| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Reviewed by: kp, scottl
Obtained from: pfsense
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31153
(cherry picked from commit 3f240bdf3652ea823af34b0f399e2c8be5a6320a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream one-true-awk decided to disallow hex strings as numbers. This
is in line with awk's behavior prior to C99, and allowed by the POSIX
standard. The standard, however, allows them to be treated as numbers
because that's what the standard said in the 2001 through 2004 editions.
Since 2001, the nawk in FreeBSD has treated them as numbers, so restore
that behavior, allowed by the standard.
A number of scripts in the FreeBSD tree depend on this interpretation,
including scripts to build the kernel which had mysteriously started
failing for some people and not others. By re-allowing 0x hex numbers,
this fixes those scripts and restores POLA.
Upstream issue: https://github.com/onetrueawk/awk/issues/126
Sponsored by: Netflix
Reviewed by: kevans
MFC After: asap due to regression alrady merged to stable
Differential Revision: https://reviews.freebsd.org/D31199
(cherry picked from commit d4d252c49976de33d0a2926df733744d0b8d95fa)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In FreeBSD 14 we will stop providing _p libraries (compiled with -pg).
[Note this is controlled by the target version. There is no change for
FreeBSD <= 13.]
Reviewed by: dim (upstream)
Obtained from: LLVM 699d47472c3f
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30861
(cherry picked from commit b762974cf4b9ea77f1decf4a6d829372f0a97f75)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following compile warning:
implicit declaration of function 'sysctlbyname' is invalid in C99
[-Wimplicit-function-declaration]
Found by: J87
Differential Revision: https://reviews.freebsd.org/D30484
Sponsored by: Mellanox Technologies // NVIDIA Networking
(cherry picked from commit 16fa3dcba027d13dcda9ee78e6057e3e5a79f80c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Import the latest bsd-features branch of the one-true-awk upstream:
o Move to bison for $YACC
o Set close-on-exec flag for file and pipe redirects that aren't std*
o lots of little fixes to modernize ocde base
o free sval member before setting it
o fix a bug where a{0,3} could match aaaa
o pull in systime and strftime from NetBSD awk
o pull in fixes from {Net,Free,Open}BSD (normalized our code with them)
o add BSD extensions and, or, xor, compl, lsheift, rshift (mostly a nop)
Also revert a few of the trivial FreeBSD changes that were done slightly
differently in the upstreaming process. Also, our PR database may have
been mined by upstream for these fixes, and Mikolaj Golub may deserve
credit for some of the fixes in this update.
Suggested by: Mikolaj Golub <to.my.trociny@gmail.com>
PR: 143363, 143365, 143368, 143369, 143373, 143375, 214783
Sponsored by: Netflix
(cherry picked from commit f39dd6a9784467f0db5886012b3f4b13899be6b8)
|
| |
|
|
|
|
|
|
|
|
|
| |
libpfctl supports creating rules, but not (yet) adding addresses to a
pool. Adding addresses certainly does not work through adding a rule.
PR: 256917
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 8923ea6c867fd75b08b76883ec122c429a4018f9)
|
| |
|
|
|
|
| |
Sponsored by: Netflix
(cherry picked from commit bf26ea77553931c22e72ddf1f9df6fb51fcbadfe)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I found this while running kdump(1) on a CheriBSD system due to a
capability length violation when printing the /etc/libmap.conf read()
system call: it crashed immediately after printing the first line.
Found by: CHERI
Reviewed By: jhb
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D30771
(cherry picked from commit 1a2f06d0f2905c9a18340b377cbbe772f2ca6844)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge commit 789708617d20 from llvm git (Koutheir Attouchi):
Do not generate calls to the 128-bit function __multi3() on 32-bit ARM
Re-applying this patch after bots failures. Should be fine now.
The function __multi3() is undefined on 32-bit ARM, so a call to it should
never be emitted. Instead, plain instructions need to be generated to
perform 128-bit multiplications.
Differential Revision: https://reviews.llvm.org/D103906
Reported by: mmel
(cherry picked from commit 014a40f8f643a5dad6a6ba5c4bf6ea5d4f445fe6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge commit c8227f06b335 from llvm git (by Arthur Eubanks):
[clang] Don't assert in EmitAggregateCopy on trivial_abi types
Fixes PR42961.
