Ticket #1895

(martin)

Pull up following revision(s) (requested by mrg in ticket #1895):

crypto/external/bsd/openssl/dist/crypto/sparccpuid.S: revision 1.11

fix SPARC v8/v9 detection code.

this code uses a trick where the encoding on both v8 and v9 are
the same, and are not illegal instructions, but that the v9 one
has a detectable difference than v8.

the idea is that we perform a "subcc" (set condition codes) which
sets "%ccr" on v9, which is an unimplemented "%asr2" on v8, then
we read %ccr (v9) or %asr2 (v8), which will always be 0x99 on v9,
and .. is non-trapping but impleentation defined on v8.

for many implementations this returns the value of the %y reg.

as nothing actually sets %y in this path, it remains the value it
was most recently set to by something (anything), and if it just
happens to be 0x99 then the v9 paths will be taken on v8.

fix this by clearing the %y register before the potential read.

fixes PR port-sparc/57594.  tested on ss20 and in qemu.  this
version of the patch has been submitted upstream.

(martin)

Ticket #1727

(martin)

Pull up following revision(s) (requested by mrg in ticket #1727):

crypto/external/bsd/openssl/dist/crypto/sparccpuid.S: revision 1.11

fix SPARC v8/v9 detection code.

this code uses a trick where the encoding on both v8 and v9 are
the same, and are not illegal instructions, but that the v9 one
has a detectable difference than v8.

the idea is that we perform a "subcc" (set condition codes) which
sets "%ccr" on v9, which is an unimplemented "%asr2" on v8, then
we read %ccr (v9) or %asr2 (v8), which will always be 0x99 on v9,
and .. is non-trapping but impleentation defined on v8.

for many implementations this returns the value of the %y reg.

as nothing actually sets %y in this path, it remains the value it
was most recently set to by something (anything), and if it just
happens to be 0x99 then the v9 paths will be taken on v8.

fix this by clearing the %y register before the potential read.

fixes PR port-sparc/57594.  tested on ss20 and in qemu.  this
version of the patch has been submitted upstream.

(martin)

Ticket #349

(martin)

Pull up following revision(s) (requested by mrg in ticket #349):

crypto/external/bsd/openssl/dist/crypto/sparccpuid.S: revision 1.11

fix SPARC v8/v9 detection code.

this code uses a trick where the encoding on both v8 and v9 are
the same, and are not illegal instructions, but that the v9 one
has a detectable difference than v8.

the idea is that we perform a "subcc" (set condition codes) which
sets "%ccr" on v9, which is an unimplemented "%asr2" on v8, then
we read %ccr (v9) or %asr2 (v8), which will always be 0x99 on v9,
and .. is non-trapping but impleentation defined on v8.

for many implementations this returns the value of the %y reg.

as nothing actually sets %y in this path, it remains the value it
was most recently set to by something (anything), and if it just
happens to be 0x99 then the v9 paths will be taken on v8.

fix this by clearing the %y register before the potential read.

fixes PR port-sparc/57594.  tested on ss20 and in qemu.  this
version of the patch has been submitted upstream.

(martin)

we don't have/need limits.h

(christos)

apply previous to just GCC.

(mrg)

drmkms: Fix module build.

(riastradh)

don't care about GCC 11 version (we've skipped it).

also, adjust version file path.

(mrg)

drm: Fix conditionals around drmkms_pci and agp.

Kernel should build now with all pci drm drivers stripped out but
DRM_LEGACY still enabled.  (Might not be very useful, but it'll
build.  Maybe we should also have DRM_LEGACY_PCI so those drivers can
be modloaded later.)

(riastradh)

adjust the prototype for sm11_hw_metric_calc_result() to reality.

it used to say res64[8] but was passed a res64[4], and only accessed
the first 4 elements anyway.

already fixed the same in newer Mesa.  fixes GCC 12 warning.

(mrg)

Tickets #345 - #348

(martin)

Pull up following revision(s) (requested by riastradh in ticket #348):

distrib/sets/lists/xbase/shl.mi: revision 1.103 (patch)
distrib/sets/lists/debug/shl.mi: revision 1.329 (patch)
distrib/sets/lists/xdebug/shl.mi: revision 1.69 (patch)
distrib/sets/lists/base/shl.mi: revision 1.969 (patch)

lists: Remove bogus libfoo.so.N and libfoo.so.N.M obsolete entries.

These must stay around so applications linked against them will still
work after upgrade, even if libfoo.so now points to libfoo.so.(N+1)
or libfoo.so.N.(M+1).

Exceptions:
- I'm willing to believe the rump modules have a different story so I
  left those obsolete entries alone.
- libuv.so was never supposed to be exposed publicly anyway and never
  went out in a release.  (Maybe this information should be recorded
  somewhere?)
- Same is probably true of lib{gmp,mpc,mpfr}.so, not sure of the
  history.  Maybe libg2c.so too, no idea what that is.
- libisns.so was moved from /usr/lib to /lib, so it's legitimate for
  the debug data to live there too now.  (XXX Maybe we should have a
  separate marker for this.)
- Libraries under /usr/tests are not used by normal applications, so
  they can safely be deleted when obsoleted.

Note: The libfoo.so symlink for a library that has been deleted
altogether, not just upgraded, can be obsoleted.  Loadable modules
that applications aren't linked against can be obsoleted, even if
some of them like npf ext_*.so or pam_*.so are formally versioned
(for reasons unclear to me).

Note: This means that incremental builds may complain about these
.so.N and .so.N.M files in destdir (PR misc/57581), but it's much
worse for an upgrade to break working applications.

(martin)

Pull up following revision(s) (requested by riastradh in ticket #347):

distrib/sets/lists/debug/shl.mi: revision 1.328
distrib/sets/lists/base/shl.mi: revision 1.968

base, debug: Remove obsolete entries for older libfido2.

The shared libraries need to stay around for applications on upgrade
(and the debug data should be kept too if the shared libraries are
kept).

(martin)

Pull up following revision(s) (requested by riastradh in ticket #346):

external/mpl/bind/lib/libbind9/shlib_version: revision 1.12
external/mpl/bind/lib/libisc/shlib_version: revision 1.12
crypto/external/bsd/heimdal/lib/libheimntlm/shlib_version: revision 1.3
external/bsd/libevent/Makefile.inc: revision 1.5
external/mpl/bind/lib/libdns/shlib_version: revision 1.12
external/bsd/lutok/lib/liblutok/shlib_version: revision 1.3
crypto/external/bsd/heimdal/lib/libkadm5clnt/shlib_version: revision 1.3
crypto/external/bsd/heimdal/lib/libkafs/shlib_version: revision 1.3
distrib/sets/lists/debug/shl.mi: revision 1.325
distrib/sets/lists/debug/shl.mi: revision 1.326
external/bsd/openldap/lib/libldap_r/shlib_version: revision 1.8
distrib/sets/lists/debug/shl.mi: revision 1.327
external/bsd/unbound/lib/libunbound/shlib_version: revision 1.4
external/bsd/libarchive/lib/libarchive/shlib_version: revision 1.3
lib/libradius/shlib_version: revision 1.6
crypto/external/bsd/heimdal/lib/libkadm5srv/shlib_version: revision 1.3
crypto/external/bsd/libsaslc/lib/shlib_version: revision 1.2
crypto/external/bsd/netpgp/libpaa/shlib_version: revision 1.2
external/mpl/bind/lib/libisccc/shlib_version: revision 1.12
external/mpl/bind/lib/libisccfg/shlib_version: revision 1.12
crypto/external/cpl/trousers/lib/libtspi/Makefile: revision 1.5
crypto/external/bsd/heimdal/lib/libsl/shlib_version: revision 1.3
external/mpl/bind/lib/libns/shlib_version: revision 1.12
crypto/external/bsd/heimdal/lib/libkrb5/shlib_version: revision 1.3
crypto/external/bsd/heimdal/lib/libhdb/shlib_version: revision 1.3
external/bsd/fetch/lib/shlib_version: revision 1.4
external/bsd/openldap/lib/libldap/shlib_version: revision 1.8
crypto/external/cpl/tpm-tools/lib/libtpm_unseal/Makefile: revision 1.4
distrib/sets/lists/base/shl.mi: revision 1.965
crypto/external/bsd/heimdal/lib/libkdc/shlib_version: revision 1.3
distrib/sets/lists/base/shl.mi: revision 1.966
crypto/external/bsd/heimdal/lib/libgssapi/shlib_version: revision 1.3
distrib/sets/lists/base/shl.mi: revision 1.967
external/mpl/bind/lib/libirs/shlib_version: revision 1.12
crypto/external/bsd/netpgp/lib/netpgp/shlib_version: revision 1.3
crypto/external/bsd/heimdal/lib/libhx509/shlib_version: revision 1.3
(all via patch)

Recursively revbump all dependents of libcrypto.
Otherwise any existing software linked against the openssl11
libcrypto.so.14 and any of these libraries will suddenly start
pulling in libcrypto.so.15 at the same time, leading to mayhem in the
address space.

