HardenedBSD/hardenedbsd a906febsys/vm vm_unix.c

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
+0-51 files

HardenedBSD/hardenedbsd 887d9e4lib/libcasper/services/cap_sysctl cap_sysctl.c cap_sysctl.3, lib/libcasper/services/cap_sysctl/tests sysctl_test.c

Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master

        sys/vm/vm_unix.c (unresolved)

HardenedBSD/hardenedbsd dd0f9ebsys/cddl/contrib/opensolaris/uts/common/fs/zfs zfs_rlock.c vdev_indirect.c, sys/dev/nctgpio nctgpio.c

Merge remote-tracking branch 'freebsd/stable/12' into hardened/12-stable/master

HardenedBSD/hardenedbsd 878f67bsys/riscv/riscv elf_machdep.c

HBSD: Resolve merge conflict

Keep FreeBSD's ASR disabled for RISC-V.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

HardenedBSD/hardenedbsd 657ef51share/man/man4 superio.4, share/man/man9 superio.9

Merge remote-tracking branch 'origin/freebsd/12-stable/master' into 

        sys/riscv/riscv/elf_machdep.c (unresolved)

HardenedBSD/hardenedbsd 6357299sys/amd64/linux Makefile, sys/compat/freebsd32 capabilities.conf

Merge remote-tracking branch 'origin/freebsd/12-stable/master' into 

        sys/i386/ibcs2/ibcs2_proto.h (deleted)
        sys/i386/ibcs2/ibcs2_syscall.h (deleted)
        sys/i386/ibcs2/ibcs2_sysent.c (deleted)

FreeBSD/ports 517355head/lang/gcc9-devel Makefile

Backport 517206 | gerald | 2019-11-10 from lang/gcc10-devel:

  Add a new option PLUGINS that enables GCC's plugin framework. This is off
  by default for now, but something to possibly make the default after a bit
  of settling.

  I plan to backport this to lang/gcc9-devel and then lang/gcc9.

Submitted by:   David Carlier <devnexen at gmail.com>
Differential Revision:  https://reviews.freebsd.org/D22292

FreeBSD/src 354666head/usr.sbin/sesutil sesutil.c

sesutil: fix another memory leak

Instead of calloc()ing (and forgetting to free) in a tight loop, just put
this small array on the stack.

Reported by:    Coverity
Coverity CID:   1331665
MFC after:      2 weeks
Sponsored by:   Axcient

FreeBSD/ports 517354head/emulators/virtualbox-ose-additions Makefile

Fix build with OPENGL option when using 3.x as default Python.

Note the same problem in emulators/virtualbox-ose was fixed in r475363.

Reported by:    fluffy

OpenBSD/src 38gYOANsys/net if.c

   check for privileged bridges ioctls next to the other privileged ioctls.

   there's now a bunch of drivers that implement the bridge ioctls,
   but they're inconsistent at checking privilege. doing it up front
   once means less code duplication, and more consistent application
   of the checks.

   ok bluhm@ deraadt@
+26-11 files

Linux/linux 0e3f1addrivers/staging/vboxsf shfl_hostintf.h utils.c

Remove VirtualBox guest shared folders filesystem

This went into staging in rc7.  It turns out that was a mistake, and
apparently it wasn't even supposed to go there at all, but be introduced
as a regular filesystem.

We don't try to sneak in whole new filesystems this late in the rc, just
delete the whole thing, and it can be re-introduced as a proper patch
with proper acks from actual filesystem people instead of some odd
late-rc staging back-door.

Cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Cc: Christoph Hellwig <hch at infradead.org>
Cc: Hans de Goede <hdegoede at redhat.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>

OpenBSD/ports SsQuAMTsecurity/libfido2 Makefile distinfo, security/libfido2/patches patch-examples_util_c

   OpenSSH now requires v.2 of the middleware in order to support Ed25519
   keys on FIDO2 tokens. Point this port as a compatible middleware ahead
   of it landing upstream.

FreeBSD/src 354665head/usr.sbin/sesutil sesutil.c

sesutil: fix some memory leaks

Reported by:    Coverity
Coverity CID:   1331665
MFC after:      2 weeks
Sponsored by:   Axcient

FreeBSD/src 354664head/usr.sbin/sesutil sesutil.c

sesutil: fix an out-of-bounds array access

sesutil would allow the user to toggle an LED that was one past the maximum
element.  If he tried, ENCIOC_GETELMSTAT would return EINVAL.

Reported by:    Coverity
Coverity CID:   1398940
MFC after:      2 weeks
Sponsored by:   Axcient

DragonFlyBSD/src 8b411d2sys/kern sys_process.c, sys/vfs/procfs procfs_subr.c procfs_vnops.c

kernel - Fix first-lwp access race vs process creation

* It is possible for a process to be looked up before its primary
  lwp is installed.  Make sure this doesn't crash the kernel.

