From owner-svn-src-releng@freebsd.org Mon Aug 29 23:57:02 2016 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B5ECBC7B63; Mon, 29 Aug 2016 23:57:02 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EA7B166E; Mon, 29 Aug 2016 23:57:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7TNv1SF076902; Mon, 29 Aug 2016 23:57:01 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7TNv1sH076901; Mon, 29 Aug 2016 23:57:01 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201608292357.u7TNv1sH076901@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Mon, 29 Aug 2016 23:57:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r305035 - releng/11.0/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2016 23:57:02 -0000 Author: gjb Date: Mon Aug 29 23:57:00 2016 New Revision: 305035 URL: https://svnweb.freebsd.org/changeset/base/305035 Log: Document r292120, Update to ELF Tool Chain r3272 Document r299142, Native PCIe Hotplug support Document r298166, libucl has been updated to version 0.8.0 Document r302288, Enable indirect segment I/O by default when running on EC2 Document r302265, Allow ZFS ARC min / max to be tuned at runtime Document r299142, The leap-seconds file has been updated to leap-seconds.3676752000 Document r302177, WITH_SYSTEM_COMPILER: Enable by default Document r304246, PCIe HotPlug: Detect bridges that are not really HotPlug capable Document r301565, Switch arm64 to use intrng by default Document r299781, Support for the Allwinner Reduced Serial Bus (RSB) Document r296064, Support for Allwinner A20 HDMI Document r299393, Default installation directory for modules is /boot/modules Document r303716, Drop SSH1 support Document r303719, Disable DSA by default Document r297633, RCTL resources for limited filesystem IO Document r300723, Mellanox implementation of iSER Document r299848, Allow reroot to NFS Document r301033, Discovery without attaching support in iscsictl Document r299371, camcontrol reprobe Document r295212, Add an additional, libucl-based configuration file parser to ctld Document r287842, Change default regulatory domain from DEBUG to FCC in ifconfig Document r301875, The SIOCSIFALIFETIME_IN6 ioctl has been removed These map to r304919, r304923, and r304929 from stable/11 from skreuzer@. Approved by: re (implicit, relnotes) Sponsored by: The FreeBSD Foundation Modified: releng/11.0/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/11.0/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/11.0/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Aug 29 22:48:36 2016 (r305034) +++ releng/11.0/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Aug 29 23:57:00 2016 (r305035) @@ -175,8 +175,15 @@ The MK_ARM_EABI &man.src.conf.5; option has been removed. + The WITH_SYSTEM_COMPILER + &man.src.conf.5; option is enabled by default. + The ntp suite has been updated to version 4.2.8p8. + + The + /etc/ntp/leap-seconds + has been updated to version 3676752000. @@ -443,10 +450,11 @@ falling back to the PCI ID database in the &os; base system. - The &man.ifconfig.8; utility has been - updated to always exit with an error code if an important - &man.ioctl.2; fails. + By default the &man.ifconfig.8; utility + will set the default regulatory domain to FCC + on wireless interfaces. As a result, newly created wireless + interfaces with default settings will have less chances to + violate country-specific regulations. @@ -458,6 +466,12 @@ OpenSSH has been updated to 7.2p2. + SSHv1 support has been removed from + OpenSSH. + + Support for DSA is disabled by default in + OpenSSH. + mdocml has been updated to version 1.12.3. @@ -466,9 +480,9 @@ patches that add new relocations for &arch.powerpc; support. - The + The ELF Tool Chain has been updated to - upstream revision r3136. + upstream revision r3272. The texinfo utility and info pages were removed from @@ -602,6 +616,9 @@ OpenBSM has been updated to version 1.2 alpha 4. + libucl has + been updated to version 0.8.0. + The NetBSD Project's &man.libblacklist.3; library and applications have been ported and integrated into the system. Packet @@ -1027,6 +1044,10 @@ To retain the previous behavior, add KERN_DEBUGDIR="" to &man.src.conf.5;. + + &arch.arm64; has been switched over to using + INTRNG by default. @@ -1310,6 +1331,13 @@ Hardware Support + Native PCI-express HotPlug + support is enabled by default on &arch.amd64;, &arch.arm64; and + &arch.powerpc; + + PCI-express HotPlug support has been + enabled for slots with power controllers + The &man.asmc.4; driver has been updated to support the &apple; MacMini 3,1. @@ -1445,6 +1473,9 @@ The &man.xen.4; driver has been updated to include support for blkif indirect segment I/O. + + Indirect segment I/O is enabled by default + in the Xen blkfront driver when running on AWS EC2. @@ -1520,6 +1551,11 @@ interrupts on AXP209 power management integrated circuits have been added. + Support for the Allwinner + Reduced Serial Bus (RSB) has been added. + + Support for Allwinner A20 HDMI + has been added. @@ -1541,6 +1577,10 @@ &man.ctld.8; utility has been updated to allow controlling non-iSCSI &man.ctl.4; ports. + Support + for parsing libucl-based configuration files has been added to + &man.ctld.8;. + The &man.autofs.5; subsystem has been updated to include a new &man.auto.master.5; map, -media, which @@ -1571,6 +1611,9 @@ Support for managing Shingled Magnetic Recording (SMR) drives has been added. + The + &man.camcontrol.8; command can manually force updating capacity + data after a disk gets resized using the reprobe subcommand. @@ -1590,6 +1633,13 @@ for the timeo, actimeo, noac, and proto options have been added to &man.mount.nfs.8;. + + The Mellanox implementation of iSER (iSCSI + Extensions for RDMA) has been imported. + + The ability to discover iSCSI targets without + having to attach to a target has been added to the + &man.iscsictl.8; command. @@ -1613,6 +1663,14 @@ sponsor="&ix;, &spectralogic;">The zfsd daemon has been added, which manages hotspares and replements in drive slots that publish physical paths. + + The + minimum and maximum values for the ZFS adaptive replacement + cache can be modified at runtime. + + Four new + resources have been added to &man.rctl.8; to allow + throttles to be set on filesystem IO. @@ -1676,6 +1734,9 @@ updated to enable ttyu1, ttyu2, and ttyu3 by default, if the callin port is an active console port. + + The default installation directory for modules + has been changed to /boot/modules. @@ -1691,6 +1752,12 @@ This section describes changes that affect networking in &os;. + The unused SIOCSIFALIFETIME_IN6 + ioctl has been removed. + + Support to + be able to reroot into a NFSv4 volume has been added. + Network Protocols From owner-svn-src-releng@freebsd.org Tue Aug 30 13:26:01 2016 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E455BC71A4; Tue, 30 Aug 2016 13:26:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 00F1D8F7; Tue, 30 Aug 2016 13:26:00 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7UDQ0WK082732; Tue, 30 Aug 2016 13:26:00 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7UDQ0jj082731; Tue, 30 Aug 2016 13:26:00 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201608301326.u7UDQ0jj082731@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 30 Aug 2016 13:26:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r305062 - releng/11.0/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Aug 2016 13:26:01 -0000 Author: gjb Date: Tue Aug 30 13:26:00 2016 New Revision: 305062 URL: https://svnweb.freebsd.org/changeset/base/305062 Log: Add an 'Important Notes' section before the 'Upgrading' section. Document OpenSSH DSA key deprecation and removal of Protocol 1 support. Approved by: re (implicit, relnotes) Sponsored by: The FreeBSD Foundation Modified: releng/11.0/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/11.0/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/11.0/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Aug 30 12:40:12 2016 (r305061) +++ releng/11.0/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Aug 30 13:26:00 2016 (r305062) @@ -110,6 +110,24 @@ improvements. + + Important Notes + + This section lists important information for those upgrading + from prior &os; releases. + + + User-facing Changes + + As of r303719, + OpenSSH DSA key + generation has been disabled by default. It is important to + update OpenSSH keys prior to + upgrading. Additionally, Protocol 1 + support has been removed. + + + Upgrading from Previous Releases of &os; From owner-svn-src-releng@freebsd.org Thu Sep 1 20:01:39 2016 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D4D4EBCB97C; Thu, 1 Sep 2016 20:01:39 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 921E4B98; Thu, 1 Sep 2016 20:01:39 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u81K1cYM035630; Thu, 1 Sep 2016 20:01:38 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u81K1c1U035629; Thu, 1 Sep 2016 20:01:38 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201609012001.u81K1c1U035629@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Thu, 1 Sep 2016 20:01:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r305236 - releng/11.0/sys/boot/i386/libi386 X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Sep 2016 20:01:39 -0000 Author: gjb Date: Thu Sep 1 20:01:38 2016 New Revision: 305236 URL: https://svnweb.freebsd.org/changeset/base/305236 Log: MFS11 305232: MFC r304966 (peter): The read-ahead code from r298230 made it likely the boot code would read beyond the end of disk. r298900 added code to prevent this. Some BIOSes cause significant delays if asked to read past end-of-disk. We never trusted the BIOS to accurately report the sectorsize of disks before and this set of changes. Unfortuately they interact badly with the infamous >2TB wraparound bugs. We have a number of relatively-recent machines in the FreeBSD.org cluster where the BIOS reports 3TB disks as 1TB. With pre-r298900 they work just fine. After r298900 they stop working if the boot environment attempts to access anything outside the first 1TB on the disk. 'ZFS: I/O error, all block copies unavailable' etc. It affects both UFS and ZFS if they try to boot from large volumes. This change replaces the blind trust of the BIOS end-of-disk reporting with a read-ahead clip to prevent reads crossing the of end-of-disk boundary. Since 2^32 (2TB) size reporting truncation is not uncommon, the clipping is done on 2TB aliases of the reported end-of-disk. ie: a 3TB disk reported as 1TB has readahead clipped at 1TB, 3TB, 5TB, ... as one of them is likely to be the real end-of-disk. This should make the loader on these broken machines behave the same as traditional pre-r298900 loader behavior, without disabling read-ahead. PR: 212139 Approved by: re (kib) Sponsored by: The FreeBSD Foundation Modified: releng/11.0/sys/boot/i386/libi386/biosdisk.c Directory Properties: releng/11.0/ (props changed) Modified: releng/11.0/sys/boot/i386/libi386/biosdisk.c ============================================================================== --- releng/11.0/sys/boot/i386/libi386/biosdisk.c Thu Sep 1 19:51:35 2016 (r305235) +++ releng/11.0/sys/boot/i386/libi386/biosdisk.c Thu Sep 1 20:01:38 2016 (r305236) @@ -495,7 +495,7 @@ bd_realstrategy(void *devdata, int rw, d char *buf, size_t *rsize) { struct disk_devdesc *dev = (struct disk_devdesc *)devdata; - int blks; + int blks, remaining; #ifdef BD_SUPPORT_FRAGS /* XXX: sector size */ char fragbuf[BIOSDISK_SECSIZE]; size_t fragsize; @@ -511,14 +511,15 @@ bd_realstrategy(void *devdata, int rw, d if (rsize) *rsize = 0; - if (dblk >= BD(dev).bd_sectors) { - DEBUG("IO past disk end %llu", (unsigned long long)dblk); - return (EIO); - } - - if (dblk + blks > BD(dev).bd_sectors) { - /* perform partial read */ - blks = BD(dev).bd_sectors - dblk; + /* + * Perform partial read to prevent read-ahead crossing + * the end of disk - or any 32 bit aliases of the end. + * Signed arithmetic is used to handle wrap-around cases + * like we do for TCP sequence numbers. + */ + remaining = (int)(BD(dev).bd_sectors - dblk); /* truncate */ + if (remaining > 0 && remaining < blks) { + blks = remaining; size = blks * BD(dev).bd_sectorsize; DEBUG("short read %d", blks); } From owner-svn-src-releng@freebsd.org Fri Sep 2 00:45:45 2016 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43054BCB536; Fri, 2 Sep 2016 00:45:45 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EDCD4EAB; Fri, 2 Sep 2016 00:45:44 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u820jiT3042643; Fri, 2 Sep 2016 00:45:44 GMT (envelope-from nwhitehorn@FreeBSD.org) Received: (from nwhitehorn@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u820jioT042642; Fri, 2 Sep 2016 00:45:44 GMT (envelope-from nwhitehorn@FreeBSD.org) Message-Id: <201609020045.u820jioT042642@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: nwhitehorn set sender to nwhitehorn@FreeBSD.org using -f From: Nathan Whitehorn Date: Fri, 2 Sep 2016 00:45:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r305266 - releng/11.0/sys/boot/powerpc/boot1.chrp X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2016 00:45:45 -0000 Author: nwhitehorn Date: Fri Sep 2 00:45:43 2016 New Revision: 305266 URL: https://svnweb.freebsd.org/changeset/base/305266 Log: MFS11 r305249: MFC r305036: Some versions of SLOF do not append the partition number to the boot device argument to the stage-1 bootloader. In such cases, boot1 would only try to read the entire device rather than checking for partitions. Instead of panic'ing, fall back to reading the partitions as normal in such situations. This was preventing boot of installed systems on some versions of PowerKVM. PR: kern/211599 Approved by: re (gjb) Modified: releng/11.0/sys/boot/powerpc/boot1.chrp/boot1.c Directory Properties: releng/11.0/ (props changed) Modified: releng/11.0/sys/boot/powerpc/boot1.chrp/boot1.c ============================================================================== --- releng/11.0/sys/boot/powerpc/boot1.chrp/boot1.c Fri Sep 2 00:43:03 2016 (r305265) +++ releng/11.0/sys/boot/powerpc/boot1.chrp/boot1.c Fri Sep 2 00:45:43 2016 (r305266) @@ -137,7 +137,9 @@ ofw_init(void *vpd, int res, int (*openf p = bootpath; while (*p != '\0') { + /* Truncate partition ID */ if (*p == ':') { + ofw_close(bootdev); *(++p) = '\0'; break; } @@ -419,31 +421,40 @@ main(int ac, char **av) memcpy(bootpath_full,bootpath,len+1); - if (bootpath_full[len-1] == ':') { - for (i = 0; i < 16; i++) { - if (i < 10) { - bootpath_full[len] = i + '0'; - bootpath_full[len+1] = '\0'; - } else { - bootpath_full[len] = '1'; - bootpath_full[len+1] = i - 10 + '0'; - bootpath_full[len+2] = '\0'; - } - - if (domount(bootpath_full,1) >= 0) - break; - - if (bootdev > 0) - ofw_close(bootdev); + if (bootpath_full[len-1] != ':') { + /* First try full volume */ + if (domount(bootpath_full,1) == 0) + goto out; + + /* Add a : so that we try partitions if that fails */ + if (bootdev > 0) + ofw_close(bootdev); + bootpath_full[len] = ':'; + len += 1; + } + + /* Loop through first 16 partitions to find a UFS one */ + for (i = 0; i < 16; i++) { + if (i < 10) { + bootpath_full[len] = i + '0'; + bootpath_full[len+1] = '\0'; + } else { + bootpath_full[len] = '1'; + bootpath_full[len+1] = i - 10 + '0'; + bootpath_full[len+2] = '\0'; } + + if (domount(bootpath_full,1) >= 0) + break; - if (i >= 16) - panic("domount"); - } else { - if (domount(bootpath_full,0) == -1) - panic("domount"); + if (bootdev > 0) + ofw_close(bootdev); } + if (i >= 16) + panic("domount"); + +out: printf(" Boot volume: %s\n",bootpath_full); ofw_setprop(chosenh, "bootargs", bootpath_full, len+2); load(path); From owner-svn-src-releng@freebsd.org Fri Sep 2 01:41:58 2016 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 968E2BCB20A; Fri, 2 Sep 2016 01:41:58 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 675E6682; Fri, 2 Sep 2016 01:41:58 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u821fvdk064647; Fri, 2 Sep 2016 01:41:57 GMT (envelope-from nwhitehorn@FreeBSD.org) Received: (from nwhitehorn@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u821fvXS064646; Fri, 2 Sep 2016 01:41:57 GMT (envelope-from nwhitehorn@FreeBSD.org) Message-Id: <201609020141.u821fvXS064646@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: nwhitehorn set sender to nwhitehorn@FreeBSD.org using -f From: Nathan Whitehorn Date: Fri, 2 Sep 2016 01:41:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r305267 - releng/11.0/sys/kern X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2016 01:41:58 -0000 Author: nwhitehorn Date: Fri Sep 2 01:41:57 2016 New Revision: 305267 URL: https://svnweb.freebsd.org/changeset/base/305267 Log: MFS11 r305250: MFC r305108,305109: Refix operation on sparse CPU mappings as in r302372, temporarily broken by r304716. PR: kern/210106 Approved by: re (gjb) Modified: releng/11.0/sys/kern/subr_gtaskqueue.c Directory Properties: releng/11.0/ (props changed) Modified: releng/11.0/sys/kern/subr_gtaskqueue.c ============================================================================== --- releng/11.0/sys/kern/subr_gtaskqueue.c Fri Sep 2 00:45:43 2016 (r305266) +++ releng/11.0/sys/kern/subr_gtaskqueue.c Fri Sep 2 01:41:57 2016 (r305267) @@ -742,7 +742,7 @@ _taskqgroup_adjust(struct taskqgroup *qg LIST_HEAD(, grouptask) gtask_head = LIST_HEAD_INITIALIZER(NULL); cpuset_t mask; struct grouptask *gtask; - int i, old_cnt, qid; + int i, k, old_cnt, qid, cpu; mtx_assert(&qgroup->tqg_lock, MA_OWNED); @@ -806,8 +806,11 @@ _taskqgroup_adjust(struct taskqgroup *qg /* * Set new CPU and IRQ affinity */ + cpu = CPU_FIRST(); for (i = 0; i < cnt; i++) { - qgroup->tqg_queue[i].tgc_cpu = i * qgroup->tqg_stride; + qgroup->tqg_queue[i].tgc_cpu = cpu; + for (k = 0; k < qgroup->tqg_stride; k++) + cpu = CPU_NEXT(cpu); CPU_ZERO(&mask); CPU_SET(qgroup->tqg_queue[i].tgc_cpu, &mask); LIST_FOREACH(gtask, &qgroup->tqg_queue[i].tgc_tasks, gt_list) { From owner-svn-src-releng@freebsd.org Fri Sep 2 22:47:58 2016 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EEC93BCCD40; Fri, 2 Sep 2016 22:47:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C1ACEABA; Fri, 2 Sep 2016 22:47:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u82MlwkG041055; Fri, 2 Sep 2016 22:47:58 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u82MlwUB041054; Fri, 2 Sep 2016 22:47:58 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201609022247.u82MlwUB041054@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Fri, 2 Sep 2016 22:47:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r305311 - releng/11.0/sys/arm64/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2016 22:47:59 -0000 Author: gjb Date: Fri Sep 2 22:47:57 2016 New Revision: 305311 URL: https://svnweb.freebsd.org/changeset/base/305311 Log: Turn off debugging options in the arm64/aarch64 GENERIC kernel. This is a direct commit to releng/11.0. Approved by: re (bdrewery) Sponsored by: The FreeBSD Foundation Modified: releng/11.0/sys/arm64/conf/GENERIC Modified: releng/11.0/sys/arm64/conf/GENERIC ============================================================================== --- releng/11.0/sys/arm64/conf/GENERIC Fri Sep 2 22:21:28 2016 (r305310) +++ releng/11.0/sys/arm64/conf/GENERIC Fri Sep 2 22:47:57 2016 (r305311) @@ -75,15 +75,6 @@ options INTRNG # Debugging support. Always need this: options KDB # Enable kernel debugger support. options KDB_TRACE # Print a stack trace for a panic. -# For full debugger support use (turn off in stable branch): -options DDB # Support DDB. -#options GDB # Support remote GDB. -options DEADLKRES # Enable the deadlock resolver -options INVARIANTS # Enable calls of extra sanity checking -options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS -options WITNESS # Enable checks to detect deadlocks and cycles -options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed -options MALLOC_DEBUG_MAXZONES=8 # Separate malloc(9) zones # SoC support options SOC_CAVM_THUNDERX From owner-svn-src-releng@freebsd.org Sat Sep 3 00:27:45 2016 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43E93BCE3C6; Sat, 3 Sep 2016 00:27:45 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 00C62A3B; Sat, 3 Sep 2016 00:27:44 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u830RiXd078620; Sat, 3 Sep 2016 00:27:44 GMT (envelope-from mm@FreeBSD.org) Received: (from mm@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u830RfEn078589; Sat, 3 Sep 2016 00:27:41 GMT (envelope-from mm@FreeBSD.org) Message-Id: <201609030027.u830RfEn078589@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mm set sender to mm@FreeBSD.org using -f From: Martin Matuska Date: Sat, 3 Sep 2016 00:27:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r305313 - in releng/11.0: contrib/libarchive/cat/test contrib/libarchive/cpio contrib/libarchive/cpio/test contrib/libarchive/libarchive contrib/libarchive/libarchive/test contrib/libar... X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Sep 2016 00:27:45 -0000 Author: mm Date: Sat Sep 3 00:27:41 2016 New Revision: 305313 URL: https://svnweb.freebsd.org/changeset/base/305313 Log: MFS r305188: MFC r304075,r304989: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC r304874: Temporarily disable two libarchive tests that have not yet been fixed by vendor. Tests will be re-enabled after a fix has been merged. Approved by: re (gjb) Added: releng/11.0/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.c - copied unchanged from r305188, stable/11/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.c releng/11.0/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.zip.uu - copied unchanged from r305188, stable/11/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.zip.uu releng/11.0/contrib/libarchive/libarchive/test/test_write_disk_secure744.c - copied