| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
PR: 215105
Submitted by: <jtd2004a sbcglobal.net>
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix possible escape from bhyve(8) virtual machine. [SA-16:38]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]
Fix incorrectly defined unicode character(s). [EN-16:21]
Security: FreeBSD-SA-16:36.telnetd
Security: FreeBSD-SA-16:37.libc
Security: FreeBSD-SA-16:38.bhyve
Errata Notice: FreeBSD-EN-16:19.tzcode
Errata Notice: FreeBSD-EN-16:20.tzdata
Errata Notice: FreeBSD-EN-16:21.localedef
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
=== bspatch ===
MFS r306213: bspatch Capsicumization, sanity checks, and other improvements
r304691: bspatch: apply style(9)
Make style changes (and trivial refactoring of open calls) now in order
to reduce noise in diffs for future capsicum changes.
r304807 (allanjude): Capsicumize bspatch
Move all of the fopen() and open() calls to the top of main()
Restrict each FD to least privilege (read/seek only, write only, etc)
cap_enter(), and make all except the output FD read/seek only.
r304821: bspatch: remove output file in the case of error
r305486: bspatch: add sanity checks on sizes to avoid integer overflow
Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.
This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.
r305737: bspatch: remove superfluous newlines from errx strings
r305822: bspatch: use #define for header size instead of magic number
r306026: bspatch: Remove backwards-compatibility sys/capability.h support
bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and we may
see this file incorporated into other third-party software.
The Capsicum header is now installed as sys/capsicum.h in stable/10 and
FreeBSD 10.3, so we can just use sys/capsicum.h and simplify the logic.
With this change, bspatch is identical between head, stable/11 and releng/11.0.
=== portsnap ===
MFS r305648 (delphij): MFC r305469:
Ensure that we always open only files that is named by explicitly
using shell redirections instead of having gzip(1) to decide what
file to open.
Issue reported in the "non-cryptanalytic attacks against freebsd
update components" anonymous gist.
=== libarchive ===
MFS r305754 (mm): MFC r305422:
Sync libarchive with vendor
Vendor issues fixed:
PR #777: Multiple bugfixes for setup_acls()
This includes a bugfix for a bug that caused ACLs not to be read properly
for files and directories inside subdirectories and as a result not being
stored or being incorrectly stored in tar archives.
MFS r306321 (mm): MFC r305819:
Sync libarchive with vendor including important security fixes.
Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions
This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Fix for vulnerability #2 has already been merged.
Approved by: re (gjb), so (glebius)
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFC r304075,r304989:
Sync libarchive with vendor including security fixes
Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length
MFC r304874:
Temporarily disable two libarchive tests that have not yet been fixed by
vendor. Tests will be re-enabled after a fix has been merged.
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pull in r265122 from upstream llvm trunk (by James Molloy):
Fix for pr24346: arm asm label calculation error in sub
Some ARM instructions encode 32-bit immediates as a 8-bit integer
(0-255) and a 4-bit rotation (0-30, even) in its least significant 12
bits. The original fixup, FK_Data_4, patches the instruction by the
value bit-to-bit, regardless of the encoding. For example, assuming
the label L1 and L2 are 0x0 and 0x104 respectively, the following
instruction:
add r0, r0, #(L2 - L1) ; expects 0x104, i.e., 260
would be assembled to the following, which adds 1 to r0, instead of
260:
e2800104 add r0, r0, #4, 2 ; equivalently 1
The new fixup kind fixup_arm_mod_imm takes care of the encoding:
e2800f41 add r0, r0, #260
Patch by Ting-Yuan Huang!
This fixes label calculation for ARM assembly, and is needed to enable
ARM assembly sources for OpenSSL.
Approved by: re (kib)
Requested by: jkim
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Avoid double use of "request" in a single sentence. Instead, describe
aio_sigevent as being used to request notification of the associated
operation's completion. This matches the language used to describe
aio_sigevent in aio(4).
- Simplify the prohibition on modifying buffers while requests are in
flight.
- Fix case mismatch.
- Drop note about not using stack variables. C programmers should be able
to figure out if a stack variable is safe based on the later warning
about the life cycle requirements of control blocks.
- Remove prohibition on modifying the I/O buffer for aio_fsync() since
it does not use an I/O buffer. For aio_mlock(), prohibit modifications
to the mapping (e.g. due to mprotect, munmap, mmap, etc.) but do not
prohibit modifications to the memory backing the buffer (stores into
the pages backing the buffer).
Approved by: re (kib)
|
| |
|
|
|
|
|
|
|
| |
Create namespace for the symbols added during 12-CURRENT cycle.
