From owner-svn-src-stable-6@FreeBSD.ORG Sun Apr 3 03:45:45 2011 Return-Path: Delivered-To: svn-src-stable-6@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFBAF106566B; Sun, 3 Apr 2011 03:45:45 +0000 (UTC) (envelope-from edwin@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 9F56F8FC1B; Sun, 3 Apr 2011 03:45:45 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p333jjC6001657; Sun, 3 Apr 2011 03:45:45 GMT (envelope-from edwin@svn.freebsd.org) Received: (from edwin@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p333jjHd001651; Sun, 3 Apr 2011 03:45:45 GMT (envelope-from edwin@svn.freebsd.org) Message-Id: <201104030345.p333jjHd001651@svn.freebsd.org> From: Edwin Groothuis Date: Sun, 3 Apr 2011 03:45:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org X-SVN-Group: stable-6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r220289 - stable/6/share/zoneinfo X-BeenThere: svn-src-stable-6@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 6-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2011 03:45:45 -0000 Author: edwin Date: Sun Apr 3 03:45:45 2011 New Revision: 220289 URL: http://svn.freebsd.org/changeset/base/220289 Log: MFC of 220286, tzdata2011e: Change for Africa/Casablanca: - The 3rd april 2011 at 00:00:00, [it] will be 3rd april 1:00:00 - The 31th july 2011 at 00:59:59, [it] will be 31th July 00:00:00 Update for SouthAmerica/Chili: - Chile's clocks will go back an hour this year on the 7th of May instead of this Saturday. They will go forward again the 3rd Saturday in August, not in October as they have since 1968. This is a pilot plan which will be reevaluated in 2012. Modified: stable/6/share/zoneinfo/africa stable/6/share/zoneinfo/asia stable/6/share/zoneinfo/europe stable/6/share/zoneinfo/southamerica stable/6/share/zoneinfo/zone.tab Directory Properties: stable/6/share/zoneinfo/ (props changed) Modified: stable/6/share/zoneinfo/africa ============================================================================== --- stable/6/share/zoneinfo/africa Sun Apr 3 03:44:48 2011 (r220288) +++ stable/6/share/zoneinfo/africa Sun Apr 3 03:45:45 2011 (r220289) @@ -1,5 +1,5 @@ # 
-# @(#)africa	8.28
+# @(#)africa	8.30
 # This file is in the public domain, so clarified as of
 # 2009-05-17 by Arthur David Olson.
 
@@ -712,6 +712,48 @@ Zone	Indian/Mayotte	3:00:56 -	LMT	1911 J
 # http://www.timeanddate.com/news/time/morocco-starts-dst-2010.html
 # 
 
+# From Dan Abitol (2011-03-30):
+# ...Rules for Africa/Casablanca are the following (24h format)
+# The 3rd april 2011 at 00:00:00, [it] will be 3rd april 1:00:00
+# The 31th july 2011 at 00:59:59,  [it] will be 31th July 00:00:00
+# ...Official links of change in morocco
+# The change was broadcast on the FM Radio
+# I ve called ANRT (telecom regulations in Morocco) at
+# +212.537.71.84.00
+# 
+# http://www.anrt.net.ma/fr/
+# 
+# They said that
+# 
+# http://www.map.ma/fr/sections/accueil/l_heure_legale_au_ma/view
+# 
+# is the official publication to look at.
+# They said that the decision was already taken.
+#
+# More articles in the press
+# 
+# http://www.yabiladi.com/articles/details/5058/secret-l-heure-d-ete-maroc-lev
+# 
+# e.html
+# 
+# http://www.lematin.ma/Actualite/Express/Article.asp?id=148923
+# 
+# 
+# http://www.lavieeco.com/actualite/Le-Maroc-passe-sur-GMT%2B1-a-partir-de-dim
+# anche-prochain-5538.html
+# 
+
+# From Petr Machata (2011-03-30):
+# They have it written in English here:
+# 
+# http://www.map.ma/eng/sections/home/morocco_to_spring_fo/view
+# 
+#
+# It says there that "Morocco will resume its standard time on July 31,
+# 2011 at midnight." Now they don't say whether they mean midnight of
+# wall clock time (i.e. 11pm UTC), but that's what I would assume. It has
+# also been like that in the past.
+
 # RULE	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 
 Rule	Morocco	1939	only	-	Sep	12	 0:00	1:00	S
@@ -735,6 +777,8 @@ Rule	Morocco	2009	only	-	Jun	 1	 0:00	1:
 Rule	Morocco	2009	only	-	Aug	 21	 0:00	0	-
 Rule	Morocco	2010	only	-	May	 2	 0:00	1:00	S
 Rule	Morocco	2010	only	-	Aug	 8	 0:00	0	-
+Rule	Morocco	2011	only	-	Apr	 3	 0:00	1:00	S
+Rule	Morocco	2011	only	-	Jul	 31	 0	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone Africa/Casablanca	-0:30:20 -	LMT	1913 Oct 26
 			 0:00	Morocco	WE%sT	1984 Mar 16

Modified: stable/6/share/zoneinfo/asia
==============================================================================
--- stable/6/share/zoneinfo/asia	Sun Apr  3 03:44:48 2011	(r220288)
+++ stable/6/share/zoneinfo/asia	Sun Apr  3 03:45:45 2011	(r220289)
@@ -1,4 +1,4 @@
-# @(#)asia	8.62
+# @(#)asia	8.64
 # This file is in the public domain, so clarified as of
 # 2009-05-17 by Arthur David Olson.
 

