Retrieve FreeBSD revision number directly from sys/conf/newvers.sh
when building the compiler target triple value, avoiding manual
intervention on other files every new release.
Reviewed by: imp
MFC after: 2 months
Sponsored by: Instituto de Pesquisas Eldorado (eldorado.org.br)
Differential Revision: https://reviews.freebsd.org/D34429
In libthr we use PAGE_SIZE when allocating memory with mmap and to check
various structs will fit into a single page so we can use this allocator
for them.
Ask the kernel for the page size on init for use by the page allcator
and add a new machine dependent macro to hold the smallest page size
the architecture supports to check the structure is small enough.
This allows us to use the same libthr on arm64 with either 4k or 16k
pages.
Reviewed by: kib, markj, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34984
Rather than calling getpagesize() twice use the value saved after the
first call to size a mmap allocation.
Reviewed by: kib, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34983
Apparently some ports on arm require these symbols, and while they were
available in llvm's libunwind, they were never exported via the arm
specific Symbol.map. Put them in the same version block as gcc does
(GCC_3.5).
Reported by: Robert Clausecker <fuz_at_fuz.su>
MFC after: 3 days
Similar to ipfw rule timestamps, these timestamps internally are
uint32_t snaps of the system time in seconds. The timestamp is CPU local
and updated each time a rule or a state associated with a rule or state
is matched.
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34970
Fix dialogs building and updating fault with disabled shadow
(conf.shadow=false and implicitly bsddialog --no-shadow).
While here delete WARNS=2: all warnings were fixed in upstream and
imported in 0.2.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D34958
When we issue a request to pf and expect a serialised nvlist as a reply
we have to supply a suitable buffer to the kernel.
The required size for this buffer is difficult to predict, and may be
(slightly) different from request to request.
If it's insufficient the kernel will return ENOSPC. Teach libpfctl to
catch this and send the request again with a larger buffer.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34908
We have a report of a panic in GELI that appears to go away when
unmapped I/O is disabled. Add a tunable to make such investigations
easier in the future. No functional change intended.
PR: 262894
Reviewed by: asomers
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34944
Main change is a callback for checking validity period of certificates.
Merge commit 'f6acb9b9f81c96ae7c9592bee1bb89c4357cc3e5'
Add -DHAVE_BR_X509_TIME_CHECK to libsecureboot/Makefile.inc
Preparation for updating bearssl, pull in updates to libsecureboot.
o fix handling of some out-of-memory cases
o allow more control over reporting of Verified/Unverified files.
this helps boot time when console output is slow
o recheck verbose/debug level after reading any unverified file
o more debug support for vectx
o hash_string to support fake stat for tftp
o tests/tvo add -v to simply verify signatures
o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify
verification in loader
o report date when certificate fails validity period checks
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Make sysdecode.h self-contained rather than forcing all consumers to
include dependencies. No functional change intended.
Reviewed by: pauamma_gundo.com, jhb, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34899
The time() system call first appeared in Version 1 AT&T UNIX. Through
the Version 3 AT&T UNIX, it returned 60 Hz ticks since an epoch that
changed occasionally, because it was a 32-bit value that overflowed in a
little over 2 years.
In Version 4 AT&T UNIX the granularity of the return value was reduced to
whole seconds, delaying the aforementioned overflow until 2038.
Version 7 AT&T UNIX introduced the ftime() system call, which returned
time at a millisecond level, though retained the gtime() system call
(exposed as time() in userland). time() could have been implemented as a
wrapper around ftime(), but that wasn't done.
4.1cBSD implemented a higher-precision time function gettimeofday() to
replace ftime() and reimplemented time() in terms of that.
Since FreeBSD 9 the implementation of time() uses
clock_gettime(CLOCK_SECOND) instead of gettimeofday() for performance
reasons.
With most valuable input from Warner (imp@).
Reviewed by: 0mp, jilles, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34751
Problem is that open(O_PATH) on nullfs -o nocache is broken then,
because there is no reference on the vnode after the open syscall exits.
Reported and tested by: ambrisko
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Release notes are available at https://www.openssh.com/txt/release-8.9
Some highlights:
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.
* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.
Future deprecation notice
=========================
A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Capsicum rights are a bit tricky since some of them are subsets of
others, and one can have rights R1 and R2 such that R1 is a subset of
R2, but there is no collection of named rights whose union is R2. So,
they don't behave like most other flag sets. sysdecode_cap_rights(3)
does not handle this properly and so can emit misleading decodings.
Try to fix all of these problems:
- Include composite rights in the caprights table.
- Use a constructor to sort the caprights table such that "larger"
rights appear first and thus are matched first.
- Don't print rights that are a subset of rights already printed, so as
to minimize the length of the output.
- Print a trailing message if some of the specific rights are not
matched by the table.
PR: 263165
Reviewed by: pauamma_gundo.com (doc), jhb, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34874
The error control was not properly implemented. "changelist" is const, hence
event.flags is never changed by the syscall.
PR: 196844
Reported by: eugen@
Reviewed by: PauAmma <pauamma@gundo.com>
Approved by: eugen@
Fixes: 8c231786f0
All supported compilers (modern versions of GCC and clang) support
this.
Many places didn't have an #else so would just silently do the wrong
thing. Ancient versions of icc (the original motivation for this) are
no longer a compiler FreeBSD supports.
PR: 263102 (exp-run)
Reviewed by: brooks, imp
Differential Revision: https://reviews.freebsd.org/D34797
To be more compatible to IEEE Std 1003.1-2008 (“POSIX.1”).
Reviewed by: mjg, Pau Amma (doc)
Differential revision: https://reviews.freebsd.org/D34680
MFC after: 2 weeks
For now, only for sysctl target. This is not a new situation, for
instance kstacks also work for sysctl only.
Reviewed by: markj, rmacklem
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D34756
The commit 833a452e9 introduced a change that detached
the zstd compression (not decompression) support from base build.
Reported by: kevans
MFC after: 3 days
RFC 2533 refers to 'A Syntax for Describing Media Feature Sets',
which is wrong since the correct reference should be
RFC 2553 'Basic Socket Interface Extensions for IPv6'.
Obtained from: OpenBSD
MFC after: 1 week
This check was previously in `create` only, not applying to renames. It
should really be applied at the libbe level, so that we can avoid
writing about this restriction over and over again.
While we're here: `bectl rename` always succeeds, even when it doesn't.
Start returning the error.
Reported By: Christian McDonald <cmcdonald netgate com>
Reviewed by: rew, jwmaag_gmail.com (earlier version)
Differential Revision: https://reviews.freebsd.org/D34605
The props feature to this API was added as a "just in case", with no
planned consumer. It turns out that it was implemented incorrectly,
tapping out props for the BE root (BE's parent) rather than the BE
itself in all cases.
Fetch properties for the dataset that's actually mounted at the queried
path.
Reported by: Christian McDonald <cmcdonald netgate com>
MFC after: 3 days
If the pfctl_add_eth_rule() ioctl fails return the errno, not the error
returned by ioctl(). That will give us slightly more insight into what
went wrong, because ioctl() would always return -1.
Sponsored by: Rubicon Communications, LLC ("Netgate")