unchanged from r305188, stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure744.c releng/11.0/contrib/libarchive/libarchive/test/test_write_disk_secure745.c - copied unchanged from r305188, stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure745.c releng/11.0/contrib/libarchive/libarchive/test/test_write_disk_secure746.c - copied unchanged from r305188, stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure746.c Modified: releng/11.0/contrib/libarchive/cat/test/test_version.c releng/11.0/contrib/libarchive/cpio/cmdline.c releng/11.0/contrib/libarchive/cpio/test/test_option_version.c releng/11.0/contrib/libarchive/libarchive/archive_match.c releng/11.0/contrib/libarchive/libarchive/archive_ppmd7_private.h releng/11.0/contrib/libarchive/libarchive/archive_read_add_passphrase.c releng/11.0/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c releng/11.0/contrib/libarchive/libarchive/archive_read_disk_posix.c releng/11.0/contrib/libarchive/libarchive/archive_read_private.h releng/11.0/contrib/libarchive/libarchive/archive_read_support_filter_lz4.c releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_lha.c releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_tar.c releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_warc.c releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_zip.c releng/11.0/contrib/libarchive/libarchive/archive_util.c releng/11.0/contrib/libarchive/libarchive/archive_write_disk_acl.c releng/11.0/contrib/libarchive/libarchive/archive_write_disk_posix.c releng/11.0/contrib/libarchive/libarchive/archive_write_set_format_iso9660.c releng/11.0/contrib/libarchive/libarchive/archive_write_set_format_ustar.c releng/11.0/contrib/libarchive/libarchive/test/main.c releng/11.0/contrib/libarchive/libarchive/test/test.h releng/11.0/contrib/libarchive/libarchive/test/test_archive_string_conversion.c releng/11.0/contrib/libarchive/libarchive/test/test_fuzz.c releng/11.0/contrib/libarchive/libarchive/test/test_read_format_rar.c releng/11.0/contrib/libarchive/tar/cmdline.c releng/11.0/contrib/libarchive/tar/test/test_version.c releng/11.0/contrib/libarchive/tar/util.c releng/11.0/lib/libarchive/tests/Makefile Directory Properties: releng/11.0/ (props changed) Modified: releng/11.0/contrib/libarchive/cat/test/test_version.c ============================================================================== --- releng/11.0/contrib/libarchive/cat/test/test_version.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/cat/test/test_version.c Sat Sep 3 00:27:41 2016 (r305313) @@ -83,7 +83,7 @@ DEFINE_TEST(test_version) if (*q == 'a' || *q == 'b' || *q == 'c' || *q == 'd') ++q; /* Skip arbitrary third-party version numbers. */ - while (s > 0 && (*q == ' ' || *q == '/' || *q == '.' || isalnum(*q))) { + while (s > 0 && (*q == ' ' || *q == '-' || *q == '/' || *q == '.' || isalnum(*q))) { ++q; --s; } Modified: releng/11.0/contrib/libarchive/cpio/cmdline.c ============================================================================== --- releng/11.0/contrib/libarchive/cpio/cmdline.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/cpio/cmdline.c Sat Sep 3 00:27:41 2016 (r305313) @@ -63,6 +63,7 @@ static const struct option { } cpio_longopts[] = { { "b64encode", 0, OPTION_B64ENCODE }, { "create", 0, 'o' }, + { "dereference", 0, 'L' }, { "dot", 0, 'V' }, { "extract", 0, 'i' }, { "file", 1, 'F' }, Modified: releng/11.0/contrib/libarchive/cpio/test/test_option_version.c ============================================================================== --- releng/11.0/contrib/libarchive/cpio/test/test_option_version.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/cpio/test/test_option_version.c Sat Sep 3 00:27:41 2016 (r305313) @@ -75,7 +75,7 @@ verify(const char *p, size_t s) if (*q == 'a' || *q == 'b' || *q == 'c' || *q == 'd') ++q; /* Skip arbitrary third-party version numbers. */ - while (s > 0 && (*q == ' ' || *q == '/' || *q == '.' || isalnum(*q))) { + while (s > 0 && (*q == ' ' || *q == '-' || *q == '/' || *q == '.' || isalnum(*q))) { ++q; --s; } Modified: releng/11.0/contrib/libarchive/libarchive/archive_match.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_match.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_match.c Sat Sep 3 00:27:41 2016 (r305313) @@ -655,7 +655,7 @@ add_pattern_from_file(struct archive_mat } } - /* If something error happend, report it immediately. */ + /* If an error occurred, report it immediately. */ if (r < ARCHIVE_OK) { archive_copy_error(&(a->archive), ar); archive_read_free(ar); Modified: releng/11.0/contrib/libarchive/libarchive/archive_ppmd7_private.h ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_ppmd7_private.h Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_ppmd7_private.h Sat Sep 3 00:27:41 2016 (r305313) @@ -19,7 +19,7 @@ If you need the compatibility with origi #define PPMD7_MAX_ORDER 64 #define PPMD7_MIN_MEM_SIZE (1 << 11) -#define PPMD7_MAX_MEM_SIZE (0xFFFFFFFF - 12 * 3) +#define PPMD7_MAX_MEM_SIZE (0xFFFFFFFFu - 12 * 3) struct CPpmd7_Context_; Modified: releng/11.0/contrib/libarchive/libarchive/archive_read_add_passphrase.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_read_add_passphrase.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_read_add_passphrase.c Sat Sep 3 00:27:41 2016 (r305313) @@ -125,7 +125,7 @@ void __archive_read_reset_passphrase(struct archive_read *a) { - a->passphrases.candiate = -1; + a->passphrases.candidate = -1; } /* @@ -137,31 +137,31 @@ __archive_read_next_passphrase(struct ar struct archive_read_passphrase *p; const char *passphrase; - if (a->passphrases.candiate < 0) { + if (a->passphrases.candidate < 0) { /* Count out how many passphrases we have. */ int cnt = 0; for (p = a->passphrases.first; p != NULL; p = p->next) cnt++; - a->passphrases.candiate = cnt; + a->passphrases.candidate = cnt; p = a->passphrases.first; - } else if (a->passphrases.candiate > 1) { + } else if (a->passphrases.candidate > 1) { /* Rotate a passphrase list. */ - a->passphrases.candiate--; + a->passphrases.candidate--; p = remove_passphrases_from_head(a); add_passphrase_to_tail(a, p); - /* Pick a new passphrase candiate up. */ + /* Pick a new passphrase candidate up. */ p = a->passphrases.first; - } else if (a->passphrases.candiate == 1) { - /* This case is that all cadiates failed to decryption. */ - a->passphrases.candiate = 0; + } else if (a->passphrases.candidate == 1) { + /* This case is that all candidates failed to decrypt. */ + a->passphrases.candidate = 0; if (a->passphrases.first->next != NULL) { /* Rotate a passphrase list. */ p = remove_passphrases_from_head(a); add_passphrase_to_tail(a, p); } p = NULL; - } else /* There is no passphrase candaite. */ + } else /* There is no passphrase candidate. */ p = NULL; if (p != NULL) @@ -177,7 +177,7 @@ __archive_read_next_passphrase(struct ar if (p == NULL) return (NULL); insert_passphrase_to_head(a, p); - a->passphrases.candiate = 1; + a->passphrases.candidate = 1; } } else passphrase = NULL; Modified: releng/11.0/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c Sat Sep 3 00:27:41 2016 (r305313) @@ -641,13 +641,16 @@ translate_acl(struct archive_read_disk * * Libarchive stores "flag" (NFSv4 inheritance bits) * in the ae_perm bitmap. */ - acl_get_flagset_np(acl_entry, &acl_flagset); - for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) { - if (acl_get_flag_np(acl_flagset, - acl_inherit_map[i].platform_inherit)) - ae_perm |= acl_inherit_map[i].archive_inherit; - - } + // XXX acl_get_flagset_np on FreeBSD returns EINVAL for + // non-NFSv4 ACLs + r = acl_get_flagset_np(acl_entry, &acl_flagset); + if (r == 0) { + for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) { + if (acl_get_flag_np(acl_flagset, + acl_inherit_map[i].platform_inherit)) + ae_perm |= acl_inherit_map[i].archive_inherit; + } + } #endif acl_get_permset(acl_entry, &acl_permset); Modified: releng/11.0/contrib/libarchive/libarchive/archive_read_disk_posix.