Retpoline is a compiler-based mitigation for CVE-2017-5715, also known
as Spectre V2, that protects against speculative execution branch target
injection attacks.
In this commit it is disabled by default, but will be changed in a
followup commit.
Reviewed by: bdrewery (previous version)
MFC after: 3 days
Security: CVE-2017-5715
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14242
liblua glues the lua run time into the boot loader. It implements all
the runtime routines that lua expects. In addition, it has a few
standard 'C' headers that nueter various aspects of the LUA build that
are too specific to lua to be in libsa. Many refinements from the
original code to improve implementation and the number of included lua
libraries. Use int64_t for lua_Number. Have "/boot/lua" be the default
module path. Numerous cleanups from the original GSoC project,
including hacking libsa to allow lua to be built with only one change
outside luaconf.h.
Add the final bit of lua glue to bring in liblua and plug into the
multiple interpreter framework, previously committed.
Add LOADER_LUA option, currently off by default.
Presently, this is an experimental option. One must opt-in to using
this by defining WITH_LOADER_LUA and WITHOUT_FORTH. It's been
lightly tested, so keep a backup copy of your old loader handy.
The menu code, coming in the next commit, hasn't been exhaustively
tested. A LUA boot loader is 60k larger than a FORTH one, which is
80k larger than a no-interpreter one. Subtle changes in size
may tip things past some subtle limit (the binary is ~430k now
when built with LUA). A future version may offer coexistance.
Bump FreeBSD version to 1200058 to mark the milestone.
Pedro Souza's 2014 Summer of Code project. Rui Paulo, Pedro Arthur,
Zakary Nafziger and Wojciech A. Koszek also contributed. Warner Losh
reworked it extensively into its current form.
Obtained from: https://wiki.freebsd.org/SummerOfCode2014/LuaLoader
Sponsored by: Google Summer of Code
Relnotes: Yes
MFC After: 1 month
Differential Review: https://reviews.freebsd.org/D14295
Introduce WITH_/WITHOUT_LLVM_COV to match GCC's WITH_/WITHOUT_GCOV.
It is intended to provide a superset of the interface and functionality
of gcov.
It is enabled by default when building Clang, similarly to gcov and GCC.
This change moves one file in libllvm to be compiled unconditionally.
Previously it was included only when WITH_CLANG_EXTRAS was set, but the
complexity of a new special case for (CLANG_EXTRAS | LLVM_COV) is not
worth avoiding a tiny increase in build time.
Reviewed by: dim, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D142645
only installed on arm and sparc64.
It is the only bits that keeps us having libreadline in base
The rest of gdb can be switched to libedit and will be in another
commit
Transition to WITH/WITHOUT_LOADER_GELI to flag support or not of GELI
in the boot loaders. Add HAVE_GELI so components can flag they need
support (since it's too large to include everywhere). Add temporary
warnings for the old forms to ease transition.
Also, update test script to build without GELI on x86.
Sponsored by: Netflix
Rename LOADER_FIREWIRE_SUPPORT to MK_LOADER_FIREWIRE. Only build
libfirewire when this is "yes". Add note to updating. Fix build script
to build this for x86 so the option doesn't decay. sparc64 supports
ZFS, so also build it MK_ZFS=no.
Sponsored by: Netflix
This can be disabled by putting WITHOUT_AUTO_OBJ=yes in /etc/src-env.conf, not
/etc/src.conf, or passing it in the environment.
The purpose of this rather than simply flipping the default of AUTO_OBJ to yes
is to avoid hassling users with auto.obj.mk failures if the wanted OBJDIR is
not writable. It will fallback to writing to the source directory like it does
today if MAKEOBJDIRPREFIX is not writable.
The act of enabling MK_AUTO_OBJ disables all 'make obj' treewalks since
previous work has made those not run if MK_AUTO_OBJ==yes in Makefile.inc1.
Relnotes: yes
Reviewed by: sjg
Discussed at: https://lists.freebsd.org/pipermail/freebsd-arch/2016-May/017805.html
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12841
This changes the build OBJDIR from the older style of /usr/obj/<srcdir> for
native builds, and /usr/obj/<target>.<target_arch>/<srcdir> for cross builds to
a new simpler format of /usr/obj/<srcdir>/<target>.<target_arch>. This
new format is used regardless of cross or native build. It allows
easier management of multiple source tree object directories.
The UNIFIED_OBJDIR option will be removed and its feature made permanent
for the 12.0 release.