Modified: stable/6/share/zoneinfo/europe
==============================================================================
--- stable/6/share/zoneinfo/europe	Sun Apr  3 03:44:48 2011	(r220288)
+++ stable/6/share/zoneinfo/europe	Sun Apr  3 03:45:45 2011	(r220289)
@@ -1,5 +1,5 @@
 # 
-# @(#)europe	8.28
+# @(#)europe	8.31
 # This file is in the public domain, so clarified as of
 # 2009-05-17 by Arthur David Olson.
 

Modified: stable/6/share/zoneinfo/southamerica
==============================================================================
--- stable/6/share/zoneinfo/southamerica	Sun Apr  3 03:44:48 2011	(r220288)
+++ stable/6/share/zoneinfo/southamerica	Sun Apr  3 03:45:45 2011	(r220289)
@@ -1,5 +1,5 @@
 # 
-# @(#)southamerica	8.45
+# @(#)southamerica	8.47
 # This file is in the public domain, so clarified as of
 # 2009-05-17 by Arthur David Olson.
 
@@ -1171,6 +1171,19 @@ Zone America/Rio_Branco	-4:31:12 -	LMT	1
 # From Arthur David Olson (2011-03-02):
 # The emol.com article mentions a water shortage as the cause of the
 # postponement, which may mean that it's not a permanent change.
+
+# From Glenn Eychaner (2011-03-28):
+# The article:
+# 
+# http://diario.elmercurio.com/2011/03/28/_portada/_portada/noticias/7565897A-CA86-49E6-9E03-660B21A4883E.htm?id=3D{7565897A-CA86-49E6-9E03-660B21A4883E}
+# 
+#
+# In English:
+# Chile's clocks will go back an hour this year on the 7th of May instead
+# of this Saturday. They will go forward again the 3rd Saturday in
+# August, not in October as they have since 1968. This is a pilot plan
+# which will be reevaluated in 2012.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Chile	1927	1932	-	Sep	 1	0:00	1:00	S
 Rule	Chile	1928	1932	-	Apr	 1	0:00	0	-
@@ -1200,13 +1213,16 @@ Rule	Chile	1997	only	-	Mar	30	3:00u	0	-
 Rule	Chile	1998	only	-	Mar	Sun>=9	3:00u	0	-
 Rule	Chile	1998	only	-	Sep	27	4:00u	1:00	S
 Rule	Chile	1999	only	-	Apr	 4	3:00u	0	-
-Rule	Chile	1999	max	-	Oct	Sun>=9	4:00u	1:00	S
+Rule	Chile	1999	2010	-	Oct	Sun>=9	4:00u	1:00	S
+Rule	Chile	2011	only	-	Aug	Sun>=16	4:00u	1:00	S
+Rule	Chile	2012	max	-	Oct	Sun>=9	4:00u	1:00	S
 Rule	Chile	2000	2007	-	Mar	Sun>=9	3:00u	0	-
 # N.B.: the end of March 29 in Chile is March 30 in Universal time,
 # which is used below in specifying the transition.
 Rule	Chile	2008	only	-	Mar	30	3:00u	0	-
 Rule	Chile	2009	only	-	Mar	Sun>=9	3:00u	0	-
-Rule	Chile	2010	2011	-	Apr	Sun>=1	3:00u	0	-
+Rule	Chile	2010	only	-	Apr	Sun>=1	3:00u	0	-
+Rule	Chile	2011	only	-	May	Sun>=2	3:00u	0	-
 Rule	Chile	2012	max	-	Mar	Sun>=9	3:00u	0	-
 # IATA SSIM anomalies: (1992-02) says 1992-03-14;
 # (1996-09) says 1998-03-08.  Ignore these.

Modified: stable/6/share/zoneinfo/zone.tab
==============================================================================
--- stable/6/share/zoneinfo/zone.tab	Sun Apr  3 03:44:48 2011	(r220288)
+++ stable/6/share/zoneinfo/zone.tab	Sun Apr  3 03:45:45 2011	(r220289)
@@ -1,5 +1,5 @@
 # 
-# @(#)zone.tab	8.41
+# @(#)zone.tab	8.43
 # This file is in the public domain, so clarified as of
 # 2009-05-17 by Arthur David Olson.
 #

