8641 Commits

Author SHA1 Message Date
Dimitry Andric
5c1533a86d Disable UniversalMachO support in lldb's SystemInitializerFull.cpp,
since we do not need it.
2019-08-26 20:56:16 +00:00
Dimitry Andric
1f1d86b2b3 Update FREEBSD-Xlist for lldb. 2019-08-25 20:36:52 +00:00
Dimitry Andric
1771245355 Merge missed sources for lldb-specific TableGen tool. 2019-08-25 20:36:02 +00:00
Dimitry Andric
cbcf53de47 Merge openmp trunk r366426, resolve conflicts, and add FREEBSD-Xlist. 2019-08-22 20:26:20 +00:00
Dimitry Andric
d8053d0817 Merge libunwind trunk r366426, resolve conflicts, and add FREEBSD-Xlist. 2019-08-22 20:14:59 +00:00
Dimitry Andric
2f1cb2a6c9 Merge libc++ trunk r366426, resolve conflicts, and add FREEBSD-Xlist. 2019-08-22 19:49:51 +00:00
Dimitry Andric
14a0b2859e Merge compiler-rt trunk r366426, resolve conflicts, and add
FREEBSD-Xlist.
2019-08-22 19:26:11 +00:00
Dimitry Andric
580d4aa65a Merge lldb trunk r366426, resolve conflicts, and update FREEBSD-Xlist. 2019-08-22 19:14:02 +00:00
Cy Schubert
206b73d042 MFV r346563:
Update wpa 2.8 --> 2.9

hostapd:
* SAE changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* EAP-pwd changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
* added configuration of airtime policy
* fixed FILS to and RSNE into (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* added support for regulatory WMM limitation (for ETSI)
* added support for MACsec Key Agreement using IEEE 802.1X/PSK
* added experimental support for EAP-TEAP server (RFC 7170)
* added experimental support for EAP-TLS server with TLS v1.3
* added support for two server certificates/keys (RSA/ECC)
* added AKMSuiteSelector into "STA <addr>" control interface data to
  determine with AKM was used for an association
* added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
  fast reauthentication use to be disabled
* fixed an ECDH operation corner case with OpenSSL

wpa_supplicant:
* SAE changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* EAP-pwd changes
  - disable use of groups using Brainpool curves
  - allow the set of groups to be configured (eap_pwd_groups)
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
  (disabled by default for backwards compatibility; can be enabled
  with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
  to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
  4-way handshake
* fixed an ECDH operation corner case with OpenSSL

MFC after:	1 week
Security:	https://w1.fi/security/2019-6/\
		sae-eap-pwd-side-channel-attack-update.txt
2019-08-22 18:52:30 +00:00
Dimitry Andric
22d1794578 Merge lld trunk r366426, and resolve conflicts. 2019-08-21 20:44:42 +00:00
Dimitry Andric
e123fc8fd8 Merge clang trunk r366426, resolve conflicts, and update FREEBSD-Xlist. 2019-08-21 19:57:54 +00:00
Dimitry Andric
54db30ce18 Merge llvm trunk r366426, resolve conflicts, and update FREEBSD-Xlist. 2019-08-21 18:13:02 +00:00
Dimitry Andric
51ff47d7a5 Pull in r368867 from upstream libc++ trunk (by Marshall Clow):
Rework recursive_timed_mutex so that it uses __thread_id instead of
  using the lower-level __libcpp_thread_id. This is prep for fixing
  PR42918. Reviewed as https://reviews.llvm.org/D65895

Pull in r368916 from upstream libc++ trunk (by Marshall Clow):

  Fix thread comparison by making sure we never pass our special 'not a
  thread' value to the underlying implementation. Fixes PR#42918.

This should fix std:🧵🆔:operator==() attempting to call
pthread_equal(3) with zero values.

Reported by:	andrew@tao11.riddles.org.uk
PR:		239038, 239550
MFC after:	3 days
2019-08-20 17:39:32 +00:00
Eric van Gyzen
dc26651a96 Update pthread_cond_timedwait() test to current NetBSD
NetBSD adapted and committed our r350620.  Update to their version 1.8.

Reviewed by:	ngie
Obtained from:	NetBSD
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D21279
2019-08-16 13:10:08 +00:00
Ed Maste
83129c0b65 telnet: remove 3rd clause from Berkeley copyrights
Per the July 22, 1999 letter (in /COPYRIGHT) from
William Hoskins
Director, Office of Technology Licensing
University of California, Berkeley

MFC after:	1 week
2019-08-15 13:27:57 +00:00
Xin LI
51f61fc0c7 Upgrade to Bzip2 version 1.0.8.
MFC after:	3 days
2019-08-11 06:26:03 +00:00
Mark Johnston
bbce101753 Merge r3780 from elftoolchain.
Adjust argc and argv by optind before using them.  This slightly
simplifies the code.  No functional change intended.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21079
2019-08-07 16:22:25 +00:00
Mark Johnston
1966967151 readelf: Close input files when done with them.
The low fd limit used by poudriere exposed an odd failure mode in
cap_fileargs (used by readelf as of r350516).  In particular, when
the limit was hit, both the main process and casper service would
block on their shared socket, waiting forever for the other to send a
message.

