 11 May 2020 19:10:26 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005111910.04BJAQfu051775@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Mon, 11 May 2020 19:10:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360909 - releng/11.4/release/doc/en_US.ISO8859-1/installation X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/en_US.ISO8859-1/installation X-SVN-Commit-Revision: 360909 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2020 19:10:26 -0000 Author: gjb Date: Mon May 11 19:10:25 2020 New Revision: 360909 URL: https://svnweb.freebsd.org/changeset/base/360909 Log: Update version information in the installation page. Bump the copyright year while here. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/en_US.ISO8859-1/installation/article.xml Modified: releng/11.4/release/doc/en_US.ISO8859-1/installation/article.xml ============================================================================== --- releng/11.4/release/doc/en_US.ISO8859-1/installation/article.xml Mon May 11 19:10:24 2020 (r360908) +++ releng/11.4/release/doc/en_US.ISO8859-1/installation/article.xml Mon May 11 19:10:25 2020 (r360909) @@ -4,7 +4,7 @@ %release; - + ]>
$FreeBSD$ - 2018 + 2020 The &os; Documentation Project @@ -82,8 +82,7 @@ The &man.freebsd-update.8; utility supports binary upgrades of &arch.i386; and &arch.amd64; systems running earlier FreeBSD releases. Systems running - 10.3-RELEASE, - 11.0-RELEASE can upgrade as follows: + 11.3-RELEASE can upgrade as follows: &prompt.root; freebsd-update fetch &prompt.root; freebsd-update install From owner-svn-src-releng@freebsd.org Mon May 11 19:10:29 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5C4AA2E8886; Mon, 11 May 2020 19:10:29 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49LVrN1xcFz3wnT; Mon, 11 May 2020 19:10:28 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 547D723214; Mon, 11 May 2020 19:10:27 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04BJARC3051819; Mon, 11 May 2020 19:10:27 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04BJARU7051818; Mon, 11 May 2020 19:10:27 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005111910.04BJARU7051818@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Mon, 11 May 2020 19:10:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360910 - releng/11.4/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/en_US.ISO8859-1/relnotes X-SVN-Commit-Revision: 360910 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2020 19:10:30 -0000 Author: gjb Date: Mon May 11 19:10:26 2020 New Revision: 360910 URL: https://svnweb.freebsd.org/changeset/base/360910 Log: Prune entries from 11.3-RELEASE. Bump copyright year while here. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon May 11 19:10:25 2020 (r360909) +++ releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon May 11 19:10:26 2020 (r360910) @@ -24,10 +24,8 @@ $FreeBSD$ - - - 2019 + 2020 The &os; Documentation Project @@ -161,151 +159,19 @@ Userland Configuration Changes - The &man.jail.8; utility has been - updated to include a new &man.jail.conf.5; parameter, - allow.read_msgbuf, which prevents jailed - processes and users from accessing the &man.dmesg.8; buffer. - This parameter is set to false by - default. - - The system &man.crontab.5;, - /etc/crontab, has been updated to set - PATH for consistency with the &man.cron.8; - daemon. - - The default &man.devd.conf.5; has been - updated to prevent duplicated &man.hostapd.8; and - &man.wpa.supplicant.8; startup via &man.devd.8;. +   Userland Application Changes - The &man.cpuset.1;, &man.sockstat.1;, - &man.ipfw.8;, and &man.ugidfw.8; utilities have been updated - to support &man.jail.8; names. - - The &man.newfs.msdos.8; utililty has - been updated to include a new flag, -T, - which is used to specify the timestamp for build - reproducibility. - - The &man.dd.1; utility has been updated - to add a new statusoperand, - progress, which reports the current status - on a single line every second. - - The &man.last.1; utility has been - updated to include &man.libxo.3; support. - - The &man.lastlogin.8; utility has been - updated to include &man.libxo.3; support. - - The &man.traceroute.8; utility has been - updated to include &man.libcasper.3; support. - - The &man.diff.1; utility has been - updated to implement -B and - --ignore-blank-lines support. - - The &man.makewhatis.1; utility has been - updated to prevent operating within read-only - directories. - - The &man.jail.8; utility has been - updated to add a new flag, -e, which takes - a &man.jail.conf.5; parameter as an argument and prints a list - of non-wildcard jails with the specified parameter. - - The &man.ktrdump.8; utility has been - updated to include the -l flag which - enables "live" mode when specified. - - The &man.trim.8; utility has been added, - which deletes content for blocks on flash-based storage - devices that use wear-leveling algorithms. - - The &man.gzip.1; utility has been - updated to add -l support for &man.xz.1; - files. - - The &man.newfs.8; and &man.tunefs.8; - utilities have been updated to allow underscores in label - names. - - The &man.pfctl.8; utility has been - updated to provide clearer output and reference the - net.pf.request_maxcount &man.sysctl.8; - if a defined table is too large. - - The &man.newfs.8; and &man.tunefs.8; - utilities have been updated to allow dashes in label - names. - - The &man.fdisk.8; utility has been - updated to support sectors larger than 2048 bytes. - - The &man.sh.1; utility has been updated - to add the pipefail option which simplifies - checking the exit status of all commands in a pipeline. - - The &man.patch.1; utility has been - updated to exit successfully if the input patch file is - zero-length. +   Contributed Software - The &man.xz.1; utility has been updated - to version 5.2.4. - - The &man.file.1; utility has been - updated to version 5.34. - - The - ELF Tool Chain has been updated to - version r3614. - - The - lld utility has been updated to add - -z interpose, marking the object file as - an interposer. - - The &man.file.1; utility has been - updated to fix incorrect date reporting for &man.dump.8; - files. - - The LUA - &man.loader.8; has been merged. - - The &man.ntpd.8; utilities have been - updated to version 4.2.8p13. - - Timezone data files have been updated to - version 2019a. - - The clang, - llvm, - lld, - lldb, and - compiler-rt utilities as well as - libc++ have been updated to - upstream version 8.0.0. - - The WPA - utilities have been updated to version 2.8. - - OpenSSL has - been updated to version 1.0.2s. - - The &man.libarchive.3; library has been - updated to version 3.3.3, with additional fixes from - upstream. - - OpenPAM has - been updated to the latest upstream version. +   @@ -318,56 +184,20 @@ <filename class="directory">/etc/rc.d</filename> Scripts - Support for auxiliary - RAM has been added to - /etc/rc.initdiskless. - - The &man.rcorder.8; utility has been - updated to add support for - /etc/rc.resume. - - The jail_conf - definition, which defaults to - /etc/jail.conf, has been moved from - the &man.jail.8; &man.rc.8; script to - /etc/defaults/rc.conf. - - The rc_service - variable has been added to &man.rc.subr.8;, which defaults to - the path of the service being executed in case the service - needs to re-invoke itself. +   <filename class="directory">/etc/periodic</filename> Scripts - The &man.periodic.8; weekly - 340.noid script has been updated to - prevent decending into the root directory of jails. +   Runtime Libraries and API - The &man.pcap.3; library has been - updated to version 1.9.0 (pre-release). - - The &man.setproctitle.fast.3; function - has been added, which is optimized for high-frequency process - title updates. - - The &man.kqueue.2; system call has been - updated to allow updating - EVFILT_TIMER. - - The &man.pthread.get.name.np.3; function - has been added, which is used to retrieve the function name - associated with a thread. - - The &man.pthread.3; library has been - updated to improve POSIX compliance. +   @@ -393,25 +223,7 @@ General Kernel Changes - The &man.ddb.4; debugging utility has been - updated to print command-line arguments to a process. - - The number of MSI - IRQs have been converted from a constant to - a tunable. The default remains at 512, - which can now be changed during boot with the - machdep.num_msi_irqs &man.sysctl.8;. - - The kernel will now log the &man.jail.8; - ID when logging a process exit. The - &man.jail.8; ID 0 - represents processes that are not jailed. - - Warnings for features deprecated in - future releases will now be printed on all &os; - versions. +   @@ -448,14 +260,7 @@ Device Drivers - The &man.ichwd.4; driver has been updated - to include support for TCO watchdog timers - in the Lewisburg PCH (C620) chipset. - - The &man.random.4; driver has been - updated to improve performance during expensive - reseeding. +   @@ -467,30 +272,7 @@ Network Drivers - The TP-Link® TL-WN321G™ - network adapter now uses the &man.run.4; driver instead of the - &man.rum.4; driver. - - The - &man.lagg.4; driver has been updated to allow changing the - MTU without requiring destroying and - recreating the interface. - - The &man.ccr.4; driver has been added, - providing support for Chelsio® T6™ cryptography - accelerators. - - The &man.cxgbe.4; driver has been updated - to include support for hash filters, NAT - offloading, and - SMAC/DMAC swapping - filters. - - The &man.cxgbe.4; T4, T5, and T6 firmware - has been updated to version 1.23.0.0. +   @@ -505,18 +287,13 @@ Hardware Support - The &man.vt.4; keyboard mapping has been - updated to include uk.macbook.kbd - support. +   Virtualization Support - Support - for PS/2 scan codes for - NumLock, ScrollLock, and - numerical keypad keys has been added to &man.bhyve.8;. +   @@ -535,8 +312,7 @@ General Storage - Deprecation warnings have been added for - weaker algorithms when creating &man.geli.8; providers. +   @@ -548,14 +324,7 @@ ZFS - An - issue that could result in a system hang during - ZFS vnode reclamation has been - fixed. - - The - ZFS filesystem has been updated to - implement parallel mounting. +   @@ -574,21 +343,7 @@ Boot Loader Changes - The functionality provided by - zfsloader has been added to - &man.loader.8;. Once the system boot blocks have been updated - following UPDATING, - zfsloader is no longer needed. A hard - link to &man.loader.8; has been added to ease in the - transition. - - The &man.loader.8; has been updated to - extend &man.geli.8; support to all architectures. - - The UEFI boot - &man.loader.8; has been updated to better determine the system - console type and device if not defined in - &man.loader.conf.5;. +   @@ -607,15 +362,7 @@ General Network Changes - The &man.ipfw.8; firewall has been - updated to include new rule options, - record-state, set-limit, - and defer-action. - - Support for NAT64 - CLAT has been added, as defined in - RFC6877. +   From owner-svn-src-releng@freebsd.org Mon May 11 19:10:32 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D16562E88AF; Mon, 11 May 2020 19:10:32 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49LVrS20byz3wrM; Mon, 11 May 2020 19:10:32 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A0B3323216; Mon, 11 May 2020 19:10:29 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04BJATq8051905; Mon, 11 May 2020 19:10:29 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04BJAT4Z051904; Mon, 11 May 2020 19:10:29 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005111910.04BJAT4Z051904@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Mon, 11 May 2020 19:10:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360912 - releng/11.4/release/doc/en_US.ISO8859-1/readme X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/en_US.ISO8859-1/readme X-SVN-Commit-Revision: 360912 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2020 19:10:36 -0000 Author: gjb Date: Mon May 11 19:10:29 2020 New Revision: 360912 URL: https://svnweb.freebsd.org/changeset/base/360912 Log: Fix a mailing list reference. Bump copyright year while here. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/en_US.ISO8859-1/readme/article.xml Modified: releng/11.4/release/doc/en_US.ISO8859-1/readme/article.xml ============================================================================== --- releng/11.4/release/doc/en_US.ISO8859-1/readme/article.xml Mon May 11 19:10:28 2020 (r360911) +++ releng/11.4/release/doc/en_US.ISO8859-1/readme/article.xml Mon May 11 19:10:29 2020 (r360912) @@ -44,6 +44,8 @@ 2016 2017 2018 + 2019 + 2020 The &os; Documentation Project @@ -231,7 +233,7 @@ please send mail to the &a.questions;. If you are tracking the &release.branch; development - efforts, you must join the &a.current;, + efforts, you must join the &a.stable;, in order to keep abreast of recent developments and changes that may affect the way you use and maintain the system. From owner-svn-src-releng@freebsd.org Mon May 11 19:10:31 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E4D6F2E88A7; Mon, 11 May 2020 19:10:31 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49LVrR0Ts9z3wqT; Mon, 11 May 2020 19:10:30 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7CB3023215; Mon, 11 May 2020 19:10:28 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04BJASfC051862; Mon, 11 May 2020 19:10:28 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04BJASx1051861; Mon, 11 May 2020 19:10:28 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005111910.04BJASx1051861@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Mon, 11 May 2020 19:10:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360911 - releng/11.4/release/doc/en_US.ISO8859-1/errata X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/en_US.ISO8859-1/errata X-SVN-Commit-Revision: 360911 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2020 19:10:37 -0000 Author: gjb Date: Mon May 11 19:10:28 2020 New Revision: 360911 URL: https://svnweb.freebsd.org/changeset/base/360911 Log: Prune open issues and late-breaking news sections from the errata page. Note that the errata page will be maintained until 11.4 reaches EoL. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/en_US.ISO8859-1/errata/article.xml Modified: releng/11.4/release/doc/en_US.ISO8859-1/errata/article.xml ============================================================================== --- releng/11.4/release/doc/en_US.ISO8859-1/errata/article.xml Mon May 11 19:10:26 2020 (r360910) +++ releng/11.4/release/doc/en_US.ISO8859-1/errata/article.xml Mon May 11 19:10:28 2020 (r360911) @@ -49,8 +49,7 @@ &os;. This errata document for &os; &release; will be maintained - until the release of &os; &release.next; (if - applicable). + until &os; &release; reaches end-of-life. @@ -97,38 +96,8 @@ - [2019-07-04] An issue which can cause a crash when - connecting to a &man.bhyve.4; instance with - a VNC client under certain circumstances - had been reported. An errata notice is planned - post-release. + No open issues. - - - [2019-07-04] An issue booting &man.bhyve.4; virtual - machines compiled with &man.clang.1; version 8.0.0 or later - had been reported late in the release cycle. An errata - notice is planned post-release. - - This issue is believed to only affect OpenBSD virtual - machines compiled with &man.clang.1;. - - - - [2019-07-04] An issue when upgrading from &os; 11.3 - to &os; 12.0 (which occurred earlier in time, - comparatively), had been reported where the - com.delphix:spacemap_v2 &man.zpool.8; - feature does not exist on &os; 12.0, will fail to - import the ZFS pool. - - At this time, it is advised to defer migrating from - &os; 11.3 to &os; 12.x until &os; 12.1 is - available. - - Upgrading from earlier &os; 11.x releases to - &os; 12.0 are believed to be unaffected. - @@ -137,27 +106,7 @@ - [2019-12-06] An issue has been reported with the - &os; 11.3-RELEASE images on the Google Compute Engine - platform which causes virtual machines to fail to start - properly. - - While we intend to investigate how to handle similar - situations should they arise in the future, updated images - will not be provided as of this time. - - Users wanting to use &os; in Google Compute Engine are - advised to use 12.0-RELEASE or 12.1-RELEASE, or for those - who wish to track 11.X, the - freebsd-11-3-stable-amd64-v20190801 - snapshot from stable/11 has been - - reported to work correctly. - - More details can be found in PR - 242303. + No late-breaking news. From owner-svn-src-releng@freebsd.org Mon May 11 19:16:50 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6B6AC2E8C94; Mon, 11 May 2020 19:16:50 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49LVzk2Cmfz3xlh; Mon, 11 May 2020 19:16:50 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 47516233E6; Mon, 11 May 2020 19:16:50 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04BJGoEI057846; Mon, 11 May 2020 19:16:50 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04BJGogJ057845; Mon, 11 May 2020 19:16:50 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005111916.04BJGogJ057845@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Mon, 11 May 2020 19:16:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360913 - releng/11.4/release/doc/en_US.ISO8859-1 X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/en_US.ISO8859-1 X-SVN-Commit-Revision: 360913 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2020 19:16:50 -0000 Author: gjb Date: Mon May 11 19:16:49 2020 New Revision: 360913 URL: https://svnweb.freebsd.org/changeset/base/360913 Log: Uncomment the installation SUBDIR entry. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/en_US.ISO8859-1/Makefile Modified: releng/11.4/release/doc/en_US.ISO8859-1/Makefile ============================================================================== --- releng/11.4/release/doc/en_US.ISO8859-1/Makefile Mon May 11 19:10:29 2020 (r360912) +++ releng/11.4/release/doc/en_US.ISO8859-1/Makefile Mon May 11 19:16:49 2020 (r360913) @@ -4,7 +4,7 @@ RELN_ROOT?