| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
libecc is not intended to be general use, other applications should
really be using openssl. pkg(7) uses libecc to align with the pkg(8)
project and its goals. This will be used in the upcoming support for
ECC in pkg(7).
Reviewed by: emaste
(cherry picked from commit 05427f4639bcf2703329a9be9d25ec09bb782742)
|
| |
|
|
|
|
|
| |
libder will be used in upcoming ECC support in the pkg(7) bootstrap to
read DER-encoded keys and signatures.
(cherry picked from commit f59bb61e1eb4d1e4fc3c60cc14779d0668267cb2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following is a changelog of new features and fixes to wpa:
hostapd:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
wpa_supplicant:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* MACsec
- add support for GCM-AES-256 cipher suite
- remove incorrect EAP Session-Id length constraint
- add hardware offload support for additional drivers
* HE/IEEE 802.11ax/Wi-Fi 6
- support BSS color updates
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* support OpenSSL 3.0 API changes
* improve EAP-TLS support for TLSv1.3
* EAP-SIM/AKA: support IMSI privacy
* improve mitigation against DoS attacks when PMF is used
* improve 4-way handshake operations
- discard unencrypted EAPOL frames in additional cases
- use Secure=1 in message 2 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* improve cross-AKM roaming with driver-based SME/BSS selection
* PASN
- extend support for secure ranging
- allow PASN implementation to be used with external programs for
Wi-Fi Aware
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible, but PMKSA
caching with FT-EAP was, and still is, disabled by default
* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
for using per-network random MAC addresses
* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
to improve security for still unfortunately common invalid
configurations that do not set ca_cert
* extend SCS support for QoS Characteristics
* extend MSCS support
* support unsynchronized service discovery (USD)
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
- in addition, verify SSID after key setup when beacon protection is
used
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* a large number of other fixes, cleanup, and extensions
Merge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5'
(cherry picked from commit a90b9d0159070121c221b966469c3e36d912bf82)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replace hand-rolled input tokenizer with openpam_readlinev() which supports line continuations and has better quoting and escaping.
* Simplify string handling by merging struct clnt_str and struct srvr_str into just struct tac_str.
* Each server entry in the configuration file can now have up to 255 AV pairs which will be appended to the ones returned by the server in response to a successful authorization request.
This allows nss_tacplus(8) to be used with servers which do not provide identity information beyond confirming the existence of the user.
This adds a dependency on libpam, however libtacplus is currently only used by pam_tacplus(8) (which is already always used with libpam) and the very recently added nss_tacplus(8) (which is extremely niche). In the longer term it might be a good idea to split this out into a separate library.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: pauamma_gundo.com, markj
Differential Revision: https://reviews.freebsd.org/D40285
Relnotes: yes
(cherry picked from commit 21850106fdda5269bc881f0e62839dff3d9edf47)
|
| |
|
|
|
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
Similar commit in main:
(cherry picked from commit d0b2dbfa0ecf)
|
| |
|
|
|
|
|
|
|
|
| |
This option has been equivalent to any form of C++ support since libstdc++
was removed. Therefore, replace all MK_LIBCPLUSPLUS uses with MK_CXX.
Reviewed By: emaste
Differential Revision: https://reviews.freebsd.org/D27974
(cherry picked from commit 5cf6f1c4bc281ac45ced086bc2e393f732f2fcc2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an initial commit for RDMA FreeBSD driver for Intel(R) Ethernet
Controller E810, called irdma. Supporting both RoCEv2 and iWARP
protocols in per-PF manner, RoCEv2 being the default.
Testing has been done using krping tool, perftest, ucmatose, rping,
ud_pingpong, rc_pingpong and others.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Reviewed by: #manpages (pauamma_gundo.com) [documentation]
Relnotes: yes
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D34690
(cherry picked from commit cdcd52d41e246ba1c0fcfad0769bd691487355ef)
(cherry picked from commit e602a30bb9fc7ee041a0e629d0fd2db7933ffa32)
(cherry picked from commit a6e275af46644af1de365a1edf19742bfa28bb69)
|
| |
|
|
|
|
|
|
| |
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D36463
(cherry picked from commit c65e42dbde4198ce46aef7ddac061390abe672dc)
(cherry picked from commit 4385a9f851bbbb88a4310ebfa929dfab01b6fc4d)
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.freebsd.org/D35766
(cherry picked from commit 0bbf2702963a2fe6f7bb025d5d07ee4195856b8f)
|
| |
|
|
|
|
|
|
|
|
| |
The += for unique assignments is equivalent to =. Make these confusing
assignments simply assignments.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D35242
(cherry picked from commit e343ebbfbe97104093ba1ab5d089e8363c170df5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move some of the code duplicated between ctld(8) and iscsid(8) into a
libiscsiutil library.
Sharing the low-level PDU code did require having a
'struct connection' base class with a method table to permit separate
initiator vs target behavior (e.g. in handling proxy PDUs).
Reviewed by: mav, emaste
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D33544
(cherry picked from commit 6378393308bc6bd81fb871dacf6b03cf1a390d8b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Allow projects based on the FreeBSD tree to append to _PRIVATELIBS
and _INTERNALLIBS by simply maintaining their own lists of
LOCAL_PRIVATELIBS and LOCAL_INTERNALLIBS, respectively.
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D33901
(cherry picked from commit d7f944a0460531cfb3ec9ae7d4bfd9dc29481ab8)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libssp_nonshared is a special case for (only) i386 and power*. Add a
comment explaining why, based on the original commit message that added
it.
MFC after: 1 week
Fixes: 0f61170882cb ("libssp_nonshared: use only on i386 and ppc")
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 9aa786cbb50e997739f31094dc8d45260f19c63c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From https://github.com/Yubico/libfido2:
libfido2 provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation
and assertion signatures.
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
protocols.
libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.
This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32448
(cherry picked from commit 7b1e19ad78c6a3f84f81cb1a16a39500f0337062)
(cherry picked from commit 93942379cced89ad4ac653f262ac8277a8550853)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From https://github.com/PJK/libcbor:
libcbor is a C library for parsing and generating CBOR, the general-
purpose schema-less binary data format.
libcbor will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.
cbor_export.h and configuration.h were generated by the upstream CMake
build. We could create them with bmake rules instead (as NetBSD has
done) but this is a fine start.
This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h, and there is
no need for libcbor without libfido2.
Reviewed by: kevans
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32347
(cherry picked from commit 2e85df652caef859c532b7e1e8a178c75f1a4a92)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Linux, libcrypto is available so a non-WITHOUT_OPENSSL build happens
to work, but on macOS it isn't available to be linked against (though
there is a versioned dylib for /usr/bin/openssl etc), and neither have
libmd so would both be broken under WITHOUT_OPENSSL. Since we're using
the system libarchive, further extend the hack to ensure _DP_archive is
empty.
Fixes: ed4050750c1a ("src.libnames.mk: Add hack to workaround libarchive not being bootstrapped")
MFC after: 1 week
(cherry picked from commit 70f1e13491f958ca9f48ac41903dc851fed6c0c5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When bootstrapping on FreeBSD we use -DNO_SHARED so this case is already
handled correctly, but on non-FreeBSD we set NO_SHARED to no in
Makefile.boot.pre as not all OSes have static libraries available. As a
result, users of libdwarf fail to link during the cross tools stage due
to the newly-introduced dependency of libdwarf on libz.
This should perhaps be reworked to instead leave NO_SHARED as yes but
have an override (either implicit in bsd.prog.mk, or explicit via a new
variable) to turn off just the use of -static.
MFC after: 1 week
(cherry picked from commit f0a6ab51e6da3e385856873b1c1c57a13f1c7eb3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We don't currently honour _DP_foo when bootstrapping on non-FreeBSD, and
so none of these values matter, but the next commit will change that as
we do need to pull in dependencies for libdwarf. We should really be
bootstrapping our libarchive for ar anyway rather than using the host's,
as well as have a better way to communicate to src.libnames.mk whether
or not a library is being bootstrapped.
