From owner-svn-src-releng@freebsd.org Tue Dec 1 19:34:49 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 892F54B2116; Tue, 1 Dec 2020 19:34:49 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClskK2h06z4lFZ; Tue, 1 Dec 2020 19:34:49 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4CD011B092; Tue, 1 Dec 2020 19:34:49 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B1JYnnP003815; Tue, 1 Dec 2020 19:34:49 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B1JYkm7003800; Tue, 1 Dec 2020 19:34:46 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202012011934.0B1JYkm7003800@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 1 Dec 2020 19:34:46 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r368249 - in releng: 12.1/sys/amd64/linux 12.1/sys/amd64/linux32 12.1/sys/arm64/linux 12.1/sys/compat/freebsd32 12.1/sys/i386/linux 12.1/sys/kern 12.2/sys/amd64/linux 12.2/sys/amd64/lin... X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 12.1/sys/amd64/linux 12.1/sys/amd64/linux32 12.1/sys/arm64/linux 12.1/sys/compat/freebsd32 12.1/sys/i386/linux 12.1/sys/kern 12.2/sys/amd64/linux 12.2/sys/amd64/linux32 12.2/sys/arm64/linux... X-SVN-Commit-Revision: 368249 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 19:34:49 -0000 Author: gordon Date: Tue Dec 1 19:34:45 2020 New Revision: 368249 URL: https://svnweb.freebsd.org/changeset/base/368249 Log: Fix execve/fexecve system call auditing. Approved by: so Security: FreeBSD-EN-20:19.audit Modified: releng/12.1/sys/amd64/linux/linux_machdep.c releng/12.1/sys/amd64/linux32/linux32_machdep.c releng/12.1/sys/arm64/linux/linux_machdep.c releng/12.1/sys/compat/freebsd32/freebsd32_misc.c releng/12.1/sys/i386/linux/linux_machdep.c releng/12.1/sys/kern/kern_exec.c releng/12.1/sys/kern/subr_syscall.c releng/12.2/sys/amd64/linux/linux_machdep.c releng/12.2/sys/amd64/linux32/linux32_machdep.c releng/12.2/sys/arm64/linux/linux_machdep.c releng/12.2/sys/compat/freebsd32/freebsd32_misc.c releng/12.2/sys/i386/linux/linux_machdep.c releng/12.2/sys/kern/kern_exec.c releng/12.2/sys/kern/subr_syscall.c Modified: releng/12.1/sys/amd64/linux/linux_machdep.c ============================================================================== --- releng/12.1/sys/amd64/linux/linux_machdep.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.1/sys/amd64/linux/linux_machdep.c Tue Dec 1 19:34:45 2020 (r368249) @@ -81,6 +81,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include + #include #include #include @@ -107,6 +109,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(path, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.1/sys/amd64/linux32/linux32_machdep.c ============================================================================== --- releng/12.1/sys/amd64/linux32/linux32_machdep.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.1/sys/amd64/linux32/linux32_machdep.c Tue Dec 1 19:34:45 2020 (r368249) @@ -69,6 +69,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include + #include #include #include @@ -143,6 +145,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(path, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.1/sys/arm64/linux/linux_machdep.c ============================================================================== --- releng/12.1/sys/arm64/linux/linux_machdep.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.1/sys/arm64/linux/linux_machdep.c Tue Dec 1 19:34:45 2020 (r368249) @@ -38,6 +38,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include + #include #include #include @@ -74,6 +76,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(path, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.1/sys/compat/freebsd32/freebsd32_misc.c ============================================================================== --- releng/12.1/sys/compat/freebsd32/freebsd32_misc.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.1/sys/compat/freebsd32/freebsd32_misc.c Tue Dec 1 19:34:45 2020 (r368249) @@ -440,6 +440,7 @@ freebsd32_execve(struct thread *td, struct freebsd32_e if (error == 0) error = kern_execve(td, &eargs, NULL); post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } @@ -460,6 +461,7 @@ freebsd32_fexecve(struct thread *td, struct freebsd32_ error = kern_execve(td, &eargs, NULL); } post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.1/sys/i386/linux/linux_machdep.c ============================================================================== --- releng/12.1/sys/i386/linux/linux_machdep.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.1/sys/i386/linux/linux_machdep.c Tue Dec 1 19:34:45 2020 (r368249) @@ -61,6 +61,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include + #include #include #include @@ -116,6 +118,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(newpath, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.1/sys/kern/kern_exec.c ============================================================================== --- releng/12.1/sys/kern/kern_exec.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.1/sys/kern/kern_exec.c Tue Dec 1 19:34:45 2020 (r368249) @@ -224,6 +224,7 @@ sys_execve(struct thread *td, struct execve_args *uap) if (error == 0) error = kern_execve(td, &args, NULL); post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } @@ -251,6 +252,7 @@ sys_fexecve(struct thread *td, struct fexecve_args *ua error = kern_execve(td, &args, NULL); } post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } @@ -279,6 +281,7 @@ sys___mac_execve(struct thread *td, struct __mac_execv if (error == 0) error = kern_execve(td, &args, uap->mac_p); post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); #else return (ENOSYS); Modified: releng/12.1/sys/kern/subr_syscall.c ============================================================================== --- releng/12.1/sys/kern/subr_syscall.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.1/sys/kern/subr_syscall.c Tue Dec 1 19:34:45 2020 (r368249) @@ -133,6 +133,16 @@ syscallenter(struct thread *td) AUDIT_SYSCALL_ENTER(sa->code, td); error = (sa->callp->sy_call)(td, sa->args); + + /* + * Note that some syscall implementations (e.g., sys_execve) + * will commit the audit record just before their final return. + * These were done under the assumption that nothing of interest + * would happen between their return and here, where we would + * normally commit the audit record. These assumptions will + * need to be revisited should any substantial logic be added + * above. + */ AUDIT_SYSCALL_EXIT(error, td); /* Save the latest error return value. */ Modified: releng/12.2/sys/amd64/linux/linux_machdep.c ============================================================================== --- releng/12.2/sys/amd64/linux/linux_machdep.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.2/sys/amd64/linux/linux_machdep.c Tue Dec 1 19:34:45 2020 (r368249) @@ -81,6 +81,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include + #include #include #include @@ -107,6 +109,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(path, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.2/sys/amd64/linux32/linux32_machdep.c ============================================================================== --- releng/12.2/sys/amd64/linux32/linux32_machdep.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.2/sys/amd64/linux32/linux32_machdep.c Tue Dec 1 19:34:45 2020 (r368249) @@ -69,6 +69,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include + #include #include #include @@ -138,6 +140,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(path, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.2/sys/arm64/linux/linux_machdep.c ============================================================================== --- releng/12.2/sys/arm64/linux/linux_machdep.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.2/sys/arm64/linux/linux_machdep.c Tue Dec 1 19:34:45 2020 (r368249) @@ -38,6 +38,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include + #include #include #include @@ -74,6 +76,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(path, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.2/sys/compat/freebsd32/freebsd32_misc.c ============================================================================== --- releng/12.2/sys/compat/freebsd32/freebsd32_misc.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.2/sys/compat/freebsd32/freebsd32_misc.c Tue Dec 1 19:34:45 2020 (r368249) @@ -440,6 +440,7 @@ freebsd32_execve(struct thread *td, struct freebsd32_e if (error == 0) error = kern_execve(td, &eargs, NULL); post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } @@ -460,6 +461,7 @@ freebsd32_fexecve(struct thread *td, struct freebsd32_ error = kern_execve(td, &eargs, NULL); } post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.2/sys/i386/linux/linux_machdep.c ============================================================================== --- releng/12.2/sys/i386/linux/linux_machdep.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.2/sys/i386/linux/linux_machdep.c Tue Dec 1 19:34:45 2020 (r368249) @@ -61,6 +61,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include + #include #include #include @@ -111,6 +113,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(newpath, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: releng/12.2/sys/kern/kern_exec.c ============================================================================== --- releng/12.2/sys/kern/kern_exec.