HardenedBSD/hardenedbsd 8f95e6fcontrib/tzdata NEWS europe

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  Added missing CTLFLAG_VNET to lacp default_strict_mode
  ULE: provide defaults to ts_cpu
  m4: add annotations to various functions
  Import tzdata 2018c
  cxgb(4): Validate offset/len in the GET_EEPROM ioctl.
  Do not generate illegal mbuf chains during IP fragment reassembly.  Only the first mbuf 
of the reassembled datagram should have a pkthdr.
  Import tzdata 2018a

HardenedBSD/hardenedbsd 50d7250contrib/tzdata NEWS europe

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Added missing CTLFLAG_VNET to lacp default_strict_mode
  ULE: provide defaults to ts_cpu
  m4: add annotations to various functions
  Import tzdata 2018c
  cxgb(4): Validate offset/len in the GET_EEPROM ioctl.
  Do not generate illegal mbuf chains during IP fragment reassembly.  Only the first mbuf 
of the reassembled datagram should have a pkthdr.
  Import tzdata 2018a

HardenedBSD/hardenedbsd c62edd0sys/net ieee8023ad_lacp.c

Added missing CTLFLAG_VNET to lacp default_strict_mode

Added CTLFLAG_VNET to net.link.lagg.lacp.default_strict_mode which was missed
in r290450.

Reported by:    julian@
MFC after:      1 week
Sponsored by:   Multiplay

HardenedBSD/hardenedbsd d8d083csys/kern sched_ule.c

ULE: provide defaults to ts_cpu

Fix a bug when the system has no CPU 0. When created, threads were implicitly assigned to 
CPU 0.
This had no practical effect since a real CPU was chosen immediately by the scheduler. 
However,
on systems without a CPU 0, sched_ule attempted to access the scheduler queue of the "old" 
CPU
when assigned the initial choice of the old one. This caused an attempt to use illegal 
memory
and a crash (or, more usually, a deadlock). Fix this by assigned new threads to the BSP
explicitly and add some asserts to see that this problem does not recur.

Authored by:           Nathan Whitehorn <nwhitehorn at freebsd.org>
Submitted by:          Wojciech Macek <wma at semihalf.com>
Obtained from:         Semihalf
Differential revision: https://reviews.freebsd.org/D13932

HardenedBSD/hardenedbsd a58feedusr.bin/m4 extern.h

m4: add annotations to various functions

Explain to the compiler that several functions are either noreturn or
take printf like arguments

Discussed with: swildner at DragonFlyBSD.org

HardenedBSD/hardenedbsd 499b3d0contrib/tzdata NEWS europe

Import tzdata 2018c

Changes: https://github.com/eggert/tz/blob/2018c/NEWS

MFC after:      3 days

HardenedBSD/hardenedbsd 363e4c4. NEWS europe

Import tzdata 2018c
DeltaFile
+46-0NEWS
+29-8europe
+27-0pacificnew
+14-11Makefile
+10-10asia
+10-5leap-seconds.list
+136-345 files not shown
+144-4211 files

HardenedBSD/hardenedbsd a2781c4sys/dev/cxgb cxgb_main.c

cxgb(4): Validate offset/len in the GET_EEPROM ioctl.

Reported by:    Ilja Van Sprundel <ivansprundel at ioactive.com>

HardenedBSD/hardenedbsd 7356371sys/dev/iicbus isl12xx.c nxprtc.c, sys/netpfil/pf pf.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  pf: States have at least two references
  Follow changes in r328307 by using new IIC_RECURSIVE flag.
  Follow changes in r328307 by using new IIC_RECURSIVE flag.
  Fix a bug introduced with recursive bus ownership support in r321584.

HardenedBSD/hardenedbsd af35a0esys/netinet ip_reass.c, sys/netinet6 frag6.c

Do not generate illegal mbuf chains during IP fragment reassembly.  Only
the first mbuf of the reassembled datagram should have a pkthdr.