Reported by:	zeising
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2019-08-07 03:14:45 +00:00
Ed Maste
54e9e4e72d bsnmp: add asn1 message length validation
admbugs:	780
Submitted by:	Guido Vranken, bz
Reported by:	Guido Vranken
Security:	CVE-2019-5610
2019-08-06 16:09:06 +00:00
Eric van Gyzen
e48c002fa4 Relax time constraint in pthread_cond_timedwait unit test
pthread_cond_timedwait() should wait _at least_ until the timeout,
but it might appear to wait longer due to system activity and
scheduling.  The test ignored fractional seconds when comparing the
actual and expected timeouts, so it allowed anywhere between zero
and one extra second of wait time.  Zero is a bit unreasonable.
Compare fractional seconds so we always allow up to one extra second.

Reviewed by:	ngie
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2019-08-05 22:59:35 +00:00
Ed Maste
7959685201 as: add deprecation notice to the man page
In the future FreeBSD will ship without GNU binutils 2.17.50.  Add a
note advising users who require GNU as to install the binutils port
or package.

Note that on armv7, arm64, amd64, i386 we currently ship only two
binutils tools (as and objdump).  A deprecation notice was added to
objdump's man page some time ago.

PR:		233611
Discussed with:	jhb
MFC after:	1 week
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2019-08-01 19:01:27 +00:00
Mark Johnston
1033464925 Capsicumize size(1).
Reviewed by:	oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21105
2019-08-01 18:57:37 +00:00
Mark Johnston
802c2095b5 Capsicumize readelf(1).
Reviewed by:	oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21108
2019-08-01 18:57:08 +00:00
Mark Johnston
1d954fed61 Capsicumize addr2line(1).
Reviewed by:	oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21104
2019-08-01 18:56:32 +00:00
Ed Maste
14a345d921 readelf: decode NT_GNU_PROPERTY_TYPE_0 / GNU_PROPERTY_X86_FEATURE_1_AND
These bits are used for Intel CET IBT/Shadow Stack.

MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20516
2019-08-01 17:59:56 +00:00
Ed Maste
840dff46ae objdump: be explicit that GNU objdump that will be removed
We may install llvm-objdump as objdump (see review D18307) or just
provide no /usr/bin/objdump, but either way GNU objdump won't be
installed in the future.

MFC after:	3 days
2019-08-01 14:42:41 +00:00
Ed Maste
deffed6ea2 telnet: use asprintf for r349890 change
Suggested by:	imp
MFC after:	3 weeks
Sponsored by:	The FreeBSD Foundation
2019-08-01 13:46:04 +00:00
Leandro Lupori
1153929465 [PPC64] Backport fix for missing IRELATIVE relocations
This is a backport of LLVM commit 8331f61a51a7a0a1efbf5ed398e181593023d151,
llvm-svn: 353981:

ELF: Allow GOT relocs pointing to non-preemptable ifunc to resolve to an
IRELATIVE where possible.

This is needed in order to make ifuncs work correctly on PPC64.

It fixes an issue with lld, in which it would skip emitting necessary IRELATIVE
relocations.  Without this change, indirect calls to ifuncs would result in a
segmentation fault, in static binaries or when defined in the main binary
(outside shared libraries).

This change also reverts the local
"Preserve relocations against ifuncs when -zifunc-noplt" commit and
replaces it by its upstream version, as part of the merge.

Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D21102
2019-07-31 16:22:05 +00:00
Mark Johnston
36d7818975 Merge r3778 and r3779 from ELFToolchain.
Modify strip(1) to not accept multiple input files when an output
file is specified.  There is no good way to handle this combination,
and the change is compatible with binutils.

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2019-07-29 22:07:43 +00:00
Dimitry Andric
ba9b2ede8a Pull in r366369 from upstream llvm trunk (by Francis Visoiu Mistrih):
[CodeGen][NFC] Simplify checks for stack protector index checking

  Use `hasStackProtectorIndex()` instead of `getStackProtectorIndex()
  >= 0`.

Pull in r366371 from upstream llvm trunk (by Francis Visoiu Mistrih):

  [PEI] Don't re-allocate a pre-allocated stack protector slot

  The LocalStackSlotPass pre-allocates a stack protector and makes sure
  that it comes before the local variables on the stack.