= ${.CURDIR}/.. SUBDIR = relnotes SUBDIR+= hardware -#SUBDIR+= installation +SUBDIR+= installation SUBDIR+= readme SUBDIR+= errata From owner-svn-src-releng@freebsd.org Tue May 12 16:44:17 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2AB942F429D; Tue, 12 May 2020 16:44:17 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M3YF0lMVz4SdQ; Tue, 12 May 2020 16:44:17 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 14618B0E9; Tue, 12 May 2020 16:44:17 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CGiGmn057549; Tue, 12 May 2020 16:44:16 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CGiEW1057534; Tue, 12 May 2020 16:44:14 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202005121644.04CGiEW1057534@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 12 May 2020 16:44:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360969 - in releng: 11.3/contrib/tzdata 12.1/contrib/tzdata X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/contrib/tzdata 12.1/contrib/tzdata X-SVN-Commit-Revision: 360969 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 16:44:17 -0000 Author: gordon Date: Tue May 12 16:44:13 2020 New Revision: 360969 URL: https://svnweb.freebsd.org/changeset/base/360969 Log: Update to tzdata 2020a. Approved by: so Security: EN-20:08.tzdata Modified: releng/11.3/contrib/tzdata/Makefile releng/11.3/contrib/tzdata/NEWS releng/11.3/contrib/tzdata/africa releng/11.3/contrib/tzdata/asia releng/11.3/contrib/tzdata/backward releng/11.3/contrib/tzdata/backzone releng/11.3/contrib/tzdata/europe releng/11.3/contrib/tzdata/leap-seconds.list releng/11.3/contrib/tzdata/leapseconds releng/11.3/contrib/tzdata/leapseconds.awk releng/11.3/contrib/tzdata/northamerica releng/11.3/contrib/tzdata/theory.html releng/11.3/contrib/tzdata/version releng/11.3/contrib/tzdata/zone.tab releng/11.3/contrib/tzdata/zone1970.tab releng/12.1/contrib/tzdata/Makefile releng/12.1/contrib/tzdata/NEWS releng/12.1/contrib/tzdata/africa releng/12.1/contrib/tzdata/asia releng/12.1/contrib/tzdata/backward releng/12.1/contrib/tzdata/backzone releng/12.1/contrib/tzdata/europe releng/12.1/contrib/tzdata/leap-seconds.list releng/12.1/contrib/tzdata/leapseconds releng/12.1/contrib/tzdata/leapseconds.awk releng/12.1/contrib/tzdata/northamerica releng/12.1/contrib/tzdata/theory.html releng/12.1/contrib/tzdata/version releng/12.1/contrib/tzdata/zone.tab releng/12.1/contrib/tzdata/zone1970.tab Modified: releng/11.3/contrib/tzdata/Makefile ============================================================================== --- releng/11.3/contrib/tzdata/Makefile Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/Makefile Tue May 12 16:44:13 2020 (r360969) @@ -150,6 +150,15 @@ TIME_T_ALTERNATIVES_TAIL = int32_t uint32_t uint64_t REDO= posix_right +# Whether to put an "Expires" line in the leapseconds file. +# Use EXPIRES_LINE=1 to put the line in, 0 to omit it. +# The EXPIRES_LINE value matters only if REDO's value contains "right". +# If you change EXPIRES_LINE, remove the leapseconds file before running "make". +# zic's support for the Expires line was introduced in tzdb 2020a, +# and EXPIRES_LINE defaults to 0 for now so that the leapseconds file +# can be given to older zic implementations. +EXPIRES_LINE= 0 + # To install data in text form that has all the information of the TZif data, # (optionally incorporating leap second information), use # TZDATA_TEXT= tzdata.zi leapseconds @@ -295,8 +304,9 @@ GCC_DEBUG_FLAGS = -DGCC_LINT -g3 -O3 -fno-common \ # than TM_GMTOFF and TM_ZONE. However, most of them are standardized. # # # # To omit or support the external variable "tzname", add one of: -# # -DHAVE_TZNAME=0 -# # -DHAVE_TZNAME=1 +# # -DHAVE_TZNAME=0 # do not support "tzname" +# # -DHAVE_TZNAME=1 # support "tzname", which is defined by system library +# # -DHAVE_TZNAME=2 # support and define "tzname" # # to the "CFLAGS=" line. "tzname" is required by POSIX 1988 and later. # # If not defined, the code attempts to guess HAVE_TZNAME from other macros. # # Warning: unless time_tz is also defined, HAVE_TZNAME=1 can cause @@ -304,16 +314,20 @@ GCC_DEBUG_FLAGS = -DGCC_LINT -g3 -O3 -fno-common \ # # presumably due to memory allocation issues. # # # # To omit or support the external variables "timezone" and "daylight", add -# # -DUSG_COMPAT=0 -# # -DUSG_COMPAT=1 +# # -DUSG_COMPAT=0 # do not support +# # -DUSG_COMPAT=1 # support, and variables are defined by system library +# # -DUSG_COMPAT=2 # support and define variables # # to the "CFLAGS=" line; "timezone" and "daylight" are inspired by # # Unix Systems Group code and are required by POSIX 2008 (with XSI) and later. # # If not defined, the code attempts to guess USG_COMPAT from other macros. # # # # To support the external variable "altzone", add -# # -DALTZONE +# # -DALTZONE=0 # do not support +# # -DALTZONE=1 # support "altzone", which is defined by system library +# # -DALTZONE=2 # support and define "altzone" # # to the end of the "CFLAGS=" line; although "altzone" appeared in # # System V Release 3.1 it has not been standardized. +# # If not defined, the code attempts to guess ALTZONE from other macros. # # If you want functions that were inspired by early versions of X3J11's work, # add @@ -321,9 +335,7 @@ GCC_DEBUG_FLAGS = -DGCC_LINT -g3 -O3 -fno-common \ # to the end of the "CFLAGS=" line. This arranges for the functions # "tzsetwall", "offtime", "timelocal", "timegm", "timeoff", # "posix2time", and "time2posix" to be added to the time conversion library. -# "tzsetwall" is like "tzset" except that it arranges for local wall clock -# time (rather than the timezone specified in the TZ environment variable) -# to be used. +# "tzsetwall" is deprecated and is intended to be removed soon; see NEWS. # "offtime" is like "gmtime" except that it accepts a second (long) argument # that gives an offset to add to the time_t when converting it. # "timelocal" is equivalent to "mktime". @@ -333,7 +345,6 @@ GCC_DEBUG_FLAGS = -DGCC_LINT -g3 -O3 -fno-common \ # that gives an offset to use when converting to a time_t. # "posix2time" and "time2posix" are described in an included manual page. # X3J11's work does not describe any of these functions. -# Sun has provided "tzsetwall", "timelocal", and "timegm" in SunOS 4.0. # These functions may well disappear in future releases of the time # conversion package. # @@ -505,11 +516,11 @@ RANLIB= : TZCOBJS= zic.o TZDOBJS= zdump.o localtime.o asctime.o strftime.o DATEOBJS= date.o localtime.o strftime.o asctime.o -LIBSRCS= localtime.c asctime.c difftime.c -LIBOBJS= localtime.o asctime.o difftime.o +LIBSRCS= localtime.c asctime.c difftime.c strftime.c +LIBOBJS= localtime.o asctime.o difftime.o strftime.o HEADERS= tzfile.h private.h NONLIBSRCS= zic.c zdump.c -NEWUCBSRCS= date.c strftime.c +NEWUCBSRCS= date.c SOURCES= $(HEADERS) $(LIBSRCS) $(NONLIBSRCS) $(NEWUCBSRCS) \ tzselect.ksh workman.sh MANS= newctime.3 newstrftime.3 newtzset.3 time2posix.3 \ @@ -651,7 +662,8 @@ yearistype: yearistype.sh chmod +x yearistype leapseconds: $(LEAP_DEPS) - $(AWK) -f leapseconds.awk leap-seconds.list >$@.out + $(AWK) -v EXPIRES_LINE=$(EXPIRES_LINE) \ + -f leapseconds.awk leap-seconds.list >$@.out mv $@.out $@ # Arguments to pass to submakes of install_data. Modified: releng/11.3/contrib/tzdata/NEWS ============================================================================== --- releng/11.3/contrib/tzdata/NEWS Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/NEWS Tue May 12 16:44:13 2020 (r360969) @@ -1,5 +1,87 @@ News for the tz database +Release 2020a - 2020-04-23 16:03:47 -0700 + + Briefly: + Morocco springs forward on 2020-05-31, not 2020-05-24. + Canada's Yukon advanced to -07 year-round on 2020-03-08. + America/Nuuk renamed from America/Godthab. + zic now supports expiration dates for leap second lists. + + Changes to future timestamps + + Morocco's second spring-forward transition in 2020 will be May 31, + not May 24 as predicted earlier. (Thanks to Semlali Naoufal.) + Adjust future-year predictions to use the first Sunday after the + day after Ramadan, not the first Sunday after Ramadan. + + Canada's Yukon, represented by America/Whitehorse and + America/Dawson, advanced to -07 year-round, beginning with its + spring-forward transition on 2020-03-08, and will not fall back on + 2020-11-01. Although a government press release calls this + "permanent Pacific Daylight Saving Time", we prefer MST for + consistency with nearby Dawson Creek, Creston, and Fort Nelson. + (Thanks to Tim Parenti.) + + Changes to past timestamps + + Shanghai observed DST in 1919. (Thanks to Phake Nick.) + + Changes to timezone identifiers + + To reflect current usage in English better, America/Godthab has + been renamed to America/Nuuk. A backwards-compatibility link + remains for the old name. + + Changes to code + + localtime.c no longer mishandles timestamps after the last + transition in a TZif file with leap seconds and with daylight + saving time transitions projected into the indefinite future. + For example, with TZ='America/Los_Angeles' with leap seconds, + zdump formerly reported a DST transition on 2038-03-14 + from 01:59:32.999... to 02:59:33 instead of the correct transition + from 01:59:59.999... to 03:00:00. + + zic -L now supports an Expires line in the leapseconds file, and + truncates the TZif output accordingly. This propagates leap + second expiration information into the TZif file, and avoids the + abovementioned localtime.c bug as well as similar bugs present in + many client implementations. If no Expires line is present, zic + -L instead truncates the TZif output based on the #expires comment + present in leapseconds files distributed by tzdb 2018f and later; + however, this usage is obsolescent. For now, the distributed + leapseconds file has an Expires line that is commented out, so + that the file can be fed to older versions of zic which ignore the + commented-out line. Future tzdb distributions are planned to + contain a leapseconds file with an Expires line. + + The configuration macros HAVE_TZNAME and USG_COMPAT should now be + set to 1 if the system library supports the feature, and 2 if not. + As before, these macros are nonzero if tzcode should support the + feature, zero otherwise. + + The configuration macro ALTZONE now has the same values with the + same meaning as HAVE_TZNAME and USG_COMPAT. + + The code's defense against CRLF in leap-seconds.list is now + portable to POSIX awk. (Problem reported by Deborah Goldsmith.) + + Although the undocumented tzsetwall function is not changed in + this release, it is now deprecated in preparation for removal in + future releases. Due to POSIX requirements, tzsetwall has not + worked for some time. Any code that uses it should instead use + tzalloc(NULL) or, if portability trumps thread-safety, should + unset the TZ environment variable. + + Changes to commentary + + The Îles-de-la-Madeleine and the Listuguj reserve are noted as + following America/Halifax, and comments about Yukon's "south" and + "north" have been corrected to say "east" and "west". (Thanks to + Jeffery Nichols.) + + Release 2019c - 2019-09-11 08:59:48 -0700 Briefly: Modified: releng/11.3/contrib/tzdata/africa ============================================================================== --- releng/11.3/contrib/tzdata/africa Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/africa Tue May 12 16:44:13 2020 (r360969) @@ -867,19 +867,25 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # Morocco will be on GMT starting from Sunday, May 5th 2019 at 3am. # The switch to GMT+1 will occur on Sunday, June 9th 2019 at 2am.... # http://fr.le360.ma/societe/voici-la-date-du-retour-a-lheure-legale-au-maroc-188222 + +# From Semlali Naoufal (2020-04-14): +# Following the announcement by the Moroccan government, the switch to +# GMT time will take place on Sunday, April 19, 2020 from 3 a.m. and +# the return to GMT+1 time will take place on Sunday, May 31, 2020 at 2 a.m.... +# https://maroc-diplomatique.net/maroc-le-retour-a-lheure-gmt-est-prevu-dimanche-prochain/ +# http://aujourdhui.ma/actualite/gmt1-retour-a-lheure-normale-dimanche-prochain-1 # -# From Paul Eggert (2019-05-20): -# This agrees with our 2018-11-01 guess that the Moroccan government -# would continue the practice of falling back at 03:00 the last Sunday -# before Ramadan, and of springing forward at 02:00 the first Sunday after -# Ramadan, as this has been the practice since 2012. To implement this, -# transition dates for 2019 through 2087 were determined by running the -# following program under GNU Emacs 26.2. -# (let ((islamic-year 1440)) +# From Paul Eggert (2020-04-14): +# For now, guess that in the future Morocco will fall back at 03:00 +# the last Sunday before Ramadan, and spring forward at 02:00 the +# first Sunday after the day after Ramadan. To implement this, +# transition dates for 2021 through 2087 were determined by running +# the following program under GNU Emacs 26.3. +# (let ((islamic-year 1442)) # (require 'cal-islam) # (while (< islamic-year 1511) # (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year))) -# (b (calendar-islamic-to-absolute (list 10 1 islamic-year))) +# (b (1+ (calendar-islamic-to-absolute (list 10 1 islamic-year)))) # (sunday 0)) # (while (/= sunday (mod (setq a (1- a)) 7))) # (while (/= sunday (mod b 7)) @@ -939,7 +945,7 @@ Rule Morocco 2018 only - Jun 17 2:00 1:00 - Rule Morocco 2019 only - May 5 3:00 -1:00 - Rule Morocco 2019 only - Jun 9 2:00 0 - Rule Morocco 2020 only - Apr 19 3:00 -1:00 - -Rule Morocco 2020 only - May 24 2:00 0 - +Rule Morocco 2020 only - May 31 2:00 0 - Rule Morocco 2021 only - Apr 11 3:00 -1:00 - Rule Morocco 2021 only - May 16 2:00 0 - Rule Morocco 2022 only - Mar 27 3:00 -1:00 - @@ -955,7 +961,7 @@ Rule Morocco 2026 only - Mar 22 2:00 0 - Rule Morocco 2027 only - Feb 7 3:00 -1:00 - Rule Morocco 2027 only - Mar 14 2:00 0 - Rule Morocco 2028 only - Jan 23 3:00 -1:00 - -Rule Morocco 2028 only - Feb 27 2:00 0 - +Rule Morocco 2028 only - Mar 5 2:00 0 - Rule Morocco 2029 only - Jan 14 3:00 -1:00 - Rule Morocco 2029 only - Feb 18 2:00 0 - Rule Morocco 2029 only - Dec 30 3:00 -1:00 - @@ -971,7 +977,7 @@ Rule Morocco 2033 only - Dec 25 2:00 0 - Rule Morocco 2034 only - Nov 5 3:00 -1:00 - Rule Morocco 2034 only - Dec 17 2:00 0 - Rule Morocco 2035 only - Oct 28 3:00 -1:00 - -Rule Morocco 2035 only - Dec 2 2:00 0 - +Rule Morocco 2035 only - Dec 9 2:00 0 - Rule Morocco 2036 only - Oct 19 3:00 -1:00 - Rule Morocco 2036 only - Nov 23 2:00 0 - Rule Morocco 2037 only - Oct 4 3:00 -1:00 - @@ -987,7 +993,7 @@ Rule Morocco 2041 only - Sep 29 2:00 0 - Rule Morocco 2042 only - Aug 10 3:00 -1:00 - Rule Morocco 2042 only - Sep 21 2:00 0 - Rule Morocco 2043 only - Aug 2 3:00 -1:00 - -Rule Morocco 2043 only - Sep 6 2:00 0 - +Rule Morocco 2043 only - Sep 13 2:00 0 - Rule Morocco 2044 only - Jul 24 3:00 -1:00 - Rule Morocco 2044 only - Aug 28 2:00 0 - Rule Morocco 2045 only - Jul 9 3:00 -1:00 - @@ -1003,7 +1009,7 @@ Rule Morocco 2049 only - Jul 4 2:00 0 - Rule Morocco 2050 only - May 15 3:00 -1:00 - Rule Morocco 2050 only - Jun 26 2:00 0 - Rule Morocco 2051 only - May 7 3:00 -1:00 - -Rule Morocco 2051 only - Jun 11 2:00 0 - +Rule Morocco 2051 only - Jun 18 2:00 0 - Rule Morocco 2052 only - Apr 28 3:00 -1:00 - Rule Morocco 2052 only - Jun 2 2:00 0 - Rule Morocco 2053 only - Apr 13 3:00 -1:00 - @@ -1019,7 +1025,7 @@ Rule Morocco 2057 only - Apr 8 2:00 0 - Rule Morocco 2058 only - Feb 17 3:00 -1:00 - Rule Morocco 2058 only - Mar 31 2:00 0 - Rule Morocco 2059 only - Feb 9 3:00 -1:00 - -Rule Morocco 2059 only - Mar 16 2:00 0 - +Rule Morocco 2059 only - Mar 23 2:00 0 - Rule Morocco 2060 only - Feb 1 3:00 -1:00 - Rule Morocco 2060 only - Mar 7 2:00 0 - Rule Morocco 2061 only - Jan 16 3:00 -1:00 - @@ -1029,13 +1035,13 @@ Rule Morocco 2062 only - Feb 12 2:00 0 - Rule Morocco 2062 only - Dec 31 3:00 -1:00 - Rule Morocco 2063 only - Feb 4 2:00 0 - Rule Morocco 2063 only - Dec 16 3:00 -1:00 - -Rule Morocco 2064 only - Jan 20 2:00 0 - +Rule Morocco 2064 only - Jan 27 2:00 0 - Rule Morocco 2064 only - Dec 7 3:00 -1:00 - Rule Morocco 2065 only - Jan 11 2:00 0 - Rule Morocco 2065 only - Nov 22 3:00 -1:00 - Rule Morocco 2066 only - Jan 3 2:00 0 - Rule Morocco 2066 only - Nov 14 3:00 -1:00 - -Rule Morocco 2066 only - Dec 19 2:00 0 - +Rule Morocco 2066 only - Dec 26 2:00 0 - Rule Morocco 2067 only - Nov 6 3:00 -1:00 - Rule Morocco 2067 only - Dec 11 2:00 0 - Rule Morocco 2068 only - Oct 21 3:00 -1:00 - @@ -1045,13 +1051,13 @@ Rule Morocco 2069 only - Nov 17 2:00 0 - Rule Morocco 2070 only - Oct 5 3:00 -1:00 - Rule Morocco 2070 only - Nov 9 2:00 0 - Rule Morocco 2071 only - Sep 20 3:00 -1:00 - -Rule Morocco 2071 only - Oct 25 2:00 0 - +Rule Morocco 2071 only - Nov 1 2:00 0 - Rule Morocco 2072 only - Sep 11 3:00 -1:00 - Rule Morocco 2072 only - Oct 16 2:00 0 - Rule Morocco 2073 only - Aug 27 3:00 -1:00 - Rule Morocco 2073 only - Oct 8 2:00 0 - Rule Morocco 2074 only - Aug 19 3:00 -1:00 - -Rule Morocco 2074 only - Sep 23 2:00 0 - +Rule Morocco 2074 only - Sep 30 2:00 0 - Rule Morocco 2075 only - Aug 11 3:00 -1:00 - Rule Morocco 2075 only - Sep 15 2:00 0 - Rule Morocco 2076 only - Jul 26 3:00 -1:00 - @@ -1061,7 +1067,7 @@ Rule Morocco 2077 only - Aug 22 2:00 0 - Rule Morocco 2078 only - Jul 10 3:00 -1:00 - Rule Morocco 2078 only - Aug 14 2:00 0 - Rule Morocco 2079 only - Jun 25 3:00 -1:00 - -Rule Morocco 2079 only - Jul 30 2:00 0 - +Rule Morocco 2079 only - Aug 6 2:00 0 - Rule Morocco 2080 only - Jun 16 3:00 -1:00 - Rule Morocco 2080 only - Jul 21 2:00 0 - Rule Morocco 2081 only - Jun 1 3:00 -1:00 - @@ -1077,7 +1083,7 @@ Rule Morocco 2085 only - May 27 2:00 0 - Rule Morocco 2086 only - Apr 14 3:00 -1:00 - Rule Morocco 2086 only - May 19 2:00 0 - Rule Morocco 2087 only - Mar 30 3:00 -1:00 - -Rule Morocco 2087 only - May 4 2:00 0 - +Rule Morocco 2087 only - May 11 2:00 0 - # For dates after the somewhat-arbitrary cutoff of 2087, assume that # Morocco will no longer observe DST. At some point this table will # need to be extended, though quite possibly Morocco will change the @@ -1179,7 +1185,7 @@ Link Africa/Maputo Africa/Lusaka # Zambia Rule Namibia 1994 only - Mar 21 0:00 -1:00 WAT Rule Namibia 1994 2017 - Sep Sun>=1 2:00 0 CAT Rule Namibia 1995 2017 - Apr Sun>=1 2:00 -1:00 WAT -# Rearguard section, for parsers that do not support negative DST. +# Rearguard section, for parsers lacking negative DST; see ziguard.awk. #Rule Namibia 1994 only - Mar 21 0:00 0 WAT #Rule Namibia 1994 2017 - Sep Sun>=1 2:00 1:00 CAT #Rule Namibia 1995 2017 - Apr Sun>=1 2:00 0 WAT @@ -1193,7 +1199,7 @@ Zone Africa/Windhoek 1:08:24 - LMT 1892 Feb 8 2:00 - SAST 1990 Mar 21 # independence # Vanguard section, for zic and other parsers that support negative DST. 2:00 Namibia %s -# Rearguard section, for parsers that do not support negative DST. +# Rearguard section, for parsers lacking negative DST; see ziguard.awk. # 2:00 - CAT 1994 Mar 21 0:00 # From Paul Eggert (2017-04-07): # The official date of the 2017 rule change was 2017-10-24. See: Modified: releng/11.3/contrib/tzdata/asia ============================================================================== --- releng/11.3/contrib/tzdata/asia Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/asia Tue May 12 16:44:13 2020 (r360969) @@ -286,6 +286,27 @@ Zone Asia/Yangon 6:24:47 - LMT 1880 # or Rangoo # China +# From Phake Nick (2020-04-15): +# According to this news report: +# http://news.sina.com.cn/c/2004-09-01/19524201403.shtml +# on April 11, 1919, newspaper in Shanghai said clocks in Shanghai will spring +# forward for an hour starting from midnight of that Saturday. The report did +# not mention what happened in Shanghai thereafter, but it mentioned that a +# similar trial in Tianjin which ended at October 1st as citizens are told to +# recede the clock on September 30 from 12:00pm to 11:00pm. The trial at +# Tianjin got terminated in 1920. +# +# From Paul Eggert (2020-04-15): +# The Returns of Trade and Trade Reports, page 711, says "Daylight saving was +# given a trial during the year, and from the 12th April to the 1st October +# the clocks were all set one hour ahead of sun time. Though the scheme was +# generally esteemed a success, it was announced early in 1920 that it would +# not be repeated." +# +# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +Rule Shang 1919 only - Apr 12 24:00 1:00 D +Rule Shang 1919 only - Sep 30 24:00 0 S + # From Paul Eggert (2018-10-02): # The following comes from Table 1 of: # Li Yu. Research on the daylight saving movement in 1940s Shanghai. @@ -294,7 +315,90 @@ Zone Asia/Yangon 6:24:47 - LMT 1880 # or Rangoo # The table lists dates only; I am guessing 00:00 and 24:00 transition times. # Also, the table lists the planned end of DST in 1949, but the corresponding # zone line cuts this off on May 28, when the Communists took power. + +# From Phake Nick (2020-04-15): # +# For the history of time in Shanghai between 1940-1942, the situation is +# actually slightly more complex than the table [below].... At the time, +# there were three different authorities in Shanghai, including Shanghai +# International Settlement, a settlement established by western countries with +# its own westernized form of government, Shanghai French Concession, similar +# to the international settlement but is controlled by French, and then the +# rest of the city of Shanghai, which have already been controlled by Japanese +# force through a puppet local government (Wang Jingwei regime). It was +# additionally complicated by the circumstances that, according to the 1940s +# Shanghai summer time essay cited in the database, some +# departments/businesses/people in the Shanghai city itself during that time +# period, refused to change their clock and instead only changed their opening +# hours. +# +# For example, as quoted in the article, in 1940, other than the authority +# itself, power, tram, bus companies, cinema, department stores, and other +# public service organizations have all decided to follow the summer time and +# spring forward the clock. On the other hand, the custom office refused to +# spring forward the clock because of worry on mechanical wear to the physical +# clock, postal office refused to spring forward because of disruption to +# business and log-keeping, although they did changed their office hour to +# match rest of the city. So is travel agents, and also weather +# observatory. It is said both time standards had their own supporters in the +# city at the time, those who prefer new time standard would have moved their +# clock while those who prefer the old time standard would keep their clock +# unchange, and there were different clocks that use different time standard +# in the city at the time for people who use different time standard to adjust +# their clock to their preferred time. +# +# a. For the 1940 May 31 spring forward, the essay claim that it was +# coordinared between the international settlement authority and the French +# concession authority and have gathered support from Hong Kong and Xiamen, +# that it would spring forward an hour from May 31 "midnight", and the essay +# claim "Hong Kong government implemented the spring forward in the same time +# on the same date as Shanghai". +# +# b. For the 1940 fall back, it was said that they initially intended to do +# so on September 30 00:59 at night, however they postponed it to October 12 +# after discussion with relevant parties. However schools restored to the +# original schedule ten days earlier. +# +# c. For the 1941 spring forward, it is said to start from March 15 +# "following the previous year's method", and in addition to that the essay +# cited an announcement in 1941 from the Wang regime which said the Special +# City of Shanghai under Wang regime control will follow the DST rule set by +# the Settlements, irrespective of the original DST plan announced by the Wang +# regime for other area under its control(April 1 to September 30). (no idea +# to situation before that announcement) +# +# d. For the 1941 fall back, it was said that the fall back would occurs at +# the end of September (A newspaper headline cited by the essay, published on +# October 1, 1941, have the headlines which said "French Concession would +# rewind to the old clock this morning), but it ultimately didn't happen due +# to disagreement between the international settlement authority and the +# French concession authority, and the fall back ultimately occurred on +# November 1. +# +# e. In 1941 December, Japan have officially started war with the United +# States and the United Kingdom, and in Shanghai they have marched into the +# international settlement, taken over its control +# +# f. For the 1942 spring forward, the essay said that the spring forward +# started on January 31. It said this time the custom office and postal +# department will also change their clocks, unlike before. +# +# g. The essay itself didn't cover any specific changes thereafter until the +# end of the war, it quoted a November 1942 command from the government of the +# Wang regime, which claim the daylight saving time applies year round during +# the war. However, the essay ambiguously said the period is "February 1 to +# September 30", which I don't really understand what is the meaning of such +# period in the context of year round implementation here.. More researches +# might be needed to show exactly what happened during that period of time. + +# From Phake Nick (2020-04-15): +# According to a Japanese tour bus pamphlet in Nanjing area believed to be +# from around year 1941: http://www.tt-museum.jp/tairiku_0280_nan1941.html , +# the schedule listed was in the format of Japanese time. Which indicate some +# use of the Japanese time (instead of syncing by DST) might have occurred in +# the Yangtze river delta area during that period of time although the scope +# of such use will need to be investigated to determine. +# # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Shang 1940 only - Jun 1 0:00 1:00 D Rule Shang 1940 only - Oct 12 24:00 0 S @@ -572,7 +676,7 @@ Zone Asia/Urumqi 5:50:20 - LMT 1928 6:00 - +06 -# Hong Kong (Xianggang) +# Hong Kong # Milne gives 7:36:41.7; round this. @@ -582,9 +686,7 @@ Zone Asia/Urumqi 5:50:20 - LMT 1928 # it is not [an] observatory, but the official meteorological agency of HK, # and also serves as the official timing agency), there are some missing # and incorrect rules. Although the exact switch over time is missing, I -# think 3:30 is correct. The official DST record for Hong Kong can be -# obtained from -# http://www.hko.gov.hk/gts/time/Summertime.htm +# think 3:30 is correct. # From Phake Nick (2018-10-27): # According to Singaporean newspaper @@ -695,10 +797,10 @@ Zone Asia/Urumqi 5:50:20 - LMT 1928 # Resolution of the Legislative Council passed on 9 May 1979 # https://www.legco.gov.hk/yr78-79/english/lc_sitg/hansard/h790509.pdf#page=39 -# From Paul Eggert (2019-05-31): +# From Paul Eggert (2020-04-15): # Here are the dates given at -# https://www.hko.gov.hk/gts/time/Summertime.htm -# as of 2014-06-19: +# https://www.hko.gov.hk/en/gts/time/Summertime.htm +# as of 2020-02-10: # Year Period # 1941 15 Jun to 30 Sep # 1942 Whole year @@ -1828,6 +1930,47 @@ Zone Asia/Jerusalem 2:20:54 - LMT 1880 # '9:00' and 'JST' is from Guy Harris. +# From Paul Eggert (2020-01-19): +# Starting in the 7th century, Japan generally followed an ancient Chinese +# timekeeping system that divided night and day into six hours each, +# with hour length depending on season. In 1873 the government +# started requiring the use of a Western style 24-hour clock. See: +# Yulia Frumer, "Making Time: Astronomical Time Measurement in Tokugawa Japan" +# . As the tzdb code and +# data support only 24-hour clocks, its tables model timestamps before +# 1873 using Western-style local mean time. + +# From Hideyuki Suzuki (1998-11-09): +# 'Tokyo' usually stands for the former location of Tokyo Astronomical +# Observatory: 139° 44' 40.90" E (9h 18m 58.727s), 35° 39' 16.0" N. +# This data is from 'Rika Nenpyou (Chronological Scientific Tables) 1996' +# edited by National Astronomical Observatory of Japan.... +# JST (Japan Standard Time) has been used since 1888-01-01 00:00 (JST). +# The law is enacted on 1886-07-07. + +# From Hideyuki Suzuki (1998-11-16): +# The ordinance No. 51 (1886) established "standard time" in Japan, +# which stands for the time on 135° E. +# In the ordinance No. 167 (1895), "standard time" was renamed to "central +# standard time". And the same ordinance also established "western standard +# time", which stands for the time on 120° E.... But "western standard +# time" was abolished in the ordinance No. 529 (1937). In the ordinance No. +# 167, there is no mention regarding for what place western standard time is +# standard.... +# +# I wrote "ordinance" above, but I don't know how to translate. +# In Japanese it's "chokurei", which means ordinance from emperor. + +# From Yu-Cheng Chuang (2013-07-12): +# ...the Meiji Emperor announced Ordinance No. 167 of Meiji Year 28 "The clause +# about standard time" ... The adoption began from Jan 1, 1896. +# https://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時) +# +# ...the Showa Emperor announced Ordinance No. 529 of Showa Year 12 ... which +# means the whole Japan territory, including later occupations, adopt Japan +# Central Time (UT+9). The adoption began on Oct 1, 1937. +# https://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件 + # From Paul Eggert (1995-03-06): # Today's _Asahi Evening News_ (page 4) reports that Japan had # daylight saving between 1948 and 1951, but "the system was discontinued @@ -1876,37 +2019,6 @@ Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S Rule Japan 1949 only - Apr Sat>=1 24:00 1:00 D Rule Japan 1950 1951 - May Sat>=1 24:00 1:00 D -# From Hideyuki Suzuki (1998-11-09): -# 'Tokyo' usually stands for the former location of Tokyo Astronomical -# Observatory: 139° 44' 40.90" E (9h 18m 58.727s), 35° 39' 16.0" N. -# This data is from 'Rika Nenpyou (Chronological Scientific Tables) 1996' -# edited by National Astronomical Observatory of Japan.... -# JST (Japan Standard Time) has been used since 1888-01-01 00:00 (JST). -# The law is enacted on 1886-07-07. - -# From Hideyuki Suzuki (1998-11-16): -# The ordinance No. 51 (1886) established "standard time" in Japan, -# which stands for the time on 135° E. -# In the ordinance No. 167 (1895), "standard time" was renamed to "central -# standard time". And the same ordinance also established "western standard -# time", which stands for the time on 120° E.... But "western standard -# time" was abolished in the ordinance No. 529 (1937). In the ordinance No. -# 167, there is no mention regarding for what place western standard time is -# standard.... -# -# I wrote "ordinance" above, but I don't know how to translate. -# In Japanese it's "chokurei", which means ordinance from emperor. - -# From Yu-Cheng Chuang (2013-07-12): -# ...the Meiji Emperor announced Ordinance No. 167 of Meiji Year 28 "The clause -# about standard time" ... The adoption began from Jan 1, 1896. -# https://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時) -# -# ...the Showa Emperor announced Ordinance No. 529 of Showa Year 12 ... which -# means the whole Japan territory, including later occupations, adopt Japan -# Central Time (UT+9). The adoption began on Oct 1, 1937. -# https://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件 - # Zone NAME STDOFF RULES FORMAT [UNTIL] Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u 9:00 Japan J%sT @@ -3086,22 +3198,9 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # [T]he Palestinian cabinet decision (Mar 8th 2016) published on # http://www.palestinecabinet.gov.ps/WebSite/Upload/Decree/GOV_17/16032016134830.pdf # states that summer time will end on Oct 29th at 01:00. -# -# From Tim Parenti (2016-10-19): -# Predict fall transitions on October's last Saturday at 01:00 from now on. -# This is consistent with the 2016 transition as well as our spring -# predictions. -# -# From Paul Eggert (2016-10-19): -# It's also consistent with predictions in the following URLs today: -# https://www.timeanddate.com/time/change/gaza-strip/gaza -# https://www.timeanddate.com/time/change/west-bank/hebron # From Sharef Mustafa (2018-03-16): -# Palestine summer time will start on Mar 24th 2018 by advancing the -# clock by 60 minutes as per Palestinian cabinet decision published on -# the official website, though the decree did not specify the exact -# time of the time shift. +# Palestine summer time will start on Mar 24th 2018 ... # http://www.palestinecabinet.gov.ps/Website/AR/NDecrees/ViewFile.ashx?ID=e7a42ab7-ee23-435a-b9c8-a4f7e81f3817 # From Even Scharning (2019-03-23): @@ -3111,15 +3210,20 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # From Sharif Mustafa (2019-03-26): # The Palestinian cabinet announced today that the switch to DST will # be on Fri Mar 29th 2019 by advancing the clock by 60 minutes. -# The decree signing date is Mar 12th but it was not published till today. -# The decree does not specify the exact time of switch. # http://palestinecabinet.gov.ps/Website/AR/NDecrees/ViewFile.ashx?ID=e54e9ea1-50ee-4137-84df-0d6c78da259b # # From Even Scharning (2019-04-10): # Our source in Palestine said it happened Friday 29 at 00:00 local time.... + +# From Sharef Mustafa (2019-10-18): +# Palestine summer time will end on midnight Oct 26th 2019 ... +# http://www.palestinecabinet.gov.ps/website/ar/ViewDetails?ID=43948 # # From Paul Eggert (2019-04-10): # For now, guess spring-ahead transitions are March's last Friday at 00:00. +# +# From Tim Parenti (2016-10-19): +# Predict fall transitions on October's last Saturday at 01:00 from now on. # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule EgyptAsia 1957 only - May 10 0:00 1:00 S Modified: releng/11.3/contrib/tzdata/backward ============================================================================== --- releng/11.3/contrib/tzdata/backward Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/backward Tue May 12 16:44:13 2020 (r360969) @@ -17,6 +17,7 @@ Link America/Atikokan America/Coral_Harbour Link America/Argentina/Cordoba America/Cordoba Link America/Tijuana America/Ensenada Link America/Indiana/Indianapolis America/Fort_Wayne +Link America/Nuuk America/Godthab Link America/Indiana/Indianapolis America/Indianapolis Link America/Argentina/Jujuy America/Jujuy Link America/Indiana/Knox America/Knox_IN Modified: releng/11.3/contrib/tzdata/backzone ============================================================================== --- releng/11.3/contrib/tzdata/backzone Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/backzone Tue May 12 16:44:13 2020 (r360969) @@ -33,6 +33,35 @@ # assumes rules from other files. In the tz distribution, use # 'make PACKRATDATA=backzone zones' to compile and install this file. + +# From Paul Eggert (2020-04-15): +# The following remarks should be incorporated into this table sometime. +# Patches in 'git format-patch' format would be welcome. +# +# From Phake Nick (2020-04-15): +# ... the historical timezone data for those China zones seems to be +# incorrect. The transition to GMT+8 date given there for these zones +# were 1980 which also contradict the file description that they do +# not disagree with normal zone after 1970. According to sources that +# have also been cited in the asia file, except Xinjiang and Tibet, +# they should have adopted the Beijing Time from around 1949/1950 +# depends on exactly when each of those cities were taken over by the +# communist army. And they should also follow the DST setting of +# Asia/Shanghai after that point of time. In addition, +# http://gaz.ncl.edu.tw/detail.jsp?sysid=E1091792 the document from +# Chongqing Nationalist government say in year 1945 all of China +# should adopt summer time due to the war (not sure whether it +# continued after WWII ends)(Probably only enforced in area under +# their rule at the time?) The Asia/Harbin's 1932 and 1940 entry +# should also be incorrect. As per sources recorded at +# https://wiki.suikawiki.org/n/%E6%BA%80%E5%B7%9E%E5%9B%BD%E3%81%AE%E6%A8%99%E6%BA%96%E6%99%82 +# , in 1932 Harbin should have adopted UTC+8:00 instead of data +# currently listed in the tz database according to official +# announcement from Manchuko. And they should have adopted GMT+9 in +# 1937 January 1st according to official announcement at the time +# being cited on the webpage. + + # Zones are sorted by zone name. Each zone is preceded by the # name of the country that the zone is in, along with any other # commentary and rules associated with the entry. Modified: releng/11.3/contrib/tzdata/europe ============================================================================== --- releng/11.3/contrib/tzdata/europe Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/europe Tue May 12 16:44:13 2020 (r360969) @@ -549,12 +549,13 @@ Zone Europe/Dublin -0:25:00 - LMT 1880 Aug 2 0:00 1:00 IST 1947 Nov 2 2:00s 0:00 - GMT 1948 Apr 18 2:00s 0:00 GB-Eire GMT/IST 1968 Oct 27 -# The next line is for when negative SAVE values are used. +# Vanguard section, for zic and other parsers that support negative DST. 1:00 Eire IST/GMT -# These three lines are for when SAVE values are always nonnegative. +# Rearguard section, for parsers lacking negative DST; see ziguard.awk. # 1:00 - IST 1971 Oct 31 2:00u # 0:00 GB-Eire GMT/IST 1996 # 0:00 EU GMT/IST +# End of rearguard section. ############################################################################### @@ -1018,7 +1019,7 @@ Zone Europe/Prague 0:57:44 - LMT 1850 1:00 Czech CE%sT 1946 Dec 1 3:00 # Vanguard section, for zic and other parsers that support negative DST. 1:00 -1:00 GMT 1947 Feb 23 2:00 -# Rearguard section, for parsers that do not support negative DST. +# Rearguard section, for parsers lacking negative DST; see ziguard.awk. # 0:00 - GMT 1947 Feb 23 2:00 # End of rearguard section. 