BSD Commit Log Search

   Add
   gnu/usr.bin/groff/tmac/mdoc.local               patch
   sys/sys/param.h                                 patch

   for 4.0.1 RELEASE

   Use date of netbsd-4-0-1-RELEASE tagging, requested by tsutsui in ticket #1206.

   Welcome to NetBSD 4.0.1

   Pull up revisions:
     src/sys/netinet6/in6.c     1.141 via patch
     src/sys/netinet6/in6_var.h 1.59 via patch
     src/sys/netinet6/nd6_nbr.c 1.89-1.90 via patch
   (requested by adrianp in ticket #1210).

   If a neighbor solictation isn't from the unspecified address, make sure
   that the source address matches one of the interfaces address prefixes.

   Generalize previous fix so that both NS and NA packets are checked.

   Pull up revision 1.150 (requested by adrianp in ticket #1209).

   Fix for CVE-2008-3530 from matt@
   Implement improved checking for MTU values on ICMP 'Packet Too Big Messages'

   pullup the following revisions, requested by joerg in ticket 904
   (the previous processing of 904 was incomplete):
        common/lib/libprop/prop_array.3                 1.5
        common/lib/libprop/prop_bool.3                  1.3
        common/lib/libprop/prop_data.3                  1.4
        common/lib/libprop/prop_dictionary.3            1.8
        common/lib/libprop/prop_dictionary_util.3       1.2
        common/lib/libprop/prop_ingest.3                1.3
        common/lib/libprop/prop_number.3                1.7
        common/lib/libprop/prop_object.3                1.6
        common/lib/libprop/prop_string.3                1.4
   boolean_t -> bool
   TRUE -> true
   FALSE -> false
   Fixes PR lib/38013.

   Apply patch, requested by tsutsui in ticket 1206:
        distrib/notes/common/main               patch
        distrib/notes/common/postinstall        patch
   Add a "Changes Between The NetBSD 4.0 release and 4.0.1 update" section
   Various others minor adjustements for 4.0.1

   Pull up following revision(s) (requested by tsutsui in ticket #1204):
        distrib/hpcarm/Makefile                         1.4 - 1.6
        distrib/hpcarm/instkernel/Makefile              1.1
        distrib/hpcarm/stand/Makefile                   1.1 - 1.2
        distrib/hpcmips/Makefile                        1.29 - 1.33
        distrib/hpcmips/instkernel/Makefile             1.1
        distrib/hpcmips/stand/Makefile                  1.1 - 1.2
        distrib/hpcsh/Makefile                          1.7 - 1.9
        distrib/hpcsh/instkernel/Makefile               1.1
        distrib/hpcsh/stand/Makefile                    1.1 - 1.2
        distrib/miniroot/Makefile                       1.65 - 1.66
        etc/etc.hpcarm/Makefile.inc                     1.6 - 1.8
        etc/etc.hpcmips/Makefile.inc                    1.9 - 1.10
        etc/etc.hpcsh/Makefile.inc                      1.4 - 1.5
   Build install kernels and standalone bootloaders in their own directories
   so that parallel build works properly.
   Change remaining instances of ${RELEASEDIR}/${MACHINES} to
   ${RELEASEDIR}/${RELEASEMACHINEDIR}
   Add ${IMAGE}.gz to dependency list of release:: target as well as the one

    [13 lines not shown]

   Pull up following revision(s) (requested by lukem in ticket #1202):
        libexec/ftpd/ftpd.c: revision 1.187
        libexec/ftpd/extern.h: revision 1.58
        libexec/ftpd/version.h: patch
        libexec/ftpd/ftpcmd.y: revision 1.88
   Don't split large commands into multiple commands; just fail on them.
   This prevents CSRF-like attacks, when a web browser is used to access
   an ftp server.
   Reported by Maksymilian Arciemowicz <cxib at securityreason.com>.
   Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz at OpenBSD.o=
   rg>

   Pull up following revision(s) (requested by lukem in ticket #1201):
        libexec/ftpd/ftpd.c: revision 1.183
        libexec/ftpd/Makefile: revision 1.58
        libexec/ftpd/version.h: revision 1.66
   Reorganize USE_PAM support so that the reply(331,) from USER is
   performed by the pam_conv (PAM conversation) callback, which then
   getline()s the PASS reply internally.  This involves calling
   auth_pam() from user() and caching the result to use later in pass().
   This allows the PAM modules to present a different password prompt
   dialog if necesary.  For example:
     Name (localhost:lukem):
     331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
   versus
     Name (localhost:lukem): root
     331 User root accepted, provide password.
   This is independent of (and effectively exclusive to) USE_SKEY support.
   Previously ftpd with USE_SKEY=yes would provide the skey prompt
   if the user had an skey configured, even if /etc/pam.d/ftpd didn't
   have pam_skey in use.

    [2 lines not shown]

   Pull up following revision(s) (requested by darrenr in ticket #1171):
        regress/sys/kern/ipf/regress/ni4.nat: revision 1.2
        regress/sys/kern/ipf/regress/ni1.nat: revision 1.2
        dist/ipf/tools/ipnat_y.y: revision 1.17
        regress/sys/kern/ipf/regress/n5: revision 1.2
        regress/sys/kern/ipf/regress/n12: revision 1.2
        dist/ipf/lib/printnat.c: revisions 1.1.1.7, 1.2
        dist/ipf/ip_fil.c: revision 1.16
        sys/dist/ipf/netinet/ip_nat.h: revision 1.14
        sys/dist/ipf/netinet/ip_nat.c: revisions 1.37, 1.38
        dist/ipf/test/regress/n12: revision 1.2
        sys/dist/ipf/netinet/ip_state.c: revision 1.33
        regress/sys/kern/ipf/regress/n2: revision 1.2
        sys/dist/ipf/netinet/ip_fil.h: revision 1.17
        regress/sys/kern/ipf/regress/ni2.nat: revision 1.2
        sys/dist/ipf/netinet/ip_compat.h: revision 1.22
   2020447 IPFilter's NAT can undo name server random port selection

   Pull up following revision(s) (requested by tsutsui in ticket #1198):
        distrib/notes/sandpoint/install: revision 1.4
        distrib/notes/macppc/hardware: revision 1.45, 1.46
        distrib/notes/next68k/prep: revision 1.7
        distrib/notes/sun3/install: revision 1.16
        distrib/notes/macppc/prep.OPENFIRMWARE: revision 1.10, 1.11
        distrib/notes/mvme68k/xfer: revision 1.17
        distrib/notes/vax/install: revision 1.17
        distrib/notes/common/contents: revision 1.142
        distrib/notes/next68k/xfer: revision 1.7
        distrib/notes/common/sysinst: revision 1.91
        distrib/notes/alpha/install: revision 1.34
        distrib/notes/mvme68k/install: revision 1.20
        distrib/notes/hp300/prep: revision 1.23
        distrib/notes/common/sysinst: revision 1.92
        distrib/notes/alpha/hardware: revision 1.15
        distrib/notes/sparc64/install: revision 1.30
        distrib/notes/cats/prep: revision 1.10
        distrib/notes/sparc/hardware: revision 1.34

    [19 lines not shown]

   pullup the following revisions (requested by tsutsui in ticket #1195):
   distrib/notes/acorn32/prep.RISCOS            1.19
   distrib/notes/common/contents                        1.140, 1.141
   distrib/notes/common/legal.common            1.51
   distrib/notes/common/macros                  1.35
   distrib/notes/common/main                    1.385, 1.387, 1.389 via patch,
                                                1.390-1.394, 1.397-1.403,
                                                1.405 via patch, 1.406-1.407,
                                                1.409, 1.413, 1.415
   distrib/notes/common/sysinst                 1.86-1.87, 1.90
   distrib/notes/common/upgrade                 1.24
   distrib/notes/hp300/prep                     1.22
   distrib/notes/i386/hardware                  1.122

   Various fixes to install notes, including fix display issues
   and sync developers lists with reality

   Pull up following revision(s) (requested by tsutsui in ticket #1104):
        sys/arch/cobalt/cobalt/machdep.c: revision 1.93 via patch
   Fix botched spl(9) bug I introduced back in 3.99.18 (rev 1.64):
   Don't enable unhandled interrupts before all interrupts are processed.
   Should fix "long download, network frozen" problems reported on
   port-cobalt by several people.

   Pull up following revision(s) (requested by uebayasi in ticket #1191):
        sys/netinet/if_arp.c: revision 1.141
   Missing "\n" in log(9) messages.

   apply patch (requested by adrianp in ticket #1189):
        dist/bind/CHANGES                               patch
        dist/bind/COPYRIGHT                             patch
        dist/bind/configure                             patch
        dist/bind/configure.in                          patch
        dist/bind/version                               patch
        dist/bind/bin/dig/dighost.c                     patch
        dist/bind/bin/named/client.c                    patch
        dist/bind/bin/named/config.c                    patch
        dist/bind/bin/named/controlconf.c               patch
        dist/bind/bin/named/interfacemgr.c              patch
        dist/bind/bin/named/lwresd.c                    patch
        dist/bind/bin/named/named.conf.docbook          patch
        dist/bind/bin/named/server.c                    patch
        dist/bind/bin/rndc/rndc.c                       patch
        dist/bind/bin/tests/sig0_test.c                 patch
        dist/bind/bin/tests/sock_test.c                 patch
        dist/bind/bin/tests/system/ifconfig.sh          patch
        dist/bind/doc/arm/Bv9ARM-book.xml               patch

    [25 lines not shown]

   Pull up following revision(s) (requested by adrianp in ticket #1187):
        sys/netinet6/mld6.c: revision 1.47
   Fix from matt@ for malformed ICMPv6 MLD query (CVE-2008-2464).

   Pull up following revision(s) (requested by skrll in ticket #1180):
        sys/arch/hppa/hppa/copy.S: revision 1.8
   Fix copy{in,out}str on hppa by
        1) not attempting to copy anything if size is initially 0.
        2) returning ENAMETOOLONG if we ran out of space.

   Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).

   ncvs ci src/sys/net/if_pppoe.c
   Pull up revision 1.88 (requested by martin in ticket #1179).

   Apply patch from Yasuoka Masahiko in PR kern/39321: fix length check
   when parsing pppoe discovery phase packets.

   Pull up following revision(s) (requested by dholland in ticket #1169):
        etc/named.conf: revision 1.5
   The default named.conf should not contain a query-source statement.
   Comment it out and describe what it's for and why not to use it.

   Apply patch (requested by adrianp in ticket #1168):
   Update BIND to 9.4.2-P1 and turn off pthreads.

   Pull up following revision(s) (requested by nakayama in ticket #1159):
        sys/arch/sparc64/sparc64/locore.s: revision 1.280
   Close unterminated comment.
   Fix unexpected behavior in case of loadfpstate from unaligned buffer.

   Pull up revision 1.2 (requested by adrianp in ticket #1160).

   Fix for PR #33551 (a.k.a CVE-2006-2362)

   Back port from the binutils CVS tree

   Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation
   GNU Binutils before 20060423, as used by GNU strings, allows context-dependent
   attackers to cause a denial of service (application crash) and possibly
   execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex)
   record in which the length character is not a valid hexadecimal character.

   Pull up revisions:
     src/gnu/dist/gcc4/gcc/genemit.c    1.2
     src/gnu/dist/gcc4/gcc/genrecog.c   1.2
     src/gnu/dist/gcc4/gcc/hwint.h              1.2
   (requested by uwe in ticket #1139).

   Defer wide int L/LL suffix choice in insn-*.c until we compile for
   host using correct set of HOST_WIDE_INT* defines.  Fixes compilation
   of native sh3 gcc on 64-bit build machines.

   Background and details in NetBSD PR 34549 and GCC bug 32497.
   Tested by Joerg and myself.

   Approved by "looks ok, but let some other guy decide" from ~all of our
   gcc folks.

   Pull up revision 1.5 (requested by tsutsui in ticket #1138).

   Pull the follwoing fix from upstream:
   http://gcc.gnu.org/viewcvs/trunk/gcc/config/m68k/m68k.md#rev117181
         * config/m68k/m68k.md (negsf2, negdf2, negxf2): Use
         -2147483647 - 1 instead of 0x80000000.

   Fixes "internal compiler error: in do_SUBST" on compiling
   floating point ops with -msoft-float or -m68010 on LP64 hosts,
   and may also close PR toolchain/38359.  Tested on alpha.

   Pull up revision 1.6 (requested by nakayama in ticket #1134).

   grep "-H" option (print the filename for each match) always prints
   filenames whether "-h" option (suppress filenames when multiple files
   are searched) is speficied or not.

   Make zgrep "-h" option actually works with using "-H" option only
   when "-h" is not specified.

   Apply patch to fix CVE-2007-1218, CVE-2007-3798 and CAN-2005-1278 in
   base-tcpdump (requested by tonnerre in ticket #1124).

   Pull up revision 1.2 (requested by adrianp in ticket #1123).

   Fix for CVE-2007-3108

   The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and
   earlier does not properly perform Montgomery multiplication, which might
   allow local users to conduct a side-channel attack and retrieve RSA
   private keys.

   Pull up revisions:
     src/lib/libc/gdtoa/dmisc.c         1.4
     src/lib/libc/gdtoa/gdtoa.c         1.4
     src/lib/libc/gdtoa/gethex.c                1.4
     src/lib/libc/gdtoa/misc.c          1.4
     src/lib/libc/gdtoa/strtof_vaxf.c   1.4-1.5
     src/lib/libc/gdtoa/strtopQ.c               1.4
     src/lib/libc/gdtoa/strtopx.c               1.4
     src/lib/libc/gdtoa/strtopxL.c              1.4
     src/lib/libc/gdtoa/strtord.c               1.4
     src/lib/libc/gdtoa/dtoa.c          1.5
     src/lib/libc/gdtoa/strtod.c                1.5
     src/lib/libc/gdtoa/g_Qfmt.c                1.3
     src/lib/libc/gdtoa/g_xLfmt.c               1.3
     src/lib/libc/gdtoa/g_xfmt.c                1.3
     src/lib/libc/gdtoa/smisc.c         1.3
     src/lib/libc/gdtoa/strtof.c                1.3
     src/lib/libc/gdtoa/strtorQ.c               1.3
     src/lib/libc/gdtoa/strtorx.c               1.3

    [29 lines not shown]