Commit Graph

8828 Commits

Author SHA1 Message Date
Gordon Bergling
f9c7920eb1 Mention FreeBSD in the HISTORY sections of apropos(1) and makewhatis(8).
PR:	223520, 223521
Reviewed by:	bcr (mentor)
Approved by:	bcr (mentor)
Differential Revision:	https://reviews.freebsd.org/D25521
2020-06-30 18:08:59 +00:00
Ed Maste
4e22eafc99 Revert r362261, "Re-apply r333944 to unbreak ports"
A file update in 2018 broke many ports as it misidentified shared
libraries as PIE binaries.  r333944 reverted part of the change,
restoring ports builds but misidentifying objects in the opposite
direction.

Earlier this month file 5.39 was imported, and then the change
originally from r333944 was recommitted as r362261.  However, the
issue was fixed upstream, so r362261 serves no purpose.

PR:		246960, 247461 [exp-run]
Sponsored by:	The FreeBSD Foundation
2020-06-29 13:30:48 +00:00
Dimitry Andric
62cfcf62f6 Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
llvmorg-10.0.1-rc2-0-g77d76b71d7d.

Also add a few more llvm utilities under WITH_CLANG_EXTRAS:

* llvm-dwp, a utility for merging DWARF 5 Split DWARF .dwo files into
  .dwp (DWARF package files)
* llvm-size, a size(1) replacement
* llvm-strings, a strings(1) replacement

MFC after:	3 weeks
2020-06-28 07:43:43 +00:00
Stefan Eßer
252884ae7e Import new 2-clause BSD licenced implementation of the bc and dc commands
These implementations of the bc and dc programs offer a number of advantages
compared to the current implementations in the FreeBSD base system:

- They do not depend on external large number functions (i.e. no dependency
  on OpenSSL or any other large number library)

- They implements all features found in GNU bc/dc (with the exception of
  the forking of sub-processes, which the author of this version considers
  as a security issue).

- They are significantly faster than the current code in base (more than
  2 orders of magnitude in some of my tests, e.g. for 12345^100000).

- They should be fully compatible with all features and the behavior of the
  current implementations in FreeBSD (not formally verified).

- They support POSIX message catalogs and come with localized messages in
  Chinese, Dutch, English, French, German, Japanese, Polish, Portugueze,
  and Russian.

- They offer very detailed man-pages that provide far more information than
  the current ones.

The upstream sources contain a large number of tests, which are not
imported with this commit. They could be integrated into our test
framework at a latter time.

Installation of this version is controlled by the option "MK_GH_BC=yes".
This option will be set to yes by default in 13-CURRENT, but will be off
by default in 12-STABLE.

Approved by:	imp
Obtained from:	https://git.yzena.com/gavin/bc
MFC after:	4 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D19982
2020-06-27 12:02:01 +00:00
Li-Wen Hsu
f4beb2edcd Temporarily skip flakey sys.kern.sysv_test.msg in CI
PR:		233649
2020-06-26 17:58:10 +00:00
Dimitry Andric
0946e70a3b Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
llvmorg-10.0.0-129-gd24d5c8e308. Getting closer to 10.0.1-rc2.

MFC after:	3 weeks
2020-06-25 08:15:10 +00:00
Cy Schubert
767173cec2 MFV r362565:
Update 4.2.8p14 --> 4.2.8p15

Summary: Systems that use a CMAC algorithm in ntp.keys will not release
a bit of memory on each packet that uses a CMAC keyid, eventually causing
ntpd to run out of memory and fail. The CMAC cleanup from
https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby
the CMAC data structure was no longer completely removed.

MFC after:	3 days
Security:	NTP Bug 3661
2020-06-24 01:51:05 +00:00
Oleksandr Tymoshenko
e16b207739 Fix crash in drill(1) when IP has two subsequent dots
Cherry-pick crash fix from the upstream repo

PR:		226575
Reported by:	Goran Mekić <meka@tilda.center>
Obtained from:	https://git.nlnetlabs.nl/ldns/commit/?id=98291475
MFC after:	2 weeks
2020-06-22 23:13:14 +00:00
Yuri Pankov
1a176e87df Revert r362148.
Breaks UTF-8 input for new or having only 7bit characters present files.

Reported by:	glebius
2020-06-22 22:59:03 +00:00
Baptiste Daroussin
5b990a9463 Revert r362466
Such change should not have happen without prior discussion and review.

With hat:	transitioning core
2020-06-22 07:46:24 +00:00
Hans Petter Selasky
7747001b12 Improve wording to be more precise and clear.
No functional change intended.

s/Master Boot/Main Boot/ (also called MBR)

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-06-21 13:34:08 +00:00
Xin LI
65422c964a liblzma: Make liblzma use libmd implementation of SHA256.
MFC after:	2 weeks
PR:		200142
2020-06-20 21:32:07 +00:00
Dimitry Andric
e837bb5cfb Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
llvmorg-10.0.0-97-g6f71678ecd2 (not quite 10.0.1 rc2, as more fixes are
still pending).

MFC after:	3 weeks
2020-06-20 20:06:52 +00:00
Dimitry Andric
b32fb2a4ea Merge commit 0cecafd647cc from llvm git (by Alina Sbirlea):
[BasicAA] Make BasicAA a cfg pass.

  Summary:
  Part of the changes in D44564 made BasicAA not CFG only due to it
  using PhiAnalysisValues which may have values invalidated. Subsequent
  patches (rL340613) appear to have addressed this limitation.

  BasicAA should not be invalidated by non-CFG-altering passes. A
  concrete example is MemCpyOpt which preserves CFG, but we are testing
  it invalidates BasicAA.

  llvm-dev RFC:
  https://groups.google.com/forum/#!topic/llvm-dev/eSPXuWnNfzM

  Reviewers: john.brawn, sebpop, hfinkel, brzycki

  Subscribers: hiraditya, llvm-commits

  Tags: #llvm

  Differential Revision: https://reviews.llvm.org/D74353

This fixes an issue with clang's -fintegrated-cc1 feature, which could
make it output slightly different assembly code, depending on the way it
was invoked.

In r361755 we attempted to work around it by disabling the integrated
cc1 stage, but it did not solve the root cause for all situations.

Extensive testing and bisecting showed that the above change finally
makes the output deterministic, even if -fintegrated-cc1 is on.

Reported by:	Fabian Keil <fk@fabiankeil.de>
PR:		246630
MFC after:	3 days
2020-06-18 20:41:43 +00:00
Jung-uk Kim
b7cadce49a Remove the unnecessary configure.ac. 2020-06-18 18:16:13 +00:00
Jung-uk Kim
7e38239042 MFV: r362286
Merge flex 2.6.4.
2020-06-18 18:09:16 +00:00
Gordon Bergling
1adf1a2e4c ctime(3): Bump .Dd after r362165
Reported by:	bcr (mentor)
Reviewed by:	bcr (mentor)
Approved by:	bcr (mentor)
X-MFC-With:	r362165
2020-06-17 11:57:48 +00:00
Andrew Turner
b6aadd183a Update opencsd to 0.14.2
Sponsored by:	Innovate UK
2020-06-17 10:42:20 +00:00
Antoine Brodin
1f73e3e4a4 Re-apply r333944 to unbreak ports 2020-06-17 10:11:54 +00:00
Xin LI
2726a70148 MFV r362254: file 5.39.
MFC after:	2 weeks
2020-06-17 07:41:28 +00:00
Kristof Provost
389f88cffd llvm: Default to -mno-relax on RISC-V
Compiling on a RISC-V system fails with 'relocation R_RISCV_ALIGN
requires unimplemented linker relaxation; recompile with -mno-relax'.

Our default linker (ld.lld) doesn't support relaxation, so default to
no-relax so we don't generate object files the linker can't handle.

