Displaying 1 50 of 254,771 commits (0.018s)

HardenedBSD — sys/compat/linux linux_ioctl.h

Style(9) whitespace fix.

MFC after:        1 week
Delta File
+1 -1 sys/compat/linux/linux_ioctl.h
+1 -1 1 file

HardenedBSD — sys/sys blist.h

MFC r319756
  Style and comment fixes
Delta File
+8 -8 sys/sys/blist.h
+8 -8 1 file

HardenedBSD — sys/amd64/amd64 pmap.c, sys/i386/i386 pmap.c

MFC r320546
  When "force" is specified to pmap_invalidate_cache_range(), the given
  start address is not required to be page aligned.  However, the loop
  within pmap_invalidate_cache_range() that performs the actual cache
  line invalidations requires that the starting address be truncated to
  a multiple of the cache line size.  This change corrects an error in
  that truncation.
Delta File
+1 -1 sys/amd64/amd64/pmap.c
+1 -1 sys/i386/i386/pmap.c
+2 -2 2 files

HardenedBSD — sys/kern uipc_shm.c

MFC r315621
  Use IDX_TO_OFF(), not ptoa(), when converting the difference between two
  vm_pindex_t's into a vm_ooffset_t.

  The length given to shm_dotruncate() must never be negative.  Assert this.

  Tidy up a comment.
Delta File
+4 -3 sys/kern/uipc_shm.c
+4 -3 1 file

HardenedBSD — sys/kern kern_exec.c, sys/vm vm_map.c

MFC r320498
  Clear the MAP_WIREFUTURE flag on the vm map in exec_new_vmspace() when it
  recycles the current vm space.  Otherwise, an mlockall(MCL_FUTURE) could
  still be in effect on the process after an execve(2), which violates the
  specification for mlockall(2).

  It's pointless for vm_map_stack() to check the MEMLOCK limit.  It will
  never be asked to wire the stack.  Moreover, it doesn't even implement
  wiring of the stack.
Delta File
+6 -8 sys/vm/vm_map.c
+4 -0 sys/kern/kern_exec.c
+10 -8 2 files

HardenedBSD — usr.sbin/hbsd-update hbsd-update

HBSD: Do better checking for beadm

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
MFC-to:                10-STABLE
MFC-to:                11-STABLE
Delta File
+5 -5 usr.sbin/hbsd-update/hbsd-update
+5 -5 1 file

HardenedBSD — usr.sbin/hbsd-update hbsd-update

HBSD: Add -n to hbsd-update usage

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
MFC-to:                10-STABLE
MFC-to:                11-STABLE
Delta File
+1 -0 usr.sbin/hbsd-update/hbsd-update
+1 -0 1 file

HardenedBSD — sys/sys proc.h

HBSD: Resolve merge conflict

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
Delta File
+0 -5 sys/sys/proc.h
+0 -5 1 file

HardenedBSD — secure/lib/libtls Makefile

HBSD: Align libtls shlib version with upstream

Signed-off-by: Bernard Spil <bernard.spil at hardenedbsd.org>
Delta File
+1 -1 secure/lib/libtls/Makefile
+1 -1 1 file

HardenedBSD — secure/lib/libtls Makefile

HBSD: Bump libtls shared object major number

This was forgotten during the LibreSSL 2.5 import.

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
github-issue:        #272
Delta File
+1 -1 secure/lib/libtls/Makefile
+1 -1 1 file

HardenedBSD — lib/librt aio.c Symbol.map, tests/sys/aio lio_test.c

Implement SIGEV_THREAD notifications for lio_listio(2)

Our man pages have always indicated that this was supported, but in fact the
feature was never implemented for lio_listio(2).

Reviewed by:        jhb, kib (earlier version)
MFC after:        20 days
Sponsored by:        Spectra Logic Corp
Differential Revision:        https://reviews.freebsd.org/D11680

HardenedBSD — share/mk bsd.sys.mk

Add warning flags for GCC 7.1.0 compiler.