PR lib/57603

heimdal/libsl: Belatedly bump major.
This is to address the major bump of libterminfo.so.9 in:
Author: roy <roy%NetBSD.org@localhost>
Date:  Fri Mar 13 15:19:24 2020 +0000
    terminfo: promote numeric parameters from short to int
That commit caught all the other dependent libraries except libsl.

liblutok.so: Bump major for recent Lua update.

(martin)

Pull up following revision(s) (requested by riastradh in ticket #345):

external/bsd/libfido2/dist/fuzz/clock.c        up to 1.1.1.1
external/bsd/libfido2/dist/fuzz/fuzz_pcsc.c    up to 1.1.1.1
external/bsd/libfido2/dist/fuzz/pcsc.c          up to 1.1.1.1
external/bsd/libfido2/dist/man/check.sh        up to 1.1.1.1
external/bsd/libfido2/dist/man/es384_pk_new.3  up to 1.1.1.1
external/bsd/libfido2/dist/openbsd-compat/bsd-asprintf.c up to 1.1.1.1
external/bsd/libfido2/dist/openbsd-compat/strsep.c up to 1.1.1.1
external/bsd/libfido2/dist/regress/compress.c  up to 1.1.1.1
external/bsd/libfido2/dist/regress/eddsa.c      up to 1.1.1.1
external/bsd/libfido2/dist/regress/es256.c      up to 1.1.1.1
external/bsd/libfido2/dist/regress/es384.c      up to 1.1.1.1
external/bsd/libfido2/dist/regress/rs256.c      up to 1.1.1.1
external/bsd/libfido2/dist/src/fido/es384.h    up to 1.1.1.1
external/bsd/libfido2/dist/src/es384.c          up to 1.1.1.1
external/bsd/libfido2/dist/src/fallthrough.h    up to 1.1.1.1
external/bsd/libfido2/dist/src/nfc.c            up to 1.1.1.1
external/bsd/libfido2/dist/src/pcsc.c          up to 1.1.1.1
external/bsd/libfido2/dist/src/rs1.c            up to 1.1.1.1
external/bsd/libfido2/dist/src/time.c          up to 1.1.1.1
external/bsd/libfido2/dist/src/touch.c          up to 1.1.1.1
external/bsd/libfido2/dist/src/tpm.c            up to 1.1.1.1
external/bsd/libfido2/dist/src/types.c          up to 1.1.1.1
external/bsd/libfido2/dist/src/util.c          up to 1.1.1.1
external/bsd/libfido2/dist/src/webauthn.h      up to 1.1.1.1
external/bsd/libfido2/dist/windows/const.ps1    up to 1.1.1.1
external/bsd/libfido2/dist/windows/cygwin.gpg  up to 1.1.1.1
external/bsd/libfido2/dist/windows/cygwin.ps1  up to 1.1.1.1
external/bsd/libfido2/dist/windows/release.ps1  up to 1.1.1.1
external/bsd/libfido2/dist/SECURITY.md          up to 1.1.1.1
external/bsd/libfido2/dist/openbsd-compat/hkdf.c delete
external/bsd/libfido2/dist/openbsd-compat/hkdf.h delete
external/bsd/libfido2/dist/CMakeLists.txt      up to 1.1.1.5
external/bsd/libfido2/dist/LICENSE              up to 1.1.1.3
external/bsd/libfido2/dist/NEWS                up to 1.1.1.5
external/bsd/libfido2/dist/README.adoc          up to 1.1.1.5
external/bsd/libfido2/dist/examples/CMakeLists.txt up to 1.1.1.4
external/bsd/libfido2/dist/examples/README.adoc up to 1.1.1.5
external/bsd/libfido2/dist/examples/assert.c    up to 1.1.1.4
external/bsd/libfido2/dist/examples/cred.c      up to 1.1.1.5
external/bsd/libfido2/dist/examples/extern.h    up to 1.1.1.3
external/bsd/libfido2/dist/examples/info.c      up to 1.1.1.5
external/bsd/libfido2/dist/examples/manifest.c  up to 1.1.1.4
external/bsd/libfido2/dist/examples/reset.c    up to 1.1.1.4
external/bsd/libfido2/dist/examples/retries.c  up to 1.1.1.4
external/bsd/libfido2/dist/examples/select.c    up to 1.1.1.3
external/bsd/libfido2/dist/examples/setpin.c    up to 1.1.1.4
external/bsd/libfido2/dist/examples/util.c      up to 1.1.1.4
external/bsd/libfido2/dist/fuzz/CMakeLists.txt  up to 1.1.1.4
external/bsd/libfido2/dist/fuzz/Dockerfile      up to 1.1.1.4
external/bsd/libfido2/dist/fuzz/Makefile        up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/README          up to 1.1.1.4
external/bsd/libfido2/dist/fuzz/build-coverage  up to 1.1.1.4
external/bsd/libfido2/dist/fuzz/dummy.h        up to 1.1.1.3
external/bsd/libfido2/dist/fuzz/export.gnu      up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/functions.txt  up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/fuzz_assert.c  up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/fuzz_bio.c      up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/fuzz_cred.c    up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/fuzz_credman.c  up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/fuzz_hid.c      up to 1.1.1.3
external/bsd/libfido2/dist/fuzz/fuzz_largeblob.c up to 1.1.1.2
external/bsd/libfido2/dist/fuzz/fuzz_mgmt.c    up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/fuzz_netlink.c  up to 1.1.1.2
external/bsd/libfido2/dist/fuzz/libfuzzer.c    up to 1.1.1.3
external/bsd/libfido2/dist/fuzz/mutator_aux.c  up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/mutator_aux.h  up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/preload-fuzz.c  up to 1.1.1.2
external/bsd/libfido2/dist/fuzz/preload-snoop.c up to 1.1.1.2
external/bsd/libfido2/dist/fuzz/report.tgz      up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/summary.txt    up to 1.1.1.5
external/bsd/libfido2/dist/fuzz/udev.c          up to 1.1.1.2
external/bsd/libfido2/dist/fuzz/wiredata_fido2.h up to 1.1.1.3
external/bsd/libfido2/dist/fuzz/wiredata_u2f.h  up to 1.1.1.2
external/bsd/libfido2/dist/fuzz/wrap.c          up to 1.1.1.3
external/bsd/libfido2/dist/fuzz/wrapped.sym    up to 1.1.1.4
external/bsd/libfido2/dist/man/CMakeLists.txt  up to 1.1.1.5
external/bsd/libfido2/dist/man/eddsa_pk_new.3  up to 1.1.1.2
external/bsd/libfido2/dist/man/es256_pk_new.3  up to 1.1.1.2
external/bsd/libfido2/dist/man/fido2-assert.1  up to 1.1.1.5
external/bsd/libfido2/dist/man/fido2-cred.1    up to 1.1.1.5
external/bsd/libfido2/dist/man/fido2-token.1    up to 1.1.1.5
external/bsd/libfido2/dist/man/fido_assert_allow_cred.3 up to 1.1.1.2
external/bsd/libfido2/dist/man/fido_assert_new.3 up to 1.1.1.5
external/bsd/libfido2/dist/man/fido_assert_set_authdata.3 up to 1.1.1.4
external/bsd/libfido2/dist/man/fido_assert_verify.3 up to 1.1.1.2
external/bsd/libfido2/dist/man/fido_bio_dev_get_info.3 up to 1.1.1.4
external/bsd/libfido2/dist/man/fido_bio_enroll_new.3 up to 1.1.1.2
external/bsd/libfido2/dist/man/fido_bio_info_new.3 up to 1.1.1.2
external/bsd/libfido2/dist/man/fido_bio_template.3 up to 1.1.1.4
external/bsd/libfido2/dist/man/fido_cbor_info_new.3 up to 1.1.1.5
external/bsd/libfido2/dist/man/fido_cred_exclude.3 up to 1.1.1.2
external/bsd/libfido2/dist/man/fido_cred_new.3  up to 1.1.1.4
external/bsd/libfido2/dist/man/fido_cred_set_authdata.3 up to 1.1.1.4
external/bsd/libfido2/dist/man/fido_cred_verify.3 up to 1.1.1.4
external/bsd/libfido2/dist/man/fido_credman_metadata_new.3 up to 1.1.1.5
external/bsd/libfido2/dist/man/fido_dev_enable_entattest.3 up to 1.1.1.3
external/bsd/libfido2/dist/man/fido_dev_get_assert.3 up to 1.1.1.2
