svn commit: r302385 - in stable/10/contrib/expat: . doc examples lib tests tests/benchmark xmlwf

[Xin LI]

Author: delphij
Date: Thu Jul  7 04:59:58 2016
New Revision: 302385
URL: https://svnweb.freebsd.org/changeset/base/302385

Log:
  MFC r302305: MFV r302260: expat 2.2.0.

Added:
  stable/10/contrib/expat/configure.ac
 - copied unchanged from r302305, head/contrib/expat/configure.ac
  stable/10/contrib/expat/doc/xmlwf.xml
 - copied unchanged from r302305, head/contrib/expat/doc/xmlwf.xml
Deleted:
  stable/10/contrib/expat/configure.in
  stable/10/contrib/expat/doc/xmlwf.sgml
Modified:
  stable/10/contrib/expat/COPYING
  stable/10/contrib/expat/Changes
  stable/10/contrib/expat/MANIFEST
  stable/10/contrib/expat/Makefile.in
  stable/10/contrib/expat/README
  stable/10/contrib/expat/doc/expat.png   (contents, props changed)
  stable/10/contrib/expat/doc/reference.html
  stable/10/contrib/expat/doc/xmlwf.1
  stable/10/contrib/expat/examples/elements.c
  stable/10/contrib/expat/examples/outline.c
  stable/10/contrib/expat/expat_config.h.in
  stable/10/contrib/expat/lib/expat.h
  stable/10/contrib/expat/lib/expat_external.h
  stable/10/contrib/expat/lib/internal.h
  stable/10/contrib/expat/lib/xmlparse.c
  stable/10/contrib/expat/lib/xmlrole.c
  stable/10/contrib/expat/lib/xmltok.c
  stable/10/contrib/expat/lib/xmltok.h
  stable/10/contrib/expat/lib/xmltok_impl.c
  stable/10/contrib/expat/tests/benchmark/README.txt
  stable/10/contrib/expat/tests/chardata.c
  stable/10/contrib/expat/tests/minicheck.c
  stable/10/contrib/expat/tests/minicheck.h
  stable/10/contrib/expat/tests/runtests.c
  stable/10/contrib/expat/tests/xmltest.sh
  stable/10/contrib/expat/xmlwf/codepage.c
  stable/10/contrib/expat/xmlwf/readfilemap.c
  stable/10/contrib/expat/xmlwf/unixfilemap.c
  stable/10/contrib/expat/xmlwf/xmlfile.c
  stable/10/contrib/expat/xmlwf/xmlwf.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/contrib/expat/COPYING
==
--- stable/10/contrib/expat/COPYING Thu Jul  7 03:39:18 2016
(r302384)
+++ stable/10/contrib/expat/COPYING Thu Jul  7 04:59:58 2016
(r302385)
@@ -1,6 +1,5 @@
-Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
-   and Clark Cooper
-Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Expat maintainers.
+Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper
+Copyright (c) 2001-2016 Expat maintainers
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