Reviewed by:	mhorne
Sponsored by:	Axiado
Differential Revision:	https://reviews.freebsd.org/D25210
2020-06-16 18:39:56 +00:00
Andrew Turner
c120c5646d Re-add opencsd as a vendor import from the dist directory
Sponsored by:	Innovate UK
2020-06-16 08:59:44 +00:00
Andrew Turner
9619ffaac8 Remove opencsd so I can re-import it with the correct ancestry
Sponsored by:	Innovate UK
2020-06-16 08:57:13 +00:00
Gordon Bergling
5e3ca52e78 Add a HISTORY section to ctime(3)
Reviewed by:	bcr (mentor)
Approved by:	bcr (mentor)
Obtained from:	OpenBSD
MFC after:	7 days
Differential Revision:	https://reviews.freebsd.org/D24635
2020-06-14 05:08:15 +00:00
Yuri Pankov
38f168e1a3 nvi: fallback to ISO8859-1 as last resort
Current logic of using user's locale encoding that is UTF-8 doesn't make
much sense if we already failed the looks_utf8() check and skipped
encoding set using "fileencoding" as being UTF-8 as well; fallback to
ISO8859-1 in that case.

Reviewed by:	Zhihao Yuan <lichray@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D24919
2020-06-13 14:11:02 +00:00
Cy Schubert
9236bd4bb7 MFV r362143:
Update sqlite3 to 3.32.2 (3320200).

CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of
service (segmentation fault) via a malformed window-function query because
the AggInfo object's initialization is mishandled.

CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in
sqlite3_str_vappendf in printf.c.

CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in
sqlite3ExprCodeTarget in expr.c.

CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a
use-after-free in fts3EvalNextRow, related to the snippet feature

CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed
to the name of one of its shadow tables, related to alter.c and build.c.

CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a
NULL pointer dereference via a crafted matchinfo() query.

PR:		247149
Reported by:	spam123@bitbert.com
MFC after:	3 days
Security:	vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3
		https://nvd.nist.gov/vuln/detail/CVE-2020-11655
		https://nvd.nist.gov/vuln/detail/CVE-2020-13434
		https://nvd.nist.gov/vuln/detail/CVE-2020-13435
		https://nvd.nist.gov/vuln/detail/CVE-2020-13630
		https://nvd.nist.gov/vuln/detail/CVE-2020-13631
		https://nvd.nist.gov/vuln/detail/CVE-2020-13632
2020-06-13 04:47:59 +00:00
Cy Schubert
b622dc25cf MFV r362082:
Update sqlite3 3.31.1 --> 3.32.0.

PR:		247149
Reported by:	spam123@bitbert.com
Reminded by:	emaste
MFC after:	3 days
Security:	CVE-2020-11655, CVE-2020-13434, CVE-2020-13435,
		CVE-2020-13630, CVE-2020-13631, CVE-2020-13632
2020-06-12 13:02:44 +00:00
Simon J. Gerraty
ef0b253881 Merge bmake-20200606
Relevant items from ChangeLog:

	o dir.c: cached_stats - don't confuse stat and lstat results.
	o var.c: add :Or for reverse sort.
2020-06-09 20:52:35 +00:00
Cy Schubert
ee7b7f3f05 Post CVE-2020-12695 cleanup patch:
Resolve a Linuxism to fix the build.

MFC after:	3 days
X-MFC with:	r361957, r361958, r361959
2020-06-09 05:43:51 +00:00
Cy Schubert
7d748adc91 MFV r361938:
Upstream commit message:

[PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly

While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.

These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.

Obtained from:	https://w1.fi/security/2020-1/\
	0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
MFC after:	3 days
Security:	VU#339275 and CVE-2020-12695
2020-06-09 05:39:37 +00:00
Cy Schubert
b266d2f206 MFV r361937:
Upstream commit message:

[PATCH 2/3] WPS UPnP: Fix event message generation using a long URL path

More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.

Obtained from:	https://w1.fi/security/2020-1/\
	0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
MFC after:	3 days
Security:	VU#339275 and CVE-2020-12695
2020-06-09 05:38:12 +00:00
Cy Schubert
a3557ef05f MFV r361936:
Upstream commit message:

[PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks

The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).

Obtained from:	https://w1.fi/security/2020-1/\
	0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
MFC after:	3 days
Security:	VU#339275 and CVE-2020-12695
2020-06-09 05:35:38 +00:00
Ed Maste
dfd4db9333 lld: Set DF_1_PIE for -pie
DF_1_PIE originated from Solaris[1].