Sponsored by:        DARPA, AFRL
Delta File
+17 -0 share/mk/bsd.sys.mk
+17 -0 1 file

HardenedBSD — usr.sbin/bsdinstall/scripts hardening

HBSD: Resolve merge conflict

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX

HardenedBSD — usr.sbin/bsdinstall/scripts hardening

Remove stack guard option from hardening menu.

Since kib's change the stack guard is now ON by default,
this option in hardening menu of bsdinstall is no longer needed.

Submitted by:        Bartlomiej Rutkowski <robak at FreeBSD.org>
Reviewed by:        bapt
Approved by:        bapt
MFC after:        1 day
Sponsored by:        Pixeware LTD
Differential Revision:        https://reviews.freebsd.org/D11686

HardenedBSD — sys/kern uipc_socket.c

Fix getsockopt() for listening sockets when using SO_SNDBUF, SO_RCVBUF,
SO_SNDLOWAT, SO_RCVLOWAT. Since r31972 it only worked for non-listening
sockets.

Sponsored by:        Netflix, Inc.
Delta File
+8 -4 sys/kern/uipc_socket.c
+8 -4 1 file

HardenedBSD — sys/amd64/include proc.h, sys/arm64/include proc.h

MFC r319871:
Make struct syscall_args visible to userspace compilation environment
from machine/proc.h, consistently on all architectures.

HardenedBSD — sys/vm vm_map.c

MFC r321173:
Convert assertion that only vmspace owner grows the stack, into a
check blocking grow from other processes accesses.

MFC r321230:
Disable stack growth when accessed by AIO daemons.
Delta File
+9 -1 sys/vm/vm_map.c
+9 -1 1 file

HardenedBSD — sys/compat/freebsd32 freebsd32_util.h, sys/kern uipc_mqueue.c capabilities.conf

MFC r320982:
Correct sysent flags for dynamically loaded syscalls.

HardenedBSD — sys/netpfil/ipfw ip_fw_table.c

Fix a couple of typos in a comment.

MFC after:        1 week
Sponsored by:        Rubicon Communications, LLC (Netgate)
Delta File
+1 -1 sys/netpfil/ipfw/ip_fw_table.c
+1 -1 1 file

HardenedBSD — contrib/netbsd-tests/lib/libc/regex/data subexp.in

Add regression test for recent regex(3) breakage

BREs recently became prematurely sensitive to the branching operator, which
outright broke expressions that used it instead of failing silently. Test
that \| is matching a literal | for the time being.

Reviewed by:        cem, emaste, ngie
Approved by:        emaste (mentor)
Differential Revision:        https://reviews.freebsd.org/D11577

HardenedBSD — sys/fs/nfsclient nfs_clrpcops.c

r320062 introduced a bug when doing NFSv4.1 mounts against some non-FreeBSD servers.

r320062 used nm_rsize, nm_wsize to set the maximum request/response sizes for
the NFSv4.1 session. If rsize,wsize are not specified as options, the
value of nm_rsize, nm_wsize is 0 at session creation, resulting in
values for request/response that are too small.
This patch fixes the problem. A workaround is to specify rsize=N,wsize=N
mount options explicitly, so they are set before session creation.
This bug only affects NFSv4.1 mounts against some non-FreeBSD servers.

MFC after:        1 week
Delta File
+5 -0 sys/fs/nfsclient/nfs_clrpcops.c
+5 -0 1 file

HardenedBSD — sys/fs/nfsclient nfs_clrpcops.c

Revert r321308. I'll commit a better fix soon.
Delta File
+4 -10 sys/fs/nfsclient/nfs_clrpcops.c
+4 -10 1 file

HardenedBSD — release/doc/en_US.ISO8859-1/errata article.xml

Prune one more missed entry from 11.0-RELEASE.

Approved by:        re (implicit)
Sponsored by:        The FreeBSD Foundation

HardenedBSD — release/doc/en_US.ISO8859-1/errata article.xml, release/doc/share/xml release.ent

- Fix the 'release.prev' entity for the 11.1-RELEASE errata.
- Prune stale entries from 11.0-RELEASE.
- Bump copyright year.

