doc/HACKS: Document PR port-alpha/57511

(rin)

PR port-alpha/57511 Temporally disable secure PLT for alpha
until support is added to ld.elf_so(1).

(rin)

Fix locking error when setting the multicast filter to accept all
multicast frames, pointed out by Lwazi Dube.

(martin)

virtio(4): Fix byte order of DMA data for armeb in the same manner as
aarch64eb.

Fix comments to explain what is going on for {arm,aarch64}eb on QEMU.
This is not due to QEMU bugs; it correctly configures everything for
little-endian environment, and we forcibly change byte order only for
CPU cores during kernel bootstrap.

(rin)

Remove extra whitespace inserted during merge. No binary changes.

(rin)

Remove duplicate OpenBSD RCSID.

(rin)

lint: only skip 'unused' warnings after errors, not other warnings

Previously, in -w mode, any warning suppressed further 'unused'
warnings, even though there was no need to do that.  This can be seen in
the test gcc_attribute_var.c, where only the last unused variable from a
function was marked as unused, the others slipped through.

Fixed by counting the errors and the warnings separately and only
combining them if actually desired.

(rillig)

tprof(8): Add support for Skylake-X and Cascade Lake.

(msaitoh)

Modify comment. No functional change.

(msaitoh)

select(2), poll(2): Clarify return values.

(riastradh)

tests/lint: test all combinations of {func,obj}_{decl,def}

For a non-static function definition that is not declared in a header,
lint doesn't currently warn.  The previous test didn't notice this.

(rillig)

tests/lint: merge duplicate tests for C11 _Atomic

(rillig)

+CAC - cryptographic access control

(jschauma)

t_sig_backtrace: Flush stdout before writing to STDOUT_FILENO.

Avoids confusing ordering of output.

(riastradh)

lint: add type safety for accessing properties of basic types

No functional change.

(rillig)

tests/lint: ensure consistent preprocessor filenames in tests

The deviations often happen when copying or renaming tests.

(rillig)

Add Alder Lake-N.

(msaitoh)

bsdmalloc(3): fix malloc() signature

(uwe)

tests/libexec/ld.elf_so: Fix helper library makefiles.

1. Consolidate logic into a single helper.mk to reduce duplication.
2. Set NO* variables, not MK* variables which are reserved for user.
3. Avoid eager X!= in favour of lazy ${X:sh}.
4. Mark _g.a set list entries obsolete.  Never should've been built!

PR misc/57462

(riastradh)

libbsdmalloc: Use a multiply-overflow that clang supports too.

XXX pullup-10

(riastradh)

BUILDING: wording tweaks

(lukem)

mk.conf(5): document rump variables

Update mk.conf(5) with the rump variables from
- lib/librumpuser/README.compileopts
- sys/rump/README.compileopts

Add cross-references back to mk.conf(5) in those files.

Ensure that the Default: is listed last in a description,
for consistency with the convention in this file.

(lukem)

Update build instruction for Solaris 11.4 hosts

(palle)

Ticket #1849

(martin)

Pull up following revision(s) (requested by riastradh in ticket #1849):

lib/libc/dlfcn/dlfcn_elf.c: revision 1.17

libc: Fix missing membar_consumer in dl_iterate_phdr.

Pairs with the existing membar_producer.

(martin)

Ticket #1662

(martin)

Pull up following revision(s) (requested by riastradh in ticket #1662):

lib/libc/dlfcn/dlfcn_elf.c: revision 1.17

libc: Fix missing membar_consumer in dl_iterate_phdr.

Pairs with the existing membar_producer.

(martin)

Tickets #224 and #225

(martin)

Pull up following revision(s) (requested by riastradh in ticket #225):

lib/libc/dlfcn/dlfcn_elf.c: revision 1.17

libc: Fix missing membar_consumer in dl_iterate_phdr.

Pairs with the existing membar_producer.