1:00 Czech CE%sT 1979 @@ -1175,14 +1176,17 @@ Zone America/Danmarkshavn -1:14:40 - LMT 1916 Jul 28 -3:00 - -03 1980 Apr 6 2:00 -3:00 EU -03/-02 1996 0:00 - GMT +# +# Use the old name Scoresbysund, as the current name Ittoqqortoormiit +# exceeds tzdb's 14-letter limit and has no common English abbreviation. Zone America/Scoresbysund -1:27:52 - LMT 1916 Jul 28 # Ittoqqortoormiit -2:00 - -02 1980 Apr 6 2:00 -2:00 C-Eur -02/-01 1981 Mar 29 -1:00 EU -01/+00 -Zone America/Godthab -3:26:56 - LMT 1916 Jul 28 # Nuuk +Zone America/Nuuk -3:26:56 - LMT 1916 Jul 28 # Godthåb -3:00 - -03 1980 Apr 6 2:00 -3:00 EU -03/-02 -Zone America/Thule -4:35:08 - LMT 1916 Jul 28 # Pituffik air base +Zone America/Thule -4:35:08 - LMT 1916 Jul 28 # Pituffik -4:00 Thule A%sT # Estonia @@ -1552,7 +1556,7 @@ Zone Europe/Budapest 1:16:20 - LMT 1890 Oct # # From January 1st, 1908 the whole of Iceland was standardised at 1 hour # behind GMT. Previously, local mean solar time was used in different parts -# of Iceland, the almanak had been based on Reykjavik mean solar time which +# of Iceland, the almanak had been based on Reykjavík mean solar time which # was 1 hour and 28 minutes behind GMT. # # "first day of winter" referred to [below] means the first day of the 26 weeks Modified: releng/11.3/contrib/tzdata/leap-seconds.list ============================================================================== --- releng/11.3/contrib/tzdata/leap-seconds.list Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/leap-seconds.list Tue May 12 16:44:13 2020 (r360969) @@ -62,7 +62,7 @@ # Terry Quinn, "The BIPM and the Accurate Measurement # of Time," Proc. of the IEEE, Vol. 79, pp. 894-905, # July, 1991. -# reprinted in: +# reprinted in: # Christine Hackman and Donald B Sullivan (eds.) # Time and Frequency Measurement # American Association of Physics Teachers (1996) @@ -204,10 +204,10 @@ # current -- the update time stamp, the data and the name of the file # will not change. # -# Updated through IERS Bulletin C58 -# File expires on: 28 June 2020 +# Updated through IERS Bulletin C59 +# File expires on: 28 December 2020 # -#@ 3802291200 +#@ 3818102400 # 2272060800 10 # 1 Jan 1972 2287785600 11 # 1 Jul 1972 @@ -252,4 +252,4 @@ # the hash line is also ignored in the # computation. # -#h f28827d2 f263b6c3 ec0f19eb a3e0dbf0 97f3fa30 +#h a1c168ae 27c79a7d 9dddcfc3 bcfe616b 2e2c44ea Modified: releng/11.3/contrib/tzdata/leapseconds ============================================================================== --- releng/11.3/contrib/tzdata/leapseconds Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/leapseconds Tue May 12 16:44:13 2020 (r360969) @@ -64,9 +64,15 @@ Leap 2012 Jun 30 23:59:60 + S Leap 2015 Jun 30 23:59:60 + S Leap 2016 Dec 31 23:59:60 + S +# UTC timestamp when this leap second list expires. +# Any additional leap seconds will come after this. +# This Expires line is commented out for now, +# so that pre-2020a zic implementations do not reject this file. +#Expires 2020 Dec 28 00:00:00 + # POSIX timestamps for the data in this file: #updated 1467936000 (2016-07-08 00:00:00 UTC) -#expires 1593302400 (2020-06-28 00:00:00 UTC) +#expires 1609113600 (2020-12-28 00:00:00 UTC) -# Updated through IERS Bulletin C58 -# File expires on: 28 June 2020 +# Updated through IERS Bulletin C59 +# File expires on: 28 December 2020 Modified: releng/11.3/contrib/tzdata/leapseconds.awk ============================================================================== --- releng/11.3/contrib/tzdata/leapseconds.awk Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/leapseconds.awk Tue May 12 16:44:13 2020 (r360969) @@ -68,12 +68,12 @@ BEGIN { monthabbr[11] = "Nov" monthabbr[12] = "Dec" - # Strip trailing CR, in case the input has CRLF form a la NIST. - RS = "\r?\n" - sstamp_init() } +# In case the input has CRLF form a la NIST. +{ sub(/\r$/, "") } + /^#[ \t]*[Uu]pdated through/ || /^#[ \t]*[Ff]ile expires on/ { last_lines = last_lines $0 "\n" } @@ -100,6 +100,17 @@ BEGIN { } END { + sstamp_to_ymdhMs(expires, ss_NTP) + + print "" + print "# UTC timestamp when this leap second list expires." + print "# Any additional leap seconds will come after this." + print "# This Expires line is commented out for now," + print "# so that pre-2020a zic implementations do not reject this file." + printf "%sExpires %.4d\t%s\t%.2d\t%.2d:%.2d:%.2d\n", \ + EXPIRES_LINE ? "" : "#", \ + ss_year, monthabbr[ss_month], ss_mday, ss_hour, ss_min, ss_sec + # The difference between the NTP and POSIX epochs is 70 years # (including 17 leap days), each 24 hours of 60 minutes of 60 # seconds each. Modified: releng/11.3/contrib/tzdata/northamerica ============================================================================== --- releng/11.3/contrib/tzdata/northamerica Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/northamerica Tue May 12 16:44:13 2020 (r360969) @@ -86,7 +86,7 @@ # For more about the first ten years of DST in the United States, see # Robert Garland, Ten years of daylight saving from the Pittsburgh standpoint # (Carnegie Library of Pittsburgh, 1927). -# http://www.clpgh.org/exhibit/dst.html +# https://web.archive.org/web/20160517155308/http://www.clpgh.org/exhibit/dst.html # # Shanks says that DST was called "War Time" in the US in 1918 and 1919. # However, DST was imposed by the Standard Time Act of 1918, which @@ -1470,7 +1470,8 @@ Zone America/Goose_Bay -4:01:40 - LMT 1884 # Happy Val -4:00 Canada A%sT -# west Labrador, Nova Scotia, Prince Edward I +# west Labrador, Nova Scotia, Prince Edward I, +# Îles-de-la-Madeleine, Listuguj reserve # From Brian Inglis (2015-07-20): # From the historical weather station records available at: @@ -1489,6 +1490,13 @@ Zone America/Goose_Bay -4:01:40 - LMT 1884 # Happy Val # in Canada to observe DST in 1971 but not 1970; for now we'll assume # this is a typo. +# From Jeffery Nichols (2020-01-09): +# America/Halifax ... also applies to Îles-de-la-Madeleine and the Listuguj +# reserve in Quebec. Officially, this came into effect on January 1, 2007 +# (Legal Time Act, CQLR c T-5.1), but the legislative debates surrounding that +# bill say that it is "accommodating the customs and practices" of those +# regions, which suggests that they have always been in-line with Halifax. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Halifax 1916 only - Apr 1 0:00 1:00 D Rule Halifax 1916 only - Oct 1 0:00 0 S @@ -1582,19 +1590,20 @@ Zone America/Moncton -4:19:08 - LMT 1883 Dec 9 # Quebec -# From Paul Eggert (2015-03-24): +# From Paul Eggert (2020-01-10): # See America/Toronto for most of Quebec, including Montreal. +# See America/Halifax for the Îles de la Madeleine and the Listuguj reserve. # # Matthews and Vincent (1998) also write that Quebec east of the -63 # meridian is supposed to observe AST, but residents as far east as # Natashquan use EST/EDT, and residents east of Natashquan use AST. # The Quebec department of justice writes in # "The situation in Minganie and Basse-Côte-Nord" -# http://www.justice.gouv.qc.ca/english/publications/generale/temps-minganie-a.htm +# https://www.justice.gouv.qc.ca/en/department/ministre/functions-and-responsabilities/legal-time-in-quebec/the-situation-in-minganie-and-basse-cote-nord/ # that the coastal strip from just east of Natashquan to Blanc-Sablon # observes Atlantic standard time all year round. -# https://www.assnat.qc.ca/Media/Process.aspx?MediaId=ANQ.Vigie.Bll.DocumentGenerique_8845en -# says this common practice was codified into law as of 2007. +# This common practice was codified into law as of 2007; see Legal Time Act, +# CQLR c T-5.1 . # For lack of better info, guess this practice began around 1970, contra to # Shanks & Pottenger who have this region observing AST/ADT. @@ -1613,6 +1622,15 @@ Zone America/Blanc-Sablon -3:48:28 - LMT 1884 # Nipigon (EST) and Rainy River (CST) are the largest that we know of. # Far west Ontario is like Winnipeg; far east Quebec is like Halifax. +# From Jeffery Nichols (2020-02-06): +# According to the [Shanks] atlas, those western Ontario zones are huge, +# covering most of Ontario northwest of Sault Ste Marie and Timmins. +# The zones seem to include towns bigger than the ones they're named after, +# like Dryden in America/Rainy_River and Wawa (and maybe Attawapiskat) in +# America/Nipigon. I assume it's too much trouble to change the name of the +# zone (like when you found out that America/Glace_Bay includes Sydney, Nova +# Scotia).... + # From Mark Brader (2003-07-26): # [According to the Toronto Star] Orillia, Ontario, adopted DST # effective Saturday, 1912-06-22, 22:00; the article mentions that @@ -2419,6 +2437,18 @@ Zone America/Creston -7:46:04 - LMT 1884 # obtained in November 2008 should be ignored... # I apologize for reporting incorrect information in 2008. +# From Tim Parenti (2020-03-05): +# The government of Yukon announced [yesterday] the cessation of seasonal time +# changes. "After clocks are pushed ahead one hour on March 8, the territory +# will remain on [UTC-07]. ... [The government] found 93 per cent of +# respondents wanted to end seasonal time changes and, of that group, 70 per +# cent wanted 'permanent Pacific Daylight Saving Time.'" +# https://www.cbc.ca/news/canada/north/yukon-end-daylight-saving-time-1.5486358 +# +# Although the government press release prefers PDT, we prefer MST for +# consistency with nearby Dawson Creek, Creston, and Fort Nelson. +# https://yukon.ca/en/news/yukon-end-seasonal-time-change + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule NT_YK 1918 only - Apr 14 2:00 1:00 D Rule NT_YK 1918 only - Oct 27 2:00 0 S @@ -2473,11 +2503,13 @@ Zone America/Inuvik 0 - -00 1953 # Inuvik founded Zone America/Whitehorse -9:00:12 - LMT 1900 Aug 20 -9:00 NT_YK Y%sT 1967 May 28 0:00 -8:00 NT_YK P%sT 1980 - -8:00 Canada P%sT + -8:00 Canada P%sT 2020 Mar 8 2:00 + -7:00 - MST Zone America/Dawson -9:17:40 - LMT 1900 Aug 20 -9:00 NT_YK Y%sT 1973 Oct 28 0:00 -8:00 NT_YK P%sT 1980 - -8:00 Canada P%sT + -8:00 Canada P%sT 2020 Mar 8 2:00 + -7:00 - MST ############################################################################### Modified: releng/11.3/contrib/tzdata/theory.html ============================================================================== --- releng/11.3/contrib/tzdata/theory.html Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/theory.html Tue May 12 16:44:13 2020 (r360969) @@ -298,6 +298,10 @@ in decreasing order of importance: If a name is changed, put its old spelling in the 'backward' file. This means old spellings will continue to work. + Ordinarily a name change should occur only in the rare case when + a location's consensus English-language spelling changes; for example, + in 2008 Asia/Calcutta was renamed to Asia/Kolkata + due to long-time widespread use of the new city name instead of the old. @@ -1054,23 +1058,6 @@ an older zic. The functions were inspired by NetBSD.
  • - A function tzsetwall has been added to arrange for the - system's best approximation to local (wall clock) time to be delivered - by subsequent calls to localtime. - Source code for portable applications that "must" run on local - time should call tzsetwall; - if such code is moved to "old" systems that do not - provide tzsetwall, you will not be able to generate an - executable program. - (These functions also arrange for local time to - be used if tzset is called – directly or - indirectly – and there is no TZ environment - variable; portable applications should not, however, rely on this - behavior since it is not the way SVR2 - systems behave.) -
    • -
  • Negative time_t values are supported, on systems where time_t is signed.
    • @@ -1137,7 +1124,7 @@ The vestigial APIs are: may now examine localtime(&clock)->tm_zone (if TM_ZONE is defined) or tzname[localtime(&clock)->tm_isdst] - (if HAVE_TZNAME is defined) to learn the correct time + (if HAVE_TZNAME is nonzero) to learn the correct time zone abbreviation to use.
  • Modified: releng/11.3/contrib/tzdata/version ============================================================================== --- releng/11.3/contrib/tzdata/version Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/version Tue May 12 16:44:13 2020 (r360969) @@ -1 +1 @@ -2019c +2020a Modified: releng/11.3/contrib/tzdata/zone.tab ============================================================================== --- releng/11.3/contrib/tzdata/zone.tab Tue May 12 16:38:28 2020 (r360968) +++ releng/11.3/contrib/tzdata/zone.tab Tue May 12 16:44:13 2020 (r360969) @@ -131,8 +131,8 @@ CA +4906-11631 America/Creston MST - BC (Creston) CA +5946-12014 America/Dawson_Creek MST - BC (Dawson Cr, Ft St John) CA +5848-12242 America/Fort_Nelson MST - BC (Ft Nelson) CA +4916-12307 America/Vancouver Pacific - BC (most areas) -CA +6043-13503 America/Whitehorse Pacific - Yukon (south) -CA +6404-13925 America/Dawson Pacific - Yukon (north) +CA +6043-13503 America/Whitehorse Pacific - Yukon (east) +CA +6404-13925 America/Dawson Pacific - Yukon (west) CC -1210+09655 Indian/Cocos *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-releng@freebsd.org Tue May 12 16:46:15 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 44D472F4428; Tue, 12 May 2020 16:46:15 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M3bW17wQz4Spd; Tue, 12 May 2020 16:46:15 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 224C4B0EE; Tue, 12 May 2020 16:46:15 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CGkFaa057690; Tue, 12 May 2020 16:46:15 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CGkFYf057689; Tue, 12 May 2020 16:46:15 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202005121646.04CGkFYf057689@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 12 May 2020 16:46:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360970 - releng/12.1/sys/dev/e1000 X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: releng/12.1/sys/dev/e1000 X-SVN-Commit-Revision: 360970 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 16:46:15 -0000 Author: gordon Date: Tue May 12 16:46:14 2020 New Revision: 360970 URL: https://svnweb.freebsd.org/changeset/base/360970 Log: Fix igb interfaces failing to switch to inactive state. Approved by: so Security: FreeBSD-EN-20:09.igb Modified: releng/12.1/sys/dev/e1000/if_em.c Modified: releng/12.1/sys/dev/e1000/if_em.c ============================================================================== --- releng/12.1/sys/dev/e1000/if_em.c Tue May 12 16:44:13 2020 (r360969) +++ releng/12.1/sys/dev/e1000/if_em.c Tue May 12 16:46:14 2020 (r360970) @@ -1395,10 +1395,8 @@ em_intr(void *arg) IFDI_INTR_DISABLE(ctx); /* Link status change */ - if (reg_icr & (E1000_ICR_RXSEQ | E1000_ICR_LSC)) { - adapter->hw.mac.get_link_status = 1; - iflib_admin_intr_deferred(ctx); - } + if (reg_icr & (E1000_ICR_RXSEQ | E1000_ICR_LSC)) + em_handle_link(ctx); if (reg_icr & E1000_ICR_RXO) adapter->rx_overruns++; @@ -1481,22 +1479,24 @@ em_msix_link(void *arg) if (reg_icr & (E1000_ICR_RXSEQ | E1000_ICR_LSC)) { em_handle_link(adapter->ctx); - } else { - E1000_WRITE_REG(&adapter->hw, E1000_IMS, - EM_MSIX_LINK | E1000_IMS_LSC); - if (adapter->hw.mac.type >= igb_mac_min) - E1000_WRITE_REG(&adapter->hw, E1000_EIMS, adapter->link_mask); + } else if (adapter->hw.mac.type == e1000_82574) { + /* Only re-arm 82574 if em_if_update_admin_status() won't. */ + E1000_WRITE_REG(&adapter->hw, E1000_IMS, EM_MSIX_LINK | + E1000_IMS_LSC); } - /* - * Because we must read the ICR for this interrupt - * it may clear other causes using autoclear, for - * this reason we simply create a soft interrupt - * for all these vectors. - */ - if (reg_icr && adapter->hw.mac.type < igb_mac_min) { - E1000_WRITE_REG(&adapter->hw, - E1000_ICS, adapter->ims); + if (adapter->hw.mac.type == e1000_82574) { + /* + * Because we must read the ICR for this interrupt it may + * clear other causes using autoclear, for this reason we + * simply create a soft interrupt for all these vectors. + */ + if (reg_icr) + E1000_WRITE_REG(&adapter->hw, E1000_ICS, adapter->ims); + } else { + /* Re-arm unconditionally */ + E1000_WRITE_REG(&adapter->hw, E1000_IMS, E1000_IMS_LSC); + E1000_WRITE_REG(&adapter->hw, E1000_EIMS, adapter->link_mask); } return (FILTER_HANDLED); @@ -1512,7 +1512,6 @@ em_handle_link(void *context) iflib_admin_intr_deferred(ctx); } - /********************************************************************* * * Media Ioctl callback @@ -1829,14 +1828,15 @@ em_if_update_admin_status(if_ctx_t ctx) em_update_stats_counters(adapter); /* Reset LAA into RAR[0] on 82571 */ - if ((adapter->hw.mac.type == e1000_82571) && - e1000_get_laa_state_82571(&adapter->hw)) - e1000_rar_set(&adapter->hw, adapter->hw.mac.addr, 0); + if (hw->mac.type == e1000_82571 && e1000_get_laa_state_82571(hw)) + e1000_rar_set(hw, hw->mac.addr, 0); - if (adapter->hw.mac.type < em_mac_min) + if (hw->mac.type < em_mac_min) lem_smartspeed(adapter); - - E1000_WRITE_REG(&adapter->hw, E1000_IMS, EM_MSIX_LINK | E1000_IMS_LSC); + else if (hw->mac.type == e1000_82574 && + adapter->intr_type == IFLIB_INTR_MSIX) + E1000_WRITE_REG(&adapter->hw, E1000_IMS, EM_MSIX_LINK | + E1000_IMS_LSC); } static void From owner-svn-src-releng@freebsd.org Tue May 12 16:51:12 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4063C2F45E2; Tue, 12 May 2020 16:51:12 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M3jD11t7z4TPf; Tue, 12 May 2020 16:51:12 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1E59AB133; Tue, 12 May 2020 16:51:12 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CGpC8v059018; Tue, 12 May 2020 16:51:12 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CGpBXT059015; Tue, 12 May 2020 16:51:11 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202005121651.04CGpBXT059015@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 12 May 2020 16:51:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360972 - in releng: 11.3/sys/netinet/libalias 11.4/sys/netinet/libalias 12.1/sys/netinet/libalias X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/sys/netinet/libalias 11.4/sys/netinet/libalias 12.1/sys/netinet/libalias X-SVN-Commit-Revision: 360972 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 16:51:12 -0000 Author: gordon Date: Tue May 12 16:51:11 2020 New Revision: 360972 URL: https://svnweb.freebsd.org/changeset/base/360972 Log: Fix insufficient packet length validation in libalias. Approved by: so Approved by: re (implicit) Security: FreeBSD-SA-20:12.libalias Security: CVE-2020-7454 Modified: releng/11.3/sys/netinet/libalias/alias.c releng/11.4/sys/netinet/libalias/alias.c releng/12.1/sys/netinet/libalias/alias.c Modified: releng/11.3/sys/netinet/libalias/alias.c ============================================================================== --- releng/11.3/sys/netinet/libalias/alias.c Tue May 12 16:49:04 2020 (r360971) +++ releng/11.3/sys/netinet/libalias/alias.c Tue May 12 16:51:11 2020 (r360972) @@ -439,10 +439,15 @@ fragment contained in ICMP data section */ static int IcmpAliasIn(struct libalias *la, struct ip *pip) { - int iresult; struct icmp *ic; + int dlen, iresult; LIBALIAS_LOCK_ASSERT(la); + + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < ICMP_MINLEN) + return (PKT_ALIAS_IGNORED); + /* Return if proxy-only mode is enabled */ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); @@ -461,6 +466,9 @@ IcmpAliasIn(struct libalias *la, struct ip *pip) case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: + if (dlen < ICMP_ADVLENMIN || + dlen < ICMP_ADVLEN(ic)) + return (PKT_ALIAS_IGNORED); iresult = IcmpAliasIn2(la, pip); break; case ICMP_ECHO: @@ -729,10 +737,17 @@ UdpAliasIn(struct libalias *la, struct ip *pip) { struct udphdr *ud; struct alias_link *lnk; + int dlen; LIBALIAS_LOCK_ASSERT(la); + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct udphdr)) + return (PKT_ALIAS_IGNORED); + ud = (struct udphdr *)ip_next(pip); + if (dlen < ntohs(ud->uh_ulen)) + return (PKT_ALIAS_IGNORED); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, @@ -821,12 +836,19 @@ UdpAliasOut(struct libalias *la, struct ip *pip, int m u_short dest_port; u_short proxy_server_port; int proxy_type; - int error; + int dlen, error; LIBALIAS_LOCK_ASSERT(la); /* Return if proxy-only mode is enabled and not proxyrule found.