we can free it later, instead of trying to free a pointer that points
to the end of the buffer.
Committed to head because this code no longer exists upstream.
Submitted by: jasone@
leak when iterating over possible audit trail directories. This fix will
be merged upstream in an identical form, but hasn't yet appeared in an
OpenBSM release.
Submitted by: guido
Obtained from: TrustedBSD Project
MFC after: 3 days
The fix is similar to the one applied in GCC-4.3 in
GCCSVN-r117929 under the GPLv2.
Submitted by: Andrey Simonenko
Reviewed by: mm
Approved by: jhb (mentor)
MFC after: 3 days
- Updates to various locations in Antarctica.
- Armenia will abolish DST this year.
- Not only Samoa has moved to UTC+14, also Fakaofo did.
- There will be a leap second in 30 June 2012.
- Historical updates of 1918 to Canada, Winn, Regina, Edm, Vanc, Creston.
- Chili stays on DST until 28 April 2012
- The Falkland islands will stay on DST this year.
Unfortunately, the ABI was broken upstream for the 4.2 release, which we
imported. We then shipped the broken version for several years and certain
ports (e.g. libobjc2) depend on it, so we're stuck with it for now...
We should revisit this for 10.0, since we're allowed to break the ABI then, but
until then we should keep the ABI we shipped with 8.x and 9.x.
Reviewed by: kan
Approved by: dim (mentor)
MFC after: 1 week
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
the following warning produced by clang trunk:
In file included from /usr/src/sbin/devd/devd.cc:91:
In file included from /usr/obj/usr/src/tmp/usr/include/c++/4.2/map:64:
/usr/obj/usr/src/tmp/usr/include/c++/4.2/bits/stl_tree.h:987:2: error: add explicit braces to avoid dangling else [-Werror,-Wdangling-else]
else
^
MFC after: 3 days
Make our handling of MMX x SSE closer to what gcc does:
* Enabling sse enables mmx.
* Disabling (-mno-mmx) mmx, doesn't disable sse (we got this right already).
* The order in not important. -msse -mno-mmx is the same as -mno-mmx -msse.
Some configure scripts depend on this.
PR: i386/165968
MFC after: 3 days
When ntp switched between PLL and FLL mode it produced a log message
"kernel time sync status change %04x". This issue is reported in ntp
bug 452[1] which claims that this behaviour is normal and the log
message isn't necessary. I'm not sure exactly when it was removed, but
it's gone in the latest ntp release (4.2.6p5).
[1] http://bugs.ntp.org/show_bug.cgi?id=452
Approved by: roberto
socket is used. The previous code structure assumed that AF_INET sockets
were always available, which is an invalid assumption on IPv6-only systems.
This merges the fololowing revisions from NetBSD:
src/usr.bin/ftp/main.c 1.120
src/usr.bin/ftp/util.c 1.156
PR: bin/162661
Tested by: bz
Obtained from: NetBSD
MFC after: 1 week
of arming timer and then pausing. If SIGALRM is delivered before pause(3)
is entered, top hangs.
Submitted by: Andrey Zonov <andrey zonov org>
MFC after: 1 week
Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.
Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes
with SO_SETFIB to only tag the socket with the right FIB.
That way either setfib(1) or nc -V can be used depending on what wants to be
achieved. This also allows nc to be used for simple regression testing of
either feature.
Sponsored by: Cisco Systems, Inc.
but used by some Linux boot loaders). This option prints
out the directory holding the include files needed by
a freestanding program. The default implementation of
this doesn't work on FreeBSD because of the different
include file layout. But it's easy to implement:
just return /usr/include (or the cross-compiling equivalent).
Reviewed by: kan
MFC after: 1 week
Make sure the non-SSE lowering for fences correctly clobbers EFLAGS.
PR11768.
In particular, this fixes segfaults during the build of devel/icu on
i386. The __sync_synchronize() builtin used for implementing icu's
internal barrier could lead to incorrect behaviour.
MFC after: 3 days
This version is similar to the code shipped with libgcc. It is based on
the code from the SPARC64 architecture manual, provided without any
restrictions.
Tested by: flo@
SPARC and MIPS CPUs don't have special instructions to count
leading/trailing zeroes. The compiler-rt library provides fallback
rountines for these. The 64-bit routines, __clzdi2 and __ctzdi2, are
implemented as simple wrappers around the compiler built-in
__builtin_clz(), assuming these will expand to either 32-bit
CPU instructions or calls to __clzsi2 and __ctzsi2.
Unfortunately, our GCC 4.2 probably thinks that because the operand is
stored in a 64-bit register, it might just be a better idea to invoke
its 64-bit equivalent, simply resulting into endless recursion. Fix this
by defining __builtin_clz and __builtin_ctz to __clzsi2 and __ctzsi2
explicitly.
This switches us to using -isoC-2011 as the symbol name which is used by
groff and mdocml. It follows the change to 4 digit years as done with
IEEE Std 1003 post-1999.
MFC after: 2 weeks (groff changes only)
This version of libcompiler_rt adds support for __mulo[sdt]i4(), which
computes a multiply and its overflow flag. There are also a lot of
cleanup fixes to headers that don't really affect us.
Updating to this revision should make it a bit easier to contribute
changes back to the LLVM developers.
Vendor has integrated most of our local changes in revisions 3976-3979 so
future updates are going to be easier.
Thanks to Tim Kientzle <kientzle@FreeBSD.org>.
MFC after: 8 days
This library implements the C11 threads interface on top of the pthreads
library. As discussed on the lists, the preferred way to implement
this, is as a separate library.
It is unlikely that these functions will be used a lot in the future. It
would have been easier if the C11 working group standardized (a subset
of) pthreads and clock_nanosleep(). Having it as a separate library
allows the embedded people to omit it from their system.
Discussed on: arch@, threads@
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]
Fix a buffer overflow in telnetd. [11:08]
Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]
Add sanity checking of service names in pam_start. [11:10]
Approved by: so (cperciva)
Approved by: re (bz)
Security: FreeBSD-SA-11:06.bind
Security: FreeBSD-SA-11:07.chroot
Security: FreeBSD-SA-11:08.telnetd
Security: FreeBSD-SA-11:09.pam_ssh
Security: FreeBSD-SA-11:10.pam