external/bsd/libfido2/dist/man/fido_dev_get_touch_begin.3 up to 1.1.1.2
external/bsd/libfido2/dist/man/fido_dev_info_manifest.3 up to 1.1.1.2
external/bsd/libfido2/dist/man/fido_dev_largeblob_get.3 up to 1.1.1.2
external/bsd/libfido2/dist/man/fido_dev_make_cred.3 up to 1.1.1.3
external/bsd/libfido2/dist/man/fido_dev_open.3  up to 1.1.1.5
external/bsd/libfido2/dist/man/fido_dev_set_io_functions.3 up to 1.1.1.3
external/bsd/libfido2/dist/man/fido_dev_set_pin.3 up to 1.1.1.3
external/bsd/libfido2/dist/man/fido_init.3      up to 1.1.1.3
external/bsd/libfido2/dist/man/fido_strerr.3    up to 1.1.1.2
external/bsd/libfido2/dist/man/rs256_pk_new.3  up to 1.1.1.2
external/bsd/libfido2/dist/openbsd-compat/clock_gettime.c up to 1.1.1.2
external/bsd/libfido2/dist/openbsd-compat/endian_win32.c up to 1.1.1.2
external/bsd/libfido2/dist/openbsd-compat/openbsd-compat.h up to 1.1.1.4
external/bsd/libfido2/dist/regress/CMakeLists.txt up to 1.1.1.2
external/bsd/libfido2/dist/regress/assert.c    up to 1.1.1.4
external/bsd/libfido2/dist/regress/cred.c      up to 1.1.1.5
external/bsd/libfido2/dist/regress/dev.c        up to 1.1.1.3
external/bsd/libfido2/dist/src/CMakeLists.txt  up to 1.1.1.5
external/bsd/libfido2/dist/src/aes256.c        up to 1.1.1.3
external/bsd/libfido2/dist/src/assert.c        up to 1.3
external/bsd/libfido2/dist/src/authkey.c        up to 1.1.1.3
external/bsd/libfido2/dist/src/bio.c            up to 1.1.1.4
external/bsd/libfido2/dist/src/blob.c          up to 1.1.1.3
external/bsd/libfido2/dist/src/blob.h          up to 1.1.1.3
external/bsd/libfido2/dist/src/buf.c            up to 1.1.1.3
external/bsd/libfido2/dist/src/cbor.c          up to 1.1.1.5
external/bsd/libfido2/dist/src/compress.c      up to 1.1.1.2
external/bsd/libfido2/dist/src/config.c        up to 1.1.1.3
external/bsd/libfido2/dist/src/cred.c          up to 1.3
external/bsd/libfido2/dist/src/credman.c        up to 1.1.1.5
external/bsd/libfido2/dist/src/dev.c            up to 1.1.1.5
external/bsd/libfido2/dist/src/diff_exports.sh  up to 1.1.1.3
external/bsd/libfido2/dist/src/ecdh.c          up to 1.1.1.3
external/bsd/libfido2/dist/src/eddsa.c          up to 1.1.1.4
external/bsd/libfido2/dist/src/err.c            up to 1.1.1.4
external/bsd/libfido2/dist/src/es256.c          up to 1.1.1.4
external/bsd/libfido2/dist/src/export.gnu      up to 1.1.1.5
external/bsd/libfido2/dist/src/export.llvm      up to 1.1.1.5
external/bsd/libfido2/dist/src/export.msvc      up to 1.1.1.5
external/bsd/libfido2/dist/src/extern.h        up to 1.1.1.5
external/bsd/libfido2/dist/src/fido.h          up to 1.1.1.5
external/bsd/libfido2/dist/src/hid.c            up to 1.1.1.4
external/bsd/libfido2/dist/src/hid_freebsd.c    up to 1.1.1.2
external/bsd/libfido2/dist/src/hid_hidapi.c    up to 1.1.1.4
external/bsd/libfido2/dist/src/hid_linux.c      up to 1.1.1.5
external/bsd/libfido2/dist/src/hid_netbsd.c    up to 1.4
external/bsd/libfido2/dist/src/hid_openbsd.c    up to 1.1.1.4
external/bsd/libfido2/dist/src/hid_osx.c        up to 1.1.1.4
external/bsd/libfido2/dist/src/hid_unix.c      up to 1.1.1.2
external/bsd/libfido2/dist/src/hid_win.c        up to 1.1.1.4
external/bsd/libfido2/dist/src/info.c          up to 1.1.1.5
external/bsd/libfido2/dist/src/io.c            up to 1.1.1.5
external/bsd/libfido2/dist/src/iso7816.c        up to 1.1.1.4
external/bsd/libfido2/dist/src/iso7816.h        up to 1.1.1.3
external/bsd/libfido2/dist/src/largeblob.c      up to 1.1.1.3
external/bsd/libfido2/dist/src/log.c            up to 1.1.1.4
external/bsd/libfido2/dist/src/netlink.c        up to 1.1.1.2
external/bsd/libfido2/dist/src/netlink.h        up to 1.1.1.2
external/bsd/libfido2/dist/src/nfc_linux.c      up to 1.1.1.2
external/bsd/libfido2/dist/src/packed.h        up to 1.1.1.2
external/bsd/libfido2/dist/src/pin.c            up to 1.1.1.5
external/bsd/libfido2/dist/src/random.c        up to 1.1.1.2
external/bsd/libfido2/dist/src/reset.c          up to 1.1.1.3
external/bsd/libfido2/dist/src/rs256.c          up to 1.1.1.3
external/bsd/libfido2/dist/src/u2f.c            up to 1.1.1.5
external/bsd/libfido2/dist/src/winhello.c      up to 1.1.1.2
external/bsd/libfido2/dist/src/fido/bio.h      up to 1.1.1.2
external/bsd/libfido2/dist/src/fido/config.h    up to 1.1.1.2
external/bsd/libfido2/dist/src/fido/credman.h  up to 1.1.1.3
external/bsd/libfido2/dist/src/fido/eddsa.h    up to 1.1.1.2
external/bsd/libfido2/dist/src/fido/err.h      up to 1.1.1.4
external/bsd/libfido2/dist/src/fido/es256.h    up to 1.1.1.2
external/bsd/libfido2/dist/src/fido/param.h    up to 1.1.1.4
external/bsd/libfido2/dist/src/fido/rs256.h    up to 1.1.1.2
external/bsd/libfido2/dist/src/fido/types.h    up to 1.1.1.5
external/bsd/libfido2/dist/tools/CMakeLists.txt up to 1.1.1.4
external/bsd/libfido2/dist/tools/assert_get.c  up to 1.1.1.4
external/bsd/libfido2/dist/tools/assert_verify.c up to 1.1.1.4
external/bsd/libfido2/dist/tools/base64.c      up to 1.1.1.3
external/bsd/libfido2/dist/tools/bio.c          up to 1.1.1.3
external/bsd/libfido2/dist/tools/config.c      up to 1.1.1.2
external/bsd/libfido2/dist/tools/cred_make.c    up to 1.1.1.4
external/bsd/libfido2/dist/tools/cred_verify.c  up to 1.1.1.3
external/bsd/libfido2/dist/tools/credman.c      up to 1.1.1.5
external/bsd/libfido2/dist/tools/extern.h      up to 1.1.1.5
external/bsd/libfido2/dist/tools/fido2-assert.c up to 1.1.1.4
external/bsd/libfido2/dist/tools/fido2-attach.sh up to 1.1.1.2
external/bsd/libfido2/dist/tools/fido2-cred.c  up to 1.1.1.4
external/bsd/libfido2/dist/tools/fido2-detach.sh up to 1.1.1.2
external/bsd/libfido2/dist/tools/fido2-token.c  up to 1.1.1.5
external/bsd/libfido2/dist/tools/fido2-unprot.sh up to 1.1.1.2
external/bsd/libfido2/dist/tools/include_check.sh up to 1.1.1.3
external/bsd/libfido2/dist/tools/largeblob.c    up to 1.1.1.2
external/bsd/libfido2/dist/tools/pin.c          up to 1.1.1.3
external/bsd/libfido2/dist/tools/test.sh        up to 1.1.1.4
external/bsd/libfido2/dist/tools/token.c        up to 1.1.1.5
external/bsd/libfido2/dist/tools/util.c        up to 1.4
external/bsd/libfido2/dist/udev/70-u2f.rules    up to 1.1.1.4
external/bsd/libfido2/dist/udev/CMakeLists.txt  up to 1.1.1.2
external/bsd/libfido2/dist/udev/check.sh        up to 1.1.1.2
external/bsd/libfido2/dist/udev/fidodevs        up to 1.1.1.3
external/bsd/libfido2/dist/udev/genrules.awk    up to 1.1.1.2
external/bsd/libfido2/dist/windows/build.ps1    up to 1.1.1.5
distrib/sets/lists/man/mi: revision 1.1763
distrib/sets/lists/debug/shl.mi: revision 1.321
external/bsd/libfido2/lib/Makefile: revision 1.11
distrib/sets/lists/comp/mi: revision 1.2447
distrib/sets/lists/comp/mi: revision 1.2448
distrib/sets/lists/base/shl.mi: revision 1.960