*/ + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct udphdr)) + return (PKT_ALIAS_IGNORED); + ud = (struct udphdr *)ip_next(pip); + if (dlen < ntohs(ud->uh_ulen)) + return (PKT_ALIAS_IGNORED); + proxy_type = ProxyCheck(la, &proxy_server_address, &proxy_server_port, pip->ip_src, pip->ip_dst, ud->uh_dport, pip->ip_p); @@ -919,8 +941,13 @@ TcpAliasIn(struct libalias *la, struct ip *pip) { struct tcphdr *tc; struct alias_link *lnk; + int dlen; LIBALIAS_LOCK_ASSERT(la); + + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct tcphdr)) + return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, @@ -1039,7 +1066,7 @@ TcpAliasIn(struct libalias *la, struct ip *pip) static int TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) { - int proxy_type, error; + int dlen, proxy_type, error; u_short dest_port; u_short proxy_server_port; struct in_addr dest_address; @@ -1048,6 +1075,10 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int m struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct tcphdr)) + return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); if (create) Modified: releng/11.4/sys/netinet/libalias/alias.c ============================================================================== --- releng/11.4/sys/netinet/libalias/alias.c Tue May 12 16:49:04 2020 (r360971) +++ releng/11.4/sys/netinet/libalias/alias.c Tue May 12 16:51:11 2020 (r360972) @@ -439,10 +439,15 @@ fragment contained in ICMP data section */ static int IcmpAliasIn(struct libalias *la, struct ip *pip) { - int iresult; struct icmp *ic; + int dlen, iresult; LIBALIAS_LOCK_ASSERT(la); + + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < ICMP_MINLEN) + return (PKT_ALIAS_IGNORED); + /* Return if proxy-only mode is enabled */ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); @@ -461,6 +466,9 @@ IcmpAliasIn(struct libalias *la, struct ip *pip) case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: + if (dlen < ICMP_ADVLENMIN || + dlen < ICMP_ADVLEN(ic)) + return (PKT_ALIAS_IGNORED); iresult = IcmpAliasIn2(la, pip); break; case ICMP_ECHO: @@ -729,10 +737,17 @@ UdpAliasIn(struct libalias *la, struct ip *pip) { struct udphdr *ud; struct alias_link *lnk; + int dlen; LIBALIAS_LOCK_ASSERT(la); + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct udphdr)) + return (PKT_ALIAS_IGNORED); + ud = (struct udphdr *)ip_next(pip); + if (dlen < ntohs(ud->uh_ulen)) + return (PKT_ALIAS_IGNORED); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, @@ -821,12 +836,19 @@ UdpAliasOut(struct libalias *la, struct ip *pip, int m u_short dest_port; u_short proxy_server_port; int proxy_type; - int error; + int dlen, error; LIBALIAS_LOCK_ASSERT(la); /* Return if proxy-only mode is enabled and not proxyrule found.*/ + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct udphdr)) + return (PKT_ALIAS_IGNORED); + ud = (struct udphdr *)ip_next(pip); + if (dlen < ntohs(ud->uh_ulen)) + return (PKT_ALIAS_IGNORED); + proxy_type = ProxyCheck(la, &proxy_server_address, &proxy_server_port, pip->ip_src, pip->ip_dst, ud->uh_dport, pip->ip_p); @@ -919,8 +941,13 @@ TcpAliasIn(struct libalias *la, struct ip *pip) { struct tcphdr *tc; struct alias_link *lnk; + int dlen; LIBALIAS_LOCK_ASSERT(la); + + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct tcphdr)) + return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, @@ -1039,7 +1066,7 @@ TcpAliasIn(struct libalias *la, struct ip *pip) static int TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) { - int proxy_type, error; + int dlen, proxy_type, error; u_short dest_port; u_short proxy_server_port; struct in_addr dest_address; @@ -1048,6 +1075,10 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int m struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct tcphdr)) + return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); if (create) Modified: releng/12.1/sys/netinet/libalias/alias.c ============================================================================== --- releng/12.1/sys/netinet/libalias/alias.c Tue May 12 16:49:04 2020 (r360971) +++ releng/12.1/sys/netinet/libalias/alias.c Tue May 12 16:51:11 2020 (r360972) @@ -441,10 +441,15 @@ fragment contained in ICMP data section */ static int IcmpAliasIn(struct libalias *la, struct ip *pip) { - int iresult; struct icmp *ic; + int dlen, iresult; LIBALIAS_LOCK_ASSERT(la); + + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < ICMP_MINLEN) + return (PKT_ALIAS_IGNORED); + /* Return if proxy-only mode is enabled */ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); @@ -463,6 +468,9 @@ IcmpAliasIn(struct libalias *la, struct ip *pip) case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: + if (dlen < ICMP_ADVLENMIN || + dlen < ICMP_ADVLEN(ic)) + return (PKT_ALIAS_IGNORED); iresult = IcmpAliasIn2(la, pip); break; case ICMP_ECHO: @@ -731,10 +739,17 @@ UdpAliasIn(struct libalias *la, struct ip *pip) { struct udphdr *ud; struct alias_link *lnk; + int dlen; LIBALIAS_LOCK_ASSERT(la); + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct udphdr)) + return (PKT_ALIAS_IGNORED); + ud = (struct udphdr *)ip_next(pip); + if (dlen < ntohs(ud->uh_ulen)) + return (PKT_ALIAS_IGNORED); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, @@ -823,12 +838,19 @@ UdpAliasOut(struct libalias *la, struct ip *pip, int m u_short dest_port; u_short proxy_server_port; int proxy_type; - int error; + int dlen, error; LIBALIAS_LOCK_ASSERT(la); /* Return if proxy-only mode is enabled and not proxyrule found.*/ + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct udphdr)) + return (PKT_ALIAS_IGNORED); + ud = (struct udphdr *)ip_next(pip); + if (dlen < ntohs(ud->uh_ulen)) + return (PKT_ALIAS_IGNORED); + proxy_type = ProxyCheck(la, &proxy_server_address, &proxy_server_port, pip->ip_src, pip->ip_dst, ud->uh_dport, pip->ip_p); @@ -921,8 +943,13 @@ TcpAliasIn(struct libalias *la, struct ip *pip) { struct tcphdr *tc; struct alias_link *lnk; + int dlen; LIBALIAS_LOCK_ASSERT(la); + + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct tcphdr)) + return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, @@ -1041,7 +1068,7 @@ TcpAliasIn(struct libalias *la, struct ip *pip) static int TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) { - int proxy_type, error; + int dlen, proxy_type, error; u_short dest_port; u_short proxy_server_port; struct in_addr dest_address; @@ -1050,6 +1077,10 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int m struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + + dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); + if (dlen < sizeof(struct tcphdr)) + return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); if (create) From owner-svn-src-releng@freebsd.org Tue May 12 16:54:40 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8C4262F4898; Tue, 12 May 2020 16:54:40 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M3nD3DrGz4TsP; Tue, 12 May 2020 16:54:40 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 51276B2CC; Tue, 12 May 2020 16:54:40 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CGseXl063737; Tue, 12 May 2020 16:54:40 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CGsdi3063734; Tue, 12 May 2020 16:54:39 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202005121654.04CGsdi3063734@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 12 May 2020 16:54:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360974 - in releng: 11.3/sys/netinet/libalias 11.4/sys/netinet/libalias 12.1/sys/netinet/libalias X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/sys/netinet/libalias 11.4/sys/netinet/libalias 12.1/sys/netinet/libalias X-SVN-Commit-Revision: 360974 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 16:54:40 -0000 Author: gordon Date: Tue May 12 16:54:39 2020 New Revision: 360974 URL: https://svnweb.freebsd.org/changeset/base/360974 Log: Fix memory disclosure vulnerability in libalias. Approved by: so Approved by: re (implicit) Security: FreeBSD-SA-20:13.libalias Security: CVE-2020-7455 Modified: releng/11.3/sys/netinet/libalias/alias_ftp.c releng/11.4/sys/netinet/libalias/alias_ftp.c releng/12.1/sys/netinet/libalias/alias_ftp.c Modified: releng/11.3/sys/netinet/libalias/alias_ftp.c ============================================================================== --- releng/11.3/sys/netinet/libalias/alias_ftp.c Tue May 12 16:52:08 2020 (r360973) +++ releng/11.3/sys/netinet/libalias/alias_ftp.c Tue May 12 16:54:39 2020 (r360974) @@ -752,7 +752,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip, { u_short new_len; - new_len = htons(hlen + slen); + new_len = htons(hlen + + MIN(slen, maxpacketsize - hlen)); DifferentialChecksum(&pip->ip_sum, &new_len, &pip->ip_len, Modified: releng/11.4/sys/netinet/libalias/alias_ftp.c ============================================================================== --- releng/11.4/sys/netinet/libalias/alias_ftp.c Tue May 12 16:52:08 2020 (r360973) +++ releng/11.4/sys/netinet/libalias/alias_ftp.c Tue May 12 16:54:39 2020 (r360974) @@ -752,7 +752,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip, { u_short new_len; - new_len = htons(hlen + slen); + new_len = htons(hlen + + MIN(slen, maxpacketsize - hlen)); DifferentialChecksum(&pip->ip_sum, &new_len, &pip->ip_len, Modified: releng/12.1/sys/netinet/libalias/alias_ftp.c ============================================================================== --- releng/12.1/sys/netinet/libalias/alias_ftp.c Tue May 12 16:52:08 2020 (r360973) +++ releng/12.1/sys/netinet/libalias/alias_ftp.c Tue May 12 16:54:39 2020 (r360974) @@ -754,7 +754,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip, { u_short new_len; - new_len = htons(hlen + slen); + new_len = htons(hlen + + MIN(slen, maxpacketsize - hlen)); DifferentialChecksum(&pip->ip_sum, &new_len, &pip->ip_len, From owner-svn-src-releng@freebsd.org Tue May 12 16:55:33 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5A8FD2F48F9; Tue, 12 May 2020 16:55:33 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M3pF1jL5z4V0p; Tue, 12 May 2020 16:55:33 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 35BDBB2DB; Tue, 12 May 2020 16:55:33 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CGtWMj063860; Tue, 12 May 2020 16:55:32 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CGtWYR063859; Tue, 12 May 2020 16:55:32 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202005121655.04CGtWYR063859@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 12 May 2020 16:55:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360975 - releng/11.3/sys/netinet X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: releng/11.3/sys/netinet X-SVN-Commit-Revision: 360975 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 16:55:33 -0000 Author: gordon Date: Tue May 12 16:55:32 2020 New Revision: 360975 URL: https://svnweb.freebsd.org/changeset/base/360975 Log: Fix improper checking in SCTP-AUTH shared key update. Approved by: so Security: FreeBSD-SA-20:14.sctp Security: CVE-2019-15878 Modified: releng/11.3/sys/netinet/sctp_auth.c Modified: releng/11.3/sys/netinet/sctp_auth.c ============================================================================== --- releng/11.3/sys/netinet/sctp_auth.c Tue May 12 16:54:39 2020 (r360974) +++ releng/11.3/sys/netinet/sctp_auth.c Tue May 12 16:55:32 2020 (r360975) @@ -521,7 +521,7 @@ sctp_insert_sharedkey(struct sctp_keyhead *shared_keys } else if (new_skey->keyid == skey->keyid) { /* replace the existing key */ /* verify this key *can* be replaced */ - if ((skey->deactivated) && (skey->refcount > 1)) { + if ((skey->deactivated) || (skey->refcount > 1)) { SCTPDBG(SCTP_DEBUG_AUTH1, "can't replace shared key id %u\n", new_skey->keyid); From owner-svn-src-releng@freebsd.org Tue May 12 16:57:48 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 557E82F4A66; Tue, 12 May 2020 16:57:48 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M3rr1Z1wz4VCj; Tue, 12 May 2020 16:57:48 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2C648B2DC; Tue, 12 May 2020 16:57:48 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CGvmJK063999; Tue, 12 May 2020 16:57:48 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CGvlFH063998; Tue, 12 May 2020 16:57:47 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202005121657.04CGvlFH063998@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 12 May 2020 16:57:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360976 - in releng: 11.3/sys/opencrypto 12.1/sys/opencrypto X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/sys/opencrypto 12.1/sys/opencrypto X-SVN-Commit-Revision: 360976 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 16:57:48 -0000 Author: gordon Date: Tue May 12 16:57:47 2020 New Revision: 360976 URL: https://svnweb.freebsd.org/changeset/base/360976 Log: Fix use after free in cryptodev module. Approved by: so Security: FreeBSD-SA-20:15.cryptodev Security: CVE-2019-15879 Modified: releng/11.3/sys/opencrypto/cryptodev.c releng/12.1/sys/opencrypto/cryptodev.c Modified: releng/11.3/sys/opencrypto/cryptodev.c ============================================================================== --- releng/11.3/sys/opencrypto/cryptodev.c Tue May 12 16:55:32 2020 (r360975) +++ releng/11.3/sys/opencrypto/cryptodev.c Tue May 12 16:57:47 2020 (r360976) @@ -268,6 +268,7 @@ crypt_kop_to_32(const struct crypt_kop *from, struct c struct csession { TAILQ_ENTRY(csession) next; u_int64_t sid; + volatile u_int refs; u_int32_t ses; struct mtx lock; /* for op submission */ @@ -294,6 +295,7 @@ struct cryptop_data { struct fcrypt { TAILQ_HEAD(csessionlist, csession) csessions; int sesn; + struct mtx lock; }; static int cryptof_ioctl(struct file *, u_long, void *, @@ -320,8 +322,7 @@ static struct fileops cryptofops = { }; static struct csession *csefind(struct fcrypt *, u_int); -static int csedelete(struct fcrypt *, struct csession *); -static struct csession *cseadd(struct fcrypt *, struct csession *); +static int csedelete(struct fcrypt *, u_int); static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, struct auth_hash *); @@ -612,13 +613,9 @@ bail: break; case CIOCFSESSION: ses = *(u_int32_t *)data; - cse = csefind(fcr, ses); - if (cse == NULL) { + error = csedelete(fcr, ses); + if (error != 0) SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); - return (EINVAL); - } - csedelete(fcr, cse); - error = csefree(cse); break; case CIOCCRYPT: #ifdef COMPAT_FREEBSD32 @@ -635,6 +632,7 @@ bail: return (EINVAL); } error = cryptodev_op(cse, cop, active_cred, td); + (void)csefree(cse); #ifdef COMPAT_FREEBSD32 if (error == 0 && cmd == CIOCCRYPT32) crypt_op_to_32(cop, data); @@ -701,6 +699,7 @@ bail: return (EINVAL); } error = cryptodev_aead(cse, caead, active_cred, td); + (void)csefree(cse); break; default: error = EINVAL; @@ -1275,6 +1274,9 @@ cryptof_close(struct file *fp, struct thread *td) while ((cse = TAILQ_FIRST(&fcr->csessions))) { TAILQ_REMOVE(&fcr->csessions, cse, next); + KASSERT(cse->refs == 1, + ("%s: crypto session %p with %d refs", __func__, cse, + cse->refs)); (void)csefree(cse); } free(fcr, M_XDATA); @@ -1295,34 +1297,35 @@ csefind(struct fcrypt *fcr, u_int ses) { struct csession *cse; - TAILQ_FOREACH(cse, &fcr->csessions, next) - if (cse->ses == ses) + mtx_lock(&fcr->lock); + TAILQ_FOREACH(cse, &fcr->csessions, next) { + if (cse->ses == ses) { + refcount_acquire(&cse->refs); + mtx_unlock(&fcr->lock); return (cse); + } + } + mtx_unlock(&fcr->lock); return (NULL); } static int -csedelete(struct fcrypt *fcr, struct csession *cse_del) +csedelete(struct fcrypt *fcr, u_int ses) { struct csession *cse; + mtx_lock(&fcr->lock); TAILQ_FOREACH(cse, &fcr->csessions, next) { - if (cse == cse_del) { + if (cse->ses == ses) { TAILQ_REMOVE(&fcr->csessions, cse, next); - return (1); + mtx_unlock(&fcr->lock); + return (csefree(cse)); } } - return (0); + mtx_unlock(&fcr->lock); + return (EINVAL); } -static struct csession * -cseadd(struct fcrypt *fcr, struct csession *cse) -{ - TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); - cse->ses = fcr->sesn++; - return (cse); -} - struct csession * csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, @@ -1334,6 +1337,7 @@ csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t k if (cse == NULL) return NULL; mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); + refcount_init(&cse->refs, 1); cse->key = key; cse->keylen = keylen/8; cse->mackey = mackey; @@ -1343,7 +1347,10 @@ csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t k cse->mac = mac; cse->txform = txform; cse->thash = thash; - cseadd(fcr, cse); + mtx_lock(&fcr->lock); + TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); + cse->ses = fcr->sesn++; + mtx_unlock(&fcr->lock); return (cse); } @@ -1352,6 +1359,8 @@ csefree(struct csession *cse) { int error; + if (!refcount_release(&cse->refs)) + return (0); error = crypto_freesession(cse->sid); mtx_destroy(&cse->lock); if (cse->key) @@ -1389,13 +1398,14 @@ cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data switch (cmd) { case CRIOGET: - fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK); + fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK | M_ZERO); TAILQ_INIT(&fcr->csessions); - fcr->sesn = 0; + mtx_init(&fcr->lock, "fcrypt", NULL, MTX_DEF); error = falloc(td, &f, &fd, 0); if (error) { + mtx_destroy(&fcr->lock); free(fcr, M_XDATA); return (error); } Modified: releng/12.1/sys/opencrypto/cryptodev.c ============================================================================== --- releng/12.1/sys/opencrypto/cryptodev.c Tue May 12 16:55:32 2020 (r360975) +++ releng/12.1/sys/opencrypto/cryptodev.c Tue May 12 16:57:47 2020 (r360976) @@ -266,6 +266,7 @@ crypt_kop_to_32(const struct crypt_kop *from, struct c struct csession { TAILQ_ENTRY(csession) next; crypto_session_t cses; + volatile u_int refs; u_int32_t ses; struct mtx lock; /* for op submission */ @@ -292,6 +293,7 @@ struct cryptop_data { struct fcrypt { TAILQ_HEAD(csessionlist, csession) csessions; int sesn; + struct mtx lock; }; static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 }; @@ -323,8 +325,7 @@ static struct fileops cryptofops = { }; static struct csession *csefind(struct fcrypt *, u_int); -static int csedelete(struct fcrypt *, struct csession *); -static struct csession *cseadd(struct fcrypt *, struct csession *); +static bool csedelete(struct fcrypt *, u_int); static struct csession *csecreate(struct fcrypt *, crypto_session_t, caddr_t, u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, struct auth_hash *); @@ -685,13 +686,10 @@ bail: break; case CIOCFSESSION: ses = *(u_int32_t *)data; - cse = csefind(fcr, ses); - if (cse == NULL) { + if (!csedelete(fcr, ses)) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); } - csedelete(fcr, cse); - csefree(cse); break; case CIOCCRYPT: #ifdef COMPAT_FREEBSD32 @@ -708,6 +706,7 @@ bail: return (EINVAL); } error = cryptodev_op(cse, cop, active_cred, td); + csefree(cse); #ifdef COMPAT_FREEBSD32 if (error == 0 && cmd == CIOCCRYPT32) crypt_op_to_32(cop, data); @@ -774,6 +773,7 @@ bail: return (EINVAL); } error = cryptodev_aead(cse, caead, active_cred, td); + csefree(cse); break; default: error = EINVAL; @@ -1349,6 +1349,9 @@ cryptof_close(struct file *fp, struct thread *td) while ((cse = TAILQ_FIRST(&fcr->csessions))) { TAILQ_REMOVE(&fcr->csessions, cse, next); + KASSERT(cse->refs == 1, + ("%s: crypto session %p with %d refs", __func__, cse, + cse->refs)); csefree(cse); } free(fcr, M_XDATA); @@ -1369,34 +1372,36 @@ csefind(struct fcrypt *fcr, u_int ses) { struct csession *cse; - TAILQ_FOREACH(cse, &fcr->csessions, next) - if (cse->ses == ses) + mtx_lock(&fcr->lock); + TAILQ_FOREACH(cse, &fcr->csessions, next) { + if (cse->ses == ses) { + refcount_acquire(&cse->refs); + mtx_unlock(&fcr->lock); return (cse); + } + } + mtx_unlock(&fcr->lock); return (NULL); } -static int -csedelete(struct fcrypt *fcr, struct csession *cse_del) +static bool +csedelete(struct fcrypt *fcr, u_int ses) { struct csession *cse; + mtx_lock(&fcr->lock); TAILQ_FOREACH(cse, &fcr->csessions, next) { - if (cse == cse_del) { + if (cse->ses == ses) { TAILQ_REMOVE(&fcr->csessions, cse, next); - return (1); + mtx_unlock(&fcr->lock); + csefree(cse); + return (true); } } - return (0); + mtx_unlock(&fcr->lock); + return (false); } -static struct csession * -cseadd(struct fcrypt *fcr, struct csession *cse) -{ - TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); - cse->ses = fcr->sesn++; - return (cse); -} - struct csession * csecreate(struct fcrypt *fcr, crypto_session_t cses, caddr_t key, u_int64_t keylen, caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, @@ -1408,6 +1413,7 @@ csecreate(struct fcrypt *fcr, crypto_session_t cses, c if (cse == NULL) return NULL; mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); + refcount_init(&cse->refs, 1); cse->key = key; cse->keylen = keylen/8; cse->mackey = mackey; @@ -1417,7 +1423,10 @@ csecreate(struct fcrypt *fcr, crypto_session_t cses, c cse->mac = mac; cse->txform = txform; cse->thash = thash; - cseadd(fcr, cse); + mtx_lock(&fcr->lock); + TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); + cse->ses = fcr->sesn++; + mtx_unlock(&fcr->lock); return (cse); } @@ -1425,6 +1434,8 @@ static void csefree(struct csession *cse) { + if (!refcount_release(&cse->refs)) + return; crypto_freesession(cse->cses); mtx_destroy(&cse->lock); if (cse->key) @@ -1461,13 +1472,14 @@ cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data switch (cmd) { case CRIOGET: - fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK); + fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK | M_ZERO); TAILQ_INIT(&fcr->csessions); - fcr->sesn = 0; + mtx_init(&fcr->lock, "fcrypt", NULL, MTX_DEF); error = falloc(td, &f, &fd, 0); if (error) { + mtx_destroy(&fcr->lock); free(fcr, M_XDATA); return (error); } From owner-svn-src-releng@freebsd.org Tue May 12 16:59:10 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0DDF62F4AEC; Tue, 12 May 2020 16:59:10 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M3tP6YNzz4VL0; Tue, 12 May 2020 16:59:09 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DC135B2E1; Tue, 12 May 2020 16:59:09 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CGx9vn064103; Tue, 12 May 2020 16:59:09 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CGx91N064102; Tue, 12 May 2020 16:59:09 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202005121659.04CGx91N064102@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 12 May 2020 16:59:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360977 - releng/12.1/sys/opencrypto X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: releng/12.1/sys/opencrypto X-SVN-Commit-Revision: 360977 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 16:59:10 -0000 Author: gordon Date: Tue May 12 16:59:09 2020 New Revision: 360977 URL: https://svnweb.freebsd.org/changeset/base/360977 Log: Fix insufficient cryptodev MAC key length check. Approved by: so Security: FreeBSD-SA-20:16.cryptodev Security: CVE-2019-15880 Modified: releng/12.1/sys/opencrypto/cryptodev.c Modified: releng/12.1/sys/opencrypto/cryptodev.c ============================================================================== --- releng/12.1/sys/opencrypto/cryptodev.c Tue May 12 16:57:47 2020 (r360976) +++ releng/12.1/sys/opencrypto/cryptodev.c Tue May 12 16:59:09 2020 (r360977) @@ -602,8 +602,8 @@ cryptof_ioctl( if (thash) { cria.cri_alg = thash->type; cria.cri_klen = sop->mackeylen * 8; - if (thash->keysize != 0 && - sop->mackeylen > thash->keysize) { + if (sop->mackeylen > thash->keysize || + sop->mackeylen < 0) { CRYPTDEB("invalid mac key length"); error = EINVAL; SDT_PROBE1(opencrypto, dev, ioctl, error, From owner-svn-src-releng@freebsd.org Tue May 12 17:00:25 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2510A2F4C5F; Tue, 12 May 2020 17:00:25 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M3vs09clz4VXx; Tue, 12 May 2020 17:00:25 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0120BB2E9; Tue, 12 May 2020 17:00:25 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CH0OM2064284; Tue, 12 May 2020 17:00:24 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CH0NKJ064278; Tue, 12 May 2020 17:00:23 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202005121700.04CH0NKJ064278@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 12 May 2020 17:00:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360978 - in releng: 11.3 11.3/sys/conf 11.4 11.4/sys/conf 12.1 12.1/sys/conf X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3 11.3/sys/conf 11.4 11.4/sys/conf 12.1 12.1/sys/conf X-SVN-Commit-Revision: 360978 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 17:00:25 -0000 Author: gordon Date: Tue May 12 17:00:23 2020 New Revision: 360978 URL: https://svnweb.freebsd.org/changeset/base/360978 Log: Add UPDATING entries and bump version. Approved by: so Approved by: re (implicit) Modified: releng/11.3/UPDATING releng/11.3/sys/conf/newvers.sh releng/11.4/UPDATING releng/11.4/sys/conf/newvers.sh releng/12.1/UPDATING releng/12.1/sys/conf/newvers.sh Modified: releng/11.3/UPDATING ============================================================================== --- releng/11.3/UPDATING Tue May 12 16:59:09 2020 (r360977) +++ releng/11.3/UPDATING Tue May 12 17:00:23 2020 (r360978) @@ -16,6 +16,25 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20200512 p9 FreeBSD-EN-20:08.tzdata + FreeBSD-EN-20:10.build + FreeBSD-SA-20:12.libalias + FreeBSD-SA-20:13.libalias + FreeBSD-SA-20:14.sctp + FreeBSD-SA-20:15.cryptodev + + Import tzdata 2020a. [EN-20:08.tzdata] + + Fix incorrect build host Clang version detection [EN-20:10.build] + + Fix insufficient packet length validation in libalias [SA-20:12.libalias] + + Fix memory disclosure vulnerability in libalias [SA-20:13.libalias] + + Fix improper checking in SCTP-AUTH shared key update [SA-20:14.sctp] + + Fix use after free in cryptodev module [SA-20:15.cryptodev] + 20200421 p8 FreeBSD-EN-20:07.quotad FreeBSD-SA-20:10.ipfw Modified: releng/11.3/sys/conf/newvers.sh ============================================================================== --- releng/11.3/sys/conf/newvers.sh Tue May 12 16:59:09 2020 (r360977) +++ releng/11.3/sys/conf/newvers.sh Tue May 12 17:00:23 2020 (r360978) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.3" -BRANCH="RELEASE-p8" +BRANCH="RELEASE-p9" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/11.4/UPDATING ============================================================================== --- releng/11.4/UPDATING Tue May 12 16:59:09 2020 (r360977) +++ releng/11.4/UPDATING Tue May 12 17:00:23 2020 (r360978) @@ -16,6 +16,13 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20200512: 11.4-BETA1-p1 FreeBSD-SA-20:12.libalias + FreeBSD-SA-20:13.libalias + + Fix insufficient packet length validation in libalias [SA-20:12.libalias] + + Fix memory disclosure vulnerability in libalias [SA-20:13.libalias] + 20200507: Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have been upgraded to 10.0.0. Please see the 20141231 entry below for Modified: releng/11.4/sys/conf/newvers.sh ============================================================================== --- releng/11.4/sys/conf/newvers.sh Tue May 12 16:59:09 2020 (r360977) +++ releng/11.4/sys/conf/newvers.sh Tue May 12 17:00:23 2020 (r360978) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.4" -BRANCH="BETA1" +BRANCH="BETA1-p1" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/12.1/UPDATING ============================================================================== --- releng/12.1/UPDATING Tue May 12 16:59:09 2020 (r360977) +++ releng/12.1/UPDATING Tue May 12 17:00:23 2020 (r360978) @@ -16,6 +16,28 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20200512 p5 FreeBSD-EN-20:08.tzdata + FreeBSD-EN-20:09.igb + FreeBSD-EN-20:10.build + FreeBSD-SA-20:12.libalias + FreeBSD-SA-20:13.libalias + FreeBSD-SA-20:15.cryptodev + FreeBSD-SA-20:16.cryptodev + + Import tzdata 2020a. [EN-20:08.tzdata] + + Fix igb interfaces failing to switch to inactive state [EN-20:09.igb] + + Fix incorrect build host Clang version detection [EN-20:10.build] + + Fix insufficient packet length validation in libalias [SA-20:12.libalias] + + Fix memory disclosure vulnerability in libalias [SA-20:13.libalias] + + Fix use after free in cryptodev module [SA-20:15.cryptodev] + + Fix insufficient cryptodev MAC key length check [SA-20:16.cryptodev] + 20200421 p4 FreeBSD-EN-20:07.quotad FreeBSD-SA-20:10.ipfw FreeBSD-SA-20:11.openssl Modified: releng/12.1/sys/conf/newvers.sh ============================================================================== --- releng/12.1/sys/conf/newvers.sh Tue May 12 16:59:09 2020 (r360977) +++ releng/12.1/sys/conf/newvers.sh Tue May 12 17:00:23 2020 (r360978) @@ -46,7 +46,7 @@ TYPE="FreeBSD" REVISION="12.1" -BRANCH="RELEASE-p4" +BRANCH="RELEASE-p5" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From owner-svn-src-releng@freebsd.org Tue May 12 17:07:29 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 25C3D2F501D; Tue, 12 May 2020 17:07:29 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M441009Pz4WGs; Tue, 12 May 2020 17:07:28 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EF172B4C8; Tue, 12 May 2020 17:07:28 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CH7Sbm070428; Tue, 12 May 2020 17:07:28 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CH7S3h070427; Tue, 12 May 2020 17:07:28 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202005121707.04CH7S3h070427@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Tue, 12 May 2020 17:07:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360981 - releng/11.4/usr.sbin/bhyve X-SVN-Group: releng X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: releng/11.4/usr.sbin/bhyve X-SVN-Commit-Revision: 360981 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 17:07:29 -0000 Author: jhb Date: Tue May 12 17:07:28 2020 New Revision: 360981 URL: https://svnweb.freebsd.org/changeset/base/360981 Log: MF11 360965: Use stream_read() to read all 12 bytes of the RFB client version. read() can return a short read, whereas stream_read() waits until the full version string is read. Approved by: re (gjb) Modified: releng/11.4/usr.sbin/bhyve/rfb.c Directory Properties: releng/11.4/ (props changed) Modified: releng/11.4/usr.sbin/bhyve/rfb.c ============================================================================== --- releng/11.4/usr.sbin/bhyve/rfb.c Tue May 12 17:05:55 2020 (r360980) +++ releng/11.4/usr.sbin/bhyve/rfb.c Tue May 12 17:07:28 2020 (r360981) @@ -72,6 +72,7 @@ static int rfb_debug = 0; #define DPRINTF(params) if (rfb_debug) printf params #define WPRINTF(params) printf params +#define VERSION_LENGTH 12 #define AUTH_LENGTH 16 #define PASSWD_LENGTH 8 @@ -765,7 +766,7 @@ rfb_handle(struct rfb_softc *rc, int cfd) stream_write(cfd, vbuf, strlen(vbuf)); /* 1b. Read client version */ - len = read(cfd, buf, sizeof(buf)); + len = stream_read(cfd, buf, VERSION_LENGTH); /* 2a. Send security type */ buf[0] = 1; From owner-svn-src-releng@freebsd.org Tue May 12 20:02:19 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 46CD32FEF6E; Tue, 12 May 2020 20:02:19 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M7xl1CK3z3NrR; Tue, 12 May 2020 20:02:19 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2434ED930; Tue, 12 May 2020 20:02:19 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CK2Jq2081533; Tue, 12 May 2020 20:02:19 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CK2JnO081532; Tue, 12 May 2020 20:02:19 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005122002.04CK2JnO081532@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 12 May 2020 20:02:19 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360987 - releng/11.4/release/doc/share/xml X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/share/xml X-SVN-Commit-Revision: 360987 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 20:02:19 -0000 Author: gjb Date: Tue May 12 20:02:18 2020 New Revision: 360987 URL: https://svnweb.freebsd.org/changeset/base/360987 Log: Document EN-20:08 through EN-20:09, and SA-20:12 through SA-20:16. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/share/xml/security.xml Modified: releng/11.4/release/doc/share/xml/security.xml ============================================================================== --- releng/11.4/release/doc/share/xml/security.xml Tue May 12 20:02:01 2020 (r360986) +++ releng/11.4/release/doc/share/xml/security.xml Tue May 12 20:02:18 2020 (r360987) @@ -185,6 +185,21 @@ 21 April 2020 Invalid &man.mbuf.9; handling + + + FreeBSD-SA-20:12.libalias + 12 May 2020 + Insufficient packet length + validation + + + + FreeBSD-SA-20:13.libalias + 12 May 2020 + Memory disclosure vulnerability + From owner-svn-src-releng@freebsd.org Tue May 12 20:05:33 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F280D2FFE76; Tue, 12 May 2020 20:05:33 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M81T6Dznz3Pb0; Tue, 12 May 2020 20:05:33 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C160CDA5D; Tue, 12 May 2020 20:05:33 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CK5XG9081776; Tue, 12 May 2020 20:05:33 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CK5X8Y081775; Tue, 12 May 2020 20:05:33 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005122005.04CK5X8Y081775@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 12 May 2020 20:05:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360988 - releng/11.4/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/en_US.ISO8859-1/relnotes X-SVN-Commit-Revision: 360988 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 20:05:34 -0000 Author: gjb Date: Tue May 12 20:05:33 2020 New Revision: 360988 URL: https://svnweb.freebsd.org/changeset/base/360988 Log: Release notes documentation: - r351007: bzip2(1) 1.0.8. - r351611: WPA 2.9. - r354195: tcsh(1) 6.21.0. - r355504: less(1) 551. - r355604: libbsdxml(3) 2.2.9. - r356341: pcap(3) 1.9.1. - r356341: tcpdump(1) 4.9.3. - r356345: unbound 1.9.6. - r356533: mtree(8) various fixes. - r358088: libarchive(3) 3.4.2. - r358659: ntpd(8) 4.2.8p14. - r360362: tzdata 2020a. - r360521: file(1) 5.38. - r360523: xz(1) 5.2.5. - r360822: clang (and friends) 10.0.0. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue May 12 20:02:18 2020 (r360987) +++ releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue May 12 20:05:33 2020 (r360988) @@ -171,7 +171,57 @@ Contributed Software -   + The &man.bzip2.1; utility has been + updated to version 1.0.8. + + The WPA + utilities have been updated to version 2.9. + + The &man.tcsh.1; utility has been + updated to version 6.21.0. + + The &man.less.1; utility has been + updated to version 551. + + The &man.libbsdxml.3; library has + been updated to version 2.2.9. + + The &man.pcap.3; library has been + updated to version 1.9.1. + + The &man.tcpdump.1; utility has been + updated to version 4.9.3. + + The &man.unbound.8; utility has been + updated to version 1.9.6. + + The &man.mtree.8; utility has been + updated to include several bug fixes. + + The &man.archive.3; library has been + updated to version 3.4.2. + + The &man.ntpd.8; utilities have been + updated to version 4.2.8p14. + + The timezone database files have been + updated to version 2020a. + + The &man.file.1; utility has been + updated to version 5.38. + + The &man.xz.1; utility has been updated + to version 5.2.5. + + The clang, + llvm, + lld, + lldb, + libunwind, + openmp, + compiler-rt utilities and + libc++ have been updated to version + 10.0.0. From owner-svn-src-releng@freebsd.org Tue May 12 20:05:35 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 68C382FFEC0; Tue, 12 May 2020 20:05:35 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49M81W1gkXz3PbM; Tue, 12 May 2020 20:05:35 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EB97DDA5E; Tue, 12 May 2020 20:05:34 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04CK5YJW081819; Tue, 12 May 2020 20:05:34 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04CK5Y9B081818; Tue, 12 May 2020 20:05:34 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005122005.04CK5Y9B081818@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 12 May 2020 20:05:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360989 - releng/11.4/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/release/doc/en_US.ISO8859-1/relnotes X-SVN-Commit-Revision: 360989 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 20:05:35 -0000 Author: gjb Date: Tue May 12 20:05:34 2020 New Revision: 360989 URL: https://svnweb.freebsd.org/changeset/base/360989 Log: Release notes documentation: - r350801: camcontrol(8) AMA support. - r351582: camcontrol(8) 'modepage' block descriptor support. - r351843: usbconfig(8) detach_kernel_driver command. - r351873: jot(1) '-r 0 start end' fix. - r352758: freebsd-update(8) 'updatesready' and 'showconfig' commands. - r353134: crontab(5)/cron(8) '-n' and '-q' flags. - r353759: zfs(8) bookmark renaming support. - r356290: OpenSSL 1.0.2u. - r356401: usbconfig(8) dump_stats command. - r356905: fsck_ffs(8) recovery information fix with 64k sectors. - r357082: certctl(8) added. - r357791: env(1) -L/-U user/class options. - r359554: ZFS ZIL max block size tunable. - r359696: libalias(3)/ipfw(4) RFC-6598 support. - r359740: syslogd(8) property-based filters. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue May 12 20:05:33 2020 (r360988) +++ releng/11.4/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue May 12 20:05:34 2020 (r360989) @@ -165,7 +165,56 @@ Userland Application Changes -   + The + &man.camcontrol.8; utility has been updated to include support + for Accessible Max Address Configuration + (AMA). + + The &man.camcontrol.8; utility has been + updated to support block descriptors with the + modepage subcommand. + + The &man.usbconfig.8; utility has been + updated to include the detach_kernel_driver + command. + + The &man.jot.1; utility has been updated + to allow an endless stream of random data within the specified + bounds. + + The &man.freebsd-update.8; utility has + been updated to include two new commands, + updatesready and + showconfig. + + The &man.cron.8; utility has been + updated to support two new flags in &man.crontab.5;, + -n and -q, which + suppress mail on successful runs and suppress logging of + command execution, respectively. + + The &man.zfs.8; utility has been updated + to support renaming bookmarks. + + The &man.usbconfig.8; utility has been + updated to include the dump_stats + command. + + The &man.fsck.ffs.8; and &man.newfs.8; + utilities has been updated to fix recovery information with + sector sizes up to 64k. + + The &man.certctl.8; utility has been + added. + + The &man.env.1; utility has been updated + to include the -L and -U + options, which are used to set the environment of the + specified user from login.conf and + ~/.login_conf, respectively. + + The &man.syslogd.8; utility has been + updated to add property-based filters. @@ -186,6 +235,9 @@ The &man.libbsdxml.3; library has been updated to version 2.2.9. + OpenSSL has + been update to version 1.0.2u. + The &man.pcap.3; library has been updated to version 1.9.1. @@ -374,7 +426,9 @@ ZFS -   + The ZFS + ZIL (ZFS intent log) + maximum block size is now tunable. @@ -418,7 +472,10 @@ Network Protocols -   + The &man.libalias.3; library and + &man.ipfw.4; packet filter have been updated to add support + for RFC 6598/Carrier Grade + NAT subnets. From owner-svn-src-releng@freebsd.org Thu May 14 17:47:56 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 807492F7C8B; Thu, 14 May 2020 17:47:56 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NJsm2sScz4bpS; Thu, 14 May 2020 17:47:56 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5CAADED47; Thu, 14 May 2020 17:47:56 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04EHlujG078767; Thu, 14 May 2020 17:47:56 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04EHltN1078763; Thu, 14 May 2020 17:47:55 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202005141747.04EHltN1078763@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Thu, 14 May 2020 17:47:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r361035 - in releng/11.4: lib/libsysdecode sys/fs/procfs sys/sys usr.sbin/procctl X-SVN-Group: releng X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in releng/11.4: lib/libsysdecode sys/fs/procfs sys/sys usr.sbin/procctl X-SVN-Commit-Revision: 361035 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2020 17:47:56 -0000 Author: jhb Date: Thu May 14 17:47:55 2020 New Revision: 361035 URL: https://svnweb.freebsd.org/changeset/base/361035 Log: MF11 361020: Deprecate procfs-based process debugging. 359047: Mark procfs-based process debugging as deprecated for FreeBSD 13. Attempting to use ioctls on /proc//mem to control a process will trigger warnings on the console. The include file will also now emit a compile-time warning when used from userland. 359054: Fix the workaround to ignore the #warning for GCC. clang and gcc use different warning flags for #warning preprocessor directives. For both 12 and 11, adjust the GCC warning flags to only be added in 4.7 and later since 4.2.1 does not support -Wno-cpp. For 11, add the needed warning suppression to procctl's build. procctl was removed in 12.0. Approved by: re (gjb, kib) Modified: releng/11.4/lib/libsysdecode/Makefile releng/11.4/sys/fs/procfs/procfs_ioctl.c releng/11.4/sys/sys/pioctl.h releng/11.4/usr.sbin/procctl/Makefile Directory Properties: releng/11.4/ (props changed) Modified: releng/11.4/lib/libsysdecode/Makefile ============================================================================== --- releng/11.4/lib/libsysdecode/Makefile Thu May 14 17:19:07 2020 (r361034) +++ releng/11.4/lib/libsysdecode/Makefile Thu May 14 17:47:55 2020 (r361035) @@ -123,6 +123,13 @@ CFLAGS.gcc.ioctl.c+= -Wno-redundant-decls # Workaround warning for unused ssi_cables[] in CFLAGS.gcc.ioctl.c+= -Wno-unused +# Ignore deprecation warning in +CFLAGS.clang.ioctl.c+= -Wno-\#warnings +.if ${COMPILER_TYPE} == "gcc" && ${COMPILER_VERSION} >= 40700 +CFLAGS.gcc.ioctl.c+= -Wno-cpp +.endif + +CFLAGS.clang+= ${CFLAGS.clang.${.IMPSRC}} CFLAGS.gcc+= ${CFLAGS.gcc.${.IMPSRC}} DEPENDOBJS+= tables.h Modified: releng/11.4/sys/fs/procfs/procfs_ioctl.c ============================================================================== --- releng/11.4/sys/fs/procfs/procfs_ioctl.c Thu May 14 17:19:07 2020 (r361034) +++ releng/11.4/sys/fs/procfs/procfs_ioctl.c Thu May 14 17:47:55 2020 (r361035) @@ -69,10 +69,53 @@ procfs_ioctl(PFS_IOCTL_ARGS) #ifdef COMPAT_FREEBSD6 int ival; #endif + static struct timeval lasttime; + static struct timeval interval = { .tv_sec = 1, .tv_usec = 0 }; KASSERT(p != NULL, ("%s() called without a process", __func__)); PROC_LOCK_ASSERT(p, MA_OWNED); + + switch (cmd) { +#if defined(COMPAT_FREEBSD5) || defined(COMPAT_FREEBSD4) || defined(COMPAT_43) + case _IOC(IOC_IN, 'p', 1, 0): +#endif +#ifdef COMPAT_FREEBSD6 + case _IO('p', 1): +#endif + case PIOCBIS: +#if defined(COMPAT_FREEBSD5) || defined(COMPAT_FREEBSD4) || defined(COMPAT_43) + case _IOC(IOC_IN, 'p', 2, 0): +#endif +#ifdef COMPAT_FREEBSD6 + case _IO('p', 2): +#endif + case PIOCBIC: +#if defined(COMPAT_FREEBSD5) || defined(COMPAT_FREEBSD4) || defined(COMPAT_43) + case _IOC(IOC_IN, 'p', 3, 0): +#endif +#ifdef COMPAT_FREEBSD6 + case _IO('p', 3): +#endif + case PIOCSFL: + case PIOCGFL: + case PIOCWAIT: + case PIOCSTATUS: +#ifdef COMPAT_FREEBSD32 + case PIOCWAIT32: + case PIOCSTATUS32: +#endif +#if defined(COMPAT_FREEBSD5) || defined(COMPAT_FREEBSD4) || defined(COMPAT_43) + case _IOC(IOC_IN, 'p', 5, 0): +#endif +#ifdef COMPAT_FREEBSD6 + case _IO('p', 5): +#endif + case PIOCCONT: + if (ratecheck(&lasttime, &interval) != 0) + gone_in(13, "procfs-based process debugging"); + break; + } error = 0; switch (cmd) { Modified: releng/11.4/sys/sys/pioctl.h ============================================================================== --- releng/11.4/sys/sys/pioctl.h Thu May 14 17:19:07 2020 (r361034) +++ releng/11.4/sys/sys/pioctl.h Thu May 14 17:47:55 2020 (r361035) @@ -39,6 +39,10 @@ #ifndef _SYS_PIOCTL_H # define _SYS_PIOCTL_H +#ifndef _KERNEL +#warning " is deprecated, ptrace() should be used instead" +#endif + # include struct procfs_status { Modified: releng/11.4/usr.sbin/procctl/Makefile ============================================================================== --- releng/11.4/usr.sbin/procctl/Makefile Thu May 14 17:19:07 2020 (r361034) +++ releng/11.4/usr.sbin/procctl/Makefile Thu May 14 17:47:55 2020 (r361035) @@ -1,6 +1,14 @@ # $FreeBSD$ +.include + PROG= procctl MAN= procctl.8 + +# Ignore deprecation warning in +CFLAGS.clang+= -Wno-\#warnings +.if ${COMPILER_TYPE} == "gcc" && ${COMPILER_VERSION} >= 40700 +CFLAGS.gcc+= -Wno-cpp +.endif .include From owner-svn-src-releng@freebsd.org Thu May 14 17:56:07 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B57E42D9189; Thu, 14 May 2020 17:56:07 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NK3B3C5qz4d3L; Thu, 14 May 2020 17:56:06 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 04EHtrut082145 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 14 May 2020 17:55:53 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: jhb@FreeBSD.org Received: from [10.58.0.10] (dadv@dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 04EHtopu033829 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 15 May 2020 00:55:50 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: svn commit: r361035 - in releng/11.4: lib/libsysdecode sys/fs/procfs sys/sys usr.sbin/procctl To: John Baldwin , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org References: <202005141747.04EHltN1078763@repo.freebsd.org> From: Eugene Grosbein Message-ID: Date: Fri, 15 May 2020 00:55:47 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <202005141747.04EHltN1078763@repo.freebsd.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 49NK3B3C5qz4d3L X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.99 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-1.89)[ip: (-5.31), ipnet: 2a01:4f8::/29(-2.66), asn: 24940(-1.48), country: DE(-0.02)]; R_SPF_PERMFAIL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2020 17:56:07 -0000 15.05.2020 0:47, John Baldwin wrote: > Author: jhb > Date: Thu May 14 17:47:55 2020 > New Revision: 361035 > URL: https://svnweb.freebsd.org/changeset/base/361035 > > Log: > MF11 361020: Deprecate procfs-based process debugging. > > 359047: > Mark procfs-based process debugging as deprecated for FreeBSD 13. > > Attempting to use ioctls on /proc//mem to control a process will > trigger warnings on the console. The include file will > also now emit a compile-time warning when used from userland. > > 359054: > Fix the workaround to ignore the #warning for GCC. > > clang and gcc use different warning flags for #warning preprocessor > directives. > > For both 12 and 11, adjust the GCC warning flags to only be added in > 4.7 and later since 4.2.1 does not support -Wno-cpp. For 11, add the > needed warning suppression to procctl's build. procctl was removed in > 12.0. > > Approved by: re (gjb, kib) Please consider adding a sysctl or another way to disable such extra warnings for jailed process, so it would be possible running old versions of FreeBSD in a jail seamless. From owner-svn-src-releng@freebsd.org Thu May 14 18:28:06 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2C6AF2DA155; Thu, 14 May 2020 18:28:06 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NKm603lcz4gBd; Thu, 14 May 2020 18:28:06 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from John-Baldwins-MacBook-Pro-164.local (unknown [IPv6:2601:648:8203:2990:59ea:1632:b928:42c4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 59426103CC; Thu, 14 May 2020 18:28:05 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Subject: Re: svn commit: r361035 - in releng/11.4: lib/libsysdecode sys/fs/procfs sys/sys usr.sbin/procctl To: Eugene Grosbein , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org References: <202005141747.04EHltN1078763@repo.freebsd.org> From: John Baldwin Autocrypt: addr=jhb@FreeBSD.org; keydata= mQGiBETQ+XcRBADMFybiq69u+fJRy/0wzqTNS8jFfWaBTs5/OfcV7wWezVmf9sgwn8TW0Dk0 c9MBl0pz+H01dA2ZSGZ5fXlmFIsee1WEzqeJzpiwd/pejPgSzXB9ijbLHZ2/E0jhGBcVy5Yo /Tw5+U/+laeYKu2xb0XPvM0zMNls1ah5OnP9a6Ql6wCgupaoMySb7DXm2LHD1Z9jTsHcAQMD /1jzh2BoHriy/Q2s4KzzjVp/mQO5DSm2z14BvbQRcXU48oAosHA1u3Wrov6LfPY+0U1tG47X 1BGfnQH+rNAaH0livoSBQ0IPI/8WfIW7ub4qV6HYwWKVqkDkqwcpmGNDbz3gfaDht6nsie5Z pcuCcul4M9CW7Md6zzyvktjnbz61BADGDCopfZC4of0Z3Ka0u8Wik6UJOuqShBt1WcFS8ya1 oB4rc4tXfSHyMF63aPUBMxHR5DXeH+EO2edoSwViDMqWk1jTnYza51rbGY+pebLQOVOxAY7k do5Ordl3wklBPMVEPWoZ61SdbcjhHVwaC5zfiskcxj5wwXd2E9qYlBqRg7QeSm9obiBCYWxk d2luIDxqaGJARnJlZUJTRC5vcmc+iGAEExECACAFAkTQ+awCGwMGCwkIBwMCBBUCCAMEFgID AQIeAQIXgAAKCRBy3lIGd+N/BI6RAJ9S97fvbME+3hxzE3JUyUZ6vTewDACdE1stFuSfqMvM jomvZdYxIYyTUpC5Ag0ERND5ghAIAPwsO0B7BL+bz8sLlLoQktGxXwXQfS5cInvL17Dsgnr3 1AKa94j9EnXQyPEj7u0d+LmEe6CGEGDh1OcGFTMVrof2ZzkSy4+FkZwMKJpTiqeaShMh+Goj XlwIMDxyADYvBIg3eN5YdFKaPQpfgSqhT+7El7w+wSZZD8pPQuLAnie5iz9C8iKy4/cMSOrH YUK/tO+Nhw8Jjlw94Ik0T80iEhI2t+XBVjwdfjbq3HrJ0ehqdBwukyeJRYKmbn298KOFQVHO EVbHA4rF/37jzaMadK43FgJ0SAhPPF5l4l89z5oPu0b/+5e2inA3b8J3iGZxywjM+Csq1tqz hltEc7Q+E08AAwUIAL+15XH8bPbjNJdVyg2CMl10JNW2wWg2Q6qdljeaRqeR6zFus7EZTwtX sNzs5bP8y51PSUDJbeiy2RNCNKWFMndM22TZnk3GNG45nQd4OwYK0RZVrikalmJY5Q6m7Z16 4yrZgIXFdKj2t8F+x613/SJW1lIr9/bDp4U9tw0V1g3l2dFtD3p3ZrQ3hpoDtoK70ioIAjjH aIXIAcm3FGZFXy503DOA0KaTWwvOVdYCFLm3zWuSOmrX/GsEc7ovasOWwjPn878qVjbUKWwx Q4QkF4OhUV9zPtf9tDSAZ3x7QSwoKbCoRCZ/xbyTUPyQ1VvNy/mYrBcYlzHodsaqUDjHuW+I SQQYEQIACQUCRND5ggIbDAAKCRBy3lIGd+N/BCO8AJ9j1dWVQWxw/YdTbEyrRKOY8YZNwwCf afMAg8QvmOWnHx3wl8WslCaXaE8= Message-ID: Date: Thu, 14 May 2020 11:28:03 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2020 18:28:06 -0000 On 5/14/20 10:55 AM, Eugene Grosbein wrote: > 15.05.2020 0:47, John Baldwin wrote: > >> Author: jhb >> Date: Thu May 14 17:47:55 2020 >> New Revision: 361035 >> URL: https://svnweb.freebsd.org/changeset/base/361035 >> >> Log: >> MF11 361020: Deprecate procfs-based process debugging. >> >> 359047: >> Mark procfs-based process debugging as deprecated for FreeBSD 13. >> >> Attempting to use ioctls on /proc//mem to control a process will >> trigger warnings on the console. The include file will >> also now emit a compile-time warning when used from userland. >> >> 359054: >> Fix the workaround to ignore the #warning for GCC. >> >> clang and gcc use different warning flags for #warning preprocessor >> directives. >> >> For both 12 and 11, adjust the GCC warning flags to only be added in >> 4.7 and later since 4.2.1 does not support -Wno-cpp. For 11, add the >> needed warning suppression to procctl's build. procctl was removed in >> 12.0. >> >> Approved by: re (gjb, kib) > > Please consider adding a sysctl or another way to disable such extra warnings for jailed process, > so it would be possible running old versions of FreeBSD in a jail seamless. They are rate limited now, but you also probably have no existing processes that are using this. strace on i386 from ports (for which truss is a more functional replacement) is the only binary still built in ports that uses this. truss itself was the last base system binary (aside from procctl which is only there as a helper, not an actual util) and the last version of truss to use procfs was 6.x. -- John Baldwin From owner-svn-src-releng@freebsd.org Thu May 14 18:50:45 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 209012DA9A1; Thu, 14 May 2020 18:50:45 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NLGF06j1z3D4d; Thu, 14 May 2020 18:50:45 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F36BDF953; Thu, 14 May 2020 18:50:44 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04EIoiEE017182; Thu, 14 May 2020 18:50:44 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04EIoieU017178; Thu, 14 May 2020 18:50:44 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202005141850.04EIoieU017178@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Thu, 14 May 2020 18:50:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r361042 - in releng/11.4/sys: cam/scsi dev/iscsi_initiator net80211 X-SVN-Group: releng X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in releng/11.4/sys: cam/scsi dev/iscsi_initiator net80211 X-SVN-Commit-Revision: 361042 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2020 18:50:45 -0000 Author: jhb Date: Thu May 14 18:50:43 2020 New Revision: 361042 URL: https://svnweb.freebsd.org/changeset/base/361042 Log: MF11 361038,361040: Don't dereference various user pointers. 360171: Don't access a user buffer directly from the kernel. The handle_string callback for the ENCIOC_SETSTRING ioctl was passing a user pointer to memcpy(). Fix by using copyin() instead. For ENCIOC_GETSTRING ioctls, the handler was storing the user pointer in a CCB's data_ptr field where it was indirected by other code. Fix this by allocating a temporary buffer (which ENCIOC_SETSTRING already did) and copying the result out to the user buffer after the CCB has been processed. 360179: Don't pass a user buffer pointer as the data pointer in a CCB. Allocate a temporary buffer in the kernel to serve as the CCB data pointer for a pass-through transaction and use copyin/copyout to shuffle the data to/from the user buffer. 360285: Don't indirect user pointers directly in two 802.11s ioctls. IEEE80211_MESH_RTCMD_ADD was invoking memcmp() to validate the supplied address directly on the user pointer rather than first doing a copyin() and validating the copied value. IEEE80211_MESH_RTCMD_DELETE was passing the user pointer directly to ieee80211_mesh_rt_del() rather than copying the user buffer into a temporary kernel buffer. 