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_read_disk_posix.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_read_disk_posix.c Sat Sep 3 00:27:41 2016 (r305313) @@ -938,7 +938,7 @@ next_entry(struct archive_read_disk *a, r = archive_match_path_excluded(a->matching, entry); if (r < 0) { archive_set_error(&(a->archive), errno, - "Faild : %s", archive_error_string(a->matching)); + "Failed : %s", archive_error_string(a->matching)); return (r); } if (r) { @@ -1041,7 +1041,7 @@ next_entry(struct archive_read_disk *a, r = archive_match_time_excluded(a->matching, entry); if (r < 0) { archive_set_error(&(a->archive), errno, - "Faild : %s", archive_error_string(a->matching)); + "Failed : %s", archive_error_string(a->matching)); return (r); } if (r) { @@ -1067,7 +1067,7 @@ next_entry(struct archive_read_disk *a, r = archive_match_owner_excluded(a->matching, entry); if (r < 0) { archive_set_error(&(a->archive), errno, - "Faild : %s", archive_error_string(a->matching)); + "Failed : %s", archive_error_string(a->matching)); return (r); } if (r) { Modified: releng/11.0/contrib/libarchive/libarchive/archive_read_private.h ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_read_private.h Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_read_private.h Sat Sep 3 00:27:41 2016 (r305313) @@ -221,7 +221,7 @@ struct archive_read { struct { struct archive_read_passphrase *first; struct archive_read_passphrase **last; - int candiate; + int candidate; archive_passphrase_callback *callback; void *client_data; } passphrases; Modified: releng/11.0/contrib/libarchive/libarchive/archive_read_support_filter_lz4.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_read_support_filter_lz4.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_read_support_filter_lz4.c Sat Sep 3 00:27:41 2016 (r305313) @@ -595,7 +595,7 @@ lz4_filter_read_data_block(struct archiv #endif } - /* Check if an error happend in decompression process. */ + /* Check if an error occurred in the decompression process. */ if (uncompressed_size < 0) { archive_set_error(&(self->archive->archive), ARCHIVE_ERRNO_MISC, "lz4 decompression failed"); Modified: releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_lha.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_lha.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_lha.c Sat Sep 3 00:27:41 2016 (r305313) @@ -1715,8 +1715,11 @@ lha_crc16(uint16_t crc, const void *pp, #undef bswap16 #if defined(_MSC_VER) && _MSC_VER >= 1400 /* Visual Studio */ # define bswap16(x) _byteswap_ushort(x) -#elif (defined(__GNUC__) && __GNUC__ >= 4 && __GNUC_MINOR__ >= 8) \ - || defined(__clang__) +#elif defined(__GNUC__) && ((__GNUC__ == 4 && __GNUC_MINOR__ >= 8) || __GNUC__ > 4) +/* GCC 4.8 and later has __builtin_bswap16() */ +# define bswap16(x) __builtin_bswap16(x) +#elif defined(__clang__) +/* All clang versions have __builtin_bswap16() */ # define bswap16(x) __builtin_bswap16(x) #else # define bswap16(x) ((((x) >> 8) & 0xff) | ((x) << 8)) Modified: releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_tar.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_tar.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_tar.c Sat Sep 3 00:27:41 2016 (r305313) @@ -1128,8 +1128,15 @@ header_common(struct archive_read *a, st if (tar->entry_bytes_remaining < 0) { tar->entry_bytes_remaining = 0; archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, - "Tar entry has negative size?"); - err = ARCHIVE_WARN; + "Tar entry has negative size"); + return (ARCHIVE_FATAL); + } + if (tar->entry_bytes_remaining == INT64_MAX) { + /* Note: tar_atol returns INT64_MAX on overflow */ + tar->entry_bytes_remaining = 0; + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + "Tar entry size overflow"); + return (ARCHIVE_FATAL); } tar->realsize = tar->entry_bytes_remaining; archive_entry_set_size(entry, tar->entry_bytes_remaining); Modified: releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_warc.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_warc.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_warc.c Sat Sep 3 00:27:41 2016 (r305313) @@ -318,7 +318,7 @@ start_over: } memcpy(w->pool.str, fnam.str, fnam.len); w->pool.str[fnam.len] = '\0'; - /* let noone else know about the pool, it's a secret, shhh */ + /* let no one else know about the pool, it's a secret, shhh */ fnam.str = w->pool.str; /* snarf mtime or deduce from rtime Modified: releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_zip.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_zip.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_read_support_format_zip.c Sat Sep 3 00:27:41 2016 (r305313) @@ -418,18 +418,30 @@ zip_time(const char *p) * id1+size1+data1 + id2+size2+data2 ... * triplets. id and size are 2 bytes each. */ -static void -process_extra(const char *p, size_t extra_length, struct zip_entry* zip_entry) +static int +process_extra(struct archive_read *a, const char *p, size_t extra_length, struct zip_entry* zip_entry) { unsigned offset = 0; - while (offset < extra_length - 4) { + if (extra_length == 0) { + return ARCHIVE_OK; + } + + if (extra_length < 4) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Too-small extra data: Need at least 4 bytes, but only found %d bytes", (int)extra_length); + return ARCHIVE_FAILED; + } + while (offset <= extra_length - 4) { unsigned short headerid = archive_le16dec(p + offset); unsigned short datasize = archive_le16dec(p + offset + 2); offset += 4; if (offset + datasize > extra_length) { - break; + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Extra data overflow: Need %d bytes but only found %d bytes", + (int)datasize, (int)(extra_length - offset)); + return ARCHIVE_FAILED; } #ifdef DEBUG fprintf(stderr, "Header id 0x%04x, length %d\n", @@ -715,13 +727,13 @@ process_extra(const char *p, size_t extr } offset += datasize; } -#ifdef DEBUG - if (offset != extra_length) - { - fprintf(stderr, - "Extra data field contents do not match reported size!