MFC after: 1 week
(cherry picked from commit ed4050750c1ab35b1017afa7a998fbc8a62de454)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add libz to the dependencies for libdwarf. Otherwise, building older
branches on recent -CURRENT might fail in the cross-tools stage with:
ld: error: undefined symbol: uncompress
>>> referenced by libdwarf_elf_init.c:233 (/usr/src/contrib/elftoolchain/libdwarf/libdwarf_elf_init.c:233)
>>> libdwarf_elf_init.o:(_dwarf_elf_init) in archive /usr/lib/libdwarf.a
Direct commit to stable/13, since dbf05458e3bd has other libdwarf
changes to support compressed ELF sections, which are more intrusive.
|
| |
|
|
|
|
|
|
|
|
|
| |
In 9fae47666 zfsd got a libspl dependency to avoid undefined references.
However that workaround did not help external consumers of libzfs_core.
Fix all missing dependencies lld 13 and the rtld complain about.
Reviewed by: freqlabs, markj
(cherry picked from commit 9e9c651caceb9ecd17131e8bb29791ba4cf1cec7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current WPA build assumes a flat namespace. However the latest sources
from w1.fi now have a duplicate config.c, in two separate subdirectories.
The flat namespace will overwrite config.o with the output from the most
recently modified config.c, of which there are two of them.
This commit resolves this problem by building each component in
wpa's src subdirectory tree into its own .a archive, just as the w1.fi
upstream build as used by the port does. The advantages of this approach
are:
1. Duplicate source file names, i.e. config.c in the wpa_supplicant
direcory and another config.c in src/utils in the next wpa
will result in both compiles writing to the same .o file.
2. This restructure simplifies maintanence. A develper needs only to add
new files as identified by git status in the vendor branch to the
appropriate Makefile within the usr.sbin/wpa tree. This also reduces
time required to prepare a new import and should reduce error.
3. The new wpa build structure more closely represents the build as
performed by the upstream tarball.
This is in preparation for the next wpa update from w1.fi.
Reviewed by: philip
Tested by: philip
Differential Revision: https://reviews.freebsd.org/D30372
(cherry picked from commit 25ecdc7d52770caf1c9b44b5ec11f468f6b636f3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of having multiple kyua libraries, just include the files as part
of usr.bin/kyua. Previously, we would build each kyua source up to four
times: once as a .o file and once as a .pieo. Additionally, the kyua
libraries might be built again for compat32. As all the kyua libraries
amount to 102 C++ sources the build time is significant (especially when
using an assertions enabled compiler). This change ensures that we build
306 fewer .cpp source files as part of buildworld.
Reviewed By: brooks
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30967
Remove lib/kyua from the build
I forgot to include this line in 2eb9ad427475190e87d026de4ca7fc296947f2a0.
Reported by: Jenkins CI
MFC after: 1 week
Fixes: 2eb9ad427475190ei ("Simplify and speed up the kyua build")
Revert "Remove lib/kyua from the build"
Accidentally removed it from the wrong file...
This reverts commit 8ec4ba8a76aaf256942ac5996d45cc29022641ae.
Remove lib/kyua from the build
I forgot to include this line in 2eb9ad427475190e87d026de4ca7fc296947f2a0.
Reported by: Jenkins CI
MFC after: 1 week
Fixes: 2eb9ad427475190ei ("Simplify and speed up the kyua build")
(cherry picked from commit 2eb9ad427475190e87d026de4ca7fc296947f2a0)
(cherry picked from commit 8ec4ba8a76aaf256942ac5996d45cc29022641ae)
(cherry picked from commit 89da04fcaa33f100a60d06770f7424e5b7f1312f)
(cherry picked from commit c951566915886330612bee880d6ece0d65bf9f5d)
|
| |
|
|
|
|
|
|
|
|
| |
Introduce a library to wrap the pf ioctl interface.