Relnotes: yes (don't note UNIFIED_OBJDIR option since it will be removed)
Prior work: D3711 D874
Reviewed by: gjb, sjg
Discussed at: https://lists.freebsd.org/pipermail/freebsd-arch/2016-May/017805.html
Discussed with: emaste
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12840
diff (and man page) are not from GNU, as of r317209, and should not be
deleted if WITHOUT_GNU_DIFF is set. (WITHOUT_GNU_DIFF still controls
whether diff3 is built.)
Sponsored by: The FreeBSD Foundation
If they are still needed, you can find them in the net/bsdrcmds port.
This was proposed June, 20th and approved by various committers [1].
They have been marked as deprecated on CURRENT in r320644 [2] on July, 4th.
Both stable/11 and release/11.1 contain the deprecation notice (thanks to
allanjude@).
Note that ruptime(1)/rwho(1)/rwhod(8) were initially thought to be part of
rcmds but this was a mistake and those are therefore NOT removed.
[1] https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html
[2] https://svnweb.freebsd.org/base?view=revision&revision=320644
Reviewed by: bapt, brooks
Differential Revision: https://reviews.freebsd.org/D12573
in favor of just rendering the manpage instead of relying on pre-formatted
catpages. Note, this does not impede the ability to use existing catpages,
it just removes the utility to generate them.
Reviewed by: imp, allanjude
Approved by: emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D12317
== Rationale ==
r295380 introduced "make check" and consolidated means for running
test code in an attempt to simplify running tests. One could either
install files/libraries/programs and run "make check", or run "make check"
with an explicit CHECKDIR, e.g., `make check CHECKDIR=$(make -V.OBJDIR)``.
One criticism that was received is that "make check" should be run with
the intent of making dev->test->commit easier, which means that the target
audience's workflow should be developers. One developer pattern available
in other opensource projects is to run test code from a developer sandbox,
instead of installing to a system.
== Method ==
This approach is slightly different from the standard approach, in the sense
that it builds and installs into a deterministic directory under .OBJDIR (as I call it,
the "sandbox"), then runs "make check" against that. In the event the test
run is successful, the deterministic directory is removed to save space.
== Approach ==
bsd.lib.mk, bsd.prog.mk:
To support this functionality, a new variable `HAS_TESTS` is being added.
HAS_TESTS enables appropriate behavior with bsd.lib.mk and bsd.prog.mk, as
follows:
- Add "make check" as an available target from the directory.
- Pass down appropriate variables via ${TESTS_ENV}, i.e.,
${TESTS_LD_LIBRARY_PATH} and ${TESTS_PATH}.
One should add "HAS_TESTS" to directories containing tests in them, e.g. from
bin/sh/Makefile,
HAS_TESTS=
SUBDIR.${MK_TESTS}+= tests
HAS_TESTS doesn't automatically add the tests subdirectory for flexibility
reasons.
bsd.opts.mk, src.opts.mk:
- The knob ${MK_MAKE_CHECK_USE_SANDBOX} has been added, both to explicitly
direct (internally) when to set a deterministic ${DESTDIR} and to also allow
users to disable this behavior globally, i.e., via src.conf.
- MK_TESTS has been promoted from src.opts.mk to bsd.opts.mk to leverage
syntactic sugar for having MK_TESTS be a dependency for
MK_MAKE_CHECK_USE_SANDBOX, but to also ensure that src.opts.mk isn't required
to use suite.test.mk (which is a dependency of bsd.test.mk).
suite.test.mk:
- beforecheck behavior (when MK_MAKE_CHECK_USE_SANDBOX is enabled) is modified
from a no-op to:
-- Build.
-- Run "make hierarchy" on the sandbox dir.
-- Install the tests/files to the sandbox dir.
- aftercheck behavior (when MK_MAKE_CHECK_USE_SANDBOX is enabled) is modified
from a no-op to:
-- Remove the sandbox dir.
Again, because the dependency order set in bsd.test.mk is
beforecheck -> check -> aftercheck, "make check" will not be run unless
"beforecheck" completes successfully, and "aftercheck" will not be run unless
"beforecheck" and "check" complete successfully.
== Caveats ==
- This target must either be run with MK_INSTALL_AS_USER or as root. Otherwise
it will fail when running "make install" as the default user/group for many
makefiles when calling INSTALL is root/wheel.
- This target must be run from a suitable top-level directory. For example,
running tests from `tests/sys/fs/tmpfs` won't work, but `tests/sys/fs` will,
because `tests/sys/fs/tmpfs` relies on files installed by `tests/sys/fs`.
- Running MK_INSTALL_AS_USER may introduce determinism issues. However, using
it could identify deficiences in tests in terms of needing to be run as
root, which are not properly articulated in the test requirements.
- The doesn't negate the need for running "make installworld" and
"make checkworld", etc. Again, this just is intended to simplify the
dev->test->commit workflow.
