The array is 2 x 2 x 2, not 2 x 2 x 3.
Sponsored by: Rubicon Communications, LLC ("Netgate")
MFC after: 2 weeks
(cherry picked from commit a3f7176523e8611b259cefd7431c01e24f446db7)
When trying to use a VLAN device (e.g. "em0.123") with a dot
the library fails to parse the interface correctly. The former
pattern is much too restrictive given that almost all characters
can be coerced into a device name via ifconfig.
Remove the particularly restrictive validation. Some characters
still cannot be used as an interface name as they are used as
delimiters in the syntax, but this allows to be able to use most
of them without an issue.
Submitted by: franco@opnsense.org
Differential Revision: https://reviews.freebsd.org/D42485
Reviewed by: vmaffione
(cherry picked from commit ad874544d9f018bf8eef4053b5ca7b856c4674cb)
- Bump BRANCH to RELEASE
- Add the anticipated RELEASE announcement date
- Set a static __FreeBSD_version
Approved by: re (implicit)
Sponsored by: https://www.patreon.com/cperciva
access(), eaccess() and faccessat() will always dereference
symbolic links.
So add a note in the manual page, that lstat(2) should be
used in the case of symbolic links.
PR: 262895
Reviewed by: gbe, pauamma_gundo.com
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44890
(cherry picked from commit 421025a274fb5759b3ecc8bdb30b24db830b45ae)
(cherry picked from commit f075b61137)
Approved by: re (cperciva)
Release notes at
https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/
Security: The DNSBomb vulnerability CVE-2024-33655
Merge commit 'c2a80056864d6eda0398fd127dc0ae515b39752b' into main
(cherry picked from commit 335c7cda12138f2aefa41fb739707612cc12a9be)
(cherry picked from commit 7a2bb28f8e)
Approved by: re (cperciva)
This is required for GCC to build.
PR: 272759
Reported by: dgilbert@eicat.ca
Approved by: re (cperciva)
Submitted by: jrtc27
Differential Revision: https://reviews.freebsd.org/D44333
(cherry picked from commit 1947a9383ec3a048e334022365aa199a6ae55289)
(cherry picked from commit 7ad1775107)
The WITH_LLVM_TARGET_ENABLE_SPARC option was removed a long time ago,
but some ifdefs were still laying around, so clean them up.
PR: 276104
Approved by: re (cperciva)
MFC after: 3 days
(cherry picked from commit 6f444019009a55aac18d18054d154155fbf606c9)
(cherry picked from commit 0b8cdac883)
Update version numbers, config headers, etc. Git tricked me into losing
these before pushing.
PR: 276104
Approved by: re (cperciva)
Fixes: d67fc74b9249
MFC after: 3 days
(cherry picked from commit 894cb08f0d3656fdb81f4d89085bedc4235f3cb6)
(cherry picked from commit a17c251dd6)
macOS, like Linux, does not include an outer const qualifier for its
fts_open callback arguments, so -Wincompatible-function-pointer-types
also picks this up and breaks the build now Clang 16 makes it an error
by default. Extend the existing Linux support to fix this.
MFC after: 1 week
(cherry picked from commit d8c84215d7675b7940412122b6d7026bd193c9b5)
The glibc fts_open() callback type does not have the second const
qualifier and it appears that Clang 16 errors by default for mismatched
function pointer types. Add an ifdef to handle this case.
Reviewed By: imp, emaste
Differential Revision: https://reviews.freebsd.org/D43000
(cherry picked from commit 60e845ceef25533bfb60450549bea56a17b1e467)
Libarchive 3.7.3
New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNIX
permissions
#1962 zstd filter now supports the "long" write option
#2012 add trailing letter b to bsdtar(1) substitute pattern
#2031 PCRE2 support
#2054 add support for long options "--group" and "--owner" to tar(1)
Security fixes:
#2101 Fix possible vulnerability in tar error reporting introduced
in f27c173
Important bugfixes:
#1974 ISO9660: preserve the natural order of links
#2105 rar5: fix infinite loop if during rar5 decompression the last
block produced no data
#2027 xz filter: fix incorrect eof at the end of an lzip member
#2043 zip: fix end-of-data marker processing when decompressing zip
archives
(cherry picked from commit b9128a37faafede823eb456aa65a11ac69997284)
As noted in bug 277096, when building a pkgbase repository using
WITHOUT_CROSS_COMPILER and WITHOUT_TOOLCHAIN (which sets WITHOUT_CLANG),
the following residual files are left over:
/usr/lib/clang/18/lib/freebsd/libclang_rt.asan-x86_64.so
/usr/lib/clang/18/share/asan_ignore_list.txt
/usr/lib/clang/18/share/cfi_ignore_list.txt
/usr/lib/clang/18/share/msan_ignore_list.txt
This is because the lib/libclang_rt directory is still descended into,
even if WITHOUT_CLANG is used. Fix it by not descending into the
libclang_rt directory in that case.