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.2/sys/kern/kern_exec.c Tue Dec 1 19:34:45 2020 (r368249) @@ -224,6 +224,7 @@ sys_execve(struct thread *td, struct execve_args *uap) if (error == 0) error = kern_execve(td, &args, NULL); post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } @@ -251,6 +252,7 @@ sys_fexecve(struct thread *td, struct fexecve_args *ua error = kern_execve(td, &args, NULL); } post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } @@ -279,6 +281,7 @@ sys___mac_execve(struct thread *td, struct __mac_execv if (error == 0) error = kern_execve(td, &args, uap->mac_p); post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); #else return (ENOSYS); Modified: releng/12.2/sys/kern/subr_syscall.c ============================================================================== --- releng/12.2/sys/kern/subr_syscall.c Tue Dec 1 19:34:44 2020 (r368248) +++ releng/12.2/sys/kern/subr_syscall.c Tue Dec 1 19:34:45 2020 (r368249) @@ -142,6 +142,16 @@ syscallenter(struct thread *td) AUDIT_SYSCALL_ENTER(sa->code, td); error = (sa->callp->sy_call)(td, sa->args); + + /* + * Note that some syscall implementations (e.g., sys_execve) + * will commit the audit record just before their final return. + * These were done under the assumption that nothing of interest + * would happen between their return and here, where we would + * normally commit the audit record. These assumptions will + * need to be revisited should any substantial logic be added + * above. + */ AUDIT_SYSCALL_EXIT(error, td); /* Save the latest error return value. */ From owner-svn-src-releng@freebsd.org Tue Dec 1 19:35:50 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 27CB14B2068; Tue, 1 Dec 2020 19:35:50 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClslV0QJwz4lH4; Tue, 1 Dec 2020 19:35:50 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EB0E81AF2B; Tue, 1 Dec 2020 19:35:49 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B1JZnLp003970; Tue, 1 Dec 2020 19:35:49 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B1JZm74003963; Tue, 1 Dec 2020 19:35:48 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202012011935.0B1JZm74003963@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 1 Dec 2020 19:35:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r368251 - in releng: 11.4/contrib/tzdata 12.1/contrib/tzdata 12.2/contrib/tzdata X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.4/contrib/tzdata 12.1/contrib/tzdata 12.2/contrib/tzdata X-SVN-Commit-Revision: 368251 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 19:35:50 -0000 Author: gordon Date: Tue Dec 1 19:35:48 2020 New Revision: 368251 URL: https://svnweb.freebsd.org/changeset/base/368251 Log: Update timezone database information. Approved by: so Security: FreeBSD-EN-20:20.tzdata Modified: releng/11.4/contrib/tzdata/Makefile releng/11.4/contrib/tzdata/NEWS releng/11.4/contrib/tzdata/README releng/11.4/contrib/tzdata/africa releng/11.4/contrib/tzdata/antarctica releng/11.4/contrib/tzdata/asia releng/11.4/contrib/tzdata/australasia releng/11.4/contrib/tzdata/backzone releng/11.4/contrib/tzdata/europe releng/11.4/contrib/tzdata/leap-seconds.list releng/11.4/contrib/tzdata/leapseconds releng/11.4/contrib/tzdata/leapseconds.awk releng/11.4/contrib/tzdata/northamerica releng/11.4/contrib/tzdata/southamerica releng/11.4/contrib/tzdata/theory.html releng/11.4/contrib/tzdata/version releng/11.4/contrib/tzdata/ziguard.awk releng/11.4/contrib/tzdata/zishrink.awk releng/11.4/contrib/tzdata/zoneinfo2tdf.pl releng/12.1/contrib/tzdata/Makefile releng/12.1/contrib/tzdata/NEWS releng/12.1/contrib/tzdata/README releng/12.1/contrib/tzdata/africa releng/12.1/contrib/tzdata/antarctica releng/12.1/contrib/tzdata/asia releng/12.1/contrib/tzdata/australasia releng/12.1/contrib/tzdata/backzone releng/12.1/contrib/tzdata/europe releng/12.1/contrib/tzdata/leap-seconds.list releng/12.1/contrib/tzdata/leapseconds releng/12.1/contrib/tzdata/leapseconds.awk releng/12.1/contrib/tzdata/northamerica releng/12.1/contrib/tzdata/southamerica releng/12.1/contrib/tzdata/theory.html releng/12.1/contrib/tzdata/version releng/12.1/contrib/tzdata/ziguard.awk releng/12.1/contrib/tzdata/zishrink.awk releng/12.1/contrib/tzdata/zoneinfo2tdf.pl releng/12.2/contrib/tzdata/Makefile releng/12.2/contrib/tzdata/NEWS releng/12.2/contrib/tzdata/README releng/12.2/contrib/tzdata/africa releng/12.2/contrib/tzdata/antarctica releng/12.2/contrib/tzdata/asia releng/12.2/contrib/tzdata/australasia releng/12.2/contrib/tzdata/backzone releng/12.2/contrib/tzdata/europe releng/12.2/contrib/tzdata/leap-seconds.list releng/12.2/contrib/tzdata/leapseconds releng/12.2/contrib/tzdata/leapseconds.awk releng/12.2/contrib/tzdata/northamerica releng/12.2/contrib/tzdata/southamerica releng/12.2/contrib/tzdata/theory.html releng/12.2/contrib/tzdata/version releng/12.2/contrib/tzdata/ziguard.awk releng/12.2/contrib/tzdata/zishrink.awk releng/12.2/contrib/tzdata/zoneinfo2tdf.pl Modified: releng/11.4/contrib/tzdata/Makefile ============================================================================== --- releng/11.4/contrib/tzdata/Makefile Tue Dec 1 19:35:48 2020 (r368250) +++ releng/11.4/contrib/tzdata/Makefile Tue Dec 1 19:35:48 2020 (r368251) @@ -22,13 +22,13 @@ BUGEMAIL= tz@iana.org # DATAFORM= main # To wait even longer for new features, use: # DATAFORM= rearguard +# Rearguard users might also want "ZFLAGS = -b fat"; see below. DATAFORM= main # Change the line below for your timezone (after finding the one you want in # one of the $(TDATA) source files, or adding it to a source file). # Alternatively, if you discover you've got the wrong timezone, you can just -# zic -l rightzone -# to correct things. +# 'zic -l -' to remove it, or 'zic -l rightzone' to change it. # Use the command # make zonenames # to get a list of the values you can use for LOCALTIME. @@ -37,33 +37,30 @@ LOCALTIME= GMT # The POSIXRULES macro controls interpretation of nonstandard and obsolete # POSIX-like TZ settings like TZ='EET-2EEST' that lack DST transition rules. -# In the reference implementation, if you want something other than Eastern -# United States time as a template for handling these settings, you can -# change the line below (after finding the timezone you want in the -# one of the $(TDATA) source files, or adding it to a source file). -# A setting like TZ='EET-2EEST' is supposed to use the rules in the -# template file to determine "spring forward" and "fall back" days and -# times; the environment variable itself specifies UT offsets of standard and -# daylight saving time. -# Alternatively, if you discover you've got the wrong timezone, you can just -# zic -p rightzone -# to correct things. -# Use the command -# make zonenames -# to get a list of the values you can use for POSIXRULES. +# Such a setting uses the rules in a template file to determine +# "spring forward" and "fall back" days and times; the environment +# variable itself specifies UT offsets of standard and daylight saving time. # -# If POSIXRULES is empty, no template is installed; this is the intended -# future default for POSIXRULES. +# If POSIXRULES is '-', no template is installed; this is the default. # -# Nonempty POSIXRULES is obsolete and should not be relied on, because: +# Any other value for POSIXRULES is obsolete and should not be relied on, as: # * It does not work correctly in popular implementations such as GNU/Linux. # * It does not work in the tzdb implementation for timestamps after 2037. # * It is incompatible with 'zic -b slim' if POSIXRULES specifies transitions # at standard time or UT rather than at local time. # In short, software should avoid ruleless settings like TZ='EET-2EEST' # and so should not depend on the value of POSIXRULES. +# +# If, despite the above, you want a template for handling these settings, +# you can change the line below (after finding the timezone you want in the +# one of the $(TDATA) source files, or adding it to a source file). +# Alternatively, if you discover you've got the wrong timezone, you can just +# 'zic -p -' to remove it, or 'zic -p rightzone' to change it. +# Use the command +# make zonenames +# to get a list of the values you can use for POSIXRULES. -POSIXRULES= America/New_York +POSIXRULES= - # Also see TZDEFRULESTRING below, which takes effect only # if the time zone files cannot be accessed. @@ -172,9 +169,6 @@ TZDATA_TEXT= leapseconds tzdata.zi # For backward-compatibility links for old zone names, use # BACKWARD= backward -# If you also want the link US/Pacific-New, even though it is confusing -# and is planned to be removed from the database eventually, use -# BACKWARD= backward pacificnew # To omit these links, use # BACKWARD= @@ -192,10 +186,6 @@ PACKRATDATA= UTF8_LOCALE= en_US.utf8 -# Since "." may not be in PATH... - -YEARISTYPE= ./yearistype - # Non-default libraries needed to link. LDLIBS= @@ -253,13 +243,12 @@ LDLIBS= # other than simply getting garbage data # -DUSE_LTZ=0 to build zdump with the system time zone library # Also set TZDOBJS=zdump.o and CHECK_TIME_T_ALTERNATIVES= below. -# -DZIC_BLOAT_DEFAULT=\"slim\" to default zic's -b option to "slim", and -# similarly for "fat". Fat TZif files work around incompatibilities +# -DZIC_BLOAT_DEFAULT=\"fat\" to default zic's -b option to "fat", and +# similarly for "slim". Fat TZif files work around incompatibilities # and bugs in some TZif readers, notably readers that mishandle 64-bit # data in TZif files. Slim TZif files are more efficient and do not # work around these incompatibilities and bugs. If not given, the -# current default is "fat" but this is intended to change as readers -# requiring fat files often mishandle timestamps after 2037 anyway. +# default is "slim". # -DZIC_MAX_ABBR_LEN_WO_WARN=3 # (or some other number) to set the maximum time zone abbreviation length # that zic will accept without a warning (the default is 6) @@ -333,9 +322,8 @@ GCC_DEBUG_FLAGS = -DGCC_LINT -g3 -O3 -fno-common \ # add # -DSTD_INSPIRED # to the end of the "CFLAGS=" line. This arranges for the functions -# "tzsetwall", "offtime", "timelocal", "timegm", "timeoff", +# "offtime", "timelocal", "timegm", "timeoff", # "posix2time", and "time2posix" to be added to the time conversion library. -# "tzsetwall" is deprecated and is intended to be removed soon; see NEWS. # "offtime" is like "gmtime" except that it accepts a second (long) argument # that gives an offset to add to the time_t when converting it. # "timelocal" is equivalent to "mktime". @@ -395,7 +383,7 @@ ZIC= $(zic) $(ZFLAGS) # To shrink the size of installed TZif files, # append "-r @N" to omit data before N-seconds-after-the-Epoch. -# You can also append "-b slim" if that is not already the default; +# To grow the files and work around older application bugs, append "-b fat"; # see ZIC_BLOAT_DEFAULT above. # See the zic man page for more about -b and -r. ZFLAGS= @@ -424,26 +412,6 @@ CURL= curl # Name of GNU Privacy Guard , used to sign distributions. GPG= gpg -# The path where