Approved by:        re (implicit)
Sponsored by:        The FreeBSD Foundation

HardenedBSD — release/doc/share/xml release.ent, sys/conf newvers.sh

- Set stable/11 from -PRERELEASE back to -STABLE.
- Update version entities in release.ent.

Approved by:        re (implicit)
Sponsored by:        The FreeBSD Foundation

HardenedBSD — . UPDATING, lib/csu/common crtbrand.c

- Switch releng/11.1 to -RELEASE.
- Add the anticipated 11.1-RELEASE date to UPDATING.
- Set a static __FreeBSD_version.

Approved by:        re (implicit)
Sponsored by:        The FreeBSD Foundation
Delta File
+3 -0 UPDATING
+1 -1 lib/csu/common/crtbrand.c
+1 -1 sys/conf/newvers.sh
+5 -2 3 files

HardenedBSD — sys/net iflib.c

    Fix printf format warning in iflib.c
    
    Clang 5.0.0 got better warnings about printf format strings using %zd,
    and this leads to the following -Werror warning on e.g. arm:
    
        sys/net/iflib.c:1517:8: error: format specifies type 'ssize_t' (aka 'int') but the 
argument has type 'bus_size_t' (aka 'unsigned long') [-Werror,-Wformat]
                                                  sctx->isc_tx_maxsize, nsegments, 
sctx->isc_tx_maxsegsize);
                                                  ^~~~~~~~~~~~~~~~~~~~
        sys/net/iflib.c:1517:41: error: format specifies type 'ssize_t' (aka 'int') but 
the argument has type 'bus_size_t' (aka 'unsigned long') [-Werror,-Wformat]
                                                  sctx->isc_tx_maxsize, nsegments, 
sctx->isc_tx_maxsegsize);
                                                                                   
^~~~~~~~~~~~~~~~~~~~~~~
    
    Fix this by casting bus_size_t arguments to uintmax_t, and using %ju
    instead.
    
    Reviewed by:        emaste
    MFC after:        3 days
    Differential Revision:        https://reviews.freebsd.org/D11679
Delta File
+2 -2 sys/net/iflib.c
+2 -2 1 file

HardenedBSD — sys/boot/efi/boot1 zfs_module.c

    Fix printf format warning in zfs_module.c
    
    Clang 5.0.0 got better warnings about print format strings using %zd,
    and this leads to the following -Werror warning on e.g. arm:
    
        sys/boot/efi/boot1/zfs_module.c:186:18: error: format specifies type 'ssize_t' 
(aka 'int') but the argument has type 'off_t' (aka 'long long') [-Werror,-Wformat]
                            "(%lu)\n", st.st_size, spa->spa_name, filepath, 
EFI_ERROR_CODE(status));
                                       ^~~~~~~~~~
    
    Fix this by casting off_t arguments to intmax_t, and using %jd instead.
    
    Reviewed by:        tsoome
    MFC after:        3 days
    Differential Revision:        https://reviews.freebsd.org/D11678
Delta File
+2 -2 sys/boot/efi/boot1/zfs_module.c
+2 -2 1 file

HardenedBSD — contrib/libarchive NEWS, contrib/libarchive/libarchive archive.h archive_entry.h

MFC r320927,320931,320932:
Bump libarchive to 3.3.2

Vendor changes:
  PR #901: don't depend on stdin in a testcase

Relnotes:        yes

HardenedBSD — sys/netinet sctp_os_bsd.h

Deal with listening socket correctly.
Delta File
+2 -2 sys/netinet/sctp_os_bsd.h
+2 -2 1 file

HardenedBSD — usr.sbin/bsdinstall/scripts checksum

HBSD: Resolve merge conflict

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX

HardenedBSD — usr.sbin/sesutil sesutil.c eltsub.c

MFC r320267, r320270-r320271, r320478

r320267:
Do not use sprintf(3) when not needed, while here,
prefer snprintf(3) over sprintf(3)

r320270:
Directly print the extra status instead of filling a buffer
then printing it.

