Limit write requests to at most INT_MAX.
This prevents a certain common programming error (passing -1 to write)
from leading to other problems deeper in the library.
References:
https://github.com/libarchive/libarchive/commit/22531545514043e0
Reported by: Xin Li <delphij@FreeBSD.org>
Obtained from: libarchive (master branch)
Update libarchive to 3.1.2
Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)
register added to the symbol table by the assembler. On further
investigation it was found the problem was with the my_get_expression
function. This is called by parse_big_immediate.
Fix this by moving the call to parse_big_immediate to the end of the if,
else if, ..., else block.
match our import of the (un)vis(3) APIs.
This adds support for multibyte encoding and the -h and -m flags which
support HTTP and MIME encoding respectively.
PR: bin/175418
Obtained from: NetBSD
multibyte support[0] and the new functions strenvisx and strsenvisx.
Add MLINKS for vis(3) functions add by this and the initial import from
NetBSD[1].
PR: bin/166364, bin/175418
Submitted by: "J.R. Oldroyd" <fbsd@opal.com>[0]
stefanf[1]
Obtained from: NetBSD
MFC after: 2 weeks
LibYAML is a YAML 1.1 parser and emitter under MIT license which will
soon be used by the pkg boostrap (usr.bin/pkg) and bhyve
Reviewed by: roberto, antoine
int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
int connectat(int fd, int s, const struct sockaddr *name, socklen_t namelen);
which allow to bind and connect respectively to a UNIX domain socket with a
path relative to the directory associated with the given file descriptor 'fd'.
- Add manual pages for the new syscalls.
- Make the new syscalls available for processes in capability mode sandbox.
- Add capability rights CAP_BINDAT and CAP_CONNECTAT that has to be present on
the directory descriptor for the syscalls to work.
- Update audit(4) to support those two new syscalls and to handle path
in sockaddr_un structure relative to the given directory descriptor.
- Update procstat(1) to recognize the new capability rights.
- Document the new capability rights in cap_rights_limit(2).
Sponsored by: The FreeBSD Foundation
Discussed with: rwatson, jilles, kib, des
- Capability is no longer separate descriptor type. Now every descriptor
has set of its own capability rights.
- The cap_new(2) system call is left, but it is no longer documented and
should not be used in new code.
- The new syscall cap_rights_limit(2) should be used instead of
cap_new(2), which limits capability rights of the given descriptor
without creating a new one.
- The cap_getrights(2) syscall is renamed to cap_rights_get(2).
- If CAP_IOCTL capability right is present we can further reduce allowed
ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed
ioctls can be retrived with cap_ioctls_get(2) syscall.
- If CAP_FCNTL capability right is present we can further reduce fcntls
that can be used with the new cap_fcntls_limit(2) syscall and retrive
them with cap_fcntls_get(2).
- To support ioctl and fcntl white-listing the filedesc structure was
heavly modified.
- The audit subsystem, kdump and procstat tools were updated to
recognize new syscalls.
- Capability rights were revised and eventhough I tried hard to provide
backward API and ABI compatibility there are some incompatible changes
that are described in detail below:
CAP_CREATE old behaviour:
- Allow for openat(2)+O_CREAT.
- Allow for linkat(2).
- Allow for symlinkat(2).
CAP_CREATE new behaviour:
- Allow for openat(2)+O_CREAT.
Added CAP_LINKAT:
- Allow for linkat(2). ABI: Reuses CAP_RMDIR bit.
- Allow to be target for renameat(2).
Added CAP_SYMLINKAT:
- Allow for symlinkat(2).
Removed CAP_DELETE. Old behaviour:
- Allow for unlinkat(2) when removing non-directory object.
- Allow to be source for renameat(2).
Removed CAP_RMDIR. Old behaviour:
- Allow for unlinkat(2) when removing directory.
Added CAP_RENAMEAT:
- Required for source directory for the renameat(2) syscall.
Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR):
- Allow for unlinkat(2) on any object.
- Required if target of renameat(2) exists and will be removed by this
call.
Removed CAP_MAPEXEC.
CAP_MMAP old behaviour:
- Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and
PROT_WRITE.
CAP_MMAP new behaviour:
- Allow for mmap(2)+PROT_NONE.
Added CAP_MMAP_R:
- Allow for mmap(PROT_READ).
Added CAP_MMAP_W:
- Allow for mmap(PROT_WRITE).
Added CAP_MMAP_X:
- Allow for mmap(PROT_EXEC).
Added CAP_MMAP_RW:
- Allow for mmap(PROT_READ | PROT_WRITE).