360388: Don't run strcmp() against strings stored in user memory. Instead, copy the strings into a temporary buffer on the stack and run strcmp on the copies. 360818: Fix a memory leak for ENCIOC_GETSTRING I introduced in r360171. Approved by: re (gjb) Modified: releng/11.4/sys/cam/scsi/scsi_enc_ses.c releng/11.4/sys/cam/scsi/scsi_sg.c releng/11.4/sys/dev/iscsi_initiator/isc_subr.c releng/11.4/sys/net80211/ieee80211_mesh.c Directory Properties: releng/11.4/ (props changed) Modified: releng/11.4/sys/cam/scsi/scsi_enc_ses.c ============================================================================== --- releng/11.4/sys/cam/scsi/scsi_enc_ses.c Thu May 14 18:49:43 2020 (r361041) +++ releng/11.4/sys/cam/scsi/scsi_enc_ses.c Thu May 14 18:50:43 2020 (r361042) @@ -2902,13 +2902,19 @@ ses_handle_string(enc_softc_t *enc, encioc_string_t *s buf[1] = 0; buf[2] = sstr->bufsiz >> 8; buf[3] = sstr->bufsiz & 0xff; - memcpy(&buf[4], sstr->buf, sstr->bufsiz); + ret = copyin(sstr->buf, &buf[4], sstr->bufsiz); + if (ret != 0) { + ENC_FREE(buf); + return (ret); + } break; case ENCIOC_GETSTRING: payload = sstr->bufsiz; amt = payload; + buf = ENC_MALLOC(payload); + if (buf == NULL) + return (ENOMEM); ses_page_cdb(cdb, payload, SesStringIn, CAM_DIR_IN); - buf = sstr->buf; break; case ENCIOC_GETENCNAME: if (ses_cache->ses_nsubencs < 1) @@ -2948,7 +2954,9 @@ ses_handle_string(enc_softc_t *enc, encioc_string_t *s return (EINVAL); } ret = enc_runcmd(enc, cdb, 6, buf, &amt); - if (ioc == ENCIOC_SETSTRING) + if (ret == 0 && ioc == ENCIOC_GETSTRING) + ret = copyout(buf, sstr->buf, sstr->bufsiz); + if (ioc == ENCIOC_SETSTRING || ioc == ENCIOC_GETSTRING) ENC_FREE(buf); return (ret); } Modified: releng/11.4/sys/cam/scsi/scsi_sg.c ============================================================================== --- releng/11.4/sys/cam/scsi/scsi_sg.c Thu May 14 18:49:43 2020 (r361041) +++ releng/11.4/sys/cam/scsi/scsi_sg.c Thu May 14 18:50:43 2020 (r361042) @@ -506,6 +506,7 @@ sgioctl(struct cdev *dev, u_long cmd, caddr_t arg, int struct cam_periph *periph; struct sg_softc *softc; struct sg_io_hdr *req; + void *data_ptr; int dir, error; periph = (struct cam_periph *)dev->si_drv1; @@ -550,12 +551,20 @@ sgioctl(struct cdev *dev, u_long cmd, caddr_t arg, int break; } + if (req->dxfer_len > MAXPHYS) { + error = EINVAL; + break; + } + + data_ptr = malloc(req->dxfer_len, M_DEVBUF, M_WAITOK); + ccb = cam_periph_getccb(periph, CAM_PRIORITY_NORMAL); csio = &ccb->csio; error = copyin(req->cmdp, &csio->cdb_io.cdb_bytes, req->cmd_len); if (error) { + free(data_ptr, M_DEVBUF); xpt_release_ccb(ccb); break; } @@ -568,7 +577,7 @@ sgioctl(struct cdev *dev, u_long cmd, caddr_t arg, int dir = CAM_DIR_IN; break; case SG_DXFER_TO_FROM_DEV: - dir = CAM_DIR_IN | CAM_DIR_OUT; + dir = CAM_DIR_BOTH; break; case SG_DXFER_NONE: default: @@ -576,12 +585,21 @@ sgioctl(struct cdev *dev, u_long cmd, caddr_t arg, int break; } + if (dir == CAM_DIR_IN || dir == CAM_DIR_BOTH) { + error = copyin(req->dxferp, data_ptr, req->dxfer_len); + if (error) { + free(data_ptr, M_DEVBUF); + xpt_release_ccb(ccb); + break; + } + } + cam_fill_csio(csio, /*retries*/1, sgdone, dir|CAM_DEV_QFRZDIS, MSG_SIMPLE_Q_TAG, - req->dxferp, + data_ptr, req->dxfer_len, req->mx_sb_len, req->cmd_len, @@ -591,6 +609,7 @@ sgioctl(struct cdev *dev, u_long cmd, caddr_t arg, int if (error) { req->host_status = DID_ERROR; req->driver_status = DRIVER_INVALID; + free(data_ptr, M_DEVBUF); xpt_release_ccb(ccb); break; } @@ -609,6 +628,10 @@ sgioctl(struct cdev *dev, u_long cmd, caddr_t arg, int req->sb_len_wr); } + if ((dir == CAM_DIR_OUT || dir == CAM_DIR_BOTH) && error == 0) + error = copyout(data_ptr, req->dxferp, req->dxfer_len); + + free(data_ptr, M_DEVBUF); xpt_release_ccb(ccb); break; Modified: releng/11.4/sys/dev/iscsi_initiator/isc_subr.c ============================================================================== --- releng/11.4/sys/dev/iscsi_initiator/isc_subr.c Thu May 14 18:49:43 2020 (r361041) +++ releng/11.4/sys/dev/iscsi_initiator/isc_subr.c Thu May 14 18:50:43 2020 (r361042) @@ -192,6 +192,9 @@ i_crc32c(const void *buf, size_t size, uint32_t crc) int i_setopt(isc_session_t *sp, isc_opt_t *opt) { + char buf[16]; + int error; + if(opt->maxRecvDataSegmentLength > 0) { sp->opt.maxRecvDataSegmentLength = opt->maxRecvDataSegmentLength; sdebug(2, "maxRecvDataSegmentLength=%d", sp->opt.maxRecvDataSegmentLength); @@ -233,15 +236,21 @@ i_setopt(isc_session_t *sp, isc_opt_t *opt) } if(opt->headerDigest != NULL) { - sdebug(2, "opt.headerDigest='%s'", opt->headerDigest); - if(strcmp(opt->headerDigest, "CRC32C") == 0) { + error = copyinstr(opt->headerDigest, buf, sizeof(buf), NULL); + if (error != 0) + return (error); + sdebug(2, "opt.headerDigest='%s'", buf); + if(strcmp(buf, "CRC32C") == 0) { sp->hdrDigest = (digest_t *)i_crc32c; sdebug(2, "opt.headerDigest set"); } } if(opt->dataDigest != NULL) { - sdebug(2, "opt.dataDigest='%s'", opt->headerDigest); - if(strcmp(opt->dataDigest, "CRC32C") == 0) { + error = copyinstr(opt->dataDigest, buf, sizeof(buf), NULL); + if (error != 0) + return (error); + sdebug(2, "opt.dataDigest='%s'", opt->dataDigest); + if(strcmp(buf, "CRC32C") == 0) { sp->dataDigest = (digest_t *)i_crc32c; sdebug(2, "opt.dataDigest set"); } Modified: releng/11.4/sys/net80211/ieee80211_mesh.c ============================================================================== --- releng/11.4/sys/net80211/ieee80211_mesh.c Thu May 14 18:49:43 2020 (r361041) +++ releng/11.4/sys/net80211/ieee80211_mesh.c Thu May 14 18:50:43 2020 (r361042) @@ -3567,16 +3567,21 @@ mesh_ioctl_set80211(struct ieee80211vap *vap, struct i ieee80211_mesh_rt_flush(vap); break; case IEEE80211_MESH_RTCMD_ADD: - if (IEEE80211_ADDR_EQ(vap->iv_myaddr, ireq->i_data) || - IEEE80211_ADDR_EQ(broadcastaddr, ireq->i_data)) - return EINVAL; - error = copyin(ireq->i_data, &tmpaddr, + error = copyin(ireq->i_data, tmpaddr, IEEE80211_ADDR_LEN); - if (error == 0) - ieee80211_mesh_discover(vap, tmpaddr, NULL); + if (error != 0) + break; + if (IEEE80211_ADDR_EQ(vap->iv_myaddr, tmpaddr) || + IEEE80211_ADDR_EQ(broadcastaddr, tmpaddr)) + return EINVAL; + ieee80211_mesh_discover(vap, tmpaddr, NULL); break; case IEEE80211_MESH_RTCMD_DELETE: - ieee80211_mesh_rt_del(vap, ireq->i_data); + error = copyin(ireq->i_data, tmpaddr, + IEEE80211_ADDR_LEN); + if (error != 0) + break; + ieee80211_mesh_rt_del(vap, tmpaddr); break; default: return ENOSYS; From owner-svn-src-releng@freebsd.org Thu May 14 19:09:00 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CE3F22DB267; Thu, 14 May 2020 19:09:00 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NLgJ590bz3FxT; Thu, 14 May 2020 19:09:00 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id ABB9EFCF4; Thu, 14 May 2020 19:09:00 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04EJ90Th028847; Thu, 14 May 2020 19:09:00 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04EJ90An028846; Thu, 14 May 2020 19:09:00 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202005141909.04EJ90An028846@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Thu, 14 May 2020 19:09:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r361045 - releng/11.4/usr.sbin/bhyve X-SVN-Group: releng X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: releng/11.4/usr.sbin/bhyve X-SVN-Commit-Revision: 361045 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2020 19:09:00 -0000 Author: jhb Date: Thu May 14 19:09:00 2020 New Revision: 361045 URL: https://svnweb.freebsd.org/changeset/base/361045 Log: MF11 361041: Update the cached MSI state when any MSI capability register is written. bhyve uses cached copies of the MSI capability registers to generate MSI interrupts for device models. Previously, these cached fields were only set when the MSI capability control register was updated. The Linux kernel recently adopted a change to deal with races in MSI interrupt delivery that writes to the MSI capability address and data registers to alter the destination of MSI interrupts without writing to the MSI capability control register. bhyve was not updating its cached registers for these writes and continued to send interrupts with the old data value to the old address. Fix this by recomputing the cached values for every write to any MSI capability register. Approved by: re (gjb) Modified: releng/11.4/usr.sbin/bhyve/pci_emul.c Directory Properties: releng/11.4/ (props changed) Modified: releng/11.4/usr.sbin/bhyve/pci_emul.c ============================================================================== --- releng/11.4/usr.sbin/bhyve/pci_emul.c Thu May 14 18:59:34 2020 (r361044) +++ releng/11.4/usr.sbin/bhyve/pci_emul.c Thu May 14 19:09:00 2020 (r361045) @@ -898,26 +898,26 @@ msicap_cfgwrite(struct pci_devinst *pi, int capoff, in msgctrl &= ~rwmask; msgctrl |= val & rwmask; val = msgctrl; + } + CFGWRITE(pi, offset, val, bytes); - addrlo = pci_get_cfgdata32(pi, capoff + 4); - if (msgctrl & PCIM_MSICTRL_64BIT) - msgdata = pci_get_cfgdata16(pi, capoff + 12); - else - msgdata = pci_get_cfgdata16(pi, capoff + 8); + msgctrl = pci_get_cfgdata16(pi, capoff + 2); + addrlo = pci_get_cfgdata32(pi, capoff + 4); + if (msgctrl & PCIM_MSICTRL_64BIT) + msgdata = pci_get_cfgdata16(pi, capoff + 12); + else + msgdata = pci_get_cfgdata16(pi, capoff + 8); - mme = msgctrl & PCIM_MSICTRL_MME_MASK; - pi->pi_msi.enabled = msgctrl & PCIM_MSICTRL_MSI_ENABLE ? 1 : 0; - if (pi->pi_msi.enabled) { - pi->pi_msi.addr = addrlo; - pi->pi_msi.msg_data = msgdata; - pi->pi_msi.maxmsgnum = 1 << (mme >> 4); - } else { - pi->pi_msi.maxmsgnum = 0; - } - pci_lintr_update(pi); + mme = msgctrl & PCIM_MSICTRL_MME_MASK; + pi->pi_msi.enabled = msgctrl & PCIM_MSICTRL_MSI_ENABLE ? 1 : 0; + if (pi->pi_msi.enabled) { + pi->pi_msi.addr = addrlo; + pi->pi_msi.msg_data = msgdata; + pi->pi_msi.maxmsgnum = 1 << (mme >> 4); + } else { + pi->pi_msi.maxmsgnum = 0; } - - CFGWRITE(pi, offset, val, bytes); + pci_lintr_update(pi); } void From owner-svn-src-releng@freebsd.org Thu May 14 19:29:08 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DFA022DBE47; Thu, 14 May 2020 19:29:08 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NM6X5hC3z3HW2; Thu, 14 May 2020 19:29:08 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BC821180EE; Thu, 14 May 2020 19:29:08 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04EJT8HY041110; Thu, 14 May 2020 19:29:08 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04EJT8eR041108; Thu, 14 May 2020 19:29:08 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202005141929.04EJT8eR041108@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Thu, 14 May 2020 19:29:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r361049 - in releng/11.4: share/man/man4 sys/dev/ubsec X-SVN-Group: releng X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in releng/11.4: share/man/man4 sys/dev/ubsec X-SVN-Commit-Revision: 361049 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2020 19:29:09 -0000 Author: jhb Date: Thu May 14 19:29:08 2020 New Revision: 361049 URL: https://svnweb.freebsd.org/changeset/base/361049 Log: MF11 361044,361048: Deprecate ubsec(4) for FreeBSD 13.0. With the removal of in-tree consumers of DES, Triple DES, and MD5-HMAC, the only algorithm this driver still supports is SHA1-HMAC. This is not very useful as a standalone algorithm (IPsec AH-only with SHA1 would be the only user). This driver has also not been kept up to date with the original driver in OpenBSD which supports a few more cards and AES-CBC on newer cards. The newest card currently supported by this driver was released in 2005. Approved by: re (gjb) Relnotes: yes Modified: releng/11.4/share/man/man4/ubsec.4 releng/11.4/sys/dev/ubsec/ubsec.c Directory Properties: releng/11.4/ (props changed) Modified: releng/11.4/share/man/man4/ubsec.4 ============================================================================== --- releng/11.4/share/man/man4/ubsec.4 Thu May 14 19:15:21 2020 (r361048) +++ releng/11.4/share/man/man4/ubsec.4 Thu May 14 19:29:08 2020 (r361049) @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 16, 2009 +.Dd May 14, 2020 .Dt UBSEC 4 .Os .Sh NAME @@ -48,6 +48,15 @@ module at boot time, place the following line in .Bd -literal -offset indent ubsec_load="YES" .Ed +.Sh DEPRECATION NOTICE +The +.Nm +driver is not present in +.Fx 13.0 +and later. +The majority of crypto algorithms supported by this driver are no longer +used by the kernel in +.Fx 13.0 . .Sh DESCRIPTION The .Nm Modified: releng/11.4/sys/dev/ubsec/ubsec.c ============================================================================== --- releng/11.4/sys/dev/ubsec/ubsec.c Thu May 14 19:15:21 2020 (r361048) +++ releng/11.4/sys/dev/ubsec/ubsec.c Thu May 14 19:29:08 2020 (r361049) @@ -474,6 +474,7 @@ skip_rng: crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0); #endif } + gone_in_dev(dev, 13, "Does not support modern crypto algorithms"); return (0); bad4: crypto_unregister_all(sc->sc_cid); From owner-svn-src-releng@freebsd.org Thu May 14 19:32:42 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 30EEB2DC0B1; Thu, 14 May 2020 19:32:42 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NMBf0V2cz3HwJ; Thu, 14 May 2020 19:32:42 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 08E97182C0; Thu, 14 May 2020 19:32:42 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04EJWfR1046675; Thu, 14 May 2020 19:32:41 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04EJWfTQ046674; Thu, 14 May 2020 19:32:41 GMT (envelope-from dim@FreeBSD.org) Message-Id: <202005141932.04EJWfTQ046674@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Thu, 14 May 2020 19:32:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r361050 - releng/11.4/lib/csu X-SVN-Group: releng X-SVN-Commit-Author: dim X-SVN-Commit-Paths: releng/11.4/lib/csu X-SVN-Commit-Revision: 361050 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2020 19:32:42 -0000 Author: dim Date: Thu May 14 19:32:41 2020 New Revision: 361050 URL: https://svnweb.freebsd.org/changeset/base/361050 Log: MF11 r361047: MFC r360915: Use -fno-asynchronous-unwind-tables to compile lib/csu Summary: In r209294 kib added -fno-asynchronous-unwind-tables to the compile flags for the GNU C startup components. This was done to work around a BFD ld assertion, "no .eh_frame_hdr table will be created", which is produced because of the layout of the startup objects. Add the same flag to lib/csu too, for the same reason. And similarly to r209294, also add -fno-omit-frame-pointer. This is primarily meant to quickly MFC to stable/11, so it can end up in the 11.4 release, as a fix for https://bugs.freebsd.org/246322. Approved by: re (gjb) PR: 246322 Differential Revision: https://reviews.freebsd.org/D24797 Modified: releng/11.4/lib/csu/Makefile.inc Directory Properties: releng/11.4/ (props changed) Modified: releng/11.4/lib/csu/Makefile.inc ============================================================================== --- releng/11.4/lib/csu/Makefile.inc Thu May 14 19:29:08 2020 (r361049) +++ releng/11.4/lib/csu/Makefile.inc Thu May 14 19:32:41 2020 (r361050) @@ -6,4 +6,7 @@ SED_FIX_NOTE = -i "" -e '/\.note\.tag/s/progbits/note/ NO_WMISSING_VARIABLE_DECLARATIONS= +CFLAGS+= -fno-asynchronous-unwind-tables +CFLAGS+= -fno-omit-frame-pointer + .include "../Makefile.inc" From owner-svn-src-releng@freebsd.org Thu May 14 19:56:16 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CAD8B2DCF54; Thu, 14 May 2020 19:56:16 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NMjr54gPz3Kq5; Thu, 14 May 2020 19:56:16 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A98A018734; Thu, 14 May 2020 19:56:16 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04EJuGaa059792; Thu, 14 May 2020 19:56:16 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04EJuG9w059791; Thu, 14 May 2020 19:56:16 GMT (envelope-from dim@FreeBSD.org) Message-Id: <202005141956.04EJuG9w059791@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Thu, 14 May 2020 19:56:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r361052 - releng/11.4/etc/mtree X-SVN-Group: releng X-SVN-Commit-Author: dim X-SVN-Commit-Paths: releng/11.4/etc/mtree X-SVN-Commit-Revision: 361052 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2020 19:56:16 -0000 Author: dim Date: Thu May 14 19:56:16 2020 New Revision: 361052 URL: https://svnweb.freebsd.org/changeset/base/361052 Log: MF11 r361051: MFC r357929: Remove /usr/include/ssp from BSD.include.dist after r356356 This avoids having to delete it every time with "make delete-old". Approved by: re (gjb) PR: 242950 Modified: releng/11.4/etc/mtree/BSD.include.dist Directory Properties: releng/11.4/ (props changed) Modified: releng/11.4/etc/mtree/BSD.include.dist ============================================================================== --- releng/11.4/etc/mtree/BSD.include.dist Thu May 14 19:41:45 2020 (r361051) +++ releng/11.4/etc/mtree/BSD.include.dist Thu May 14 19:56:16 2020 (r361052) @@ -339,8 +339,6 @@ mac_partition .. .. - ssp - .. sys .. teken From owner-svn-src-releng@freebsd.org Fri May 15 00:02:25 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 44BF72E4AAE; Fri, 15 May 2020 00:02:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NT9s140tz474B; Fri, 15 May 2020 00:02:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1FE041B6D9; Fri, 15 May 2020 00:02:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04F02PYR012115; Fri, 15 May 2020 00:02:25 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04F02O8C012114; Fri, 15 May 2020 00:02:24 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202005150002.04F02O8C012114@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Fri, 15 May 2020 00:02:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r361067 - releng/11.4/sys/conf X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: releng/11.4/sys/conf X-SVN-Commit-Revision: 361067 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2020 00:02:25 -0000 Author: gjb Date: Fri May 15 00:02:24 2020 New Revision: 361067 URL: https://svnweb.freebsd.org/changeset/base/361067 Log: Update releng/11.4 to BETA2 as part of the 11.4-RELEASE cycle. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: releng/11.4/sys/conf/newvers.sh Modified: releng/11.4/sys/conf/newvers.sh ============================================================================== --- releng/11.4/sys/conf/newvers.sh Thu May 14 23:38:11 2020 (r361066) +++ releng/11.4/sys/conf/newvers.sh Fri May 15 00:02:24 2020 (r361067) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.4" -BRANCH="BETA1-p1" +BRANCH="BETA2" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi