Remove unused files which may make trouble during FreeBSD baseline
updates. It also increased the compile-time of the library for nothing.
Update #3472.
This firewall was not ported to RTEMS and is just dead code which may
make trouble during FreeBSD baseline updates. It also increased the
compile-time of the library for nothing.
Update #3472.
Changes correspond to FreeBSD commit:
"Make timespecadd(3) and friends public
The timespecadd(3) family of macros were imported from NetBSD back in
r35029. However, they were initially guarded by #ifdef _KERNEL. In the
meantime, we have grown at least 28 syscalls that use timespecs in some
way, leading many programs both inside and outside of the base system to
redefine those macros. It's better just to make the definitions public.
Our kernel currently defines two-argument versions of timespecadd and
timespecsub. NetBSD, OpenBSD, and FreeDesktop.org's libbsd, however, define
three-argument versions. Solaris also defines a three-argument version, but
only in its kernel. This revision changes our definition to match the
common three-argument version.
Bump _FreeBSD_version due to the breaking KPI change.
Discussed with: cem, jilles, ian, bde
Differential Revision: https://reviews.freebsd.org/D14725"
Update #3472.
FreeBSD has two callout executors, one in software and one in hardware
interrupt context. In libbsd, all callouts are executed by the timer
server. Entirely remove the different execution contexts for libbsd.
Previously, this was not properly done which could result an invalid
callout_drain() sequence leading to system memory corruption.
The getsockaddr() function is used to allocate a struct sockaddr of the
right length and initialize it with userspace provided data. It is used
for the connect(), bind() and sendit() family functions. In particular,
the sendit() function is used by the UDP send functions. This means
each UDP send needs a malloc() and free() invocation. This is a
performance problem in RTEMS (first-fit heap) and may lead to heap
fragmentation. Replace the malloc() allocation with a stack allocation.
This requires SOCK_MAXADDRLEN (= 255) of additional stack space for
libbsd.
A further optimization would be to get rid of the stack copy of the
socket address. However, this would require to check each consumer of
the address to ensure that it is not modified.
This adds two new buildset configurations: One that leaves out as much
features as possible and one that enables all features. For the default
configuration WiFi support is now disabled.
To disable IPv6 for the minimal configuration, all -DINET6 are
eliminated in libbsd.py. They are now replaced by a #ifdef that checks
for RTEMS_BSD_MODULE_NETINET6 instead.
Close#3351.
Use a self-contained RTEMS binary semaphore instead of msleep() and
wakeup(). This is itself more efficient and in addition allows the use
of mmc_wakeup() in interrupt context.
In case no "dr_mode" property is present in the device tree, then
default to USB host mode. This is necessary to support the Cyclone V
SoC Development Kit.
hostapd: Avoid key reinstallation in FT handshake
Prevent reinstallation of an already in-use group key
Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
Prevent installation of an all-zero TK
Fix PTK rekeying to generate a new ANonce
TDLS: Reject TPK-TK reconfiguration
WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
WNM: Ignore WNM-Sleep Mode Response without pending request
FT: Do not allow multiple Reassociation Response frames
TDLS: Ignore incoming TDLS Setup Response retries
Submitted by: jhb
Obtained from: https://w1.fi/security/2017-01/ (against later version)
Security: FreeBSD-SA-17:07
Security: CERT VU#228519
Security: CVE-2017-13077
Security: CVE-2017-13078
Security: CVE-2017-13079
Security: CVE-2017-13080
Security: CVE-2017-13081
Security: CVE-2017-13082
Security: CVE-2017-13086
Security: CVE-2017-13087
Security: CVE-2017-13088
Differential Revision: https://reviews.freebsd.org/D12693