Added CAP_MMAP_RX:
- Allow for mmap(PROT_READ | PROT_EXEC).
Added CAP_MMAP_WX:
- Allow for mmap(PROT_WRITE | PROT_EXEC).
Added CAP_MMAP_RWX:
- Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).
Renamed CAP_MKDIR to CAP_MKDIRAT.
Renamed CAP_MKFIFO to CAP_MKFIFOAT.
Renamed CAP_MKNODE to CAP_MKNODEAT.
CAP_READ old behaviour:
- Allow pread(2).
- Disallow read(2), readv(2) (if there is no CAP_SEEK).
CAP_READ new behaviour:
- Allow read(2), readv(2).
- Disallow pread(2) (CAP_SEEK was also required).
CAP_WRITE old behaviour:
- Allow pwrite(2).
- Disallow write(2), writev(2) (if there is no CAP_SEEK).
CAP_WRITE new behaviour:
- Allow write(2), writev(2).
- Disallow pwrite(2) (CAP_SEEK was also required).
Added convinient defines:
#define CAP_PREAD (CAP_SEEK | CAP_READ)
#define CAP_PWRITE (CAP_SEEK | CAP_WRITE)
#define CAP_MMAP_R (CAP_MMAP | CAP_SEEK | CAP_READ)
#define CAP_MMAP_W (CAP_MMAP | CAP_SEEK | CAP_WRITE)
#define CAP_MMAP_X (CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL)
#define CAP_MMAP_RW (CAP_MMAP_R | CAP_MMAP_W)
#define CAP_MMAP_RX (CAP_MMAP_R | CAP_MMAP_X)
#define CAP_MMAP_WX (CAP_MMAP_W | CAP_MMAP_X)
#define CAP_MMAP_RWX (CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X)
#define CAP_RECV CAP_READ
#define CAP_SEND CAP_WRITE
#define CAP_SOCK_CLIENT \
(CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \
CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN)
#define CAP_SOCK_SERVER \
(CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \
CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \
CAP_SETSOCKOPT | CAP_SHUTDOWN)
Added defines for backward API compatibility:
#define CAP_MAPEXEC CAP_MMAP_X
#define CAP_DELETE CAP_UNLINKAT
#define CAP_MKDIR CAP_MKDIRAT
#define CAP_RMDIR CAP_UNLINKAT
#define CAP_MKFIFO CAP_MKFIFOAT
#define CAP_MKNOD CAP_MKNODAT
#define CAP_SOCK_ALL (CAP_SOCK_CLIENT | CAP_SOCK_SERVER)
Sponsored by: The FreeBSD Foundation
Reviewed by: Christoph Mallon <christoph.mallon@gmx.de>
Many aspects discussed with: rwatson, benl, jonathan
ABI compatibility discussed with: kib
reconnected in the meantime. Check if reset is set before opening next trail
file, as not doing so will result in sending OPEN message with the same
file name twice and this is illegal - the second OPEN is send without first
closing previous trail file.
X86: Disable cmov-memory patterns on subtargets without cmov.
Fixes PR15115.
For the i386 arch, this should enable cmov instructions only on
-march=pentiumpro and higher. Since our default CPU is i486, cmov
instructions will now be disabled by default.
MFC after: 1 week
Refactor the x86 CPU name logic in the driver and pass -march and -mcpu
flag information down from the Clang driver into the Gold linker plugin
for LTO. This allows specifying -march on the linker commandline and
should hopefully have it pass all the way through to the LTO optimizer.
Fixes PR14697.
Pull in r175919 from upstream clang trunk:
Driver: Pass down the -march setting down to -cc1as on x86 too.
The assembler historically didn't make use of any target features, but this has
changed when support for old CPUs that don't support long nops was added.
This should fix the long nops that still occurred in crt*.o, and
possibly other object files, if the system was compiled for a CPU that
does not support those, such as Geode.
Note that gcc on i386 also does not pass through any -march, -mcpu or
-mtune setting to gas, but this has not caused any trouble yet, because
gas defaults to i386.
Reported by: lev
MFC after: 1 week
This fixes the problem on amd64 miscompiling mpboot.s causing boot
issues... We are still using gas for a few files in the kernel...
Submitted by: kib
MFC after: 1 month
Thanks to Mike Belopuhov for the pointer to the OpenBSD patch, though
OpenBSD's gcc is very different that it only helped w/ where to modify,
not how... Thanks to jhb for some early reviews...
Reviewed by: imp, kib
MFC after: 1 month
MCParser: Reject .balign with non-pow2 alignments.
GNU as rejects them and there are configure scripts in the wild that
check if the assembler rejects ".align 3" to determine whether the
alignment is in bytes or powers of two.
MFC after: 3 days
From: Jouni Malinen <j@w1.fi>
Date: Fri, 15 Jul 2011 13:42:06 +0300
Subject: [PATCH] MD5: Fix clearing of temporary stack memory to use correct length
sizeof of the structure instead of the pointer was supposed to be used
here. Fix this to clear the full structure at the end of MD5Final().
Found by: clang ToT
Reviewed by: rpaulo
MFC after: 3 days
X86: Disable generation of rep;movsl when %esi is used as a base pointer.
This happens when there is both stack realignment and a dynamic alloca in the
function. If we overwrite %esi (rep;movsl uses fixed registers) we'll lose the
base pointer and the next register spill will write into oblivion.
Fixes PR15249 and unbreaks firefox on i386/freebsd. Mozilla uses dynamic allocas
and freebsd a 4 byte stack alignment.
MFC after: 1 week
_Unwind_ForcedUnwind in libgcc_s takes as one of it's parameters a stop
function to tell it when to stop unwinding. One of the stop function's
parameters is a _Unwind_Exception_Class. On most architectures this is an
int64_t, however on ARM EABI the gcc developers have made this a char array
with 8 items. While both of these take the same space they are passed into
the stop function differently, an int64_t is passed in in registers r2 and
r3, while the char[8] is passed in as a pointer to the first item in
register r2.
Because libthr expects the value to be an int64_t we would get incorrect
results when it passes a function that take an int64_t but libgcc passes in
a pointer to a char array including crashing.
The fix is to update libgcc_s to make it pass an int64_t to the stop
function and to libstdc++ as it expects _Unwind_Exception_Class to be an
array.
.note.ABI-tag section.
This helps on ARM EABI where the OS/ABI field is zero. It would be better
to use the NOTES program header however this would require a more invasive
change.
Dont use/link ARCMT, StaticAnalyzer and Rewriter to clang when the user
specifies not to. Dont build ASTMatchers with Rewriter disabled and
StaticAnalyzer when it's disabled.
Without all those three, the clang binary shrinks (x86_64) from ~36MB
to ~32MB (unstripped).
To disable these clang components, and get a smaller clang binary built
and installed, set WITHOUT_CLANG_FULL in src.conf(5). During the
initial stages of buildworld, those extra components are already
disabled automatically, to save some build time.
MFC after: 1 week
Since ARP and routing are separated, "proxy only" entries
don't have any meaning, thus we don't need additional field
in sockaddr to pass SIN_PROXY flag.
New kernel is binary compatible with old tools, since sizes
of sockaddr_inarp and sockaddr_in match, and sa_family are
filled with same value.
The structure declaration is left for compatibility with
third party software, but in tree code no longer use it.
Reviewed by: ru, andre, net@
an exception when you haven't caught one. This is largely a cosmetic fix, as
(unless you have a very unusual terminate handler installed) it will print a
nice error and then abort, rather than just aborting.
MFC after: 7 days
ARM EABI support is disabled by default and can be enabled by setting
WITH_ARM_EABI when building, however only the kernel-toolchain target will
work with this flag until the rest of the support is added.
- Don't treat pointers to members as pointers in catch blocks (they're usually
fat pointers).
- Correctly catch foreign exceptions in catchalls.
- Ensure that a happens-before relationship is established when setting
terminate handlers in one thread and calling them in another.
runtime on amd64, when it is compiled by clang. Some versions of clang
don't save and restore all callee registers, if a __builtin_eh_return()
intrinsic is used in a function. This is particularly bad on amd64.
Until the problem gets fixed by upstream, use an asm statement to force
clang to assume the registers in question are clobbered, when invoking
__builtin_eh_return(), so it will emit code to save and restore them.
This should fix the crashes reported on -current with some C++ programs,
particularly those that throw exceptions over multiple function
boundaries.
Reported by: stefanf
MFC after: 3 days
break mixed form dialogs in conjunction with the FreeBSD termcap, making
the bsdinstall partition editor Add dialog, among other things, completely
nonfunctional. This restores dialog 20110707.
There is a bug in gcc (GCC/35998) where dwarf reports
sizes of unsigned -1 (0xffffffff).
On NetBSD this generated a faulty CTF entry which then
caused a segfault in ctfmerge. The issue was worked
around in NetBSD's Dtrace but since the issue originated
in gcc, it seems reasonable to fix it here.
Upstream gcc has been slow to react to this issue and
the author that submitted the patch is not interested
in licensing the change to us, so I did an independent
workaround for the issue.
MFC after: 1 week
should never do so. This can cause global constructors and destructors
to not be executed at run-time, resulting in crashes and other strange
behaviour.
Reported by: rene
MFC after: 1 week
Fix another SROA crasher, PR14601.
This was a silly oversight, we weren't pruning allocas which were used
by variable-length memory intrinsics from the set that could be widened
and promoted as integers. Fix that.
This should fix the following assertion failure:
Assertion failed: (CanSROA), function visitUsers, file
/usr/src/lib/clang/libllvmscalaropts/../../../contrib/llvm/lib/Transforms/Scalar/SROA.cpp,
line 2395.
Reported by: gerald
towards replacing our mtree.
Sponsored by: DARPA, AFRL
Thanks to: cristos@NetBSD for reviewing and committing my patches
wiz@NetBSD for fixing typos in my patches
NetBSD's. This output size limited versions of vis and unvis functions
as well as a set of vis variants that allow arbitrary characters to be
specified for encoding.
Finally, MIME Quoted-Printable encoding as described in RFC 2045 is
supported.
built with clang. When these are defined the lists are defined similar to:
asm(".section .ctors");
STATIC func_ptr __CTOR_LIST__[1] = { (func_ptr) (-1) };
asm(".section .dtors");
STATIC func_ptr __DTOR_LIST__[1] = { (func_ptr) (-1) };
The problem is clang will move the two arrays out of the .ctors and .dtors
sections causing these sections to contain a single null address. By not
defining these macros we use the version of the code that places the arrays
is their sections by using __attribute__((section(".ctors"))) and similar
for .dtors.
Submitted by: Daisuke Aoyama <aoyama AT peach.ne.jp>
included various upstreamed patches from the FreeBSD base to make OpenBSM
compile more easily with bmake, higher warning levels, clang, and several
other loose ends.
Obtained from: TrustedBSD Project
Security Fixes
Prevents named from aborting with a require assertion failure
on servers with DNS64 enabled. These crashes might occur as a
result of specific queries that are received.
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get
an answer. [RT #29492]
Other critical bug fixes are included.
Approved by: delphij (mentor)
MFC after: 3 days
Security: CVE-2012-5688
Sponsored by: DK Hostmaster A/S
share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of
FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks
When using libc++ headers on FreeBSD, in combination with -std=c++98,
-ansi or -std=c++03, the long long type is not supported. So in this
case, several functions and types, like lldiv_t, strtoll(), are not
declared.
This should make it possible to use the libc++ headers in c++98 mode.
Note: libc++ is originally designed as a c++0x or higher library, so you
should still take care when using it with c++98 or c++03.
Noted by: Yamaya Takashi <yamayan@kbh.biglobe.ne.jp>
MFC after: 1 week
This improves GDB usability when debugging code compiled with
optimization.
Upstream GDB revision f0031b6d3ae9b164b3747986ab898190bd4dcf8c (prior
to GDB's switch to GPLv3), with frame_debug_got_null_frame expanded
inline.
| 2004-12-12 Andrew Cagney <cagney@gnu.org>
|
| * frame.c (get_prev_frame): When unwinding normal frames, check
| that the PC isn't zero.
Sponsored by: ADARA Networks
MFC After: 1 month
X86: fcmov doesn't handle all possible EFLAGS, fall back to a branch
for the others.
Otherwise it will try to use SSE patterns and fail horribly if sse is
disabled.
Fixes PR14035.
This should fix the following assertion failure:
Assertion failed: (Reg >= X86::FP0 && Reg <= X86::FP6 && "Expected FP
register!"), function getFPReg, file
contrib/llvm/lib/Target/X86/X86FloatingPoint.cpp, line 330.
which can show up when compiling contrib/compiler-rt, using -march=i686
through -march=pentium3 (CPU's which do support fcmov, but don't support
SSE2).
MFC after: 1 week
Add a new warning -Wmissing-variable-declarations, to warn about variables
defined without a previous declaration. This is similar to
-Wmissing-prototypes, but for variables instead of functions.
Make sure always-inline functions get inlined. <rdar://problem/12423986>
Without this change, when the estimated cost for inlining a function with
an "alwaysinline" attribute was lower than the inlining threshold, the
getInlineCost function was returning that estimated cost rather than the
special InlineCost::AlwaysInlineCost value. That is fine in the normal
inlining case, but it can fail when the inliner considers the opportunity
cost of inlining into an internal or linkonce-odr function. It may decide
not to inline the always-inline function in that case. The fix here is just
to make getInlineCost always return the special value for always-inline
functions. I ran into this building clang with libc++. Tablegen failed to
link because of an always-inline function that was not inlined. I have been
unable to reduce the testcase down to a reasonable size.
This should fix the link errors that were reported when atf-run was
compiled with clang -stdlib=libc++. In this case, at -O3 optimization,
some calls to basic_ios::clear() were not inlined, even when the
function was marked __always_inline__.
Reported by: Jan Beich <jbeich@tormail.org>
MFC after: 1 week
when building other C++ software with it. Also fix one actual bug in
libsupc++, which was exposed by such a warning. This latter fix is the
only functional change.
MFC after: 1 week
this has many visibility problems fixed, which should help with
compiling certain ports that exercise C++11 mode (i.e. Firefox).
Also, belatedly add the LICENSE.TXT and accompanying CREDITS.TXT files,
which are referred to in all the source files.
MFC after: 1 month
X86: Disable long nops for all cpus prior to pentiumpro/i686.
This is the safest approach for now. If you think long nops matter a
lot for performance, compile with -march=i686 or higher. :)
MFC after: 3 days
This adds two features:
* uid_from_user() and gid_from_group() as the reverse of user_from_uid()
and groups_from_gid().
* pwcache_userdb() and pwcache_groupdb() which allow alternative lookup
functions to be used. For example lookups from passwd and group
databases in a non-standard location.
When creating MCAsmBackend pass the CPU string as well. In X86AsmBackend
store this and use it to not emit long nops when the CPU is geode which
doesnt support them.
Fixes PR11212.
Pull in r164133 from upstream clang trunk:
Follow up on llvm r164132.
This should prevent illegal instructions when building world on Geode
CPUs (e.g. Soekris).
MFC after: 3 days
Prevents a lockup when queried a deliberately constructed combination
of records. [CVE-2012-5166]
For more information: https://kb.isc.org/article/AA-00801
doesn't mean supporting IFT_PFSYNC (which I hope will eventually
die). This means decoding packets with IP protocol of 240 caught
on any normal interface like Ethernet.
The code is based on couple of files from OpenBSD, significantly
modified by myself.
Parser differentiates for four levels of verbosity: no -v, -v,
-vv and -vvv.
We don't yet forward this code upstream, because currently it
strongly relies on if_pfsync.h and even on pfvar.h. I hope that
this can be fixed in future.
Reviewed by: gnn, delphij
- Set IP_RECVDSTADDR sockopt on the socket only in case if
it is INADDR_ANY bound.
- Supply IP_SENDSRCADDR control message only if we did receive
IP_RECVDSTADDR control message.
This fixes operation of snmpd bound to a specific local IP address.
PR: bin/171279
Prevents a crash when queried for a record whose RDATA exceeds
65535 bytes.
Prevents a crash when validating caused by using "Bad cache" data
before it has been initialized.
ISC_QUEUE handling for recursive clients was updated to address
a race condition that could cause a memory leak. This rarely
occurred with UDP clients, but could be a significant problem
for a server handling a steady rate of TCP queries.
A condition has been corrected where improper handling of
zero-length RDATA could cause undesirable behavior, including
termination of the named process.
For more information: https://kb.isc.org/article/AA-00788
X86: Emitting x87 fsin/fcos for sinf/cosf is not safe without unsafe
fp math.
This should make clang emit calls to libm for sinf/cosf by default.
MFC after: 1 week
reside, and move there ipfw(4) and pf(4).
o Move most modified parts of pf out of contrib.
Actual movements:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.
Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.
The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.
Discussed with: bz, luigi
- Pacific/Fiji will go into DST from 21 October 2012 till 20 January 2013.
- Fix offset for Pacific/Tokelau.
- Gaza and West Bank had DST from 29 March to 28 September 2012.
- Syria has DST from April till October
- Morocco had DST from April to September 2012 except for 20 July to 20 August.
- Cuba changed to DST from 1 April 2012 only.
- Haiti has DST between 8 March and 1 November in 2012.
Obtained from: ftp://ftp.iana.org/tz/releases/
IP_SENDSRCADDR control with datagram message we reply with. This makes
bsnmpd reply from exactly same address that request was sent to, thus
successfully bypassing stateful firewalls or other kinds of strict checking.
PR: bin/171279
from the control message, actually never worked. This means check_priv()
didn't work for local dgram sockets.
The SCM_CREDS control messages is received only in two cases:
1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case
the message is struct sockcred.
2) If sender did supplied SCM_CREDS control message in his sendmsg()
syscall. In this case the message is struct cmsgcred.
We can't rely on 2), so we will use 1) for dgram sockets. For stream
sockets it is more reliable to obtain accept-time credentials, since
SCM_CREDS control message is attached only on first read. Thus:
o Do setsockopt(LOCAL_CREDS) on local dgram sockets.
o Split check_priv() into check_priv_stream() and check_priv_dgram(),
and call them from recv_stream() and recv_dgram() respectively.
o Don't provide space for SCM_CREDS control message in recv_stream().
o Provide space for SCM_CREDS control message in recv_dgram(), but there
is no need to initialize anything in it.
o In recv_dgram() do not blindly expect that first message is SCM_CREDS,
instead use correct search cycle through control messages.
encounters a DT_RUNPATH entry, the global dynamic_info[] array is
overrun, causing some other global variable to be overwritten.
In my testcase, this was the section_headers variable, leading to
segfaults or jemalloc assertions when it was freed later on.
Thanks to Koop Mast for providing samples of a few "bad" .so files.
MFC after: 1 week
Merge existing attributes before processing pragmas in friend template
declarations.
Fixes pr13662.
This should help when building Firefox with libc++.
Magic tests containing "search" or "regex" directives were incorrectly
compiled by "mkmagic" and were effectively ignored. This caused troff
files (for example) to be detected as simply "ASCII text" instead of
as "troff or preprocessor input, ASCII text".
PR: bin/170415
Approved by: consensus on developers@
MFC after: 3 days
r238211:
Support TARGET_ARCH=armv6 and TARGET_ARCH=armv6eb
This adds a new TARGET_ARCH for building on ARM
processors that support the ARMv6K multiprocessor
extensions. In particular, these processors have
better support for TLS and mutex operations.
This mostly touches a lot of Makefiles to extend
existing patterns for inferring CPUARCH from ARCH.
It also configures:
* GCC to default to arm1176jz-s
* GCC to predefine __FreeBSD_ARCH_armv6__
* gas to default to ARM_ARCH_V6K
* uname -p to return 'armv6'
* make so that MACHINE_ARCH defaults to 'armv6'
It also changes a number of headers to use
the compiler __ARM_ARCH_XXX__ macros to configure
processor-specific support routines.
Submitted by: Tim Kientzle <kientzle@freebsd.org>
folding to 64 bits, while SHA1 code is big endian. Therefore, a bswap32
is required before using the value.
Without this change, the implementation does not conform to test vector
found in RFC 2289.
PR: bin/170519
Submitted by: Arthur Mesh <arthurmesh gmail com> (with changes)
MFC after: 1 week
This is mostly a no-op other than for ARM where it adds missing
__aeabi_mem* and __aeabi_*divmod functions. Even on ARM these will remain
unused until the rest of the ARM EABI code is merged.
unused -g, -emit-llvm or -w arguments when doing linking. E.g. invoking
"clang -g foo.o -o foo" will now be silent.
Reported by: Jakub Lach <jakub_lach@mailplus.pl>
MFC after: 1 week
in BIND9
High numbers of queries with DNSSEC validation enabled can cause an
assertion failure in named, caused by using a "bad cache" data structure
before it has been initialized.
CVE: CVE-2012-3817
Posting date: 24 July, 2012
including the include directive.
Fix minor build issue corrected by converting yypush_buffer_state and
yypop_buffer_state to yy_set_buffer_state and a hard-coded 100-deep
stack. It was easier to fix it here than to import that support into
our flex.
The new tools and test hardness remain unsupported at the moment.
desired, one can turn off the generation of post-ELF standard dtags by
overriding it with --disable-new-dtags after the default switch.
Immediate effect of the change is that -rpath path is now stored both
in DT_RPATH and DT_RUNPATH tags, which is the right way to provide
rpath for dynamic linker supporting DT_RUNPATH per specification.
Reviewed by: kan
MFC after: 1 month
When marking virtual functions as used for a class' vtable, mark all functions
which will appear in the vtable as used, not just those ones which were
declared within the class itself. Fixes an issue reported as comment#3 in
PR12763 -- we sometimes assert in codegen if we try to emit a reference to a
function declaration which we've not marked as referenced. This also matches
gcc's observed behavior.
This should fix clang assertions when building certain components of the
LibreOffice port.
MFC after: 3 days
adding appropriate table entries, the assembler had to be adjusted as
these are the first non-SSE instructions to use a 3-byte opcode (and a
mandatory prefix to boot).
MFC after: 1 month
instructions. I reimplemented this from scratch based on the Intel
manuals and the existing support for handling the fxsave and fxrstor
instructions. This will let us use these instructions natively with GCC
rather than hardcoding the opcodes in hex.
Reviewed by: kib
MFC after: 1 month
usage on hosts using ZFS. The new line displays the total amount of RAM
used by the ARC along with the size of MFU, MRU, anonymous (in flight),
headers, and other (miscellaneous) sub-categories. The line is not
displayed on systems that are not using ZFS.
Reviewed by: avg, fs@
MFC after: 3 days
The GCC4.3 branch contains some optimization fixes
that were not considered regressions and therefore
were never backported. We are bringing a couple of
them that are under GPLv2 since they were made
before the license switch upstream.
While here, add the GCC revision numbers in the
log.
Discussed with: jkim
MFC after: 1 week
The patches are unexpectedly causing gcc to fail while
building ports/graphics/ImageMagick even when the cpu
flags are not used.
Reported by: Andreas Tobler
Initial support for the AMD barcelona chipsets has been available in the
gcc43 branch under GPLv2 but was not included when the Core 2 support
was brought to the system gcc.
AMD and some linux distributions (OpenSUSE) did a backport of the amdfam10
support and made them available. Unfortunately this is still experimental
and while it can improve performance, enabling the CPUTYPE may break some
C++ ports (like clang).
Special care was taken to make sure that the patches predate the GPLv3
switch upstream.
Tested by: Vladimir Kushnir
Reviewed by: mm
Approved by: jhb (mentor)
MFC after: 2 weeks
Modified Fri Jul 10 07:44:34 2009 CDT by rafael
backport part of
http://gcc.gnu.org/ml/gcc-cvs/2007-10/msg00118.html
The patch is for libstdc++ and it was GPL2 at the time.
Modified Tue Apr 29 01:20:19 2008 CDT by asl
Backport from mainline (pre-GPLv3).
Fix for sizeof(const void*) > sizeof(unsigned long).
Approved by: jhb (mentor)
MFC after: 2 weeks
a critical bugfix:
Processing of DNS resource records where the rdata field is zero length
may cause various issues for the servers handling them.
Processing of these records may lead to unexpected outcomes. Recursive
servers may crash or disclose some portion of memory to the client.
Secondary servers may crash on restart after transferring a zone
containing these records. Master servers may corrupt zone data if the
zone option "auto-dnssec" is set to "maintain". Other unexpected
problems that are not listed here may also be encountered.
All BIND users are strongly encouraged to upgrade.
Allow unique_file to take a mode for file permissions, but default
to user only read/write.
and r156592 from upstream clang trunk:
For final output files create them with mode 0664 to match other
compilers and expected defaults.
This should fix clang creating files with mode 0600.
Reported by: James <james@hicag.org>
MFC after: 3 days
Feature Change
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
Bug Fix
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-
threaded environment.
Other critical bug fixes are included.
All BIND users are encouraged to upgrade.
Revert r115805. An array type is required to have a range type,
however, the range can be unknown for the upper bound.
Testcase to follow.
Part of rdar://11457152
This should fix ctfconvert producing error messages during kernel
builds, similar to:
ERROR: scsi_all.c: die 24561: failed to retrieve array bounds
These were caused by incorrect debug information for flexible array
members of structs.
MFC after: 3 days
bison, keeping full compatibility with our previous yacc implementation.
Also bring the ability to create reentrant parser
This fix bin/140309 [1]
PR: bin/140309 [1]
Submitted by: Philippe Pepiot <ksh@philpep.org> [1]
Approved by: des (mentor)
MFC after: 1 month
the GCC 4.1 branch and are available under GPLv2.
2007-11-07 Eric Botcazou <ebotcazou@libertysurf.fr>
PR rtl-optimization/33822
* rtl.h (REG_OFFSET): Fix comment.
* var-tracking.c (INT_MEM_OFFSET): New macro.
(var_mem_set): Use it.
(var_mem_delete_and_set): Likewise.
(var_mem_delete): Likewise.
(vt_get_decl_and_offset): Likewise.
(offset_valid_for_tracked_p): New predicate.
(count_uses): Do not track locations with invalid offsets.
(add_uses): Likewise.
(add_stores): Likewise.
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=129972
2007-11-16 Richard Guenther <rguenther@suse.de>
PR middle-end/34030
* fold-const.c (fold_binary): Use correct types for folding
1 << X & Y to Y >> X & 1.
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=130242
2008-01-14 Eric Botcazou <ebotcazou@adacore.com>
PR rtl-optimization/31944
* cse.c (remove_pseudo_from_table): New function.
(merge_equiv_classes): Use above function to remove pseudo-registers.
