HardenedBSD/hardenedbsd a906febsys/vm vm_unix.c

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+0-5sys/vm/vm_unix.c
+0-51 files

HardenedBSD/hardenedbsd 887d9e4lib/libcasper/services/cap_sysctl cap_sysctl.c cap_sysctl.3, lib/libcasper/services/cap_sysctl/tests sysctl_test.c

Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master

Conflicts:
        sys/vm/vm_unix.c (unresolved)

LLVM/llvm 361284llvm/trunk/lib/CodeGen/SelectionDAG SelectionDAGBuilder.cpp

[SelectionDAG] remove redundant code; NFCI

getNode() squashes concatenation of undefs via FoldCONCAT_VECTORS():
  // Concat of UNDEFs is UNDEF.
  if (llvm::all_of(Ops, [](SDValue Op) { return Op.isUndef(); }))
    return DAG.getUNDEF(VT);

FreeNAS/freenas 9f23b21src/middlewared/middlewared/etc_files rc.conf.py, src/middlewared/middlewared/plugins service.py

Setup OpenVPN Client as a service

This commit introduces changes where we add the capability of starting openvpn client from 
middlewared as a service and also generating relevant rc.conf bits.

FreeNAS/freenas 2bb8b55src/freenas/etc/ix.rc.d ix-etc, src/middlewared/middlewared/etc_files/local/nginx nginx.conf

Get dhparams path and cover usages

This commit introduces changes so crypto plugin returns the path for dhparam.pem file and 
covers it's usages to make sure we don't hardcode the value and use the new method.

FreeNAS/freenas 0693216src/middlewared/middlewared/plugins crypto.py

Generate CRL

This commit adds a method to cryptokey service which enables us to generate a CRL for a 
list of certs using provided ca. There's a tricky situation here as to what happens if the 
root CA is compromised ? In normal world scenarios, that CA is removed from app's trust 
store and any subsequent certs it had issues wouldn't be validated by the app then. Making 
a CRL for a revoked root CA in normal cases doesn't make sense as the thief can sign a 
counter CRL saying that everything is fine. As our environment is controlled, i think we 
are safe to create a crl for root CA as well which we can publish for services which make 
use of it i.e openvpn and they'll know that the certs/ca's have been compromised.

FreeNAS/freenas 895c45agui/system models.py, gui/system/migrations 0044_revoked_field.py

Migrations for revoked field

This commit adds migrations for fields which will help us revoke certificates and generate 
Certificate Revocation Lists.

FreeNAS/freenas 1a38bd0src/middlewared/middlewared/etc_files/local/openvpn/client openvpn_client.conf, src/middlewared/middlewared/plugins etc.py

Generate OpenVPN Client config file

This commit adds changes which give us the ability to generate openvpn client 
configuration file.

FreeNAS/freenas 06bde0csrc/middlewared/middlewared/plugins crypto.py

Retrieve CA chain

This commit adds a generic method which will be used internally to gather ca chain.

FreeNAS/freenas eec0c28src/middlewared/middlewared/plugins crypto.py

Periodically keep ssl up to date

This commit makes sure that we keep ssl related changes up to date by making sure that we 
generate all the ssl related files after a 24 hour window.

FreeNAS/freenas aceb8f1src/middlewared/middlewared/etc_files/local/openvpn/server openvpn_server.conf, src/middlewared/middlewared/plugins service.py

Generate openvpn-server config file on ca revocation

This commit introduces a change where we generate openvpn-server file again each time 
changes are introduced to crypto services. This is necessary because it ensures that crl 
file for ca which openvpn server is using always remains up to date. It is however not 
necessary to reload/restart openvpn server when we generate the config file again because 
it automatically picks up that change for crl.

FreeNAS/freenas 17955e6src/middlewared/middlewared/plugins vpn.py

Normalize OpenVPN config

This commit normalizes openvpn.(client/server).config method making sure that we only show 
ids for foreign keys.

FreeNAS/freenas 1fb26b2src/middlewared/middlewared/plugins crypto.py

Revoke Certificate

This commit makes sure we are able to mark a certificate as revoked.

FreeNAS/freenas bface70src/middlewared/middlewared/plugins etc.py

Create etc plugin's group directory

In case the parent directories where the group's conf file is to be written, do not exist, 
we create them automatically.

FreeNAS/freenas 68e9d03src/middlewared/middlewared/plugins crypto.py

Revoke CA chain

When a CA is marked as revoked, we revoke the complete chain which starts off from that 
CA.