libfido2: Update from 1.8.0 to 1.13.0.

(martin)

Add missing file

(christos)

certctl(8): Fix permissions on ca-certificates.crt bundle: 0644.

While here, write it atomically: write to .tmp first, then rename
when done; this way applications never see a partially-written bundle
at /etc/openssl/certs/ca-certificates.crt.

(riastradh)

certctl(8): Test permissions of ca-certificates.crt.

Inadvertently created 0600 instead of 0644 due to copying file
created by mktemp(1) with cp(1).

(riastradh)

match warnings with the module build, fixes i386 with GCC 12.

(mrg)

panic on an condition that shouldn't be possible.

appease GCC 12.

(mrg)

apply -Wno-maybe-uninitialized to chacha_sse2.c.

there's a clearly initialised memory region that is claimed as
being maybe uninitialised, and this test-build version of it
triggers it while the normal build doesn't.

(mrg)

add description & deps for gpu-firmware-base set.

(mrg)

turn off -Walloc-size-larger-than for xinput.c

on 32-bit platforms, an expression claims the input can exceed 2G,
more than malloc() can take.  i'm pretty sure that the maximum is
actually quite a lot less (seems to be max 255*12 plus <100.)

(mrg)

revive the ./usr/libdata/debug/usr/lib/libisns.so.0.0.debug entry

however, remove the 'obsolete' tag from it.

fixes the amd64 build (at least).

(mrg)

ti_com.c: set sc_type to COM_TYPE_OMAP

Avoid a kernel hang reported by Brook Milligan in PR port-arm/57598.
Patch suggested by RVP, seems correct to several of us. (If this
introduces a regression with some board, sorry, mea culpa. But in
that case we should still be carrying this, just conditionalized.)

(gutteridge)

apply -Wno-dangling-pointer to callcontext.c.

puffs_cc_getcc() uses a mask against a stack variable to find the
struct puffs_cc stashed below the stack, triggering the dangling
pointer problem.

(mrg)

fix the vax build. we could do better by choosing larger exponents.

(christos)

"make release" has included sanitizers with GCC 12 for a while.

(mrg)

more new man pages

(christos)

apply ${CC_WNO_STRINGOP_OVERFLOW} for crypt.c.

init_perm() takes a larger array than IE3264[] is, but it doesn't use more
for this instance.

(mrg)

mask a value with the array size mask to avoid a GCC 12 warning.

i'm fairly sure this can't actually happen, but it likely avoids
any potential bug without real issue.

(mrg)

apply some warning disables for GCC 12.

*possibly* the one for intel_dp.c is a real bug but it seems very
difficult to be sure (i can't seem to convince myself either way.)

(mrg)

lists: Remove more bogus shlib obsolete entries.

Too much trouble to have to remember about libuv.so, libgmp.so, &c.
Just apply the rule uniformly.

All that's left is test libraries and loadable modules.

Searched with:

git grep 'lib.*\.so\.[0-9][0-9]*.*obsolete' distrib/sets/lists \
| grep -v '/modules/' \
| grep -v '/locale/lib/' \
| grep -v '/lib/npf/' \
| grep -v '/lib/librump' \
| grep -v '/lib/netbsd/libclang_rt' \
| grep -v '/runemodule/'

(riastradh)

convert a KASSERT() into an if () panic() sequence to appease GCC 12.

OK riastradh@.

(mrg)

document x86 curlwp/curcpu hack for GCC 12.

(mrg)

x86: avoid annoying GCC 12 bounds check in curcpu() and curlwp().

these functions read %gs and return an pointer at an offset from this
value (the current cpu, or lwp pointers), and GCC is complaining that
they're accessing a array cpu_info[0] (ie, zero length, no storage.)

several attempts to workaround it have failed, and because of the
asm volatile nature of this, it seems very unlikely a compiler would
take this and do something wrong with it.

(mrg)

2 more pages

(christos)

fix pointer vs array function definition issues.

for the backend End and Data functions, use "char buf[HASH_STRLEN]"
instead of "char *buf", to match the public functions.

fixes GCC 12 warning.

(mrg)

lists: Remove bogus libfoo.so.N and libfoo.so.N.M obsolete entries.

These must stay around so applications linked against them will still
work after upgrade, even if libfoo.so now points to libfoo.so.(N+1)
or libfoo.so.N.(M+1).

Exceptions:

- I'm willing to believe the rump modules have a different story so I
  left those obsolete entries alone.

- libuv.so was never supposed to be exposed publicly anyway and never
  went out in a release.  (Maybe this information should be recorded
  somewhere?)

- Same is probably true of lib{gmp,mpc,mpfr}.so, not sure of the
  history.  Maybe libg2c.so too, no idea what that is.

- libisns.so was moved from /usr/lib to /lib, so it's legitimate for
  the debug data to live there too now.  (XXX Maybe we should have a
  separate marker for this.)

- Libraries under /usr/tests are not used by normal applications, so
  they can safely be deleted when obsoleted.

Note: The libfoo.so symlink for a library that has been deleted
altogether, not just upgraded, can be obsoleted.  Loadable modules
that applications aren't linked against can be obsoleted, even if
some of them like npf ext_*.so or pam_*.so are formally versioned
(for reasons unclear to me).

Note: This means that incremental builds may complain about these
.so.N and .so.N.M files in destdir (PR misc/57581), but it's much
worse for an upgrade to break working applications.

(riastradh)

base, debug: Remove obsolete entries for older libfido2.

The shared libraries need to stay around for applications on upgrade
(and the debug data should be kept too if the shared libraries are
kept).

(riastradh)

libc_aligned, libc_fp: Add missing close-paren.

Did this ever work?

(riastradh)

libss, liblwres: Delete makefiles for long-dead external libraries.

No functional change intended -- these haven't been used in years.

(riastradh)

liblutok.so: Bump major for recent Lua update.

XXX pullup-10

(riastradh)

heimdal/libsl: Belatedly bump major.

This is to address the major bump of libterminfo.so.9 in:

Author: roy <roy@NetBSD.org>
Date:  Fri Mar 13 15:19:24 2020 +0000

    terminfo: promote numeric parameters from short to int

That commit caught all the other dependent libraries except libsl.

