The CAM subsystem uses bus:taget:lun tuple to address peripherals. But
for convenience many userland programs such as camcontrol accept devices
names such as da0. There is a libcam function, cam_open_device, to
support that. It first calls cam_get_device() to parse the device name
as a driver name and a unit (and handle some special device name
prefixes) and then uses cam_lookup_pass() to find a matching pass
device.
This change extends cam_get_device() to apply realpath(3) to the device
name before parsing it. This will allow to use tools such as camcontrol
and smartctl with symbolic links that could be friendlier (more
distinguished) names for devices.
Relnotes: maybe
(cherry picked from commit 1abf1e8c6b)
Parts of zstd, used in openzfs and other places, trigger a new clang 14
-Werror warning:
```
sys/contrib/zstd/lib/decompress/huf_decompress.c:889:25: error: use of bitwise '&' with boolean operands [-Werror,-Wbitwise-instead-of-logical]
(BIT_reloadDStreamFast(&bitD1) == BIT_DStream_unfinished)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
While the warning is benign, it should ideally be fixed upstream and
then vendor-imported, but for now silence it selectively.
MFC after: 3 days
(cherry picked from commit 5f2aca8394)
The manpage has contained the following verbiage on the matter for just
under 31 years:
"At least one argument must be present in the array"
Previous to this version, it had been prefaced with the weakening phrase
"By convention."
Carry through and document it the rest of the way. Allowing argc == 0
has been a source of security issues in the past, and it's hard to
imagine a valid use-case for allowing it. Toss back EINVAL if we ended
up not copying in any args for *execve().
The manpage change can be considered "Obtained from: OpenBSD"
(cherry picked from commit 773fa8cd13)
(cherry picked from commit c9afc7680f)
From https://github.com/Yubico/libfido2:
libfido2 provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation
and assertion signatures.
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
protocols.
libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.
This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32448
(cherry picked from commit 7b1e19ad78)
(cherry picked from commit 93942379cc)
From https://github.com/PJK/libcbor:
libcbor is a C library for parsing and generating CBOR, the general-
purpose schema-less binary data format.
libcbor will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.
cbor_export.h and configuration.h were generated by the upstream CMake
build. We could create them with bmake rules instead (as NetBSD has
done) but this is a fine start.
This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h, and there is
no need for libcbor without libfido2.
Reviewed by: kevans
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32347
(cherry picked from commit 2e85df652c)
Some notable changes, from upstream's release notes:
- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.
Additional integration work is needed to support FIDO/U2F in the base
system.
Deprecation Notice
------------------
OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.
Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985
(cherry picked from commit 19261079b7)
(cherry picked from commit f448c3ed4a)
(cherry picked from commit 1f290c707a)
(cherry picked from commit 0f9bafdfc3)
(cherry picked from commit adb56e58e8)
(cherry picked from commit 576b58108c)
(cherry picked from commit 1c99af1ebe)
(cherry picked from commit 87152f3405)
(cherry picked from commit 172fa4aa75)
As documented in the HiFive Unmatched Software Reference Manual.
Reviewed by: imp, mhorne
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34010
(cherry picked from commit 9c296a2105)
__FBSDID() places the provided string in the output object's .comment
section. However, with the transition to Git $FreeBSD$ is no longer
expanded and so we emitted a literal $FreeBSD$.
$FreeBSD$ will be addressed in a holistic manner in the future, but at
least avoid embedding it into everything linked on FreeBSD (via csu).
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33594
(cherry picked from commit cb2d135015)
While LLDB on powerpc and powerpcspe builds as-is, on powerpc64 and
powerpc64le it requires adding a couple of additional source files
to build.
Differential review: https://reviews.freebsd.org/D34043
Approved by: dim, imp, emaste
(cherry picked from commit 0b2d2290fe)
Checking there are still bytes left must be done before dereferencing
the pointer, not the other way round. This is harmless on traditional
architectures since the result will immediately be thrown away, and all
callers are in separate translation units so there is no potential for
optimising based on this out-of-bounds read. However, on CHERI, pointers
are bounded, and so this will trap if fed a string that does not have a
NUL within the first len bytes.
Found by: CHERI
Reviewed by: brooks
(cherry picked from commit 6d5297569e)
This was rendered obsolete in 2012 by a0ee974f0b, since auth_getval
was the only reason the header was included.
MFC after: 1 week
(cherry picked from commit 7d232d647e)
This is needed now libdwarf depends on libz.
Fixes: dbf05458e3 ("libdwarf: Support consumption of compressed ELF sections")
MFC after: 1 week
(cherry picked from commit 8d5d329553)
The current ASLR stack gap feature will be removed, and with that the
need for this change, and the kern.stactop sysctl, is gone. Moreover,
the approach taken in this revision does not provide compatibility for
old copies of libthr.so, and the revision should have also updated
__libc_map_stacks_exec().
This reverts commit 78df56ccfc.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
(cherry picked from commit f75b1ff6e5)