This was discovered with cxgbe(4) + IPSEC + ping with payload more than
interface MTU.  cxgbe can generate !M_WRITEABLE mbufs and this results
in m_unshare being called on the reassembled datagram, and it complains:

panic: m_unshare: m0 0xfffff80020f82600, m 0xfffff8005d054100 has M_PKTHDR

PR:            224922
Reviewed by:    ae@
MFC after:      1 week
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D14009

HardenedBSD/hardenedbsd d21da32sys/dev/iicbus isl12xx.c nxprtc.c, sys/netpfil/pf pf.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  pf: States have at least two references
  Follow changes in r328307 by using new IIC_RECURSIVE flag.
  Follow changes in r328307 by using new IIC_RECURSIVE flag.
  Fix a bug introduced with recursive bus ownership support in r321584.

HardenedBSD/hardenedbsd 772c641sys/sys cdefs.h, tests/sys/kern ptrace_test.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC r327770: lld: introduce basic man page
  MFC 326953: Catch up to r325719 which makes the kern.proc.pid sysctl "work" for zombies.
  MFC r328221:

HardenedBSD/hardenedbsd 73aeeb6sys/sys cdefs.h, tests/sys/kern ptrace_test.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC r327770: lld: introduce basic man page
  MFC 326953: Catch up to r325719 which makes the kern.proc.pid sysctl "work" for zombies.
  MFC r328221:

HardenedBSD/hardenedbsd d610e60sys/netpfil/pf pf.c

pf: States have at least two references

pf_unlink_state() releases a reference to the state without checking if
this is the last reference. It can't be, because pf_state_insert()
initialises it to two. KASSERT() that this is always the case.

CID:    1347140

HardenedBSD/hardenedbsd 8db22f1tests/sys/kern ptrace_test.c

Merge remote-tracking branch 'origin/hardened/10-stable/master' into 
hardened/10-stable/master-libressl

* origin/hardened/10-stable/master:
  MFC 326953: Catch up to r325719 which makes the kern.proc.pid sysctl "work" for zombies.

HardenedBSD/hardenedbsd d89e871tests/sys/kern ptrace_test.c

Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

* freebsd/10-stable/master:
  MFC 326953: Catch up to r325719 which makes the kern.proc.pid sysctl "work" for zombies.

HardenedBSD/hardenedbsd d645c0dsys/dev/iicbus nxprtc.c

Follow changes in r328307 by using new IIC_RECURSIVE flag.

The driver now ensures only one thread at a time is running in the API
functions (clock_gettime() and clock_settime()) by specifically requesting
ownership of the i2c bus without using IIC_RECURSIVE, then it does all IO
using IIC_RECURSIVE so that each individual IO operation doesn't try to
re-acquire the bus.

The other IO done by the driver happens at attach or intr_config_hooks time,
when there can't be multiple threads running with the same device instance.
So, the IIC_RECURSIVE flag can be safely ORed into the wait flags for all IO
done by the driver, because it's all either done in a single-threaded
environment, or protected within a block bounded by explict
iicbus_acquire_bus() and iicbus_release_bus() calls.
DeltaFile
+20-10sys/dev/iicbus/nxprtc.c
+20-101 files

HardenedBSD/hardenedbsd ce92c66sys/dev/iicbus isl12xx.c

Follow changes in r328307 by using new IIC_RECURSIVE flag.

The driver now ensures only one thread at a time is running in the API
functions (clock_gettime() and clock_settime()) by specifically requesting
ownership of the i2c bus without using IIC_RECURSIVE, then it does all IO
using IIC_RECURSIVE so that each individual IO operation doesn't try to
re-acquire the bus.

The other IO done by the driver happens at attach or intr_config_hooks time,
when there can't be multiple threads running with the same device instance.
So, the IIC_RECURSIVE flag can be safely ORed into the wait flags for all IO
done by the driver, because it's all either done in a single-threaded
environment, or protected within a block bounded by explict
iicbus_acquire_bus() and iicbus_release_bus() calls.
DeltaFile
+25-10sys/dev/iicbus/isl12xx.c
+25-101 files

HardenedBSD/hardenedbsd f03db84usr.bin/clang/lld ld.lld.1 Makefile

MFC r327770: lld: introduce basic man page

Upstream lld has no man page. Introduce a basic one for FreeBSD based on
ld.lld --help, with a brief introduction and additional detail for some
options.

