5169 Commits

Author SHA1 Message Date
delphij
dca5e2df84 MFV: tcpdump 4.3.0.
MFC after:	4 weeks
2012-10-05 20:19:28 +00:00
delphij
a130b811b9 MFV: libpcap 1.3.0.
MFC after:	4 weeks
2012-10-05 18:42:50 +00:00
glebius
9aada32871 Provide ability for printing and decoding pfsync(4) traffic. This
doesn't mean supporting IFT_PFSYNC (which I hope will eventually
die). This means decoding packets with IP protocol of 240 caught
on any normal interface like Ethernet.

  The code is based on couple of files from OpenBSD, significantly
modified by myself.

  Parser differentiates for four levels of verbosity: no -v, -v,
-vv and -vvv.

  We don't yet forward this code upstream, because currently it
strongly relies on if_pfsync.h and even on pfvar.h. I hope that
this can be fixed in future.

Reviewed by:	gnn, delphij
2012-10-05 07:51:21 +00:00
dim
f8be5cf464 Pull in r164717 from upstream clang trunk:
Allow -MF to be used in combination with -E -M or -E -MM.

This should help with building the lang/ghc port.

MFC after:	1 week
2012-10-03 16:48:28 +00:00
marcel
22657893cf Merge bmake-20120831 from vendor/NetBSD/bmake/dist.
Provenance: ftp://ftp.netbsd.org/pub/NetBSD/misc/sjg
2012-10-03 00:41:46 +00:00
kevlo
a93e845e54 Make sure that each va_start has one and only one matching va_end,
especially in error cases.
2012-09-28 07:51:30 +00:00
pjd
8f211dfb85 Add libsbuf. 2012-09-22 17:47:37 +00:00
glebius
31abec7892 Re-do r240271:
- Set IP_RECVDSTADDR sockopt on the socket only in case if
  it is INADDR_ANY bound.
- Supply IP_SENDSRCADDR control message only if we did receive
  IP_RECVDSTADDR control message.

This fixes operation of snmpd bound to a specific local IP address.

PR:		bin/171279
2012-09-20 05:41:20 +00:00
dougb
4ca95619a9 Upgrade to 9.8.3-P3:
Prevents a crash when queried for a record whose RDATA exceeds
65535 bytes.

Prevents a crash when validating caused by using "Bad cache" data
before it has been initialized.

ISC_QUEUE handling for recursive clients was updated to address
a race condition that could cause a memory leak. This rarely
occurred with UDP clients, but could be a significant problem
for a server handling a steady rate of TCP queries.

A condition has been corrected where improper handling of
zero-length RDATA could cause undesirable behavior, including
termination of the named process.

For more information: https://kb.isc.org/article/AA-00788
2012-09-20 04:12:09 +00:00
kevlo
98ccaea0f9 Fix typo: s/pakcet/packet 2012-09-20 03:29:43 +00:00
dim
0d3f939ba7 Pull in r163967 from upstream llvm trunk:
X86: Emitting x87 fsin/fcos for sinf/cosf is not safe without unsafe
  fp math.

This should make clang emit calls to libm for sinf/cosf by default.

MFC after:	1 week
2012-09-15 17:02:05 +00:00
bapt
a06756dafd update to version 20120526 2012-09-14 21:17:53 +00:00
glebius
0ccf4838d7 o Create directory sys/netpfil, where all packet filters should
reside, and move there ipfw(4) and pf(4).

o Move most modified parts of pf out of contrib.

Actual movements:

sys/contrib/pf/net/*.c		-> sys/netpfil/pf/
sys/contrib/pf/net/*.h		-> sys/net/
contrib/pf/pfctl/*.c		-> sbin/pfctl
contrib/pf/pfctl/*.h		-> sbin/pfctl
contrib/pf/pfctl/pfctl.8	-> sbin/pfctl
contrib/pf/pfctl/*.4		-> share/man/man4
contrib/pf/pfctl/*.5		-> share/man/man5

sys/netinet/ipfw		-> sys/netpfil/ipfw

The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.

Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.

The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.

Discussed with:		bz, luigi
2012-09-14 11:51:49 +00:00
edwin
68ea0ab135 MFV of 240454, tzdata2012f
- Pacific/Fiji will go into DST from 21 October 2012 till 20 January 2013.
- Fix offset for Pacific/Tokelau.
- Gaza and West Bank had DST from 29 March to 28 September 2012.
- Syria has DST from April till October
- Morocco had DST from April to September 2012 except for 20 July to 20 August.
- Cuba changed to DST from 1 April 2012 only.
- Haiti has DST between 8 March and 1 November in 2012.

Obtained from:	ftp://ftp.iana.org/tz/releases/
2012-09-13 10:17:01 +00:00
delphij
de36ad45b6 Remove a few files that are not needed for FreeBSD.
PR:		bin/171555
Approved by:	obrien
2012-09-11 21:16:22 +00:00
gshapiro
584000d59d Properly define true/false when defining __bool_true_false_are_defined
for filters which pull in mfapi.h before stdbool.h.  Issue reported by
Petr Rehor, maintainer of amavisd-milter port.

MFC after:	3 days
2012-09-10 01:15:51 +00:00
glebius
8705cd0c25 For UDP transport set IP_RECVDSTADDR sockopt on the socket, and provide
IP_SENDSRCADDR control with datagram message we reply with. This makes
bsnmpd reply from exactly same address that request was sent to, thus
successfully bypassing stateful firewalls or other kinds of strict checking.

PR:		bin/171279
2012-09-09 09:46:48 +00:00
glebius
ee13ec1070 The first part of check_priv() function, that attempts to obtain creds
from the control message, actually never worked. This means check_priv()
didn't work for local dgram sockets.

The SCM_CREDS control messages is received only in two cases:

1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case
   the message is struct sockcred.
2) If sender did supplied SCM_CREDS control message in his sendmsg()
   syscall. In this case the message is struct cmsgcred.

We can't rely on 2), so we will use 1) for dgram sockets. For stream
sockets it is more reliable to obtain accept-time credentials, since
SCM_CREDS control message is attached only on first read. Thus:

o Do setsockopt(LOCAL_CREDS) on local dgram sockets.
o Split check_priv() into check_priv_stream() and check_priv_dgram(),
  and call them from recv_stream() and recv_dgram() respectively.
o Don't provide space for SCM_CREDS control message in recv_stream().
o Provide space for SCM_CREDS control message in recv_dgram(), but there
  is no need to initialize anything in it.
o In recv_dgram() do not blindly expect that first message is SCM_CREDS,
  instead use correct search cycle through control messages.
2012-09-08 07:12:00 +00:00
glebius
5190d38ee3 Merge the projects/pf/head branch, that was worked on for last six months,
into head. The most significant achievements in the new code:

 o Fine grained locking, thus much better performance.
 o Fixes to many problems in pf, that were specific to FreeBSD port.

New code doesn't have that many ifdefs and much less OpenBSDisms, thus
is more attractive to our developers.

  Those interested in details, can browse through SVN log of the
projects/pf/head branch. And for reference, here is exact list of
revisions merged:

r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330,
r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656,
r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782,
r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868,
r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223,
r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456,
r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505,
r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168,
r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230,
r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398,
r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548,
r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672,
r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169,
r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442,
r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522,
r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661,
r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212.

I'd like to thank people who participated in early testing:

Tested by:	Florian Smeets <flo freebsd.org>
Tested by:	Chekaluk Vitaly <artemrts ukr.net>
Tested by:	Ben Wilber <ben desync.com>
Tested by:	Ian FREISLICH <ianf cloudseed.co.za>
2012-09-08 06:41:54 +00:00
kevlo
31557286d9 Fully initialize the stack-allocated "struct sockaddr_in sa" structure. 2012-09-07 08:58:30 +00:00
emaste
825c974e40 Fix "Corrupted DWARF expression" from (k)gdb.
Google turned up Debian bug 405116, which describes the problem in
sufficient detail to identify the overflowing variables.

MFC after:	1 week
2012-09-06 13:47:42 +00:00
marcel
9ba5c158f9 Update to a pruned 0.16. 2012-09-05 16:01:08 +00:00
marcel
e421ea1bec Add headers created by running configure. 2012-09-04 23:27:07 +00:00
marcel
aeee2a3118 Merge ATF 0.16 from vendor/atf/dist.
Provenance: http://code.google.com/p/kyua
Discussed with: gibbs, gnn, keramida, mdf, mlaier,
Discussed with: Garrett Cooper
2012-09-04 23:16:58 +00:00
andrew
2d9c0c0384 Fix a logic inversion in an assert to allow us to use dts files that
include other files.
2012-09-02 01:48:47 +00:00
dim
8c9e04b267 Fix a twelve year old bug in readelf: when process_dynamic_segment()
encounters a DT_RUNPATH entry, the global dynamic_info[] array is
overrun, causing some other global variable to be overwritten.

In my testcase, this was the section_headers variable, leading to
segfaults or jemalloc assertions when it was freed later on.

Thanks to Koop Mast for providing samples of a few "bad" .so files.

MFC after:	1 week
2012-08-31 23:28:41 +00:00
dim
5adf2c54b3 Teach gdb about the DW_FORM_flag_present dwarf attribute, so it doesn't
error out on files that contain it.  (This attribute can be emitted by
newer versions of clang.)

MFC after:	2 weeks
2012-08-29 18:37:10 +00:00
mm
c0dcd66b15 Apply fix for vendor pull request #17:
Support appending to empty archives

References:
  https://github.com/libarchive/libarchive/pull/17

Submitted by:	myself
Obtained from:	libarchive master branch on github
2012-08-23 19:40:28 +00:00
dim
ba4876bedf Pull in r162360 from upstream clang trunk:
Merge existing attributes before processing pragmas in friend template
  declarations.
  Fixes pr13662.

This should help when building Firefox with libc++.
2012-08-23 18:14:59 +00:00
dim
deea31babe Since our clang now supports the tls_model attribute, remove the
workaround for it in jemalloc_FreeBSD.h.

Reviewed by:	jasone
2012-08-23 17:58:22 +00:00
ache
9a0fdc89f1 According to resolvconf.conf(5) manpage and sources, there is no
'nameservers' option which used in examples in resolvconf.conf(5),
it spelled 'name_servers', so fix examples.
2012-08-21 06:14:08 +00:00
dim
ea718b0e08 Upgrade our copy of llvm/clang to trunk r162107. With thanks to
Benjamin Kramer and Joerg Sonnenberger for their input and fixes.
2012-08-20 18:33:03 +00:00
obrien
a941b72fdc Catch up with the subversion conversion and apply these build-time patches. 2012-08-17 18:20:38 +00:00
mckay
3671fbcc9a Correct a regression introduced during the import of file(1) 5.11.
Magic tests containing "search" or "regex" directives were incorrectly
compiled by "mkmagic" and were effectively ignored.  This caused troff
files (for example) to be detected as simply "ASCII text" instead of
as "troff or preprocessor input, ASCII text".

PR:		bin/170415
Approved by:	consensus on developers@
MFC after:	3 days
2012-08-17 02:27:17 +00:00
gonzo
b501ab9dc9 Merging of projects/armv6, part 3
r238211:
Support TARGET_ARCH=armv6 and TARGET_ARCH=armv6eb

This adds a new TARGET_ARCH for building on ARM
processors that support the ARMv6K multiprocessor
extensions.  In particular, these processors have
better support for TLS and mutex operations.

This mostly touches a lot of Makefiles to extend
existing patterns for inferring CPUARCH from ARCH.
It also configures:
 * GCC to default to arm1176jz-s
 * GCC to predefine __FreeBSD_ARCH_armv6__
 * gas to default to ARM_ARCH_V6K
 * uname -p to return 'armv6'
 * make so that MACHINE_ARCH defaults to 'armv6'
It also changes a number of headers to use
the compiler __ARM_ARCH_XXX__ macros to configure
processor-specific support routines.