Reviewed By: rnk
Differential Revision: https://reviews.llvm.org/D97872
PR: 256721, 255570
Reported by: jbeich
(cherry picked from commit e7e517981a6591c79fb49cd8810361b0f3ad5983)
|
| |
|
|
|
|
|
|
| |
Merge commit '0511e356f5e2106928ee352ee974d1470c860a9a' into new_merge
Changes at https://www.sqlite.org/releaselog/3_35_5.html.
(cherry picked from commit ce9de47260d4edc963a94140789e4a52642c28e6)
|
| |
|
|
| |
(cherry picked from commit 25cdacf79b06356c929e59d5074d26c9dac41bdf)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge commit 99eca1bd9c7a from llvm git (by Mark Johnston):
[Driver] Enable kernel address and memory sanitizers on FreeBSD
Test Plan: using kernel ASAN and MSAN implementations in FreeBSD
Reviewed By: emaste, dim, arichardson
Differential Revision: https://reviews.llvm.org/D98286
Merge commit f511dc75e4c1 from llvm git (by Mark Johnston):
[asan] Add an offset for the kernel address sanitizer on FreeBSD
This is based on a port of the sanitizer runtime to the FreeBSD kernel
that has been commited as https://cgit.freebsd.org/src/commit/?id=38da497a4dfcf1979c8c2b0e9f3fa0564035c147
and the following commits.
Reviewed By: emaste, dim
Differential Revision: https://reviews.llvm.org/D98285
Requested by: markj
MFC after: 3 days
(cherry picked from commit 1b00608b264f1fac846e571e23d8ef7134834638)
|
| |
|
|
|
|
|
|
|
| |
Update unbound 1.13.0 --> 1.13.1.
Includes numerous bugfixes documented at:
https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-13-1
(cherry picked from commit f44e67d120ad78ef7894241b519ee79fd190a16e)
|
| |
|
|
|
|
| |
Merge commit '174d8b60324d7e8754709f7155e13ca95220b48c' into main.
(cherry picked from commit 6560ac57ce879857203bc456cdc3849808dc0700)
|
| |
|
|
|
|
|
|
|
| |
Remove makefiles, configure files and unused at build time files
to reduce the diff size. Otherwise the diff contains a lot of
unnecessary lines what makes reviewing and merging proccess so hard,
especially for re@.
(cherry picked from commit 6190ff6104aed4cd753019325a252c4d66495b5e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge commit '2858419a0ee2b8f5827de72c00618bcd69ebc5fc'
This update fixes the initialization of "scale" to 20 if started with
-l and the initial statement leads to an error (e.g. contains a syntax
error). Scale was initialized to 0 in that case.
Another change is the support of job control in interactive mode with
line editing enabled. The control characters have been interpreted as
editing commands only, prior to this version.
(cherry picked from commit 8c39e25220bb88cd027d0c3b0fe86e52f6abd150)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update adds a flush() of the output buffer to the bc print
command.
(cherry picked from commit 8ea9013512494c9f035afa1ffa1e199b44c7904f)
Synch index of contrib/bc with what is in workdir after cloning.
From a workdir perspective this should be a no-op.
See also:
https://lists.freebsd.org/pipermail/freebsd-current/2021-April/079569.html
(cherry picked from commit a0358e3d5184950b4316f105eb292cbafdea208b)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This diff primarily adds/removes flags to make the tests compatible with
sort. Two tests are removed. One test is changed to expect fail due to
a bug.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30217
(cherry picked from commit f9e565abca9b5880fe3203ba67c90eaf3e906e95)
|
| |
|
|
|
|
|
|
|
|
| |
Use pfctl_kill_states() rather than the DIOCKILLSTATES ioctl directly.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30057
(cherry picked from commit 2b2ed4a69730be72f792179d57dedf2945b3d1aa)
|
| |
|
|
|
|
|
|
|
|
| |
Upstream flex has added a yynoreturn macro, so this diff is no longer
needed. Partially reverts r181269.
Reviewed By: jkim
Differential Revision: https://reviews.freebsd.org/D29679
(cherry picked from commit d37f81e35b6e8f114b04315e06bab2cf0c03946c)
|
| |
|
|
|
|
|
|
| |
(cherry picked from commit 50d31dbc6e2bc3aa6007edb8cdecbcb84e85d6c0)
less: upgrade to v581.
