Commit Graph

8020 Commits

Author SHA1 Message Date
Alan Somers
46e1f0715d Fix tmpfs detection in the sys/fs/tmpfs tests
This code was originally written for NetBSD.  r306031 tried to adapt it to
FreeBSD, but didn't correctly handle the case that tmpfs was available, but
not already loaded.  Fix the logic to load the module if necessary.  The
tmpfs tests shouldn't be skipped anymore.

Also, fix a comment that was dislocated by r306031.

Reported by:	Jenkins
MFC after:	2 weeks
2018-07-21 23:54:40 +00:00
Cy Schubert
dfbd3c8d91 Remove a redundant declaration.
While at it add a blank line, conforming with the convention
used in this file.

X-MFC-with:	r336203
2018-07-20 02:25:39 +00:00
Cy Schubert
64987377c2 To reduce our diff between our sources and our upline, sync up
with upline. Also making it easier to read.

Obtained from:	diffing base with ports
X-MFC-with:	r336203
2018-07-20 02:17:19 +00:00
Cy Schubert
e581761876 MFV: r336486
Prevent reinstallation of an already in-use group key.
Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0002-Prevent-reinstallation-\
		of-an-already-in-use-group-ke.patch
X-MFC-with:	r336203
2018-07-20 02:04:10 +00:00
Cy Schubert
84c260fb1b Revert r336501. It was a of the wrong rev from the vendor branch. 2018-07-20 01:53:28 +00:00
Ian Lepore
3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid.
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
Cy Schubert
1b911983db MFV r336490:
Prevent installation of an all-zero TK.
This is also upline git commit 53bb18cc8b7a4da72e47e4b3752d0d2135cffb23.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0004-Prevent-installation-\
		of-an-all-zero-TK.patch
X-MFC-with:	r336203
2018-07-19 20:10:34 +00:00
Cy Schubert
e2b89ca9cb MFV: r336486
Prevent reinstallation of an already in-use group key.
Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0002-Prevent-reinstallation-\
		of-an-already-in-use-group-ke.patch
X-MFC-with:	r336203
2018-07-19 19:22:26 +00:00
Cy Schubert
8d6dfc9ece MFV: r336485
Address: hostapd: Avoid key reinstallation in FT handshake

Obtained from:	https://w1.fi/security/2017-1/\
		rebased-v2.6-0001-hostapd-Avoid-key-\
		reinstallation-in-FT-handshake.patch
X-MFC-with:	r336203
2018-07-19 19:04:30 +00:00
Andrew Turner
acfbf59013 Stop writing past the end of the buffer in the msgget_limit test. The value
in i is already correct to write to the last item in the buf array.

Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
2018-07-19 17:13:46 +00:00
Hans Petter Selasky
3468ddce67 Use unspecified address family when connecting as a client in
libibverbs example utilities.

This allows connecting to both IPv4 and IPv6 and reverts
some FreeBSD only patches.

MFC after:		1 week
Sponsored by:		Mellanox Technologies
2018-07-18 10:23:30 +00:00
Hans Petter Selasky
7600168453 Add ability to parse sysfs paths under FreeBSD in libibumad.
Add the ability to to parse sysfs paths to sysctl nodes by replacing '/' with '.'

Submitted by:		slavash@
MFC after:		1 week
Sponsored by:		Mellanox Technologies
2018-07-18 10:20:39 +00:00
Dimitry Andric
8c44114a46 Pull in r336008 from upstream clang trunk:
Request init/fini array on FreeBSD 12 and later

  Summary:

  It seems a bad idea to change the default in the middle of a release
  branch due to possible changes in global ctor / dtor ordering between
  .ctors and .init_array. With FreeBSD 11.0's release imminent lets
  change the default now for FreeBSD 12 (the current development
  stream) and later.

  FreeBSD rtld has supported .init_array / .fini_array for many years.
  As of Jan 1 2017 all supported FreeBSD releases and branches will
  have support.

  Reviewers: dim, brooks, arichardson

  Reviewed By: dim, brooks, arichardson

  Subscribers: bsdjhb, krytarowski, emaste, cfe-commits

  Differential Revision: https://reviews.llvm.org/D24867

Requested by:	jhb
MFC after:	3 days
2018-07-12 19:02:59 +00:00
Mark Johnston
b027d6545b Pass the right sizes to malloc() and realloc().
Reported by:	scan-build, via Mark Millard
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D16180
2018-07-12 18:48:53 +00:00
Cy Schubert
780fb4a2fa MFV r324714:
Update wpa 2.5 --> 2.6.

MFC after:	1 month
2018-07-11 18:53:18 +00:00
Alan Somers
fb2cd86a54 auditd(8): register signal handlers interrutibly
auditd_wait_for_events() relies on read(2) being interrupted by signals,
but it registers signal handlers with signal(3), which sets SA_RESTART.
That breaks asynchronous signal handling. It means that signals don't
actually get handled until after an audit(8) trigger is received.
Symptoms include:

* Sending SIGTERM to auditd doesn't kill it right away; you must send
  SIGTERM and then send a trigger with auditon(2).
* Same with SIGHUP
* Zombie child processes don't get reaped until auditd receives a trigger
  sent by auditon. This includes children created by expiring audit trails
  at auditd startup.

Fix by using sigaction(2) instead of signal(3).

Cherry pick https://github.com/openbsm/openbsm/commit/d060887

PR:		229381
Reviewed by:	cem
Obtained from:	OpenBSM
MFC after:	2 weeks
Differential Revision:	https://github.com/openbsm/openbsm/pull/36
2018-07-03 17:37:16 +00:00
Ruslan Bukin
7d729cedcc Revert 335888 ("Ensure va_list is declared by including stdarg.h.")
The issue was caused by header pollution brought by GCC 8.1.

We now have to remove include-fixed headers in the GCC installation
directory.

Sponsored by:	DARPA, AFRL
Pointed out by:	jhb
2018-07-03 15:48:34 +00:00
Ruslan Bukin
ab40f58ccf o Ensure va_list is declared by including stdarg.h.
o Also move printf.h to go after it since it does require declaration
  of va_list.

This fixes build with latest RISC-V GNU Toolchain with GCC 8.1

Sponsored by:	DARPA, AFRL
2018-07-03 13:53:54 +00:00
Hartmut Brandt
8e9b3e7071 Update bsnmp to version 1.13. This does not bring user-visible changes.
For developers gensnmptree can now generate functions for enums to convert
between enums and strings and to check the validity of a value.
The sources in FreeBSD are now in sync with the upstream which allows to
bring in IPv6 modifications.
2018-07-03 08:44:40 +00:00
Dimitry Andric
6ccc06f6cb Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
6.0.1 release (upstream r335540).

Relnotes:	yes
MFC after:	2 weeks
2018-06-29 17:51:35 +00:00
John Baldwin
104f6a2dcd Fix GCC 4.2.1 to honor --sysroot for includes.
- Change the C++ directory entries to honor --sysroot if it is set.
- Don't define CROSS_INCLUDE_DIR for the cross compiler.  Instead, set
  TARGET_SYSTEM_ROOT to point to WORLDTMP and always define
  STANDARD_INCLUDE_DIR.
- Change STANDARD_INCLUDE_DIR and the C++ include directories to just
  start with "/usr" always.  The compiler will prepend the sysroot when
  doing cross-builds.  GCC_INCLUDE_DIR (which contains headers that ship
  with the compiler such as intrinsincs rather than OS-supplied headers)
  remains hardcoded to look in TOOLS_PREFIX.

Reviewed by:	bdrewery (older version)
Sponsored by:	DARPA / AFRL
Differential Revision:	https://reviews.freebsd.org/D15127
2018-06-27 18:14:33 +00:00
Oleksandr Tymoshenko
964219664d Fix file(1) dumpdate reporting for dump(8) files
Magic file for dump(8) had this dump and previous dump dates reversed.
Fix order for all three flavours of the dump(8) format.
This fix was committed to upstream repo as magic/Magdir/dump,v 1.17
and will be merged during next vendor import.

PR:		223155
MFC after:	2 weeks
2018-06-26 18:53:52 +00:00
Brooks Davis
ccbbd187b1 Fix a stack overflow in mount_smbfs when hostname is too long.
The local hostname was blindly copied into the to the nn_name array.
When the hostname exceeded 16 bytes, it would overflow.  Truncate the
hostname to 15 bytes plus a 0 terminator which is the "workstation name"
suffix.

Use defensive strlcpy() when filling nn_name in all cases.

PR:		228354
Reported by:	donald.buchholz@intel.com
Reviewed by:	jpaetzel,  ian (prior version)
Discussed with:	Security Officer (gtetlow)
MFC after:	3 days
Security:	Stack overflow with the hostname.
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D15936
2018-06-25 16:42:49 +00:00
Mariusz Zaborski
7672a0148f Convert cap_enter() < 0 && errno != ENOSYS to caph_enter() < 0.
No functional change intended.
2018-06-19 23:43:14 +00:00
Ruslan Bukin
4fe3053183 o Implement unw_getcontext()
o Restore floating-point registers in jumpto()

These are required to native cross build GCC and GDB
(both do require libc++ and libunwind).

These are not tested.

Sponsored by:	DARPA, AFRL
2018-06-19 14:46:59 +00:00
Cy Schubert
9ee9d38672 Fix amq -i timestamp segmentation violation.
MFC after:	1 week
2018-06-19 01:33:03 +00:00
Alan Somers
6f3d7c0ea8 praudit(1): return 0 on success
Cherry pick https://github.com/openbsm/openbsm/commit/ed83bb3

Submitted by:	aniketp
Reviewed by:	rwatson, 0mp
Obtained from:	OpenBSM
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Pull Request:	https://github.com/openbsm/openbsm/pull/32
2018-06-17 17:10:35 +00:00
Slava Shwartsman
cd9cc48b9a Fix false positive on failure
When running mckey, errors may happen in the init/connect stage.
When leaving multicast groups, we override this value.

Fix that by saving the return value from rdma_leave_multicast to different
parameter, and only in case of failure in rdma_leave_multicast override it.

MFC after:      1 week
Approved by:    hselasky (mentor), kib (mentor)
Sponsored by:   Mellanox Technologies
2018-06-17 07:08:47 +00:00
Konstantin Belousov
f39bffc62c Rework ofed build.
Aligns the build with the FreeBSD traditional approach to not build in
contrib/, and to track inter-dependencies between libraries.

With help from:	bdrewery
Reviewed by:	bdrewery, hselasky
Sponsored by:	Mellanox Technologies
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D15648
2018-06-16 15:05:05 +00:00
Ed Maste
12899612dd Add deprecation notice to objdump man page
PR:		229046
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D13881
2018-06-15 17:03:49 +00:00
Mark Johnston
4a0f8b339e Add DW_LANG_* definitions from DWARF 4 and 5.
Reviewed by:	emaste
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D15712
2018-06-09 14:50:38 +00:00
Kyle Evans
52cf896593 netbsd-tests: bsdgrep(1): Add a test for -m, too 2018-06-07 18:53:39 +00:00
Kyle Evans
ce024bdc0c netbsd-tests: grep(1): Add test for -c flag
Someone might be inclined to accidentally break this. someone might have
written said test because they broke it locally.
2018-06-07 18:06:01 +00:00
Hans Petter Selasky
5fd1ea0810 Re-apply r190640.
- Restore local change to include <net/bpf.h> inside pcap.h.
This fixes ports build problems.
- Update local copy of dlt.h with new DLT types.
- Revert no longer needed <net/bpf.h> includes which were added
as part of r334277.

Suggested by:	antoine@, delphij@, np@
MFC after:	3 weeks
Sponsored by:	Mellanox Technologies
2018-05-31 09:11:21 +00:00
Alan Somers
b3bc3d7925 au_read_rec(3): correct return value in man page
Submitted by:	aniketp
Reviewed by:	csjp (earlier version)
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15618
2018-05-30 17:05:48 +00:00
Alan Somers
6570d61a59 Fix OpenBSM with GCC with -Wredundant-decls
Upstream change ed47534 consciously added some redundant functional
declarations, and I'm not sure why. AFAICT they were never required. On
FreeBSD, they break the build with GCC (but not Clang) for any program
including libbsm.h with WARNS=6.

Fix by cherry-picking upstream change
https://github.com/openbsm/openbsm/commit/0553c27

Reported by:	emaste
Reviewed by:	cem
Obtained from:	OpenBSM
MFC after:	2 weeks
Pull Request:	https://github.com/openbsm/openbsm/pull/31
2018-05-30 15:51:48 +00:00
Hans Petter Selasky
65b806b289 Hide unsupported remote capture definitions to avoid breakage in ports.
Suggested by:	antoine@
MFC after:	3 weeks
Sponsored by:	Mellanox Technologies
2018-05-30 11:45:29 +00:00
Slava Shwartsman
ddeb4e8aa6 MFV r333668:
Vendor import two upstream commits:
c1bb8784abd3ca978e376b0d10e324db0491237b
9c4af7213cc2543a1f5586d8f2c19f86aa0cbe72

When using tcpdump -I -i wlanN and wlanN is not a monitor mode VAP,
tcpdump will print an error message saying rfmon is not supported.

Give a concise explanation as to how one might solve this problem by
creating a monitor mode VAP.

MFC after:      1 month
Approved by:    hselasky (mentor), kib (mentor)
Sponsored by:   Mellanox Technologies
2018-05-29 10:29:04 +00:00
Hans Petter Selasky
b00ab7548b MFV r333789: libpcap 1.9.0 (pre-release)
MFC after:	1 month
Sponsored by:	Mellanox Technologies
2018-05-28 08:12:18 +00:00
Phil Shafer
983afe3373 Import libxo-0.9.0:
- Add xo_format_is_numeric() with improved logic to decide if format
  strings are numeric, so json output quotes them
- Convert docs to sphinx/rst
- update tests

Includes fix for PR 221676:
27d3021cc3 (diff-5a0d468963477f7daedb8308c219dd80)

PR:		 221676
MFC after:	5 days
2018-05-23 01:20:31 +00:00
Antoine Brodin
a665699823 Revert last change to file/magic/Magdir/elf, it misidentifies most shared
libraries installed from ports as pie executables instead of shared libraries,
and consequently breaks ports.
2018-05-20 22:07:44 +00:00
Eitan Adler
58a0f0d00c MFV: file 5.33
Merge the latest file(1) in.

Relevent Changelog:
- extend the support for ${x?:} expansions for magic descriptions
- add support for ${x?:} in mime types to handle pie binaries.
- add support for negative offsets (offsets from the end of file)
- close the file on error when writing magic

Relnotes:	yes
2018-05-20 05:06:42 +00:00
Eitan Adler
3be6ef0659 top(1): Migrate top to usr.bin
We've been maintaining top(1) for a long time, and the upstream
hasn't existed/been used in similarly as long. Make it clear that we own
top(1)

Tested with 'make universe'. Everything passed except MIPS which failed
for unrelated reasons. Install also tested for amd64.

Reviewed by:		sbruno
No objections:		imp, mmacy
Differential Revision:	https://reviews.freebsd.org/D15387
2018-05-19 22:40:23 +00:00
Simon J. Gerraty
494f719155 Merge bmake-20180512
Skip polling job token pipe,
better handle sysV style includes with variables.
2018-05-19 00:26:00 +00:00
Xin LI
b71a5db306 MFV r333779: xz 5.2.4.
MFC after:	2 weeks
2018-05-18 06:10:16 +00:00
Dimitry Andric
54f4b9a61f Pull in r322325 from upstream llvm trunk (by Matthias Braun):
PeepholeOpt cleanup/refactor; NFC

  - Less unnecessary use of `auto`
  - Add early `using RegSubRegPair(AndIdx) =` to avoid countless
    `TargetInstrInfo::` qualifications.
  - Use references instead of pointers where possible.
  - Remove unused parameters.
  - Rewrite the CopyRewriter class hierarchy:
     - Pull out uncoalescable copy rewriting functionality into
       PeepholeOptimizer class.
     - Use an abstract base class to make it clear that rewriters are
       independent.
  - Remove unnecessary \brief in doxygen comments.
  - Remove unused constructor and method from ValueTracker.
  - Replace UseAdvancedTracking of ValueTracker with DisableAdvCopyOpt
    use.

Even though upstream marked this as "No Functional Change", it does
contain some functional changes, and these fix a compiler hang for one
particular source file in the devel/godot port.

PR:		228261
MFC after:	3 days
2018-05-17 14:38:58 +00:00
Phil Shafer
48d41ef0fb Handle thread-local storage (TLS) segments correctly when
copying (objcopy) and displaying (readelf) them.

PR:		227552
Submitted by:	kaiw (maintainer)
Reported by:	jachmann@unitix.org
Reviewed by:	phil
MFC after:	1 day
2018-05-14 05:21:18 +00:00
Dag-Erling Smørgrav
b70d78d6e8 Rename all Unbound binaries and man pages from unbound* to local-unbound*.
PR:		222902
2018-05-12 17:10:36 +00:00
Dag-Erling Smørgrav
0fb349906e Upgrade Unbound to 1.7.1. 2018-05-12 15:20:39 +00:00
Dag-Erling Smørgrav
57bddd215c Upgrade Unbound to 1.7.0. More to follow. 2018-05-12 15:04:05 +00:00