We don't mention the first appearance of a utility in FreeBSD, when it first
appeared in a BSD version that predates FreeBSD.
PR: 223520, 223521
Reported by: rgrimes, imp
Reviewed by: bcr (mentor)
Approved by: bcr (mentor)
Differential Revision: https://reviews.freebsd.org/D25521
Key changes include reduced noise at end of failed build log
and avoid evaluation of unnecessary terms in conditionals.
In META MODE; a target flagged .META is out-of-date if meta file
is missing
MFC after: 1 week
The change adds an SCTP mode akin to UDP mode. This is handy for doing
smoke testing of SCTP.
Use a long option to minimize the risk of option conflicts with OpenBSD.
For bonus points, this change unbreaks --no-tcpopt by adding a missing
case required by getopt_long().
Reviewed by: delphij, tuexen
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25610
PR45521: Preserve the value kind when performing a standard
conversion sequence on a glvalue expression.
If the sequence is supposed to perform an lvalue-to-rvalue
conversion, then one will be specified as the first conversion in the
sequence. Otherwise, one should not be invented.
This should fix clang crashing with "can't implicitly cast lvalue to
rvalue with this cast kind", followed by "UNREACHABLE executed at
/usr/src/contrib/llvm-project/clang/lib/Sema/Sema.cpp:538!", when
building recent versions of Ceph, and the CPAN module SYBER/Date-5.2.0.
Reported by: Willem Jan Withagen <wjw@digiware.nl>, eserte12@yahoo.de
PR: 245530, 247812
MFC after: 3 days
This version fixes a regression with regard to tradtional behavior of the
non-standard FreeBSD option "-e". In the previous version "-e quit" caused
bc to exit before any computations had been performed, since all -e option
parameters were concatenated and parsed as a whole, with quit causing the
program to exit as soon as it was parsed. This version parses and executes
commands passed with -e one by one and only exits after all prior commands
have been executed.
This commit is not a SVN merge, since the vendor import had been performed
after the import to contrib. Instead the contents of contrib/bc has been
removed and the new version is copied over unchanged from vendor/bc/dist.
A file update in 2018 broke many ports as it misidentified shared
libraries as PIE binaries. r333944 reverted part of the change,
restoring ports builds but misidentifying objects in the opposite
direction.
Earlier this month file 5.39 was imported, and then the change
originally from r333944 was recommitted as r362261. However, the
issue was fixed upstream, so r362261 serves no purpose.
PR: 246960, 247461 [exp-run]
Sponsored by: The FreeBSD Foundation
llvmorg-10.0.1-rc2-0-g77d76b71d7d.
Also add a few more llvm utilities under WITH_CLANG_EXTRAS:
* llvm-dwp, a utility for merging DWARF 5 Split DWARF .dwo files into
.dwp (DWARF package files)
* llvm-size, a size(1) replacement
* llvm-strings, a strings(1) replacement
MFC after: 3 weeks
These implementations of the bc and dc programs offer a number of advantages
compared to the current implementations in the FreeBSD base system:
- They do not depend on external large number functions (i.e. no dependency
on OpenSSL or any other large number library)
- They implements all features found in GNU bc/dc (with the exception of
the forking of sub-processes, which the author of this version considers
as a security issue).
- They are significantly faster than the current code in base (more than
2 orders of magnitude in some of my tests, e.g. for 12345^100000).
- They should be fully compatible with all features and the behavior of the
current implementations in FreeBSD (not formally verified).
- They support POSIX message catalogs and come with localized messages in
Chinese, Dutch, English, French, German, Japanese, Polish, Portugueze,
and Russian.
- They offer very detailed man-pages that provide far more information than
the current ones.
The upstream sources contain a large number of tests, which are not
imported with this commit. They could be integrated into our test
framework at a latter time.
Installation of this version is controlled by the option "MK_GH_BC=yes".
This option will be set to yes by default in 13-CURRENT, but will be off
by default in 12-STABLE.