(martin)

Pull up following revision(s) (requested by abs in ticket #224):

sys/dev/wscons/wsdisplay_vconsvar.h: revision 1.34
sys/dev/wscons/wsdisplay_glyphcachevar.h: revision 1.6
sys/arch/sparc/dev/cgfourteen.c: revision 1.94
sys/arch/sparc/dev/cgfourteen.c: revision 1.95
sys/dev/sbus/mgx.c: revision 1.21
sys/dev/sbus/mgx.c: revision 1.22
sys/dev/sbus/mgx.c: revision 1.23
sys/dev/wscons/wsdisplay_vcons.c: revision 1.65
sys/dev/wscons/wsdisplay_vcons.c: revision 1.66
sys/dev/wscons/wsdisplay_glyphcache.c: revision 1.12
sys/arch/sparc/dev/sxvar.h: revision 1.5
sys/arch/sparc/dev/sx.c: revision 1.6
sys/arch/sparc/dev/sx.c: revision 1.7

make vcons_putchar_buffer() return a flag indicating if anything actually
changed, skip the actual drawing op if nothing did

add flags for drivers to requesr R2L bit/byte-ordered fonts, default to
L2R, chack them in vcons_load_font() instead of just trusting that we'd get
what we need

initialize the diagnostic register with the value suggested by the SunOS
header. This sets a bunch of undocumented bits and yields a 10% speed increase
when rendering antialiased text.

use macros compatible with xf86-video-suncg14 to issue SX instructions
much more readable, alignment weirdness is handled automatically and code is
interchangable

allow drivers to specify horizontal alignment of glyph cache cells
for things like SX which have alignment restrictions

add counter to periodically drain the instruction queue in order to avoid
stalling the MBus during long SX operations

adapted from xf86-video-suncg14
- use sx_wait() to avoid stalling the MBus
- request 32bit alignment for glyphcache cells

wait for the engine to go idle before issuing rectfill commands
we get occasional overlap with blit commands if we just wait for fifo slots
needs further investigation, it is possible that not all writes to drawing
engine registers are pipelined and of course we don't have docs

following a hunch...
- cache DEC and FG registers, only write them if the value actually changes
- wait for the engine to go idle before writing DEC
- wait for FIFO slots on everything else
with this we avoid waiting if possible and still avoid overlapping blit and
fill commands

(martin)

t_posix_memalign: Simplify.

No functional change intended.

(riastradh)

libbsdmalloc: Make aligned_alloc(A, S) actually align when A > S.

XXX pullup-10

(riastradh)

Fix sysctl invocation testing for missing entropy.

(martin)

Ticket #1661

(martin)

Pull up following revision(s) (requested by wiz in ticket #1661):

external/bsd/mdocml/dist/st.c: revision 1.2

Really add -isoC-2018 (not just the docs).

(martin)

t_posix_memalign: Fix this to reflect restriction lifted in C17.

(riastradh)

tests/lint: spell platform identifiers for 'long double' consistently

The test file names don't have a hyphen, so the identifiers shouldn't
have one either.

(rillig)

tests/lint: add platform-specific tests for troublesome pointer casts

(rillig)

Revert "fsck_ffs(8): Ensure A divides S before aligned_alloc(A, S)."

C17 lifted this restriction.

(riastradh)

Revert "newfs(8): Ensure A divides S before aligned_alloc(A, S)."

C17 lifted this restriction.

(riastradh)

Revert "nvmectl(8): Ensure A divides S before aligned_alloc(A, S)."

C17 lifted this restriction.

(riastradh)

libbsdmalloc: Lift C11 divisibility restriction on aligned_alloc.

Restriction was lifted in C17.

XXX pullup-10

(riastradh)

Revert "jemalloc: Enforce alignment-must-divide-size rule of aligned_alloc."

Apparently this restriction was lifted in C17, and this was even
documented in a part of the man page I didn't notice because I got
stuck at the incomplete sentence `The aligned_alloc function conforms
to.'.  Sorry for the noise, folks.

(riastradh)

Updates for ctwm-4.1.0

(nia)

Merge ctwm-4.1.0

(nia)

bsdmalloc.3: fix typos in function parameters

(rillig)

CPU model 0x5a is not Atom E3500 but Atom Z3500.

(msaitoh)

libbsdmalloc: Fix build with DEBUG.

Nix __P while here.

XXX pullup-10

(riastradh)

Install a copy of dhcpcd.conf under /usr/share/examples

Addresses PR bin/57487 from Taylor R Campbell.

(gutteridge)

mdoc.local: fix libbsdmalloc string name

(uwe)

fsck_ffs(8): Fix whitespace issues.