DragonFlyBSD/src 4cc8110lib/libthread_xu/thread thr_mutex.c thr_umtx.c

pthreads - Fix incorrect fork assumption

* libthread_xu assumed that the forked child process's TID would be 1,
  but that is no longer the case.

* Fix the assumption and correct some comments while we are here.

Reported-by: zrj

OpenBSD/src mZw9KD1usr.bin/ssh ssh-sk.c

   allow an empty attestation certificate returned by a security key
   enrollment - these are possible for tokens that only offer self-
   attestation. This also needs support from the middleware.

   ok markus@
+3-21 files

OpenBSD/src SpG0Obyusr.bin/ssh sshconnect2.c ssh-keygen.c

   security keys typically need to be tapped/touched in order to perform
   a signature operation. Notify the user when this is expected via
   the TTY (if available) or $SSH_ASKPASS if we can.

   ok markus@

OpenBSD/src qmvlLtrusr.bin/ssh readpass.c

   pass SSH_ASKPASS_PROMPT hint to y/n key confirm too
+2-11 files

OpenBSD/src jK9bc9yusr.bin/ssh readpass.c misc.h

   dd API for performing one-shot notifications via tty or SSH_ASKPASS
+91-22 files

OpenBSD/src 66F9epwusr.bin/ssh xmalloc.c xmalloc.h

   add xvasprintf()
+17-82 files

FreeBSD/src 354663head/libexec/rtld-elf Makefile, head/libexec/rtld-elf32 Makefile

libcompat: Correct rtld MLINKS

Don't install duplicate ld-elf.so.1.1 and ld.so.1 links in rtld-elf32.
Do install lib-elf32.so.1.1 and ldd32.1 links.

Reported by:    madpilot

OpenBSD/ports fj96yGSsysutils/telegraf Makefile distinfo, sysutils/telegraf/patches patch-plugins_inputs_pf_pf_go patch-plugins_inputs_openntpd_openntpd_go

   Update telegraf to 1.12.3

OpenBSD/ports 3rKwEWgeditors/calligra/patches patch-filters_karbon_pdf_SvgOutputDev_cpp patch-filters_karbon_pdf_SvgOutputDev_h

   Fix for poppler-0.82.0.

   ok aja@

OpenBSD/ports xoOdre1databases/influxdb Makefile distinfo

   update influxdb to 1.6.6

   Take maintainer

   OK landry@ bket@

OpenBSD/ports IodqyLcgraphics/inkscape/patches patch-src_extension_internal_pdfinput_svg-builder_cpp patch-src_extension_internal_pdfinput_svg-builder_h

   Fix for poppler-0.82.0.

   ok aja@

OpenBSD/ports F95I6kRprint/poppler Makefile distinfo, print/poppler/pkg PLIST-main

   Update to poppler-0.82.0.

FreeBSD/ports 517353head/deskutils Makefile, head/deskutils/terminal-image-viewer Makefile pkg-descr

New port: deskutils/terminal-image-viewer: Display images in terminals using RGB ANSI 
codes & unicode characters

FreeNAS/freenas 22a8b28src/middlewared/middlewared/plugins keychain.py

Handle ssh-keyscan timeout properly

FreeBSD/ports 517352head/security/vuxml vuln.xml

Fix build.

Sponsored by:   Rubicon Communications, LLC (netgate.com)

FreeBSD/src 354662head/lib/clang llvm.build.mk

Sync target triple generation with the version in Makefile.inc1.

Reviewed by:    dim
Sponsored by:   DARPA
Differential Revision:  https://reviews.freebsd.org/D22333

FreeNAS/freenas 3fbad7fsrc/middlewared/middlewared/plugins replication.py

Handle ssh-keyscan timeout properly

FreeBSD/src 354661head Makefile.inc1


This ensures that a bootstrap clang compiler is always installed as cc
in WORLDTMP.  If it is only installed as 'clang' then /usr/bin/cc is
used during the build instead of the bootstrap compiler.

Reviewed by:    imp
MFC after:      1 month
Sponsored by:   DARPA
Differential Revision:  https://reviews.freebsd.org/D22332
+1-01 files

FreeBSD/src 354660head/share/mk src.opts.mk

Enable the RISC-V LLVM backend by default.

