| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | | | | | | | | | | | Release notes at https://nlnetlabs.nl/news/2025/Oct/22/unbound-1.24.1-released/ Security: CVE-2025-11411 MFC after: 3 days Merge commit '73dd92916f532cb3fe353220103babe576d30a15' |
| | | | | | | | | | | | | | The -libutil function getmntpoint(3) is documented as accepting a device name “with or without /dev/ prepended to it” but did not attempt to prepend /dev/. This patch corrects the problem by prepending /dev/ to names that do not begin with a '/'. Reported-by: Dag-Erling Smørgrav Differential Revision: https://reviews.freebsd.org/D53185 MFC-after: 1 week Sponsored-by: Netflix |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update vendor/libarchive to 3.8.2 Important bugfixes: #2477 tar writer: fix replacing a regular file with a dir for ARCHIVE_EXTRACT_SAFE_WRITES #2659 lib: improve filter process handling #2664 zip writer: fix a memory leak if write callback error early #2665 lib: archive_read_data: handle sparse holes at end of file correctly #2668 7zip: Fix out of boundary access #2670 zip writer: fix writing with ZSTD compression #2672 lib: fix error checking in writing files #2678 zstd write filter: enable Zstandard's checksum feature #2679 lib: handle possible errors from system calls #2707 lib: avoid leaking file descriptors into subprocesses #2713 RAR5 reader: fix multiple issues in extra field parsing function #2716 RAR5 reader: early fail when file declares data for a dir entry #2717 bsdtar: Allow filename to have CRLF endings #2719 tar reader: fix checking the result of the strftime (CVE-2025-25724) #2737 tar reader: fix an infinite loop when parsing V headers #2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big enough Obtained from: libarchive Vendor commit: 7f53fce04e4e672230f4eb80b219af17975e4f83 Security: CVE-2025-25724 PR: 290303 (exp-run) MFC after: 1 week |
| | | | | | | | | | | | | | | | | | | | | | GCC does not like passing NULL (__null) to std::ostringstream::operator<< inside of ATF_REQUIRE_EQ: lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_ntop_invalid::body() const': lib/libc/tests/net/inet_net_test.cc:306:9: error: passing NULL to non-pointer argument 1 of 'std::__1::basic_ostream<_CharT, _Traits>& std::__1::basic_ostream<_CharT, _Traits>::operator<<(long int) [with _CharT = char; _Traits = std::__1::char_traits<char>]' [-Werror=conversion-null] 306 | ATF_REQUIRE_EQ(ret, NULL); | ^~~~~~~~~~~~~~ In file included from /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/sstream:317, from /usr/obj/.../amd64.amd64/tmp/usr/include/atf-c++/macros.hpp:29, from /usr/obj/.../amd64.amd64/tmp/usr/include/atf-c++.hpp:29, from lib/libc/tests/net/inet_net_test.cc:33: /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__ostream/basic_ostream.h:338:81: note: declared here 338 | basic_ostream<_CharT, _Traits>& basic_ostream<_CharT, _Traits>::operator<<(long __n) { | ~~~~~^~~ ... Fixes: 8f4a0d2f7b96 ("libc: Import OpenBSD's inet_net_{ntop,pton}") |
| | | | | | | | | | | | | | | | | GCC warns about the sign mismatch in comparisons: lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_inet4::body() const': lib/libc/tests/net/inet_net_test.cc:86:17: error: comparison of integer expressions of different signedness: 'int' and 'const unsigned int' [-Werror=sign-compare] 86 | ATF_REQUIRE_EQ(bits, addr.bits); | ^~~~~~~~~~~~~~ lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_inet6::body() const': lib/libc/tests/net/inet_net_test.cc:205:17: error: comparison of integer expressions of different signedness: 'int' and 'const unsigned int' [-Werror=sign-compare] 205 | ATF_REQUIRE_EQ(bits, addr.bits); | ^~~~~~~~~~~~~~ Fixes: 8f4a0d2f7b96 ("libc: Import OpenBSD's inet_net_{ntop,pton}") |
| | | | | | | | | | | | | | | | | | | Our versions of these functions (originally taken from BIND) simply don't work correctly for AF_INET6. These were removed from BIND itself quite a while ago, but OpenBSD has made several fixes in the mean time, so import their code. Add tests for both functions. PR: 289198 Reported by: Nico Sonack <nsonack@herrhotzenplotz.de> MFC after: 1 week Reviewed by: des Obtained from: OpenBSD (lib/libc/net) Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52629 |
| | | | | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D52045 |
| | | | | | | | | | | | | | ISO 8601 allows use of "Z" as the time zone designator. Update the strptime parser to allow this usage. While we are at it, update the manpage to reflect that both UTC and Z are now valid options. Reviewed by: des MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D53083 |
| | | |