Submitted by:	Tim Kientzle <kientzle@freebsd.org>
2012-08-15 03:21:56 +00:00
delphij
804597f72d RFC 2289 requires all hashes be stored in little endian format before
folding to 64 bits, while SHA1 code is big endian.  Therefore, a bswap32
is required before using the value.

Without this change, the implementation does not conform to test vector
found in RFC 2289.

PR:		bin/170519
Submitted by:	Arthur Mesh <arthurmesh gmail com> (with changes)
MFC after:	1 week
2012-08-10 04:48:58 +00:00
andrew
30502844bd Import compiler-rt r160957.
This is mostly a no-op other than for ARM where it adds missing
__aeabi_mem* and __aeabi_*divmod functions. Even on ARM these will remain
unused until the rest of the ARM EABI code is merged.
2012-08-08 09:42:44 +00:00
mm
18c77ad454 Backport NFSv4 ACL fix from libarchive master branch.
Source:
https://github.com/libarchive/libarchive/commit/f67370d5

Obtained from:	libarchive (master branch)
2012-07-30 14:47:35 +00:00
mm
5f5b4acf51 Fix endless loop if reading unsupported ACL type.
Apply fix from vendor's master branch.

References:
https://github.com/libarchive/libarchive/commit/d8b9dbd

Reported on:	freebsd-current@
Obtained from:	libarchive
2012-07-29 06:33:27 +00:00
dim
fe2cf87e27 Similar to what is already done for Linux, make clang not complain about
unused -g, -emit-llvm or -w arguments when doing linking.  E.g. invoking
"clang -g foo.o -o foo" will now be silent.

Reported by:	Jakub Lach <jakub_lach@mailplus.pl>
MFC after:	1 week
2012-07-28 13:12:57 +00:00
dim
52c874269a Similar to r238472, let clang pass --enable-new-dtags to the linker
invocation by default.  Also make sure --hash-style=both is passed for
the same arches as gcc, e.g. arm, sparc and x86.

X-MFC-with:	r238472
2012-07-28 12:50:25 +00:00
mm
11bb7fcf7b Update libarchive to 3.0.4 2012-07-28 06:38:44 +00:00
mm
f13fbbaa27 Update information on obtaining libarchive sources and FreeBSD-Xlist 2012-07-27 08:28:44 +00:00
ru
4c8e101c95 Pull up vendor changes to mdoc(7). 2012-07-26 11:12:38 +00:00
ru
d7b39aca2d Backed out r228904, and added libstdthreads support to mdoc(7) to where
it belongs.
2012-07-26 11:10:25 +00:00
ru
f86f8cefc5 Backed out r236255, and added FreeBSD 9.1 support to mdoc(7) to where
it belongs.
2012-07-26 10:58:30 +00:00
imp
f878f3b5f2 Preen unused Makefiles, programs and ftdump.c which has been renamed
to fdtdump.c in the upstream repo.  This escaped my attention in the
import.
2012-07-25 06:04:38 +00:00
dougb
9a92fe1273 Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion Failure
in BIND9

High numbers of queries with DNSSEC validation enabled can cause an
assertion failure in named, caused by using a "bad cache" data structure
before it has been initialized.

CVE: CVE-2012-3817
Posting date: 24 July, 2012
2012-07-24 18:53:28 +00:00
imp
271289d4bf Update to latest git version of dtc to get new dtsv2 support,
including the include directive.

Fix minor build issue corrected by converting yypush_buffer_state and
yypop_buffer_state to yy_set_buffer_state and a hard-coded 100-deep
stack.  It was easier to fix it here than to import that support into
our flex.

The new tools and test hardness remain unsupported at the moment.
2012-07-24 16:29:33 +00:00
delphij
e39250a384 MFV: less v451. 2012-07-24 01:09:11 +00:00