r325882 imp Nov. 16, 2017, 12:19 a.m.
Also fix a run-a-way macro invocation of Dv.

Noticed by: matteo@
ViewVC
r325881 imp Nov. 15, 2017, 11:51 p.m.
contractions, and make igor almost happy with this (two issues are
false positives, and I'm not sure a synopsis makes sense).

Sponsored by: Netflix
ViewVC
r325880 np Nov. 15, 2017, 11:48 p.m.
their names.  The finer-grained knobs weren't practically useful.

Sponsored by:	Chelsio Communications
ViewVC
r325872 cem Nov. 15, 2017, 10:42 p.m.
The HMAC construction natively permits any key size between 0 and the input
block length. Before r324017, the auth_hash 'keysize' member was the hash
output length, which was used by ipsec for key sizes. (Non-ipsec consumers
need the ability to use other keysizes, hence, r324017.)

The ipsec SADB code blindly uses the auth_hash 'keysize' member for both
minimum and maximum key size, which is wrong (from an HMAC perspective).
For now, just switch it to 'hashsize', which matches the existing
expectations.

Instead it should probably use the range [0, keysize]. But there may be
other broken code in ipsec that rejects hashes with too small a minimum
key size.

Reported by:	olivier@
Reviewed by:	olivier, no objection from ae
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12770
ViewVC
r325865 gordon Nov. 15, 2017, 10:30 p.m.
Submitted by:	kib
Reported by:	TJ Corley
Security:	CVE-2017-1088
ViewVC
r325864 tuexen Nov. 15, 2017, 10:13 p.m.
While there, clean up the code.
Thanks to Felix Weinrank who found the bug by using fuzz-testing
the SCTP userland stack.

MFC after:	1 week
ViewVC
r325863 gjb Nov. 15, 2017, 7:14 p.m.
not already exist within ${CHROOTDIR}.  This allows re-using a build
chroot with CHROOTBUILD_SKIP set to a non-empty value and CHROOTDIR
set to '/' in release.conf.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
ViewVC
r325862 manu Nov. 15, 2017, 7:04 p.m.
The u-boot port for RPI-2 was updated to use u-boot-master, this cause
an update in u-boot version to v2017.09 and changing the filename.
The various firmware files for the RPI* are now in a common ports
sysutils/rpi-firmware as they are shared on all the RPI version.

Update the release files to copy the right files from the right location.

Reviewed by:	gjb
MFC after:	3 days
ViewVC
r325861 manu Nov. 15, 2017, 7:03 p.m.
THe u-boot port for RPI-B was updated to use u-boot-master, this cause
an update in u-boot version to v2017.09 and changing the filename.
The various firmware files for the RPI* are now in a common ports
sysutils/rpi-firmware as they are shared on all the RPI version.

Update the release files to copy the right files from the right location.

Reviewed by:	gjb
MFC after:	3 days
ViewVC
r325860 emaste Nov. 15, 2017, 6:40 p.m.
Creating a UFS filesystem with a newfs newer than the running kernel,
and then mounting that filesystem, can lead to interesting failures.

Add a safety belt to explicitly warn when newfs is newer than the
running kernel.

Reviewed by:	gjb, jhb, mckusick
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D12765
ViewVC
r325859 emaste Nov. 15, 2017, 6:03 p.m.
Packaged base packages are created by running the stageworld and
stagekernel targets with -DNO_ROOT, and converting the resulting mtree
file into a set of pkg plists.  If stage* is run with multiple processes
the order of entries in the mtree file may be nondeterministic, and the
resulting package tbz also had nondeterministic file ordering.

The mtree file generated by -DNO_ROOT builds consists of one line per
file, with the filename starting in the first column, so is easily
sorted.  There's one exception: the first line of the mtree file is a
comment, but the # character sorts before the filenames anyhow and needs
no special treatment.

PR:		223673
Reviewed by:	bapt, gjb
Sponsored by:	The Linux Foundation, Core Infrastructure Initiative
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D13103
ViewVC
r325857 asomers Nov. 15, 2017, 3:52 p.m.
In xpt_bus_register(), remove superfluous call to free().  This was mostly
benign since free(9) checks for NULL before doing anything, and
xpt_create_path() is nice enough to NULL out the pointer on failure.
However, it could've segfaulted if malloc(9) failed during
xpt_create_path().

Submitted by:	gibbs
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
ViewVC
r325855 imp Nov. 15, 2017, 3:02 p.m.
right.

Sponsored by: Netflix
ViewVC
r325854 imp Nov. 15, 2017, 3 p.m.
Sponsored by: Netflix
ViewVC
r325852 kib Nov. 15, 2017, 1:41 p.m.
hardware sizes.

32bit counters already overflow on approachable virtual memory page
counts, and soon would overflow on the physical pages counts as well.
Bump sizes to 64bit types.  Bump __FreeBSD_version.

It is impossible to provide perfect backward ABI compat for this
change.  If a program requests an old structure, it can be detected by
size.  But if it queries the size first by passing NULL old req
pointer, there is almost nothing we can do to detect the desired ABI.
As a partial solution, check p_osrel of the quering process when
selecting the size to report.

Submitted by:	Pawel Biernacki <pawel.biernacki@gmail.com>
Differential revision:	https://reviews.freebsd.org/D13018
ViewVC