| | | | | | | | | | | | | | | | | Set LIB_PACKAGE= in lib/ncurses/Makefile.inc so the ncurses libraries go into the ncurses-lib subpackage rather than the base package. This means applications that depend on ncurses can be installed without needing to install the various utilities and manpages. This removes a dependency from runtime to ncurses (it now depends on ncurses-lib instead). MFC after: 3 seconds Reviewed by: kevans Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53060 |
| | | | | | | | | | | | | | | This more accurately reflects its purpose, and its contents, since everything in the package is prefixed with "local-". While here, add a message on upgrade about regenerating the config. MFC after: 3 seconds Requested by: des Reviewed by: des Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53056 |
| | | |
| | | | | | | | | | | | | | | | | | | | | Create a chapter on every important socket type: stream, datagram, seqpacket. Always list what protocol families do support what kinds of sockets. Improve some statements possessing language from the specification [1]. Reduce some statements that are mostly specific to TCP. Provide more external links and references to various important syscalls that can be used on sockets. Add a paragrph on non-blocking mode. The big factual change is documentation of SOCK_SEQPACKET. In FreeBSD 15 this socket now fully follows the specification and is a stream socket with record boundaries. [1] https://pubs.opengroup.org/onlinepubs/9799919799/functions/V2_chap02.html#tag_16_10_06 Differential Revision: https://reviews.freebsd.org/D52771 |
| | | | | | Just make it like all other sockets that have PF_FOO -> AF_FOO alias. |
| | | | | | | | | | | | | We've been mostly POSIX-conforming since r236400 and fully since r240410, which fixed a corner case where a missing non-leaf directory would be reported as ENOTDIR instead of ENOENT. Sponsored by: Klara, Inc. Fixes: 7877ed7ce33e ("Avoid mapping ENOENT to ENOTDIR for non-existent path components.") Reviewed by: ziaee, markj Differential Revision: https://reviews.freebsd.org/D53027 |
| | | | | | | | | | | | | If lstat() fails with EACCES or ENOTDIR, the path we need to return in the caller-provided buffer is that of the parent directory (which is either unreadable or not a directory; the latter can only happen in the case of a race) rather than that of the child we attempted to stat. Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D53025 |
| | | | | | | | | | | | | | * Passing NULL should result in EINVAL * Passing an empty path should result in ENOENT * Failure with a non-null buffer should leave a partial result. As pointed out in a comment in the test case, this reveals a discrepancy between the documentation and reality. Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D53024 |
| | | | | | | | | The pam_xdg module does set the XDG_RUNTIME_DIR in the environment, it's actually its main purpose. Reported by: arrowd |
| | | | | | | | | | | | | | | | | Previously, blacklist man pages were just a symlink to their blocklist counterpart, this in turn installed blocklist man pages twice, and resulted in a duplicate error when running metalog_reader.lua -c. Take advantage of the duplication to document nuances in blacklist, such as the fact that it uses the new database and socket name (blocklist). Also, note that it has been renamed to blocklist. In the future, it will help to document its deprecation. Approved by: emaste (mentor) Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist") MFC after: 2 days |
| | | | | | | | | | | | | | | | | | | | Follow up upstream rename from blacklist to blocklist. - Old names and rc scripts are still valid, but emitting an ugly warning - Old firewall rules and anchor names should work, but emitting an ugly warning - Old MK_BLACKLIST* knobs are wired to the new ones Although care has been taken not to break current configurations, this is a large patch containing mostly duplicated code. If issues arise, it will be swiftly reverted. Reviewed by: ivy (pkgbase) Approved by: emaste (mentor) MFC after: 2 days Relnotes: yes |
| | | | | | | | | | | | | This is the correct place for them, and also issues an incorrect dependency from utilities to sound. Fixes: 1b806e607f52 ("packages: Add a sound package") MFC after: 3 days Reviewed by: christos, dch Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53015 |
| | | | | | | | | | | | | Move the library, but not any of the runtime. This allows executables to link against libbluetooth without having to pull in the entire BT stack. MFC after: 3 days Reviewed by: dch, emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53016 |