- Nix trailing whitespace.
- Omit excessive blank lines.
- Insert missing blank lines between $NetBSD$ and copyright.

No functional change intended.

(riastradh)

nvmectl(8): Ensure A divides S before aligned_alloc(A, S).

Required by C11 Sec. 7.22.3.1 The aligned_alloc function, para. 2,
p. 348:

  The value of alignment shall be a valid alignment supported by the
  implementation and the value of size shall be an integral multiple
  of alignment.

XXX pullup-10

(riastradh)

newfs(8): Ensure A divides S before aligned_alloc(A, S).

Required by C11 Sec. 7.22.3.1 The aligned_alloc function, para. 2,
p. 348:

  The value of alignment shall be a valid alignment supported by the
  implementation and the value of size shall be an integral multiple
  of alignment.

XXX pullup-10

(riastradh)

fsck_ffs(8): Ensure A divides S before aligned_alloc(A, S).

Required by C11 Sec. 7.22.3.1 The aligned_alloc function, para. 2,
p. 348:

  The value of alignment shall be a valid alignment supported by the
  implementation and the value of size shall be an integral multiple
  of alignment.

XXX pullup-10

(riastradh)

libc: Fix missing membar_consumer in dl_iterate_phdr.

Pairs with the existing membar_producer.

XXX pullup-8
XXX pullup-9
XXX pullup-10

(riastradh)

libbsdmalloc: Nix K&R definitions.  Bump WARNS to 3.

(riastradh)

libbsdmalloc: New man page.

XXX pullup-10

(riastradh)

libbsdmalloc: Bump shlib minor.

New symbols, new minor.

XXX pullup-10

(riastradh)

libbsdmalloc: Nix trailing whitespace.

No functional change intended.

XXX pullup-10

(riastradh)

libbsdmalloc: Provide all allocator front ends and fork hooks.

Front ends:

- aligned_alloc
- calloc
- posix_memalign

Fork hooks:

- _malloc_prefork
- _malloc_postfork
- _malloc_postfork_child

Otherwise these will pull in the jemalloc definitions from libc,
which (a) defeats the purpose, and (b) won't work correctly with
fork and threads.

Thanks to kre@ and the thread on tech-userlevel for pointing me in
the right direction to making this actually work to override
jemalloc:

https://mail-index.netbsd.org/tech-userlevel/2023/06/30/msg013957.html

Note: libbsdmalloc doesn't set errno=ENOMEM on malloc failure, but
these front ends do (even aligned_alloc, which is from C11, which
doesn't define ENOMEM at all, but this pacifies our aligned_alloc
tests in t_posix_memalign.c).  Might want to fix that.

XXX pullup-10

(riastradh)

t_posix_memalign: Expand test cases and properties.

- Test cartesian product of a sampling of sizes and a sampling of
  alignments.

- Verify all the edge cases I could find in posix_memalign and
  aligned_alloc, including failure modes.

- Test an unreasonably large (but aligned) allocation size.

- Use ATF_CHECK_* instead of ATF_REQUIRE_* so all failures will be
  reported, not just the first one.

- While here, build with -fno-builtin-aligned_alloc and with
  -fno-builtin-posix_memalign to make sure the compiler doesn't try
  any shenanigans.

XXX pullup-10

(riastradh)

jemalloc: Enforce alignment-must-divide-size rule of aligned_alloc.

C11, Sec. 7.22.3.1 The aligned_alloc function, paragraph 2, p. 348:

  The value of alignment shall be a valid alignment supported by the
  implementation and the value of size shall be an integral multiple
  of alignment.

posix_memalign does not appear to have any corresponding constraint.

XXX pullup-10

(riastradh)

riscv: Fix (U)INT64_C suffix to match gcc's built-in idea of types.

XXX pullup-10

(riastradh)

tpm(4): Switch tsleep to kpause.

Nothing is interrupt-driven here, so no need for condvars to allow
more prompt wakeups.

(riastradh)

lint: consistently use portable type size in integer constraints

Since tree.c 1.546 from 2023-07-03, lint no longer warned about possible
loss of accuracy when converting from 'long' to 'int' on an ILP32
platform that uses 'unsigned long' for size_t, when run in portable mode
(-p), which is enabled by default in the NetBSD build.