We'll continue refining this in FreeBSD, and then submit it upstream once
the first round of edits are complete.

Submitted by:   krion, Arshan Khanifar, emaste, bjk
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd f9f4a03tests/sys/kern ptrace_test.c

MFC 326953:
Catch up to r325719 which makes the kern.proc.pid sysctl "work" for zombies.

Some of the ptrace tests need to wait for a child process to become a
zombie before preceding.  The parent process polls the child process
via the kern.proc.pid sysctl to wait for it to become a zombie.
Previously the code polled until the sysctl failed with ESRCH.  Now it
will poll until either the sysctl fails with ESRCH (for compatiblity
with older kernels) or returns a kinfo_proc structure with the ki_stat
field set to SZOMB.

HardenedBSD/hardenedbsd b246f20tests/sys/kern ptrace_test.c

MFC 326953:
Catch up to r325719 which makes the kern.proc.pid sysctl "work" for zombies.

Some of the ptrace tests need to wait for a child process to become a
zombie before preceding.  The parent process polls the child process
via the kern.proc.pid sysctl to wait for it to become a zombie.
Previously the code polled until the sysctl failed with ESRCH.  Now it
will poll until either the sysctl fails with ESRCH (for compatiblity
with older kernels) or returns a kinfo_proc structure with the ki_stat
field set to SZOMB.

HardenedBSD/hardenedbsd 4b5f327sys/sys cdefs.h

MFC r328221:

Define a new __alloc_size2 attribute to complement the existing support.

At least on GCC7, calling __alloc_size(x) twice is not equivalent to
calling using the attribute once with two arguments. The later is the
documented use in GCC documentation so add a new alloc_size(n, x)
alternative to cover for the few places where it is used: basically:
calloc(3), reallocarray(3) and  mallocarray(9).

Submitted by:   Mark Millard
DeltaFile
+2-0sys/sys/cdefs.h
+2-01 files

HardenedBSD/hardenedbsd 010441dsys/dev/iicbus iiconf.c iiconf.h

Fix a bug introduced with recursive bus ownership support in r321584.

The recursive ownership support added in r321584 was unconditionally in
effect all the time -- whenever a given i2c slave device instance tried to
lock the i2c bus for exclusive use when it already owned the bus, the call
returned immediately without waiting.  However, many i2c slave drivers use
bus ownership to enforce that only a single thread at a time can be using
the slave device.  The recursive locking changes broke this use case.

Now there is a new flag, IIC_RECURSIVE, which can be mixed in with the
other flags passed to iicbus_acquire_bus() to allow drivers to indicate
when recursive locking is desired.  Using the flag implies that the driver
is managing concurrent access to the device by different threads in some way.

This immediately fixes all existing i2c slave drivers except for the two
i2c RTC drivers which use the recursive locking feature; those will be
fixed in a followup commit.

HardenedBSD/hardenedbsd ad00809lib/libcxxrt Version.map, stand/common commands.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  Remove some KSE references from ps(1).
  libcxxrt: Move mangled symbols out of extern "C++" in Version.map
  In the C library, the setting up of the group array by various utilities is done by 
calling gr_addgid() for each group to be added (usually found by traversing /etc/group) 
then calling the setgroups() system call after the group set has been created. The 
gr_addgid() function (helpfully?) deduplicates the addition of group members. So, if you 
call it to add a group member that already exists, it is just dropped. Because group[0] is 
the effective group-ID and is over-written when a setgid program is run, The value in 
group[0] is usually duplicated so that group value is not lost when a setgid program is 
run.
  Switch to using the bcd_clocktime conversion functions that validate the BCD data 
without panicking, and have common code for handling AM/PM mode.
  Switch to using the bcd_clocktime conversion functions that validate the BCD data 
without panicking, and have common code for handling AM/PM mode.
  Switch to using the bcd_clocktime conversion functinos that validate the BCD data 
without panicking, and have common code for handling AM/PM mode.
  copyright.h: Update license text to 'THE AUTHOR'
  Use BSD-2-Clause-FreeBSD license on linux_support.s
  Don't escape '?'s in protocol output.
  sys/netinet6: fix typos in comments.  No functional change.
  stand/fdt: Fallback to `name` + ".dtbo" if we fail to load `name`