XXX pullup-10

(riastradh)

Recursively revbump all dependents of libcrypto.

Otherwise any existing software linked against the openssl11
libcrypto.so.14 and any of these libraries will suddenly start
pulling in libcrypto.so.15 at the same time, leading to mayhem in the
address space.

PR lib/57603

XXX pullup-10

(riastradh)

Ticket #1894

(martin)

Pull up following revision(s) (requested by msaitoh in ticket #1894):

sys/dev/pci/if_wmvar.h: revision 1.50
sys/dev/pci/if_wm.c: revision 1.783,1.784 via patch

Delay sending LINK_STATE_UP to prevent dropping packets on I35[04] and I21[01].

Some (not all) systems use I35[04] or I21[01] don't send packet soon
after linkup. The MAC send a packet to the PHY and any error is not
observed. This behavior causes a problem that gratuitous ARP and/or
IPv6 DAD packet are silently dropped. To avoid this problem, don't
call mii_pollstat() here which will send LINK_STATE_UP notification
to the upper layer. Instead, mii_pollstat() will be called in
wm_gmii_mediastatus() or mii_tick() will be called in wm_tick().

Note that the similar workaround is in Linux's igb driver though it's
only for I21[01].

OK'd by hikaru@ and knakahara@.

Fix #ifdef WM_DEBUG code in wm_gmii_i82544_{read,write}reg_locked.

(martin)

Ticket #1726

(martin)

Pull up following revision(s) (requested by msaitoh in ticket #344):

sys/dev/pci/if_wmvar.h: revision 1.50
sys/dev/pci/if_wm.c: revision 1.783,1.784 via patch

Delay sending LINK_STATE_UP to prevent dropping packets on I35[04] and I21[01].

Some (not all) systems use I35[04] or I21[01] don't send packet soon
after linkup. The MAC send a packet to the PHY and any error is not
observed. This behavior causes a problem that gratuitous ARP and/or
IPv6 DAD packet are silently dropped. To avoid this problem, don't
call mii_pollstat() here which will send LINK_STATE_UP notification
to the upper layer. Instead, mii_pollstat() will be called in
wm_gmii_mediastatus() or mii_tick() will be called in wm_tick().

Note that the similar workaround is in Linux's igb driver though it's
only for I21[01].

OK'd by hikaru@ and knakahara@.

Fix #ifdef WM_DEBUG code in wm_gmii_i82544_{read,write}reg_locked.

(martin)

Tickets #342 - #344

(martin)

Pull up following revision(s) (requested by msaitoh in ticket #344):

sys/dev/pci/if_wmvar.h: revision 1.50
sys/dev/pci/if_wm.c: revision 1.783
sys/dev/pci/if_wm.c: revision 1.784

Delay sending LINK_STATE_UP to prevent dropping packets on I35[04] and I21[01].

Some (not all) systems use I35[04] or I21[01] don't send packet soon
after linkup. The MAC send a packet to the PHY and any error is not
observed. This behavior causes a problem that gratuitous ARP and/or
IPv6 DAD packet are silently dropped. To avoid this problem, don't
call mii_pollstat() here which will send LINK_STATE_UP notification
to the upper layer. Instead, mii_pollstat() will be called in
wm_gmii_mediastatus() or mii_tick() will be called in wm_tick().

Note that the similar workaround is in Linux's igb driver though it's
only for I21[01].

OK'd by hikaru@ and knakahara@.

Fix #ifdef WM_DEBUG code in wm_gmii_i82544_{read,write}reg_locked.

(martin)

Pull up following revision(s) (requested by riastradh in ticket #343):

external/mpl/mozilla-certdata/dist/certdata.txt: revision 1.1.1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G3.pem: revision 1.1
distrib/sets/lists/man/mi: revision 1.1764
external/mpl/mozilla-certdata/share/certs/ACCVRAIZ1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem: revision 1.1
tests/usr.sbin/certctl/certs4/DigiCert_Global_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_R46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_E45.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_ECC.pem: revision 1.1
tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1
tests/usr.sbin/certctl/certs2/GTS_Root_R1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Izenpe.com.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_2.pem: revision 1.1
tests/usr.sbin/certctl/certs4/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Global_Chambersign_Root_-_2008.pem: revision 1.1
distrib/sets/lists/etc/mi: revision 1.272
external/mpl/mozilla-certdata/share/certs/ISRG_Root_X1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TunTrust_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_BR_Root_CA_1_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_RSA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_EC-384_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/IdenTrust_Public_Sector_Root_CA_1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_EC1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SZAFIR_ROOT_CA2.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.1
external/mpl/mozilla-certdata/share/certs/UCA_Global_G2_Root.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_Client_ECC_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/COMODO_ECC_Certification_Authority.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.2
tests/usr.sbin/certctl/certs1/DigiCert_Global_Root_CA.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.3
external/mpl/mozilla-certdata/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GTS_Root_R2.pem: revision 1.1
usr.sbin/certctl/certctl.sh: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.4
external/mpl/mozilla-certdata/share/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SwissSign_Silver_CA_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Starfield_Class_2_CA.pem: revision 1.1
usr.sbin/certctl/certctl.sh: revision 1.2
tests/usr.sbin/certctl/t_certctl.sh: revision 1.5
usr.sbin/certctl/certctl.sh: revision 1.3
tests/usr.sbin/certctl/t_certctl.sh: revision 1.6
usr.sbin/certctl/certctl.sh: revision 1.4
tests/usr.sbin/certctl/t_certctl.sh: revision 1.7
external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.8
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_E46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Hongkong_Post_Root_CA_3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/ANF_Secure_Server_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Chambers_of_Commerce_Root_-_2008.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Go_Daddy_Class_2_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/USERTrust_RSA_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P384_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certdata.awk: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_TLS_ECC_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_R46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TrustCor_ECA-1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_ECC_Root_CA_2022.pem: revision 1.1
usr.sbin/Makefile: revision 1.292
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/CA_Disig_Root_R2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_C1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R6.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Trusted_Root_G4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/vTrus_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_R46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-2.pem: revision 1.1
etc/mtree/special: revision 1.176
external/mpl/mozilla-certdata/share/certs/USERTrust_ECC_Certification_Authority.pem: revision 1.1
etc/mtree/special: revision 1.177
etc/mtree/special: revision 1.178
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium_ECC.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/vTrus_ECC_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_ECC_P384_Root_G5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/NAVER_Global_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/server.trust: revision 1.1
external/mpl/mozilla-certdata/share/certs/SecureTrust_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/code.trust: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_RSA_Root_CA_2022.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_RSA4096_Root_G5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G2.pem: revision 1.1
tests/usr.sbin/certctl/certs1/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_E46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TWCA_Global_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_RSA4096_Root_G5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Client_ECC_Root_CA_2022.pem: revision 1.1
share/man/man7/hier.7: revision 1.141
external/mpl/mozilla-certdata/share/certs/Certigna.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/certSIGN_Root_CA_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certigna_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GTS_Root_R4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Telia_Root_CA_v2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TWCA_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Buypass_Class_2_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_C3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GTS_Root_R1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Client_RSA_Root_CA_2022.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HiPKI_Root_CA_-_G1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Starfield_Root_Certificate_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SwissSign_Gold_CA_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GB_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Networking.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1
tests/usr.sbin/certctl/Makefile.inc: revision 1.1
external/mpl/mozilla-certdata/share/certs/COMODO_RSA_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA_2.pem: revision 1.1
tests/usr.sbin/certctl/certs2/GlobalSign_Root_CA_-_R3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GC_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Commercial.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Buypass_Class_3_Root_CA.pem: revision 1.1
distrib/sets/lists/tests/mi: revision 1.1292
external/mpl/mozilla-certdata/share/certs/UCA_Extended_Validation_Root.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P256_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2.pem: revision 1.1
external/mpl/mozilla-certdata/share/email.trust: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_2011.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_EV_Root_CA_1_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/ePKI_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R4.pem: revision 1.1
tests/usr.sbin/certctl/certs2/Makefile: revision 1.1
tests/usr.sbin/Makefile: revision 1.8
external/mpl/mozilla-certdata/share/certs/Trustwave_Global_Certification_Authority.pem: revision 1.1
tests/usr.sbin/certctl/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/IdenTrust_Commercial_Root_CA_1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_ECC_P384_Root_G5.pem: revision 1.1
tests/usr.sbin/certctl/certs1/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3.pem: revision 1.1
external/mpl/mozilla-certdata/share/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/Makefile: revision 1.2
external/mpl/mozilla-certdata/share/certs/Microsec_e-Szigno_Root_CA_2009.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_Client_RSA_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GDCA_TrustAUTH_R5_ROOT.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_3.pem: revision 1.1
tests/usr.sbin/certctl/certs4/AC_RAIZ_FNMT-RCM.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/ISRG_Root_X2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_CA_3_2013.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Microsoft_RSA_Root_Certificate_Authority_2017.pem: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.252
external/mpl/mozilla-certdata/share/certs/CFCA_EV_ROOT.pem: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.253
external/mpl/mozilla-certdata/share/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_G1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Microsoft_ECC_Root_Certificate_Authority_2017.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1
usr.sbin/certctl/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_ECC_RootCA1.pem: revision 1.1
usr.sbin/certctl/Makefile: revision 1.2
usr.sbin/certctl/Makefile: revision 1.3
external/mpl/mozilla-certdata/share/certs/GTS_Root_R3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/e-Szigno_Root_CA_2017.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/certSIGN_ROOT_CA.pem: revision 1.1
doc/3RDPARTY: revision 1.1949
external/mpl/mozilla-certdata/share/certs/Certainly_Root_R1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TeliaSonera_Root_CA_v1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_TLS_RSA_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/NetLock_Arany_Class_Gold.pem: revision 1.1
usr.sbin/postinstall/postinstall.in: revision 1.53
usr.sbin/postinstall/postinstall.in: revision 1.54
tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1
etc/Makefile: revision 1.467
usr.sbin/postinstall/postinstall.in: revision 1.55
tests/usr.sbin/certctl/certs3/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/GLOBALTRUST_2020.pem: revision 1.1
etc/mtree/NetBSD.dist.tests: revision 1.200
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_1_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Actalis_Authentication_Root_CA.pem: revision 1.1
distrib/sets/lists/base/mi: revision 1.1326
distrib/sets/lists/base/mi: revision 1.1327
external/mpl/mozilla-certdata/share/certs/SecureSign_RootCA11.pem: revision 1.1
distrib/sets/lists/base/mi: revision 1.1328
external/mpl/mozilla-certdata/share/certs/Comodo_AAA_Services_root.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2_G3.pem: revision 1.1
distrib/sets/lists/base/mi: revision 1.1329
external/mpl/mozilla-certdata/share/certs/COMODO_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_High_Assurance_EV_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_R45.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Secure_Global_CA.pem: revision 1.1
usr.sbin/certctl/certctl.8: revision 1.1
external/mpl/mozilla-certdata/share/certs/XRamp_Global_CA_Root.pem: revision 1.1
external/mpl/Makefile: revision 1.5
usr.sbin/certctl/certctl.8: revision 1.2
external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_2009.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Baltimore_CyberTrust_Root.pem: revision 1.1
usr.sbin/certctl/certs.conf: revision 1.1
external/mpl/mozilla-certdata/share/certs/LAWtrust_Root_CA2_4096.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GA_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certainly_Root_E1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_E46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem: revision 1.1