The integer constraints avoid false-positive warnings by looking at the
actual values an expression can take.  The function can_represent is
guarded by a condition that uses the portable_size_in_bits, but then
internally used the opposite size_in_bits, which led to inconsistent
results.

The warning looks confusing though, as on an ILP32 platform, 'int' and
'long' have the same size and representation, therefore there cannot be
an actual loss of accuracy.  The warning may need to be reworded to
explicitly mention the portability mode, in which sizeof(int) is assumed
to be 3 instead of 4, to catch possible loss of accuracy on other
platforms.

(rillig)

PR/57500: Palle Lyckegaard: include missing tools/compat/regex.h for
__{BEGIN,END}_DECLS.

(christos)

Enable MEMORY_DISK_DYNAMIC & co. to match std.generic64

Allows loading of ramdisk.fs via u-boot initrd (to run sysinst)

(jakllsch)

tests/lint: move platform-specific query tests to separate files

This fixes the tests on 'unsigned char' platforms.

Thanks martin@ for the notification.

(rillig)

lint: sync usage messages with reality

(rillig)

lint: invert the -u, -v and -z flags

Now they behave the same as in the manual page.

No functional change.

(rillig)

lint: remove redundant comments for command line flags

(rillig)

Ticket #223

(martin)

Pull up following revision(s) (requested by hgutch in ticket #223):

tools/llvm-lib/libLLVMSupport/Makefile: revision 1.2
external/apache2/llvm/autoconf/include/llvm/Config/config.h.in: revision 1.3

Fix LLVM build with host gcc 13

Building LLVM with a host gcc 13 fails and suggests including <cstdint>
in external/apache2/llvm/dist/llvm/include/llvm/Support/Signals.h .

Instead of this, joerg@ suggested not modifying the llvm vendor branch
but instead working around this in our LLVM build infrastructure.

(martin)

tests/lint: clean up tests for C99 bool

(rillig)

lint: fix C11 mode to not allow C23 features (since yesterday)

(rillig)

lint: clean up redundant casts

(rillig)

lint: rename uppercase QUAD to LLONG

No binary change.

(rillig)

dri.old: disable lint again

(rillig)

tests/lint: add C23 tests

(rillig)

lint: add initial support for C23

Required by xsrc/external/mit/MesaLib.old, brw_eu_validate.c, which
initializes a struct using empty braces: 'return (struct string){};'.

(rillig)

lint: allow empty statements in GCC statement expressions

(rillig)

tests/lint: demonstrate empty statement in GCC statement expression

Seen in external/mit/xorg/lib/dri.old.

(rillig)

lint: eliminate redundant conditions

(rillig)

lint: clean up variable names relating to structure padding

(rillig)

lint: rename 'quad' to 'signed int' or 'unsigned int'

No functional change.

(rillig)

lint: use unsigned int for struct alignment

This gets rid of 'unsigned short', which saved a few bytes of memory but
was inconvenient to deal with.

No functional change.

(rillig)

getrandom(2): Reduce editorializing tone in man page.

XXX pullup-10

(riastradh)

Fix typo in comment.

(nia)

lint: extend debug logging for declaration levels

Indent the debug logging according to the declaration level.

Since there are a few cases where the enclosing declaration levels are
modified, log the whole declaration level stack whenever a level begins
or ends.

(rillig)

Fix HTTPS through Proxy.

While a regular HTTP Proxy, requires the absolute URL with protocol
and host part, yyou must only send the relative URL through a
CONNECT tunnel (you are talking to the target server).

(mlelstv)

lint: initialize unnamed member like an unnamed bit-field

See set_bit_field_width.

(rillig)

lint: clean up variable names

(rillig)

libc/shlib_version: note that *rand48* should be punted to libcompat

(dholland)

tests/lint: rework tests for type names

(rillig)

dri.old: only disable lint for a single file

(rillig)

regen

(nia)

Add Realtek ALC671 to hdaudiodevs, seen on Fujitsu Futro S720 thin client

(nia)

Don't call UP script when an IP address becomes deprecated.

(mlelstv)

tetris(6): Support the informal standard of allowing setting NO_COLOR
in the environment to disable the use of color. (no-color.org)

(nia)

Use ENVIRONMENT section

(nia)

lint: constify, reduce indentation

No functional change.