GNU ld[2] sets the flag on non-Solaris platforms.

It can help distinguish PIE from ET_DYN.
eu-classify from elfutils uses this to recognize PIE[3].

glibc uses this flag to reject dlopen'ing a PIE[4]

[1] https://docs.oracle.com/cd/E36784_01/html/E36857/chapter6-42444.html
[2] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=5fe2850dd96483f176858fd75c098313d5b20bc2
[3] https://sourceware.org/git/?p=elfutils.git;a=commit;h=3f489b5c7c78df6d52f8982f79c36e9a220e8951
[4] https://sourceware.org/bugzilla/show_bug.cgi?id=24323

Discussed with:	dim
Obtained from:	LLVM ee9a251caf1d
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-06-02 22:57:13 +00:00
Ed Maste
4e99f45480 llvm: Add DF_1_PIE
Discussed with:	dim
Obtained from:	LLVM d9943e7f0ce8
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-06-02 22:55:51 +00:00
Cy Schubert
9543f281e8 Per-rule hit counts (-h) can be used with either -i (input) or -o (output)
filter rule lists.

MFC after:	3 days
2020-06-02 03:44:22 +00:00
Dimitry Andric
b7ec5dea64 Update Subversion to 1.14.0 LTS. See contrib/subversion/CHANGES for a
summary of changes, or for a more thorough overview:

https://subversion.apache.org/docs/release-notes/1.14

NOTE: there is no need to dump and reload repositories, and the working
copy format is still the same as Subversion 1.8 through 1.13.

Relnotes:	yes
MFC after:	2 weeks
X-MFC-With:	r361677
2020-06-01 10:27:05 +00:00
Dimitry Andric
674baa3c4f Update apr-util to 1.6.1. See contrib/apr-util/CHANGES for a summary of
changes.

MFC after:	2 weeks
X-MFC-With:	r361677
2020-06-01 10:14:45 +00:00
Dimitry Andric
b081c245fd Update apr to 1.7.0. See contrib/apr/CHANGES for a summary of changes.
MFC after:	2 weeks
X-MFC-With:	r361677
2020-05-31 22:12:56 +00:00
Ed Maste
796bf3133b readelf: add more DT_FLAGS_1 flags
Reference:
https://docs.oracle.com/cd/E36784_01/html/E36857/chapter6-42444.html

> DF_1_SINGLETON  Singleton symbols exist.
> DF_1_STUB       Object is a stub.
> DF_1_PIE        Object is a position-independent executable.

Sponsored by:	The FreeBSD Foundation
2020-05-31 15:31:47 +00:00
Dimitry Andric
d65cd7a57b Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
llvmorg-10.0.1-rc1-0-gf79cd71e145 (aka 10.0.1 rc1).

MFC after:	3 weeks
2020-05-23 10:32:18 +00:00
Conrad Meyer
33af263230 ctime.3: Use ASCII asterisks for C, not special unicode math glyphs
PR:		246656
Reported by:	danfe
2020-05-22 15:30:14 +00:00
Cy Schubert
091e9e469b MFV r361322:
Update unbound 1.9.6 --> 1.10.1.

Bug Fixes:
 - CVE-2020-12662 Unbound can be tricked into amplifying an incoming
   query into a large number of queries directed to a target.
 - CVE-2020-12663 Malformed answers from upstream name servers can be
   used to make Unbound unresponsive.

Reported by:	emaste
MFC after:	3 days
Relnotes:	yes
Security:	CVE-2020-12662, CVE-2020-12663
2020-05-21 21:00:46 +00:00
Cy Schubert
6a53c00e64 Vendor import of Unbound 1.10.1.
Security:	CVE-2020-12662, CVE-2020-12663
2020-05-21 05:01:52 +00:00
Simon J. Gerraty
49caa483b3 Merge bmake-20200517
Changes since 20181221 are mostly portability related
hence the large gap in versions imported.

There are however some bug fixes, and a rework of filemon handling.
In NetBSD make/filemon/filemon_ktrace.c allows use of fktrace
and elimination of filemon(4) which has not had the TLC it needs.