\n"); + if (offset != extra_length) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Malformed extra data: Consumed %d bytes of %d bytes", + (int)offset, (int)extra_length); + return ARCHIVE_FAILED; } -#endif + return ARCHIVE_OK; } /* @@ -840,7 +852,9 @@ zip_read_local_file_header(struct archiv return (ARCHIVE_FATAL); } - process_extra(h, extra_length, zip_entry); + if (ARCHIVE_OK != process_extra(a, h, extra_length, zip_entry)) { + return ARCHIVE_FATAL; + } __archive_read_consume(a, extra_length); /* Work around a bug in Info-Zip: When reading from a pipe, it @@ -1293,7 +1307,7 @@ zip_read_data_deflate(struct archive_rea && bytes_avail > zip->entry_bytes_remaining) { bytes_avail = (ssize_t)zip->entry_bytes_remaining; } - if (bytes_avail <= 0) { + if (bytes_avail < 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Truncated ZIP file body"); return (ARCHIVE_FATAL); @@ -2691,7 +2705,9 @@ slurp_central_directory(struct archive_r "Truncated ZIP file header"); return ARCHIVE_FATAL; } - process_extra(p + filename_length, extra_length, zip_entry); + if (ARCHIVE_OK != process_extra(a, p + filename_length, extra_length, zip_entry)) { + return ARCHIVE_FATAL; + } /* * Mac resource fork files are stored under the Modified: releng/11.0/contrib/libarchive/libarchive/archive_util.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_util.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_util.c Sat Sep 3 00:27:41 2016 (r305313) @@ -580,7 +580,7 @@ void __archive_ensure_cloexec_flag(int fd) { #if defined(_WIN32) && !defined(__CYGWIN__) - (void)fd; /* UNSED */ + (void)fd; /* UNUSED */ #else int flags; Modified: releng/11.0/contrib/libarchive/libarchive/archive_write_disk_acl.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_write_disk_acl.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_write_disk_acl.c Sat Sep 3 00:27:41 2016 (r305313) @@ -138,6 +138,7 @@ set_acl(struct archive *a, int fd, const acl_permset_t acl_permset; #ifdef ACL_TYPE_NFS4 acl_flagset_t acl_flagset; + int r; #endif int ret; int ae_type, ae_permset, ae_tag, ae_id; @@ -223,12 +224,16 @@ set_acl(struct archive *a, int fd, const } #ifdef ACL_TYPE_NFS4 - acl_get_flagset_np(acl_entry, &acl_flagset); - acl_clear_flags_np(acl_flagset); - for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) { - if (ae_permset & acl_inherit_map[i].archive_inherit) - acl_add_flag_np(acl_flagset, - acl_inherit_map[i].platform_inherit); + // XXX acl_get_flagset_np on FreeBSD returns EINVAL for + // non-NFSv4 ACLs + r = acl_get_flagset_np(acl_entry, &acl_flagset); + if (r == 0) { + acl_clear_flags_np(acl_flagset); + for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) { + if (ae_permset & acl_inherit_map[i].archive_inherit) + acl_add_flag_np(acl_flagset, + acl_inherit_map[i].platform_inherit); + } } #endif } Modified: releng/11.0/contrib/libarchive/libarchive/archive_write_disk_posix.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_write_disk_posix.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_write_disk_posix.c Sat Sep 3 00:27:41 2016 (r305313) @@ -1796,7 +1796,7 @@ edit_deep_directories(struct archive_wri char *tail = a->name; /* If path is short, avoid the open() below. */ - if (strlen(tail) <= PATH_MAX) + if (strlen(tail) < PATH_MAX) return; /* Try to record our starting dir. */ @@ -1806,7 +1806,7 @@ edit_deep_directories(struct archive_wri return; /* As long as the path is too long... */ - while (strlen(tail) > PATH_MAX) { + while (strlen(tail) >= PATH_MAX) { /* Locate a dir prefix shorter than PATH_MAX. */ tail += PATH_MAX - 8; while (tail > a->name && *tail != '/') @@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk r = lstat(a->name, &st); if (r != 0) { /* We've hit a dir that doesn't exist; stop now. */ - if (errno == ENOENT) + if (errno == ENOENT) { break; + } else { + /* Note: This effectively disables deep directory + * support when security checks are enabled. + * Otherwise, very long pathnames that trigger + * an error here could evade the sandbox. + * TODO: We could do better, but it would probably + * require merging the symlink checks with the + * deep-directory editing. */ + return (ARCHIVE_FAILED); + } } else if (S_ISLNK(st.st_mode)) { if (c == '\0') { /* Modified: releng/11.0/contrib/libarchive/libarchive/archive_write_set_format_iso9660.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_write_set_format_iso9660.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_write_set_format_iso9660.c Sat Sep 3 00:27:41 2016 (r305313) @@ -436,7 +436,7 @@ struct iso_option { * Type : string * Default: Auto detect * : We check a size of boot image; - * : If ths size is just 1.22M/1.44M/2.88M, + * : If the size is just 1.22M/1.44M/2.88M, * : we assume boot_type is 'fd'; * : otherwise boot_type is 'no-emulation'. * COMPAT : Modified: releng/11.0/contrib/libarchive/libarchive/archive_write_set_format_ustar.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/archive_write_set_format_ustar.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/archive_write_set_format_ustar.c Sat Sep 3 00:27:41 2016 (r305313) @@ -307,7 +307,7 @@ archive_write_ustar_header(struct archiv * case getting WCS failed. On POSIX, this is a * normal operation. */ - if (p != NULL && p[strlen(p) - 1] != '/') { + if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') { struct archive_string as; archive_string_init(&as); Modified: releng/11.0/contrib/libarchive/libarchive/test/main.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/test/main.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/test/main.c Sat Sep 3 00:27:41 2016 (r305313) @@ -1440,6 +1440,31 @@ assertion_file_size(const char *file, in return (0); } +/* Verify mode of 'pathname'. */ +int +assertion_file_mode(const char *file, int line, const char *pathname, int expected_mode) +{ + int mode; + int r; + + assertion_count(file, line); +#if defined(_WIN32) && !defined(__CYGWIN__) + failure_start(file, line, "assertFileMode not yet implemented for Windows"); +#else + { + struct stat st; + r = lstat(pathname, &st); + mode = (int)(st.st_mode & 0777); + } + if (r == 0 && mode == expected_mode) + return (1); + failure_start(file, line, "File %s has mode %o, expected %o", + pathname, mode, expected_mode); +#endif + failure_finish(NULL); + return (0); +} + /* Assert that 'pathname' is a dir. If mode >= 0, verify that too. */ int assertion_is_dir(const char *file, int line, const char *pathname, int mode) Modified: releng/11.0/contrib/libarchive/libarchive/test/test.h ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/test/test.h Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/test/test.h Sat Sep 3 00:27:41 2016 (r305313) @@ -182,6 +182,8 @@ assertion_file_nlinks(__FILE__, __LINE__, pathname, nlinks) #define assertFileSize(pathname, size) \ assertion_file_size(__FILE__, __LINE__, pathname, size) +#define assertFileMode(pathname, mode) \ + assertion_file_mode(__FILE__, __LINE__, pathname, mode) #define assertTextFileContents(text, pathname) \ assertion_text_file_contents(__FILE__, __LINE__, text, pathname) #define assertFileContainsLinesAnyOrder(pathname, lines) \ @@ -246,6 +248,7 @@ int assertion_file_mtime_recent(const ch int assertion_file_nlinks(const char *, int, const char *, int); int assertion_file_not_exists(const char *, int, const char *); int assertion_file_size(const char *, int, const char *, long); +int assertion_file_mode(const char *, int, const char *, int); int assertion_is_dir(const char *, int, const char *, int); int assertion_is_hardlink(const char *, int, const char *, const char *); int assertion_is_not_hardlink(const char *, int, const char *, const char *); Modified: releng/11.0/contrib/libarchive/libarchive/test/test_archive_string_conversion.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/test/test_archive_string_conversion.