Also document IEEE Std 1003.1-2008, 2013 edition in mdoc(7) (as well as the
2016 edition).
Submitted by: Yuri Pankov
Reviewed by: bjk
Differential Revision: https://reviews.freebsd.org/D13349
change. Now on FreeBSD and NetBSD if _STANDALONE is defined, we
include the kernel version with alloances for the quirky differences
between the two.
Sponsored by: Netflix
the OFED buildworld target, WITH_OFED=YES, when the include files are not
already installed locally, but only in the temporary object directory.
Found by: kib
Sponsored by: Mellanox Technologies
Previously, lld exited with an error status if the only option given to
the command was -v. GNU linkers gracefully exit in that case. This patch
makes lld behave like GNU.
Note that even with this patch, lld's -v and --version options behave
slightly differently than GNU linkers' counterparts. For example,
if you run ld.bfd -v -v, the version string is printed out twice.
But that is an edge case that I don't think we need to take care of.
Fixes https://bugs.llvm.org/show_bug.cgi?id=31582
Obtained from: LLVM r319717
MFC after: 1 week
From binutils commits 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 and
7e1e19887abd24aeb15066b141cdff5541e0ec8e, made available under GPLv2
by Nick Clifton.
PR: 198824
MFC after: 1 week
Security: CVE-2014-8501
Security: CVE-2014-8502
From binutils commit 0102ea8cec5fc509bba6c91df61b7ce23a799d32, made
available under GPLv2 by Nick Clifton.
PR: 198824
MFC after: 1 week
Security: CVE-2014-8503
Don't install the ib_user_mad.h header file into user-space,
because it conflicts with umad.h from libibumad.h when building
libsysdecode.
Sponsored by: Mellanox Technologies
As of r325320 posix_fallocate on a ZFS filesystem returns EINVAL to
indicate that the operation is not supported. (I think this is a strange
choice of errno on the part of POSIX.)
PR: 223383, 223440
Reported by: Mark Millard
Tested by: Mark Millard
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
linked with AddressSanitizer (even those linked on earlier versions of
FreeBSD, or with external versions of clang) started failing with errors
similar to:
==14688==AddressSanitizer CHECK failed:
/usr/src/contrib/compiler-rt/lib/asan/asan_poisoning.cc:36
"((AddrIsAlignedByGranularity(addr))) != (0)" (0x0, 0x0)
This is because AddressSanitizer expects all the TLS data in the program
to be aligned to at least 8 bytes.
Before the jemalloc 5.0.0 update, all the TLS data in the i386 version
of libc.so added up to 80 bytes (a multiple of 8), but 5.0.0 made this
grow to 2404 bytes (not a multiple of 8). This is due to added caching
data in jemalloc's internal struct tsd_s.
To fix AddressSanitizer, ensure this struct is aligned to at least 16
bytes, which can be done unconditionally for all architectures. (An
earlier version of the fix aligned the struct to 8 bytes, but only for
ILP32 architectures. This was deemed unnecessarily complicated.)
PR: 221337
X-MFC-With: r319971
AArch64: account for possible frame index operand in compares.
If the address of a local is used in a comparison, AArch64 can fold
the address-calculation into the comparison via "adds".
Unfortunately, a couple of places (both hit in this one test) are not
ready to deal with that yet and just assume the first source operand
is a register.
This should fix an assertion failure while building the test suite of
www/firefox for AArch64.
PR: 223048
MFC after: 3 days
hostapd: Avoid key reinstallation in FT handshake
Prevent reinstallation of an already in-use group key
Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
Prevent installation of an all-zero TK
Fix PTK rekeying to generate a new ANonce
TDLS: Reject TPK-TK reconfiguration
WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
WNM: Ignore WNM-Sleep Mode Response without pending request
FT: Do not allow multiple Reassociation Response frames
TDLS: Ignore incoming TDLS Setup Response retries
Submitted by: jhb
Obtained from: https://w1.fi/security/2017-01/ (against later version)
Security: FreeBSD-SA-17:07
Security: CERT VU#228519
Security: CVE-2017-13077
Security: CVE-2017-13078
Security: CVE-2017-13079
Security: CVE-2017-13080
Security: CVE-2017-13081
Security: CVE-2017-13082
Security: CVE-2017-13086
Security: CVE-2017-13087
Security: CVE-2017-13088
Differential Revision: https://reviews.freebsd.org/D12693
arm uses '@' as a comment character, and cannot use @progbits in the
.section directive. Apply the upstream noexec stach change which avoids
this issue.
Obtained from: LLVM r277868
This fixes clang-built binaries on a gcc powerpc64 world. Gets us one step
closer to a clang-built world. The same change was made in later upstream
binutils.
Submitted by: rdivacky
MFC after: 2 weeks
Using HAVE_* is a internal tcpdump style standard.
We want to be consistent with the standard to upstream those changes in
the future.
Requested by: glebius@
Sync libarchive with vendor.
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
MFC after: 1 week
Security: CVE-2017-14166, CVE-2017-14502
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
Security: CVE-2017-14166, CVE-2017-14502
If unwinding stops due to hitting the end of the call chain, the return
value is supposed to be _URC_END_OF_STACK; other values indicate internal
errors. The return value from get_eit_entry() is now returned without
translating it to _URC_FAILURE, so that callers can see _URC_END_OF_STACK
when it happens.
When raising an exception, the unwinder searches for a catch handler and if
none is found it should invoke std::terminate() with the uncaught exception
as the "current" exception. Before this change, the terminate handler was
invoked with no exception as current (abi::__cxa_current_exception_type()
returned NULL), because the return value from the unwinder indicated an
internal failure in unwinding. It turns out that was because all errors
from get_eit_entry() were translated to _URC_FAILURE. Now the error is
returned untranslated, which allows _URC_END_OF_STACK to percolate upwards
to throw_exception() in libcxxrt. When it sees that return status it
properly calls std::terminate() with the uncaught exception installed
as the current exception, allowing custom terminate handlers to work
with it.