Approved by: imp
Obtained from: https://git.yzena.com/gavin/bc
MFC after: 4 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D19982
Update 4.2.8p14 --> 4.2.8p15
Summary: Systems that use a CMAC algorithm in ntp.keys will not release
a bit of memory on each packet that uses a CMAC keyid, eventually causing
ntpd to run out of memory and fail. The CMAC cleanup from
https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby
the CMAC data structure was no longer completely removed.
MFC after: 3 days
Security: NTP Bug 3661
[BasicAA] Make BasicAA a cfg pass.
Summary:
Part of the changes in D44564 made BasicAA not CFG only due to it
using PhiAnalysisValues which may have values invalidated. Subsequent
patches (rL340613) appear to have addressed this limitation.
BasicAA should not be invalidated by non-CFG-altering passes. A
concrete example is MemCpyOpt which preserves CFG, but we are testing
it invalidates BasicAA.
llvm-dev RFC:
https://groups.google.com/forum/#!topic/llvm-dev/eSPXuWnNfzM
Reviewers: john.brawn, sebpop, hfinkel, brzycki
Subscribers: hiraditya, llvm-commits
Tags: #llvm
Differential Revision: https://reviews.llvm.org/D74353
This fixes an issue with clang's -fintegrated-cc1 feature, which could
make it output slightly different assembly code, depending on the way it
was invoked.
In r361755 we attempted to work around it by disabling the integrated
cc1 stage, but it did not solve the root cause for all situations.
Extensive testing and bisecting showed that the above change finally
makes the output deterministic, even if -fintegrated-cc1 is on.
Reported by: Fabian Keil <fk@fabiankeil.de>
PR: 246630
MFC after: 3 days
Compiling on a RISC-V system fails with 'relocation R_RISCV_ALIGN
requires unimplemented linker relaxation; recompile with -mno-relax'.
Our default linker (ld.lld) doesn't support relaxation, so default to
no-relax so we don't generate object files the linker can't handle.
Reviewed by: mhorne
Sponsored by: Axiado
Differential Revision: https://reviews.freebsd.org/D25210
Current logic of using user's locale encoding that is UTF-8 doesn't make
much sense if we already failed the looks_utf8() check and skipped
encoding set using "fileencoding" as being UTF-8 as well; fallback to
ISO8859-1 in that case.
Reviewed by: Zhihao Yuan <lichray@gmail.com>
Differential Revision: https://reviews.freebsd.org/D24919
Update sqlite3 to 3.32.2 (3320200).
CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of
service (segmentation fault) via a malformed window-function query because
the AggInfo object's initialization is mishandled.
CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in
sqlite3_str_vappendf in printf.c.
CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in
sqlite3ExprCodeTarget in expr.c.
CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a
use-after-free in fts3EvalNextRow, related to the snippet feature
CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed
to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a
NULL pointer dereference via a crafted matchinfo() query.
PR: 247149
Reported by: spam123@bitbert.com
MFC after: 3 days
Security: vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3
https://nvd.nist.gov/vuln/detail/CVE-2020-11655https://nvd.nist.gov/vuln/detail/CVE-2020-13434https://nvd.nist.gov/vuln/detail/CVE-2020-13435https://nvd.nist.gov/vuln/detail/CVE-2020-13630https://nvd.nist.gov/vuln/detail/CVE-2020-13631https://nvd.nist.gov/vuln/detail/CVE-2020-13632
Upstream commit message:
[PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly
While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.
These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.
Obtained from: https://w1.fi/security/2020-1/\
0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
MFC after: 3 days
Security: VU#339275 and CVE-2020-12695
Upstream commit message:
[PATCH 2/3] WPS UPnP: Fix event message generation using a long URL path
More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.
Obtained from: https://w1.fi/security/2020-1/\
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
MFC after: 3 days
Security: VU#339275 and CVE-2020-12695
Upstream commit message:
[PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks
The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).
Obtained from: https://w1.fi/security/2020-1/\
0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
MFC after: 3 days
Security: VU#339275 and CVE-2020-12695
summary of changes, or for a more thorough overview:
https://subversion.apache.org/docs/release-notes/1.14
NOTE: there is no need to dump and reload repositories, and the working
copy format is still the same as Subversion 1.8 through 1.13.
Relnotes: yes
MFC after: 2 weeks
X-MFC-With: r361677