openssl: Update upgrade instructions.
Update download locations.
Remove references to FREEBSD-Xlist.
Remove reference to the fips module that has been removed.
netbsd-tests: Update a test case to chase grep symlink handling changes
This test case verifies that grep detects symlink loops when traversing
a directory hierarchy.
Fixes: fc12c191c087 ("grep: Default to -p instead of -S.")
Reviewed by: ngie, jhb
Reported by: Jenkins
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D46544
Remove "All Rights Reserved" from FreeBSD Foundation copyrights
These ones were unambiguous cases where the Foundation was the only
listed copyright holder.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 5c2bc3db201a4fe8d7911cf816bea104d5dc2138)
(cherry picked from commit f06d322e9d925ab56a4aa8210a67637d4d341ab6)
src.conf: Add a MK_ZFS_TESTS knob
The in-tree ZFS test suite is somewhat outdated and I see a number of
failures there. I tend to think that we want to integrate the OpenZFS
test suite somehow, replacing the legacy one, though it's also possible
to run that as a separate test suite.
In any case, if one wants to run the OpenZFS test suite separately, it's
useful to be able to disable installation of the legacy ZFS test suite,
so let's provide a src.conf option to do that.
Reviewed by: asomers
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D46476
flua: fix buildworld from a clean room
now that the flua ucl module is built the lib directory, it is being
build at a moment where it cannot link yet to libucl, push libucl in
the _prebuild_libs to ensure it is present in a path to be linked
against at the time the lua ucl module is being built.
While here, remove libucl from boostrap as a dependence of flua as it is
not needed anymore now that flua ucl module is dynamically loadable.
tpm: Register TPM as entropy source
TPM is defined as an entropy and is called every 10 seconds. However it
was not registered and calls were discarded.
Signed-off-by: Jean-François Hren <jean-francois.hren at stormshield.eu>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1398
(cherry picked from commit d7c87526b1c3d32d3ac3fee8c59d92405b7621b9)
tpm: Register TPM as entropy source
TPM is defined as an entropy and is called every 10 seconds. However it
was not registered and calls were discarded.
Signed-off-by: Jean-François Hren <jean-francois.hren at stormshield.eu>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1398
(cherry picked from commit d7c87526b1c3d32d3ac3fee8c59d92405b7621b9)
openssl: Remove fips module from base system.
To comply with FIPS 140 guidance, you must be using a specifically
validated and approved version of the fips module. Currently, only
OpenSSL 3.0.8 and 3.0.9 have been approved by NIST for FIPS 140
validation. As such, we need to stop shipping later versions of the
module in the base system.
Differential Revision: https://reviews.freebsd.org/D46223
(cherry picked from commit 86dd740dd73aa88477ff450b2359abda1ad68534)
fetch(1): suppress "Not Modified" in quiet mode
"fetch -qi" should skip printing "Not Modified" for successful
http(s) request. Still print it by default (v_level == 1).
MFC after: 1 week
fu740_pci_dw: Fix PERST delay and keep asserted for rest of reset sequence
DELAY takes microseconds not milliseconds, so 100 was too low. Moreover,
when enabling hw.pci.clear_pcib, PCI emeration would still stop at one
of the first bridges, but by asserting PERST for the rest of the reset
sequence that appears to be reliably addressed.
Fixes: 896e217a0eae ("fu740_pci_dw: Add SiFive FU740 PCIe controller driver")
(cherry picked from commit 28aaa58fa64ecb89d47f0a8396954ad8ca82d8ef)
tools/build/make.py: Avoid Python 3.7+ subprocess.run capture_output
This is just a convenient alias for setting stdout and stderr to PIPE,
so substitute it for that to be compatible with Python 3.6.
Fixes: 69cfdc81ea7b ("tools/build/make.py: Keep bootstrapped bmake binary up-to-date")
(cherry picked from commit b771d5705fc95445d4d81e054be664b7842156ff)
tools/build/make.py: Add missing comma to fix tinderbox and worlds
The missing comma meant this was interpreted as a single target called
"tinderboxworlds", and so neither tinderbox nor worlds were recognised
as being MI targets (i.e. still required TARGET(_ARCH) to be given).