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29562
(cherry picked from commit 0d71f9f36e6c1849fdaf6c1edc1178be07357034)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only keep the widechar version of ncurses as libncursesw.so.9
Keep the old name to avoid breaking the ABI compatibility (the non
widechar version libncurses.so.9 is not binary compatible with
libncursesw.so.9) since all ports and base are already only linking
against the widechar version we can simply remove libncurses.so.9
Since the .9 version only lived in the dev branch and never ended in a
release, it is simply removed and not added to any binary compat
package.
Add symlinks to keep build time compatibility for anyone linking against
-lncurses
|
| |
|
|
|
|
|
|
|
| |
Unconditionally install bsdgrep as grep, bootstrap or not. Remove all
build glue and stop installing both gnugrep and libgnuregex now that
all consumers of the latter are gone.
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27732
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VirtFS allows sharing an arbitrary directory tree between bhyve virtual
machine and the host. Current implementation has a fairly complete support
for 9P2000.L protocol, except for the extended attribute support. It has
been verified to work with the qemu-kvm hypervisor.
Reviewed by: rgrimes, emaste, jhb, trasz
Approved by: trasz (mentor)
MFC after: 1 month
Relnotes: yes
Sponsored by: Conclusive Engineering (development), vStack.com (funding)
Differential Revision: https://reviews.freebsd.org/D10335
Notes:
svn path=/head/; revision=366413
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bootonce feature is temporary, one time boot, activated by
"bectl activate -t BE", "bectl activate -T BE" will reset the bootonce flag.
By default, the bootonce setting is reset on attempt to boot and the next
boot will use previously active BE.
By setting zfs_bootonce_activate="YES" in rc.conf, the bootonce BE will
be set permanently active.
bootonce dataset name is recorded in boot pool labels, bootenv area.
in case of nextboot, the nextboot_enable boolean variable is recorded in
freebsd:nvstore nvlist, also stored in boot pool label bootenv area.
On boot, the loader will process /boot/nextboot.conf if nextboot_enable
is "YES", and will set nextboot_enable to "NO", preventing /boot/nextboot.conf
processing on next boot.
bootonce and nextboot features are usable in both UEFI and BIOS boot.
To use bootonce/nextboot features, the boot loader needs to be updated on disk;
if loader.efi is stored on ESP, then ESP needs to be updated and
for BIOS boot, stage2 (zfsboot or gptzfsboot) needs to be updated
(gpart or other tools).
At this time, only lua loader is updated.
Sponsored by: Netflix, Klara Inc.
Differential Revision: https://reviews.freebsd.org/D25512
Notes:
svn path=/head/; revision=365938
|
| |
|
|
|
|
|
|
|
|
|
| |
ld.bfd in particular requires -lm to come after libifconfig on the
command line when linking rescue.
Reviewed by: freqlabs, adrian
Differential Revision: https://reviews.freebsd.org/D26258
Notes:
svn path=/head/; revision=365282
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changeset introduces the new libnetmap library for writing
netmap applications.
Before libnetmap, applications could either use the kernel API
directly (e.g. NIOCREGIF/NIOCCTRL) or the simple header-only-library
netmap_user.h (e.g. nm_open(), nm_close(), nm_mmap() etc.)
The new library offers more functionalities than netmap_user.h:
- Support for complex netmap options, such as external memory
allocators or per-buffer offsets. This opens the way to future
extensions.
- More flexibility in the netmap port bind options, such as
non-numeric names for pipes, or the ability to specify the netmap
allocator that must be used for a given port.
- Automatic tracking of the netmap memory regions in use across the
open ports.
At the moment there is no man page, but the libnetmap.h header file
has in-depth documentation.
Reviewed by: hrs
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D26171
Notes:
svn path=/head/; revision=364936
|
| |
|
|
|
|
|
|
|
|
| |
libzfs_crypto.c uses PKCS5_PBKDF2_HMAC_SHA1 from libcrypto.