| | | | | | | | | | | | | | Make sure the entirety of x is zero before flipping the sign bit. Otherwise the sign would be wrong for small values of x when x is negative and |n*y| > |x| Reported by: alfredo PR: 251091 Reviewed by: kargl MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53023 |
| | | | | | | | | | | | | | | | | | | | | | In the STANDARDS section, stop mentioning behavior that is not prescribed by POSIX and make sure to specify which alternative we implement (as POSIX allows to return or not the effective group ID). Say more clearly that programs treating specially the first slot of the returned array must be modified. Consistently use "group ID" instead of "GID". These changes are going to be MFCed into stable/14 as part of MFCing commit 4be38acc826f ("getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS"), so the current commit will be MFCed to stable/15 only. MFC after: 1 hour MFC to: stable/15 Sponsored by: The FreeBSD Foundation |
| | | | | | | | | | | | | | | | | | | | | Add generation of a bzip2.pc file for use with pkg-config and create a basic template as bzip2.pc.in. This allows other software to easily locate and link against libbz2 using standard pkg-config mechanisms instead of manual compiler and linker flags. The version number is extracted automatically from bzlib.h to keep it consistent with the library sources. Tested: pkg-config --exists --print-errors "bzip2 >= 1.0.9" (fail, expected) pkg-config --exists --print-errors "bzip2 >= 1.0" (succeeded) pkg-config --libs bzip2 (-lbz2) pkg-config --cflags bzip2 () MFC after: 3 days |
| | | | | | | | | | | | | | The implicit cast is incompatible with standard compiler options in a C++ project, making the library difficult to use. Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr> Sponsored by: Defenso MFC after: 3 days Discussed with: kevans Reviewed by: emaste, vexeduxr Pull request: https://github.com/freebsd/freebsd-src/pull/1857 |
| | | | | | | | | | | | | | | The current phrasing could be interpreted as meaning that initgroups(3) could return ENOMEM instead of -1, which it actually did until I fixed it in commit 0b018cfd81d8 ("initgroups(3): Fix return value on allocation failure"). While here, mention setgroups(2) as a system call rather than a library function. MFC with: 0b018cfd81d8 ("initgroups(3): Fix return value on allocation failure") Sponsored by: The FreeBSD Foundation |
| | | | | | | | | | | | | | | | | | | | | Emphasize the peculiar treatment of 'ngroups', through which the effective group list's size is returned, even if the passed allocated size is not big enough, in which case the output 'groups' array is completely filled with the effective group list's first elements. Use the precise POSIX term for the group associated to the user in the password database ("initial numerical group ID"), consistently with what was done in initgroups.3. Use "length" instead of "size" to refer to the number of elements of an array (in contrast with its actual size in bytes). Perform some minor simplifications on top of the last rework. MFC after: 1 hour Sponsored by: The FreeBSD Foundation |
| | | | | | | | | | | | | | * Add subsections for the three functions that didn't already have one. * Add a RETURN VALUES section. * Improve the grammar somewhat. * Clarify that fts_read() will not set errno to 0 if called again after having already returned NULL. Sponsored by: Klara, Inc. Reviewed by: bcr, markj Differential Revision: https://reviews.freebsd.org/D52925 |
| | | | | | | | Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52924 |
| | | | | | | | | | | Release notes at https://nlnetlabs.nl/news/2025/Sep/18/unbound-1.24.0-released/ MFC after: 1 week Merge commit '0064eb9cf1c8d526e87d3149249445d4bc8d0248' |
| | | | | | | | | | | | | | | | | | | | | Rather than implementing the recurrence using 3 16-bit integers, as was done in _dorand48() before this patch, provide an equivalent implementation using 64-bit integers. For drand48() and erand48(), replace the use of ldexp() with bit-twiddling assuming IEEE 754 double-precision float layout. This implementation is significantly faster and requires less code, while producing identical outputs on supported platforms. While here, add a STANDARDS section to rand48.3. Obtained from: https://github.com/apple-oss-distributions/libc MFC after: 3 weeks Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52429 |
| | | | | | | | | | Reviewed by: des Approved by: emaste (mentor) Fixes: 6c5cdba1bafe ("Add nss_tacplus, a TACACS+ NSS module.") MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52882 |