Fixes: 5157b451c654 ("tools/build/make.py: Grow the list of MI targets")
(cherry picked from commit edec803c5b72681b39ce969cc16d634e08bb3ac2)
rc.d/devmatch: Silence sysctl hw.bus.devctl_nomatch_enabled=1
As with various other rc scripts, we don't want the output from this
being visible in the boot log.
Fixes: 6437872c1d66 ("New sysctl to disable NOMATCH until devmatch runs")
MFC after: 1 week
(cherry picked from commit 62775aebf725a79703592f3276118245a74afdac)
beinstall: Pass -B to etcupdate
Since commit 246364454fc1 ("etcupdate: Use new buildetc and installetc
targets when available"), beinstall has been much slower for the
etcupdate step, as it's been doing a kernel-toolchain (admittedly
without LLVM itself being built). Given beinstall requires an object
tree to already have been built and just installs it, we can pass -B to
beinstall to reuse that tree rather than build kernel-toolchain in
another one.
Reported by: olivier
Tested by: olivier
MFC after: 1 week
(cherry picked from commit 18aef07cfac41fde763e1328366cc6e334bb9254)
mx25l.4: Document the correct disk device path
This was true at time of commit, but the path was changed 2 weeks later
to just be the /dev/flash/spiN name, without updating the manpage.
Reported by: David Gilbert <dgilbert at daveg.ca>
Fixes: 68dd77957786 ("Give the mx25l device sole ownership of the name /dev/flash/spi* ...")
MFC after: 1 week
(cherry picked from commit 703768a23590d8faf65b0f16dd395248ff7273f6)
ee: Fix use of uninitialised pointer in ispell_op
This used to be name = mktemp followed by fd = open downstream,
replacing upstream's crude PID-based sprintf, but in 1.4.7 this was
changed upstream to this buggy code, which we then picked up in the
1.5.0 import. Presumably nobody's actually used ee's ispell function
in the past 15 years; that or it's just ended up using junk file names
as temporary files if name's happened to be a valid address to something
that can be interpreted as a string.
Reported by: Dapeng Gao <dapeng.gao at cl.cam.ac.uk>
Fixes: 96b676e99984 ("Update ee(1) in the base system to version 1.5.0.")
MFC after: 1 week
(cherry picked from commit 25a33bfe9ce2b55812201f475e9d3e64009b40dc)
efibootmgr: Simplify make_next_boot_var_name and fix cnt == 0 case
If cnt == 0 we access element 0 unconditionally, which is out of bounds,
and then if that doesn't crash and happens to be 0 we will access
element - 1, also out of bounds, and then if that doesn't crash will add
1 to whatever junk is there and use that for the variable. On CHERI,
though, this does crash. This code is also overly complicated, with
unnecessary special cases and tracking more state than needed.
Rewrite it in a more general manner that doesn't need those special
cases and naturally works for cnt == 0.
Found by: CHERI
Reviewed by: imp
Fixes: 1285bcc833a3 ("Import Netflix's efibootmgr to help manage UEFI boot variables")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44029
(cherry picked from commit 09cb8031b43c8e98abb5ff9b43ff649031d1e808)
arm: Set NEW_PCIB in DEFAULTS rather than a subset of kernel configs
All other architectures set NEW_PCIB in DEFAULTS, with arm being the one
remaining straggler that only sets it for GENERIC and TEGRA124.
ARMADA38X and ARMADAXP contain device pci but don't set NEW_PCIB,
however GENERIC claims to support them and as part of that NEW_PCIB
support was added to mv_pci, so these configs are most likely just
stale. Other than NOTES that just leaves ALPINE as the one kernel with
PCI support not covered by GENERIC, but al_pci is supported by arm64
which enables NEW_PCIB, and it's just a generic_pcie_fdt_driver with
some fixup code to deal with quirks so should support PCI_RES_BUS just
fine. Therefore it is believed that all in-tree kernel configs support
NEW_PCIB in reality, and so let's take a step towards removing all the
non-NEW_PCIB code by having it always-on everywhere.
Reviewed by: emaste, jhb, manu
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D43806
(cherry picked from commit 121be555997b3d7727e50d15acabd0ffbf4a4247)
bsdinstall: Drop Error from title in netconfig no interfaces dialog
This isn't inherently an error. It is if you're attempting to download
dist tarballs or later install packages, but a FreeBSD system with no
NIC is a reasonable setup to have, especially in a throwaway VM setting,
so we shouldn't say it is one.
