18528 Commits

Author SHA1 Message Date
Rodney W. Grimes
ce9f2d31b3 Convert absolute links to relative links.
Style.Makefile(9) has been ignored to produce minimal diffs.

Approved by:	grehan (mentor)
MFC after:	1 week
2017-03-07 05:10:38 +00:00
Justin Hibbits
90b4425549 Clang in base now supports -mlongcall, so remove this hack
PR:		215947
MFC after:	2 weeks
2017-03-07 02:17:38 +00:00
Andrey V. Elsukov
22986c6740 Introduce the concept of IPsec security policies scope.
Currently are defined three scopes: global, ifnet, and pcb.
Generic security policies that IKE daemon can add via PF_KEY interface
or an administrator creates with setkey(8) utility have GLOBAL scope.
Such policies can be applied by the kernel to outgoing packets and checked
agains inbound packets after IPsec processing.
Security policies created by if_ipsec(4) interfaces have IFNET scope.
Such policies are applied to packets that are passed through if_ipsec(4)
interface.
And security policies created by application using setsockopt()
IP_IPSEC_POLICY option have PCB scope. Such policies are applied to
packets related to specific socket. Currently there is no way to list
PCB policies via setkey(8) utility.

Modify setkey(8) and libipsec(3) to be able distinguish the scope of
security policies in the `setkey -DP` listing. Add two optional flags:
'-t' to list only policies related to virtual *tunneling* interfaces,
i.e. policies with IFNET scope, and '-g' to list only policies with GLOBAL
scope. By default policies from all scopes are listed.

To implement this PF_KEY's sadb_x_policy structure was modified.
sadb_x_policy_reserved field is used to pass the policy scope from the
kernel to userland. SADB_SPDDUMP message extended to support filtering
by scope: sadb_msg_satype field is used to specify bit mask of requested
scopes.

For IFNET policies the sadb_x_policy_priority field of struct sadb_x_policy
is used to pass if_ipsec's interface if_index to the userland. For GLOBAL
policies sadb_x_policy_priority is used only to manage order of security
policies in the SPDB. For IFNET policies it is not used, so it can be used
to keep if_index.

After this change the output of `setkey -DP` now looks like:
# setkey -DPt
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in ipsec
	esp/tunnel/87.250.242.144-87.250.242.145/unique:145
	spid=7 seq=3 pid=58025 scope=ifnet ifname=ipsec0
	refcnt=1
# setkey -DPg
::/0 ::/0 icmp6 135,0
	out none
	spid=5 seq=1 pid=872 scope=global
	refcnt=1

No objection from:	#network
Obtained from:	Yandex LLC
MFC after:	2 weeks
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D9805
2017-03-07 00:13:53 +00:00
Enji Cooper
7532a6570b Move ATF_TC_WITHOUT_HEAD(getgrent) near the testcase it annotates
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-06 22:46:49 +00:00
Bryan Drewery
a1b9cad56b Fix bootstrapping libmd on older systems after r314709.
This follows another fix to bootstrap libmd after r313404.  The
MD5FileChunk prototype is needed to build libmd, but it is
only reliably in the src tree's sys/md5.h header.  Rather than
polluting the legacy build with this header for the entire build,
just symlink it in here for now as is done in the elftoolchain
build.  Libmd is already referencing other src tree headers by
its used of CFLAGS+= ${SRCTOP}/sys/crypto/sha2.  This, and
other uses of CFLAGS+= ${SRCTOP}/sys..., may later change to
be in the legacy mechanism.

Reported by:	bde, ian, sjg
Tested by:	ian
2017-03-06 21:06:55 +00:00
Pedro F. Giffuni
b5120bbada libpam: extra bounds checking through reallocarray(3).
Reviewed by:	des
MFC after:	1 week
2017-03-06 15:45:46 +00:00
Pedro F. Giffuni
fdd2f2ebdd Revert r314777: wrong log, the change was to libpam. 2017-03-06 15:42:03 +00:00
Pedro F. Giffuni
0012b66baf libfetch: extra bounds checking through reallocarray(3).
Reviewed by:	des
MFC after:	1 week
2017-03-06 15:38:03 +00:00
Pedro F. Giffuni
bb7d0109d7 libfetch: extra bounds checking through reallocarray(3).
Reviewed by:	des
MFC after:	1 week
2017-03-06 15:37:34 +00:00
Xin LI
0d64c8a06d Remove compatibility with old libpcap.
Differential Revision:	https://reviews.freebsd.org/D9606
2017-03-06 08:13:19 +00:00
Dag-Erling Smørgrav
c8453e5bf4 Fix partial requests (used by fetch -r) when the requested file is
already complete.

Since 416 is an error code, any Content-Range header in the response
would refer to the error message, not the requested document, so
relying on the value of size when we know we got a 416 is wrong.
Instead, just verify that offset == 0 and assume that we've reached
the end of the document (if offset > 0, we did not request a range,
and the server is screwing with us).  Note that we cannot distinguish
between reaching the end and going past it, but that is a flaw in the
protocol, not in the code, so we just have to assume that the caller
knows what it's doing.  A smart caller would request an offset
slightly before what it believes is the end and compare the result to
what is already in the file.

PR:		212065
Reported by:	mandree
MFC after:	3 weeks
2017-03-05 12:06:45 +00:00
Conrad Meyer
8844cec8f3 fts: Fix a potential memory leak in error case
Dan Krejsa reports a potential memory leak in an fts_build error case,
detected by Coverity.  (It doesn't seem to show up in Coverity Scan, so I
don't have a CID to point to.)

I don't know whether it is actually possible to arrive in this case with a
non-empty 'head' list.  The cost is low, though.  One additional branch in a
terminal error case isn't the end of the world.

PR:		217125
Submitted by:	Dan Krejsa <dan.krejsa at gmail.com>
2017-03-04 20:46:57 +00:00
Enji Cooper
abe427af75 Fix warnings in lib/msun/tests/... to help pave way for WARNS?= 6.
- Staticize variables.
- Use nitems liberally. Wherever nitems is used, use unsigned integers
- Remove unused variables (argc, argv, etc)

This fixes most issues -- some issues remain in logarithm_test though.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-04 10:07:46 +00:00
Enji Cooper
5c47281893 Convert lib/msun/ctrig_test from TAP to ATF
This is being done as a precursor for work needed to annontate failing
testcases with clang 4.0+.

MFC after:	1 week
PR:	217528
Sponsored by:	Dell EMC Isilon
2017-03-04 09:16:51 +00:00
Warner Losh
8ff15e8613 Make sure guid table is compiled before we use it.
Sponsored by: Netflix
2017-03-03 20:23:23 +00:00
Warner Losh
80967c8e1c Only compile the known uuid table once.
Sponsored by: Netflix
2017-03-03 20:22:56 +00:00
Warner Losh
e174551332 Move uuid_table definition to efivar.h.
Create new function efi_known_guid() to return list of guids.

Sponsored by: Netflix
2017-03-03 20:22:47 +00:00
Dag-Erling Smørgrav
886c581471 Load default options before requesting a ticket.
PR:		213909
Reported by:	basarevych@gmail.com
MFC after:	1 week
2017-03-03 14:06:22 +00:00
Baptiste Daroussin
5d1ce10bee Properly initialize netrcfd in fetchParseURL
This fixes ftp with fetch(1) which was broken after r313974

Submitted by:	dim
Reported by:	olivier
Pointyhat to:	bapt
2017-03-03 12:51:16 +00:00
Enji Cooper
fa42250152 Correct MLINKS for sbuf_hexdump(9)
sbuf_hexdump(9) should be linked to sbuf(9), not hexdump(3). Another
review will be posted to deduplicate the sbuf_hexdump reference in
in hexdump(3) or at the very least make the information less duplicative.

MFC after:	1 week
X-MFC with:	r313437
Sponsored by:	Dell EMC Isilon
2017-03-03 06:31:47 +00:00
Martin Matuska
642870485c MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
  PR #501: improvements in ACL path handling
  PR #724: fix hang when reading malformed cpio files
  PR #864: fix out of bounds read with malformed GNU tar archives
  Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
  Access Control Lists (--acls, --no-acls)
  Extended file flags (--fflags, --no-fflags)
  Extended attributes (--xattrs, --no-xattrs)
  Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after:	2 weeks
2017-03-02 22:59:35 +00:00
Dimitry Andric
ed085b68ab Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
4.0.0 (branches/release_40 296509).  The release will follow soon.

Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11
support to build; see UPDATING for more information.

Also note that as of 4.0.0, lld should be able to link the base system
on amd64 and aarch64.  See the WITH_LLD_IS_LLD setting in src.conf(5).
Though please be aware that this is work in progress.

Release notes for llvm, clang and lld will be available here:
<http://releases.llvm.org/4.0.0/docs/ReleaseNotes.html>
<http://releases.llvm.org/4.0.0/tools/clang/docs/ReleaseNotes.html>
<http://releases.llvm.org/4.0.0/tools/lld/docs/ReleaseNotes.html>

Thanks to Ed Maste, Jan Beich, Antoine Brodin and Eric Fiselier for
their help.

Relnotes:	yes
Exp-run:	antoine
PR:		215969, 216008
MFC after:	1 month
2017-03-02 20:49:40 +00:00
Brooks Davis
af4157ef72 Garbage collect unused gdtoa related files on mips.
Reviewed by:	emase, imp, jhb
MFC after:	1 week
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D9841
2017-03-02 17:08:37 +00:00
Brooks Davis
13f2393362 Correct an misunderstanding of MDSRCS.
MDSRCS it intended to allow assembly versions of funtions with C
implementations listed in MISRCS. The selection of the correct
machdep_ldis?.c for a given architecture does not follow this pattern
and the file should be added to SRCS directly.

Reviewed by:	emaste, imp, jhb
MFC after:	1 week
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D9841
2017-03-02 17:07:28 +00:00
Brooks Davis
9fe44df287 Correct MDSRCS use in <arch>/string/Makefile.inc.
- Remove .c files which duplicate entries in MISRCS.
- Use the same, less merge conflict prone style in all cases.
- Use MDSRCS for mips (.c and .S files both ended up in SRCS).
- Remove pointless sparc64 Makefile.inc.
- Remove uninformative foreign VCS ID entries.

Reviewed by:	emaste, imp, jhb
MFC after:	1 week
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D9841
2017-03-02 17:05:52 +00:00
Scott Long
add86609f8 Expose the sbuf_putbuf() symbol to libsbuf. There are a few other symbols
that are present but not exposed, like get/set/clear flags, not sure if they
need to be exposed at this point.

Sponsored by:	Netflix
2017-03-02 01:39:23 +00:00
Dimitry Andric
348238dbd4 Merge ^/head r314420 through r314481. 2017-03-01 08:22:51 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Eric van Gyzen
81027fa594 Sort declaration of sem_clockwait_np
Also mention <time.h> in sem_timedwait(3), because POSIX does,
and because the user will need it for clockid_t, struct timespec,
and TIMER_ABSTIME.

Reported by:	bde
MFC after:	9 days
X-MFC with:	r314179
Sponsored by:	Dell EMC
2017-02-28 21:47:00 +00:00
Dimitry Andric
be64968040 Merge ^/head r314270 through r314419. 2017-02-28 21:30:26 +00:00
Dimitry Andric
2e477b5e5e Merge llvm, clang, compiler-rt, libc++, lld and lldb release_40 branch
r296509, and update build glue.
2017-02-28 21:18:23 +00:00
Dimitry Andric
365919ebc1 Vendor import of llvm release_40 branch r296509:
https://llvm.org/svn/llvm-project/llvm/branches/release_40@296509
2017-02-28 21:07:18 +00:00
Bjoern A. Zeeb
6d91604093 Properly indent a default: label and avoid crashing when running
under -v but cannot connect due to trying to print an int as %s [1].