This prepares the code to make it libxo friendly

Reviewed by:        manu, Nikita Kozlov (nikita elyzion.net)
Sponsored by:        Gandi.net

r320271:
sesutil no longer depends on libsbuf

Sponsored by:        Gandi.net

r320478:
Add libxo(3) support to sesutil(8)

This is useful to simplify parsing "sesutil map"


    [5 lines not shown]

HardenedBSD — sys/amd64/amd64 efirt.c

MFC r320936,r320937,r320938:
Fix size argument to vm_pager_allocate().
Delta File
+2 -2 sys/amd64/amd64/efirt.c
+2 -2 1 file

HardenedBSD — cddl/usr.sbin/dtrace/tests Makefile.inc1

MFC r290570:

Reduce the Makefile snippet complexity a bit

- Set BINDIR to TESTSDIR globally (and subsequently, remove all
  `${FILESGROUP}DIR` setting because BINDIR is set to `TESTSDIR`)
- Set MAN to "" globally, instead of per-PROG

HardenedBSD — share/man/man4 witness.4

MFC r278329:

Document WITNESS_COUNT and WITNESS_NO_VNODE
Delta File
+24 -0 share/man/man4/witness.4
+24 -0 1 file

HardenedBSD — usr.sbin/lpr/chkprintcap Makefile, usr.sbin/lpr/filters Makefile

MFC r314475:

Simplify idioms in usr.sbin/lpr Makefiles

Use :H instead of .CURDIR-relative pathing to simplify make output, etc.

HardenedBSD — usr.sbin/rpc.lockd Makefile, usr.sbin/rpc.statd Makefile

MFC r314454,r314455:

r314454:

Use .ALLSRC instead of RPCSRC

This is a trivial simplification in the Makefile, meant to serve as
a good example for what to do with rules like this.

r314455:

Use .ALLSRC instead of RPCSRC

This is a trivial simplification in the Makefile, meant to serve as
a good example for what to do with rules like this.

HardenedBSD — usr.sbin/fifolog/fifolog_create Makefile, usr.sbin/fifolog/fifolog_reader Makefile

MFC r314479:

Use :H to manipulate .CURDIR-relative paths instead of ../

This simplifies make output

HardenedBSD — cddl/lib/drti Makefile, cddl/lib/libavl Makefile

MFC r314654:

cddl: normalize paths using SRCTOP-relative paths or :H when possible

This simplifies make logic/output

While here, remove bogus CFLAGS which look for headers in cddl/lib/libumem.
There aren't any source files there (just Makefiles)
Delta File
+22 -23 cddl/lib/libzpool/Makefile
+19 -20 cddl/lib/libzfs_core/Makefile
+19 -19 cddl/sbin/zpool/Makefile
+18 -19 cddl/lib/libzfs/Makefile
+15 -15 cddl/sbin/zfs/Makefile
+14 -15 cddl/usr.sbin/zdb/Makefile
+122 -139 18 files not shown
+229 -250 24 files

HardenedBSD — libexec/atrun Makefile, libexec/ftpd Makefile

MFC r314653:

libexec: normalize paths using SRCTOP-relative paths or :H when possible

This simplifies make logic/output

HardenedBSD — sys/boot/common part.c

MFC r316102:

Wrap bootcamp DEBUG statement with curly braces

This fixes a -Wempty-body warning with gcc 6.3.0 when PART_DEBUG is undefined.

Tested with:        amd64-gcc-6.3.0 (devel/amd64-xtoolchain-gcc)
Delta File
+2 -1 sys/boot/common/part.c
+2 -1 1 file

HardenedBSD — usr.sbin/newsyslog ptimes.c newsyslog.c, usr.sbin/newsyslog/tests legacy_test.sh

MFC r318960,r319545,r319546,r319548,r321261:

r318960 (by dab):

Add newsyslog capability to write RFC5424 compliant rotation message.