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/test/test_archive_string_conversion.c Sat Sep 3 00:27:41 2016 (r305313) @@ -800,8 +800,8 @@ DEFINE_TEST(test_archive_string_conversi assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); assert((fp = fopen(testdata, "w")) != NULL); while ((size = archive_read_data(a, buff, 512)) > 0) - fwrite(buff, 1, size, fp); - fclose(fp); + assertEqualInt(size, fwrite(buff, 1, size, fp)); + assertEqualInt(0, fclose(fp)); assertEqualInt(ARCHIVE_OK, archive_read_free(a)); test_archive_string_normalization_nfc(testdata); Modified: releng/11.0/contrib/libarchive/libarchive/test/test_fuzz.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/test/test_fuzz.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/test/test_fuzz.c Sat Sep 3 00:27:41 2016 (r305313) @@ -110,13 +110,17 @@ test_fuzz(const struct files *filesets) for (i = 0; filesets[n].names[i] != NULL; ++i) { tmp = slurpfile(&size, filesets[n].names[i]); - rawimage = (char *)realloc(rawimage, oldsize + size); + char *newraw = (char *)realloc(rawimage, oldsize + size); + if (!assert(newraw != NULL)) + { + free(rawimage); + continue; + } + rawimage = newraw; memcpy(rawimage + oldsize, tmp, size); oldsize += size; size = oldsize; free(tmp); - if (!assert(rawimage != NULL)) - continue; } } if (size == 0) Modified: releng/11.0/contrib/libarchive/libarchive/test/test_read_format_rar.c ============================================================================== --- releng/11.0/contrib/libarchive/libarchive/test/test_read_format_rar.c Sat Sep 3 00:22:42 2016 (r305312) +++ releng/11.0/contrib/libarchive/libarchive/test/test_read_format_rar.c Sat Sep 3 00:27:41 2016 (r305313) @@ -3603,7 +3603,7 @@ DEFINE_TEST(test_read_format_rar_multivo assertEqualIntA(a, 0, archive_read_data(a, buff, sizeof(buff))); /* - * Eigth header. + * Eighth header. */ assertA(0 == archive_read_next_header(a, &ae)); assertEqualString("testdir/testsymlink6", archive_entry_pathname(ae)); Copied: releng/11.0/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.c (from r305188, stable/11/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/11.0/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.c Sat Sep 3 00:27:41 2016 (r305313, copy of r305188, stable/11/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.c) @@ -0,0 +1,143 @@ +/*- + * Copyright (c) 2016 Tim Kientzle + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD"); + +#include + + +/* + * Github Issue 748 reported problems with end-of-entry handling + * with highly-compressible data. This resulted in the end of the + * data being truncated (extracted as zero bytes). + */ + +/* + * Extract the specific test archive that was used to diagnose + * Issue 748: + */ +DEFINE_TEST(test_read_format_zip_high_compression) +{ + const char *refname = "test_read_format_zip_high_compression.zip"; + char *p; + size_t archive_size; + struct archive *a; + struct archive_entry *entry; + + const void *pv; + size_t s; + int64_t o; + + extract_reference_file(refname); + p = slurpfile(&archive_size, refname); + + assert((a = archive_read_new()) != NULL); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_zip(a)); + assertEqualIntA(a, ARCHIVE_OK, read_open_memory_seek(a, p, archive_size, 16 * 1024)); + assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &entry)); + + assertEqualInt(ARCHIVE_OK, archive_read_data_block(a, &pv, &s, &o)); + assertEqualInt(262144, s); + assertEqualInt(0, o); + + assertEqualInt(ARCHIVE_OK, archive_read_data_block(a, &pv, &s, &o)); + assertEqualInt(160, s); + assertEqualInt(262144, o); + + assertEqualInt(ARCHIVE_EOF, archive_read_data_block(a, &pv, &s, &o)); + + assertEqualInt(ARCHIVE_OK, archive_free(a)); + free(p); +} + +/* + * Synthesize a lot of varying inputs that are highly compressible. + */ +DEFINE_TEST(test_read_format_zip_high_compression2) +{ + const size_t body_size = 1024 * 1024; + const size_t buff_size = 2 * 1024 * 1024; + char *body, *body_read, *buff; + int n; + + assert((body = malloc(body_size)) != NULL); + assert((body_read = malloc(body_size)) != NULL); + assert((buff = malloc(buff_size)) != NULL); + + /* Highly-compressible data: all bytes 255, except for a + * single 1 byte. + * The body is always 256k + 6 bytes long (the internal deflation + * buffer is exactly 256k). + */ + + for(n = 1024; n < (int)body_size; n += 1024) { + struct archive *a; + struct archive_entry *entry; + size_t used = 0; + const void *pv; + size_t s; + int64_t o; + + memset(body, 255, body_size); + body[n] = 1; + + /* Write an archive with a single entry of n bytes. */ + assert((a = archive_write_new()) != NULL); + assertEqualInt(ARCHIVE_OK, archive_write_set_format_zip(a)); + assertEqualInt(ARCHIVE_OK, archive_write_open_memory(a, buff, buff_size, &used)); + + entry = archive_entry_new2(a); + archive_entry_set_pathname(entry, "test"); + archive_entry_set_filetype(entry, AE_IFREG); + archive_entry_set_size(entry, 262150); + assertEqualInt(ARCHIVE_OK, archive_write_header(a, entry)); + archive_entry_free(entry); + assertEqualInt(262150, archive_write_data(a, body, 262150)); + assertEqualInt(ARCHIVE_OK, archive_write_free(a)); + + /* Read back the entry and verify the contents. */ + assert((a = archive_read_new()) != NULL); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); + assertEqualIntA(a, ARCHIVE_OK, read_open_memory(a, buff, used, 17)); + assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &entry)); + + assertEqualInt(ARCHIVE_OK, archive_read_data_block(a, &pv, &s, &o)); + assertEqualInt(262144, s); + assertEqualInt(0, o); + + assertEqualInt(ARCHIVE_OK, archive_read_data_block(a, &pv, &s, &o)); + assertEqualInt(6, s); + assertEqualInt(262144, o); + + assertEqualInt(ARCHIVE_EOF, archive_read_data_block(a, &pv, &s, &o)); + + assertEqualInt(ARCHIVE_OK, archive_free(a)); + } + + free(body); + free(body_read); + free(buff); +} Copied: releng/11.0/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.zip.uu (from r305188, stable/11/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.zip.uu) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/11.0/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.zip.uu Sat Sep 3 00:27:41 2016 (r305313, copy of r305188, stable/11/contrib/libarchive/libarchive/test/test_read_format_zip_high_compression.zip.uu) @@ -0,0 +1,18 @@ +begin 644 test_read_format_zip_high_compression.zip +M4$L#!!0`"``(`*=Y]4@``````````*``!``(`"``8VAA +MD5>>))%7GB215W5X"P`!!/8!```$%````.W=06K#,!`%T&E)P8LL?*2XC@N% +M)#5QO>AM@9WDJ6!%\6$K/Q6T3LAX]N/GQ'Z9G&KA^*K1'S +M.`[GOIM*[TP_Q_>O0[G_:3X.Y\^^V/X2<>))%7=7@+``$$]@$```04````4$L%!@`````!``$`5@````L"```` +!```` +` +end Copied: releng/11.0/contrib/libarchive/libarchive/test/test_write_disk_secure744.c (from r305188, stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure744.