== Cleanup done ==
- CHECKDIR is removed; one can use "MK_MAKE_CHECK_USE_SANDBOX=no" to enable
"legacy" (r295380) behavior.
MFC after: 2 months
Relnotes: yes (CHECKDIR removed; "make check" behavior changed)
Requested by: jhb
Reviewed by: arch (silence), testing (silence)
Differential Revision: D11905
As peter@ points out in pr/220953:
"rwho, rwhod and ruptime are not part of the remote login suite (rsh, rlogin
etc).
They should *not* be in the rcmds package which is disabled by default. We
rely on rwho/rwhod/ruptime in the freebsd.org cluster."
This commit is a re-commit of r322029 and r322031 with a better commit log, as
pointed out by ngie@.
This also includes the necesary changes to OptionalObsoleteFiles.inc, as
requested by jhb@.
PR: 220953
Reported by: peter@, jhb@
Differential Revision: https://reviews.freebsd.org/D11743
`MK_ZONEINFO_LEAPSECONDS_SUPPORT == yes` and
`MK_ZONEINFO_OLD_TIMEZONES_SUPPORT == yes`.
Keep `LEAPSECONDS` and `OLDTIMEZONES` for backwards compatibility,
but print out a warning notifying users that they should use the new
variables, in an effort to migrate them to the variables. This is being
done mostly for automated build tools, etc, that might rely on these
variables being set. The variables will be removed in the future on
^/head, e.g., after ^/stable/12 is cut.
MFC after: 1 month
Relnotes: yes
Reviewed by: bdrewery
Differential Revision: D11376
All manpages in base are now compatible with mandoc(1), all roff documentation
will be relocated in the doc tree. man(1) can now use groff from the ports tree
if it needs.
Also remove checknr(1) and colcrt(1) which are only useful with groff.
Approved by: (no objections on the mailing lists)
roff documentation from the build.
Those documents will be added to the doc tree and distributed as PDF from
the documentation website. As they are valuable has history, but do not match
current FreeBSD
Further more, the ascii format we were using to distribute them is not really
accurate for such documents.
more details:
https://lists.freebsd.org/pipermail/freebsd-arch/2017-May/018211.html
This adds a separate library for supporting std::experimental features.
It is purposefully static, and must be explicitly linked into programs
using -lc++experimental.
PLEASE NOTE: there is NO WARRANTY as to any stability or continuing
existence of the features in the std::experimental parts of the C++
library!
Reviewed by: ed
Differential Revision: https://reviews.freebsd.org/D10840
src.conf(5) knobs
This will allow consumers of FreeBSD to use the unmodified configuration
files out of the box more than previously.
Both newsyslog.conf and syslog.conf:
- /var/log/lpd-errs (MK_LPR != no)
- /var/log/ppp.log (MK_PPP != no)
- /var/log/xferlog (MK_FTP != no)
newsyslog.conf:
- /var/log/amd.log (MK_AMD != no)
- /var/log/pflog (MK_PF != no)
- /var/log/sendmail.st (MK_SENDMAIL != no)
MFC after: 3 weeks
Sponsored by: Dell EMC Isilon
When this option is enabled, only gdb and kgdb are installed to
/usr/libexec for use by crashinfo(8). Other bits of GDB such as
gdbserver and gdbtui are not installed. For this option to be
effective, GDB must be enabled.
Rework r317094 to re-enable GDB on all platforms but enable
GDB_LIBEXEC on platforms for which the GDB in ports is a superset of
functionality.
Reviewed by: emaste, kib
Suggested by: kib
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D10449
The GNU extension bits in the base system are old, no longer faithful
to upstream, and surprising in some regards. Switch to documenting
WITH_GNU_GREP_COMPAT and default GNU_GREP_COMPAT to OFF in the name of
good behavior.
According to http://www.regular-expressions.info, GNU extensions:
- Add missing quantifiers to BREs: \?, \+
- Add branching to BREs: \|
- Add backreferences (\1 through \9) to EREs
- Add \w, \W, \s, and \S corresponding to :alnum:, [^[:alnum:]],
:space:, and [^[:space:]] respectively
- Add word boundaries and anchors:
\b: word boundary
\B: not word boundary
\<: Strt of word
\>: End of word
\`: Start of subject string
\': End of subject string
These extensions are still available in /usr/bin/grep by default today,
as it is still GNU grep. As part of the bsdgrep migration plan these
extensions may be added to bsdgrep's regex support if necessary.
Submitted by: Kyle Evans <kevans91 at ksu.edu>
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D10114
Bugs have been found in the fastmatch implementation as used in bsdgrep.