(cherry picked from commit 2235c7feac959bcc9ddfd6a2bc6be32102b1f84c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Stop using the kernel's struct pf_rule, switch to libpfctl's pfctl_rule.
Now that we use nvlists to communicate with the kernel these structures
can be fully decoupled.
Reviewed by: glebius
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29644
(cherry picked from commit e9eb09414a8de8f3329f51b48c90a5e5ac8f09cf)
|
| |
|
|
|
|
|
|
|
| |
Reviewed by: glebius
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29641
(cherry picked from commit 95be9288f01f30a50440ea56d11468a2c6e18fed)
|
| |
|
|
| |
(cherry picked from commit 048488c0c4e47aa2aac9709b18d7da14b06f78cd)
|
| |
|
|
|
| |
(cherry picked from commit f9a159da2a292968cd5c37b56a6c43b6af8c5eed)
(cherry picked from commit 19318a62d7f8cfe2f0f5c24178fa33e8844ae5d1)
|
| |
|
|
| |
(cherry picked from commit a0409676120c1e558d0ade943019934e0f15118d)
|
| |
|
|
|
|
|
| |
Note araujo tried to fix it in r298241 but he only touched generated
files for bootstrap. This commit properly fixes the problem.
(cherry picked from commit 34e67bb5977049afb3e965b52b86ac12ea4899b4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU readelf exits with an error for a number of invalid file cases.
Previously ELF Tool Chain readelf always exited with 0. Now we exit 1
upon detecting an error with one or more input files, but in any case
all of them are processed.
This should catch common failure cases. We still do not report an error
for some types of malformed ELF files, but this is consistent with GNU
readelf.
PR: 252727
Reviewed by: jkoshy, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29377
(cherry picked from commit ea444392bb5b351c930f28a02a4e68f51b25ba69)
|
| |
|
|
|
|
| |
The only change needed is to mark a few variables as static.
(cherry picked from commit 87d65c747a4389901c2bbbcb1ec4878b2df7b32c)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It appears that the stackframe layout can be slightly different depending on
compiler and target architecture. For example, when using CHERI LLVM for RISC-V
we can actually overflow the buffer by up to 8 bytes without SSP detecting it.
Fix this by increasing the overflow to 15 bytes.
Reviewed By: ngie, emaste
Differential Revision: https://reviews.freebsd.org/D28997
(cherry picked from commit c88c1f23a8989b881a5ca51223289ddb4ce74277)
|
| |
|
|
|
|
|
|
|
|
|
| |
I did this without a full vendor update since that would cause too many
conflicts. Since these files now almost match the NetBSD sources the
next git subtree merge should work just fine.
Reviewed By: lwhsu
Differential Revision: https://reviews.freebsd.org/D28797
(cherry picked from commit 1ec3feb64826d2a43d41e74684690985bf20e71c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This version fixes an issue (missing pop of top-of-stack value in the
"P" command of the dc program).
This issue did not affect the bc program, since it does not use dc as
an back-end to actually perform the calculations as was the case with
the traditional bc and dc programs.
The major number has been bumped due to Windows support that has been
added to this version. It does not correspond to a major change that
might affect FreeBSD.
(cherry picked from commit b55a927bc884d7780d65a508572023b0dc2dede9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libarchive: Apply upstream commit a1b7bf8013fb7a11a486794247daae592db6f5ae
This fixes the failing test_read_append_filter_wrong_program test in CI
which has been failing since 01-Dec-2020.
Commit message from https://github.com/libarchive/libarchive/commit/a1b7bf8013fb7a11a486794247daae592db6f5ae
Silence stderr in test_read_append_filter_program
When the FreeBSD testsuite runs the libarchive tests it checks that stderr
is empty. Since #1382 this is no longer the case. This change restores
the behaviour of silencing bunzip2 stderr but doesn't bring back the
output text check.
Partially reverts 2e7aa5d9
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D29036
(cherry picked from commit 2bca8aa7a79ad2b6683e8f5a5c373de81c5baca2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
3a509754ded1 removed the color field from our definition, but libevent1
has a copy of it off to the side to prevent event.h consumers from
*needing* to pull in sys/queue.h and sys/tree.h.