SGML DTDs are kept and the catalog file(s) to use when -# validating HTML 4.01. The default should work on both Debian and Red Hat. -SGML_TOPDIR= /usr -SGML_DTDDIR= $(SGML_TOPDIR)/share/xml/w3c-sgml-lib/schema/dtd -SGML_SEARCH_PATH= $(SGML_DTDDIR)/REC-html401-19991224 -SGML_CATALOG_FILES= \ - $(SGML_TOPDIR)/share/doc/w3-recs/html/www.w3.org/TR/1999/REC-html401-19991224/HTML4.cat:$(SGML_TOPDIR)/share/sgml/html/4.01/HTML4.cat - -# The name, arguments and environment of a program to validate HTML 4.01. -# See for a validator, and -# for a validation library. -# Set VALIDATE=':' if you do not have such a program. -VALIDATE = nsgmls -VALIDATE_FLAGS = -s -B -wall -wno-unused-param -VALIDATE_ENV = \ - SGML_CATALOG_FILES='$(SGML_CATALOG_FILES)' \ - SGML_SEARCH_PATH='$(SGML_SEARCH_PATH)' \ - SP_CHARSET_FIXED=YES \ - SP_ENCODING=UTF-8 - # This expensive test requires USE_LTZ. # To suppress it, define this macro to be empty. CHECK_TIME_T_ALTERNATIVES = check_time_t_alternatives @@ -538,8 +506,8 @@ DOCS= $(MANS) date.1 $(MANTXTS) $(WEB_PAGES) PRIMARY_YDATA= africa antarctica asia australasia \ europe northamerica southamerica YDATA= $(PRIMARY_YDATA) etcetera -NDATA= systemv factory -TDATA_TO_CHECK= $(YDATA) $(NDATA) backward pacificnew +NDATA= factory +TDATA_TO_CHECK= $(YDATA) $(NDATA) backward TDATA= $(YDATA) $(NDATA) $(BACKWARD) ZONETABLES= zone1970.tab zone.tab TABDATA= iso3166.tab $(TZDATA_TEXT) $(ZONETABLES) @@ -547,7 +515,7 @@ LEAP_DEPS= leapseconds.awk leap-seconds.list TZDATA_ZI_DEPS= ziguard.awk zishrink.awk version $(TDATA) $(PACKRATDATA) DSTDATA_ZI_DEPS= ziguard.awk $(TDATA) $(PACKRATDATA) DATA= $(TDATA_TO_CHECK) backzone iso3166.tab leap-seconds.list \ - leapseconds yearistype.sh $(ZONETABLES) + leapseconds $(ZONETABLES) AWK_SCRIPTS= checklinks.awk checktab.awk leapseconds.awk \ ziguard.awk zishrink.awk MISC= $(AWK_SCRIPTS) zoneinfo2tdf.pl @@ -573,12 +541,10 @@ VERSION_DEPS= \ etcetera europe factory iso3166.tab \ leap-seconds.list leapseconds.awk localtime.c \ newctime.3 newstrftime.3 newtzset.3 northamerica \ - pacificnew private.h \ - southamerica strftime.c systemv theory.html \ + private.h southamerica strftime.c theory.html \ time2posix.3 tz-art.html tz-how-to.html tz-link.html \ tzfile.5 tzfile.h tzselect.8 tzselect.ksh \ - workman.sh yearistype.sh \ - zdump.8 zdump.c zic.8 zic.c \ + workman.sh zdump.8 zdump.c zic.8 zic.c \ ziguard.awk zishrink.awk \ zone.tab zone1970.tab zoneinfo2tdf.pl @@ -587,7 +553,7 @@ VERSION_DEPS= \ SHELL= /bin/sh -all: tzselect yearistype zic zdump libtz.a $(TABDATA) \ +all: tzselect zic zdump libtz.a $(TABDATA) \ vanguard.zi main.zi rearguard.zi ALL: all date $(ENCHILADA) @@ -657,10 +623,6 @@ zdump: $(TZDOBJS) zic: $(TZCOBJS) $(CC) -o $@ $(CFLAGS) $(LDFLAGS) $(TZCOBJS) $(LDLIBS) -yearistype: yearistype.sh - cp yearistype.sh yearistype - chmod +x yearistype - leapseconds: $(LEAP_DEPS) $(AWK) -v EXPIRES_LINE=$(EXPIRES_LINE) \ -f leapseconds.awk leap-seconds.list >$@.out @@ -675,10 +637,9 @@ INSTALLARGS = \ PACKRATDATA='$(PACKRATDATA)' \ TZDEFAULT='$(TZDEFAULT)' \ TZDIR='$(TZDIR)' \ - YEARISTYPE='$(YEARISTYPE)' \ ZIC='$(ZIC)' -INSTALL_DATA_DEPS = zic leapseconds yearistype tzdata.zi +INSTALL_DATA_DEPS = zic leapseconds tzdata.zi # 'make install_data' installs one set of TZif files. install_data: $(INSTALL_DATA_DEPS) @@ -793,7 +754,7 @@ check_character_set: $(ENCHILADA) ! grep -Env $(SAFE_LINE)'|^UNUSUAL_OK_'$(OK_CHAR)'*$$' \ Makefile && \ ! grep -Env $(SAFE_SHARP_LINE) $(TDATA_TO_CHECK) backzone \ - leapseconds yearistype.sh zone.tab && \ + leapseconds zone.tab && \ ! grep -Env $(OK_LINE) $(ENCHILADA); \ } touch $@ @@ -845,15 +806,13 @@ check_tzs: $(TZS) $(TZS_NEW) check_web: $(CHECK_WEB_PAGES) check_theory.html: theory.html check_tz-art.html: tz-art.html +check_tz-how-to.html: tz-how-to.html check_tz-link.html: tz-link.html -check_theory.html check_tz-art.html check_tz-link.html: +check_theory.html check_tz-art.html check_tz-how-to.html check_tz-link.html: $(CURL) -sS --url https://validator.w3.org/nu/ -F out=gnu \ -F file=@$$(expr $@ : 'check_\(.*\)') -o $@.out && \ test ! -s $@.out || { cat $@.out; exit 1; } mv $@.out $@ -check_tz-how-to.html: tz-how-to.html - $(VALIDATE_ENV) $(VALIDATE) $(VALIDATE_FLAGS) tz-how-to.html - touch $@ # Check that zishrink.awk does not alter the data, and that ziguard.awk # preserves main-format data. @@ -883,7 +842,7 @@ clean_misc: rm -fr check_*.dir rm -f *.o *.out $(TIME_T_ALTERNATIVES) \ check_* core typecheck_* \ - date tzselect version.h zdump zic yearistype libtz.a + date tzselect version.h zdump zic libtz.a clean: clean_misc rm -fr *.dir tzdb-*/ rm -f *.zi $(TZS_NEW) @@ -1063,10 +1022,14 @@ tzdata$(VERSION)-rearguard.tar.gz: rearguard.zi set-ti done sed '1s/$$/-rearguard/' \ tzdata$(VERSION)-rearguard.dir/version + : The dummy pacificnew pacifies TZUpdater 2.3.1 and earlier. + TZ=UTC0 touch -mt 202010122253.00 \ + tzdata$(VERSION)-rearguard.dir/pacificnew touch -cmr version tzdata$(VERSION)-rearguard.dir/version LC_ALL=C && export LC_ALL && \ (cd tzdata$(VERSION)-rearguard.dir && \ - tar $(TARFLAGS) -cf - $(COMMON) $(DATA) $(MISC) | \ + tar $(TARFLAGS) -cf - \ + $(COMMON) $(DATA) $(MISC) pacificnew | \ gzip $(GZIPFLAGS)) >$@.out mv $@.out $@ Modified: releng/11.4/contrib/tzdata/NEWS ============================================================================== --- releng/11.4/contrib/tzdata/NEWS Tue Dec 1 19:35:48 2020 (r368250) +++ releng/11.4/contrib/tzdata/NEWS Tue Dec 1 19:35:48 2020 (r368251) @@ -1,5 +1,114 @@ News for the tz database +Release 2020d - 2020-10-21 11:24:13 -0700 + + Briefly: + Palestine ends DST earlier than predicted, on 2020-10-24. + + Changes to past and future timestamps + + Palestine ends DST on 2020-10-24 at 01:00, instead of 2020-10-31 + as previously predicted (thanks to Sharef Mustafa.) Its + 2019-10-26 fall-back was at 00:00, not 01:00 (thanks to Steffen + Thorsen.) Its 2015-10-23 transition was at 01:00 not 00:00, and + its spring 2020 transition was on March 28 at 00:00, not March 27 + (thanks to Pierre Cashon.) This affects Asia/Gaza and + Asia/Hebron. Assume future spring and fall transitions will be on + the Saturday preceding the last Sunday of March and October, + respectively. + + +Release 2020c - 2020-10-16 11:15:53 -0700 + + Briefly: + Fiji starts DST later than usual, on 2020-12-20. + + Changes to future timestamps + + Fiji will start DST on 2020-12-20, instead of 2020-11-08 as + previously predicted. DST will still end on 2021-01-17. + (Thanks to Raymond Kumar and Alan Mintz.) Assume for now that + the later-than-usual start date is a one-time departure from the + recent pattern. + + Changes to build procedure + + Rearguard tarballs now contain an empty file pacificnew. + Some older downstream software expects this file to exist. + (Problem reported by Mike Cullinan.) + + +Release 2020b - 2020-10-06 18:35:04 -0700 + + Briefly: + Revised predictions for Morocco's changes starting in 2023. + Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. + Macquarie Island has stayed in sync with Tasmania since 2011. + Casey, Antarctica is at +08 in winter and +11 in summer. + zic no longer supports -y, nor the TYPE field of Rules. + + Changes to future timestamps + + Morocco's spring-forward after Ramadan is now predicted to occur + no sooner than two days after Ramadan, instead of one day. + (Thanks to Milamber.) The first altered prediction is for 2023, + now predicted to spring-forward on April 30 instead of April 23. + + Changes to past and future timestamps + + Casey Station, Antarctica has been using +08 in winter and +11 in + summer since 2018. The most recent transition from +08 to +11 was + 2020-10-04 00:01. Also, Macquarie Island has been staying in + sync with Tasmania since 2011. (Thanks to Steffen Thorsen.) + + Changes to past and future time zone abbreviations and DST flags + + Canada's Yukon, represented by America/Whitehorse and + America/Dawson, changes its time zone rules from -08/-07 to + permanent -07 on 2020-11-01, not on 2020-03-08 as 2020a had it. + This change affects only the time zone abbreviation (MST vs PDT) + and daylight saving flag for the period between the two dates. + (Thanks to Andrew G. Smith.) + + Changes to past timestamps + + Correct several transitions for Hungary for 1918/1983. + For example, the 1983-09-25 fall-back was at 01:00, not 03:00. + (Thanks to Géza Nyáry.) Also, the 1890 transition to standard + time was on 11-01, not 10-01 (thanks to Michael Deckers). + + The 1891 French transition was on March 16, not March 15. The + 1911-03-11 French transition was at midnight, not a minute later. + Monaco's transitions were on 1892-06-01 and 1911-03-29, not + 1891-03-15 and 1911-03-11. (Thanks to Michael Deckers.) + + Changes to code + + Support for zic's long-obsolete '-y YEARISTYPE' option has been + removed and, with it, so has support for the TYPE field in Rule + lines, which is now reserved for compatibility with earlier zic. + These features were previously deprecated in release 2015f. + (Thanks to Tim Parenti.) + + zic now defaults to '-b slim' instead of to '-b fat'. + + zic's new '-l -' and '-p -' options uninstall any existing + localtime and posixrules files, respectively. + + The undocumented and ineffective tzsetwall function has been + removed. + + Changes to build procedure + + The Makefile now defaults POSIXRULES to '-', so the posixrules + feature (obsolete as of 2019b) is no longer installed by default. + + Changes to documentation and commentary + + The long-obsolete files pacificnew, systemv, and yearistype.sh have + been removed from the distribution. (Thanks to Tim Parenti.) + + Release 2020a - 2020-04-23 16:03:47 -0700 Briefly: Modified: releng/11.4/contrib/tzdata/README ============================================================================== --- releng/11.4/contrib/tzdata/README Tue Dec 1 19:35:48 2020 (r368250) +++ releng/11.4/contrib/tzdata/README Tue Dec 1 19:35:48 2020 (r368251) @@ -20,6 +20,8 @@ substituting your desired installation directory for " make TOPDIR=$HOME/tzdir install $HOME/tzdir/usr/bin/zdump -v America/Los_Angeles +See the file tz-how-to.html for examples of how to read the data files. + This database of historical local time information has several goals: * Provide a compendium of data about the history of civil time that Modified: releng/11.4/contrib/tzdata/africa ============================================================================== --- releng/11.4/contrib/tzdata/africa Tue Dec 1 19:35:48 2020 (r368250) +++ releng/11.4/contrib/tzdata/africa Tue Dec 1 19:35:48 2020 (r368251) @@ -64,7 +64,7 @@ # Corrections are welcome. # Algeria -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Algeria 1916 only - Jun 14 23:00s 1:00 S Rule Algeria 1916 1919 - Oct Sun>=1 23:00s 0 - Rule Algeria 1917 only - Mar 24 23:00s 1:00 S @@ -87,10 +87,9 @@ Rule Algeria 1978 only - Mar 24 1:00 1:00 S Rule Algeria 1978 only - Sep 22 3:00 0 - Rule Algeria 1980 only - Apr 25 0:00 1:00 S Rule Algeria 1980 only - Oct 31 2:00 0 - -# Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's -# more precise 0:09:21. +# See Europe/Paris for PMT-related transitions. # Zone NAME STDOFF RULES FORMAT [UNTIL] -Zone Africa/Algiers 0:12:12 - LMT 1891 Mar 15 0:01 +Zone Africa/Algiers 0:12:12 - LMT 1891 Mar 16 0:09:21 - PMT 1911 Mar 11 # Paris Mean Time 0:00 Algeria WE%sT 1940 Feb 25 2:00 1:00 Algeria CE%sT 1946 Oct 7 @@ -176,7 +175,7 @@ Link Africa/Abidjan Atlantic/St_Helena # St Helena # Egypt was mean noon at the Great Pyramid, 2:04:30.5, but apparently this # did not apply to Cairo, Alexandria, or Port Said. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Egypt 1940 only - Jul 15 0:00 1:00 S Rule Egypt 1940 only - Oct 1 0:00 0 - Rule Egypt 1941 only - Apr 15 0:00 1:00 S @@ -411,7 +410,7 @@ Zone Africa/Cairo 2:05:09 - LMT 1900 Oct # now Ghana observed different DST regimes in different years. For # lack of better info, use Shanks except treat the minus sign as a # typo, and assume DST started in 1920 not 1936. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Ghana 1920 1942 - Sep 1 0:00 0:20 - Rule Ghana 1920 1942 - Dec 31 0:00 0 - # Zone NAME STDOFF RULES FORMAT [UNTIL] @@ -501,7 +500,7 @@ Zone Africa/Monrovia -0:43:08 - LMT 1882 # From Paul Eggert (2013-10-25): # For now, assume they're reverting to the pre-2012 rules of permanent UT +02. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Libya 1951 only - Oct 14 2:00 1:00 S Rule Libya 1952 only - Jan 1 0:00 0 - Rule Libya 1953 only - Oct 9 2:00 1:00 S @@ -624,7 +623,7 @@ Zone Africa/Tripoli 0:52:44 - LMT 1920 # "The trial ended on March 29, 2009, when the clocks moved back by one hour # at 2am (or 02:00) local time..." -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Mauritius 1982 only - Oct 10 0:00 1:00 - Rule Mauritius 1983 only - Mar 21 0:00 0 - Rule Mauritius 2008 only - Oct lastSun 2:00 1:00 - @@ -875,17 +874,30 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # https://maroc-diplomatique.net/maroc-le-retour-a-lheure-gmt-est-prevu-dimanche-prochain/ # http://aujourdhui.ma/actualite/gmt1-retour-a-lheure-normale-dimanche-prochain-1 # -# From Paul Eggert (2020-04-14): +# From Milamber (2020-05-31) +# In Morocco (where I live), the end of Ramadan (Arabic month) is followed by +# the Eid al-Fitr, and concretely it's 1 or 2 day offs for the people (with +# traditional visiting of family, big lunches/dinners, etc.). So for this +# year the astronomical calculations don't include the following 2 days off in +# the calc. These 2 days fall in a Sunday/Monday, so it's not acceptable by +# people to have a time shift during these 2 days off. Perhaps you can modify +# the (predicted) rules for next years: if the end of Ramadan is a (probable) +# Friday or Saturday (and so the 2 days off are on a weekend), the next time +# shift will be the next weekend. +# +# From Paul Eggert (2020-05-31): # For now, guess that in the future Morocco will fall back at 03:00 # the last Sunday before Ramadan, and spring forward at 02:00 the -# first Sunday after the day after Ramadan. To implement this, -# transition dates for 2021 through 2087 were determined by running -# the following program under GNU Emacs 26.3. -# (let ((islamic-year 1442)) +# first Sunday after two days after Ramadan. To implement this, +# transition dates and times for 2019 through 2087 were determined by +# running the following program under GNU Emacs 26.3. (This algorithm +# also produces the correct transition dates for 2016 through 2018, +# though the times differ due to Morocco's time zone change in 2018.) +# (let ((islamic-year 1440)) # (require 'cal-islam) # (while (< islamic-year 1511) # (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year))) -# (b (1+ (calendar-islamic-to-absolute (list 10 1 islamic-year)))) +# (b (+ 2 (calendar-islamic-to-absolute (list 10 1 islamic-year)))) # (sunday 0)) # (while (/= sunday (mod (setq a (1- a)) 7))) # (while (/= sunday (mod b 7)) @@ -900,7 +912,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # (car (cdr (cdr b))) (calendar-month-name (car b) t) (car (cdr b))))) # (setq islamic-year (+ 1 islamic-year)))) -# RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Morocco 1939 only - Sep 12 0:00 1:00 - Rule Morocco 1939 only - Nov 19 0:00 0 - Rule Morocco 1940 only - Feb 25 0:00 1:00 - @@ -951,7 +963,7 @@ Rule Morocco 2021 only - May 16 2:00 0 - Rule Morocco 2022 only - Mar 27 3:00 -1:00 - Rule Morocco 2022 only - May 8 2:00 0 - Rule Morocco 2023 only - Mar 19 3:00 -1:00 - -Rule Morocco 2023 only - Apr 23 2:00 0 - +Rule Morocco 2023 only - Apr 30 2:00 0 - Rule Morocco 2024 only - Mar 10 3:00 -1:00 - Rule Morocco 2024 only - Apr 14 2:00 0 - Rule Morocco 2025 only - Feb 23 3:00 -1:00 - @@ -967,7 +979,7 @@ Rule Morocco 2029 only - Feb 18 2:00 0 - Rule Morocco 2029 only - Dec 30 3:00 -1:00 - Rule Morocco 2030 only - Feb 10 2:00 0 - Rule Morocco 2030 only - Dec 22 3:00 -1:00 - -Rule Morocco 2031 only - Jan 26 2:00 0 - +Rule Morocco 2031 only - Feb 2 2:00 0 - Rule Morocco 2031 only - Dec 14 3:00 -1:00 - Rule Morocco 2032 only - Jan 18 2:00 0 - Rule Morocco 2032 only - Nov 28 3:00 -1:00 - @@ -983,7 +995,7 @@ Rule Morocco 2036 only - Nov 23 2:00 0 - Rule Morocco 2037 only - Oct 4 3:00 -1:00 - Rule Morocco 2037 only - Nov 15 2:00 0 - Rule Morocco 2038 only - Sep 26 3:00 -1:00 - -Rule Morocco 2038 only - Oct 31 2:00 0 - +Rule Morocco 2038 only - Nov 7 2:00 0 - Rule Morocco 2039 only - Sep 18 3:00 -1:00 - Rule Morocco 2039 only - Oct 23 2:00 0 - Rule Morocco 2040 only - Sep 2 3:00 -1:00 - @@ -999,7 +1011,7 @@ Rule Morocco 2044 only - Aug 28 2:00 0 - Rule Morocco 2045 only - Jul 9 3:00 -1:00 - Rule Morocco 2045 only - Aug 20 2:00 0 - Rule Morocco 2046 only - Jul 1 3:00 -1:00 - -Rule Morocco 2046 only - Aug 5 2:00 0 - +Rule Morocco 2046 only - Aug 12 2:00 0 - Rule Morocco 2047 only - Jun 23 3:00 -1:00 - Rule Morocco 2047 only - Jul 28 2:00 0 - Rule Morocco 2048 only - Jun 7 3:00 -1:00 - @@ -1015,7 +1027,7 @@ Rule Morocco 2052 only - Jun 2 2:00 0 - Rule Morocco 2053 only - Apr 13 3:00 -1:00 - Rule Morocco 2053 only - May 25 2:00 0 - Rule Morocco 2054 only - Apr 5 3:00 -1:00 - -Rule Morocco 2054 only - May 10 2:00 0 - +Rule Morocco 2054 only - May 17 2:00 0 - Rule Morocco 2055 only - Mar 28 3:00 -1:00 - Rule Morocco 2055 only - May 2 2:00 0 - Rule Morocco 2056 only - Mar 12 3:00 -1:00 - @@ -1031,7 +1043,7 @@ Rule Morocco 2060 only - Mar 7 2:00 0 - Rule Morocco 2061 only - Jan 16 3:00 -1:00 - Rule Morocco 2061 only - Feb 27 2:00 0 - Rule Morocco 2062 only - Jan 8 3:00 -1:00 - -Rule Morocco 2062 only - Feb 12 2:00 0 - +Rule Morocco 2062 only - Feb 19 2:00 0 - Rule Morocco 2062 only - Dec 31 3:00 -1:00 - Rule Morocco 2063 only - Feb 4 2:00 0 - Rule Morocco 2063 only - Dec 16 3:00 -1:00 - @@ -1047,7 +1059,7 @@ Rule Morocco 2067 only - Dec 11 2:00 0 - Rule Morocco 2068 only - Oct 21 3:00 -1:00 - Rule Morocco 2068 only - Dec 2 2:00 0 - Rule Morocco 2069 only - Oct 13 3:00 -1:00 - -Rule Morocco 2069 only - Nov 17 2:00 0 - +Rule Morocco 2069 only - Nov 24 2:00 0 - Rule Morocco 2070 only - Oct 5 3:00 -1:00 - Rule Morocco 2070 only - Nov 9 2:00 0 - Rule Morocco 2071 only - Sep 20 3:00 -1:00 - @@ -1063,7 +1075,7 @@ Rule Morocco 2075 only - Sep 15 2:00 0 - Rule Morocco 2076 only - Jul 26 3:00 -1:00 - Rule Morocco 2076 only - Sep 6 2:00 0 - Rule Morocco 2077 only - Jul 18 3:00 -1:00 - -Rule Morocco 2077 only - Aug 22 2:00 0 - +Rule Morocco 2077 only - Aug 29 2:00 0 - Rule Morocco 2078 only - Jul 10 3:00 -1:00 - Rule Morocco 2078 only - Aug 14 2:00 0 - Rule Morocco 2079 only - Jun 25 3:00 -1:00 - @@ -1073,13 +1085,13 @@ Rule Morocco 2080 only - Jul 21 2:00 0 - Rule Morocco 2081 only - Jun 1 3:00 -1:00 - Rule Morocco 2081 only - Jul 13 2:00 0 - Rule Morocco 2082 only - May 24 3:00 -1:00 - -Rule Morocco 2082 only - Jun 28 2:00 0 - +Rule Morocco 2082 only - Jul 5 2:00 0 - Rule Morocco 2083 only - May 16 3:00 -1:00 - Rule Morocco 2083 only - Jun 20 2:00 0 - Rule Morocco 2084 only - Apr 30 3:00 -1:00 - Rule Morocco 2084 only - Jun 11 2:00 0 - Rule Morocco 2085 only - Apr 22 3:00 -1:00 - -Rule Morocco 2085 only - May 27 2:00 0 - +Rule Morocco 2085 only - Jun 3 2:00 0 - Rule Morocco 2086 only - Apr 14 3:00 -1:00 - Rule Morocco 2086 only - May 19 2:00 0 - Rule Morocco 2087 only - Mar 30 3:00 -1:00 - @@ -1180,7 +1192,7 @@ Link Africa/Maputo Africa/Lusaka # Zambia # Use plain "WAT" and "CAT" for the time zone abbreviations, to be compatible # with Namibia's neighbors. -# RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S # Vanguard section, for zic and other parsers that support negative DST. Rule Namibia 1994 only - Mar 21 0:00 -1:00 WAT Rule Namibia 1994 2017 - Sep Sun>=1 2:00 0 CAT @@ -1303,7 +1315,7 @@ Zone Indian/Mahe 3:41:48 - LMT 1906 Jun # Victoria # See Africa/Nairobi. # South Africa -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule SA 1942 1943 - Sep Sun>=15 2:00 1:00 - Rule SA 1943 1944 - Mar Sun>=15 2:00 0 - # Zone NAME STDOFF RULES FORMAT [UNTIL] @@ -1336,7 +1348,7 @@ Link Africa/Johannesburg Africa/Mbabane # Eswatini # Abdalla of NTC, archived at: # https://mm.icann.org/pipermail/tz/2017-October/025333.html -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Sudan 1970 only - May 1 0:00 1:00 S Rule Sudan 1970 1985 - Oct 15 0:00 0 - Rule Sudan 1971 only - Apr 30 0:00 1:00 S @@ -1424,7 +1436,7 @@ Zone Africa/Juba 2:06:28 - LMT 1931 # http://www.almadenahnews.com/newss/news.php?c=118&id=38036 # http://www.worldtimezone.com/dst_news/dst_news_tunis02.html -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Tunisia 1939 only - Apr 15 23:00s 1:00 S Rule Tunisia 1939 only - Nov 18 23:00s 0 - Rule Tunisia 1940 only - Feb 25 23:00s 1:00 S @@ -1451,9 +1463,7 @@ Rule Tunisia 2005 only - Sep 30 1:00s 0 - Rule Tunisia 2006 2008 - Mar lastSun 2:00s 1:00 S Rule Tunisia 2006 2008 - Oct lastSun 2:00s 0 - -# Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's -# more precise 0:09:21. -# Shanks & Pottenger say the 1911 switch was on Mar 9; go with Howse's Mar 11. +# See Europe/Paris for PMT-related transitions. # Zone NAME STDOFF RULES FORMAT [UNTIL] Zone Africa/Tunis 0:40:44 - LMT 1881 May 12 0:09:21 - PMT 1911 Mar 11 # Paris Mean Time Modified: releng/11.4/contrib/tzdata/antarctica ============================================================================== --- releng/11.4/contrib/tzdata/antarctica Tue Dec 1 19:35:48 2020 (r368250) +++ releng/11.4/contrib/tzdata/antarctica Tue Dec 1 19:35:48 2020 (r368251) @@ -70,15 +70,30 @@ # Australian Antarctica Division informed us that Casey changed time # zone to UTC+11 in "the morning of 22nd October 2016". +# From Steffen Thorsen (2020-10-02, as corrected): +# Based on information we have received from the Australian Antarctic +# Division, Casey station and Macquarie Island station will move to Tasmanian +# daylight savings time on Sunday 4 October. This will take effect from 0001 +# hrs on Sunday 4 October 2020 and will mean Casey and Macquarie Island will +# be on the same time zone as Hobart. Some past dates too for this 3 hour +# time change back and forth between UTC+8 and UTC+11 for Casey: +# - 2018 Oct 7 4:00 - 2019 Mar 17 3:00 - 2019 Oct 4 3:00 - 2020 Mar 8 3:00 +# and now - 2020 Oct 4 0:01 + # Zone NAME STDOFF RULES FORMAT [UNTIL] -Zone Antarctica/Casey 0 - -00 1969 - 8:00 - +08 2009 Oct 18 2:00 +Zone Antarctica/Casey 0 - -00 1969 + 8:00 - +08 2009 Oct 18 2:00 11:00 - +11 2010 Mar 5 2:00 - 8:00 - +08 2011 Oct 28 2:00 + 8:00 - +08 2011 Oct 28 2:00 11:00 - +11 2012 Feb 21 17:00u - 8:00 - +08 2016 Oct 22 + 8:00 - +08 2016 Oct 22 11:00 - +11 2018 Mar 11 4:00 - 8:00 - +08 + 8:00 - +08 2018 Oct 7 4:00 + 11:00 - +11 2019 Mar 17 3:00 + 8:00 - +08 2019 Oct 4 3:00 + 11:00 - +11 2020 Mar 8 3:00 + 8:00 - +08 2020 Oct 4 0:01 + 11:00 - +11 Zone Antarctica/Davis 0 - -00 1957 Jan 13 7:00 - +07 1964 Nov 0 - -00 1969 Feb @@ -224,7 +239,7 @@ Zone Antarctica/Syowa 0 - -00 1957 Jan 29 # suggested by Bengt-Inge Larsson comment them out for now, and approximate # with only UTC and CEST. Uncomment them when 2014b is more prevalent. # -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S #Rule Troll 2005 max - Mar 1 1:00u 1:00 +01 Rule Troll 2005 max - Mar lastSun 1:00u 2:00 +02 #Rule Troll 2005 max - Oct lastSun 1:00u 1:00 +01 Modified: releng/11.4/contrib/tzdata/asia ============================================================================== --- releng/11.4/contrib/tzdata/asia Tue Dec 1 19:35:48 2020 (r368250) +++ releng/11.4/contrib/tzdata/asia Tue Dec 1 19:35:48 2020 (r368251) @@ -70,7 +70,7 @@ ############################################################################### # These rules are stolen from the 'europe' file. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule EUAsia 1981 max - Mar lastSun 1:00u 1:00 S Rule EUAsia 1979 1995 - Sep lastSun 1:00u 0 - Rule EUAsia 1996 max - Oct lastSun 1:00u 0 - @@ -114,7 +114,7 @@ Zone Asia/Kabul 4:36:48 - LMT 1890 # or # (brief) # http://www.worldtimezone.com/dst_news/dst_news_armenia03.html -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Armenia 2011 only - Mar lastSun 2:00s 1:00 - Rule Armenia 2011 only - Oct lastSun 2:00s 0 - # Zone NAME STDOFF RULES FORMAT [UNTIL] @@ -140,7 +140,7 @@ Zone Asia/Yerevan 2:58:00 - LMT 1924 May 2 # http://vestnikkavkaza.net/news/Azerbaijani-Cabinet-of-Ministers-cancels-daylight-saving-time.html # http://en.apa.az/xeber_azerbaijan_abolishes_daylight_savings_ti_240862.html -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Azer 1997 2015 - Mar lastSun 4:00 1:00 - Rule Azer 1997 2015 - Oct lastSun 5:00 0 - # Zone NAME STDOFF RULES FORMAT [UNTIL] @@ -227,7 +227,7 @@ Zone Asia/Baku 3:19:24 - LMT 1924 May 2 # http://www.thedailystar.net/newDesign/latest_news.php?nid=22817 # http://www.worldtimezone.com/dst_news/dst_news_bangladesh06.html -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Dhaka 2009 only - Jun 19 23:00 1:00 - Rule Dhaka 2009 only - Dec 31 24:00 0 - @@ -303,7 +303,7 @@ Zone Asia/Yangon 6:24:47 - LMT 1880 # or Rangoo # generally esteemed a success, it was announced early in 1920 that it would # not be repeated." # -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Shang 1919 only - Apr 12 24:00 1:00 D Rule Shang 1919 only - Sep 30 24:00 0 S @@ -399,7 +399,7 @@ Rule Shang 1919 only - Sep 30 24:00 0 S # the Yangtze river delta area during that period of time although the scope # of such use will need to be investigated to determine. # -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Shang 1940 only - Jun 1 0:00 1:00 D Rule Shang 1940 only - Oct 12 24:00 0 S Rule Shang 1941 only - Mar 15 0:00 1:00 D @@ -462,7 +462,7 @@ Rule Shang 1948 1949 - Sep 30 24:00 0 S #plan # to begin on 17 April. # http://data.people.com.cn/pic/101p/1988/04/1988041201.jpg -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule PRC 1986 only - May 4 2:00 1:00 D Rule PRC 1986 1991 - Sep Sun>=11 2:00 0 S Rule PRC 1987 1991 - Apr Sun>=11 2:00 1:00 D @@ -846,7 +846,7 @@ Zone Asia/Urumqi 5:50:20 - LMT 1928 # or dates for the 1942 and 1945 transitions. # The Japanese occupation of Hong Kong began 1941-12-25. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule HK 1946 only - Apr 21 0:00 1:00 S Rule HK 1946 only - Dec 1 3:30s 0 - Rule HK 1947 only - Apr 13 3:30s 1:00 S @@ -973,7 +973,7 @@ Zone Asia/Hong_Kong 7:36:42 - LMT 1904 Oct 30 0:36:42 # until 1945-09-21 at 01:00, overriding Shanks & Pottenger. # Likewise, use Yu-Cheng Chuang's data for DST in Taiwan. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Taiwan 1946 only - May 15 0:00 1:00 D Rule Taiwan 1946 only - Oct 1 0:00 0 S Rule Taiwan 1947 only - Apr 15 0:00 1:00 D @@ -1099,7 +1099,7 @@ Zone Asia/Taipei 8:06:00 - LMT 1896 Jan 1 # The 1904 decree says that Macau changed from the meridian of # Fortaleza do Monte, presumably the basis for the 7:34:10 for LMT. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Macau 1942 1943 - Apr 30 23:00 1:00 - Rule Macau 1942 only - Nov 17 23:00 0 - Rule Macau 1943 only - Sep 30 23:00 0 S @@ -1157,7 +1157,7 @@ Zone Asia/Macau 7:34:10 - LMT 1904 Oct 30 # Cyprus to remain united in time. Cyprus Mail 2017-10-17. # https://cyprus-mail.com/2017/10/17/cyprus-remain-united-time/ -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Cyprus 1975 only - Apr 13 0:00 1:00 S Rule Cyprus 1975 only - Oct 12 0:00 0 - Rule Cyprus 1976 only - May 15 0:00 1:00 S @@ -1534,7 +1534,7 @@ Zone Asia/Jayapura 9:22:48 - LMT 1932 Nov # be changed back to its previous state on the 24 hours of the # thirtieth day of Shahrivar. # -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Iran 1978 1980 - Mar 20 24:00 1:00 - Rule Iran 1978 only - Oct 20 24:00 0 - Rule Iran 1979 only - Sep 18 24:00 0 - @@ -1676,7 +1676,7 @@ Zone Asia/Tehran 3:25:44 - LMT 1916 # We have published a short article in English about the change: # https://www.timeanddate.com/news/time/iraq-dumps-daylight-saving.html -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Iraq 1982 only - May 1 0:00 1:00 - Rule Iraq 1982 1984 - Oct 1 0:00 0 - Rule Iraq 1983 only - Mar 31 0:00 1:00 - @@ -1699,6 +1699,10 @@ Zone Asia/Baghdad 2:57:40 - LMT 1890 # Israel +# For more info about the motivation for DST in Israel, see: +# Barak Y. Israel's Daylight Saving Time controversy. Israel Affairs. +# 2020-08-11. https://doi.org/10.1080/13537121.2020.1806564 + # From Ephraim Silverberg (2001-01-11): # # I coined "IST/IDT" circa 1988. Until then there were three @@ -1720,7 +1724,7 @@ Zone Asia/Baghdad 2:57:40 - LMT 1890 # family is from India). # From Shanks & Pottenger: -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Zion 1940 only - Jun 1 0:00 1:00 D Rule Zion 1942 1944 - Nov 1 0:00 0 S Rule Zion 1943 only - Apr 1 2:00 1:00 D @@ -1812,7 +1816,7 @@ Rule Zion 1988 only - Sep 4 0:00 0 S # (except in 2002) is three nights before Yom Kippur [Day of Atonement] # (the eve of the 7th of Tishrei in the lunar Hebrew calendar). -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Zion 1989 only - Apr 30 0:00 1:00 D Rule Zion 1989 only - Sep 3 0:00 0 S Rule Zion 1990 only - Mar 25 0:00 1:00 D @@ -1828,7 +1832,7 @@ Rule Zion 1993 only - Sep 5 0:00 0 S # Ministry of Interior, Jerusalem, Israel. The spokeswoman can be reached by # calling the office directly at 972-2-6701447 or 972-2-6701448. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Zion 1994 only - Apr 1 0:00 1:00 D Rule Zion 1994 only - Aug 28 0:00 0 S Rule Zion 1995 only - Mar 31 0:00 1:00 D @@ -1848,7 +1852,7 @@ Rule Zion 1995 only - Sep 3 0:00 0 S # # where YYYY is the relevant year. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Zion 1996 only - Mar 15 0:00 1:00 D Rule Zion 1996 only - Sep 16 0:00 0 S Rule Zion 1997 only - Mar 21 0:00 1:00 D @@ -1871,7 +1875,7 @@ Rule Zion 1999 only - Sep 3 2:00 0 S # # ftp://ftp.cs.huji.ac.il/pub/tz/announcements/2000-2004.ps.gz -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Zion 2000 only - Apr 14 2:00 1:00 D Rule Zion 2000 only - Oct 6 1:00 0 S Rule Zion 2001 only - Apr 9 1:00 1:00 D @@ -1893,7 +1897,7 @@ Rule Zion 2004 only - Sep 22 1:00 0 S # # ftp://ftp.cs.huji.ac.il/pub/tz/announcements/2005+beyond.ps -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Zion 2005 2012 - Apr Fri<=1 2:00 1:00 D Rule Zion 2005 only - Oct 9 2:00 0 S Rule Zion 2006 only - Oct 1 2:00 0 S @@ -1913,7 +1917,7 @@ Rule Zion 2012 only - Sep 23 2:00 0 S # As of 2013, DST starts at 02:00 on the Friday before the last Sunday # in March. DST ends at 02:00 on the last Sunday of October. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Zion 2013 max - Mar Fri>=23 2:00 1:00 D Rule Zion 2013 max - Oct lastSun 2:00 0 S @@ -2013,7 +2017,7 @@ Zone Asia/Jerusalem 2:20:54 - LMT 1880 # do in any POSIX or C platform. The "25:00" assumes zic from 2007 or later, # which should be safe now. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Japan 1948 only - May Sat>=1 24:00 1:00 D Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S Rule Japan 1949 only - Apr Sat>=1 24:00 1:00 D @@ -2090,7 +2094,7 @@ Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u # From Paul Eggert (2013-12-11): # As Steffen suggested, consider the past 21-month experiment to be DST. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Jordan 1973 only - Jun 6 0:00 1:00 S Rule Jordan 1973 1975 - Oct 1 0:00 0 - Rule Jordan 1974 1977 - May 1 0:00 1:00 S @@ -2416,7 +2420,7 @@ Zone Asia/Oral 3:25:24 - LMT 1924 May 2 # or Ural'sk # Our government cancels daylight saving time 6th of August 2005. # From 2005-08-12 our GMT-offset is +6, w/o any daylight saving. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Kyrgyz 1992 1996 - Apr Sun>=7 0:00s 1:00 - Rule Kyrgyz 1992 1996 - Sep lastSun 0:00 0 - Rule Kyrgyz 1997 2005 - Mar lastSun 2:30 1:00 - @@ -2472,7 +2476,7 @@ Zone Asia/Bishkek 4:58:24 - LMT 1924 May 2 # follow and continued to use GMT+9:00 for interoperability. -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule ROK 1948 only - Jun 1 0:00 1:00 D Rule ROK 1948 only - Sep 12 24:00 0 S Rule ROK 1949 only - Apr 3 0:00 1:00 D @@ -2560,7 +2564,7 @@ Zone Asia/Pyongyang 8:23:00 - LMT 1908 Apr 1 # Lebanon -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Lebanon 1920 only - Mar 28 0:00 1:00 S Rule Lebanon 1920 only - Oct 25 0:00 0 - Rule Lebanon 1921 only - Apr 3 0:00 1:00 S @@ -2590,7 +2594,7 @@ Zone Asia/Beirut 2:22:00 - LMT 1880 2:00 Lebanon EE%sT # Malaysia -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule NBorneo 1935 1941 - Sep 14 0:00 0:20 - Rule NBorneo 1935 1941 - Dec 14 0:00 0 - # @@ -2735,7 +2739,7 @@ Zone Indian/Maldives 4:54:00 - LMT 1880 # Malé # September daylight saving time ends. Source: # http://zasag.mn/news/view/8969 -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Mongol 1983 1984 - Apr 1 0:00 1:00 - Rule Mongol 1983 only - Oct 1 0:00 0 - # Shanks & Pottenger and IATA SSIM say 1990s switches occurred at 00:00, @@ -2923,7 +2927,7 @@ Zone Asia/Kathmandu 5:41:16 - LMT 1920 # "People laud PM's announcement to end DST" # http://www.app.com.pk/en_/index.php?option=com_content&task=view&id=99374&Itemid=2 -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Pakistan 2002 only - Apr Sun>=2 0:00 1:00 S Rule Pakistan 2002 only - Oct Sun>=2 0:00 0 - Rule Pakistan 2008 only - Jun 1 0:00 1:00 S @@ -3217,15 +3221,42 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # From Sharef Mustafa (2019-10-18): # Palestine summer time will end on midnight Oct 26th 2019 ... -# http://www.palestinecabinet.gov.ps/website/ar/ViewDetails?ID=43948 # -# From Paul Eggert (2019-04-10): -# For now, guess spring-ahead transitions are March's last Friday at 00:00. +# From Steffen Thorsen (2020-10-20): +# Some sources such as these say, and display on clocks, that DST ended at +# midnight last year... +# https://www.amad.ps/ar/post/320006 # -# From Tim Parenti (2016-10-19): -# Predict fall transitions on October's last Saturday at 01:00 from now on. +# From Tim Parenti (2020-10-20): +# The report of the Palestinian Cabinet meeting of 2019-10-14 confirms +# a decision on (translated): "The start of the winter time in Palestine, by +# delaying the clock by sixty minutes, starting from midnight on Friday / +# Saturday corresponding to 26/10/2019." +# http://www.palestinecabinet.gov.ps/portal/meeting/details/43948 -# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +# From Sharef Mustafa (2020-10-20): +# As per the palestinian cabinet announcement yesterday , the day light saving +# shall [end] on Oct 24th 2020 at 01:00AM by delaying the clock by 60 minutes. +# http://www.palestinecabinet.gov.ps/portal/Meeting/Details/51584 + +# From Tim Parenti (2020-10-20): +# Predict future fall transitions at 01:00 on the Saturday preceding October's +# last Sunday (i.e., Sat>=24). This is consistent with our predictions since +# 2016, although the time of the change differed slightly in 2019. + +# From Pierre Cashon (2020-10-20): +# The summer time this year started on March 28 at 00:00. +# https://wafa.ps/ar_page.aspx?id=GveQNZa872839351758aGveQNZ +# http://www.palestinecabinet.gov.ps/portal/meeting/details/50284 +# The winter time in 2015 started on October 23 at 01:00. +# https://wafa.ps/ar_page.aspx?id=CgpCdYa670694628582aCgpCdY +# http://www.palestinecabinet.gov.ps/portal/meeting/details/27583 +# +# From Paul Eggert (2019-04-10): +# For now, guess spring-ahead transitions are at 00:00 on the Saturday +# preceding March's last Sunday (i.e., Sat>=24). + +# Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule EgyptAsia 1957 only - May 10 0:00 1:00 S Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 - *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-releng@freebsd.org Tue Dec 1 19:36:38 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 57A3F4B1FFD; Tue, 1 Dec 2020 19:36:38 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClsmQ222Lz4lmd; Tue, 1 Dec 2020 19:36:38 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3867C1AED9; Tue, 1 Dec 2020 19:36:38 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B1Jackv004104; Tue, 1 Dec 2020 19:36:38 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B1Jabvs004087; Tue, 1 Dec 2020 19:36:37 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202012011936.0B1Jabvs004087@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 1 Dec 2020 19:36:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r368252 - releng/12.2/sbin/ipfw X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: releng/12.2/sbin/ipfw X-SVN-Commit-Revision: 368252 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 19:36:38 -0000 Author: gordon Date: Tue Dec 1 19:36:36 2020 New Revision: 368252 URL: https://svnweb.freebsd.org/changeset/base/368252 Log: Fix uninitialized variable in ipfw. Approved by: so Security: FreeBSD-EN-20:21.ipfw Modified: releng/12.2/sbin/ipfw/dummynet.c releng/12.2/sbin/ipfw/ipfw2.c releng/12.2/sbin/ipfw/nat64lsn.c releng/12.2/sbin/ipfw/tables.c Modified: releng/12.2/sbin/ipfw/dummynet.c ============================================================================== --- releng/12.2/sbin/ipfw/dummynet.c Tue Dec 1 19:35:48 2020 (r368251) +++ releng/12.2/sbin/ipfw/dummynet.c Tue Dec 1 19:36:36 2020 (r368252) @@ -1279,8 +1279,8 @@ ipfw_config_pipe(int ac, char **av) struct dn_profile *pf = NULL; struct ipfw_flow_id *mask = NULL; #ifdef NEW_AQM - struct dn_extra_parms *aqm_extra; - struct dn_extra_parms *sch_extra; + struct dn_extra_parms *aqm_extra = NULL; + struct dn_extra_parms *sch_extra = NULL; int lmax_extra; #endif Modified: releng/12.2/sbin/ipfw/ipfw2.c ============================================================================== --- releng/12.2/sbin/ipfw/ipfw2.c Tue Dec 1 19:35:48 2020 (r368251) +++ releng/12.2/sbin/ipfw/ipfw2.c Tue Dec 1 19:36:36 2020 (r368252) @@ -1618,6 +1618,9 @@ print_instruction(struct buf_pr *bp, const struct form case O_TCPWIN: s = "tcpwin"; break; + default: + s = ""; + break; } bprintf(bp, " %s %u", s, cmd->arg1); } else @@ -4003,7 +4006,7 @@ chkarg: struct addrinfo *res; char *s, *end; int family; - u_short port_number; + u_short port_number = 0; NEED1("missing forward address[:port]"); @@ -5600,7 +5603,7 @@ ifinfo_cmp(const void *a, const void *b) static void ipfw_list_tifaces(void) { - ipfw_obj_lheader *olh; + ipfw_obj_lheader *olh = NULL; ipfw_iface_info *info; uint32_t i; int error; @@ -5608,7 +5611,6 @@ ipfw_list_tifaces(void) if ((error = ipfw_get_tracked_ifaces(&olh)) != 0) err(EX_OSERR, "Unable to request ipfw tracked interface list"); - qsort(olh + 1, olh->count, olh->objsize, ifinfo_cmp); info = (ipfw_iface_info *)(olh + 1); @@ -5625,7 +5627,3 @@ ipfw_list_tifaces(void) free(olh); } - - - - Modified: releng/12.2/sbin/ipfw/nat64lsn.c ============================================================================== --- releng/12.2/sbin/ipfw/nat64lsn.c Tue Dec 1 19:35:48 2020 (r368251) +++ releng/12.2/sbin/ipfw/nat64lsn.c Tue Dec 1 19:36:36 2020 (r368252) @@ -99,6 +99,7 @@ nat64lsn_print_states(void *buf) stg = (ipfw_nat64lsn_stg_v1 *)(od + 1); sz = od->head.length - sizeof(*od); next_idx = 0; + proto = NULL; while (sz > 0 && next_idx != 0xFF) { next_idx = stg->next.index; sz -= sizeof(*stg); Modified: releng/12.2/sbin/ipfw/tables.c ============================================================================== --- releng/12.2/sbin/ipfw/tables.c Tue Dec 1 19:35:48 2020 (r368251) +++ releng/12.2/sbin/ipfw/tables.c Tue Dec 1 19:36:36 2020 (r368252) @@ -847,7 +847,7 @@ table_show_info(ipfw_xtable_info *i, void *arg) static int table_show_one(ipfw_xtable_info *i, void *arg) { - ipfw_obj_header *oh; + ipfw_obj_header *oh = NULL; int error; int is_all; @@ -1179,7 +1179,7 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentr struct servent *sent; int masklen; - masklen = 0; + mask = masklen = 0; af = 0; paddr = (struct in6_addr *)&tentry->k; From owner-svn-src-releng@freebsd.org Tue Dec 1 19:37:38 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2F2304B2698; Tue, 1 Dec 2020 19:37:38 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClsnX668Kz4lsR; Tue, 1 Dec 2020 19:37:36 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A980C1AF2D; Tue, 1 Dec 2020 19:37:34 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B1JbYRJ004283; Tue, 1 Dec 2020 19:37:34 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B1JbYgc004282; Tue, 1 Dec 2020 19:37:34 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202012011937.0B1JbYgc004282@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 1 Dec 2020 19:37:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r368254 - in releng: 12.1/sys/kern 12.2/sys/kern X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 12.1/sys/kern 12.2/sys/kern X-SVN-Commit-Revision: 368254 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 19:37:38 -0000 Author: gordon Date: Tue Dec 1 19:37:33 2020 New Revision: 368254 URL: https://svnweb.freebsd.org/changeset/base/368254 Log: Fix race condition in callout CPU migration. Approved by: so Security: FreeBSD-EN-20:22.callout Modified: releng/12.1/sys/kern/kern_timeout.c