prior to 3.0.0 release) as contrib/jemalloc, and integrate it into libc.
The code being imported by this commit diverged from
lib/libc/stdlib/malloc.c in March 2010, which means that a portion of
the jemalloc 1.0.0 ChangeLog entries are relevant, as are the entries
for all subsequent releases.
we can free it later, instead of trying to free a pointer that points
to the end of the buffer.
Committed to head because this code no longer exists upstream.
Submitted by: jasone@
leak when iterating over possible audit trail directories. This fix will
be merged upstream in an identical form, but hasn't yet appeared in an
OpenBSM release.
Submitted by: guido
Obtained from: TrustedBSD Project
MFC after: 3 days
The fix is similar to the one applied in GCC-4.3 in
GCCSVN-r117929 under the GPLv2.
Submitted by: Andrey Simonenko
Reviewed by: mm
Approved by: jhb (mentor)
MFC after: 3 days
- Updates to various locations in Antarctica.
- Armenia will abolish DST this year.
- Not only Samoa has moved to UTC+14, also Fakaofo did.
- There will be a leap second in 30 June 2012.
- Historical updates of 1918 to Canada, Winn, Regina, Edm, Vanc, Creston.
- Chili stays on DST until 28 April 2012
- The Falkland islands will stay on DST this year.
Unfortunately, the ABI was broken upstream for the 4.2 release, which we
imported. We then shipped the broken version for several years and certain
ports (e.g. libobjc2) depend on it, so we're stuck with it for now...
We should revisit this for 10.0, since we're allowed to break the ABI then, but
until then we should keep the ABI we shipped with 8.x and 9.x.
Reviewed by: kan
Approved by: dim (mentor)
MFC after: 1 week
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
the following warning produced by clang trunk:
In file included from /usr/src/sbin/devd/devd.cc:91:
In file included from /usr/obj/usr/src/tmp/usr/include/c++/4.2/map:64:
/usr/obj/usr/src/tmp/usr/include/c++/4.2/bits/stl_tree.h:987:2: error: add explicit braces to avoid dangling else [-Werror,-Wdangling-else]
else
^
MFC after: 3 days
Make our handling of MMX x SSE closer to what gcc does:
* Enabling sse enables mmx.
* Disabling (-mno-mmx) mmx, doesn't disable sse (we got this right already).
* The order in not important. -msse -mno-mmx is the same as -mno-mmx -msse.
Some configure scripts depend on this.
PR: i386/165968
MFC after: 3 days
When ntp switched between PLL and FLL mode it produced a log message
"kernel time sync status change %04x". This issue is reported in ntp
bug 452[1] which claims that this behaviour is normal and the log
message isn't necessary. I'm not sure exactly when it was removed, but
it's gone in the latest ntp release (4.2.6p5).
[1] http://bugs.ntp.org/show_bug.cgi?id=452
Approved by: roberto
socket is used. The previous code structure assumed that AF_INET sockets
were always available, which is an invalid assumption on IPv6-only systems.
This merges the fololowing revisions from NetBSD:
src/usr.bin/ftp/main.c 1.120
src/usr.bin/ftp/util.c 1.156
PR: bin/162661
Tested by: bz
Obtained from: NetBSD
MFC after: 1 week
of arming timer and then pausing. If SIGALRM is delivered before pause(3)
is entered, top hangs.
Submitted by: Andrey Zonov <andrey zonov org>
MFC after: 1 week
Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.
Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes
Extend the so far IPv4-only support for multiple routing tables (FIBs)
introduced in r178888 to IPv6 providing feature parity.
This includes an extended rtalloc(9) KPI for IPv6, the necessary
adjustments to the network stack, and user land support as in netstat.
Sponsored by: Cisco Systems, Inc.
Reviewed by: melifaro (basically)
MFC after: 10 days
but used by some Linux boot loaders). This option prints
out the directory holding the include files needed by
a freestanding program. The default implementation of
this doesn't work on FreeBSD because of the different
include file layout. But it's easy to implement:
just return /usr/include (or the cross-compiling equivalent).
Reviewed by: kan
MFC after: 1 week
Make sure the non-SSE lowering for fences correctly clobbers EFLAGS.
PR11768.
In particular, this fixes segfaults during the build of devel/icu on
i386. The __sync_synchronize() builtin used for implementing icu's
internal barrier could lead to incorrect behaviour.
MFC after: 3 days
This version is similar to the code shipped with libgcc. It is based on
the code from the SPARC64 architecture manual, provided without any
restrictions.
Tested by: flo@
SPARC and MIPS CPUs don't have special instructions to count
leading/trailing zeroes. The compiler-rt library provides fallback
rountines for these. The 64-bit routines, __clzdi2 and __ctzdi2, are
implemented as simple wrappers around the compiler built-in
__builtin_clz(), assuming these will expand to either 32-bit
CPU instructions or calls to __clzsi2 and __ctzsi2.
Unfortunately, our GCC 4.2 probably thinks that because the operand is
stored in a 64-bit register, it might just be a better idea to invoke
its 64-bit equivalent, simply resulting into endless recursion. Fix this
by defining __builtin_clz and __builtin_ctz to __clzsi2 and __ctzsi2
explicitly.
This switches us to using -isoC-2011 as the symbol name which is used by
groff and mdocml. It follows the change to 4 digit years as done with
IEEE Std 1003 post-1999.
MFC after: 2 weeks (groff changes only)
This version of libcompiler_rt adds support for __mulo[sdt]i4(), which
computes a multiply and its overflow flag. There are also a lot of
cleanup fixes to headers that don't really affect us.
Updating to this revision should make it a bit easier to contribute
changes back to the LLVM developers.
Vendor has integrated most of our local changes in revisions 3976-3979 so
future updates are going to be easier.
Thanks to Tim Kientzle <kientzle@FreeBSD.org>.
MFC after: 8 days
This library implements the C11 threads interface on top of the pthreads
library. As discussed on the lists, the preferred way to implement
this, is as a separate library.
It is unlikely that these functions will be used a lot in the future. It
would have been easier if the C11 working group standardized (a subset
of) pthreads and clock_nanosleep(). Having it as a separate library
allows the embedded people to omit it from their system.
Discussed on: arch@, threads@
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]
Fix a buffer overflow in telnetd. [11:08]
Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]
Add sanity checking of service names in pam_start. [11:10]
Approved by: so (cperciva)
Approved by: re (bz)
Security: FreeBSD-SA-11:06.bind
Security: FreeBSD-SA-11:07.chroot
Security: FreeBSD-SA-11:08.telnetd
Security: FreeBSD-SA-11:09.pam_ssh
Security: FreeBSD-SA-11:10.pam
from the gcc 4.2 branch.
The libraries in the gcc-4_2-branch remained under the LGPLv2.
The changes can be reproduced with the following command:
svn diff svn://gcc.gnu.org/svn/gcc/branches/gcc-4_2-branch/libstdc++-v3
-r 127959:135556
Reviewed by: mm
Approved by: jhb (mentor)
MFC after: 2 weeks
r204111 (uqs):
Fix common misspelling of hierarchy
r211054 (kientzle);
Fix -R when used with -p. Previously, the
uname and gname weren't overwritten, so the
disk restore would use those to lookup the
original uid/gid again. Clearing the uname
and gname prevents this.
r212263 (gjb):
Fix typo in bsdcpio manual:
s/libarchive_formats/libarchive-formats
MFC after: 2 weeks
r204111 (uqs):
Fix common misspelling of hierarchy
r207786 (kientzle):
Various manpage updates, including many long-option synonyms that were
previously undocumented.
r208028 (uqs):
mdoc: move remaining sections into consistent order
This pertains mostly to FILES, HISTORY, EXIT STATUS and AUTHORS sections.
r209152 (kientzle):
If the compressed data is larger than the uncompressed,
report the compression ratio as 0% instead of displaying
nonsense triggered by numeric overflow. This is common
when dealing with uncompressed files when the I/O blocking
causes there to be small transient differences in the
accounting.
r210720 (joel):
Fix typos.
r223541 (kientzle):
If there is a read error reading Y/N confirmation from the keyboard,
exit immediately with an error.
If there is an error opening or reading a file to put into the archive,
set the return value for a deferred error exit.
r223573 (kientzle):
The --newer-than test should descend into old
directories to look for new files.
r226636 (kientzle):
Typo from previous commit. Urgh.
r224153 (mm, partial):
Update bsdtar.1 manpage
MFC after: 2 weeks
r204111 (uqs):
Fix common misspelling of hierarchy
r208027 (uqs):
mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the
bottom of the manpages and order them consistently.
GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.
r208291 (uqs):
mdoc: consistently spell our email addresses <foo@FreeBSD.org>
r209031 (uqs):
mdoc nitpicking: the title argument shall be uppercase
r214822 (kientzle):
Clarify the naming: Methods that free an object should
be called "free". Retain the old "finish" names to preserve
source compatibility for now.
r214905 (kientzle):
If the Zip reader doesn't see a PK signature block
because there's inter-entry garbage, just scan forward
to find the next one. This allows us to handle a lot
of Zip archives that have been modified in-place.
Thanks to: Gleb Kurtsou for sending me a sample archive
r216258 (kientzle):
Don't write data into an empty "file."
In particular, this check avoids a warning when
extracting directory entries from certain GNU tar
archives that store directory contents.
r225525 (kientzle):
Fix cpio on ARM.
MFC after: 2 weeks
Add compatibility for ISO images created with unfixed makefs that
violated ECMA-119 (ISO9660): allow reserved4 to be 0x20 in PVD.
This allows tar to read FreeBSD distribution ISO images created
with makefs prior to NetBSD bin/45217 bugfix (up to 9.0-BETA1).
MFC after: 2 weeks
Backported from the gcc-4_3-branch, revision 118001,
under the GPLv2.
This issue was also fixed in Apple's gcc.
PR: 157025
Reviewed by: mm
Approved by: jhb (mentor)
MFC: 2 weeks
7.x, 8.x and 9.x with pf(4) imports: pfsync(4) should suppress CARP
preemption, while it is running its bulk update.
However, reimplement the feature in more elegant manner, that is
partially inspired by newer OpenBSD:
- Rename term "suppression" to "demotion", to match with OpenBSD.
- Keep a global demotion factor, that can be raised by several
conditions, for now these are:
- interface goes down
- carp(4) has problems with ip_output() or ip6_output()
- pfsync performs bulk update
- Unlike in OpenBSD the demotion factor isn't a counter, but
is actual value added to advskew. The adjustment values for
particular error conditions are also configurable, and their
defaults are maximum advskew value, so a single failure bumps
demotion to maximum. This is for POLA compatibility, and should
satisfy most users.
- Demotion factor is a writable sysctl, so user can do
foot shooting, if he desires to.
against icmp6_hdr::icmp6_type is done incorrectly. (This fix has
already been applied upstream, but we do not have the latest version of
tcpdump.)
MFC after: 1 week
without conversion warnings. This code desparately needs a good dose of
const poison, but fixing all the issues would be rather disruptive.
MFC after: 1 week
literals. Also, change the direction argument to move_rel() from char
to int; K&R function definions cause it to be promoted to an int anyway,
and this way we avoid clang warning about it.
MFC after: 1 week
__COUNTER__ allows one to obtain incrementing (read: unique) numbers
from the C preprocesor. This is useful when implementing things like a
robust implementation of CTASSERT(), which currently fails when using
it more than once on a single line of code. Probably not likely to cause
any breakage, but still.
__COUNTER__ was also added to GCC 4.3, but since that implementation is
GPLv3 licensed, I took the liberty of implementing it without looking at
any upstream sources. Therefore, this version is licensed under the same
license as the rest of the code; GPLv2.
attack vector against applications that allow the applicant to specify
which policy to apply.
Submitted by: Matthias Drochner <drochner@netbsd.org>
MFC after: 1 week
with clang, by removing two unneeded using declarations. Otherwise, you
would get errors similar to:
/usr/include/c++/4.2/debug/map.h:77:20: error: dependent using declaration resolved to type without 'typename'
using _Base::value_compare;
^
N.B.: Take care when you actually use the debug versions of any
libstdc++ header. They are more likely to contain problems, because
they are exercised far less often, and since the standard library
complexity guarantees don't always apply anymore, compile times can
drastically increase.
MFC after: 2 weeks
MK_LIBCPLUSPLUS=yes to enable). This is a work-in-progress. It works for
me, but is not guaranteed to work for anyone else and may eat your dog.
To build C++ using libc++, add -stdlib=libc++ to your CXX and LD flags.
Bug reports welcome, bug fixes even more welcome...
Approved by: dim (mentor)
load of _l suffixed versions of various standard library functions that use
the global locale, making them take an explicit locale parameter. Also
adds support for per-thread locales. This work was funded by the FreeBSD
Foundation.
Please test any code you have that uses the C standard locale functions!
Reviewed by: das (gdtoa changes)
Approved by: dim (mentor)
Fix the signature of the getcontext builtin, eliminating incorrect
warnings about its prototype.
This also adds a -W(no-)builtin-requires-header option, which can be
used to enable or disable warnings of this kind.
MFC after: 1 week
Mark the overloaded atomic builtins as having custom type checking,
which they do. This avoids all of the default argument promotions that
we (1) don't want, and (2) undo during that custom type checking, and
makes sure that we don't run into trouble during template
instantiation. Fixes llvm/clang PR11320.
MFC after: 1 week
Recursive name servers are failing with an assertion:
INSIST(! dns_rdataset_isassociated(sigrdataset))
At this time it is not thought that authoritative-only servers
are affected, but information about this bug is evolving rapidly.
Because it may be possible to trigger this bug even on networks
that do not allow untrusted users to access the recursive name
servers (perhaps via specially crafted e-mail messages, and/or
malicious web sites) it is recommended that ALL operators of
recursive name servers upgrade immediately.
For more information see:
https://www.isc.org/software/bind/advisories/cve-2011-tbd
which will be updated as more information becomes available.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
declares the proper size of a function. Without this macro recent GNU as will
complain about with:
'Error: .size expression for main does not evaluate to a constant.'
Up to now we produce this:
.L.main:
....
.size main, .-main
With the macro defined the output is this:
.L.main:
....
.size main,.-.L.main
This affects only the 64-bit compiler.
Tested with world and kernel on both, 32 and 64-bit powerpc.
- Fiji will end DST on 22 January 2012.
- Moldova split into two timezones has been cancelled.
- Cuba will end DST on 13 November 2011
Obtained from: ftp://ftp.iana.org/tz/releases/
-march=native" on AMD K10 family processors no longer errors out with
"unknown target CPU 'amdfam10'". This also enables use of SSE4A.
Reported by: David Marec <david.marec@davenulle.org>
MFC after: 3 days
Europe:
- Pridnestrovian Moldavian Republic (PMR, also known as
"Pridnestrovie") has abolished seasonal clock change (no transition
to the Winter Time).
- The recent change to the Ukranian time zone (Europe/Kiev) to
introduce permanent daylight saving time (similar to Russia) was
reverted.
South America:
- Bahia: The President signed a decree that includes Bahia in summer
time.
zone.tab:
- Add Europe/Tiraspol Pridnestrovie
Obtained from: ftp://ftp.iana.org/tz/releases/
Changes in 2011i:
Africa
- Added South Sudan: Africa/Juba
Australasia:
- Samoa will go forward 24 hours at 30 December 2011 to better match
the day of the week with its neighbours.
Europe:
- Europe/Kaliningrad will have the timezone KALT.
North America:
- Updates to Metlakatla historical data
- Newfoundland, Labrador and Resolute will do something which I
can't figure out.
iso3166tab;
- Add SS for South Sudan.
Changes in 2011j:
- Samoa will go from 29 December 23:59:59 to 31 December 00:00:00.
- Samoa DST will end on 1 April 2012
Changes in 2011k:
- Gaza / West Bank goes back to standard time on 02 August 2011.
- West Bank went bac kto DST on 30 August 2011.
- Lots of changes in Minsk (GMT+3 without DST) and other Russian
regions. A new timezone has been created for them, FET: Further-eastern
European Time aka GMT+3.
- Add Asian/Hebron to the zone.tab file.
Changes in 2011l:
- West Bank came out of DST on 30 September 2011.
- Fiji will g oin DST on 23 October and out of it on 26 Februari
- State Bahia might go back to DST in 16 October 2011
Due to legal problems, ado and Paul Eggert have to temporary suspend
their work on the timezone database
(http://thread.gmane.org/gmane.comp.time.tz/4133). Their work has
been continued by volunteers on the tz community and the hosting
of the data files is done by Robert Elz at ftp://munnari.oz.au/pub/.
Obtained from: ftp://munnari.oz.au/pub, ftp://elsie.nci.nih.gov/pub/
too-thorough cleanup of unused files, in r213695. Also make sure these
get installed under /usr/share/doc.
Submitted by: rwatson, brooks
Pointy hat to: dim
MFC after: 3 days
which is less likely to block a remote system from boot.
Submitted by: Garrett Cooper <yanegomi@gmail.com>
PR: doc/160775
MFC after: 1 month
Approved by: re (kib)
as anonymous namespaces are local to the current translation.
GCC PR: c++/33094
Reviewed by: uqs
Approved by: re (kib)
Obtained from: gcc (branches/redhat/gcc-4_1-branch, rev. 129554, GPLv2)
MFC after: 1 week
to the maximum number of CPUs to ensure that lcpustates[] array is always
allocated to the maximum size. Previously, if top was started without
per-CPU stats it would allocate a smaller lcpustates[] array. When
per-CPU stats were then enabled, it would overflow the array and trash
the cpustates_columns[] array causing the CPU stats to be printed in the
wrong locations.
Approved by: re (kib)
MFC after: 1 week
'C' and 'H' flags at runtime. This matches messages output for other
toggles which leave the first column in the message blank to hold the
cursor.
PR: bin/158775
Submitted by: arundel
MFC after: 3 days
ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY
This update addresses the following vulnerability:
CVE-2011-2464
=============
Severity: High
Exploitable: Remotely
Description:
A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464https://www.isc.org/software/bind/advisories/cve-2011-2464
- Implement -Wvariable-decl.
- Port -Wtrampolines support from gcc3.
(all three also via OpenBSD)
PR: gnu/127136, gnu/157019
Submitted by: Henning Petersen, Pedro Giffuni
MFC after: 6 weeks
for resolving by a child process that, upon success, will add the entry
to the config of the running running parent process.
Unfortunately there are a couple of bugs with this, fixed in various
later versions of upstream in potentially different ways due to other
code changes:
1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving
which does not work. Make sure we always pass the name (or IP there).
2) The intermediate file to carry the information to the child process
does not know about -4/-6 restrictions, so that a dual-stacked host
could resolve to an IPv6 address but that might be unreachable (see
r223626) leading to no working synchronization ignoring a IPv4 record.
Thus alter the intermediate format to also pass the address family
(AF_UNSPEC (default), AF_INET or AF_INET6) to the child process
depending on -4 or -6.
3) Make the child process to parse the new intermediate file format and
save the address family for getaddrinfo() hints flags.
4) Change child to always reload resolv.conf calling res_init() before
trying to resolve names. This will pick up resolv.conf changes or
new resolv.confs should they have not existed or been empty or
unusable on ntp startup. This fix is more conditional in upstream
versions but given FreeBSD has res_init there is no need for the
configure logic as well.
Approved by: roberto
Sponsored by: Sandvine Incorporated
MFC after: 9 days
in host byte order, so we need to compare them as such.
Properly compare IPv6 addresses as well.
This allows the, by default, 8 badaddrs slots per address
family to work correctly and only print sendto() errors once.
The change is no longer applicable to any latest upstream versions.
Approved by: roberto
Sponsored by: Sandvine Incorporated
MFC after: 1 week
In userland, sign extend the offset for JA instructions.
We currently use that to implement "ip6 protochain", and "pc" might be
wider than "pc->k", in which case we need to arrange that "pc->k" be
sign-extended, by casting it to bpf_int32.
PR: kern/157188
Submitted by: plosher
MFC after: 2 weeks
is defined, but then proceeds to use a hardcoded maximum hostname length
of 64 anyway. Fix this by checking against MAXHOSTNAMELEN instead.
PR: bin/157732
MFC after: 3 days