    [10 lines not shown]

HardenedBSD/hardenedbsd 013ca3flib/libcxxrt Version.map, stand/common commands.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Remove some KSE references from ps(1).
  libcxxrt: Move mangled symbols out of extern "C++" in Version.map
  In the C library, the setting up of the group array by various utilities is done by 
calling gr_addgid() for each group to be added (usually found by traversing /etc/group) 
then calling the setgroups() system call after the group set has been created. The 
gr_addgid() function (helpfully?) deduplicates the addition of group members. So, if you 
call it to add a group member that already exists, it is just dropped. Because group[0] is 
the effective group-ID and is over-written when a setgid program is run, The value in 
group[0] is usually duplicated so that group value is not lost when a setgid program is 
run.
  Switch to using the bcd_clocktime conversion functions that validate the BCD data 
without panicking, and have common code for handling AM/PM mode.
  Switch to using the bcd_clocktime conversion functions that validate the BCD data 
without panicking, and have common code for handling AM/PM mode.
  Switch to using the bcd_clocktime conversion functinos that validate the BCD data 
without panicking, and have common code for handling AM/PM mode.
  copyright.h: Update license text to 'THE AUTHOR'
  Use BSD-2-Clause-FreeBSD license on linux_support.s
  Don't escape '?'s in protocol output.
  sys/netinet6: fix typos in comments.  No functional change.
  stand/fdt: Fallback to `name` + ".dtbo" if we fail to load `name`
  There's no tainted data here, tag it as such to avoid the slew of false positives. The 

    [9 lines not shown]

HardenedBSD/hardenedbsd 946ee10sys/cddl/contrib/opensolaris/uts/common/fs/zfs zfs_vnops.c, sys/fs/devfs devfs_vnops.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC 320900,323882,324224,324226,324228,326986,326988,326989,326990,326993, 
326994,326995,327004: Various fixes for pathconf(2).
  MFC 323993: Use tmpfs_print for tmpfs FIFOs.
  MFC 325835: Use #if instead of #ifdef for __BSD_VISIBLE tests.

HardenedBSD/hardenedbsd a0b7729sys/cddl/contrib/opensolaris/uts/common/fs/zfs zfs_vnops.c, sys/fs/devfs devfs_vnops.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC 320900,323882,324224,324226,324228,326986,326988,326989,326990,326993, 
326994,326995,327004: Various fixes for pathconf(2).
  MFC 323993: Use tmpfs_print for tmpfs FIFOs.
  MFC 325835: Use #if instead of #ifdef for __BSD_VISIBLE tests.

HardenedBSD/hardenedbsd 5c7331cbin/ps ps.1 keyword.c

Remove some KSE references from ps(1).

- Simplify the description of -H to assume 1:1 threading.
- Drop 'process' from description of 'lwp' field and the corresponding
  XO field name.
- Do add an expansion of LWP in the description of 'lwp' and 'nlwps'.
- Add 'tid' as an alias for the 'lwp' field.

Reviewed by:    imp, kib (older version)
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D14021

HardenedBSD/hardenedbsd 8da960dlib/libcxxrt Version.map

libcxxrt: Move mangled symbols out of extern "C++" in Version.map

r260553 added a number of mangled C++ symbols to Version.map inside of
an existing `extern "C++"` block.

ld.bfd 2.17.50 treats `extern "C++"` permissively and will match both
mangled and demangled symbols against the strings in the version map
block.  ld.lld interprets `extern "C++"` strictly, and matches only
demangled symbols.

I believe lld's behaviour is correct.  Contemporary versions of ld.bfd
also behave as lld does, so move the mangled symbols out of the
`extern "C++"` block.

PR:            225128, 185663
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
DeltaFile
+28-28lib/libcxxrt/Version.map
+28-281 files

HardenedBSD/hardenedbsd bff15cfsys/sys shm.h aio.h

Merge remote-tracking branch 'origin/hardened/10-stable/master' into 
hardened/10-stable/master-libressl

* origin/hardened/10-stable/master:
  MFC 325835: Use #if instead of #ifdef for __BSD_VISIBLE tests.