Modified: stable/10/contrib/expat/Changes
==
--- stable/10/contrib/expat/Changes Thu Jul  7 03:39:18 2016
(r302384)
+++ stable/10/contrib/expat/Changes Thu Jul  7 04:59:58 2016
(r302385)
@@ -1,3 +1,67 @@
+Release 2.2.0 Tue June 21 2016
+Security fixes:
+#537  CVE-2016-0718 -- Fix crash on malformed input
+  CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
+   CVE-2015-2716 introduced with Expat 2.1.1
+#499  CVE-2016-5300 -- Use more entropy for hash initialization
+   than the original fix to CVE-2012-0876
+#519  CVE-2012-6702 -- Resolve troublesome internal call to srand
+   that was introduced with Expat 2.1.0
+   when addressing CVE-2012-0876 (issue #496)
+
+Bug fixes:
+  Fix uninitialized reads of size 1
+(e.g. in little2_updatePosition)
+  Fix detection of UTF-8 character boundaries
+
+Other changes:
+#532  Fix compilation for Visual Studio 2010 (keyword "C99")
+  Autotools: Resolve use of "$<" to better support bmake
+  Autotools: Add QA script "qa.sh" (and make target "qa")
+  Autotools: Respect CXXFLAGS if given
+  Autotools: Fix "make run-xmltest"
+  Autotools: Have "make run-xmltest" check for expected output
+ p90  CMake: Fix static build (BUILD_shared=OFF) on Windows
+#536  CMake: Add soversion, support -DNO_SONAME=yes to bypass
+#323  CMake: Add suffix "d" to differentiate debug from release
+  CMake: Define WIN32 with CMake on Windows
+  Annotate memory allocators for GCC
+  Address all currently known compile warnings
+  Make sure that API symbols remain visible despite
+-fvisibility=hidden
+  Remove executable flag from source files
+  Resolve COMPILED_FROM_DSP in favor of WIN32
+
+Special thanks to:
+Björn Lindahl
+Christian Heimes
+Cristian Rodríguez
+Daniel Krügler
+Gustavo Grieco
+

svn commit: r302383 - stable/10/contrib/ipfilter/tools

[Cy Schubert]

Author: cy
Date: Thu Jul  7 02:23:52 2016
New Revision: 302383
URL: https://svnweb.freebsd.org/changeset/base/302383

Log:
  MFC r302296:
  
  Remove dead code.

Modified:
  stable/10/contrib/ipfilter/tools/ipf.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/contrib/ipfilter/tools/ipf.c
==
--- stable/10/contrib/ipfilter/tools/ipf.c  Wed Jul  6 23:49:19 2016
(r302382)
+++ stable/10/contrib/ipfilter/tools/ipf.c  Thu Jul  7 02:23:52 2016
(r302383)
@@ -410,23 +410,6 @@ static void flushfilter(arg, filter)
return;
}
 
-#ifdef SIOCIPFFA
-   if (!strcmp(arg, "u")) {
-   closedevice();
-   /*
-* Flush auth rules and packets
-*/
-   if (opendevice(IPL_AUTH, 1) == -1)
-   perror("open(IPL_AUTH)");
-   else {
-   if (ioctl(fd, SIOCIPFFA, ) == -1)
-   ipferror(fd, "ioctl(SIOCIPFFA)");
-   }
-   closedevice();
-   return;
-   }
-#endif
-
if (strchr(arg, 'i') || strchr(arg, 'I'))
fl = FR_INQUE;
if (strchr(arg, 'o') || strchr(arg, 'O'))
___
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"

svn commit: r302377 - in stable/10: lib/libcam sbin/camcontrol sbin/iscontrol sys/cam usr.sbin/camdd usr.sbin/mptutil

[Don Lewis]

Author: truckman
Date: Wed Jul  6 17:45:38 2016
New Revision: 302377
URL: https://svnweb.freebsd.org/changeset/base/302377

Log:
  MFC r300547
  
  Fix multiple Coverity Out-of-bounds access false postive issues in CAM
  
  The currently used idiom for clearing the part of a ccb after its
  header generates one or two Coverity errors for each time it is
  used.  All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
  error because of the treatment of the header as a two element array,
  with a pointer to the non-existent second element being passed as
  the starting address to bzero().  Some instances also alsp generate
  Out-of-bounds access (OVERRUN) errors, probably because the space
  being cleared is larger than the sizeofstruct ccb_hdr).
  
  In addition, this idiom is difficult for humans to understand and
  it is error prone.  The user has to chose the proper struct ccb_*
  type (which does not appear in the surrounding code) for the sizeof()
  in the length calculation.  I found several instances where the
  length was incorrect, which could cause either an actual out of
  bounds write, or incompletely clear the ccb.
  
  A better way is to write the code to clear the ccb itself starting
  at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
  the length based on the specific type of struct ccb_* being cleared
  as specified by the union ccb member being used.  The latter can
  normally be seen in the nearby code.  This is friendlier for Coverity
  and other static analysis tools because they will see that the
  intent is to clear the trailing part of the ccb.
  