From owner-svn-src-stable-6@FreeBSD.ORG  Sat Apr  9 11:03:04 2011
Return-Path: 
Delivered-To: svn-src-stable-6@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9F21A106564A;
	Sat,  9 Apr 2011 11:03:04 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 8159E8FC0A;
	Sat,  9 Apr 2011 11:03:04 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p39B346Y011760;
	Sat, 9 Apr 2011 11:03:04 GMT (envelope-from bz@svn.freebsd.org)
Received: (from bz@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id p39B34tx011757;
	Sat, 9 Apr 2011 11:03:04 GMT (envelope-from bz@svn.freebsd.org)
Message-Id: <201104091103.p39B34tx011757@svn.freebsd.org>
From: "Bjoern A. Zeeb" 
Date: Sat, 9 Apr 2011 11:03:04 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org
X-SVN-Group: stable-6
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r220485 - in stable/6/sys: netinet6 netipsec
X-BeenThere: svn-src-stable-6@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 6-stable src tree
	
List-Unsubscribe: , 
	
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
	
X-List-Received-Date: Sat, 09 Apr 2011 11:03:04 -0000

Author: bz
Date: Sat Apr  9 11:03:04 2011
New Revision: 220485
URL: http://svn.freebsd.org/changeset/base/220485

Log:
  MFC r220247:
  
    Do not allow directly recursive RFC3173 IPComp payload.
  
    While IPv6 does count iterations over next headers in ip6_input,
    we still disallow directly recursive IPComp payload in the KAME code.
  
  Security:	CVE-2011-1547

Modified:
  stable/6/sys/netinet6/ipcomp_input.c
  stable/6/sys/netipsec/xform_ipcomp.c
Directory Properties:
  stable/6/sys/   (props changed)
  stable/6/sys/contrib/pf/   (props changed)
  stable/6/sys/dev/cxgb/   (props changed)

Modified: stable/6/sys/netinet6/ipcomp_input.c
==============================================================================
--- stable/6/sys/netinet6/ipcomp_input.c	Sat Apr  9 10:58:38 2011	(r220484)
+++ stable/6/sys/netinet6/ipcomp_input.c	Sat Apr  9 11:03:04 2011	(r220485)
@@ -117,8 +117,21 @@ ipcomp4_input(m, off)
 		goto fail;
 	}
 	ipcomp = mtod(md, struct ipcomp *);
-	ip = mtod(m, struct ip *);
 	nxt = ipcomp->comp_nxt;
+
+	/*
+	 * Check that the next header of the IPComp is not IPComp again, before
+	 * doing any real work.  Given it is not possible to do double
+	 * compression it means someone is playing tricks on us.
+	 */
+	if (nxt == IPPROTO_IPCOMP) {
+		ipseclog((LOG_ERR, "IPv4 IPComp input: "
+		    "recursive compression detected."));
+		ipsecstat.in_inval++;
+		goto fail;
+	}
+
+	ip = mtod(m, struct ip *);
 #ifdef _IP_VHL
 	hlen = IP_VHL_HL(ip->ip_vhl) << 2;
 #else
@@ -269,6 +282,18 @@ ipcomp6_input(mp, offp, proto)
 	ip6 = mtod(m, struct ip6_hdr *);
 	nxt = ipcomp->comp_nxt;
 
+	/*
+	 * Check that the next header of the IPComp is not IPComp again, before
+	 * doing any real work.  Given it is not possible to do double
+	 * compression it means someone is playing tricks on us.
+	 */
+	if (nxt == IPPROTO_IPCOMP) {
+		ipseclog((LOG_ERR, "IPv6 IPComp input: "
+		    "recursive compression detected."));
+		ipsecstat.in_inval++;
+		goto fail;
+	}
+
 	cpi = ntohs(ipcomp->comp_cpi);
 
 	if (cpi >= IPCOMP_CPI_NEGOTIATE_MIN) {

Modified: stable/6/sys/netipsec/xform_ipcomp.c
==============================================================================
--- stable/6/sys/netipsec/xform_ipcomp.c	Sat Apr  9 10:58:38 2011	(r220484)
+++ stable/6/sys/netipsec/xform_ipcomp.c	Sat Apr  9 11:03:04 2011	(r220485)
@@ -139,10 +139,31 @@ ipcomp_input(struct mbuf *m, struct seca
 	struct tdb_crypto *tc;
 	struct cryptodesc *crdc;
 	struct cryptop *crp;
+	struct ipcomp *ipcomp;
+	caddr_t addr;
 	int hlen = IPCOMP_HLENGTH;
 
 	IPSEC_SPLASSERT_SOFTNET(__func__);
 
+	/*
+	 * Check that the next header of the IPComp is not IPComp again, before
+	 * doing any real work.  Given it is not possible to do double
+	 * compression it means someone is playing tricks on us.
+	 */
+	if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == NULL) {
+		ipcompstat.ipcomps_hdrops++;		/*XXX*/
+		DPRINTF(("%s: m_pullup failed\n", __func__));
+		return (ENOBUFS);
+	}
+	addr = (caddr_t) mtod(m, struct ip *) + skip;
+	ipcomp = (struct ipcomp *)addr;
+	if (ipcomp->comp_nxt == IPPROTO_IPCOMP) {
+		m_freem(m);
+		ipcompstat.ipcomps_pdrops++;	/* XXX have our own stats? */
+		DPRINTF(("%s: recursive compression detected\n", __func__));
+		return (EINVAL);
+	}
+
 	/* Get crypto descriptors */
 	crp = crypto_getreq(1);
 	if (crp == NULL) {