FreeNAS/freenas 38e43c7src/middlewared/middlewared/etc_files rc.conf.py, src/middlewared/middlewared/plugins service.py

Setup OpenVPN Server as a service

This commit introduces changes where we add the capability of starting openvpn server from 
middlewared as a service and also generating relevant rc.conf bits.

FreeNAS/freenas ef9b444src/middlewared/middlewared/plugins vpn.py

Generate OpenVPN Static Key

This commit adds ability for the end user to authenticate/encrypt all control channel 
packets with a static key which OpenVPN generates.

FreeNAS/freenas b88f5ccsrc/middlewared/middlewared/etc_files/local/openvpn/server openvpn_server.conf, src/middlewared/middlewared/plugins etc.py

Generate OpenVPN Server config file

This commit adds changes which give us the ability to generate openvpn server 
configuration file.

FreeNAS/freenas e818d92src/middlewared/middlewared/plugins vpn.py

Validate Server Config

This commit adds a method which can be called before we start OpenVPN server making sure 
that OpenVPN Server does not run with a misconfigured file resulting in further woes for 
the user. This will raise a CallError if the settings are not as they should be for 
OpenVPN server and we can skip generating the openvpn server file which will result in 
failure to start for the service.

FreeNAS/freenas b1c901csrc/middlewared/middlewared/etc_files generate_ssl_certs.py, src/middlewared/middlewared/plugins crypto.py

Write CRL to file

This commit makes sure that each time changes are introduced to a cert/ca wrt revocation 
status, we make a CRL for each ca and write it out respectively so that the services 
making use of it have an updated version.

FreeNAS/freenas 146f85fsrc/middlewared/middlewared/etc_files/local/openvpn/client openvpn_client.conf, src/middlewared/middlewared/etc_files/local/openvpn/server openvpn_server.conf

Generate inline OpenVPN static key in configurations

This commit introduces changes so that we add the generated OpenVPN static key inline in 
the respective server/client conf file.

FreeNAS/freenas e976700src/middlewared/middlewared/plugins vpn.py

Validate Client Config

This commit adds a method which can be called before we start OpenVPN client making sure 
that OpenVPN Client does not run with a misconfigured file resulting in further woes for 
the user. This will raise a CallError if the settings are not as they should be for 
OpenVPN client and we can skip generating the openvpn client file which will result in 
failure to start for the service.

FreeNAS/freenas ab0aba8src/middlewared/middlewared/plugins vpn.py

Link rc scripts for server/client

This commit makes sure that when middlewared starts, we link openvpn rc script for the 
respective OpenVPN server/client service.

FreeNAS/freenas 009f548src/middlewared/middlewared/etc_files/local/openvpn/server openvpn_server.conf, src/middlewared/middlewared/plugins vpn.py

IPv6 support

This commit adds ipv6 support for running OpenVPN Server.

FreeNAS/freenas d26fc78src/middlewared/middlewared/plugins crypto.py

Add Profiles for Certificate Service

This commit adds profiles for OpenVPN server/client certificates in Certificate Service 
making it easier to generate correct certs for the respective use cases ( openvpn 
server/client ).

FreeNAS/freenas 3f2f2bbsrc/middlewared/middlewared schema.py

Update list schema to correctly validate/clean items

This commit updates List schema to correctly validate/clean items when the length provided 
for items is more then one. The motivation behind the changes is that we should validate 
the given values in the list with all of the schemas provided in items and if we have a 
positive match for any one of it, we should allow that value in the list.

FreeNAS/freenas 9f3e988src/middlewared/middlewared/plugins vpn.py

Add validation for OpenVPN Server

This commit adds validation for OpenVPN Server Service.

FreeNAS/freenas 6153555src/middlewared/middlewared/plugins crypto.py

Retrieve certificate extensions

This commit makes sure that we are able to retrieve certificate extensions from underlying 
cryptography module and it also provides a method which exposes these extensions. We right 
now don't support all of those, primarily because we don't have a need to do that and it 
requires a lot more work making sure that the parameters for each extension type are 
correct and of the correct type.

FreeNAS/freenas b29c676src/middlewared/middlewared/plugins vpn.py

Expose ciphers/digests

This commit makes sure that valid ciphers/digests are exposed by openvpn services so the 
user can correctly choose which one to use.

FreeNAS/freenas a6a467bsrc/middlewared/middlewared/plugins crypto.py

Add CA profile for OpenVPN root CA

This commit introduces the concepts of profiles in certificate management. The idea is 
that we expose a set of prefilled fields which we consider safe for basic use. Each 
profile is tailored for a specific use case. Right now this commit introduces a profile 
for OpenVPN root CA exposing basic cert extensions and some other fields which the user 
can use to build his payload for creating a root CA. The UI can also make use of this by 
allowing user to select a profile and filling those fields beforehand so the user does not 
has to know the finer details of everything and if he does, then that means his use case 
is complex and he can change the fields to as he wishes.

