One function used `_input` without making it local, causing its value to
leak into other functions. This broke the `-f` case. Fix that instance
and initialize all local variables that weren't already initialized.
Fixes: 170d088290
MFC after: 3 days
Reviewed by: karels
Differential Revision: https://reviews.freebsd.org/D45204
Note that the ATF-C++ macros have the same issue, but they are not as
easily fixed.
MFC after: 3 days
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D45148
This /etc/resolv.conf:
# x
# nameserver 8.8.8.8
Still configured 8.8.8.8 as nameserver, because the comment detection in `ldns_resolver_new_frm_fp_l()` didn't anticipate empty lines before the comment.
This fix removed all comment handling from `ldns_resolver_new_frm_fp_l()`. Instead a new function is introduced `ldns_fget_token_l_resolv_conf()` that skips comments that start with '#' and ';'. The old `ldns_fget_token_l()` (that is used for zonefiles too) still accepts only ';' for comments.
This /etc/resolv.conf:
# x
# nameserver 8.8.8.8
Still configured 8.8.8.8 as nameserver, because the comment detection in `ldns_resolver_new_frm_fp_l()` didn't anticipate empty lines before the comment.
This fix removed all comment handling from `ldns_resolver_new_frm_fp_l()`. Instead a new function is introduced `ldns_fget_token_l_resolv_conf()` that skips comments that start with '#' and ';'. The old `ldns_fget_token_l()` (that is used for zonefiles too) still accepts only ';' for comments.
Soft updates dramatically improve the performance of UFS filesystems.
The newfs(8) utility currently does not enable them by default. The
FreeBSD installer enables soft updates by default. However custom
built installations that do not specify the -U option to newfs(8)
and the prebuilt UFS system images get filesystems without soft
updates enabled.
There are several testing sites that run benchmarks comparing the
performance of Linux distributions versus BSD distributions. When
they run filesystem comparison benchmarks they use newfs(8) to
create the UFS filesystem. Because it does not have soft updates
enabled it runs poorly versus the Linux ext4 filesystem. When I
have suggested to them that they should enable soft updates on the
UFS filesystem in their testing their response is that they expect
the utility that creates the filesystem to use optimal defaults and
that they cannot be expected to fiddle with various option settings.
The purpose of this change is to give a filesystem created with
newfs(8) reasonably optimal settings. For UFS2 this means enabling
soft updates. For UFS1 which tends to be used on small systems with
minimal memory and CPU speed, the lower memory footprint of running
without soft updates is a more sensible default.
This change adds a note in the section of the newfs(8) manual page
that describes the -U option for enabling soft updates that they
are enabled by default for UFS2 filesystems and that they can be
disabled by using tunefs(8).
Reviewed-by: Warner Losh, kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45201
It's a stupid warning, but some ports enable it by default and were
already defining _FORTIFY_SOURCE, thus exposing the new macros
immediately. This at least fixes the libfido2 build, perhaps others as
well.
While we're here, fix a fresh build of stand w/ FORTIFY_SOURCE enabled
by not pulling in the ssp headers if _STANDALONE is defined. We do not
have runtime support in libsa as of the time of writing.
Reported by: netchild
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
The WPA1/WPA2 driver capabilities aren't really enough in today's world.
There are a /lot/ more key management suites to support!
So, add initial support for net80211 and drivers to announce what
key management suites are supported. These are the list from 802.11-2016
section 9.4.2.25.3 (AKM suites.)
The flags are for software supported key management.
Drivers may support more key management suites and are welcome to
announce more; net80211 will only announce ones that we know
net80211 knows "enough" about to support correctly.
There /are/ other suites that may be interesting to some people in
the future that are not part of this set - eg if anyone ever
wants to support the Chinese WAPI standard - so this bitmap is not
specifically just the AKM suites in the RSN OUI.
This should eventually be communicated up to the wpa_supplicant and
hostapd via a replacement driver/vap capabilities call so they know
what to enable rather than just IEEE80211_C_WPA1 / IEEE80211_C_WPA2.
Differential Revision: https://reviews.freebsd.org/D44919
Reviewed by: bz
This allows a single wlan crypto module to register for more than
one cipher. Without it, duplicate linkerset structs are initialised
for the actual module loading machinery itself.