certctl(8): New tool for managing OpenSSL CA certificates.
Same command-line syntax as FreeBSD, clearer semantics about which
parts are config and which parts are cache.

mozilla-certdata: Record in doc/3RDPARTY.

mozilla-certdata: Makefile infrastructure.

mozilla-certdata: regen
(actually, just `gen', this first time)

mozilla-certdata: Connect it up to the build.

postinstall(8): Add opensslcerts item to regen /etc/openssl/certs.

Works only with destdir /, since it relies on running openssl(1),
which is not available as a tool or required in the cross-build
environment.

certctl(8): Add xfail test for missing certs.conf.

Command should fail, i.e., exit with nonzero status, but it exits
with zero instead.
certctl(8): Exit nonzero on missing certs.conf.
certctl(8): Test prepopulated /etc/openssl/certs.

This is the scenario when you have previously populated
/etc/openssl/certs manually, or with a package like mozilla-rootcerts
or mozilla-rootcerts-openssl, and you update to a version of NetBSD
with certctl(8).  In this case, certctl(8) should avoid destroying
your work.

While here, also test some related but less likely edge cases:
- nonexistent
- symlink
- regular file

certctl(8): Avoid clobbering prepopulated /etc/openssl/certs.

Also avoid clobbering some other edge cases like symlinks or
non-directories there.

This way, we have the following transitions on system updates:
- If /etc/openssl/certs is empty (as in default NetBSD<10 installs):
  quietly populated on rehash.
- If /etc/openssl/certs is nonempty (you've added things to it,
  e.g. by hand or with mozilla-rootcerts) and has never been managed
  by certctl(8): left alone on rehash, with an error message to
  explain what you need to do.
- If /etc/openssl/certs has been managed by certctl(8): quietly
  updated on rehash.

Note: This means current installations made since certctl(8) was
added will be treated like /etc/openssl/certs is nonempty and has
never been managed by certctl(8).  To work around this, you can just
delete /etc/openssl/certs and rerun `certctl rehash'.
postinstall(8): Fail if `certctl rehash' fails.

Not using `set -e' here, evidently (maybe we should), so the separate
return 0 suppressed the error.
distrib/sets/lists: certs.conf belongs in etc, not in base.
Oops.

certctl(8): Set certs.conf 644 and add it to etc/mtree/special.
Now that we have /etc/openssl/certs.conf mentioned here, also
list /etc/openssl.

hier(7): Document /etc/openssl.

certctl(8): Minor man page clarifications.
- Specify exactly what /etc/openssl/certs gets populated with.
- Change HTTPS to TLS.
- Specify the permitted character class in certs.conf.
  (Maybe more conservative than strictly needed; but let's stay on
  the safe side.)

certctl(8): Fix some bugs with evil pathnames.

certctl(8): Fix quoting and whitespace style in evilpath test.

No functional change intended.

etc/mtree/special: Fix spaces/tabs.
No functional change intended.

mozilla-certdata: Install relative symlinks.
Slightly more compact this way, and you can examine them in a destdir
without chrooting.  Not terribly important, but a minor convenience.

certctl(8): Test more evil pathnames.

certctl(8): Install certs.conf in /usr/share/examples too.
This way postinstall(8) can refer to the default one when you've done
an upgrade without etcupdate or similar to pull in new config files
from etc.tgz.

Not great -- we should do this systematically for all config files in
/etc, but this one-off hack is less risky for 10.
postinstall(8): Handle various certs.conf scenarios gracefully.

Tested the following scenarios:
1. fresh install
  empty /etc/openssl/certs
  default /etc/openssl/certs.conf
  - opensslcertsconf
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash
    [x] check: fail -- needs rehash
    [x] fix: pass -- quietly rehash successfully (go to 4)
2. fresh upgrade
  empty /etc/openssl/certs
  no /etc/openssl/certs.conf
  - opensslcertsconf
    [x] check: fail -- complain missing /etc/openssl/certs.conf
    [x] fix: pass -- install default /etc/openssl/certs.conf (go to 1)
  - opensslcertsrehash
    [x] check: fail -- complain missing /etc/openssl/certs.conf
    - [x] fix: fail -- complain missing /etc/openssl/certs.conf
3. upgrade from certctl, changes to certs
  certctl-managed /etc/openssl/certs
  default /etc/openssl/certs.conf
  - opensslcertsconf
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash
    [x] check: fail -- needs rehash
    [x] fix: pass -- quietly rehash successfully (go to 4)
4. upgrade from certctl, no changes to certs
  certctl-managed /etc/openssl/certs
  default /etc/openssl/certs.conf
  - opensslcertsconf
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash
    [x] check: pass
    [x] fix: pass -- quietly rehash successfully (go to 4)
5. upgrade from mozilla-rootcerts
  populated /etc/openssl/certs
  no /etc/openssl/certs.conf
  - opensslcertsconf:
    [x] check: fail -- complain missing /etc/openssl/certs.conf
    [x] fix: pass -- install manual /etc/openssl/certs.conf (go to 7)
  - opensslcertsrehash:
    [x] check: fail -- complain missing /etc/openssl/certs.conf
    [x] fix: fail -- complain missing /etc/openssl/certs.conf
6. upgrade from mozilla-rootcerts with etcupdate naively
  populated /etc/openssl/certs
  default /etc/openssl/certs.conf
  - opensslcertsconf:
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash:
    [x] check: fail -- complain mismatched certs/ and certs.conf
    [x] fix: fail -- complain mismatched certs/ and certs.conf
7. upgrade from mozilla-rootcerts with etcupdate manually
  populated /etc/openssl/certs
  manual /etc/openssl/certs.conf
  - opensslcertsconf:
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash:
    [x] check: pass
    [x] fix: pass -- skip rehash because manual (go to 7)

XXX Someone should draft automatic tests for postinstall.  It has a
very good track record, but it sure would be nice to automate this
testing rather than redo it each time I make a tiny change.

