It's a stupid warning, but some ports enable it by default and were
already defining _FORTIFY_SOURCE, thus exposing the new macros
immediately. This at least fixes the libfido2 build, perhaps others as
well.
While we're here, fix a fresh build of stand w/ FORTIFY_SOURCE enabled
by not pulling in the ssp headers if _STANDALONE is defined. We do not
have runtime support in libsa as of the time of writing.
Reported by: netchild
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Most of these were fixed when rebasing the patch forward, but this one
seems to have been missed.
Reported by: marck
Fixes: be04fec426 ("Import _FORTIFY_SOURCE implementation [...]")
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.
include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.
Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308
Notably:
- libc needs to #undef some of the macros from ssp/* for underlying
implementations
- ssp/* wants a __RENAME() macro (snatched more or less from NetBSD)
There's some extra hinkiness included for read(), since libc spells it
as "_read" while the rest of the world spells it "read."
Reviewed by: imp, ngie
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32307
This is a mostly-unmodified copy of the various *_chk implementations
and headers from NetBSD, without yet modifying system headers to start
actually including them. A future commit will also apply the needed
bits to fix ssp/unistd.h.
Reviewed by: imp, pauamma_gundo.com (both previous versions), kib
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32306
<sysexits.h> was deprecated in the base system in a1432b4 for FreeBSD
8.0 and is retained only for backwards compatibility. Make that clear,
since sysexits(3) suggested using it since it was in style(9) prior
to this.
MFC after: 1 week
Co-authored-by: imp
Fixes: a1432b4
Reviewed by: imp, pauamma (previous version)
Pull Request https://github.com/freebsd/freebsd-src/pull/1195
The Draft Posix Issue 8 standard requires that these be defined. Define
them in the usual way that lets multiple headers define them. Opted to
not just use #include <stdint.h>, allowed by the draft, to be
conservative. Add notes about how we comply with Issue 8, and that we've
opted to define these only as macros, though the standard allows
functions, macros or both.
Sponsored by: Netflix
There is a conflict between bsm/audit.h and security/audit/audit.h due
to the way that staging is being set up using .PATH to point to the
full directory and the leaf files being specified in the list. Due to
this, the bsm/audit.h was getting staged as both bsm/audit.h and
security/audit/audit.h since the sys/bsm directory is listed first in
the .PATH list.
Use sys/security in the .PATH instead of sys/security/audit and specify
the audit header files as audit/<name>.h. This ensures that we get the
correct audit.h stanged for security/audit/audit.h.
Reviewed by: sjg
Obtained from: Juniper Networks, Inc.
The old timezone(3) function has long since been obsolete and has a
fatally flawed interface. Retain this function for compatibility
purposes, but shift to providing the offset from UTC in the timezone
variable, whether or not the timezone observes summer time in the
'daylight' variable. Document the tzname variable that's already been
set. Also make _tztab() static. It's not used in libc (or anywhere in
the tree) and it's not exported as a public dynamic symbol.
Sponsored by: Netflix
Reviewed by: brooks, kib
Differential Revision: https://reviews.freebsd.org/D44281
similar to Apple _POSIX_SPAWN_DISABLE_ASLR
Reviewed by: emaste, kevans
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44195
quick_exit() can call other functions, and we don't guarantee it calls
std::terminate should those other functions throw exceptions. And to
make it do so has ABI complications for libc. Until that's sorted out,
revert this noexcept (but leave a comment behind so people will find
this commit message)
Requested by: kib
Sponsored by: Netflix
The noexcept specifier is required on these functions in C++:
_Exit(), atexit(), quick_exit(), at_quick_exit(), abort().
MFC after: 2 weeks
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1085
Unlike Linux, we do provide libc wrapper. All definitions and
prototypes are available from <unistd.h>
Tested by: manu
Reviewed by: brooks, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43518
Add a required include to resolv.h for sockaddr_in. This should reduce
patching required when porting code written with Linux or NetBSD in mind.
PR: 182466
MFC after: 1 week
We already implemented execvpe internally with an _ prefix in libc so
go ahead and expose it for compatibility with Linux.
This reverts c605eea952.
Bump __FreeBSD_version for the addition and add definitions to supress
compat shims in libzfs (zfs changes were merged from upstream).
PR: 275370 (request and exp-run (thanks antoine!))