  Wrap all of the boilerplate code in a convenient macro that only
  requires a pointer to the desired union ccb member (or a pointer
  to the union ccb itself) as an argument.
  
  Reported by:  Coverity
  CID:  1007578, 1008684, 1009724, 1009773, 1011304, 1011306
  CID:  1011307, 1011308, 1011309, 1011310, 1011311, 1011312
  CID:  1011313, 1011314, 1011315, 1011316, 1011317, 1011318
  CID:  1011319, 1011320, 1011321, 1011322, 1011324, 1011325
  CID:  1011326, 1011327, 1011328, 1011329, 1011330, 1011374
  CID:  1011390, 1011391, 1011392, 1011393, 1011394, 1011395
  CID:  1011396, 1011397, 1011398, 1011399, 1011400, 1011401
  CID:  1011402, 1011403, 1011404, 1011405, 1011406, 1011408
  CID:  1011409, 1011410, 1011411, 1011412, 1011413, 1011414
  CID:  1017461, 1018387, 1086860, 1086874, 1194257, 1229897
  CID:  1229968, 1306229, 1306234, 1331282, 1331283, 1331294
  CID:  1331295, 1331535, 1331536, 1331539, 1331540, 1341623
  CID:  1341624, 1341637, 1341638, 1355264, 1355324
  Reviewed by:  scottl, ken, delphij, imp
  MFH:  1 month
  Differential Revision:https://reviews.freebsd.org/D6496

Modified:
  stable/10/lib/libcam/camlib.c
  stable/10/sbin/camcontrol/attrib.c
  stable/10/sbin/camcontrol/camcontrol.c
  stable/10/sbin/camcontrol/fwdownload.c
  stable/10/sbin/camcontrol/persist.c
  stable/10/sbin/iscontrol/fsm.c
  stable/10/sys/cam/cam_ccb.h
  stable/10/usr.sbin/camdd/camdd.c
  stable/10/usr.sbin/mptutil/mpt_cam.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libcam/camlib.c
==
--- stable/10/lib/libcam/camlib.c   Wed Jul  6 17:42:09 2016
(r302376)
+++ stable/10/lib/libcam/camlib.c   Wed Jul  6 17:45:38 2016
(r302377)
@@ -619,7 +619,7 @@ cam_real_open_device(const char *path, i
/*
 * Zero the payload, the kernel does look at the flags.
 */
-   bzero(&(_h)[1], sizeof(struct ccb_trans_settings));
+   CCB_CLEAR_ALL_EXCEPT_HDR();
 
/*
 * Get transfer settings for this device.

Modified: stable/10/sbin/camcontrol/attrib.c
==
--- stable/10/sbin/camcontrol/attrib.c  Wed Jul  6 17:42:09 2016
(r302376)
+++ stable/10/sbin/camcontrol/attrib.c  Wed Jul  6 17:45:38 2016
(r302377)
@@ -137,8 +137,7 @@ scsiattrib(struct cam_device *device, in
goto bailout;
}
 
-   bzero(&(>ccb_h)[1],
- sizeof(union ccb) - sizeof(struct ccb_hdr));
+   CCB_CLEAR_ALL_EXCEPT_HDR(>csio);
 
STAILQ_INIT(_attr_list);
 

Modified: stable/10/sbin/camcontrol/camcontrol.c
==
--- stable/10/sbin/camcontrol/camcontrol.c  Wed Jul  6 17:42:09 2016
(r302376)
+++ stable/10/sbin/camcontrol/camcontrol.c  Wed Jul  6 17:45:38 2016
(r302377)
@@ -838,8 +838,7 @@ scsiinquiry(struct cam_device *device, i
}
 
/* cam_getccb cleans up the header, caller has to zero the payload */
-   bzero(&(>ccb_h)[1],
- sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+   CCB_CLEAR_ALL_EXCEPT_HDR(>csio);