Update the event.h definition so that we don't accidentally end up with
two different views of struct event.
This appears to have no functional effect on anything in tree, but this
came up in a local patch to port if_switch(4) and related components
from OpenBSD.
(cherry picked from commit 64c01719e476923fe1b24e5a6c6012a677cd017f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently macOS and DragonFlyBSD get their own special case and only
handle x86. Since all the FreeBSD cases should be general enough for
macOS and DragonFlyBSD (and the x86 ones are identical to the existing
ones) we can just delete the special cases and reuse the FreeBSD ones.
Note that upstream has since removed all the architecture-specific
checks in this file, with the only code relevant to us being an
endianness check that uses the generic compiler-provided macros. Thus
this patch will not be upstreamed, and will be dropped in a future
vendor import.
(cherry picked from commit 839fdcfc0c1dba34f728813d9756515ad82ff58a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wpa: import fix for P2P provision discovery processing vulnerability
Latest version available from: https://w1.fi/security/2021-1/
Vulnerability
A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.
Vulnerable versions/configurations
wpa_supplicant v1.0-v2.9 with CONFIG_P2P build option enabled
An attacker (or a system controlled by the attacker) needs to be within
radio range of the vulnerable system to send a set of suitably
constructed management frames that trigger the corner case to be reached
in the management of the P2P peer table.
Note: FreeBSD base does not enable P2P.
(cherry picked from commit eeb26cf52c4c51e1571253d57684c442aa79a98d)
|
| |
|
|
|
|
|
|
| |
This update performs an implicit flush of the output when a script
calls read() in case a prompt is to be displayed in line-buffered
output mode.
(cherry picked from commit 893ecb52db5ed47d6c1e8698334d34e0df651612)
|
| |
|
|
|
|
| |
PR: 252663
(cherry picked from commit 5224c2a3bc95b431f729f3692f264395248d8acc)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the tests to check O_RESOLVE_BENEATH instead.
If this looks reasonable, I'll try to upstream this change.
This keeps a compat fallback for O_BENEATH since the Linux port still
has/had O_BENEATH with "no .., no absolute paths" semantics.
Test Plan: `/usr/tests/sys/capsicum/capsicum-test -u 977` passes and
runs the O_RESOLVE_BENEATH tests.
Reviewed By: markj
Differential Revision: https://reviews.freebsd.org/D29016
(cherry picked from commit 8cf5812af4b7f4933983822ff8e1e9185818fbef)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently GCC defines NULL to 0 in C++11 mode (instead of nullptr), so
this causes the following error:
```
In file included from capsicum-test.h:15,
from capsicum-test.cc:1:
gtest-1.10.0/include/gtest/gtest.h: In instantiation of 'testing::AssertionResult testing::internal::CmpHelperNE(const char*, const char*, const T1&, const T2&) [with T1 = long int; T2 = procstat*]':
capsicum-test.cc:75:3: required from here
gtest-1.10.0/include/gtest/gtest.h:1621:28: error: ISO C++ forbids comparison between pointer and integer [-fpermissive]
1609 | if (val1 op val2) {\
| ~~~~~~~~~~~~
......
1621 | GTEST_IMPL_CMP_HELPER_(NE, !=);
gtest-1.10.0/include/gtest/gtest.h:1609:12: note: in definition of macro 'GTEST_IMPL_CMP_HELPER_'
1609 | if (val1 op val2) {\
| ^~
```
Fix this by using nullptr directly.
Submitted upstream as https://github.com/google/capsicum-test/pull/56
Reported by: Jenkins CI
(cherry picked from commit 47ceb65f3c213904642f4859a53a3139e9cb287d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes various fixes that I submitted recently such as updating the
pdkill() tests for the actual implemented behaviour
(https://github.com/google/capsicum-test/pull/53) and lots of changes to
avoid calling sleep() and replacing it with reliable synchronization
(pull requests 49,51,52,53,54). This should make the testsuite more reliable
when running on Jenkins. Additionally, process status is now retrieved using
libprocstat instead of running `ps` and parsing the output
(https://github.com/google/capsicum-test/pull/50). This fixes one previously
failing test and speeds up execution.