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D42846
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
For the uncommon items: Go through the tree and remove sccs tags that
didn't fit any nice pattern. If in the neighborhood, other SCM tags were
removed when they were detritis of long-ago CVS somehow in the early
mists of the project. Some adjacent copyrights stringswere removed (they
duplicated the copyright notices in the file). This also removed
non-standard formations of omission of SCCS tags (usually by adding an
extra #if 0 somewhere.
After this commit, a number of strings tagged with the 'what' @(#)
prefix remain, but they are primarily copyright notices.
Sponsored by: Netflix
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
This saves oodles of memory, especially when "ulimit -n" is large. It
also prevents a buffer overflow if getrlimit should fail.
Also replace per-fd condvars with mutexes to simplify the code.
PR: 274968
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D42597
Use netlink to export pf's state table.
The primary motivation is to improve how we deal with very large state
stables. With the previous implementation we had to build the entire
list (both in the kernel and in userspace) before we could start
processing. With netlink we start to get data in userspace while the
kernel is still generating more. This reduces peak memory consumption
(which can get to the GB range once we hit millions of states).
Netlink also makes future extension easier, in that we can easily add
fields to the state export without breaking userspace. In that regard
it's similar to an nvlist-based approach, except that it also deals
with transport to userspace and that it performs significantly better
than nvlists. Testing has failed to measure a performance difference
between the previous struct-copy based ioctl and the netlink approach.
Differential Revision: https://reviews.freebsd.org/D38888
Headers from src/include were in the runtime-dev package but
subdirectories of src/include ended up in utilities-dev by default.
Neither package is a good choice - the headers in src/include are not
useful without the libraries contained in clibs-dev.
This moves the standard C headers to clibs-dev (C++ headers are already
in this package). While working on this, I found that various clang
libraries and headers were also bundled into utilities-dev by default
so these are also moved to clang-dev.
I also added a FreeBSD-build-essential meta package to make it simple to
install all the toolchain parts.
PR: 254173
Reviewed byb: manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D41815
This adds macros for checked addition, subtraction, and multiplication with semantics similar to the builtins gcc and clang have had for years.
Reviewed by: kib, emaste
Differential Revision: https://reviews.freebsd.org/D41734
This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.
There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.
The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.
We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.
Add -l option to sbin/veriexec to report labels.
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D41431
In order to compile lib32 libraries and other 32-bit code on arm64,
<machine/foo.h> needs to be redirected to an arm header rather
than arm64 when building with -m32. Ifdef the arm64 headers that
are installed in /usr/include/machine and used by user-level software
(including references from /usr/include/*.h) so that if __arm__ is
defined when including the arm64 version, <arm/foo.h> is included
rather than using the rest of the file's contents. Some arm headers
had no arm64 equivalent; headers were added just to do the redirection.
These files use #error if __arm__ is not defined to guard against
confusion. Also add an include/arm Makefile, and modify Makefiles
as needed to install everything, including the arm files in
/usr/include/arm. fenv.h comes from lib/msun/arm/fenv.h.
The new arm64 headers are:
acle-compat.h
cpuinfo.h
sysreg.h
Reviewed by: jrtc27, imp
Differential Revision: https://reviews.freebsd.org/D40944
See commit 8fad2cda93 ("bsd.compat.mk: Provide new CPP and sub-make
variables") for the context behind this change.
Reviewed by: emaste, brooks, jhb
Differential Revision: https://reviews.freebsd.org/D40924
Currently rtld_paths.h will #undef _PATH_ELF_HINTS in order to override
this to the right value if included afterwards, but the other way round
does not work as elf-hints.h tries to define an already-defined macro to
a potentially different value. Thus, guard the definition here so that
rtld_paths.h's definition continues to take precedence.
Note that, although all in-tree uses of _PATH_ELF_HINTS have included
rtld_paths.h already, pax-utils wants _PATH_ELF_HINTS from elf-hints.h
and so we cannot just drop the define. In-tree uses must just continue
to make sure that they include rtld_paths.h to get the right value for
libcompat builds as is already required.
Reviewed by: kib, brooks, jhb, imp
Differential Revision: https://reviews.freebsd.org/D40918
After removing the -FreeBSD and -NetBSD, we're left with a nuber of
BSD-2-Clause AND BSD-2-Clause, so tidy that up.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
The SPDX folks have obsoleted the BSD-2-Clause-NetBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