Reported by: John Kennedy
Sponsored by: iXsystems, Inc.
Notes:
svn path=/head/; revision=364861
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The primary benefit is maintaining a completely shared
code base with the community allowing FreeBSD to receive
new features sooner and with less effort.
I would advise against doing 'zpool upgrade'
or creating indispensable pools using new
features until this change has had a month+
to soak.
Work on merging FreeBSD support in to what was
at the time "ZFS on Linux" began in August 2018.
I first publicly proposed transitioning FreeBSD
to (new) OpenZFS on December 18th, 2018. FreeBSD
support in OpenZFS was finally completed in December
2019. A CFT for downstreaming OpenZFS support in
to FreeBSD was first issued on July 8th. All issues
that were reported have been addressed or, for
a couple of less critical matters there are
pull requests in progress with OpenZFS. iXsystems
has tested and dogfooded extensively internally.
The TrueNAS 12 release is based on OpenZFS with
some additional features that have not yet made
it upstream.
Improvements include:
project quotas, encrypted datasets,
allocation classes, vectorized raidz,
vectorized checksums, various command line
improvements, zstd compression.
Thanks to those who have helped along the way:
Ryan Moeller, Allan Jude, Zack Welch, and many
others.
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D25872
Notes:
svn path=/head/; revision=364746
|
| |
|
|
|
|
|
|
| |
Reviewed by: emaste, markj (previous version), bcr (man page)
Differential Revision: https://reviews.freebsd.org/D24688
Notes:
svn path=/head/; revision=364276
|
| |
|
|
|
|
|
|
|
|
|
|
| |
gtest tests want to use \w ([[:alnum:]]) at the very least, which was
causing them to fail after r363679.
Start linking against libregex so that this shorthand is implemented.
PR: 248452
Notes:
svn path=/head/; revision=363820
|
| |
|
|
|
|
|
|
| |
MFC after: 2 weeks
PR: 200142
Notes:
svn path=/head/; revision=362452
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r316063 installed pf's embedded libevent as a private lib, with headers
in /usr/include/private/event. Unfortunately we also have a copy of
libevent v2 included in ntp, which needed to be updated for compatibility
with OpenSSL 1.1.
As unadorned 'libevent' generally refers to libevent v2, be explicit that
this one is libevent v1.
Reviewed by: vangyzen (earlier)
Differential Revision: https://reviews.freebsd.org/D17275
Notes:
svn path=/head/; revision=361607
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the upstream man page (which we don't install), none of
libauditd's symbols are intended to be public. Also, I can't find any
evidence for a port that uses libauditd. Therefore, we should treat it like
other such libraries and use PRIVATELIB.
Reported by: phk
Reviewed by: cem, emaste
MFC after: 2 weeks
Notes:
svn path=/head/; revision=360088
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If INTERNALLIB is defined we need PIE and bsd.incs.mk is
not included.
PR: 245189
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org//D24233
Notes:
svn path=/head/; revision=359502
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes build with ld.bfd as the linker (e.g. on powerpc).
This corrects a bug in D24103.
Sponsored by: DARPA
Notes:
svn path=/head/; revision=359262
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having kyua in the base system will simplify automated testing in CI and
eliminates bootstrapping issues on new platforms.
The build of kyua is controlled by WITH(OUT)_TESTS_SUPPORT.
Reviewed by: emaste
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24103
Notes:
svn path=/head/; revision=359260
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It is added an INTERNALLIB and not installed. It will be used by kyua.
This is a preparatory commit for D24103.
Reviewed by: emaste
Obtained from: CheriBSD
Sponsored by: DARPA
Notes:
svn path=/head/; revision=359255
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The new liblua will be used in a forthcoming import of kyua.
Reviewed by: kevans
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24090
Notes:
svn path=/head/; revision=359045
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As described in Warner's email message[1] to the FreeBSD-arch mailing
list we have reached GCC 4.2.1's retirement date. At this time all
supported architectures either use in-tree Clang, or rely on external
toolchain (i.e., a contemporary GCC version from ports).
GCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later
that year, in r171825. GCC has served us well, but version 4.2.1 is
obsolete and not used by default on any architecture in FreeBSD. It
does not support modern C and does not support arm64 or RISC-V.
Thanks to everyone responsible for maintaining, updating, and testing
GCC in the FreeBSD base system over the years.
So long, and thanks for all the fish.
[1] https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019823.html
PR: 228919
Reviewed by: brooks, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23124
Notes:
svn path=/head/; revision=358454
|
| |
|
|
|
|
|
|
|
|
|
| |
libssp_nonshared.a defines one symbol, __stack_chk_fail_local. This
is used only on i386 and powerpc; other archs emit calls directly to
__stack_chk_fail. Simplify linking on other archs by omitting it.
PR: 242941 [exp-run]
Notes:
svn path=/head/; revision=357592
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For libssp.so, rebuild stack_protector.c with FORTIFY_SOURCE stubs that just
abort built into it.
For libssp_nonshared.a, steal stack_protector_compat.c from
^/lib/libc/secure and massage it to maintain that __stack_chk_fail_local
is a hidden symbol.
libssp is now built unconditionally regardless of {WITH,WITHOUT}_SSP in the
build environment, and the gcclibs version has been disconnected from the
build in favor of this one.
PR: 242950 (exp-run)
Reviewed by: kib, emaste, pfg, Oliver Pinter (earlier version)
Also discussed with: kan
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D22943
Notes:
svn path=/head/; revision=356356
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This will allow us to link against internal libraries when building
programs for the system's LIBCOMPAT ABI.
Reviewed by: bdrewery
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Notes:
svn path=/head/; revision=353594
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This provides a framework to define a template describing
a set of "variables of interest" and the intended way for
the framework to maintain them (for example the maximum, sum,
t-digest, or a combination thereof). Afterwards the user
code feeds in the raw data, and the framework maintains
these variables inside a user-provided, opaque stats blobs.
The framework also provides a way to selectively extract the
stats from the blobs. The stats(3) framework can be used in
both userspace and the kernel.
See the stats(3) manual page for details.
This will be used by the upcoming TCP statistics gathering code,
https://reviews.freebsd.org/D20655.
The stats(3) framework is disabled by default for now, except
in the NOTES kernel (for QA); it is expected to be enabled
in amd64 GENERIC after a cool down period.
Reviewed by: sef (earlier version)
Obtained from: Netflix
Relnotes: yes
Sponsored by: Klara Inc, Netflix
Differential Revision: https://reviews.freebsd.org/D20477
Notes:
svn path=/head/; revision=353283
|
| |
|
|
|
|
|
|
|
|
| |
libarchive is linked to libzstd
Pointy hat: bapt
Reported by: antoine
Notes:
svn path=/head/; revision=352483
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we have a way to obtain entropy in capability mode
(getrandom(2)), libcap_random is obsolete. Remove it.
Bump __FreeBSD_version in case anything happens to use it, though I've
found no consumers.
Reviewed by: delphij, emaste, oshogbo
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21033
Notes:
svn path=/head/; revision=350307
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NANDFS has been broken for years. Remove it. The NAND drivers that
remain are for ancient parts that are no longer relevant. They are
polled, have terrible performance and just for ancient arm
hardware. NAND parts have evolved significantly from this early work
and little to none of it would be relevant should someone need to
update to support raw nand. This code has been off by default for
years and has violated the vnode protocol leading to panics since it
was committed.
Numerous posts to arch@ and other locations have found no actual users
for this software.
Relnotes: Yes
No Objection From: arch@
Differential Revision: https://reviews.freebsd.org/D20745
Notes:
svn path=/head/; revision=349352
|
| |\
| |
| |
| | |
Notes:
svn path=/projects/import-googletest-1.8.1/; revision=344787
|