This modification adds the capability to newsyslog to write the
rotation message in a format that is compliant with RFC5424. This
capability is enabled on a per-log file basis through a new value
("T") in the flags field in newsyslog.conf. This is useful on systems
that use the RFC5424 format for log files so that the rotation message
format matches that of the other log messages. There has been recent
mention of adding an RFC5424 compliant mode to syslogd and at least
one alternative system log daemon (rsyslogd) that already has the
capability to use that format.

Relnotes:        yes

r319545:

Don't execute the TODO cases in a subshell

This messes up the testcase counter, as seen in bug 219756.

PR:                212160, 219756

    [20 lines not shown]

HardenedBSD — usr.sbin/periodic periodic.sh

MFC r320135:

periodic(8): delete trailing whitespace
Delta File
+3 -3 usr.sbin/periodic/periodic.sh
+3 -3 1 file

HardenedBSD — sys/net iflib.c

Don't cache mbuf pointers if the number of descriptors is greater than
the number of buffers.

Submitted by:        Matt Macy <mmacy at mattmacy.io>
Sponsored by:        Limelight Networks
Delta File
+8 -0 sys/net/iflib.c
+8 -0 1 file

HardenedBSD — etc Makefile

    MFC note:        only the newsyslog.conf.d change has been backported to unbreak
                    "make distribution" with etc/newsyslog.conf.d/opensm.conf
                    installation. The cron.d and syslog.d changes were omitted by
                    request to avoid churn on ^/stable/{10,11}.
    Requested by:        jhb, peter
    
    MFC r318545:
    
    Install {cron.d,newsyslog.conf.d,syslog.d} via `make distribution`, not `make install`
    
    I incorrectly started this pattern in r277541 with the opensm newsyslog.conf.d file,
    and continued using it in r318441 and r318443.
    
    This will fix the files being handled improperly via installworld, preventing tools 
like
    etcupdate, mergemaster, etc from functioning properly when comparing the installed
    contents on a system vs the contents in a source tree when doing merges.
    
    PR:                219404
    MFC with:        r277541, r318441, r318443
Delta File
+1 -2 etc/Makefile
+1 -2 1 file

HardenedBSD — lib/libc/gen getpagesize.3

MFC note:        content changes of r317315 were reversed. .Dd is being updated
                for diff reduction purposes.

MFC r317315,r317437:

r317315:

Note that getpagesize(3) can return -1 on failure

r317437 (by kib):

getpagesize(3) cannot fail.
Delta File
+1 -1 lib/libc/gen/getpagesize.3
+1 -1 1 file

HardenedBSD — lib/libc/gen getpagesize.3

MFC note:        content changes of r317315 were reversed. .Dd is being updated
                for diff reduction purposes.

MFC r317315,r317437:

r317315:

Note that getpagesize(3) can return -1 on failure

r317437 (by kib):

getpagesize(3) cannot fail.
Delta File
+1 -1 lib/libc/gen/getpagesize.3
+1 -1 1 file

HardenedBSD — etc/pam.d Makefile, tools/build/mk OptionalObsoleteFiles.inc

MFC r269550:
r269550 (by peter):

Check gethostname(2) return code - but even if it succeeds it may not
null terminate.

Temporarily use "From: $user@$hostname" rather than "From: $user".
The latter exposes incompatible behavior if using dma(8).  sendmail(8)
(and other alternatives) canonify either form on submission (even
if masquerading), but dma will leak a non-compliant address to
the internet.

HardenedBSD — usr.sbin/cron/cron do_command.c

MFC r269550:
r269550 (by peter):

Check gethostname(2) return code - but even if it succeeds it may not
null terminate.

Temporarily use "From: $user@$hostname" rather than "From: $user".
The latter exposes incompatible behavior if using dma(8).  sendmail(8)
(and other alternatives) canonify either form on submission (even
if masquerading), but dma will leak a non-compliant address to
the internet.
Delta File
+5 -2 usr.sbin/cron/cron/do_command.c
+5 -2 1 file

HardenedBSD — usr.sbin/cron/crontab crontab.1 crontab.c

MFC r310329:
r310329 (by cem):

Add a 'force' option for non-interactive crontab removal

Add a '-f' option to force crontab '-r' to be non-interactive.