This allows me to accurately test this scenario, and for others to rely
on the behavior, instead of relying on knowledge obtained via code
inspection.
Wording borrowed from free(3).
MFC after: 1 week
Requested by: ken (D9928)
Reviewed by: imp
Sponsored by: Dell EMC Isilon
Differential Revision: D9969
libpam: extra bounds checking through reallocarray(3).
It appears to be causing brokenness when reporting PAM_* environment
variables. This requires more investigation.
Reported by: lstewart
reallocarray(3) is a non portable extension that originated in OpenBSD.
Given that it is already in FreeBSD's libc it is useful for the cases
where reallocation involves a multiplication.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D9955
- spelling: "mis-named" should be "misnamed".
- delete spaces interspersed in literal representation of
`struct cam_device` as hard-tabs separate the types and fields.
- Add commas after `e.g.`.
Reported by: igor
MFC after: 1 week
Sponsored by: Dell EMC Isilon
This is the correct markup macro, as opposed to .Va (variable names)
While here, annotate several bare references to `NULL` with .Dv.
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Unsign setlen: it is local and will never be negative. Having one more bit
for growth is beneficial and it avoids a cast when it's going to be used
for allocation.
Reviewed by: ngie
MFC after: 3 days
Rename nitems to numitems: it shares the anme with an existing macro in
sys/params.h. Also initialize the value later which avoids asigning the
value if we exit early.
Reviewed by: ngie
MFC after: 3 days
ATF tests have a default WARNS of 0, unlike other usermode programs. This
change is technically a noop, but it documents that the msun tests don't
work with any warnings enabled, at least not on all architectures.
Reviewed by: ngie
MFC after: 3 weeks
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933
The clang 4.x+ upgrade now causes this testcase to fail, but
only on amd64.
More investigation will be done to determine the cause.
MFC after: 1 week
Reported by: Jenkins
PR: 217528
Sponsored by: Dell EMC Isilon
Recent changes (maybe a side-effect of the ATF-ification in r314649)
invalidate the failure expectation.
PR: 205446
MFC after: 1 week
Sponsored by: Dell EMC Isilon
This commit implements the (mostly?) Linux compatible
efidp_format_device_path and efidp_parse_device_path APIs. These are
the only APIs exposed through this library. However, they are built on
code from Tianocore's EDK2 MdePkg. They are brought in as new files
here for reasons described in FreeBSD-update.
Symbol versioning will be introduced to control what's exported from
the EDK2 code.
Some structural changes may be necessary when we move to sharing with
sys/boot/efi.
Sponsored by: Netflix
Currently are defined three scopes: global, ifnet, and pcb.
Generic security policies that IKE daemon can add via PF_KEY interface
or an administrator creates with setkey(8) utility have GLOBAL scope.
Such policies can be applied by the kernel to outgoing packets and checked
agains inbound packets after IPsec processing.
Security policies created by if_ipsec(4) interfaces have IFNET scope.
Such policies are applied to packets that are passed through if_ipsec(4)
interface.
And security policies created by application using setsockopt()
IP_IPSEC_POLICY option have PCB scope. Such policies are applied to
packets related to specific socket. Currently there is no way to list
PCB policies via setkey(8) utility.
Modify setkey(8) and libipsec(3) to be able distinguish the scope of
security policies in the `setkey -DP` listing. Add two optional flags:
'-t' to list only policies related to virtual *tunneling* interfaces,
i.e. policies with IFNET scope, and '-g' to list only policies with GLOBAL
scope. By default policies from all scopes are listed.
To implement this PF_KEY's sadb_x_policy structure was modified.
sadb_x_policy_reserved field is used to pass the policy scope from the
kernel to userland. SADB_SPDDUMP message extended to support filtering
by scope: sadb_msg_satype field is used to specify bit mask of requested
scopes.
For IFNET policies the sadb_x_policy_priority field of struct sadb_x_policy
is used to pass if_ipsec's interface if_index to the userland. For GLOBAL
policies sadb_x_policy_priority is used only to manage order of security
policies in the SPDB. For IFNET policies it is not used, so it can be used
to keep if_index.
After this change the output of `setkey -DP` now looks like:
# setkey -DPt
0.0.0.0/0[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/87.250.242.144-87.250.242.145/unique:145
spid=7 seq=3 pid=58025 scope=ifnet ifname=ipsec0
refcnt=1
# setkey -DPg
::/0 ::/0 icmp6 135,0
out none
spid=5 seq=1 pid=872 scope=global
refcnt=1
No objection from: #network
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D9805
This follows another fix to bootstrap libmd after r313404. The
MD5FileChunk prototype is needed to build libmd, but it is
only reliably in the src tree's sys/md5.h header. Rather than
polluting the legacy build with this header for the entire build,
just symlink it in here for now as is done in the elftoolchain
build. Libmd is already referencing other src tree headers by
its used of CFLAGS+= ${SRCTOP}/sys/crypto/sha2. This, and
other uses of CFLAGS+= ${SRCTOP}/sys..., may later change to
be in the legacy mechanism.
Reported by: bde, ian, sjg
Tested by: ian
already complete.
Since 416 is an error code, any Content-Range header in the response
would refer to the error message, not the requested document, so
relying on the value of size when we know we got a 416 is wrong.
Instead, just verify that offset == 0 and assume that we've reached
the end of the document (if offset > 0, we did not request a range,
and the server is screwing with us). Note that we cannot distinguish
between reaching the end and going past it, but that is a flaw in the
protocol, not in the code, so we just have to assume that the caller
knows what it's doing. A smart caller would request an offset
slightly before what it believes is the end and compare the result to
what is already in the file.
PR: 212065
Reported by: mandree
MFC after: 3 weeks
Dan Krejsa reports a potential memory leak in an fts_build error case,
detected by Coverity. (It doesn't seem to show up in Coverity Scan, so I
don't have a CID to point to.)
I don't know whether it is actually possible to arrive in this case with a
non-empty 'head' list. The cost is low, though. One additional branch in a
terminal error case isn't the end of the world.
PR: 217125
Submitted by: Dan Krejsa <dan.krejsa at gmail.com>
This is being done as a precursor for work needed to annontate failing
testcases with clang 4.0+.
MFC after: 1 week
PR: 217528
Sponsored by: Dell EMC Isilon
