in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
-maes option, but not the -mpclmul option as I ran out of bits in
the 32 bit flags field... You can -D__PCLMUL__ to get this, but it
won't be compatible w/ clang and modern gcc...
Reviewed by: -current, -toolchain
This is required to build the i965 backend with newer versions of mesa.
Original patch from Joerg Wunsch in GCC Bug 23479, under the GPLv2;
also taken from there in OpenBSD.
Obtained from: gcc 4.3 (rev. 125346; GPLv2)
MFC after: 5 days
InstCombine: Check for zero shift amounts before subtracting one
causing integer overflow.
PR17026. Also avoid undefined shifts and shift amounts larger than 64
bits (those are always undef because we can't represent integer types
that large).
This should fix assertion failures when building the emulators/xmame
port.
Reported by: bapt
lib/libpam/modules/pam_passwdqc/Makefile:
Bump WARNS to 2.
contrib/pam_modules/pam_passwdqc/pam_passwdqc.c:
Bump _XOPEN_SOURCE and _XOPEN_VERSION from 500 to 600
so that vsnprint() is declared.
Use the two new union types (pam_conv_item_t and
pam_text_item_t) to resolve strict aliasing violations
caused by casts to comply with the pam_get_item() API taking
a "const void **" for all item types. Warnings are
generated for casts that create "type puns" (pointers of
conflicting sized types that are set to access the same
memory location) since these pointers may be used in ways
that violate C's strict aliasing rules. Casts to a new
type must be performed through a union in order to be
compliant, and access must be performed through only one
of the union's data types during the lifetime of the union
instance. Handle strict-aliasing warnings through pointer
assignments, which drastically simplifies this change.
Correct a CLANG "printf-like function with more arguments
than format" error.
Submitted by: gibbs
Sponsored by: Spectra Logic
NoBuiltin was introduced after clang/llvm 3.3 and thus does not exist in
FreeBSD. Thus special handling for the attribute is not needed in lldb.
This reverts lldb r186990 (git eebd175)
Sponsored by: DARPA, AFRL
Author: Daniel Malea <daniel.malea@intel.com>
Date: Thu Aug 1 21:18:16 2013 +0000
Fixed the Intel-syntax X86 disassembler to respect the (existing)
option for hexadecimal immediates, to match AT&T syntax. This also
brings a new option for C-vs-MASM-style hex.
Patch by Richard Mitton
Reviewed: http://llvm-reviews.chandlerc.com/D1243
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone,
checking for the correctness of signatures and NSEC/NSEC3 chains.
[RT #23673]
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
* The new "inline-signing" option, in combination with the
"auto-dnssec" option that was introduced in BIND 9.7, allows
named to sign zones completely transparently.
Approved by: delphij (mentor)
MFC after: 3 days
Sponsored by: DK Hostmaster A/S
Fix handling of braced-init-list as reference initializer within
aggregate initialization. Previously we would incorrectly require an
extra set of braces around such initializers.
Pull in r188718 from upstream clang trunk:
Handle init lists and _Atomic fields.
Fixes PR16931.
These fixes are needed for the atomic_flag type to work correctly in our
stdatomic.h.
Requested by: theraven
PR16727: don't try to evaluate a potentially value-dependent
expression when checking for missing parens in &&/|| expressions.
This fixes an assertion encountered when building the lang/sdcc port.
Reported by: kwm
smlal, and umlal the output registers are allowed to be the same as either
input registers, where in ARMv4 and ARMv5 they could only be the same as the
last input register.
prevent problems between the resolver and Microsoft DNS servers with
AAAA lookups. The upstream open source project will work on a more
permanent fix for the next release. Issue noted by Pavel Timofeev.
MFC after: 3 days
This is the gsoc-2011 project to clean up and backport multibyte support
from other nvi forks in a form we can use.
USE_WIDECHAR is on unless building for the rescue crunchgen. This should
allow editing in the native locale encoding.