| | | | | | | | | | | | | | | | | We don't want to put these in clibs (where libc is) since they are not critical to system operation. Move them to locales, since anyone who is interested in translated versions of strerror() is going to have that installed anyway. While here, add some more documentation to bsd.nls.mk, particularly the NLSPACKAGE option. MFC after: 3 seconds Reviewed by: manu, kib Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52898 |
| | | | | | | | | MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52828 |
| | | | | | | | | | | | | | | MD5 is used by libc/resolv to generate a random sequence id from a current time stamp. Replace this convoluted mechanism with a call to arc4random(). This permits us to entirely drop MD5 from libc, simplifying the MD5 rework proposed in D45670. Approved by: markj Reviewed by: kevans, markj See also: D45670 Event: EuroBSDcon 2025 Differential Revision: https://reviews.freebsd.org/D52784 |
| | | | | | | | | | libopenbsd retains recallocarray() during bootstrapping for now as it is needed for mandoc. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52864 |
| | | | | | | | | | | | | | This function from OpenBSD is a hybrid of reallocarray() and calloc(). It reallocates an array, clearing any newly allocated items. reallocarray() ultimately originates from OpenBSD. The source is taken from lib/libopenbsd, which now no longer has the function unless when bootstrapping (needed for mandoc). Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52863 |
| | | | | | | | | | In preparation of adding recallocarray() to libc. See also: D52863 Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52878 |
| | | | | | | | | | | | Summary: This makes the code easier to understand and slightly faster, but requires C23. calloc() would benefit, too, but I didn't want to touch the imported jemalloc code base. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52854 |
| | | | | | | Reported by: ivy@ MFC after: 3 days |
| | | | | | | | | | | | | | | | | Put virtual_oss, /etc/devd/snd.conf and the other audio-related tools into a new "sound" package. Don't create a separate -lib package, since it's unlikely someone will want mixer(3) without mixer(8). Put the sound package in the optional set rather than minimal, since it's not actually required for audio hardware support, and many systems (including nearly all servers) won't want it installed. MFC after: 3 seconds Reviewed by: christos Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52823 |
| | | | | | | | | | Remember to also free ncounters. Fixes: c00aca9a71 ("pf: Show pf fragment reassembly counters.") MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") |
| | | | | | | | | | | PR: 289920 Fixes: 9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation MFC after: 1 day Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D52807 |
| | | | | | | | While here, fix manlint warnings and a typo in tzset(3). MFC after: 3 days |
| | | | | | | | | | | | | | libedit isn't as foundational as the rest of -clibs, but various bits of -runtime do need it. Give it a new home over in -runtime. This also fixes the libedit build to group the readline bits into the same package as the libedit that implements them. Reviewed by: ivy MFC after: 2 days (pkgbase movement) Differential Revision: https://reviews.freebsd.org/D52787 |
| | | | | | | | | | | | | | | | | | | | Pushing ncurses into clibs adds extra upgrade risk to a package that otherwise consists of integral libs with non-trivial interdependencies. Adding it to -runtime was considered, but the move was historically motivated to some extent by allowing a much smaller set of base libs to be installed for smaller VM images that don't really need all of the runtime package. This also fixes the ncurses build to ensure that libmenuw is grouped with the rest of the ncurses libraries, which doesn't seem to have been an intentional omission. Reviewed by: ivy MFC after: 2 days (pkgbase movement) Differential Revision: https://reviews.freebsd.org/D52786 |
| | | | | | | | | | | | | | This is a niche tool which is only useful in a small number of specific situations. It's very small (8kB), and the executable component /usr/bin/stdbuf is already in -utilities, so move the shlib to -utilities as well. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52788 |
| | | | | | | | | | | | This is part of audit, so use the new LIB_PACKAGE feature to name the package audit-lib, rather than libbsm. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52789 |
| | | | | | | | | | | | Instead of creating a separate libsdp package, use LIB_PACKAGE to ship this in bluetooth-lib. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52790 |