(martin)

sqlite3 changes

(christos)

new sqlite3

(christos)

merge conflicts between 3.26.0 and 3.34.0

(christos)

Pull up following revision(s) (requested by riastradh in ticket #342):

sys/kern/subr_workqueue.c: revision 1.42
sys/kern/subr_workqueue.c: revision 1.43
sys/kern/subr_workqueue.c: revision 1.44
sys/kern/subr_workqueue.c: revision 1.45
sys/kern/subr_workqueue.c: revision 1.46
tests/rump/kernspace/workqueue.c: revision 1.7
sys/kern/subr_workqueue.c: revision 1.47
tests/rump/kernspace/workqueue.c: revision 1.8
tests/rump/kernspace/workqueue.c: revision 1.9
tests/rump/rumpkern/t_workqueue.c: revision 1.3
tests/rump/rumpkern/t_workqueue.c: revision 1.4
tests/rump/kernspace/kernspace.h: revision 1.9
tests/rump/rumpkern/Makefile: revision 1.20

tests/rump/rumpkern: Use PROGDPLIBS, not explicit -L/-l.

This way we relink the t_* test programs whenever changes under
tests/rump/kernspace change libkernspace.a.

workqueue(9) tests: Nix trailing whitespace.

workqueue(9) tests: Destroy struct work immediately on entry.

workqueue(9) tests: Add test for PR kern/57574.

workqueue(9): Avoid touching running work items in workqueue_wait.

As soon as the workqueue function has called, it is forbidden to
touch the struct work passed to it -- the function might free or
reuse the data structure it is embedded in.

So workqueue_wait is forbidden to search the queue for the batch of
running work items.  Instead, use a generation number which is odd
while the thread is processing a batch of work and even when not.

There's still a small optimization available with the struct work
pointer to wait for: if we find the work item in one of the per-CPU
_pending_ queues, then after we wait for a batch of work to complete
on that CPU, we don't need to wait for work on any other CPUs.
PR kern/57574

workqueue(9): Sprinkle dtrace probes for workqueue_wait edge cases.

Let's make it easy to find out whether these are hit.

workqueue(9): Stop violating queue(3) internals.

workqueue(9): Avoid unnecessary mutex_exit/enter cycle each loop.

workqueue(9): Sort includes.
No functional change intended.

workqueue(9): Factor out wq->wq_flags & WQ_FPU in workqueue_worker.
No functional change intended.  Makes it clearer that s is
initialized when used.

(martin)

Actually apply a cherry picked version of

sys/arch/xen/xen/xbd_xenbus.c rev 1.130

xbd(4): Membar audit.

After consuming slots, must issue xen_wmb before notifying the other
side that we've consumed them in RING_FINAL_CHECK_FOR_RESPONSES.

Part of ticket #268 (and already noted in that CHANGES-10 entry, but
somehow lost during pullup)

(martin)

fix printf format specifiers for ews4800mips BUS_DMA_DEBUG build option.

(andvar)

Remove some entries. Those were pulled up to netbsd-10.

(msaitoh)

Whitespace nit.

(simonb)

build.sh: add support for git worktree

Git supports multiple working trees attached to the same repository,
with the git-worktree(1) subcommand.

When building from a Git working tree, the repository metadata in .git
from the top source directory is a file (containing the actual location
of the metadata) instead of the usual directory structure. With this
change, build.sh allows .git to be a directory or a regular file
instead, therefore letting the sources build as expected from a Git
working tree.

To test: (without this patch)

    src$ git worktree add ../src-clean-tree
    [...]
    src$ (cd ../src-clean-tree && ./build.sh tools)
    [...]
    ERROR: Cannot determine VCS for '.../src-clean-tree/'

XXX: pullup-10 pullup-9

(khorben)

remove duplicate "(unsigned *) &atmp" argument passed to dbl_to_sgl_fcnvfxt().

fixes build with TIMEX option enabled for hppa.

(andvar)

avoid array-bounds issues by using more complete types.

also, don't cast to a type that includes an extra, unused, member.

while here, replace the hard coded offsets in setjmp.S and some
asserts in longjmp.c with assym.h and shared structures for all
the movings parts, and asserts based upon those structures.

avoids GCC 12 warnings.

(mrg)

remove (db_addr_t) cast in hppa PC_REGS(regs) definition.
rename tf_hptm to tf_cr24 in kgdb_hppa.c.
This name was lost from trapframe (frame.h) in v1.8 and restored as tf_cr24 in v1.12.

Fixes KGDB enabled build for hppa.

(andvar)

config(5): enable NTP option implicitly when PPS_SYNC option is enabled.

PPS_SYNC requires NTP, but some code blocks are ifdef'ed without it,
thus allowing an attempt to build kernel with PPS_SYNC, and without NTP
(and it almost builds with one line change).

Update options(4) man page to reflect the change.

Solution suggested by riastradh.

(andvar)

remap generated ubsan filename string labels. fixes reproducible builds.
reported by wiz@

(christos)

remap generated ubsan filename string labels. fixes reproducible builds.
reported by wiz@

(christos)

postinstall(8): Handle various certs.conf scenarios gracefully.

Tested the following scenarios:

1. fresh install
  empty /etc/openssl/certs
  default /etc/openssl/certs.conf
  - opensslcertsconf
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash
    [x] check: fail -- needs rehash
    [x] fix: pass -- quietly rehash successfully (go to 4)

2. fresh upgrade
  empty /etc/openssl/certs
  no /etc/openssl/certs.conf
  - opensslcertsconf
    [x] check: fail -- complain missing /etc/openssl/certs.conf
    [x] fix: pass -- install default /etc/openssl/certs.conf (go to 1)
  - opensslcertsrehash
    [x] check: fail -- complain missing /etc/openssl/certs.conf
    - [x] fix: fail -- complain missing /etc/openssl/certs.conf

3. upgrade from certctl, changes to certs
  certctl-managed /etc/openssl/certs
  default /etc/openssl/certs.conf
  - opensslcertsconf
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash
    [x] check: fail -- needs rehash
    [x] fix: pass -- quietly rehash successfully (go to 4)

4. upgrade from certctl, no changes to certs
  certctl-managed /etc/openssl/certs
  default /etc/openssl/certs.conf
  - opensslcertsconf
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash
    [x] check: pass
    [x] fix: pass -- quietly rehash successfully (go to 4)

5. upgrade from mozilla-rootcerts
  populated /etc/openssl/certs
  no /etc/openssl/certs.conf
  - opensslcertsconf:
    [x] check: fail -- complain missing /etc/openssl/certs.conf
    [x] fix: pass -- install manual /etc/openssl/certs.conf (go to 7)
  - opensslcertsrehash:
    [x] check: fail -- complain missing /etc/openssl/certs.conf
    [x] fix: fail -- complain missing /etc/openssl/certs.conf

6. upgrade from mozilla-rootcerts with etcupdate naively
  populated /etc/openssl/certs
  default /etc/openssl/certs.conf
  - opensslcertsconf:
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash:
    [x] check: fail -- complain mismatched certs/ and certs.conf
    [x] fix: fail -- complain mismatched certs/ and certs.conf

7. upgrade from mozilla-rootcerts with etcupdate manually
  populated /etc/openssl/certs
  manual /etc/openssl/certs.conf
  - opensslcertsconf:
    [x] check: pass
    [x] fix: pass -- nothing
  - opensslcertsrehash:
    [x] check: pass
    [x] fix: pass -- skip rehash because manual (go to 7)

XXX Someone should draft automatic tests for postinstall.  It has a
very good track record, but it sure would be nice to automate this
testing rather than redo it each time I make a tiny change.