HardenedBSD/hardenedbsd 3ee5b3flib/libc/gen getgrent.c, lib/libc/sys setgroups.2

In the C library, the setting up of the group array by various
utilities is done by calling gr_addgid() for each group to be
added (usually found by traversing /etc/group) then calling the
setgroups() system call after the group set has been created.
The gr_addgid() function (helpfully?) deduplicates the addition
of group members. So, if you call it to add a group member that
already exists, it is just dropped. Because group[0] is the
effective group-ID and is over-written when a setgid program
is run, The value in group[0] is usually duplicated so that
group value is not lost when a setgid program is run.

Historically this happened because the group value indicated
in the password file also appears in /etc/group (e.g., if you
are group staff in the password file, you will also appear in
the staff line in /etc/group). But, with the addition of the
deduplication, the attempt to add group staff was lost because
it already appeared in group[0]. So, the fix is to deduplicate
starting from group[1] which allows a duplicate of the entry in
group[0], but not in later entries.

There is some confusion about the setgroups system call because in
BSD it has (always) set the entire group including the egid group
(in group[0]). However, in Linux, it skips over group[0] and starts
setting from group[1]. See this comment from linux_setgroups:


    [21 lines not shown]

HardenedBSD/hardenedbsd 3963e40sys/sys aio.h shm.h

Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

* freebsd/10-stable/master:
  MFC 325835: Use #if instead of #ifdef for __BSD_VISIBLE tests.

HardenedBSD/hardenedbsd b766c8csys/dev/iicbus nxprtc.c

Switch to using the bcd_clocktime conversion functions that validate the BCD
data without panicking, and have common code for handling AM/PM mode.
DeltaFile
+28-49sys/dev/iicbus/nxprtc.c
+28-491 files

HardenedBSD/hardenedbsd 1479ef0sys/dev/iicbus ds1307.c

Switch to using the bcd_clocktime conversion functions that validate the BCD
data without panicking, and have common code for handling AM/PM mode.
DeltaFile
+23-33sys/dev/iicbus/ds1307.c
+23-331 files

HardenedBSD/hardenedbsd 64f4ab4sys/dev/iicbus ds13rtc.c

Switch to using the bcd_clocktime conversion functinos that validate the BCD
data without panicking, and have common code for handling AM/PM mode.
DeltaFile
+22-32sys/dev/iicbus/ds13rtc.c
+22-321 files

HardenedBSD/hardenedbsd afaeca8sys/sys copyright.h

copyright.h: Update license text to 'THE AUTHOR'

This matches the license text at
https://www.freebsd.org/copyright/freebsd-license.html

Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd ae11f64sys/amd64/linux linux_support.s, sys/amd64/linux32 linux32_support.s

Use BSD-2-Clause-FreeBSD license on linux_support.s

These files previously had a 3-clause license and 'THE REGENTS' text.
Switch to standard 2-clause text with kib's approval, and add the SPDX
tag.

Approved by:    kib

HardenedBSD/hardenedbsd 7aec7a2sys/cddl/contrib/opensolaris/uts/common/fs/zfs zfs_vnops.c, sys/fs/devfs devfs_vnops.c

MFC 320900,323882,324224,324226,324228,326986,326988,326989,326990,326993,
326994,326995,327004: Various fixes for pathconf(2).

The original change to use vop_stdpathconf() more widely was motivated
by a panic due to recent AIO-related changes.  However, bde@ reported
that vop_stdpathconf() contained too many settings that were not
filesystem-independent.  The end result of this set of patches is to
fix the AIO-related panic via use of a trimmed-down vop_stdpathconf()
while also adding support for missing pathconf variables in various
filesystems (and removing a few settings incorrectly reported as
supported).

320900:
Consistently use vop_stdpathconf() for default pathconf values.

Update filesystems not currently using vop_stdpathconf() in pathconf
VOPs to use vop_stdpathconf() for any configuration variables that do
not have filesystem-specific values.  vop_stdpathconf() is used for
variables that have system-wide settings as well as providing default
values for some values based on system limits.  Filesystems can still
explicitly override individual settings.