FreeNAS/freenas fbfd292src/middlewared/middlewared/plugins crypto.py

Generate certs/ca's with user defined extensions

This commit adds ability to generate certs/ca's with user defined extensions in the 
CryptoKeyService.

FreeNAS/freenas ec7ad65src/middlewared/middlewared/plugins crypto.py

Add support for AuthorityKeyIdentifier extension

This commit adds support for AuthorityKeyIdentifier extension and also refines how we 
convert/retrieve params for extensions.

FreeNAS/freenas cd88b2dsrc/middlewared/middlewared/plugins crypto.py

Deletion checks for OpenVPN certs/ca's

This commit adds checks to ensure that we don't allow to delete a certificate/ca which is 
being used by openvpn server/client.

FreeNAS/freenas dfa3d7dsrc/middlewared/middlewared/plugins vpn.py

Require PKI to be setup before configuring OpenVPN

This commit adds some checks which make sure that we require PKI to be setup before 
configuring either OpenVPN service ( client / server ).

FreeNAS/freenas c7ae221src/middlewared/middlewared/plugins vpn.py

Add validation for OpenVPN Client

This commit adds validation for OpenVPN Client Service.

FreeNAS/freenas 8d7e9f2src/middlewared/middlewared/plugins crypto.py

Ensure certificate/ca service are able to use extensions

This commit makes sure that certificate/ca services work with the extension changes 
introduced.

FreeNAS/freenas c48d9a4src/middlewared/middlewared/plugins crypto.py

Add validation for cert extensions

This commit adds validation for cert extensions making use of cryptography module to 
actually validate the values and raising it above if it fails.

FreeNAS/freenas 71fdbfasrc/middlewared/middlewared/plugins vpn.py

Common Validation for OpenVPN Services

This commit adds common validation for OpenVPN services.

FreeNAS/freenas a1fbd61src/middlewared/middlewared/plugins vpn.py

Expose valid digest algorithms

This commit adds ability to retrieve valid digest algorithms supported by openvpn and 
exposed them to vpn plugin.

FreeNAS/freenas 96eaed6src/middlewared/middlewared/plugins vpn.py

Expose valid ciphers

This commit adds ability to retrieve valid ciphers supported by openvpn and exposed them 
to vpn plugin.

FreeNAS/freenas eedb3fbsrc/middlewared/middlewared/plugins vpn.py

Initial commit for VPN plugin

This commit adds basic classes and update method's schema to OpenVPN client/server 
services.

FreeNAS/freenas 69afd44gui/services models.py, gui/services/migrations 0032_openvpn_models.py

Add OpenVPN models

This commit adds openvpn models and migrations.

OPNSense/core 446caa9src/www status_dhcp_leases.php

dhcp/leases, simplify interface lookup and make it more consistent. should fix 
https://github.com/opnsense/core/issues/3487

LLVM/llvm 361283cfe/trunk/lib/CodeGen CodeGenModule.cpp, cfe/trunk/test/OpenMP nvptx_declare_target_var_ctor_dtor_codegen.cpp nvptx_allocate_codegen.cpp

[OPENMP]Use the attributes for dso locality when building for device.

Currently, we ignore all dso locality attributes/info when building for
the device and thus all symblos are externally visible and can be
preemted at the runtime. It may lead to incorrect results. We need to
follow the same logic, compiler uses for static/pie builds.

LLVM/llvm 361282llvm/trunk/cmake config-ix.cmake

[cmake] Bug in r361281: make include optional and fix typo which might make a difference 
on some systems.

DragonFlyBSD/dports 00adfe4www/firefox-esr distinfo Makefile, www/firefox-esr/files patch-a-bug1502799

Update www/firefox-esr to version 60.7.0_1,1

FreeBSD/src 348058head/sys/compat/linux linux_socket.c

Do not leak sa in linux_recvmsg() call if kern_recvit() fails.

MFC after:      1 week

FreeBSD/src 348057head/sys/compat/linux linux_socket.c

Do not use uninitialised sa.

Reported by:    tijl@
MFC after:      1 week

FreeBSD/ports 502233head/devel/rubygem-ffi distinfo Makefile

FreeBSD/ports 502232head/devel/rubygem-aws-sdk-resources distinfo Makefile