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/11.0/contrib/libarchive/libarchive/test/test_write_disk_secure744.c Sat Sep 3 00:27:41 2016 (r305313, copy of r305188, stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure744.c) @@ -0,0 +1,95 @@ +/*- + * Copyright (c) 2003-2007,2016 Tim Kientzle + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD$"); + +#define UMASK 022 + +/* + * Github Issue #744 describes a bug in the sandboxing code that + * causes very long pathnames to not get checked for symlinks. + */ + +DEFINE_TEST(test_write_disk_secure744) +{ +#if defined(_WIN32) && !defined(__CYGWIN__) + skipping("archive_write_disk security checks not supported on Windows"); +#else + struct archive *a; + struct archive_entry *ae; + size_t buff_size = 8192; + char *buff = malloc(buff_size); + char *p = buff; + int n = 0; + int t; + + assert(buff != NULL); + + /* Start with a known umask. */ + assertUmask(UMASK); + + /* Create an archive_write_disk object. */ + assert((a = archive_write_disk_new()) != NULL); + archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS); + + while (p + 500 < buff + buff_size) { + memset(p, 'x', 100); + p += 100; + p[0] = '\0'; + + buff[0] = ((n / 1000) % 10) + '0'; + buff[1] = ((n / 100) % 10)+ '0'; + buff[2] = ((n / 10) % 10)+ '0'; + buff[3] = ((n / 1) % 10)+ '0'; + buff[4] = '_'; + ++n; + + /* Create a symlink pointing to the testworkdir */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, buff); + archive_entry_set_mode(ae, S_IFREG | 0777); + archive_entry_copy_symlink(ae, testworkdir); + assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); + archive_entry_free(ae); + + *p++ = '/'; + sprintf(p, "target%d", n); + + /* Try to create a file through the symlink, should fail. */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, buff); + archive_entry_set_mode(ae, S_IFDIR | 0777); + + t = archive_write_header(a, ae); + archive_entry_free(ae); + failure("Attempt to create target%d via %d-character symlink should have failed", n, (int)strlen(buff)); + if(!assertEqualInt(ARCHIVE_FAILED, t)) { + break; + } + } + archive_free(a); + free(buff); +#endif +} Copied: releng/11.0/contrib/libarchive/libarchive/test/test_write_disk_secure745.c (from r305188, stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure745.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/11.0/contrib/libarchive/libarchive/test/test_write_disk_secure745.c Sat Sep 3 00:27:41 2016 (r305313, copy of r305188, stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure745.c) @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2003-2007,2016 Tim Kientzle + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD$"); + +#define UMASK 022 + +/* + * Github Issue #745 describes a bug in the sandboxing code that + * allows one to use a symlink to edit the permissions on a file or + * directory outside of the sandbox. + */ + +DEFINE_TEST(test_write_disk_secure745) +{ +#if defined(_WIN32) && !defined(__CYGWIN__) + skipping("archive_write_disk security checks not supported on Windows"); +#else + struct archive *a; + struct archive_entry *ae; + + /* Start with a known umask. */ + assertUmask(UMASK); + + /* Create an archive_write_disk object. */ + assert((a = archive_write_disk_new()) != NULL); + archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS); + + /* The target dir: The one we're going to try to change permission on */ + assertMakeDir("target", 0700); + + /* The sandbox dir we're going to run inside of. */ + assertMakeDir("sandbox", 0700); + assertChdir("sandbox"); + + /* Create a symlink pointing to the target directory */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, "sym"); + archive_entry_set_mode(ae, S_IFREG | 0777); + archive_entry_copy_symlink(ae, "../target"); + assert(0 == archive_write_header(a, ae)); + archive_entry_free(ae); + + /* Try to alter the target dir through the symlink; this should fail. */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, "sym"); + archive_entry_set_mode(ae, S_IFDIR | 0777); + assert(0 == archive_write_header(a, ae)); + archive_entry_free(ae); + + /* Permission of target dir should not have changed. */ + assertFileMode("../target", 0700); +#endif +} Copied: releng/11.0/contrib/libarchive/libarchive/test/test_write_disk_secure746.c (from r305188, stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure746.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/11.0/contrib/libarchive/libarchive/test/test_write_disk_secure746.c Sat Sep 3 00:27:41 2016 (r305313, copy of r305188, stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure746.c) @@ -0,0 +1,125 @@ +/*- + * Copyright (c) 2003-2007,2016 Tim Kientzle + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD$"); + +#define UMASK 022 + +/* + * Github Issue #746 describes a problem in which hardlink targets are + * not adequately checked and can be used to modify entries outside of + * the sandbox. + */ + +/* + * Verify that ARCHIVE_EXTRACT_SECURE_NODOTDOT disallows '..' in hardlink + * targets. + */ +DEFINE_TEST(test_write_disk_secure746a) +{ +#if defined(_WIN32) && !defined(__CYGWIN__) + skipping("archive_write_disk security checks not supported on Windows"); +#else + struct archive *a; + struct archive_entry *ae; + + /* Start with a known umask. */ + assertUmask(UMASK); + + /* The target directory we're going to try to affect. */ + assertMakeDir("target", 0700); + assertMakeFile("target/foo", 0700, "unmodified"); + + /* The sandbox dir we're going to work within. */ + assertMakeDir("sandbox", 0700); + assertChdir("sandbox"); + + /* Create an archive_write_disk object. */ + assert((a = archive_write_disk_new()) != NULL); + archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_NODOTDOT); + + /* Attempt to hardlink to the target directory. */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, "bar"); + archive_entry_set_mode(ae, S_IFREG | 0777); + archive_entry_set_size(ae, 8); + archive_entry_copy_hardlink(ae, "../target/foo"); + assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae)); + assertEqualInt(ARCHIVE_FAILED, archive_write_data(a, "modified", 8)); + archive_entry_free(ae); + + /* Verify that target file contents are unchanged. */ + assertTextFileContents("unmodified", "../target/foo"); +#endif +} + +/* + * Verify that ARCHIVE_EXTRACT_SECURE_NOSYMLINK disallows symlinks in hardlink + * targets. + */ +DEFINE_TEST(test_write_disk_secure746b) +{ +#if defined(_WIN32) && !defined(__CYGWIN__) + skipping("archive_write_disk security checks not supported on Windows"); +#else + struct archive *a; + struct archive_entry *ae; + + /* Start with a known umask. */ + assertUmask(UMASK); + + /* The target directory we're going to try to affect. */ + assertMakeDir("target", 0700); + assertMakeFile("target/foo", 0700, "unmodified"); + + /* The sandbox dir we're going to work within. */ + assertMakeDir("sandbox", 0700); + assertChdir("sandbox"); + + /* Create an archive_write_disk object. */ + assert((a = archive_write_disk_new()) != NULL); + archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS); + + /* Create a symlink to the target directory. */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, "symlink"); + archive_entry_copy_symlink(ae, "../target"); + assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae)); + archive_entry_free(ae); + + /* Attempt to hardlink to the target directory via the symlink. */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, "bar"); + archive_entry_set_mode(ae, S_IFREG | 0777); + archive_entry_set_size(ae, 8); + archive_entry_copy_hardlink(ae, "symlink/foo"); + assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae)); + assertEqualInt(ARCHIVE_FAILED, archive_write_data(a, "modified", 8)); + archive_entry_free(ae); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***