FreeBSD filemon(4) is in much better shape, so bmake/filemon/filemon_dev.c
allows use of that, with a bit less overhead than the ktrace model.

Summary of changes from ChangeLog

	o str.c: empty string does not match % pattern
	  plus unit-test changes
	o var.c: import handling of old sysV style modifier using '%'
	o str.c: refactor brk_string
	o meta.c: meta_oodate, CHECK_VALID_META is too aggressive for CMD
	  a blank command is perfectly valid.
	o meta.c: meta_oodate, check for corrupted meta file
	  earlier and more often.
	* meta.c: meta_compat_parent check for USE_FILEMON
	  patch from Soeren Tempel
	o meta.c: fix compat mode, need to call meta_job_output()
	o job.c: extra fds for meta mode not needed if using filemon_dev
	o meta.c: avoid passing NULL to filemon_*() when meta_needed()
	  returns FALSE.
	o filemon/filemon_{dev,ktrace}.c: allow selection of
	  filemon implementation.  filemon_dev.c uses the kernel module
	  while filemon_ktrace.c leverages the fktrace api available in
	  NetBSD.  filemon_ktrace.c can hopefully form the basis for
	  adding support for other tracing mechanisms such as strace on
	  Linux.
	o meta.c: when target is out-of-date per normal make rules
	  record value of .OODATE in meta file.
	o parse.c: don't pass NULL to realpath(3)
	  some versions cannot handle it.
	o parse.c: ParseDoDependency: free paths rather than assert

plus more unit-tests
2020-05-20 22:25:46 +00:00
Martin Matuska
de6fa6b43b MFV r361280:
Update libarchive to 3.4.3

Relevant vendor changes:
  PR #1352: support negative zstd compression levels
  PR #1359: improve zstd version checking
  PR #1348: support RHT.security.selinux from GNU tar
  PR #1357: support for archives compressed with pzstd
  PR #1367: fix issues in acl tests
  PR #1372: child handling cleanup
  PR #1378: fix memory leak from passphrase callback
2020-05-20 20:58:48 +00:00
Martin Matuska
e117869ad3 Update vendor/libarchive/dist to git fc6563f5130d8a7ee1fc27c0e55baef35119f26c
Libarchive 3.4.3

Relevant vendor changes:
  PR #1352: support negative zstd compression levels
  PR #1359: improve zstd version checking
  PR #1348: support RHT.security.selinux from GNU tar
  PR #1357: support for archives compressed with pzstd
  PR #1367: fix issues in acl tests
  PR #1372: child handling cleanup
  PR #1378: fix memory leak from passphrase callback
2020-05-20 16:13:02 +00:00
Cy Schubert
2ecd01c7c1 Silence the once per second CTRL-EVENT-SCAN-FAILED errors when the WiFi
radio is disabled through the communication device toggle key (also known
as the RF raidio kill button). Only the CTRL-EVENT-DISCONNECTED will be
issued.

Submitted by:	avg
Reported by:	avg
MFC after:	1 week
2020-05-20 04:16:13 +00:00
Ed Maste
36b1f67ca1 blacklistd.conf.5: typo/grammar fixes
PR:		246467
Submitted by:	Mike Lempriere
2020-05-19 00:15:19 +00:00
Ed Maste
eb95dbfa4f GNU as: move deprecation message after option parsing
Some cmake test parses the output of the first line of as --version, and
emits an error if it does not contain some expected strings:

Checking whether the ASM compiler is GNU using "--version" did not match
"(GNU assembler)|(GCC)|(Free Software Foundation)"

Emit the deprecation message later, after parsing argv and thus --version.

PR:		246540
Reported by:	dch
Sponsored by:	The FreeBSD Foundation
2020-05-18 16:07:14 +00:00
Li-Wen Hsu
b13788e396 Temporarily disable failing case in CI of amd64:
- lib.libexecinfo.backtrace_test.backtrace_fmt_basic

PR:		246537
Sponsored by:	The FreeBSD Foundation
2020-05-18 12:36:28 +00:00