Reported by:	andrew [1]
MFC after:	3 days
2017-02-28 18:10:03 +00:00
Gleb Smirnoff
efe3b0de14 Remove SVR4 (System V Release 4) binary compatibility support.
UNIX System V Release 4 is operating system released in 1988. It ceased
to exist in early 2000-s.
2017-02-28 05:14:42 +00:00
Pedro F. Giffuni
3b243527db librss: simplify some NULL checks.
MFC after:	1 week
2017-02-27 00:10:00 +00:00
Mariusz Zaborski
b62c1f2b18 Remove unneeded variable initialization from r314319.
Pointed out by:	kib
2017-02-26 22:15:39 +00:00
Mariusz Zaborski
ba1b663656 Don't try to open devices in the gettc() function which will always
fail in the Capability mode. Instead silently fallback to the syscall
method, which is done for example in the gettimeofday(2) function.

Reviewed by:	kib
2017-02-26 22:07:26 +00:00
Dimitry Andric
d630701f86 Merge ^/head r314178 through r314269. 2017-02-25 15:04:19 +00:00
Dimitry Andric
bc93f188f6 Merge llvm, clang, compiler-rt, libc++, lld and lldb release_40 branch
r296202, and update build glue.
2017-02-25 15:00:57 +00:00
Dimitry Andric
2344cbce57 Vendor import of clang release_40 branch r296202:
https://llvm.org/svn/llvm-project/cfe/branches/release_40@296202
2017-02-25 14:40:42 +00:00
Dimitry Andric
9c618dddcd Vendor import of llvm release_40 branch r296202:
https://llvm.org/svn/llvm-project/llvm/branches/release_40@296202
2017-02-25 14:40:33 +00:00
Warner Losh
589c673b32 Don't convert ENOENT to nothing for individual lookup, just for the
iterative get_next interface. This prevents efivar(3) from printing 4k
of 0's when a variable isn't set.

Sponsored by: Netflix
2017-02-25 00:09:21 +00:00
Enji Cooper
8f7861b26f Fix up r314189
The conditional in do_buff_decode(..) after the while loop was accidentally
inverted. Only increment the pointer for fmt if it's not NUL.

MFC after:	2 weeks
X-MFC with:	r314189
Reported by:	pstef
Sponsored by:	Dell EMC Isilon
2017-02-24 06:49:31 +00:00
Enji Cooper
29d14889f5 Fix some minor style nits: put parentheses around return values
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-02-24 06:28:58 +00:00
Enji Cooper
69c703b9c4 Fix up NULL/'\0' uses and fix 2 derefs after NULL
MFC after:	2 weeks
Reported by:	Coverity
CID:		1018898, 1018899
Differential Revision:	https://reviews.freebsd.org/D6142
Sponsored by:	Dell EMC Isilon
2017-02-24 06:24:39 +00:00
Eric van Gyzen
b215ceaaec Add sem_clockwait_np()
This function allows the caller to specify the reference clock
and choose between absolute and relative mode.  In relative mode,
the remaining time can be returned.

The API is similar to clock_nanosleep(3).  Thanks to Ed Schouten
for that suggestion.

While I'm here, reduce the sleep time in the semaphore "child"
test to greatly reduce its runtime.  Also add a reasonable timeout.

Reviewed by:	ed (userland)
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D9656
2017-02-23 19:36:38 +00:00
Dimitry Andric
eedd67c033 Merge ^/head r314129 through r314177. 2017-02-23 19:32:25 +00:00
Dimitry Andric
5d19388204 Merge llvm, clang, compiler-rt, libc++, lld and lldb release_40 branch
r296002, and update build glue.
2017-02-23 19:25:29 +00:00
Dimitry Andric
47c4f8f166 Vendor import of clang release_40 branch r296002:
https://llvm.org/svn/llvm-project/cfe/branches/release_40@296002
2017-02-23 19:13:57 +00:00
Dimitry Andric
5a813558fc Vendor import of llvm release_40 branch r296002:
https://llvm.org/svn/llvm-project/llvm/branches/release_40@296002
2017-02-23 19:13:48 +00:00