Reviewed by:    dim, mhorne, emaste
MFC after:      1 month
Sponsored by:   DARPA
Differential Revision:  https://reviews.freebsd.org/D22284

OpenBSD/ports qjm6vj6infrastructure/db network.conf

   update MASTER_SITE_KDE and prefer https over http/ftp.
+10-81 files

FreeBSD/ports 517351head MOVED, head/graphics Makefile py-pyvips

- Rename graphics/py-vips to graphics/py-pyvips. pyvips is the actual name of this 
- Add missing RUN_DEPENDS

Reported by:    koobs

Linux/linux 8c5bd25arch/x86/kvm x86.c mmu.c, arch/x86/kvm/vmx vmx.c vmx.h

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
 "Fix unwinding of KVM_CREATE_VM failure, VT-d posted interrupts,
  DAX/ZONE_DEVICE, and module unload/reload"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved
  KVM: VMX: Introduce pi_is_pir_empty() helper
  KVM: VMX: Do not change PID.NDST when loading a blocked vCPU
  KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts
  KVM: VMX: Fix comment to specify PID.ON instead of PIR.ON
  KVM: X86: Fix initialization of MSR lists
  KVM: fix placement of refcount initialization
  KVM: Fix NULL-ptr deref after kvm_create_vm fails

FreeBSD/ports 517350head/emulators/qemu-sbruno distinfo Makefile

emulators/qemu-user-static: update to head as of 2019/11/12

With this update, sendmsg/recvmsg (thus, casper'ized) applications now work
again on mips.  Various signal handling issues have also been addressed,
most notably qemu-user-static should no longer deadlock when evaluating
whether printf survives out-of-memory conditions or not.

PR:            224740
Approved by:    ler (ports), sbruno (maintainer, implicit)
MFH:           2019Q4

FreeBSD/src 354659head/usr.sbin/bhyve mevent.c

bhyve: rework mevent processing to fix a race condition

At the end of both mevent_add() and mevent_update(), mevent_notify()
is called to wakeup the I/O thread, that will call kevent(changelist)
to update the kernel.
A race condition is possible where the client calls mevent_add() and
mevent_update(EV_ENABLE) before the I/O thread has the chance to wake
up and call mevent_build()+kevent(changelist) in response to mevent_add().
The mevent_add() is therefore ignored by the I/O thread, and
kevent(fd, EV_ENABLE) is called before kevent(fd, EV_ADD), resuliting
in a failure of the kevent(fd, EV_ENABLE) call.

PR:     241808
Reviewed by:    jhb, markj
MFC with:       r354288
Differential Revision:  https://reviews.freebsd.org/D22286


   new tmux
+5-42 files

NetBSD/src QZsnfGnexternal/bsd/tmux/usr.bin/tmux Makefile

   new files and bump version

OpenBSD/src CNW0Q3Musr.sbin/smtpd parse.y smtpd.conf.5

   a long long time ago, there was no such thing as "from socket" and the
   socket listener was tagged "local" so we could trick "from local" into
   matching non-network connections.

   this hack was removed years ago and the socket listener still had this
   "local" tag hardcoded. this commit teaches parse.y how to assign a tag
   to a socket listener and removes the hardcoded "local".
+22-72 files

NetBSD/src ABeSiUxexternal/bsd/tmux/dist window-copy.c format.c

   merge conflicts

FreeBSD/ports 517349head/www/chromium distinfo Makefile

www/chromium: update to 78.0.3904.97

Submitted by:   Matthias Wolf
MFH:           2019Q4
Security:       88d00176-058e-11ea-bd1c-3065ec8fd3ec

FreeBSD/ports 517348head/security/vuxml vuln.xml

Document new vulnerability in www/chromium < 78.0.3904.97

NetBSD/src PxLOa0elib/libedit terminal.c

   PR/54654: Soren Tempel: Make sure el_cursor.v < el_terminal.t_size.v when
   moving around.
+5-41 files

Illumos/gate 10b633fusr/src/uts/common/io/usb/scsa2usb scsa2usb.c, usr/src/uts/common/sys/usb/scsa2usb scsa2usb.h

11952 large USB hard disks experience I/O failures
Reviewed by: Paul Winder <paul at winders.demon.co.uk>
Reviewed by: Toomas Soome <tsoome at me.com>
Reviewed by: C Fraire <cfraire at me.com>
Approved by: Dan McDonald <danmcd at joyent.com>

OpenBSD/ports 2TJbhCfgraphics/py-dot/patches patch-dot_parser_py, mail/rspamd/pkg PFRAG.no-no_luajit

   zap empty files

NetBSD/pkgsrc 8Yvuy4hmath/ruby-spreadsheet distinfo Makefile

   ruby-spreadsheet: various fixes

   regen distinfo for 1.2.5 update, fix binary name in ALTERNATIVES file.

NetBSD/pkgsrc BXJrCpcdevel/ruby-rgl distinfo

   ruby-rgl: regen distinfo for 0.5.6
+5-51 files