(rillig)

lint: clean up comments in lint1.h

(rillig)

lint: clean up duplicate and dead code for integer constants

No functional change.

(rillig)

doc/CHANGES: fix typos

(rillig)

lint: clean up typos

(rillig)

tests/make: show how to use indirect conditions in the '?:' modifier

(rillig)

Fix build when KERNHIST defined, but not UVMHIST

(skrll)

jemalloc: enable lint again, it is no longer broken

Since today, lint handles unnamed struct/union correctly.

(rillig)

lint: fix initialization of unnamed union member

(rillig)

audioplay.1: fix sentence punctuation

(gutteridge)

tests/lint: test initializing an unnamed union

(rillig)

getentropy(3): use .Sx to xref CAVEATS

(uwe)

new OpenPAM.

(christos)

merge openpam ximenia

(christos)

getrandom(2), getentropy(3): Rework man pages.

Make supportable promises.  Omit needless verbiage.  Give caveats
with cross-references to entropy(7).  Emphasize that security is
necessarily relative to system configuration.

XXX pullup-10

(riastradh)

rc.conf(5): Set entropy=wait by default.

We no longer block indefinitely -- if nothing else, the hardclock
timer should yield enough samples to unblock /dev/random on all but
the most severely deterministic machines -- so it should be generally
safe for availability to set entropy=wait.

This doesn't guarantee that HWRNG/seed has been provided before you
run ssh-keygen or call getentropy(3) in a user application, but it
does raise the security above netbsd<=9.

PR security/55659
PR lib/56905

XXX pullup-10

(riastradh)

security(5): Check kern.entropy.needed for confident entropy.

Don't test whether a non-blocking read from /dev/random would return
data.

For the sake of availability, /dev/random will unblock based on sources
like timer interrupts, which we can't confidently assert anything about
the actual unpredictability of.

Here, the goal is to highlight systems that have neither obtained
entropy from an HWRNG with a confident entropy assessment, nor been
seeded from a source the operator knows about.

XXX pullup-10

(riastradh)

entropy(9): Reintroduce netbsd<=9 time-delta estimator for unblocking.

The system will (in a subsequent change) by default block for this
condition before almost all of userland is running (including
/etc/rc.d/sshd key generation).  That way, a never-blocking
getentropy(3) API will never return any data without at least
best-effort entropy like netbsd<=9 did to applications except in
single-user mode (where you have to be careful about everything
anyway) or in the few processes that run before a seed can even be
loaded (where blocking indefinitely, e.g. when generating a stack
protector cookie in libc, could pose a severe availability problem
that can't be configured away, but where the security impact is low).

However, (in another subsequent change) we will continue to use
_only_ HWRNG driver estimates and seed estimates, and _not_
time-delta estimator, for _warning_ about security in motd, daily
security report, etc.  And if HWRNG/seed provides enough entropy
before time-delta estimator does, that will unblock /dev/random too.

The result is:

- Machines with HWRNG or seed won't warn about entropy and will
  essentially never block -- even on first boot without a seed, it
  will take only as long as the fastest HWRNG to unblock.

- Machines with neither HWRNG nor seed:
  . will warn about entropy, giving feedback about security;
    and
  . will avoid returning anything more predictable than netbsd<=9;
    but
  . won't block (much) longer than netbsd<=9 would (and won't block
    again after blocking once, except with kern.entropy.depletion=1 for
    testing).

  (The threshold for unblocking is now somewhat higher than before:
  512 samples that pass the time-delta estimator, rather than 80 as
  it used to be.)

  And, of course, adding a seed (or HWRNG) will prevent both warnings
  and blocking.

The mechanism is:

1. /dev/random will block until _either_

  (a) enough bits of entropy (256) from reliable sources have been
      added to the pool, _or_

  (b) enough samples have been added from any sources (512), passing
      the old time-delta entropy estimator, that the possible
      security benefit doesn't justify holding up availability any
      longer (`best effort'), except on systems with higher security
      requirements like securelevel=2 which can disable non-HWRNG,
      non-seed sources with rndctl_flags in rc.conf(5).

2. dmesg will report `entropy: ready' when 1(a) is satisfied, but if
  1(b) is satisfied first, it will report `entropy: best effort', so
  the concise log messages will reflect the timing and whether in
  any period of time any of the system might be relying on best
  effort entropy.

3. The sysctl knob kern.entropy.needed (and the ioctl RNDGETPOOLSTAT
  variable rndpoolstat_t::added) still reflects the number of bits
  of entropy from reliable sources, so we can still use this to
  suggest regenerating ssh keys.

  This matters on platforms that can only be reached, after flashing
  an installation image, by sshing in over a (private) network, like
  small network appliances or remote virtual machines without
  (interactive) serial consoles.  If we blocked indefinitely at boot
  when generating ssh keys, such platforms would be unusable.  This
  way, platforms are usable, but operators can still be advised at
  login time to regenerate keys as soon as they can actually load
  entropy onto the system, e.g. with rndctl(8) on a seed file copied
  from a local machine over the (private) network.

4. On machines without HWRNG, using a seed file still suppresses
  warnings for users who need more confident security.  But it is no
  longer necessary for availability.

This is a compromise between availability and security:

- The security mechanism of blocking indefinitely on machines without
  HWRNG hurts availability too much, as painful experience over the
  multiple years since I made the mistake of introducing it have
  shown.  (Sorry!)

- The other main alternative, not having a blocking path at all (as I
  pushed for, and as OpenBSD has done for a long time) could
  potentially reduce security vs netbsd<=9, and would run against the
  expectations set by many popular operating systems to the severe
  detriment of public perception of NetBSD security.

Even though we can't _confidently_ assess enough entropy from, e.g.,
sampling interrupt timings, this is the traditional behaviour that
most operating systems provide -- and the result here is a net
nondecrease in security over netbsd<=9, because all paths from the
entropy pool to userland now have at least as high a standard before
returning data as they did in netbsd<=9.

PR kern/55641
PR pkg/55847
PR kern/57185
https://mail-index.netbsd.org/current-users/2020/09/02/msg039470.html
https://mail-index.netbsd.org/current-users/2020/11/21/msg039931.html
https://mail-index.netbsd.org/current-users/2020/12/05/msg040019.html

XXX pullup-10

(riastradh)

lint: clean up names related to declaration levels

The previous prefix 'DK_' (declaration level kind) had a conflict with
the 'DK_' (designator kind) in init.c, so change the prefix to 'DLK_'.
The new name for dinfo_t is decl_level, which is more expressive.

No functional change.

(rillig)

lint: fix handling of unnamed struct/union members

The support for unnamed struct/union members that was added in decl.c
1.60 from 2015-10-13 was simple but wrong. It didn't cover initializers
of these structures and computed wrong sizes for structures containing
anonymous unions. At that time, the handling of initializers was broken
as well, it was fixed 6 years later in init.c 1.229 from 2021-12-22.

Real-life examples for code that lint couldn't handle are:

* external/bsd/jemalloc/dist/src/jemalloc.c
* external/mit/xorg/lib/dri.old/Makefile

(rillig)

lint: replace macro for unique identifiers with function

No functional change.

(rillig)

lint: clean up handling of declarations

No functional change.

(rillig)

ticket #220

(bouyer)

Pull up following revision(s) (requested by martin in ticket #220):
usr.bin/dc/bcode.c: revision 1.4
Make this compile when BIGNUM limbs (BN_ULONG) are not the same
size as "unsigned long" (e.g. in bn(64/32) configurations of openssl).

(bouyer)

Ticket #1658

(martin)

Pull up following revision(s) (requested by manu in ticket #1658):

sys/arch/i386/stand/bootxx/boot1.c: revision 1.22

Primary bootstrap is now able to read a GPT inside RAIDframe.

Previously, primary bootstrap was able to boot on RAID-1 RAIDframe set
with the limitation that the FFS filesystem had to start at bloc 0 in the
RAID. That allowed inner RAID partitionning with a disklabel, but not with
a GPT.

When booting on a RAID-1 RAIDframe, primary bootstrap now first try a
filesystem at bloc 0 of the RAID as before. On failure, it tries to
read a GPT and load secondary bootstrap from, by priority;
1) the first partition with the bootme attribute set
2) the first partition of type FFS, LFS, CCD or CGD
3) the first partition present in the GPT

(martin)

Tickets #221 and #222

(martin)

Pull up following revision(s) (requested by manu in ticket #222):

sys/arch/i386/stand/bootxx/boot1.c: revision 1.22

Primary bootstrap is now able to read a GPT inside RAIDframe.