MFC r303795:
Add __cxa_thread_atexit(3) API implementation.
Approved by: re (gjb, bdrewery (?))
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pull in r262772 from upstream clang trunk (by Simon Pilgrim):
[X86] AMD Bobcat CPU (btver1) doesn't support XSAVE
btver1 is a SSSE3/SSE4a only CPU - it doesn't have AVX and doesn't
support XSAVE.
Differential Revision: http://reviews.llvm.org/D17682
Pull in r262782 from upstream llvm trunk (by Simon Pilgrim):
[X86] AMD Bobcat CPU (btver1) doesn't support XSAVE
btver1 is a SSSE3/SSE4a only CPU - it doesn't have AVX and doesn't
support XSAVE.
Differential Revision: http://reviews.llvm.org/D17683
This ensures clang does not emit AVX instructions for CPUTYPE=btver1.
Approved by: re (kib)
Reported by: Michel Depeige <demik+freebsd@lostwave.net>
PR: 211864
|
| |
|
|
|
|
|
|
|
| |
MFC r304288:
Garbage collect _umtx_lock(2)/_umtx_unlock(2) references removed in
r263318.
Approved by: re (gjb)
|
| |
|
|
|
|
|
| |
releng/11.0 branch. This reduces the size of the clang executable, and
improves its performance. Also bump FREEBSD_CC_VERSION.
Approved by: re (gjb)
|
| |
|
|
|
|
| |
Add link for getnetgrent_r(3).
Approved by: re (kib)
|
| |
|
|
|
|
|
|
|
|
| |
Mention that basename(3) and dirname(3) will change in the future.
Update the existing manual pages for basename(3) and dirname(3) to
mention that in future versions of FreeBSD, these functions will no
longer use internal buffers for storing the results.
Approved by: re@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to reflect the fact that pipe() is a wrapper around the pipe2()
system call.
Reviewed by: jhb, wblock
Sponsored by: DAPRA, AFRL
Change wording to use function rather than system call in the
description
as well.
Authored by: zeising
Reviewed by: brooks
Approved by: re (gjb)
Sponsored by: DAPRA, AFRL
|
| |
|
|
|
|
| |
Remove empty initializer for the once facility.
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The asynchronous I/O changes made previously result in different
behavior out of the box. Previously all AIO requests failed with
ENOSYS / SIGSYS unless aio.ko was explicitly loaded. Now, some AIO
requests complete and others ("unsafe" requests) fail with EOPNOTSUPP.
Reword the introductory paragraph in aio(4) to add a general
description of AIO before describing the vfs.aio.enable_unsafe sysctl.
Remove the ENOSYS error description from aio_fsync(2), aio_read(2),
and aio_write(2) and replace it with a description of EOPNOTSUPP.
Remove the ENOSYS error description from aio_mlock(2).
Log a message to the system log the first time a process requests an
"unsafe" AIO request that fails with EOPNOTSUPP. This is modeled on
the log message used for processes using the legacy pty devices.
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
libc: tag the rune initialization function prototypes visibility as hidden.
It is good practice to export as few symbols as possible from your shared
libraries, so use the GCC visibility attribute in this case, matching what
Apple's libc does.
Reference:
https://developer.apple.com/library/mac/documentation/DeveloperTools/Conceptual/CppRuntimeEnv/Articles/SymbolVisibility.html
Hinted by: Apple's libc 1082.20.4
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Add a sigevent(3) manpage to give a general overview of the sigevent
structure and the available notification mechanisms.
- Document that AIO requests contain a nested sigevent structure that can
be used to request completion notification.
- Expand the sigevent details in other manuals to note details such as
the extra values stored in a queued signal's information or in a posted
kevent.
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
| |
- Update aio_return/waitcomplete wrappers for the ssize_t return type.
- Fix the aio_return() wrapper to fail with EINVAL on a pending job.
This matches the semantics of the in-kernel system call. Also,
aio_return() returns errors via errno, not via the return value.
Approved by: re (gjb)
Sponsored by: Chelsio Communications
|
| |
|
|
|
|
|
|
|
| |
Revert 302324 and properly fix the crash with ISO-8859-5 locales
PR: 211135
Reported by: jkim
Tested by: jkim
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since r302216, thread suspension causes advisory file locks to restart
(instead of continuing to wait) and for a long time SA_RESTART has
affected advisory file locks. These are both not compliant to POSIX.1.
To clarify that restarting means something, add a paragraph about fair
queuing. Note that the network lock manager does not implement fair
queuing.
Reviewed by: kib (previous version)
Approved by: re (gjb)
|
| |
|
|
|
| |
Reported by: Lauri Tirkkonen from Illumos
Approved by: re@ (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r260553 added missing C++ typinfos to libcxxrt's version script.