releng/12.2/sys/kern/kern_timeout.c Modified: releng/12.1/sys/kern/kern_timeout.c ============================================================================== --- releng/12.1/sys/kern/kern_timeout.c Tue Dec 1 19:36:37 2020 (r368253) +++ releng/12.1/sys/kern/kern_timeout.c Tue Dec 1 19:37:33 2020 (r368254) @@ -1270,7 +1270,7 @@ again: * just wait for the current invocation to * finish. */ - while (cc_exec_curr(cc, direct) == c) { + if (cc_exec_curr(cc, direct) == c) { /* * Use direct calls to sleepqueue interface * instead of cv/msleep in order to avoid @@ -1318,7 +1318,7 @@ again: /* Reacquire locks previously released. */ PICKUP_GIANT(); - CC_LOCK(cc); + goto again; } c->c_flags &= ~CALLOUT_ACTIVE; } else if (use_lock && Modified: releng/12.2/sys/kern/kern_timeout.c ============================================================================== --- releng/12.2/sys/kern/kern_timeout.c Tue Dec 1 19:36:37 2020 (r368253) +++ releng/12.2/sys/kern/kern_timeout.c Tue Dec 1 19:37:33 2020 (r368254) @@ -1271,7 +1271,7 @@ again: * just wait for the current invocation to * finish. */ - while (cc_exec_curr(cc, direct) == c) { + if (cc_exec_curr(cc, direct) == c) { /* * Use direct calls to sleepqueue interface * instead of cv/msleep in order to avoid @@ -1319,7 +1319,7 @@ again: /* Reacquire locks previously released. */ PICKUP_GIANT(); - CC_LOCK(cc); + goto again; } c->c_flags &= ~CALLOUT_ACTIVE; } else if (use_lock && From owner-svn-src-releng@freebsd.org Tue Dec 1 19:38:53 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C7ED94B25E2; Tue, 1 Dec 2020 19:38:53 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Clsq159qSz4m1L; Tue, 1 Dec 2020 19:38:53 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A44E11ADC0; Tue, 1 Dec 2020 19:38:53 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B1JcrvP004395; Tue, 1 Dec 2020 19:38:53 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B1JcrYo004392; Tue, 1 Dec 2020 19:38:53 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202012011938.0B1JcrYo004392@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 1 Dec 2020 19:38:53 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r368255 - in releng: 11.4/sys/netinet6 12.1/sys/netinet6 12.2/sys/netinet6 X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.4/sys/netinet6 12.1/sys/netinet6 12.2/sys/netinet6 X-SVN-Commit-Revision: 368255 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 19:38:53 -0000 Author: gordon Date: Tue Dec 1 19:38:52 2020 New Revision: 368255 URL: https://svnweb.freebsd.org/changeset/base/368255 Log: Fix ICMPv6 use-after-free in error message handling. Approved by: so Security: FreeBSD-SA-20:31.icmp6 Security: CVE-2020-7469 Modified: releng/11.4/sys/netinet6/icmp6.c releng/12.1/sys/netinet6/icmp6.c releng/12.2/sys/netinet6/icmp6.c Modified: releng/11.4/sys/netinet6/icmp6.c ============================================================================== --- releng/11.4/sys/netinet6/icmp6.c Tue Dec 1 19:37:33 2020 (r368254) +++ releng/11.4/sys/netinet6/icmp6.c Tue Dec 1 19:38:52 2020 (r368255) @@ -903,6 +903,7 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp } #endif eip6 = (struct ip6_hdr *)(icmp6 + 1); + bzero(&icmp6dst, sizeof(icmp6dst)); /* Detect the upper level protocol */ { @@ -911,7 +912,6 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp int eoff = off + sizeof(struct icmp6_hdr) + sizeof(struct ip6_hdr); struct ip6ctlparam ip6cp; - struct in6_addr *finaldst = NULL; int icmp6type = icmp6->icmp6_type; struct ip6_frag *fh; struct ip6_rthdr *rth; @@ -994,7 +994,7 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp /* just ignore a bogus header */ if ((rth0->ip6r0_len % 2) == 0 && (hops = rth0->ip6r0_len/2)) - finaldst = (struct in6_addr *)(rth0 + 1) + (hops - 1); + icmp6dst.sin6_addr = *((struct in6_addr *)(rth0 + 1) + (hops - 1)); } eoff += rthlen; nxt = rth->ip6r_nxt; @@ -1059,13 +1059,10 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp */ eip6 = (struct ip6_hdr *)(icmp6 + 1); - bzero(&icmp6dst, sizeof(icmp6dst)); icmp6dst.sin6_len = sizeof(struct sockaddr_in6); icmp6dst.sin6_family = AF_INET6; - if (finaldst == NULL) + if (IN6_IS_ADDR_UNSPECIFIED(&icmp6dst.sin6_addr)) icmp6dst.sin6_addr = eip6->ip6_dst; - else - icmp6dst.sin6_addr = *finaldst; if (in6_setscope(&icmp6dst.sin6_addr, m->m_pkthdr.rcvif, NULL)) goto freeit; bzero(&icmp6src, sizeof(icmp6src)); @@ -1077,13 +1074,11 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp icmp6src.sin6_flowinfo = (eip6->ip6_flow & IPV6_FLOWLABEL_MASK); - if (finaldst == NULL) - finaldst = &eip6->ip6_dst; ip6cp.ip6c_m = m; ip6cp.ip6c_icmp6 = icmp6; ip6cp.ip6c_ip6 = (struct ip6_hdr *)(icmp6 + 1); ip6cp.ip6c_off = eoff; - ip6cp.ip6c_finaldst = finaldst; + ip6cp.ip6c_finaldst = &icmp6dst.sin6_addr; ip6cp.ip6c_src = &icmp6src; ip6cp.ip6c_nxt = nxt; Modified: releng/12.1/sys/netinet6/icmp6.c ============================================================================== --- releng/12.1/sys/netinet6/icmp6.c Tue Dec 1 19:37:33 2020 (r368254) +++ releng/12.1/sys/netinet6/icmp6.c Tue Dec 1 19:38:52 2020 (r368255) @@ -896,6 +896,7 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp } #endif eip6 = (struct ip6_hdr *)(icmp6 + 1); + bzero(&icmp6dst, sizeof(icmp6dst)); /* Detect the upper level protocol */ { @@ -904,7 +905,6 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp int eoff = off + sizeof(struct icmp6_hdr) + sizeof(struct ip6_hdr); struct ip6ctlparam ip6cp; - struct in6_addr *finaldst = NULL; int icmp6type = icmp6->icmp6_type; struct ip6_frag *fh; struct ip6_rthdr *rth; @@ -987,7 +987,7 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp /* just ignore a bogus header */ if ((rth0->ip6r0_len % 2) == 0 && (hops = rth0->ip6r0_len/2)) - finaldst = (struct in6_addr *)(rth0 + 1) + (hops - 1); + icmp6dst.sin6_addr = *((struct in6_addr *)(rth0 + 1) + (hops - 1)); } eoff += rthlen; nxt = rth->ip6r_nxt; @@ -1052,13 +1052,10 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp */ eip6 = (struct ip6_hdr *)(icmp6 + 1); - bzero(&icmp6dst, sizeof(icmp6dst)); icmp6dst.sin6_len = sizeof(struct sockaddr_in6); icmp6dst.sin6_family = AF_INET6; - if (finaldst == NULL) + if (IN6_IS_ADDR_UNSPECIFIED(&icmp6dst.sin6_addr)) icmp6dst.sin6_addr = eip6->ip6_dst; - else - icmp6dst.sin6_addr = *finaldst; if (in6_setscope(&icmp6dst.sin6_addr, m->m_pkthdr.rcvif, NULL)) goto freeit; bzero(&icmp6src, sizeof(icmp6src)); @@ -1070,13 +1067,11 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp icmp6src.sin6_flowinfo = (eip6->ip6_flow & IPV6_FLOWLABEL_MASK); - if (finaldst == NULL) - finaldst = &eip6->ip6_dst; ip6cp.ip6c_m = m; ip6cp.ip6c_icmp6 = icmp6; ip6cp.ip6c_ip6 = (struct ip6_hdr *)(icmp6 + 1); ip6cp.ip6c_off = eoff; - ip6cp.ip6c_finaldst = finaldst; + ip6cp.ip6c_finaldst = &icmp6dst.sin6_addr; ip6cp.ip6c_src = &icmp6src; ip6cp.ip6c_nxt = nxt; Modified: releng/12.2/sys/netinet6/icmp6.c ============================================================================== --- releng/12.2/sys/netinet6/icmp6.c Tue Dec 1 19:37:33 2020 (r368254) +++ releng/12.2/sys/netinet6/icmp6.c Tue Dec 1 19:38:52 2020 (r368255) @@ -912,6 +912,7 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp } icmp6 = (struct icmp6_hdr *)(mtod(m, caddr_t) + off); eip6 = (struct ip6_hdr *)(icmp6 + 1); + bzero(&icmp6dst, sizeof(icmp6dst)); /* Detect the upper level protocol */ { @@ -920,7 +921,6 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp int eoff = off + sizeof(struct icmp6_hdr) + sizeof(struct ip6_hdr); struct ip6ctlparam ip6cp; - struct in6_addr *finaldst = NULL; int icmp6type = icmp6->icmp6_type; struct ip6_frag *fh; struct ip6_rthdr *rth; @@ -994,10 +994,11 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp } rth0 = (struct ip6_rthdr0 *) (mtod(m, caddr_t) + eoff); + /* just ignore a bogus header */ if ((rth0->ip6r0_len % 2) == 0 && (hops = rth0->ip6r0_len/2)) - finaldst = (struct in6_addr *)(rth0 + 1) + (hops - 1); + icmp6dst.sin6_addr = *((struct in6_addr *)(rth0 + 1) + (hops - 1)); } eoff += rthlen; nxt = rth->ip6r_nxt; @@ -1051,13 +1052,10 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp */ eip6 = (struct ip6_hdr *)(icmp6 + 1); - bzero(&icmp6dst, sizeof(icmp6dst)); icmp6dst.sin6_len = sizeof(struct sockaddr_in6); icmp6dst.sin6_family = AF_INET6; - if (finaldst == NULL) + if (IN6_IS_ADDR_UNSPECIFIED(&icmp6dst.sin6_addr)) icmp6dst.sin6_addr = eip6->ip6_dst; - else - icmp6dst.sin6_addr = *finaldst; if (in6_setscope(&icmp6dst.sin6_addr, m->m_pkthdr.rcvif, NULL)) goto freeit; bzero(&icmp6src, sizeof(icmp6src)); @@ -1069,13 +1067,11 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp icmp6src.sin6_flowinfo = (eip6->ip6_flow & IPV6_FLOWLABEL_MASK); - if (finaldst == NULL) - finaldst = &eip6->ip6_dst; ip6cp.ip6c_m = m; ip6cp.ip6c_icmp6 = icmp6; ip6cp.ip6c_ip6 = (struct ip6_hdr *)(icmp6 + 1); ip6cp.ip6c_off = eoff; - ip6cp.ip6c_finaldst = finaldst; + ip6cp.ip6c_finaldst = &icmp6dst.sin6_addr; ip6cp.ip6c_src = &icmp6src; ip6cp.ip6c_nxt = nxt; From owner-svn-src-releng@freebsd.org Tue Dec 1 19:39:45 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AA6344B26CC; Tue, 1 Dec 2020 19:39:45 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Clsr14PwMz4m6W; Tue, 1 Dec 2020 19:39:45 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 89AAD1A9DA; Tue, 1 Dec 2020 19:39:45 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B1JdjBB004476; Tue, 1 Dec 2020 19:39:45 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B1JdiYr004472; Tue, 1 Dec 2020 19:39:44 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202012011939.0B1JdiYr004472@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 1 Dec 2020 19:39:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r368256 - in releng: 11.4/usr.sbin/rtsold 12.1/usr.sbin/rtsold 12.2/usr.sbin/rtsold X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.4/usr.sbin/rtsold 12.1/usr.sbin/rtsold 12.2/usr.sbin/rtsold X-SVN-Commit-Revision: 368256 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 19:39:45 -0000 Author: gordon Date: Tue Dec 1 19:39:44 2020 New Revision: 368256 URL: https://svnweb.freebsd.org/changeset/base/368256 Log: Fix multiple vulnerabilities in rtsold. Approved by: so Security: FreeBSD-SA-20:32.rtsold Security: CVE-2020-25577 Modified: releng/11.4/usr.sbin/rtsold/rtsol.c releng/12.1/usr.sbin/rtsold/rtsol.c releng/12.2/usr.sbin/rtsold/rtsol.c Modified: releng/11.4/usr.sbin/rtsold/rtsol.c ============================================================================== --- releng/11.4/usr.sbin/rtsold/rtsol.c Tue Dec 1 19:38:52 2020 (r368255) +++ releng/11.4/usr.sbin/rtsold/rtsol.c Tue Dec 1 19:39:44 2020 (r368256) @@ -390,8 +390,8 @@ rtsol_input(int s) newent_rai = 1; } -#define RA_OPT_NEXT_HDR(x) (struct nd_opt_hdr *)((char *)x + \ - (((struct nd_opt_hdr *)x)->nd_opt_len * 8)) +#define RA_OPT_NEXT_HDR(x) (struct nd_opt_hdr *)((char *)(x) + \ + (((struct nd_opt_hdr *)(x))->nd_opt_len * 8)) /* Process RA options. */ warnmsg(LOG_DEBUG, __func__, "Processing RA"); raoptp = (char *)icp + sizeof(struct nd_router_advert); @@ -403,6 +403,15 @@ rtsol_input(int s) warnmsg(LOG_DEBUG, __func__, "ndo->nd_opt_len = %d", ndo->nd_opt_len); + if (ndo->nd_opt_len == 0) { + warnmsg(LOG_INFO, __func__, "invalid option length 0."); + break; + } + if ((char *)RA_OPT_NEXT_HDR(raoptp) > (char *)icp + msglen) { + warnmsg(LOG_INFO, __func__, "option length overflow."); + break; + } + switch (ndo->nd_opt_type) { case ND_OPT_RDNSS: rdnss = (struct nd_opt_rdnss *)raoptp; @@ -932,15 +941,18 @@ dname_labeldec(char *dst, size_t dlen, const char *src src_last = strchr(src, '\0'); dst_origin = dst; memset(dst, '\0', dlen); - while (src && (len = (uint8_t)(*src++) & 0x3f) && - (src + len) <= src_last && - (dst - dst_origin < (ssize_t)dlen)) { - if (dst != dst_origin) + while ((len = (*src++) & 0x3f) && + src + len <= src_last && + len + 1 + (dst == dst_origin ? 0 : 1) <= dlen) { + if (dst != dst_origin) { *dst++ = '.'; + dlen--; + } warnmsg(LOG_DEBUG, __func__, "labellen = %zd", len); memcpy(dst, src, len); src += len; dst += len; + dlen -= len; } *dst = '\0'; Modified: releng/12.1/usr.sbin/rtsold/rtsol.c ============================================================================== --- releng/12.1/usr.sbin/rtsold/rtsol.c Tue Dec 1 19:38:52 2020 (r368255) +++ releng/12.1/usr.sbin/rtsold/rtsol.c Tue Dec 1 19:39:44 2020 (r368256) @@ -390,8 +390,8 @@ rtsol_input(int s) newent_rai = 1; } -#define RA_OPT_NEXT_HDR(x) (struct nd_opt_hdr *)((char *)x + \ - (((struct nd_opt_hdr *)x)->nd_opt_len * 8)) +#define RA_OPT_NEXT_HDR(x) (struct nd_opt_hdr *)((char *)(x) + \ + (((struct nd_opt_hdr *)(x))->nd_opt_len * 8)) /* Process RA options. */ warnmsg(LOG_DEBUG, __func__, "Processing RA"); raoptp = (char *)icp + sizeof(struct nd_router_advert); @@ -403,6 +403,15 @@ rtsol_input(int s) warnmsg(LOG_DEBUG, __func__, "ndo->nd_opt_len = %d", ndo->nd_opt_len); + if (ndo->nd_opt_len == 0) { + warnmsg(LOG_INFO, __func__, "invalid option length 0."); + break; + } + if ((char *)RA_OPT_NEXT_HDR(raoptp) > (char *)icp + msglen) { + warnmsg(LOG_INFO, __func__, "option length overflow."); + break; + } + switch (ndo->nd_opt_type) { case ND_OPT_RDNSS: rdnss = (struct nd_opt_rdnss *)raoptp; @@ -924,15 +933,18 @@ dname_labeldec(char *dst, size_t dlen, const char *src src_last = strchr(src, '\0'); dst_origin = dst; memset(dst, '\0', dlen); - while (src && (len = (uint8_t)(*src++) & 0x3f) && - (src + len) <= src_last && - (dst - dst_origin < (ssize_t)dlen)) { - if (dst != dst_origin) + while ((len = (*src++) & 0x3f) && + src + len <= src_last && + len + 1 + (dst == dst_origin ? 0 : 1) <= dlen) { + if (dst != dst_origin) { *dst++ = '.'; + dlen--; + } warnmsg(LOG_DEBUG, __func__, "labellen = %zd", len); memcpy(dst, src, len); src += len; dst += len; + dlen -= len; } *dst = '\0'; Modified: releng/12.2/usr.sbin/rtsold/rtsol.c ============================================================================== --- releng/12.2/usr.sbin/rtsold/rtsol.c Tue Dec 1 19:38:52 2020 (r368255) +++ releng/12.2/usr.sbin/rtsold/rtsol.c Tue Dec 1 19:39:44 2020 (r368256) @@ -337,8 +337,8 @@ rtsol_input(int sock) newent_rai = 1; } -#define RA_OPT_NEXT_HDR(x) (struct nd_opt_hdr *)((char *)x + \ - (((struct nd_opt_hdr *)x)->nd_opt_len * 8)) +#define RA_OPT_NEXT_HDR(x) (struct nd_opt_hdr *)((char *)(x) + \ + (((struct nd_opt_hdr *)(x))->nd_opt_len * 8)) /* Process RA options. */ warnmsg(LOG_DEBUG, __func__, "Processing RA"); raoptp = (char *)icp + sizeof(struct nd_router_advert); @@ -350,6 +350,15 @@ rtsol_input(int sock) warnmsg(LOG_DEBUG, __func__, "ndo->nd_opt_len = %d", ndo->nd_opt_len); + if (ndo->nd_opt_len == 0) { + warnmsg(LOG_INFO, __func__, "invalid option length 0."); + break; + } + if ((char *)RA_OPT_NEXT_HDR(raoptp) > (char *)icp + msglen) { + warnmsg(LOG_INFO, __func__, "option length overflow."); + break; + } + switch (ndo->nd_opt_type) { case ND_OPT_RDNSS: rdnss = (struct nd_opt_rdnss *)raoptp; @@ -760,15 +769,18 @@ dname_labeldec(char *dst, size_t dlen, const char *src src_last = strchr(src, '\0'); dst_origin = dst; memset(dst, '\0', dlen); - while (src && (len = (uint8_t)(*src++) & 0x3f) && - (src + len) <= src_last && - (dst - dst_origin < (ssize_t)dlen)) { - if (dst != dst_origin) + while ((len = (*src++) & 0x3f) && + src + len <= src_last && + len + 1 + (dst == dst_origin ? 0 : 1) <= dlen) { + if (dst != dst_origin) { *dst++ = '.'; + dlen--; + } warnmsg(LOG_DEBUG, __func__, "labellen = %zd", len); memcpy(dst, src, len); src += len; dst += len; + dlen -= len; } *dst = '\0'; From owner-svn-src-releng@freebsd.org Tue Dec 1 19:41:00 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 39AA44B2764; Tue, 1 Dec 2020 19:41:00 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClssS1Byvz4mTC; Tue, 1 Dec 2020 19:41:00 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1BB951AEDB; Tue, 1 Dec 2020 19:41:00 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B1JexPE007700; Tue, 1 Dec 2020 19:40:59 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B1Jex9R007695; Tue, 1 Dec 2020 19:40:59 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202012011940.0B1Jex9R007695@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 1 Dec 2020 19:40:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r368257 - in releng: 11.4 11.4/sys/conf 12.1 12.1/sys/conf 12.2 12.2/sys/conf X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.4 11.4/sys/conf 12.1 12.1/sys/conf 12.2 12.2/sys/conf X-SVN-Commit-Revision: 368257 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 19:41:00 -0000 Author: gordon Date: Tue Dec 1 19:40:58 2020 New Revision: 368257 URL: https://svnweb.freebsd.org/changeset/base/368257 Log: Add UPDATING entries and bump version. Approved by: so Modified: releng/11.4/UPDATING releng/11.4/sys/conf/newvers.sh releng/12.1/UPDATING releng/12.1/sys/conf/newvers.sh releng/12.2/UPDATING releng/12.2/sys/conf/newvers.sh Modified: releng/11.4/UPDATING ============================================================================== --- releng/11.4/UPDATING Tue Dec 1 19:39:44 2020 (r368256) +++ releng/11.4/UPDATING Tue Dec 1 19:40:58 2020 (r368257) @@ -16,6 +16,22 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20201201: p5 FreeBSD-EN-20:19.audit + FreeBSD-EN-20:20.tzdata + FreeBSD-EN-20:22.callout + FreeBSD-SA-20:31.icmp6 + FreeBSD-SA-20:32.rtsold + + Fix execve/fexecve system call auditing. [EN-20:19.audit] + + Update timezone database information. [EN-20:20.tzdata] + + Fix race condition in callout CPU migration. [EN-20:22.callout] + + Fix ICMPv6 use-after-free in error message handling. [SA-20:31.icmp6] + + Fix multiple vulnerabilities in rtsold. [SA-20:32.rtsold] + 20200915 p4 FreeBSD-SA-20:27.ure FreeBSD-SA-20:28.bhyve_vmcs FreeBSD-SA-20:29.bhyve_svm Modified: releng/11.4/sys/conf/newvers.sh ============================================================================== --- releng/11.4/sys/conf/newvers.sh Tue Dec 1 19:39:44 2020 (r368256) +++ releng/11.4/sys/conf/newvers.sh Tue Dec 1 19:40:58 2020 (r368257) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.4" -BRANCH="RELEASE-p4" +BRANCH="RELEASE-p5" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/12.1/UPDATING ============================================================================== --- releng/12.1/UPDATING Tue Dec 1 19:39:44 2020 (r368256) +++ releng/12.1/UPDATING Tue Dec 1 19:40:58 2020 (r368257) @@ -16,6 +16,16 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20201201: p11 FreeBSD-EN-20:20.tzdata + FreeBSD-SA-20:31.icmp6 + FreeBSD-SA-20:32.rtsold + + Update timezone database information. [EN-20:20.tzdata] + + Fix ICMPv6 use-after-free in error message handling. [SA-20:31.icmp6] + + Fix multiple vulnerabilities in rtsold. [SA-20:32.rtsold] + 20200915 p10 FreeBSD-SA-20:27.ure FreeBSD-SA-20:28.bhyve_vmcs FreeBSD-SA-20:29.bhyve_svm Modified: releng/12.1/sys/conf/newvers.sh ============================================================================== --- releng/12.1/sys/conf/newvers.sh Tue Dec 1 19:39:44 2020 (r368256) +++ releng/12.1/sys/conf/newvers.sh Tue Dec 1 19:40:58 2020 (r368257) @@ -46,7 +46,7 @@ TYPE="FreeBSD" REVISION="12.1" -BRANCH="RELEASE-p10" +BRANCH="RELEASE-p11" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/12.2/UPDATING ============================================================================== --- releng/12.2/UPDATING Tue Dec 1 19:39:44 2020 (r368256) +++ releng/12.2/UPDATING Tue Dec 1 19:40:58 2020 (r368257) @@ -16,6 +16,25 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20201201: p1 FreeBSD-EN-20:19.audit + FreeBSD-EN-20:20.tzdata + FreeBSD-EN-20:21.ipfw + FreeBSD-EN-20:22.callout + FreeBSD-SA-20:31.icmp6 + FreeBSD-SA-20:32.rtsold + + Fix execve/fexecve system call auditing. [EN-20:19.audit] + + Update timezone database information. [EN-20:20.tzdata] + + Fix uninitialized variable in ipfw. [EN-20:21.ipfw] + + Fix race condition in callout CPU migration. [EN-20:22.callout] + + Fix ICMPv6 use-after-free in error message handling. [SA-20:31.icmp6] + + Fix multiple vulnerabilities in rtsold. [SA-20:32.rtsold] + 20201027: 12.2-RELEASE. Modified: releng/12.2/sys/conf/newvers.sh ============================================================================== --- releng/12.2/sys/conf/newvers.sh Tue Dec 1 19:39:44 2020 (r368256) +++ releng/12.2/sys/conf/newvers.sh Tue Dec 1 19:40:58 2020 (r368257) @@ -49,7 +49,7 @@ TYPE="FreeBSD" REVISION="12.2" -BRANCH="RELEASE" +BRANCH="RELEASE-p1" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi