svn commit: r294039 - in user/cperciva/freebsd-update-build/patches: 10.1-RELEASE 10.2-RELEASE 9.3-RELEASE
Gleb Smirnoff
glebius at FreeBSD.org
Thu Jan 14 21:29:40 UTC 2016
Author: glebius
Date: Thu Jan 14 21:29:38 2016
New Revision: 294039
URL: https://svnweb.freebsd.org/changeset/base/294039
Log:
Commit todays patch queue.
Added:
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-EN-16:02.pf
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-EN-16:03.yplib
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:01.sctp
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:02.ntp
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:03.linux
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:04.linux
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:05.tcp
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:06.bsnmpd
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/9-EN-16:02.pf
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/9-EN-16:03.yplib
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/9-SA-16:01.sctp
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/9-SA-16:02.ntp
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/9-SA-16:03.linux
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/9-SA-16:04.linux
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/9-SA-16:05.tcp
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/9-SA-16:06.bsnmpd
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/33-EN-16:02.pf
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/33-EN-16:03.yplib
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/33-SA-16:01.sctp
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/33-SA-16:02.ntp
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/33-SA-16:03.linux
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/33-SA-16:04.linux
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/33-SA-16:05.tcp
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/33-SA-16:06.bsnmpd
Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-EN-16:02.pf
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-EN-16:02.pf Thu Jan 14 21:29:38 2016 (r294039)
@@ -0,0 +1,392 @@
+--- sys/net/pfvar.h.orig
++++ sys/net/pfvar.h
+@@ -1558,6 +1558,8 @@
+ extern void pf_print_flags(u_int8_t);
+ extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t,
+ u_int8_t);
++extern u_int16_t pf_proto_cksum_fixup(struct mbuf *, u_int16_t,
++ u_int16_t, u_int16_t, u_int8_t);
+
+ VNET_DECLARE(struct ifnet *, sync_ifp);
+ #define V_sync_ifp VNET(sync_ifp);
+@@ -1582,6 +1584,9 @@
+ void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *,
+ sa_family_t);
+ void pf_change_a(void *, u_int16_t *, u_int32_t, u_int8_t);
++void pf_change_proto_a(struct mbuf *, void *, u_int16_t *, u_int32_t,
++ u_int8_t);
++void pf_change_tcp_a(struct mbuf *, void *, u_int16_t *, u_int32_t);
+ void pf_send_deferred_syn(struct pf_state *);
+ int pf_match_addr(u_int8_t, struct pf_addr *, struct pf_addr *,
+ struct pf_addr *, sa_family_t);
+--- sys/netinet6/ip6_output.c.orig
++++ sys/netinet6/ip6_output.c
+@@ -184,7 +184,7 @@
+ }\
+ } while (/*CONSTCOND*/ 0)
+
+-static void
++void
+ in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset)
+ {
+ u_short csum;
+--- sys/netinet6/ip6_var.h.orig
++++ sys/netinet6/ip6_var.h
+@@ -456,6 +456,7 @@
+ struct rtentry **, u_int);
+ u_int32_t ip6_randomid(void);
+ u_int32_t ip6_randomflowlabel(void);
++void in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset);
+ #endif /* _KERNEL */
+
+ #endif /* !_NETINET6_IP6_VAR_H_ */
+--- sys/netpfil/pf/pf.c.orig
++++ sys/netpfil/pf/pf.c
+@@ -203,7 +203,7 @@
+ static void pf_add_threshold(struct pf_threshold *);
+ static int pf_check_threshold(struct pf_threshold *);
+
+-static void pf_change_ap(struct pf_addr *, u_int16_t *,
++static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *,
+ u_int16_t *, u_int16_t *, struct pf_addr *,
+ u_int16_t, u_int8_t, sa_family_t);
+ static int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *,
+@@ -1966,6 +1966,22 @@
+ }
+ }
+
++/**
++ * Checksum updates are a little complicated because the checksum in the TCP/UDP
++ * header isn't always a full checksum. In some cases (i.e. output) it's a
++ * pseudo-header checksum, which is a partial checksum over src/dst IP
++ * addresses, protocol number and length.
++ *
++ * That means we have the following cases:
++ * * Input or forwarding: we don't have TSO, the checksum fields are full
++ * checksums, we need to update the checksum whenever we change anything.
++ * * Output (i.e. the checksum is a pseudo-header checksum):
++ * x The field being updated is src/dst address or affects the length of
++ * the packet. We need to update the pseudo-header checksum (note that this
++ * checksum is not ones' complement).
++ * x Some other field is being modified (e.g. src/dst port numbers): We
++ * don't have to update anything.
++ **/
+ u_int16_t
+ pf_cksum_fixup(u_int16_t cksum, u_int16_t old, u_int16_t new, u_int8_t udp)
+ {
+@@ -1981,9 +1997,20 @@
+ return (l);
+ }
+
++u_int16_t
++pf_proto_cksum_fixup(struct mbuf *m, u_int16_t cksum, u_int16_t old,
++ u_int16_t new, u_int8_t udp)
++{
++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6))
++ return (cksum);
++
++ return (pf_cksum_fixup(cksum, old, new, udp));
++}
++
+ static void
+-pf_change_ap(struct pf_addr *a, u_int16_t *p, u_int16_t *ic, u_int16_t *pc,
+- struct pf_addr *an, u_int16_t pn, u_int8_t u, sa_family_t af)
++pf_change_ap(struct mbuf *m, struct pf_addr *a, u_int16_t *p, u_int16_t *ic,
++ u_int16_t *pc, struct pf_addr *an, u_int16_t pn, u_int8_t u,
++ sa_family_t af)
+ {
+ struct pf_addr ao;
+ u_int16_t po = *p;
+@@ -1991,6 +2018,9 @@
+ PF_ACPY(&ao, a, af);
+ PF_ACPY(a, an, af);
+
++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6))
++ *pc = ~*pc;
++
+ *p = pn;
+
+ switch (af) {
+@@ -2000,10 +2030,12 @@
+ ao.addr16[0], an->addr16[0], 0),
+ ao.addr16[1], an->addr16[1], 0);
+ *p = pn;
+- *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc,
++
++ *pc = pf_cksum_fixup(pf_cksum_fixup(*pc,
+ ao.addr16[0], an->addr16[0], u),
+- ao.addr16[1], an->addr16[1], u),
+- po, pn, u);
++ ao.addr16[1], an->addr16[1], u);
++
++ *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u);
+ break;
+ #endif /* INET */
+ #ifdef INET6
+@@ -2010,7 +2042,7 @@
+ case AF_INET6:
+ *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(
+ pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(
+- pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc,
++ pf_cksum_fixup(pf_cksum_fixup(*pc,
+ ao.addr16[0], an->addr16[0], u),
+ ao.addr16[1], an->addr16[1], u),
+ ao.addr16[2], an->addr16[2], u),
+@@ -2018,14 +2050,21 @@
+ ao.addr16[4], an->addr16[4], u),
+ ao.addr16[5], an->addr16[5], u),
+ ao.addr16[6], an->addr16[6], u),
+- ao.addr16[7], an->addr16[7], u),
+- po, pn, u);
++ ao.addr16[7], an->addr16[7], u);
++
++ *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u);
+ break;
+ #endif /* INET6 */
+ }
++
++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA |
++ CSUM_DELAY_DATA_IPV6)) {
++ *pc = ~*pc;
++ if (! *pc)
++ *pc = 0xffff;
++ }
+ }
+
+-
+ /* Changes a u_int32_t. Uses a void * so there are no align restrictions */
+ void
+ pf_change_a(void *a, u_int16_t *c, u_int32_t an, u_int8_t u)
+@@ -2038,6 +2077,19 @@
+ ao % 65536, an % 65536, u);
+ }
+
++void
++pf_change_proto_a(struct mbuf *m, void *a, u_int16_t *c, u_int32_t an, u_int8_t udp)
++{
++ u_int32_t ao;
++
++ memcpy(&ao, a, sizeof(ao));
++ memcpy(a, &an, sizeof(u_int32_t));
++
++ *c = pf_proto_cksum_fixup(m,
++ pf_proto_cksum_fixup(m, *c, ao / 65536, an / 65536, udp),
++ ao % 65536, an % 65536, udp);
++}
++
+ #ifdef INET6
+ static void
+ pf_change_a6(struct pf_addr *a, u_int16_t *c, struct pf_addr *an, u_int8_t u)
+@@ -2183,12 +2235,10 @@
+ for (i = 2; i + TCPOLEN_SACK <= olen;
+ i += TCPOLEN_SACK) {
+ memcpy(&sack, &opt[i], sizeof(sack));
+- pf_change_a(&sack.start, &th->th_sum,
+- htonl(ntohl(sack.start) -
+- dst->seqdiff), 0);
+- pf_change_a(&sack.end, &th->th_sum,
+- htonl(ntohl(sack.end) -
+- dst->seqdiff), 0);
++ pf_change_proto_a(m, &sack.start, &th->th_sum,
++ htonl(ntohl(sack.start) - dst->seqdiff), 0);
++ pf_change_proto_a(m, &sack.end, &th->th_sum,
++ htonl(ntohl(sack.end) - dst->seqdiff), 0);
+ memcpy(&opt[i], &sack, sizeof(sack));
+ }
+ copyback = 1;
+@@ -3092,7 +3142,7 @@
+
+ if (PF_ANEQ(saddr, &nk->addr[pd->sidx], af) ||
+ nk->port[pd->sidx] != sport) {
+- pf_change_ap(saddr, &th->th_sport, pd->ip_sum,
++ pf_change_ap(m, saddr, &th->th_sport, pd->ip_sum,
+ &th->th_sum, &nk->addr[pd->sidx],
+ nk->port[pd->sidx], 0, af);
+ pd->sport = &th->th_sport;
+@@ -3101,7 +3151,7 @@
+
+ if (PF_ANEQ(daddr, &nk->addr[pd->didx], af) ||
+ nk->port[pd->didx] != dport) {
+- pf_change_ap(daddr, &th->th_dport, pd->ip_sum,
++ pf_change_ap(m, daddr, &th->th_dport, pd->ip_sum,
+ &th->th_sum, &nk->addr[pd->didx],
+ nk->port[pd->didx], 0, af);
+ dport = th->th_dport;
+@@ -3115,7 +3165,7 @@
+
+ if (PF_ANEQ(saddr, &nk->addr[pd->sidx], af) ||
+ nk->port[pd->sidx] != sport) {
+- pf_change_ap(saddr, &pd->hdr.udp->uh_sport,
++ pf_change_ap(m, saddr, &pd->hdr.udp->uh_sport,
+ pd->ip_sum, &pd->hdr.udp->uh_sum,
+ &nk->addr[pd->sidx],
+ nk->port[pd->sidx], 1, af);
+@@ -3125,7 +3175,7 @@
+
+ if (PF_ANEQ(daddr, &nk->addr[pd->didx], af) ||
+ nk->port[pd->didx] != dport) {
+- pf_change_ap(daddr, &pd->hdr.udp->uh_dport,
++ pf_change_ap(m, daddr, &pd->hdr.udp->uh_dport,
+ pd->ip_sum, &pd->hdr.udp->uh_sum,
+ &nk->addr[pd->didx],
+ nk->port[pd->didx], 1, af);
+@@ -3477,7 +3527,7 @@
+ if ((s->src.seqdiff = pf_tcp_iss(pd) - s->src.seqlo) ==
+ 0)
+ s->src.seqdiff = 1;
+- pf_change_a(&th->th_seq, &th->th_sum,
++ pf_change_proto_a(m, &th->th_seq, &th->th_sum,
+ htonl(s->src.seqlo + s->src.seqdiff), 0);
+ *rewrite = 1;
+ } else
+@@ -3786,9 +3836,9 @@
+ while ((src->seqdiff = arc4random() - seq) == 0)
+ ;
+ ack = ntohl(th->th_ack) - dst->seqdiff;
+- pf_change_a(&th->th_seq, &th->th_sum, htonl(seq +
++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq +
+ src->seqdiff), 0);
+- pf_change_a(&th->th_ack, &th->th_sum, htonl(ack), 0);
++ pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0);
+ *copyback = 1;
+ } else {
+ ack = ntohl(th->th_ack);
+@@ -3838,9 +3888,9 @@
+ ack = ntohl(th->th_ack) - dst->seqdiff;
+ if (src->seqdiff) {
+ /* Modulate sequence numbers */
+- pf_change_a(&th->th_seq, &th->th_sum, htonl(seq +
++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq +
+ src->seqdiff), 0);
+- pf_change_a(&th->th_ack, &th->th_sum, htonl(ack), 0);
++ pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0);
+ *copyback = 1;
+ }
+ end = seq + pd->p_len;
+@@ -4294,14 +4344,14 @@
+
+ if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) ||
+ nk->port[pd->sidx] != th->th_sport)
+- pf_change_ap(pd->src, &th->th_sport, pd->ip_sum,
+- &th->th_sum, &nk->addr[pd->sidx],
++ pf_change_ap(m, pd->src, &th->th_sport,
++ pd->ip_sum, &th->th_sum, &nk->addr[pd->sidx],
+ nk->port[pd->sidx], 0, pd->af);
+
+ if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) ||
+ nk->port[pd->didx] != th->th_dport)
+- pf_change_ap(pd->dst, &th->th_dport, pd->ip_sum,
+- &th->th_sum, &nk->addr[pd->didx],
++ pf_change_ap(m, pd->dst, &th->th_dport,
++ pd->ip_sum, &th->th_sum, &nk->addr[pd->didx],
+ nk->port[pd->didx], 0, pd->af);
+ copyback = 1;
+ }
+@@ -4365,13 +4415,13 @@
+
+ if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) ||
+ nk->port[pd->sidx] != uh->uh_sport)
+- pf_change_ap(pd->src, &uh->uh_sport, pd->ip_sum,
++ pf_change_ap(m, pd->src, &uh->uh_sport, pd->ip_sum,
+ &uh->uh_sum, &nk->addr[pd->sidx],
+ nk->port[pd->sidx], 1, pd->af);
+
+ if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) ||
+ nk->port[pd->didx] != uh->uh_dport)
+- pf_change_ap(pd->dst, &uh->uh_dport, pd->ip_sum,
++ pf_change_ap(m, pd->dst, &uh->uh_dport, pd->ip_sum,
+ &uh->uh_sum, &nk->addr[pd->didx],
+ nk->port[pd->didx], 1, pd->af);
+ m_copyback(m, off, sizeof(*uh), (caddr_t)uh);
+@@ -5487,6 +5537,13 @@
+ if (ifp->if_flags & IFF_LOOPBACK)
+ m0->m_flags |= M_SKIP_FIREWALL;
+
++ if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6 &
++ ~ifp->if_hwassist) {
++ uint32_t plen = m0->m_pkthdr.len - sizeof(*ip6);
++ in6_delayed_cksum(m0, plen, sizeof(struct ip6_hdr));
++ m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6;
++ }
++
+ /*
+ * If the packet is too large for the outgoing interface,
+ * send back an icmp6 error.
+--- sys/netpfil/pf/pf_ioctl.c.orig
++++ sys/netpfil/pf/pf_ioctl.c
+@@ -3571,12 +3571,6 @@
+ {
+ int chk;
+
+- /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */
+- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
+- in_delayed_cksum(*m);
+- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
+- }
+-
+ chk = pf_test(PF_OUT, ifp, m, inp);
+ if (chk && *m) {
+ m_freem(*m);
+@@ -3615,14 +3609,6 @@
+ {
+ int chk;
+
+- /* We need a proper CSUM before we start (s. OpenBSD ip_output) */
+- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
+-#ifdef INET
+- /* XXX-BZ copy&paste error from r126261? */
+- in_delayed_cksum(*m);
+-#endif
+- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
+- }
+ CURVNET_SET(ifp->if_vnet);
+ chk = pf_test6(PF_OUT, ifp, m, inp);
+ CURVNET_RESTORE();
+--- sys/netpfil/pf/pf_norm.c.orig
++++ sys/netpfil/pf/pf_norm.c
+@@ -1374,13 +1374,14 @@
+ th->th_x2 = 0;
+ nv = *(u_int16_t *)(&th->th_ack + 1);
+
+- th->th_sum = pf_cksum_fixup(th->th_sum, ov, nv, 0);
++ th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, ov, nv, 0);
+ rewrite = 1;
+ }
+
+ /* Remove urgent pointer, if TH_URG is not set */
+ if (!(flags & TH_URG) && th->th_urp) {
+- th->th_sum = pf_cksum_fixup(th->th_sum, th->th_urp, 0, 0);
++ th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, th->th_urp,
++ 0, 0);
+ th->th_urp = 0;
+ rewrite = 1;
+ }
+@@ -1581,7 +1582,7 @@
+ (src->scrub->pfss_flags &
+ PFSS_TIMESTAMP)) {
+ tsval = ntohl(tsval);
+- pf_change_a(&opt[2],
++ pf_change_proto_a(m, &opt[2],
+ &th->th_sum,
+ htonl(tsval +
+ src->scrub->pfss_ts_mod),
+@@ -1597,7 +1598,7 @@
+ PFSS_TIMESTAMP)) {
+ tsecr = ntohl(tsecr)
+ - dst->scrub->pfss_ts_mod;
+- pf_change_a(&opt[6],
++ pf_change_proto_a(m, &opt[6],
+ &th->th_sum, htonl(tsecr),
+ 0);
+ copyback = 1;
+@@ -1924,8 +1925,8 @@
+ case TCPOPT_MAXSEG:
+ mss = (u_int16_t *)(optp + 2);
+ if ((ntohs(*mss)) > r->max_mss) {
+- th->th_sum = pf_cksum_fixup(th->th_sum,
+- *mss, htons(r->max_mss), 0);
++ th->th_sum = pf_proto_cksum_fixup(m,
++ th->th_sum, *mss, htons(r->max_mss), 0);
+ *mss = htons(r->max_mss);
+ rewrite = 1;
+ }
Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-EN-16:03.yplib
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-EN-16:03.yplib Thu Jan 14 21:29:38 2016 (r294039)
@@ -0,0 +1,121 @@
+--- lib/libc/yp/yplib.c.orig
++++ lib/libc/yp/yplib.c
+@@ -655,7 +655,7 @@
+ struct timeval tv;
+ struct ypreq_key yprk;
+ int r;
+-
++ int retries = 0;
+ *outval = NULL;
+ *outvallen = 0;
+
+@@ -700,6 +700,11 @@
+ #endif
+
+ again:
++ if (retries > MAX_RETRIES) {
++ YPUNLOCK();
++ return (YPERR_RPC);
++ }
++
+ if (_yp_dobind(indomain, &ysd) != 0) {
+ YPUNLOCK();
+ return (YPERR_DOMAIN);
+@@ -716,6 +721,7 @@
+ if (r != RPC_SUCCESS) {
+ clnt_perror(ysd->dom_client, "yp_match: clnt_call");
+ _yp_unbind(ysd);
++ retries++;
+ goto again;
+ }
+
+@@ -772,7 +778,7 @@
+ struct dom_binding *ysd;
+ struct timeval tv;
+ int r;
+-
++ int retries = 0;
+ /* Sanity check */
+
+ if (indomain == NULL || !strlen(indomain) ||
+@@ -784,6 +790,11 @@
+
+ YPLOCK();
+ again:
++ if (retries > MAX_RETRIES) {
++ YPUNLOCK();
++ return (YPERR_RPC);
++ }
++
+ if (_yp_dobind(indomain, &ysd) != 0) {
+ YPUNLOCK();
+ return (YPERR_DOMAIN);
+@@ -802,6 +813,7 @@
+ if (r != RPC_SUCCESS) {
+ clnt_perror(ysd->dom_client, "yp_first: clnt_call");
+ _yp_unbind(ysd);
++ retries++;
+ goto again;
+ }
+ if (!(r = ypprot_err(yprkv.stat))) {
+@@ -844,7 +856,7 @@
+ struct dom_binding *ysd;
+ struct timeval tv;
+ int r;
+-
++ int retries = 0;
+ /* Sanity check */
+
+ if (inkey == NULL || !strlen(inkey) || inkeylen <= 0 ||
+@@ -857,6 +869,11 @@
+
+ YPLOCK();
+ again:
++ if (retries > MAX_RETRIES) {
++ YPUNLOCK();
++ return (YPERR_RPC);
++ }
++
+ if (_yp_dobind(indomain, &ysd) != 0) {
+ YPUNLOCK();
+ return (YPERR_DOMAIN);
+@@ -877,6 +894,7 @@
+ if (r != RPC_SUCCESS) {
+ clnt_perror(ysd->dom_client, "yp_next: clnt_call");
+ _yp_unbind(ysd);
++ retries++;
+ goto again;
+ }
+ if (!(r = ypprot_err(yprkv.stat))) {
+@@ -920,7 +938,7 @@
+ CLIENT *clnt;
+ u_long status, savstat;
+ int clnt_sock;
+-
++ int retries = 0;
+ /* Sanity check */
+
+ if (indomain == NULL || !strlen(indomain) ||
+@@ -929,6 +947,10 @@
+
+ YPLOCK();
+ again:
++ if (retries > MAX_RETRIES) {
++ YPUNLOCK();
++ return (YPERR_RPC);
++ }
+
+ if (_yp_dobind(indomain, &ysd) != 0) {
+ YPUNLOCK();
+@@ -958,9 +980,10 @@
+ if (clnt_call(clnt, YPPROC_ALL,
+ (xdrproc_t)xdr_ypreq_nokey, &yprnk,
+ (xdrproc_t)xdr_ypresp_all_seq, &status, tv) != RPC_SUCCESS) {
+- clnt_perror(ysd->dom_client, "yp_all: clnt_call");
++ clnt_perror(clnt, "yp_all: clnt_call");
+ clnt_destroy(clnt);
+ _yp_unbind(ysd);
++ retries++;
+ goto again;
+ }
+
Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:01.sctp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:01.sctp Thu Jan 14 21:29:38 2016 (r294039)
@@ -0,0 +1,21 @@
+--- sys/netinet6/sctp6_usrreq.c.orig
++++ sys/netinet6/sctp6_usrreq.c
+@@ -379,7 +379,6 @@
+ * XXX: We assume that when IPV6 is non NULL, M and OFF are
+ * valid.
+ */
+- /* check if we can safely examine src and dst ports */
+ struct sctp_inpcb *inp = NULL;
+ struct sctp_tcb *stcb = NULL;
+ struct sctp_nets *net = NULL;
+@@ -388,6 +387,10 @@
+ if (ip6cp->ip6c_m == NULL)
+ return;
+
++ /* Check if we can safely examine the SCTP header. */
++ if (ip6cp->ip6c_m->m_pkthdr.len < ip6cp->ip6c_off + sizeof(sh))
++ return;
++
+ bzero(&sh, sizeof(sh));
+ bzero(&final, sizeof(final));
+ inp = NULL;
Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:02.ntp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/26-SA-16:02.ntp Thu Jan 14 21:29:38 2016 (r294039)
@@ -0,0 +1,15927 @@
+--- contrib/ntp/html/miscopt.html.orig
++++ contrib/ntp/html/miscopt.html
+@@ -3,7 +3,7 @@
+ <head>
+ <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+ <title>Miscellaneous Commands and Options</title>
+-<!-- Changed by: Harlan Stenn, 29-Jun-2015 -->
++<!-- Changed by: Harlan Stenn, 17-Nov-2015 -->
+ <link href="scripts/style.css" type="text/css" rel="stylesheet">
+ </head>
+ <body>
+@@ -11,7 +11,7 @@
+ <img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
+ <p>We have three, now looking for more.</p>
+ <p>Last update:
+- <!-- #BeginDate format:En2m -->23-Sep-2015 10:20<!-- #EndDate -->
++ <!-- #BeginDate format:En2m -->17-Nov-2015 11:06<!-- #EndDate -->
+ UTC</p>
+ <br clear="left">
+ <h4>Related Links</h4>
+@@ -57,7 +57,7 @@
+ <dt id="interface"><tt>interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | <i>name</i> | <i>address</i>[/<i>prefixlen</i>]]</tt></dt>
+ <dd>This command controls which network addresses <tt>ntpd</tt> opens, and whether input is dropped without processing. The first parameter determines the action for addresses which match the second parameter. That parameter specifies a class of addresses, or a specific interface name, or an address. In the address case, <tt><i>prefixlen</i></tt> determines how many bits must match for this rule to apply. <tt>ignore</tt> prevents opening matching addresses, <tt>drop</tt> causes <tt>ntpd</tt> to open the address and drop all received packets without examination. Multiple <tt>interface</tt> commands can be used. The last rule which matches a particular address determines the action for it. <tt>interface</tt> commands are disabled if any <a href="ntpd.html#--interface"><tt>-I</tt></a>, <a href="ntpd.html#--interface"><tt>--interface</tt></a>, <a href="ntpd.html#--novirtualips"><tt>-L</tt></a>, or <a href="ntpd.html#--novirtualips"><tt>--novirtualips</tt></a> command-line options are
used. If none of those options are used and no <tt>interface</tt> actions are specified in the configuration file, all available network addresses are opened. The <tt>nic</tt> command is an alias for <tt>interface</tt>.</dd>
+ <dt id="leapfile"><tt>leapfile <i>leapfile</i></tt></dt>
+- <dd>This command loads the NIST leapseconds file and initializes the leapsecond values for the next leapsecond time, expiration time and TAI offset. The file can be obtained directly from NIST national time servers using <tt>ftp</tt> as the ASCII file <tt>pub/leap-seconds</tt>.</dd>
++ <dd>This command loads the IERS leapseconds file and initializes the leapsecond values for the next leapsecond time, expiration time and TAI offset. The file can be obtained directly from the IERS at <a href="https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list">https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list</a> or <a href="ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list">ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list</a>.</dd>
+ <dd>The <i>leapfile</i> is scanned when <tt>ntpd</tt> processes the <tt>leapfile</tt> directive or when <tt>ntpd</tt> detects that <i>leapfile</i> has changed. <tt>ntpd</tt> checks once a day to see if the <i>leapfile</i> has changed.</dd>
+ <dd>While not strictly a security function, the Autokey protocol provides means to securely retrieve the current or updated leapsecond values from a server.</dd>
+ <dt id="leapsmearinterval"><tt>leapsmearinterval <i>seconds</i></tt></dt>
+--- contrib/ntp/include/Makefile.am.orig
++++ contrib/ntp/include/Makefile.am
+@@ -66,6 +66,7 @@
+ recvbuff.h \
+ refclock_atom.h \
+ refidsmear.h \
++ safecast.h \
+ ssl_applink.c \
+ timepps-SCO.h \
+ timepps-Solaris.h \
+--- contrib/ntp/include/Makefile.in.orig
++++ contrib/ntp/include/Makefile.in
+@@ -551,6 +551,7 @@
+ recvbuff.h \
+ refclock_atom.h \
+ refidsmear.h \
++ safecast.h \
+ ssl_applink.c \
+ timepps-SCO.h \
+ timepps-Solaris.h \
+--- contrib/ntp/include/ntp_refclock.h.orig
++++ contrib/ntp/include/ntp_refclock.h
+@@ -220,7 +220,7 @@
+ extern void refclock_control(sockaddr_u *,
+ const struct refclockstat *,
+ struct refclockstat *);
+-extern int refclock_open (char *, u_int, u_int);
++extern int refclock_open (const char *, u_int, u_int);
+ extern int refclock_setup (int, u_int, u_int);
+ extern void refclock_timer (struct peer *);
+ extern void refclock_transmit(struct peer *);
+--- contrib/ntp/include/ntp_stdlib.h.orig
++++ contrib/ntp/include/ntp_stdlib.h
+@@ -65,8 +65,8 @@
+ /* authkeys.c */
+ extern void auth_delkeys (void);
+ extern int auth_havekey (keyid_t);
+-extern int authdecrypt (keyid_t, u_int32 *, int, int);
+-extern int authencrypt (keyid_t, u_int32 *, int);
++extern int authdecrypt (keyid_t, u_int32 *, size_t, size_t);
++extern size_t authencrypt (keyid_t, u_int32 *, size_t);
+ extern int authhavekey (keyid_t);
+ extern int authistrusted (keyid_t);
+ extern int authreadkeys (const char *);
+@@ -95,8 +95,8 @@
+ extern int ymd2yd (int, int, int);
+
+ /* a_md5encrypt.c */
+-extern int MD5authdecrypt (int, u_char *, u_int32 *, int, int);
+-extern int MD5authencrypt (int, u_char *, u_int32 *, int);
++extern int MD5authdecrypt (int, const u_char *, u_int32 *, size_t, size_t);
++extern size_t MD5authencrypt (int, const u_char *, u_int32 *, size_t);
+ extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t);
+ extern u_int32 addr2refid (sockaddr_u *);
+
+--- contrib/ntp/include/ntp_worker.h.orig
++++ contrib/ntp/include/ntp_worker.h
+@@ -43,19 +43,22 @@
+ } blocking_pipe_header;
+
+ # ifdef WORK_THREAD
+-# ifdef WORK_PIPE
+-typedef pthread_t * thr_ref;
+-typedef sem_t * sem_ref;
++# ifdef SYS_WINNT
++typedef struct { HANDLE thnd; } thread_type;
++typedef struct { HANDLE shnd; } sema_type;
+ # else
+-typedef HANDLE thr_ref;
+-typedef HANDLE sem_ref;
++typedef pthread_t thread_type;
++typedef sem_t sema_type;
+ # endif
++typedef thread_type *thr_ref;
++typedef sema_type *sem_ref;
+ # endif
+
+ /*
+ *
+ */
+-#ifdef WORK_FORK
++#if defined(WORK_FORK)
++
+ typedef struct blocking_child_tag {
+ int reusable;
+ int pid;
+@@ -66,38 +69,59 @@
+ int resp_write_pipe;
+ int ispipe;
+ } blocking_child;
++
+ #elif defined(WORK_THREAD)
++
+ typedef struct blocking_child_tag {
+ /*
+ * blocking workitems and blocking_responses are dynamically-sized
+ * one-dimensional arrays of pointers to blocking worker requests and
+ * responses.
++ *
++ * IMPORTANT: This structure is shared between threads, and all access
++ * that is not atomic (especially queue operations) must hold the
++ * 'accesslock' semaphore to avoid data races.
++ *
++ * The resource management (thread/semaphore creation/destruction)
++ * functions and functions just testing a handle are safe because these
++ * are only changed by the main thread when no worker is running on the
++ * same data structure.
+ */
+ int reusable;
+- thr_ref thread_ref;
+- u_int thread_id;
+- blocking_pipe_header * volatile * volatile
++ sem_ref accesslock; /* shared access lock */
++ thr_ref thread_ref; /* thread 'handle' */
++
++ /* the reuest queue */
++ blocking_pipe_header ** volatile
+ workitems;
+ volatile size_t workitems_alloc;
+- size_t next_workitem; /* parent */
+- size_t next_workeritem; /* child */
+- blocking_pipe_header * volatile * volatile
++ size_t head_workitem; /* parent */
++ size_t tail_workitem; /* child */
++ sem_ref workitems_pending; /* signalling */
++
++ /* the response queue */
++ blocking_pipe_header ** volatile
+ responses;
+ volatile size_t responses_alloc;
+- size_t next_response; /* child */
+- size_t next_workresp; /* parent */
++ size_t head_response; /* child */
++ size_t tail_response; /* parent */
++
+ /* event handles / sem_t pointers */
+- /* sem_ref child_is_blocking; */
+- sem_ref blocking_req_ready;
+ sem_ref wake_scheduled_sleep;
++
++ /* some systems use a pipe for notification, others a semaphore.
++ * Both employ the queue above for the actual data transfer.
++ */
+ #ifdef WORK_PIPE
+- int resp_read_pipe; /* parent */
+- int resp_write_pipe;/* child */
++ int resp_read_pipe; /* parent */
++ int resp_write_pipe; /* child */
+ int ispipe;
+- void * resp_read_ctx; /* child */
++ void * resp_read_ctx; /* child */
+ #else
+- sem_ref blocking_response_ready;
++ sem_ref responses_pending; /* signalling */
+ #endif
++ sema_type sem_table[4];
++ thread_type thr_table[1];
+ } blocking_child;
+
+ #endif /* WORK_THREAD */
+@@ -111,7 +135,7 @@
+ extern int queue_blocking_request(blocking_work_req, void *,
+ size_t, blocking_work_callback,
+ void *);
+-extern int queue_blocking_response(blocking_child *,
++extern int queue_blocking_response(blocking_child *,
+ blocking_pipe_header *, size_t,
+ const blocking_pipe_header *);
+ extern void process_blocking_resp(blocking_child *);
+--- contrib/ntp/include/ntpd.h.orig
++++ contrib/ntp/include/ntpd.h
+@@ -156,7 +156,7 @@
+ extern int freq_cnt;
+
+ /* ntp_monitor.c */
+-#define MON_HASH_SIZE (1U << mon_hash_bits)
++#define MON_HASH_SIZE ((size_t)1U << mon_hash_bits)
+ #define MON_HASH_MASK (MON_HASH_SIZE - 1)
+ #define MON_HASH(addr) (sock_hash(addr) & MON_HASH_MASK)
+ extern void init_mon (void);
+@@ -408,6 +408,7 @@
+ extern int ext_enable; /* external clock enabled */
+ extern int cal_enable; /* refclock calibrate enable */
+ extern int allow_panic; /* allow panic correction (-g) */
++extern int enable_panic_check; /* Can we check allow_panic's state? */
+ extern int force_step_once; /* always step time once at startup (-G) */
+ extern int mode_ntpdate; /* exit on first clock set (-q) */
+ extern int peer_ntpdate; /* count of ntpdate peers */
+--- contrib/ntp/include/safecast.h.orig
++++ contrib/ntp/include/safecast.h
+@@ -0,0 +1,34 @@
++#ifndef SAFECAST_H
++#define SAFECAST_H
++
++#include <limits.h>
++static inline int size2int_chk(size_t v)
++{
++ if (v > INT_MAX)
++ abort();
++ return (int)(v);
++}
++
++static inline int size2int_sat(size_t v)
++{
++ return (v > INT_MAX) ? INT_MAX : (int)v;
++}
++
++/* Compilers can emit warning about increased alignment requirements
++ * when casting pointers. The impact is tricky: on machines where
++ * alignment is just a performance issue (x86,x64,...) this might just
++ * cause a performance penalty. On others, an address error can occur
++ * and the process dies...
++ *
++ * Still, there are many cases where the pointer arithmetic and the
++ * buffer alignment make sure this does not happen. OTOH, the compiler
++ * doesn't know this and still emits warnings.
++ *
++ * The following cast macros are going through void pointers to tell
++ * the compiler that there is no alignment requirement to watch.
++ */
++#define UA_PTR(ptype,pval) ((ptype *)(void*)(pval))
++#define UAC_PTR(ptype,pval) ((const ptype *)(const void*)(pval))
++#define UAV_PTR(ptype,pval) ((volatile ptype *)(volatile void*)(pval))
++
++#endif
+--- contrib/ntp/lib/isc/win32/interfaceiter.c.orig
++++ contrib/ntp/lib/isc/win32/interfaceiter.c
+@@ -54,7 +54,7 @@
+ IP_ADAPTER_ADDRESSES * ipaaCur; /* enumeration position */
+ IP_ADAPTER_UNICAST_ADDRESS *ipuaCur; /* enumeration subposition */
+ /* fields used for the older address enumeration ioctls */
+- int socket;
++ SOCKET socket;
+ INTERFACE_INFO IFData; /* Current Interface Info */
+ int numIF; /* Current Interface count */
+ int v4IF; /* Number of IPv4 Interfaces */
+--- contrib/ntp/lib/isc/win32/net.c.orig
++++ contrib/ntp/lib/isc/win32/net.c
+@@ -216,7 +216,8 @@
+
+ static void
+ try_ipv6pktinfo(void) {
+- int s, on;
++ SOCKET s;
++ int on;
+ char strbuf[ISC_STRERRORSIZE];
+ isc_result_t result;
+ int optname;
+--- contrib/ntp/lib/isc/backtrace.c.orig
++++ contrib/ntp/lib/isc/backtrace.c
+@@ -278,7 +278,7 @@
+ result = ISC_R_NOTFOUND;
+ else {
+ *symbolp = found->symbol;
+- *offsetp = (const char *)addr - (char *)found->addr;
++ *offsetp = (u_long)((const char *)addr - (char *)found->addr);
+ }
+
+ return (result);
+--- contrib/ntp/lib/isc/buffer.c.orig
++++ contrib/ntp/lib/isc/buffer.c
+@@ -406,7 +406,7 @@
+
+ void
+ isc__buffer_putstr(isc_buffer_t *b, const char *source) {
+- unsigned int l;
++ size_t l;
+ unsigned char *cp;
+
+ REQUIRE(ISC_BUFFER_VALID(b));
+@@ -421,7 +421,7 @@
+
+ cp = isc_buffer_used(b);
+ memcpy(cp, source, l);
+- b->used += l;
++ b->used += (u_int)l; /* checked above - no overflow here */
+ }
+
+ isc_result_t
+--- contrib/ntp/lib/isc/inet_aton.c.orig
++++ contrib/ntp/lib/isc/inet_aton.c
+@@ -92,7 +92,7 @@
+ int
+ isc_net_aton(const char *cp, struct in_addr *addr) {
+ unsigned long val;
+- int base, n;
++ int base;
+ unsigned char c;
+ isc_uint8_t parts[4];
+ isc_uint8_t *pp = parts;
+@@ -166,8 +166,7 @@
+ * Concoct the address according to
+ * the number of parts specified.
+ */
+- n = pp - parts + 1;
+- switch (n) {
++ switch (pp - parts + 1) {
+ case 1: /* a -- 32 bits */
+ break;
+
+--- contrib/ntp/lib/isc/inet_pton.c.orig
++++ contrib/ntp/lib/isc/inet_pton.c
+@@ -92,7 +92,7 @@
+ const char *pch;
+
+ if ((pch = strchr(digits, ch)) != NULL) {
+- unsigned int newv = *tp * 10 + (pch - digits);
++ size_t newv = *tp * 10 + (pch - digits);
+
+ if (saw_digit && *tp == 0)
+ return (0);
+@@ -197,12 +197,12 @@
+ * Since some memmove()'s erroneously fail to handle
+ * overlapping regions, we'll do the shift by hand.
+ */
+- const int n = tp - colonp;
++ const size_t n = tp - colonp;
+ int i;
+
+ if (tp == endp)
+ return (0);
+- for (i = 1; i <= n; i++) {
++ for (i = 1; (size_t)i <= n; i++) {
+ endp[- i] = colonp[n - i];
+ colonp[n - i] = 0;
+ }
+--- contrib/ntp/lib/isc/log.c.orig
++++ contrib/ntp/lib/isc/log.c
+@@ -1146,7 +1146,7 @@
+ char *basenam, *digit_end;
+ const char *dirname;
+ int version, greatest = -1;
+- unsigned int basenamelen;
++ size_t basenamelen;
+ isc_dir_t dir;
+ isc_result_t result;
+ char sep = '/';
+--- contrib/ntp/lib/isc/netaddr.c.orig
++++ contrib/ntp/lib/isc/netaddr.c
+@@ -159,7 +159,7 @@
+ if (r == NULL)
+ return (ISC_R_FAILURE);
+
+- alen = strlen(abuf);
++ alen = (unsigned int)strlen(abuf); /* no overflow possible */
+ INSIST(alen < sizeof(abuf));
+
+ zlen = 0;
+--- contrib/ntp/lib/isc/sockaddr.c.orig
++++ contrib/ntp/lib/isc/sockaddr.c
+@@ -134,7 +134,7 @@
+ break;
+ #ifdef ISC_PLAFORM_HAVESYSUNH
+ case AF_UNIX:
+- plen = strlen(sockaddr->type.sunix.sun_path);
++ plen = (unsigned int)strlen(sockaddr->type.sunix.sun_path);
+ if (plen >= isc_buffer_availablelength(target))
+ return (ISC_R_NOSPACE);
+
+@@ -153,7 +153,7 @@
+ return (ISC_R_FAILURE);
+ }
+
+- plen = strlen(pbuf);
++ plen = (unsigned int)strlen(pbuf);
+ INSIST(plen < sizeof(pbuf));
+
+ isc_netaddr_fromsockaddr(&netaddr, sockaddr);
+--- contrib/ntp/lib/isc/task.c.orig
++++ contrib/ntp/lib/isc/task.c
+@@ -329,7 +329,7 @@
+ isc__task_create(isc_taskmgr_t *manager0, unsigned int quantum,
+ isc_task_t **taskp)
+ {
+- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++ isc__taskmgr_t *manager = (void*)manager0;
+ isc__task_t *task;
+ isc_boolean_t exiting;
+ isc_result_t result;
+@@ -1463,7 +1463,7 @@
+ */
+
+ REQUIRE(managerp != NULL);
+- manager = (isc__taskmgr_t *)*managerp;
++ manager = (void*)(*managerp);
+ REQUIRE(VALID_MANAGER(manager));
+
+ #ifndef USE_WORKER_THREADS
+@@ -1559,7 +1559,7 @@
+
+ ISC_TASKFUNC_SCOPE void
+ isc__taskmgr_setmode(isc_taskmgr_t *manager0, isc_taskmgrmode_t mode) {
+- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++ isc__taskmgr_t *manager = (void*)manager0;
+
+ LOCK(&manager->lock);
+ manager->mode = mode;
+@@ -1568,7 +1568,7 @@
+
+ ISC_TASKFUNC_SCOPE isc_taskmgrmode_t
+ isc__taskmgr_mode(isc_taskmgr_t *manager0) {
+- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++ isc__taskmgr_t *manager = (void*)manager0;
+ isc_taskmgrmode_t mode;
+ LOCK(&manager->lock);
+ mode = manager->mode;
+@@ -1579,7 +1579,7 @@
+ #ifndef USE_WORKER_THREADS
+ isc_boolean_t
+ isc__taskmgr_ready(isc_taskmgr_t *manager0) {
+- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++ isc__taskmgr_t *manager = (void*)manager0;
+ isc_boolean_t is_ready;
+
+ #ifdef USE_SHARED_MANAGER
+@@ -1598,7 +1598,7 @@
+
+ isc_result_t
+ isc__taskmgr_dispatch(isc_taskmgr_t *manager0) {
+- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++ isc__taskmgr_t *manager = (void*)manager0;
+
+ #ifdef USE_SHARED_MANAGER
+ if (manager == NULL)
+@@ -1615,7 +1615,7 @@
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list