It appears that a number of duplicate mangled symbols were added due to
a cut and paste error. Switch the second instances to _ZTS*,
typeinfo name for *.
Found by lld, which produces an error or warning for duplicate symbols.
Reviewed by: dim
Approved by: re (gjb)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7011
|
| |
|
|
|
|
|
|
|
| |
This fixes the build when DESTDIR may be blank or not yet populated.
It also fixes reproducibility.
Submitted by: brooks
Approved by: re (gjb)
Differential Revision: https://reviews.freebsd.org/D6455
|
| |
|
|
|
|
|
|
| |
(WITH_SYSTEM_COMPILER: Enable by default) and it's prerequisite: r300354,
caused i386 builds to fail when cross-built on an amd64 host.
Reviewed by: bdrewery, delphij, gjb
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
| |
of mkmagic and point its location.
Reported by: jenkins
Pointy hat to: delphij
MFC after: 2 weeks
X-MFC-With: 302221
Approved by: re (kib)
|
| |
|
|
|
|
| |
Relnotes: yes
MFC after: 2 weeks
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
| |
the return value, in particular console-kit-daemon.
Reported by: Ivan Klymenko <fidaj@ukr.net>
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
| |
adaptive mutex, return EDEADLK as required by POSIX. The
pthread_mutex_lock() is already compliant.
Tested by: Guy Yur <guyyur@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Approved by: re (gjb)
|
| |
|
|
|
|
| |
Approved by: re (marius)
PR: 210509
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
libusb(3) manual page.
Approved by: re (gjb)
Requested by: swills
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
value.
This eliminates the need for machine dependant assembly wrappers for
pipe(2).
It also make passing an invalid address to pipe(2) return EFAULT rather
than triggering a segfault. Document this behavior (which was already
true for pipe2(2), but undocumented).
Reviewed by: andrew
Approved by: re (gjb)
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D6815
|
| |
|
|
|
|
|
|
|
| |
libusb_hotplug_deregister_callback() for the LibUSB v1.0 API and
update the libusb(3) manual page.
Approved by: re (kib)
Requested by: swills
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
(vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
(vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
(vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes
Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader
MFC after: 1 week
Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by: re (kib)
|
| |
|
|
|
|
|
| |
Reviewed by: dim
Approved by: re (gjb)
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D6856
|
| |
|
|
|
| |
Approved by: re (gjb)
MFC after: 1 week
|
| |
|
|
|
|
| |
Approved by: re (kib)
Requested by: swills
MFC after: 1 week
|
| |
|
|
|
|
| |
Approved by: re (kostikbel)
Requested by: swills
MFC after: 1 week
|
| |
|
|
|
|
| |
Approved by: re (kostikbel)
Requested by: swills
MFC after: 1 week
|
| |
|
|
|
|
| |
Approved by: re (kostikbel)
Requested by: swills
MFC after: 1 week
|
| |
|
|
|
|
| |
Approved by: re (glebius)
Requested by: swills
MFC after: 1 week
|
| |
|
|
|
| |
Approved by: re (gjb)
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
| |
Approved by: re (delphij)
MFC after: 1 week
|
| |
|
|
|
|
|
| |
one of the descriptor which we just set.
Pointed out by: jilles
Approved by: re (hrs)
|
| |
|
|
|
|
|
|
|
|
| |
reset command, alternate setting command or set configuration
command. Else LibUSB v1.0 will not re-open the endpoints which the
kernel closes and the USB application might wait infinitely for
transfers to complete.
Approved by: re (hrs)
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The fix to the __collate_range_cmp() ABI breakage missed some replacements
in libc's vfscanf(). Replace them with __wcollate_range_cmp() which
does what is expected.
This was breaking applications like xterm and pidgin when using wide
characters.
Reported by: Vitalij Satanivskij
Approved by: re
|
| |
|
|
|
|
| |
xdr_rpcproc, xdr_rpcprog and xdr_rpcvers were broken in older
versions of FreeBSD but fixed in r296394. Give them some use
hoping they help make the code somewhat more readable.
|
| |
|
|
|
|
|
| |
Setting time by seconds or microseconds may cause unexpected effects
especially if sysctl vfs.timestamp_precision=3 (not default).
Calling the obsolete functions with NULL timestamps is acceptable.
|
| |
|
|
| |
MFC after: 1 month
|
| |
|
|
|
|
| |
xdr_rpcprog and xdr_rpcvers were broken in older versions of FreeBSD
but were fixed in r296394. Give them some use hoping they help make
the code somewhat more readable.
|