Some have been fixed (r316495) while fixes for others are in review
(D10098).
In comparison with the fastmatch implementation, Kyle Evans found that:
- regex(3)'s performance with literal expressions offers a speed
improvement over fastmatch
- regex(3)'s performance, both with simple BREs and EREs, seems to be
comparable
The regex implementation was imported in r226035, and the commit message
reports:
This is a temporary solution until the whole regex library is
not replaced so that BSD grep development can continue and the
backported code gets some review and testing. This change only
improves scalability slightly, there is no big performance boost
yet but several minor bugs have been found and fixed.
Introduce a WITH_/WITHOUT_BSD_GREP_FASTMATCH knob to support testing
of both approaches.
PR: 175314, 194823
Submitted by: Kyle Evans <kevans91 at ksu.edu>
Reviewed by: bdrewery (in part)
Differential Revision: https://reviews.freebsd.org/D10282
rpcbind(8) with/without warmstart support.
The knob defaults to off to preserve POLA for the feature.
See rpcbind(8) for more details about the warmstart feature.
MFC after: 7 weeks
Relnotes: yes
Sponsored by: Dell EMC Isilon
These have no effect (and WITHOUT_GNU is documented as having no
effect). I intend to later introduce a WITHOUT_GPL knob to serve a
similar purpose as WITHOUT_GNU's previously documented intent, but with
a more accurate name. To avoid confusion over the transition though just
remove the existing, nonfunctional ones.
/etc/pam.d/ftp* should be installed with MK_FTP != no and
/etc/pam.d/telnetd should be installed when MK_TELNET != no.
MFC after: 7 weeks
Sponsored by: Dell EMC Isilon
Copying the source VCS ID from WITH_/WITHOUT_* into the generated
src.conf.5 is not necessary, as it is generally possible to determine
the same information using the VCS to examine commit metadata. The
individual source files also match the name of the option recorded in
the generated file, so it is clear from where the content originated.
The copied IDs generate extraneous, non-content noise in the generated
src.conf.5 in some cases, including the first time the file is generated
on a stable branch. In addition, the source file $FreeBSD$ tags are not
expanded by git or other non-Subversion VCSs, which means that makeman
previously could not be used in a non-Subversion working tree.
I accept that there's some desire to keep these, but on balance believe
there is more benefit in removing them.
Reviewed by: imp, ngie
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7997
Add WITH_LLD_BOOTSTRAP and WITHOUT_LLD_BOOTSTRAP knobs, similar to the
Clang bootstrap knobs.
Reviewed by: dim
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D10249
That doesn't work (mandoc complains about the macro being empty).
That's what I get for being clever and not verifying before committing
things again *sigh*.
MFC after: 1 month
X-MFC with: r315766
Partyhat to: ngie
Sponsored by: Dell EMC Isilon
Trivial oversight missed in r314240 cleanup because I enable these knobs on
my test machines.
MK_INET6_SUPPORT - rtsol
MK_NETCAT - nc
MFC after: 3 days
Sponsored by: Dell EMC Isilon
Move cxgbetool from tools/tools to usr.sbin. Compile and install it on
platforms where cxgbe(4) is built by default. Knobs (WITH_CXGBETOOL and
WITHOUT_CXGBETOOL) have been added so that the user can override the
default setting.
Reviewed by: ngie@, gnn@, bdrewery@
MFC after: 1 month
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D9854
For linux the mmap offset must also be page aligned, and we
need to disable macros like __FBSDID()
Change the linux osdep_uuidgen() to use more portable gettimeofday().
Reviewed by: marcel
There are other areas of the tree that will need to be evaluated for sanity
if they're supposed to be conditionally compiled out of the build/install,
like libzpool
MFC after: 1 month
Relnotes: yes (this might break someone's system if have the knob set)
Sponsored by: Dell EMC Isilon
It doesn't directly control what gets installed today; it indirectly
pulls other knobs (like MK_KERBEROS, etc).
MFC after: 1 weeks
Sponsored by: Dell EMC Isilon
directories are pruned when the appropriate knobs are turned.
Specifically, turning off bsdconfig, locales, examples, i18n, man,
ntp, syscons. It may not seem like a lot, but it helps when trying
to keep an x86 image under 96MB for MFSRoot netbooting.
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D9558
compile options. Remove doxygen pointers to now deleted files. Remove
EISA and VME as examples in bus_space.9.
Retained EISA mode code for IO PIC and MPTABLES because that's not
EISA bus, per se, and some people have abused EISA to mean "EISA-like
behavior as opposed to ISA" rather than using it for EISA add-in
cards.
Relnotes: yes