323882:
Only handle _PC_MAX_CANON, _PC_MAX_INPUT, and _PC_VDISABLE for TTY devices.


    [87 lines not shown]

HardenedBSD/hardenedbsd 128e5acusr.bin/procstat procstat.1

Don't escape '?'s in protocol output.

This isn't required by mandoc and is nonfunctional in groff.

PR:            224632
Reported by:    w.schwarzenfeld at utanet.at
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D13779

HardenedBSD/hardenedbsd c9a63acsys/netinet6 scope6.c in6.c

sys/netinet6: fix typos in comments.  No functional change.

MFC after:      3 weeks
Sponsored by:   Spectra Logic Corp

HardenedBSD/hardenedbsd 304f49fsys/fs/tmpfs tmpfs_vnops.c tmpfs_fifoops.c

MFC 323993: Use tmpfs_print for tmpfs FIFOs.

HardenedBSD/hardenedbsd 926d23fsys/sys shm.h aio.h

MFC 325835: Use #if instead of #ifdef for __BSD_VISIBLE tests.

__BSD_VISIBLE is always defined and it's value instead needs to be
tested via #if to determine if FreeBSD-specific APIs should be
exposed.

PR:            196226

HardenedBSD/hardenedbsd a633b6csys/sys shm.h aio.h

MFC 325835: Use #if instead of #ifdef for __BSD_VISIBLE tests.

__BSD_VISIBLE is always defined and it's value instead needs to be
tested via #if to determine if FreeBSD-specific APIs should be
exposed.

PR:            196226

HardenedBSD/hardenedbsd 560fb23stand/fdt fdt_loader_cmd.c

stand/fdt: Fallback to `name` + ".dtbo" if we fail to load `name`

This behavior also matches a Linux-ism by allowing fdt_overlays to specify
names of overlays without an extension, e.g. fdt-overlays="sunxi-h3-h5-emac"

If we fail to load the file given by a name in fdt_overlays, try again with
".dtbo" appended to it. This still allows overlays to lack .dtbo extension
if user prefers it and just adds a fallback cushion.

Future work could move this from a hard-coded ".dtbo" to a loader.conf(5)
configuration option.

Reviewed by:    gonzo
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D13968

HardenedBSD/hardenedbsd 414191estand/common misc.c

There's no tainted data here, tag it as such to avoid the slew of
false positives. The files the boot loader reads are assumed to be
good.

CID: 1006663,1006665,1265013, 1265014 (possibly more)
Sponsored by: Netflix

HardenedBSD/hardenedbsd 26e7d23stand/libsa environment.c

getenv does not return tainted data in the boot loader. Attempt to
clue Coverity into that fact.

Sponsored by: Netflix

HardenedBSD/hardenedbsd 760b9fdstand/common interp.c

On malloc failure, be sure to close the include file that triggered
it.

CID: 1007775
Sponsored by: Netflix

HardenedBSD/hardenedbsd 1409257stand/common commands.c

Don't leak memory when displaying help.

Right now, we'll leak memory when we display a help topic because we
don't free t, s, d that we've just used when breaking out of the loop.
NB: coverity just reported t, but s and d also leak.

CID: 1007776
DeltaFile
+10-11stand/common/commands.c
+10-111 files

HardenedBSD/hardenedbsd 1e04a35stand/common boot.c

Fix some resource leaks.

Always free dev and fstyp before strduping new values to assign to
them. Free them at the end of the loop. This keeps them from leaking
for mal-formed /etc/fstab lines.

CID: 1007777, 1007778, 1007779
Sponsored by: Netflix

HardenedBSD/hardenedbsd d12b8c7etc Makefile, etc/mtree BSD.root.dist

Add /boot/overlays to runtime pkg, fix distrib-dirs METALOG generation

/boot/overlays was recently added without belonging to a package. It's only
used by bootloaders at the moment, so add it to the 'runtime' package to get
added with ubldr and friends.

Fix distrib-dirs METALOG generation while we're here. History elsewhere
seems to indicate that bapt@ fixed this to pull in all attributes from
mtrees while generating the METALOG. This fix got clobbered somewhere later,
so restore it.

Reviewed by:    bapt, gjb
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D13996