(invalidate): Likewise
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=131524
2008-01-24 Kaveh R. Ghazi <ghazi@caip.rutgers.edu>
Backport:
2007-11-07 Kenneth Zadeck <zadeck@naturalbridge.com>
PR middle-end/33826
* ipa-pure-const (static_execute): Added code to keep recursive
functions from being marked as pure or const.
* ipa-utils (searchc): Fixed comment.
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=131807
2008-02-01 Kaveh R. Ghazi <ghazi@caip.rutgers.edu>
Backport:
2007-08-02 Nathan Froyd <froydnj@codesourcery.com>
PR middle-end/25445
* varasm.c (default_binds_local_p_1): Consult flag_whole_program
if we are compiling with -fPIC.
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=132061
2008-02-04 Richard Guenther <rguenther@suse.de>
PR middle-end/33631
* expr.c (count_type_elements): Give for unions instead of
guessing.
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=132101
2008-02-14 Alan Modra <amodra@bigpond.net.au>
PR target/34393
* config/rs6000/rs6000.md (restore_stack_block): Force operands[1]
to a reg.
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=132309
2008-03-25 Richard Guenther <rguenther@suse.de>
Backport from mainline:
2008-02-12 Richard Guenther <rguenther@suse.de>
PR middle-end/35163
* fold-const.c (fold_widened_comparison): Use get_unwidened in
value-preserving mode. Disallow final truncation.
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=133509
2008-11-30 Eric Botcazou <ebotcazou@adacore.com>
PR target/38287
* config/sparc/sparc.md (divsi3 expander): Remove constraints.
(divsi3_sp32): Add new alternative with 'K' for operand #2.
(cmp_sdiv_cc_set): Factor common string.
(udivsi3_sp32): Add new alternative with 'K' for operand #2.
Add TARGET_V9 case.
(cmp_udiv_cc_set): Factor common string.
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=142298
Reviewed by: mm
Approved by: jhb (mentor)
MFC after: 1 week
compiler frame size used there so this whole thing is V8/V9-agnostic.
- Use 32-bit function alignment as GCC does when using UltraSPARC I or
higher optimizations.
- Don't waste delay slots when possible.
Unfortunately, this still doesn't make libcompiler_rt a viable replacement
for libgcc on sparc64 though as once installed instead, buildworld times
increase by nearly 60% (which isn't related to these assembler functions).
sometimes disappear from the resulting object file, if compiled with
clang. In particular, this can lead to errors when building world with
clang and -g, similar to:
/usr/obj/usr/src/tmp/usr/lib/libc.so: undefined reference to `_malloc_options'
Reported by: Conrad J. Sabatier <conrads@.no.cox.net>
Reviewed by: jasone
prior to 3.0.0 release). This fixes several bugs related to memory
initialization.
Mangle __jemalloc_a0{malloc,calloc,free}() just like all the other
library-internal symbols in jemalloc, and adjust the tls allocation code
in libc to use the mangled names.
prior to 3.0.0 release) as contrib/jemalloc, and integrate it into libc.
The code being imported by this commit diverged from
lib/libc/stdlib/malloc.c in March 2010, which means that a portion of
the jemalloc 1.0.0 ChangeLog entries are relevant, as are the entries
for all subsequent releases.
we can free it later, instead of trying to free a pointer that points
to the end of the buffer.
Committed to head because this code no longer exists upstream.
Submitted by: jasone@
leak when iterating over possible audit trail directories. This fix will
be merged upstream in an identical form, but hasn't yet appeared in an
OpenBSM release.
Submitted by: guido
Obtained from: TrustedBSD Project
MFC after: 3 days
The fix is similar to the one applied in GCC-4.3 in
GCCSVN-r117929 under the GPLv2.
Submitted by: Andrey Simonenko
Reviewed by: mm
Approved by: jhb (mentor)
MFC after: 3 days
- Updates to various locations in Antarctica.
- Armenia will abolish DST this year.
- Not only Samoa has moved to UTC+14, also Fakaofo did.
- There will be a leap second in 30 June 2012.
- Historical updates of 1918 to Canada, Winn, Regina, Edm, Vanc, Creston.
- Chili stays on DST until 28 April 2012
- The Falkland islands will stay on DST this year.
Unfortunately, the ABI was broken upstream for the 4.2 release, which we
imported. We then shipped the broken version for several years and certain
ports (e.g. libobjc2) depend on it, so we're stuck with it for now...
We should revisit this for 10.0, since we're allowed to break the ABI then, but
until then we should keep the ABI we shipped with 8.x and 9.x.
Reviewed by: kan
Approved by: dim (mentor)
MFC after: 1 week
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.