From binutils commits 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 and
7e1e19887abd24aeb15066b141cdff5541e0ec8e, made available under GPLv2
by Nick Clifton.
PR: 198824
MFC after: 1 week
Security: CVE-2014-8501
Security: CVE-2014-8502
From binutils commit 0102ea8cec5fc509bba6c91df61b7ce23a799d32, made
available under GPLv2 by Nick Clifton.
PR: 198824
MFC after: 1 week
Security: CVE-2014-8503
Don't install the ib_user_mad.h header file into user-space,
because it conflicts with umad.h from libibumad.h when building
libsysdecode.
Sponsored by: Mellanox Technologies
As of r325320 posix_fallocate on a ZFS filesystem returns EINVAL to
indicate that the operation is not supported. (I think this is a strange
choice of errno on the part of POSIX.)
PR: 223383, 223440
Reported by: Mark Millard
Tested by: Mark Millard
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
linked with AddressSanitizer (even those linked on earlier versions of
FreeBSD, or with external versions of clang) started failing with errors
similar to:
==14688==AddressSanitizer CHECK failed:
/usr/src/contrib/compiler-rt/lib/asan/asan_poisoning.cc:36
"((AddrIsAlignedByGranularity(addr))) != (0)" (0x0, 0x0)
This is because AddressSanitizer expects all the TLS data in the program
to be aligned to at least 8 bytes.
Before the jemalloc 5.0.0 update, all the TLS data in the i386 version
of libc.so added up to 80 bytes (a multiple of 8), but 5.0.0 made this
grow to 2404 bytes (not a multiple of 8). This is due to added caching
data in jemalloc's internal struct tsd_s.
To fix AddressSanitizer, ensure this struct is aligned to at least 16
bytes, which can be done unconditionally for all architectures. (An
earlier version of the fix aligned the struct to 8 bytes, but only for
ILP32 architectures. This was deemed unnecessarily complicated.)
PR: 221337
X-MFC-With: r319971
AArch64: account for possible frame index operand in compares.
If the address of a local is used in a comparison, AArch64 can fold
the address-calculation into the comparison via "adds".
Unfortunately, a couple of places (both hit in this one test) are not
ready to deal with that yet and just assume the first source operand
is a register.
This should fix an assertion failure while building the test suite of
www/firefox for AArch64.
PR: 223048
MFC after: 3 days
hostapd: Avoid key reinstallation in FT handshake
Prevent reinstallation of an already in-use group key
Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
Prevent installation of an all-zero TK
Fix PTK rekeying to generate a new ANonce
TDLS: Reject TPK-TK reconfiguration
WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
WNM: Ignore WNM-Sleep Mode Response without pending request
FT: Do not allow multiple Reassociation Response frames
TDLS: Ignore incoming TDLS Setup Response retries
Submitted by: jhb
Obtained from: https://w1.fi/security/2017-01/ (against later version)
Security: FreeBSD-SA-17:07
Security: CERT VU#228519
Security: CVE-2017-13077
Security: CVE-2017-13078
Security: CVE-2017-13079
Security: CVE-2017-13080
Security: CVE-2017-13081
Security: CVE-2017-13082
Security: CVE-2017-13086
Security: CVE-2017-13087
Security: CVE-2017-13088
Differential Revision: https://reviews.freebsd.org/D12693
arm uses '@' as a comment character, and cannot use @progbits in the
.section directive. Apply the upstream noexec stach change which avoids
this issue.
Obtained from: LLVM r277868
This fixes clang-built binaries on a gcc powerpc64 world. Gets us one step
closer to a clang-built world. The same change was made in later upstream
binutils.
Submitted by: rdivacky
MFC after: 2 weeks
Using HAVE_* is a internal tcpdump style standard.
We want to be consistent with the standard to upstream those changes in
the future.
Requested by: glebius@
Sync libarchive with vendor.
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
MFC after: 1 week
Security: CVE-2017-14166, CVE-2017-14502
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
Security: CVE-2017-14166, CVE-2017-14502
If unwinding stops due to hitting the end of the call chain, the return
value is supposed to be _URC_END_OF_STACK; other values indicate internal
errors. The return value from get_eit_entry() is now returned without
translating it to _URC_FAILURE, so that callers can see _URC_END_OF_STACK
when it happens.
When raising an exception, the unwinder searches for a catch handler and if
none is found it should invoke std::terminate() with the uncaught exception
as the "current" exception. Before this change, the terminate handler was
invoked with no exception as current (abi::__cxa_current_exception_type()
returned NULL), because the return value from the unwinder indicated an
internal failure in unwinding. It turns out that was because all errors
from get_eit_entry() were translated to _URC_FAILURE. Now the error is
returned untranslated, which allows _URC_END_OF_STACK to percolate upwards
to throw_exception() in libcxxrt. When it sees that return status it
properly calls std::terminate() with the uncaught exception installed
as the current exception, allowing custom terminate handlers to work
with it.
echo | awk 'BEGIN {i=$1; print i}' prints a boatload of stack
garbage. NUL terminate the memory returned from malloc to prevent it.
Obtained from: OpenBSD run.c 1.40
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D12379
gawk allows multiple arguemnts to bit-wiste and, or and xor
functions. Implement an arbitrary number of arguments for these
functions. Also, use NULL in preference to 0 to match rest of file.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D12361
These are from OpenBSD:
>>> Extend awk with bitwise operations. This is an extension to the awk
>>> spec and documented as such, but comes in handy from time to time.
>>> The prototypes make it compatible with a similar GNU awk extension.
>>>
>>> ok millert@, enthusiasm from deraadt@
Edited to fix cut and paste in error messages, as well as
using tabs instead of spaces after #defines added.
Obtained From: OpenBSD awk.h 1.12, lex.c 1.10, run.c 1.29
Differential Revision: https://reviews.freebsd.org/D12361
Sponsored by: Netflix
Permit a deflateParams() parameter change as soon as possible.
This change fixes compression errors seen when the embedded Tomcat
web server of a UniFi Controller zlib compresses responses. Given
that Tomcat just uses Java/OpenJDK which in turn employs zlib for
its compression/decompression support, this bug might very well
affect other applications, too.
PR: 222136