USE_ICONV depends on make.conf having 'WITH_ICONV=YES' for now. This
adds the ability to do things like edit a KOI8-R file while having $LANG
set to (say) en_US.UTF-8. iconv is used to transcode the characters for
display.
Other points:
* It uses gencat and catopen/etc instead of homegrown msg catalog stuff.
* A lot of stuff has been trimmed out, eg: the perl and tcl bindings which
we could never use in base anyway.
* It uses ncursesw when in widechar mode. This could be interesting.
GSoC info: http://www.google-melange.com/gsoc/proposal/review/google/gsoc2011/zy/1
Repo at: https://github.com/lichray/nvi2
Obtained from: Zhihao Yuan <lichray@gmail.com>
After configuring the interface, wait for the link to become active.
Many ethernet drivers reset the chip when we set multicast filters
(causing significant delays due to link re-negotiation) and, by the time
we start sending packets, they are discared instead of going to the ether.
Tested by: dumbbell
New Features
Adds a new configuration option, "check-spf"; valid values are
"warn" (default) and "ignore". When set to "warn", checks SPF
and TXT records in spf format, warning if either resource record
type occurs without a corresponding record of the other resource
record type. [RT #33355]
Adds support for Uniform Resource Identifier (URI) resource
records. [RT #23386]
Adds support for the EUI48 and EUI64 RR types. [RT #33082]
Adds support for the RFC 6742 ILNP record types (NID, LP, L32,
and L64). [RT #31836]
Feature Changes
Changes timing of when slave zones send NOTIFY messages after
loading a new copy of the zone. They now send the NOTIFY before
writing the zone data to disk. This will result in quicker
propagation of updates in multi-level server structures. [RT #27242]
"named -V" can now report a source ID string. (This is will be
of most interest to developers and troubleshooters). The source
ID for ISC's production versions of BIND is defined in the "srcid"
file in the build tree and is normally set to the most recent
git hash. [RT #31494]
Response Policy Zone performance enhancements. New "response-policy"
option "min-ns-dots". "nsip" and "nsdname" now enabled by default
with RPZ. [RT #32251]
Approved by: delphij (mentor)
Sponsored by: DK Hostmaster A/S
This is the default behaviour of the newer binutils as well as most alternative linkers.
All the ports tree has been fixed to be able to link properly with this new behaviour.
tcpdump will print an error message saying rfmon is not supported.
Give a concise explanation as to how one might solve this problem by
creating a monitor mode VAP.
This patch implements __get_cpuid_max() as an inline and __cpuid()
and __cpuid_count() as macros to be compatible with GCC's cpuid.h.
It also adds bit_<foo> constants for the various feature bits as
described in version 039 (May 2011) of Intel's SDM Volume 2 in the
description of the CPUID instruction. The list of bit_<foo>
constants is a bit exhaustive (GCC doesn't do near this many). More
bits could be added from a newer version of SDM if desired.
Patch by John Baldwin!
This should fix several ports which depend on this functionality being
available.
MFC after: 1 week
components: apr-1.4.6 -> 1.4.8 and apr-util-1.4.1 -> 1.5.2.
This is a post point-zero bug-fix / fix-sharp-edges release, including
some workarounds for UTF-8 for people who haven't yet turned on WITH_ICONV.
The standard (n3242, section 17.6.1.1, paragraph 4) says that, because these are
declared as macros in the C specification (even though they are
implemented as functions in the C++ library) they should be in the global
namespace.
A surprising number of configure checks rely on this. It was broken by recent
cleanups to math.h.
Add a function to return the specific type, when the note's Name field is
'FreeBSD'.
r249558 added FreeBSD-specific ELF note types that reuse type numbers of
existing generic / Linux types. This caused 'readelf -n' to produce
incorrect output on FreeBSD core files.
Sponsored by: DARPA, AFRL
MFC after: 3 days