  We need to make sure that later during PEI we don't re-allocate a new
  stack protector slot. If that happens, the new stack protector slot
  will end up being **after** the local variables that it should be
  protecting.

  Therefore, we would have two slots assigned for two different stack
  protectors, one at the top of the stack, and one at the bottom. Since
  PEI will overwrite the assigned slot for the stack protector, the
  load that is used to compare the value of the stack protector will
  use the slot assigned by PEI, which is wrong.

  For this, we need to check if the object is pre-allocated, and re-use
  that pre-allocated slot.

  Differential Revision: https://reviews.llvm.org/D64757

Pull in r367068 from upstream llvm trunk (by Francis Visoiu Mistrih):

  [CodeGen] Don't resolve the stack protector frame accesses until PEI

  Currently, stack protector loads and stores are resolved during
  LocalStackSlotAllocation (if the pass needs to run). When this is the
  case, the base register assigned to the frame access is going to be
  one of the vregs created during LocalStackSlotAllocation. This means
  that we are keeping a pointer to the stack protector slot, and we're
  using this pointer to load and store to it.

  In case register pressure goes up, we may end up spilling this
  pointer to the stack, which can be a security concern.

  Instead, leave it to PEI to resolve the frame accesses. In order to
  do that, we make all stack protector accesses go through frame index
  operands, then PEI will resolve this using an offset from sp/fp/bp.

  Differential Revision: https://reviews.llvm.org/D64759

Together, these fix a issue where the stack protection feature in LLVM's
ARM backend can be rendered ineffective when the stack protector slot is
re-allocated so that it appears after the local variables that it is
meant to protect, leaving the function potentially vulnerable to a
stack-based buffer overflow.

Reported by:	andrew
Security:	https://kb.cert.org/vuls/id/129209/
MFC after:	3 days
2019-07-26 18:49:20 +00:00
Dimitry Andric
e91d723ad4 Merge libcxxrt master f96846efbfd508f66d91fcbbef5dd808947c7f6d.
Interesting fixes:
f96846e Fix std::size_t -> size_t to unbreak build against libc++ 6.0.0
6f4cfa2 Fix the uncaught exception count with rethrowing (PR 239265)
db54f53 Added C++14-specific operator delete (#47)

PR:		239265
MFC after:	3 days
2019-07-26 16:55:06 +00:00
Baptiste Daroussin
45a5aec3f1 Update mandoc to cvs snapshot 2019-07-23
This snapshot among other things includes a fix for a crash of mandoc with empty
tbl reported by rea@ (his regression test has been incorporated upstream)

MFC after:	3 weeks
2019-07-26 10:00:33 +00:00
Li-Wen Hsu
7e37c475fa Temporarily skip lib.libc.regex.exhaust_test.regcomp_too_big and
lib.libregex.exhaust_test.regcomp_too_big on i386 as they are flakey on it

PR:		237450
Sponsored by:	The FreeBSD Foundation
2019-07-22 18:42:55 +00:00
Dimitry Andric
87c8ef55c3 Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
8.0.1 final release r366581.  The only functional change is a fix for a
mismerge of upstream r360816, which properly restores the r2 register
when unwinding on PowerPC64 (See https://reviews.freebsd.org/D20337).

Relnotes:	yes
PR:		236062
MFC after:	3 days
X-MFC-With:	r349004
2019-07-20 15:26:21 +00:00
Cy Schubert
5f34d83b8c MFV r350080:
Update sqlite3-3.28.0 (3280000) --> sqlite3-3.29.0 (3290000)

MFC after:	1 week
2019-07-18 00:27:28 +00:00
Brooks Davis
1011a4fe27 Remove a duplicate global (rfc931_timeout).
It is declared here and in rfc931.c and unused here so keep that copy
and discard this one.

Obtained from:	CheriBSD
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2019-07-17 23:43:14 +00:00
Brooks Davis
7d2d393c25 Use headers instead of manual declerations of standard functions and
variables.
2019-07-17 23:36:36 +00:00
Brooks Davis
068ad27de3 Use ANSI C function definitions and declerations.
Obtained from:	CheriBSD
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2019-07-17 23:09:40 +00:00
Brooks Davis
1575a795cb Add missing mode in open(2) calls with O_CREAT.
When O_CREAT is specified, the third, variadic argument is
required as the permission. If on is not passed, then depending
on the ABI, either the contents of the third argument register
or some arbitrary stuff on the stack will be used as the permission.

This has been merged to NetBSD.