I've tested this in my private tree with wlan_ccmp providing both
128 and 256 bit cipher support.
Differential Revision: https://reviews.freebsd.org/D44901
Reviewed by: bz, cc, cy
Approved by: bz, cc, cy
This is effectively a no-op as we currently don't advertise these
ciphers as available anywhere.
Note though the intent to support 128 and 256 bit ciphers in the same
crypto module.
Differential Revision: https://reviews.freebsd.org/D44900
Reviewed by: cc, cy
Approved by: cc, cy
These are the bitmap / cipher module number fields used for net80211
ciphers.
This requires a kernel recompile, but nothing (currently) in userland
is using these.
Differential Revision: https://reviews.freebsd.org/D44899
Reviewed by: bz, cc
In the last 2nd edition import, I mistakenly grabbed from the 'main'
branch of upstream rather than the bsd-feature branch. This means that
we have a regression in awk from that point forward: all the
BSD-specific bit functions (and a few others) were dropped. This
restores it at the same level.
MFC After: 1 day
Sponsored by: Netflix
The prior import(s) of 2nd edition awk imported the 'main' branch of
OTA, not the bsd-feature branch, resulting in a regression for the
bsd-specific features. This re-imports those from the correct branch.
The loop counter is also the card's index, so ncards is redundant.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: dev_submerge.ch
Differential Revision: https://reviews.freebsd.org/D45144
The pmap_bti_same test in pmap_enter_l3c only happens in the
!ADDR_IS_KERNEL case; in the other case, a KASSERT fails. So move the
test into that case to save a bit of time when ADDR_IS_KERNEL.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D45160
Intersting/relevant changes since bmake-20240430
ChangeLog since bmake-20240430
2024-05-07 Simon J Gerraty <sjg@beast.crufty.net>
* VERSION (_MAKE_VERSION): 20240508
Merge with NetBSD make, pick up
o make: ensure variables set on command line get added to
.MAKEOVERRIDES (even if they start with '.') so they are passed to
sub-makes.
mk/ChangeLog since bmake-20240430
2024-05-04 Simon J Gerraty <sjg@beast.crufty.net>
* install-mk (MK_VERSION): 20240504
* dirdeps.mk: allow BUILD_DIRDEPS_OVERRIDES to pass overrides to
sub-make building DIRDEPS_CACHE.
These were previously installed by the GCC implementation of libssp, but
now they're installed once again with our implementation of
FORTIFY_SOURCE.
Reported by: jkim
Fixes: be04fec426 ("Import _FORTIFY_SOURCE implementation [...]")
Most of these were fixed when rebasing the patch forward, but this one
seems to have been missed.
Reported by: marck
Fixes: be04fec426 ("Import _FORTIFY_SOURCE implementation [...]")
It's easy to overlook the chain of events that lead to tr->deadline
being updated. Add a comment here to explain what otherwise looks like
an oversight w/o careful study.
Sponsored by: Netflix
We don't need to dereference qpair to get the ctrlr pointer each time,
so use the cached value. It's not going to change. No change intended.
Sponsored by: Netflix
nvme_qpair_complete_tracker and nvme_qpair_manual_complete_tracker have
to be called without the qpair lock, so assert its unowned.
Sponsored by: Netflix
Which allows tmpfs_pager_writecount_recalc() to reliably detect
reclaimed vnode and make its accesses to object->un_pager.swp.private
(== vp) safe against reclaim. Note that vnode instantiation already
assigns v_object under the object lock.
Reviewed by: markj
Reported and tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D45119
There is no reason not do do this, we already allow fork(2),
and I need vfork(2) for CHERI process colocation.
Reviewed by: brooks, emaste, oshogbo
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39829
User misconfiguration may lead to routing loops where we try to send the tunnel
packet into the tunnel. This eventually leads to stack overflows and panics.
Avoid this using if_tunnel_check_nesting(), which will drop the packet if we're
looping or we hit three layers of nested tunnels.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
access(), eaccess() and faccessat() will always dereference
symbolic links.
So add a note in the manual page, that lstat(2) should be
used in the case of symbolic links.
PR: 262895
Reviewed by: gbe, pauamma_gundo.com
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44890
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.
include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.
Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308