Overall, this update reduces the total runtime from ~60s to about 4-5 seconds.
(cherry picked from commit 955a3f9ad586f38395e66127f9f2f4afbf3d5a94)
|
| |
|
|
|
|
|
| |
This includes changes to use GTEST_SKIP() instead of the local hand-rolled
mechanism as well as a few minor cleanups.
(cherry picked from commit 2d936e6c99ad1c4fb01f6c99a96dcc924ee44b9d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the closefrom test in sys/audit.
Includes cherry-picks of the following commits from openbsm:
https://github.com/openbsm/openbsm/commit/4dfc628aafe589d68848f7033f3d3488c4d979e0
https://github.com/openbsm/openbsm/commit/99ff6fe32aebc5a4b8d40d60062b8574697df557
https://github.com/openbsm/openbsm/commit/da48a0399e95448693d3fa2be48454ca564c1be8
Reviewed By: kevans
Differential Revision: https://reviews.freebsd.org/D28388
(cherry picked from commit fa32350347b4e351a144b5423f0fb2ca9d67f4ca)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since https://github.com/freebsd/atf/commit/4581cefc1e3811dd3c926b5dd4b15fd63d2e19da
ATF opens the results file on startup. This fixes problems like
capsicumized tests not being able to open the file on exit.
However, this test closes all file descriptors above 3 to get a
deterministic fd table allocation for the child. Instead of using closefrom
(which will close the ATF output file FD) I've changed this test use
the lowest available fd and pass that to the helper program as a string.
We could also try to re-open the results file in ATF if we get a EBADF
error, but that will fail when running under Capsicum.
Reviewed By: cem
Differential Revision: https://reviews.freebsd.org/D28684
(cherry picked from commit 2aa3ef285a23d802f0bd6c7281612e16834e9b68)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since https://github.com/freebsd/atf/commit/4581cefc1e3811dd3c926b5dd4b15fd63d2e19da
ATF opens the results file on startup. This fixes problems like
capsicumized tests not being able to open the file on exit.
However, this test closes all file descriptors just to check that
socketpair returns fd 3+4 and thereby also closes the ATF results file.
This then results in an EBADF when writing the result so the test is
reported as broken.
While system calls that create new file descriptors (must?) use the lowest
available file descriptor number, it does not seem useful to test this
property here. Drop the check for FD==3/4 to unbreak the testsuite.
We could also try to re-open the results file in ATF if we get a EBADF
error, but that will fail when running under Capsicum.
Reviewed By: cem
Differential Revision: https://reviews.freebsd.org/D28683
(cherry picked from commit 10fc4c3218381fef7189a5b8d46a757cd1989dff)
|
| |
|
|
|
|
|
|
| |
This includes improvements to the atf-sh helper functions that
significantly reduce the number of spawned processes for each test
and therefore speeds up running the testsuite noticeably.
(cherry picked from commit c203bd70b5957f85616424b6fa374479372d06e3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rpc_control() API does not accept the CLCR_SET_RPCB_TIMEOUT command,
it only accepts RPC_SVC_CONNMAXREC_GET/RPC_SVC_CONNMAXREC_SET, so it was
not doing anything.
Instead of incorrectly calling this API, use clnt_create_timed() instead.
I noticed this because the test was timing out after 120s in the CheriBSD CI.
Reviewed By: ngie
Differential Revision: https://reviews.freebsd.org/D28478
(cherry picked from commit 90b5fc95832da64a5f56295e687379732c33718f)
|
| |
|
|
|
|
|
|
|
|
| |
SVN r343917 fixed this for in-tree clang, but when building with a newer
out-of-tree clang the test was still marked as XFAIL.
Reviewed By: dim
Differential Revision: https://reviews.freebsd.org/D28390
(cherry picked from commit 83ff5d5d98cbcf9b66dccd70022358aec8918a14)
|
| |
|
|
|
|
|
|
|
|
|
| |
Looking at lib/csu/arm/crt1_s.S, this should be a string and therefore the
restriction to 4 characters seems wrong.
Found whle updating https://reviews.llvm.org/D74393.
Reviewed By: emaste
Differential Revision: https://reviews.freebsd.org/D28470
(cherry picked from commit 2a39919364b5368e026f656ff41861a3fdd56110)
|