Previously, primary bootstrap was able to boot on RAID-1 RAIDframe set
with the limitation that the FFS filesystem had to start at bloc 0 in the
RAID. That allowed inner RAID partitionning with a disklabel, but not with
a GPT.

When booting on a RAID-1 RAIDframe, primary bootstrap now first try a
filesystem at bloc 0 of the RAID as before. On failure, it tries to
read a GPT and load secondary bootstrap from, by priority;
1) the first partition with the bootme attribute set
2) the first partition of type FFS, LFS, CCD or CGD
3) the first partition present in the GPT

(martin)

Pull up following revision(s) (requested by riastradh in ticket #221):

external/cddl/osnet/dist/tools/ctf/cvt/ctfmerge.c: revision 1.18
external/cddl/osnet/sys/sys/opentypes.h: revision 1.7
tools/compat/configure: revision 1.100
external/cddl/osnet/dist/tools/ctf/cvt/barrier.c: revision 1.6
external/cddl/osnet/dist/tools/ctf/cvt/barrier.h: revision 1.4
external/cddl/osnet/dist/tools/ctf/cvt/barrier.c: revision 1.7
external/cddl/osnet/dist/tools/ctf/cvt/barrier.c: revision 1.8
tools/compat/configure.ac: revision 1.100
external/cddl/osnet/dist/tools/ctf/cvt/tdata.c: revision 1.10
tools/compat/nbtool_config.h.in: revision 1.54

ctfmerge: error check sem_*() and pthread_*() APIs

terminate() if sem_*() returns -1 or pthread_*() returns != 0.
(Set errno from pthread_*() so terminate() prints the strerror message).

Note: Failing on errors instead of ignoring them helps identify
reasons for intermittent failures, such as those on macOS host builds:

  ERROR: nbctfmerge: barrier_init: sem_init(bar_sem): Function not implemented

ctfmerge: fix macOS semaphore implementation

Use dispatch_semaphore_create() if present instead of sem_init().
macOS doesn't actually implement sem_init() (et al)
(even though it provides the prototypes as deprecated).

This was detected by the previous commit to ctfmerge
that added error handling.

Implement ctfmerge's barrier operations in terms of
dispatch(3) APIs such as dispatch_semaphore_create() (et al).

Update tools/compat/configure.ac to find dispatch_semaphore_create().
Fixes ctfmerge on macOS hosts.

Inspired by https://stackoverflow.com/a/27847103

tools/compat: regen for dispatch_semaphore_create

ctfmerge: fix macOS semaphore implementation, part 2
dispatch_semaphore_signal() doesn't return an error, just an
indicator of whether a thread was woken or not, so there's
no need to fail on non-zero return.

osnet: on macOS, use <mach/boolean.h> for boolean_t
macOS/x86_64 defines boolean_t as 'unsigned int' not 'int',
which causes a build issue with tools/ctfmerge on that host
after my recent fixes for macOS semaphores.

So use the <mach/boolean.h> instead of a local typedef ifdef __APPLE__.
May fix a macOS/x86_64 build issue reported by cjep@.
Builds fine on NetBSD/amd64 or macOS/arm.

Note: this compat stuff is clunky, and based on the commit log,
annoyingly error prone. A newer sync of osnet from upstream /may/
improve a lot of these compat typedef workarounds for solaris types...

(martin)

tests/lint: extend tests for sizeof and alignof

(rillig)

lint: fix computation of bit-field width

When bit-fields in packed structs were added on 2009-10-02, lint assumed
that they would only use 'signed int' or 'unsigned int' as storage unit,
even though C99 also allows _Bool.

The cleanup commit for decl.c 1.225 from 2021-08-28 accidentally changed
the rounding mode for bit-field storage units from round-up to
round-down.

(rillig)

lint: clean up packing of structs and unions

No functional change outside debug mode.

(rillig)

lint: clean up tree.c

No functional change.

(rillig)

lint: make alignof(incomplete enum) an error

(rillig)