Leaving the exit code as 1 is still fine, since auto will ignore it, and
avoids breaking other uses.
MFC after: 1 week
(cherry picked from commit 7414d14bd51d8378057bbe952c2715b9f32d1d3e)
bsdinstall: Fix netconfig script when no interfaces are present
The script uses [ -z "$INTERFACES" ] to check if the list of interfaces
is empty and will exit early if so, but INTERFACES always contains at
least a space due to the way it appends the list of wireless devices.
Fix this by only adding the space when there are devices to append,
mirroring the behaviour for non-wireless devices above (both will result
in a redundant leading space when the list is non-empty, but that one is
harmless).
Fixes: 159ca5c844cd ("Adapt to new wireless scheme where base wlan interfaces do not show up in ifconfig anymore.")
MFC after: 1 week
(cherry picked from commit b809c7d6a26924ac351e49a15011da718cc3feec)
riscv: Remove the unused riscv64_cpu driver
This is a repeat of 63bf2d735ca3 ("Remove the unused arm64_cpu driver.")
for RISC-V, which copied the defunct code from arm64 with no changes
beyond substituting riscv64 for arm64, and made no use of it elsewhere.
It has thus always been entirely superfluous.
Reviewed by: mhorne
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43672
(cherry picked from commit 722b40377198e384a808f9561ae7262767068ab2)
riscv: Convert local interrupt controller to a newbus PIC
Currently the local interrupt controller implementation is based on
pre-INTRNG arm/arm64 code, using hand-rolled event code rather than
INTRNG. This then interacts weirdly with the PLIC, and other future
interrupt controllers like the APLIC and IMSICs in the upcoming AIA
specification, since they become the root PIC despite not being the
logical root. Instead, use a real newbus device for it and register
it as the root PIC.
This also adapts the IPI code to make use of the newly-added INTRNG
generic IPI handling framework, adding a new sbi_ipi as the PIC. In
future there will be alternative devices for sending IPIs that will
register with higher priorities, such as the proposed AIA IMSIC and
ACLINT SSWI.
Reviewed by: mhorne
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D35901
[2 lines not shown]
riscv: Create a newbus device for the SBI driver
This approach is based on the Arm PSCI driver, though that makes more
extensive use of its softc than we do here. This will be used to extract
the SBI IPI code as a real PIC.
Reviewed by: mhorne, imp
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D35900
(cherry picked from commit c55272fdf8570b4e15112009ad0066ed156f21a7)
intrng: Allow alternative IPI PICs to be registered and used
On RISC-V, the root PIC (whether the PLIC or, as will be the case in
future, the local interrupt controller) cannot send IPIs, relying on
another means to trigger the necessary software interrupts (firmware
calls), but there are upcoming standard devices that will be able to
inject them, so we can't just put the firmware calls in the root PIC
driver.
Thus, split out a new intr_ipi_dev from intr_irq_root_dev to use for
sending IPIs. New devices can be registered with a given priority up
until the first IPI is set up, when the best device seen so far gets
frozen as the IPI device to use.
Reviewed by: mhorne
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D35899
(cherry picked from commit 103d39efe0c68cb2a808c306b14c3f473a02535d)
intrng: Extract arm/arm64 IPI->PIC glue code
The arm and arm64 implementations of dispatching IPIs via PIC_IPI_SEND
are almost identical, and entirely MI with the lone exception of a
single store barrier on arm64 (that is likely either redundant or needed
on arm too). Thus, de-duplicate this code by moving it to INTRNG as a
generic IPI glue framework. The ipi_* functions remain declared in MD
smp.h headers and implemented in MD code, but are trivial wrappers
around intr_ipi_send that could be made MI, at least for INTRNG ports,
at a later date.
Note that, whilst both arm and arm64 had an ii_send member in intr_ipi
to abstract over how to send interrupts,, they were always ultimately
using PIC_IPI_SEND, and so this complexity has been removed. A follow-up
commit will re-introduce the same flexibility by instead allowing a
device other than the root PIC to be registered as the IPI sender.
As part of this, strengthen a MAXCPU assertion that was missed in commit
2f0b059eeafc ("intrng: switch from MAXCPU to mp_ncpus") (which itself is
[7 lines not shown]