Reviewed by:	asomers, ngie
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D20972
2019-07-16 22:27:49 +00:00
Brooks Davis
a74dca96a1 Fix two mismatches between function declaration and definition.
In both cases, function pointer arguments were inconsistently declared
and the result worked because of C's odd rules around function pointer
(de)references.  With a stricter compiler these fail to compile.

Reviewed by:	cem
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D20964
2019-07-16 16:03:08 +00:00
Mariusz Zaborski
5eac9c1cb0 strings: extends rights
The libelf is using mmap if it can, if not it was fall backing to read.

Reported by:	markj
2019-07-16 04:17:25 +00:00
Mariusz Zaborski
5ff84ed38f strings: fix entering to the capability mode
Reported by:	markj
2019-07-16 03:32:21 +00:00
Dimitry Andric
f7e8f5d439 Pull in r365760 from upstream lld trunk (by Fangrui Song):
[ELF] Handle non-glob patterns before glob patterns in version
  scripts & fix a corner case of --dynamic-list

  This fixes PR38549, which is silently accepted by ld.bfd.
  This seems correct because it makes sense to let non-glob patterns
  take precedence over glob patterns.

  lld issues an error because
  `assignWildcardVersion(ver, VER_NDX_LOCAL);` is processed before
  `assignExactVersion(ver, v.id, v.name);`.

  Move all assignWildcardVersion() calls after assignExactVersion()
  calls to fix this.

  Also, move handleDynamicList() to the bottom. computeBinding() called
  by includeInDynsym() has this cryptic rule:

      if (versionId == VER_NDX_LOCAL && isDefined() && !isPreemptible)
	return STB_LOCAL;

  Before the change:

  * foo's version is set to VER_NDX_LOCAL due to `local: *`
  * handleDynamicList() is called
    - foo.computeBinding() is STB_LOCAL
    - foo.includeInDynsym() is false
    - foo.isPreemptible is not set (wrong)
  * foo's version is set to V1

  After the change:

  * foo's version is set to VER_NDX_LOCAL due to `local: *`
  * foo's version is set to V1
  * handleDynamicList() is called
    - foo.computeBinding() is STB_GLOBAL
    - foo.includeInDynsym() is true
    - foo.isPreemptible is set (correct)

  Reviewed By: ruiu

  Differential Revision: https://reviews.llvm.org/D64550

This makes it longer necessary to patch the version scripts for the
samba ports, to avoid "duplicate symbol 'pdb_search_init' in version
script" errors.

PR:		230602
MFC after:	3 days
2019-07-13 15:04:30 +00:00
Philip Paeps
6071f00ffe telnet: fix minor style violation
While here also fix a very unlikely NULL pointer dereference.

Submitted by:	Shawn Webb <shawn.webb@hardenedbsd.org>
2019-07-10 22:36:14 +00:00
Philip Paeps
e68ce1cc10 telnet: fix a couple of snprintf() buffer overflows
Obtained from:	Juniper Networks
MFC after:	1 week
2019-07-10 17:42:04 +00:00
Dimitry Andric
128c495e50 Apply a workaround to be able to build clang 8.0.0 headers with clang
3.4.1, which is still in the stable/10 branch.

It looks like clang 3.4.1 implements static_asserts by instantiating a
temporary static object, and if those are in an anonymous union, it
results in "error: anonymous union can only contain non-static data
members".

To work around this implementation limitation, move the static_asserts
in question out of the anonymous unions.

This should make building the latest stable/11 from stable/10 possible
again.

Reported by:	Mike Tancsa <mike@sentex.net>
MFC after:	3 days
2019-07-10 05:57:37 +00:00
Dimitry Andric
ec38f4f941 Upgrade our copies of clang, llvm, lld, lldb, compiler-rt, libc++,
libunwind and openmp to the upstream release_80 branch r364487
(effectively, 8.0.1 rc3).  The 8.0.1 release will most likely
have no further changes.

MFC after:	1 week
X-MFC-With:	r349004
2019-07-06 18:02:29 +00:00
Mark Johnston
0070b575f4 elfcopy: Clear errors after fetching the shstrtab index.
Otherwise a future call to elf_errno() will return a non-zero value.
update_shdr(), for example, treats any errors associated with the ELF
descriptor as fatal.  Clear the error per the first example in
elf_errmsg.3.

Convert to elf_getshdrstrndx() while here since elf_getshstrndx() is
apparently deprecated.

Reported by:	royger
Reviewed by:	emaste
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20852
2019-07-04 15:07:19 +00:00
Dag-Erling Smørgrav
e86b909626 Upgrade Unbound to 1.9.2. 2019-07-04 08:40:10 +00:00
Philip Paeps
2865ab3fad Import tzdata 2019b
Changes: https://github.com/eggert/tz/blob/2019b/NEWS

MFC after:	1 day
2019-07-02 01:12:23 +00:00