Commit Graph

8799 Commits

Author SHA1 Message Date
sjg
518cb6c844 Merge bmake-20200606
Relevant items from ChangeLog:

	o dir.c: cached_stats - don't confuse stat and lstat results.
	o var.c: add :Or for reverse sort.
2020-06-09 20:52:35 +00:00
cy
12309a187e Post CVE-2020-12695 cleanup patch:
Resolve a Linuxism to fix the build.

MFC after:	3 days
X-MFC with:	r361957, r361958, r361959
2020-06-09 05:43:51 +00:00
cy
96c7316a34 MFV r361938:
Upstream commit message:

[PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly

While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.

These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.

Obtained from:	https://w1.fi/security/2020-1/\
	0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
MFC after:	3 days
Security:	VU#339275 and CVE-2020-12695
2020-06-09 05:39:37 +00:00
cy
57dd0bae15 MFV r361937:
Upstream commit message:

[PATCH 2/3] WPS UPnP: Fix event message generation using a long URL path

More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.

Obtained from:	https://w1.fi/security/2020-1/\
	0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
MFC after:	3 days
Security:	VU#339275 and CVE-2020-12695
2020-06-09 05:38:12 +00:00
cy
1677259054 MFV r361936:
Upstream commit message:

[PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks

The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).

Obtained from:	https://w1.fi/security/2020-1/\
	0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
MFC after:	3 days
Security:	VU#339275 and CVE-2020-12695
2020-06-09 05:35:38 +00:00
emaste
6f212aeb0b lld: Set DF_1_PIE for -pie
DF_1_PIE originated from Solaris[1].

GNU ld[2] sets the flag on non-Solaris platforms.

It can help distinguish PIE from ET_DYN.
eu-classify from elfutils uses this to recognize PIE[3].

glibc uses this flag to reject dlopen'ing a PIE[4]

[1] https://docs.oracle.com/cd/E36784_01/html/E36857/chapter6-42444.html
[2] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=5fe2850dd96483f176858fd75c098313d5b20bc2
[3] https://sourceware.org/git/?p=elfutils.git;a=commit;h=3f489b5c7c78df6d52f8982f79c36e9a220e8951
[4] https://sourceware.org/bugzilla/show_bug.cgi?id=24323

Discussed with:	dim
Obtained from:	LLVM ee9a251caf1d
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-06-02 22:57:13 +00:00
emaste
8c06ca2244 llvm: Add DF_1_PIE
Discussed with:	dim
Obtained from:	LLVM d9943e7f0ce8
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-06-02 22:55:51 +00:00
cy
a8a9bad622 Per-rule hit counts (-h) can be used with either -i (input) or -o (output)
filter rule lists.

MFC after:	3 days
2020-06-02 03:44:22 +00:00
dim
b43c8782bd Update Subversion to 1.14.0 LTS. See contrib/subversion/CHANGES for a
summary of changes, or for a more thorough overview:

https://subversion.apache.org/docs/release-notes/1.14

NOTE: there is no need to dump and reload repositories, and the working
copy format is still the same as Subversion 1.8 through 1.13.

Relnotes:	yes
MFC after:	2 weeks
X-MFC-With:	r361677
2020-06-01 10:27:05 +00:00
dim
6de59a0150 Update apr-util to 1.6.1. See contrib/apr-util/CHANGES for a summary of
changes.

MFC after:	2 weeks
X-MFC-With:	r361677
2020-06-01 10:14:45 +00:00
dim
415cce75a0 Update apr to 1.7.0. See contrib/apr/CHANGES for a summary of changes.
MFC after:	2 weeks
X-MFC-With:	r361677
2020-05-31 22:12:56 +00:00
emaste
95849b479a readelf: add more DT_FLAGS_1 flags
Reference:
https://docs.oracle.com/cd/E36784_01/html/E36857/chapter6-42444.html

> DF_1_SINGLETON  Singleton symbols exist.
> DF_1_STUB       Object is a stub.
> DF_1_PIE        Object is a position-independent executable.

Sponsored by:	The FreeBSD Foundation
2020-05-31 15:31:47 +00:00
dim
0c10ab5174 Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
llvmorg-10.0.1-rc1-0-gf79cd71e145 (aka 10.0.1 rc1).

MFC after:	3 weeks
2020-05-23 10:32:18 +00:00
cem
ee65ba044e ctime.3: Use ASCII asterisks for C, not special unicode math glyphs
PR:		246656
Reported by:	danfe
2020-05-22 15:30:14 +00:00
cy
51112a15b9 MFV r361322:
Update unbound 1.9.6 --> 1.10.1.

Bug Fixes:
 - CVE-2020-12662 Unbound can be tricked into amplifying an incoming
   query into a large number of queries directed to a target.
 - CVE-2020-12663 Malformed answers from upstream name servers can be
   used to make Unbound unresponsive.

Reported by:	emaste
MFC after:	3 days
Relnotes:	yes
Security:	CVE-2020-12662, CVE-2020-12663
2020-05-21 21:00:46 +00:00
cy
d925782ab3 Vendor import of Unbound 1.10.1.
Security:	CVE-2020-12662, CVE-2020-12663
2020-05-21 05:01:52 +00:00
sjg
897ced70e6 Merge bmake-20200517
Changes since 20181221 are mostly portability related
hence the large gap in versions imported.

There are however some bug fixes, and a rework of filemon handling.
In NetBSD make/filemon/filemon_ktrace.c allows use of fktrace
and elimination of filemon(4) which has not had the TLC it needs.

FreeBSD filemon(4) is in much better shape, so bmake/filemon/filemon_dev.c
allows use of that, with a bit less overhead than the ktrace model.

Summary of changes from ChangeLog

	o str.c: empty string does not match % pattern
	  plus unit-test changes
	o var.c: import handling of old sysV style modifier using '%'
	o str.c: refactor brk_string
	o meta.c: meta_oodate, CHECK_VALID_META is too aggressive for CMD
	  a blank command is perfectly valid.
	o meta.c: meta_oodate, check for corrupted meta file
	  earlier and more often.
	* meta.c: meta_compat_parent check for USE_FILEMON
	  patch from Soeren Tempel
	o meta.c: fix compat mode, need to call meta_job_output()
	o job.c: extra fds for meta mode not needed if using filemon_dev
	o meta.c: avoid passing NULL to filemon_*() when meta_needed()
	  returns FALSE.
	o filemon/filemon_{dev,ktrace}.c: allow selection of
	  filemon implementation.  filemon_dev.c uses the kernel module
	  while filemon_ktrace.c leverages the fktrace api available in
	  NetBSD.  filemon_ktrace.c can hopefully form the basis for
	  adding support for other tracing mechanisms such as strace on
	  Linux.
	o meta.c: when target is out-of-date per normal make rules
	  record value of .OODATE in meta file.
	o parse.c: don't pass NULL to realpath(3)
	  some versions cannot handle it.
	o parse.c: ParseDoDependency: free paths rather than assert

plus more unit-tests
2020-05-20 22:25:46 +00:00
mm
9db3aa573e MFV r361280:
Update libarchive to 3.4.3

Relevant vendor changes:
  PR #1352: support negative zstd compression levels
  PR #1359: improve zstd version checking
  PR #1348: support RHT.security.selinux from GNU tar
  PR #1357: support for archives compressed with pzstd
  PR #1367: fix issues in acl tests
  PR #1372: child handling cleanup
  PR #1378: fix memory leak from passphrase callback
2020-05-20 20:58:48 +00:00
mm
dc5c52f259 Update vendor/libarchive/dist to git fc6563f5130d8a7ee1fc27c0e55baef35119f26c
Libarchive 3.4.3

Relevant vendor changes:
  PR #1352: support negative zstd compression levels
  PR #1359: improve zstd version checking
  PR #1348: support RHT.security.selinux from GNU tar
  PR #1357: support for archives compressed with pzstd
  PR #1367: fix issues in acl tests
  PR #1372: child handling cleanup
  PR #1378: fix memory leak from passphrase callback
2020-05-20 16:13:02 +00:00
cy
0cb8021f74 Silence the once per second CTRL-EVENT-SCAN-FAILED errors when the WiFi
radio is disabled through the communication device toggle key (also known
as the RF raidio kill button). Only the CTRL-EVENT-DISCONNECTED will be
issued.

Submitted by:	avg
Reported by:	avg
MFC after:	1 week
2020-05-20 04:16:13 +00:00
emaste
9f08a43426 blacklistd.conf.5: typo/grammar fixes
PR:		246467
Submitted by:	Mike Lempriere
2020-05-19 00:15:19 +00:00
emaste
8722af6392 GNU as: move deprecation message after option parsing
Some cmake test parses the output of the first line of as --version, and
emits an error if it does not contain some expected strings:

Checking whether the ASM compiler is GNU using "--version" did not match
"(GNU assembler)|(GCC)|(Free Software Foundation)"

Emit the deprecation message later, after parsing argv and thus --version.

PR:		246540
Reported by:	dch
Sponsored by:	The FreeBSD Foundation
2020-05-18 16:07:14 +00:00
lwhsu
61e1c0a32b Temporarily disable failing case in CI of amd64:
- lib.libexecinfo.backtrace_test.backtrace_fmt_basic

PR:		246537
Sponsored by:	The FreeBSD Foundation
2020-05-18 12:36:28 +00:00
jhibbits
1938414230 elftoolchain: Add powerpc64 definition to elftoolchain config
powerpc is already in place, but powerpc64 is needed separately.
2020-05-16 03:52:30 +00:00
jceel
5ab91d3e1d Import lib9p 7ddb1164407da19b9b1afb83df83ae65a71a9a66.
Approved by:	trasz
MFC after:	1 month
Sponsored by:	Conclusive Engineering (development), vStack.com (funding)
2020-05-14 19:57:52 +00:00
cem
2f8f4ef722 clang: Reject %n for __attribute__((format(__freebsd_kprintf__)))
A follow-up to r360849.

Reported by:	imp
Reviewed by:	emaste, imp
X-MFC-With:	r360849
Differential Revision:	https://reviews.freebsd.org/D24786
2020-05-09 19:26:44 +00:00
emaste
40894cfa31 Merge commit 21e5e1724b75 from llvm git:
getMainExecutable: Fix hand-rolled AT_EXECPATH for older FreeBSD

  Once we hit AT_NULL, we need to bail out of the loop; not just the
  enclosing switch.  This fixes basic usage (e.g. `cc --version`) when
  AT_EXECPATH isn't present on older branches (e.g. under
  emu-user-static, at the moment), where we would previously run off
  the end of ::environ.

  Patch By: kevans

  Reviewed By: arichardson

  Differential Revision:  https://reviews.llvm.org/D79239

MFC after:	3 days
2020-05-07 21:18:37 +00:00
dim
59ea2dfeff Merge commit 4ca2cad94 from llvm git (by Justin Hibbits):
[PowerPC] Add clang -msvr4-struct-return for 32-bit ELF

  Summary:

  Change the default ABI to be compatible with GCC. For 32-bit ELF
  targets other than Linux, Clang now returns small structs in
  registers r3/r4. This affects FreeBSD, NetBSD, OpenBSD. There is no
  change for 32-bit Linux, where Clang continues to return all structs
  in memory.

  Add clang options -maix-struct-return (to return structs in memory)
  and -msvr4-struct-return (to return structs in registers) to be
  compatible with gcc. These options are only for PPC32; reject them on
  PPC64 and other targets. The options are like -fpcc-struct-return and
  -freg-struct-return for X86_32, and use similar code.

  To actually return a struct in registers, coerce it to an integer of
  the same size. LLVM may optimize the code to remove unnecessary
  accesses to memory, and will return i32 in r3 or i64 in r3:r4.

  Fixes PR#40736

  Patch by George Koehler!

  Reviewed By: jhibbits, nemanjai
  Differential Revision: https://reviews.llvm.org/D73290

Requested by:	jhibbits
MFC after:	3 days
2020-05-06 19:10:39 +00:00
dim
d9f53cebb3 In r358396 I merged llvm upstream commit 2e24219d3, which fixed "error:
unsupported relocation on symbol" when assembling arm 'adr' pseudo
instructions. However, the upstream commit did not take big-endian arm
into account.

Applying the same changes to the big-endian handling is straightforward,
thanks to Andrew Turner and Peter Smith for the hint. This will also be
submitted upstream.

MFC after:	immediately, since this fix is meant for stable/11
2020-05-06 18:13:00 +00:00
emaste
2379f277ff GNU as: print a deprecation warning on program start
GNU as 2.17.50 will be removed before FreeBSD 13.
2020-05-06 01:08:19 +00:00
cem
2a767da786 pwcache.3: Explicitly document OOM condition
The pwcache functions allocate memory, and may return NULL pointers if that
allocation fails and the corresponding uid or gid was not found in the local
password database.  Document this behavior.

Sponsored by:	Dell EMC Isilon
2020-05-05 17:55:45 +00:00
brooks
2db6d46b20 Set LG_VADDR to 48 on RISC-V.
The Sv48 PTE format is the largest currently defined address space for
RISC-V. It makes no sense to define a larger size and doing so (at
least for 64-bits) forces rtrees down a slow path.

Reviewed by:	vangyzen, jhb, mhorne
Obtained from:	CheriBSD
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D24658
2020-05-04 17:16:30 +00:00
dim
60f97c61b7 Tentatively apply https://reviews.llvm.org/D78877 (by Dave Green):
[ARM] Only produce qadd8b under hasV6Ops

  When compiling for a arm5te cpu from clang, the +dsp attribute is
  set. This meant we could try and generate qadd8 instructions where we
  would end up having no pattern. I've changed the condition here to be
  hasV6Ops && hasDSP, which is what other parts of ARMISelLowering seem
  to use for similar instructions.

  Fixed PR45677.

This fixes "fatal error: error in backend: Cannot select: t37: i32 =
ARMISD::QADD8b t43, t44" when compiling sys/dev/sound/pcm/feeder_mixer.c
for armv5. For some reason we do not encounter this on head, but this
error popped up while building universes for stable/12.

MFC after:	3 days
2020-04-26 19:17:45 +00:00
philip
5e8f103011 Import tzdata 2020a
Changes: https://github.com/eggert/tz/blob/2020a/NEWS

MFC after:	3 days
2020-04-24 05:05:58 +00:00
vangyzen
9cea565ffa Update jemalloc to version 5.2.1
Revert r354606 to restore r354605.

Apply one line from jemalloc commit d01b425e5d1e1 in hash_x86_128()
to fix the build with gcc, which only allows a fallthrough attribute
to appear before a case or default label.

Submitted by:	jasone in r354605
Discussed with:	jasone
Reviewed by:	bdrewery
MFC after:	never, due to gcc 4.2.1
Relnotes:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D24522
2020-04-23 23:57:43 +00:00
cy
03ffd71cfd Fix PowerPC segfault.
The segfault fix was originally developed by our upstream, sqlite.org,
to address S/390 and Sparc segfaults, both of which are big endian.
Our PowerPC is also big endian, which this patch also fixes.

Reported by:	Mark Millard <marklmi at yahoo.com>
Tested by:	Mark Millard <marklmi at yahoo.com>
Obtained from:	https://www.sqlite.org/src/vinfo/04885763c4cd00cb?diff=1
		https://sqlite.org/forum/forumpost/672291a5b2
MFC after:	1 month
X-MFC with:	r360221, 360221
2020-04-23 14:08:40 +00:00
cy
9c7ac33549 MFV r360158:
Update sqlite3-3.31.0 (3310000) --> sqlite3-3.31.1 (3310100)

Tested by:	Mark Millard <marklmi at yahoo.com>
		With to be committed PowerPC patch
MFC after:	1 month
X-MFC with:	r360221
2020-04-23 13:58:11 +00:00
cy
355146b1cd In preparation for update to sqlite3-3.31.1 (3310100),
recommit r357201: MFV r357163, which was reverted by r357522
due to segfault under PowerPc.

Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000)

MFC after:	1 month
2020-04-23 13:46:34 +00:00
emaste
88fbc7dd20 blacklistd.8: fix db file path
PR:		245781
Submitted by:	Jose Luis Duran
MFC after:	3 days
2020-04-21 13:30:00 +00:00
glebius
a72ba8ccd8 Fix immediate crash when snmpd is bound to a specific IP address.
The code that sets up msghdr must first fully fill in the msghdr
itself, and only then use CMSG_xxx() macros.

Silence from:	harti, one week
2020-04-20 23:32:49 +00:00
dim
dd5d004e06 Merge commit 64b31d96d from llvm git (by Nemanja Ivanovic):
[PowerPC] Do not attempt to reuse load for 64-bit FP_TO_UINT without
  FPCVT

  We call the function that attempts to reuse the conversion without
  checking whether the target matches the constraints that the callee
  expects. This patch adds the check prior to the call.

  Fixes: https://bugs.llvm.org/show_bug.cgi?id=43976

  Differential revision: https://reviews.llvm.org/D77564

This should fix 'Assertion failed: ((Op.getOpcode() == ISD::FP_TO_SINT
|| Subtarget.hasFPCVT()) && "i64 FP_TO_UINT is supported only with
FPCVT"), function LowerFP_TO_INTForReuse, file
/usr/src/contrib/llvm/lib/Target/PowerPC/PPCISelLowering.cpp, line 7276'
when building the devel/libslang2 port (and a few others) for PowerPC64.

Requested by:	pkubaj
MFC after:	6 weeks
X-MFC-With:	358851
2020-04-20 19:16:10 +00:00
dim
b362f7400b Merge commit ce5173c0e from llvm git (by Reid Kleckner):
Use FinishThunk to finish musttail thunks

  FinishThunk, and the invariant of setting and then unsetting
  CurCodeDecl, was added in 7f416cc42638 (2015). The invariant didn't
  exist when I added this musttail codepath in ab2090d10765 (2014).
  Recently in 28328c3771, I started using this codepath on non-Windows
  platforms, and users reported problems during release testing
  (PR44987).

  The issue was already present for users of EH on i686-windows-msvc,
  so I added a test for that case as well.

  Reviewed By: hans

  Differential Revision: https://reviews.llvm.org/D76444

This should fix 'Assertion failed: (!empty() && "popping exception stack
when not empty"), function popTerminate, file
/usr/src/contrib/llvm-project/clang/lib/CodeGen/CGCleanup.h, line 583'
when building the net-p2p/libtorrent-rasterbar

PR:		244830
Reported by:	jbeich, yuri
MFC after:	6 weeks
X-MFC-With:	358851
2020-04-20 17:39:51 +00:00
asomers
f99f5d8582 libauditd: make it a PRIVATELIB
According to the upstream man page (which we don't install), none of
libauditd's symbols are intended to be public. Also, I can't find any
evidence for a port that uses libauditd. Therefore, we should treat it like
other such libraries and use PRIVATELIB.

Reported by:	phk
Reviewed by:	cem, emaste
MFC after:	2 weeks
2020-04-19 02:20:39 +00:00
dim
d4728d99b5 Revert commit b6cf400aa fro llvm git (by Nemanja Ivanovic):
Fix bots after a9ad65a2b34f

  In the last commit, I neglected to initialize the new subtarget
  feature I added which caused failures on a few bots. This should fix
  that.

This unbreaks the build after r359981, which reverted upstream commit
a9ad65a2b34f.

Reported by:	jhibbits (and jenkins :)
MFC after:	6 weeks
X-MFC-With:	358851
2020-04-15 21:06:38 +00:00
dim
6f7003bfdd Revert commit a9ad65a2b from llvm git (by Nemanja Ivanovic):
[PowerPC] Change default for unaligned FP access for older subtargets

  This is a fix for https://bugs.llvm.org/show_bug.cgi?id=40554

  Some CPU's trap to the kernel on unaligned floating point access and
  there are kernels that do not handle the interrupt. The program then
  fails with a SIGBUS according to the PR. This just switches the
  default for unaligned access to only allow it on recent server CPUs
  that are known to allow this.

  Differential revision: https://reviews.llvm.org/D71954

This upstream commit causes a compiler hang when building certain ports
(e.g. security/nss, multimedia/x264) for powerpc64.  The hang has been
reported in https://bugs.llvm.org/show_bug.cgi?id=45186, but in the mean
time it is more convenient to revert the commit.

Requested by:	jhibbits
MFC after:	6 weeks
X-MFC-With:	358851
2020-04-15 18:43:44 +00:00
dim
5d66b8dba9 Merge commit 30588a739 from llvm git (by Erich Keane):
Make target features check work with ctor and dtor-

  The problem was reported in PR45468, applying target features to an
  always_inline constructor/destructor runs afoul of GlobalDecl
  construction assert when checking for target-feature compatibility.

  The core problem is fixed by using the version of the check that
  takes a FunctionDecl rather than the GlobalDecl. However, while
  writing the test, I discovered that source locations weren't properly
  set for this check on ctors/dtors. This patch also fixes constructors
  and CALLED destructors.

  Unfortunately, it doesn't seem too possible to get a meaningful
  source location for a 'cleanup' destructor, so those are still
  'frontend' level errors unfortunately. A fixme was added to the test
  to cover that situation.

This should fix 'Assertion failed: (!isa<CXXConstructorDecl>(D) && "Use
other ctor with ctor decls!"), function Init, file
/usr/src/contrib/llvm-project/clang/include/clang/AST/GlobalDecl.h, line
45' when compiling the security/botan2 port.

PR:		245550
MFC after:	6 weeks
X-MFC-With:	358851
2020-04-12 16:06:59 +00:00
kevans
3f665071ef ntpd: fix build with -fno-common
Only a small nit here: psl should be declared extern and defined exactly
once.

-fno-common will become the default in GCC10/LLVM11.

MFC after:	3 days
2020-04-06 23:11:43 +00:00
emaste
471c4e6b0b lldb: use lua as the default script language
In the FreeBSD base system we do not have Python support in lldb, but
will have Lua support.  Make Lua the default.

This needs to be made into a configure-time option; that is being
discussed upstream and will appear in a future lldb import.  For now
carry this change as a tiny patch to our copy of lldb.
2020-04-02 21:08:28 +00:00
dim
e6edfcf2b9 Merge once more from ^/vendor/llvm-project/release-10.x, to get the
lldb/bindings directory, which will be used to provide lua bindings for
lldb.

Requested by:	emaste
MFC after:	6 weeks
X-MFC-With:	358851
2020-04-02 19:56:43 +00:00
harti
017de2fd54 Merge release 1.14 of bsnmp. 2020-04-01 15:25:16 +00:00