PR: 277096
Reported by: Siva Mahadevan <me@svmhdvn.name>
MFC after: 3 days
(cherry picked from commit 514773a5486d1fa4f2d5acb5af1766965c20765b)
GCC has used this for some time (since 7.0) and apparently we were
getting away with using the hidden symbol, but when linking with
--no-undefined-version we get an error unless it's properly exported.
(For anyone who wonders at the assymetry, __udivmoddi4 is indeed much
older and was introduced with GCC 3.0.)
MFC after: 3 days
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D44878
(cherry picked from commit 44e89340fe349abc020732958c6debd12b5adf2c)
The upstream llvm commit 5eb44df1b64d made the addition of these GCC
compatability symbols dependent on build configuration rather than
hardcoded for amd64, i386, and powerpc. Reenable them.
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D44877
(cherry picked from commit 0b9e3585805e83718c3ebdab923aca51597193cd)
Clang supports __bf16 for riscv from version 18.0 onwards, so update the
checks for it. While here, rewrite the checks so they are hopefully more
readable, and also handle gcc a little better.
In addition, define COMPILER_RT_HAS_FLOAT16 and COMPILER_RT_HAS_BFLOAT16
when these features should be available, since there are some parts in
compiler-rt that check for these defines.
PR: 276104
MFC after: 1 month
(cherry picked from commit f276adc148433d009d198c2ebccdd3303377e237)
Apparently libgcc_s has always included libcompiler_rt's Makefile.inc
without first including bsd.compiler.mk, even though Makefile.inc used
COMPILER_TYPE already. It looks like we were just lucky that the
expression was not malformed.
PR: 276104
Reported by: Herbert J. Skuhra <herbert@gojira.at>
MFC after: 1 month
(cherry picked from commit 4c983a2886877a855ac3a2836b15d80356fbb8d4)
Older versions of gcc produce "error: unknown type name '__bf16'".
PR: 276104
MFC after: 1 month
(cherry picked from commit 2e226748a961329471f5b51483318b94c8735f34)
This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and
openmp to llvm-project main llvmorg-18-init-18359-g93248729cfae, the
last commit before the upstream release/18.x branch was created.
PR: 276104
MFC after: 1 month
(cherry picked from commit 7a6dacaca14b62ca4b74406814becb87a3fefac0)
Change .Xr reference to .Fn, which quiets a mandoc warning.
Reviewed by: mhorne
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/1135
(cherry picked from commit d3de1bd429bc51fbbcb37fadaf2581461edf848b)
By default only report unverified files at severity VE_WANT
and above. This inlcudes *.conf but not *.hints, *.cookie
or *.tgz which get VE_TRY as their severity.
If Verbose is set to 0, then VerifyFlags should default to 0 too.
Thus the combination of
module_verbose=0
VE_VEBOSE=0
is sufficient to make the loader almost totally silent.
When verify_prep has to find_manifest and it is verified ok
return VE_NOT_CHECKED to verify_file so that it can skip
repeating verify_fd
Also add better debugging output for is_verified and add_verify_status.
vectx handle compressed modules
When verifying a compressed module (.ko.gz or .ko.bz2)
stat() reports the size as -1 (unknown).
vectx_lseek needs to spot this during closing - and just read until
EOF is hit.
Note: because of the way libsa's open() works, verify_prep will see
the path to be verified as module.ko not module.ko.bz2 etc. This is
actually ok, because we need a separate module.ko.bz2 entry so that
the package can be verified, and the hash for module.ko is of the
uncompressed file which is what vectx will see.
Re-work local.trust.mk so site.trust.mk need only set
VE_SIGN_URL_LIST (if using the mentioned signing server)
interp.c: restrict interactive input
Apply the same restrictions to interactive input as for
unverified conf and hints files.
Use version.veriexec when LOADER_VERIEXEC is yes
Reviewed by: kevans
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43810
(cherry picked from commit f616d61ab6b071e5fbfdbae7033a9ef04c1444ad)