(riastradh)

certctl(8): Install certs.conf in /usr/share/examples too.

This way postinstall(8) can refer to the default one when you've done
an upgrade without etcupdate or similar to pull in new config files
from etc.tgz.

Not great -- we should do this systematically for all config files in
/etc, but this one-off hack is less risky for 10.

(riastradh)

bcm2835_spi: guard against too large clock divider and clamp if necessary

(tnn)

Fix and enable MULTIPROCESSOR

(skrll)

remove (db_addr_t) cast in sh3 PC_REGS(regs) definition.

Fixes KGDB build option for SH3/4 code.

(andvar)

redo previous: use same variable type for the interator as the comparison

(mrg)

fix SPARC v8/v9 detection code.

this code uses a trick where the encoding on both v8 and v9 are
the same, and are not illegal instructions, but that the v9 one
has a detectable difference than v8.

the idea is that we perform a "subcc" (set condition codes) which
sets "%ccr" on v9, which is an unimplemented "%asr2" on v8, then
we read %ccr (v9) or %asr2 (v8), which will always be 0x99 on v9,
and .. is non-trapping but impleentation defined on v8.

for many implementations this returns the value of the %y reg.

as nothing actually sets %y in this path, it remains the value it
was most recently set to by something (anything), and if it just
happens to be 0x99 then the v9 paths will be taken on v8.

fix this by clearing the %y register before the potential read.

fixes PR port-sparc/57594.  tested on ss20 and in qemu.  this
version of the patch has been submitted upstream.

XXX: pullup-10, pullup-9, pullup-8.

(mrg)

Update build instructions for Solaris 10 hosts

(palle)

heartbeat(9): Move #ifdef HEARTBEAT to sys/heartbeat.h.

Less error-prone this way, and the callers are less cluttered.

(riastradh)

heartbeat(9): Move panicstr check into the IPI itself.

We can't return early from defibrillate because the IPI may have yet
to run -- we can't return until the other CPU is definitely done
using the ipi_msg_t we created on the stack.

We should avoid calling panic again on the patient CPU in case it was
already in the middle of a panic, so that we don't re-enter panic
while, e.g., trying to print a stack trace.

Sprinkle some comments.

(riastradh)

heartbeat(9): More detail about manual test success criteria.

Changes comments only, no functional change.

(riastradh)

heartbeat(9): Ignore stale tc if primary CPU heartbeat is suspended.

The timecounter ticks only on the primary CPU, so of course it will
go stale if it's suspended.

(It is, perhaps, a mistake that it only ticks on the primary CPU,
even if the primary CPU is offlined or in a polled-input console
loop, but that's a separate issue.)

(riastradh)

cons(9): Suspend heartbeat checks while in polled-input mode.

This goes into a tight loop at high IPL, so it is to be expected that
the heartbeats will stop happening.

Should fix heartbeat panics at root device prompt on boot.

(riastradh)

cons(9): Sort includes.

No functional change intended.

(riastradh)

heartbeat(9): New flag SPCF_HEARTBEATSUSPENDED.

This way we can suspend heartbeats on a single CPU while the console
is in polling mode, not just when the CPU is offlined.  This should
be rare, so it's not _convenient_, but it should enable us to fix
polling-mode console input when the hardclock timer is still running
on other CPUs.

(riastradh)

cpu_setstate: Fix call to heartbeat_suspend.

Do this on successful offlining, not on failed offlining.

No functional change right now because heartbeat_suspend is
implemented as a noop -- heartbeat(9) will just check the
SPCF_OFFLINE flag.  But if we change it to not be a noop, well, then
we need to call it in the right place.

(riastradh)

ukbd(4): Sort includes.

No functional change intended.

(riastradh)

ukbd(4): Fix ordering in ukbd_cnpollc exit.

This is probably an MP-safety issue waiting to happen, but let's at
least make the wind and unwind sequences mirror images.

(riastradh)

certctl(8): Fix quoting and whitespace style in evilpath test.

No functional change intended.

(riastradh)

certctl(8): Fix some bugs with evil pathnames.

(riastradh)

certctl(8): Test more evil pathnames.

(riastradh)

certctl(8): Minor man page clarifications.

- Specify exactly what /etc/openssl/certs gets populated with.
- Change HTTPS to TLS.
- Specify the permitted character class in certs.conf.
  (Maybe more conservative than strictly needed; but let's stay on
  the safe side.)

(riastradh)

hier(7): Document /etc/openssl.

(riastradh)

mozilla-certdata: Install relative symlinks.

Slightly more compact this way, and you can examine them in a destdir
without chrooting.  Not terribly important, but a minor convenience.

(riastradh)

etc/mtree/special: Fix spaces/tabs.

No functional change intended.

(riastradh)

Ticket #341

(martin)

Pull up following revision(s) (requested by andvar in ticket #341):

sys/arch/newsmips/apbus/if_sn.c: revision 1.53

newsmips: fix build with SNDEBUG option enabled.

It was broken since rev 1.21 24 years ago, and got more broken code later on:
remove leftover device_xname(sc->sc_dev) param from aprint_debug_dev
in one block.
fix wrong method name devoce_xname to device_xname in second block.
rename et to eh for consistency, and define it (definition was removed
in the past).
while here, improve the code with riastradh help to make it safer.

(martin)

ftpd: improve seteuid error handling

Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.

(lukem)

bsd.own.mk: sort the CC_WNO variables

(lukem)

Be clear about hart vs cpu. NFCI.

(skrll)

Simplify plic_fdt_intr_disestablish by calling plic_intr_disestablish

(skrll)

Fix a comment and enable RISC-V ddb mach commands

(skrll)

newsmips/sn(4): rename SONIC_DEBUG to SNDEBUG for consistency.

nix this option from i386/amd64 ALL configs, it isn't used anywhere anymore.

(andvar)

sparc64: fix interrupt level mapping for disk and and parallel devices
on SBUS-based machines
Change the mapping from PIL_SCSI to PIL_BIO, so that they interrupt above
the highest soft interrupt (softserial)
Remove unused PIL_SCSI, PIL_FDSOFT, PIL_AUSOFT and fix the printf in fdc.c
Add "socal" and "SUNW,bpp" to the interrupt map.

(jdc)

correct OpenSSH

(christos)

new acpica

(christos)

merge conflicts between 20230628 and 20221020

(christos)

Trailing whitespace.

(skrll)

fix typos in comments, mainly s/innner/inner/.

(andvar)

s/unnmapped/unmapped/ in comment.

(andvar)

s/unnsupported/unsupported/ in message.

(andvar)

fix typo in the type krandsource_t -> krndsource_t.

fixes RND_COM enabled build for epoc32.

(andvar)

fix format specifiers for emips PHYSMEMDEBUG build option.

(andvar)

At the request of bad@ enhance the synopsis of the set built-in
command to include explicit mention of the -o opt and +o opt forms.

Fix the synopsis to have the 4 forms that the description of the
utility discusses, rather than expecting users to understand that
the 3rd and 4th forms of the command were combined into the 3rd
synopsis format.  After doing that, the options in the 3rd format
no longer need to be optional, so now all 4 formats are distinct
(previously, the third, omitting everything that was optional, and
the first, could not be distinguished).

While here, some wording and formatting "improvements" as well (nothing
too serious).

(kre)

Enable rkv1crypto on nanopi-r2s

Follow the example of rock64. Tested by myself.

(gutteridge)

use unsigned for iterator, fixes -Wsigned-comapre issue in module build.

(mrg)

Re-enable the fan.

(rjs)

- cast GETNEXT to unsigned where it is being promoted to int to prevent
  sign-extension (really it would have been better for PEEK*() and GETNEXT()
  to return unsigned char; this would have removed a ton of (uch) casts, but
  it is too intrusive for now).
- fix an isalpha that should have been iswalpha

(christos)

s/Piccalo/Piccolo/ in device description.

(andvar)