OpenPAM is a discrete, largely self-contained system component.
Users may not need PAM for many use-cases (e.g. jails, containers),
so move it to its own package.
Use LIB_PACKAGE to create a separate pam-lib package for libpam,
so that applications that support PAM don't need to bring in all
the PAM modules if PAM isn't actually in use.
Add pam to the minimal sets, since this is a core system component that
people expect to be installed. This means all supported installation
methods will install the PAM modules by default, so don't add explicit
dependencies on the PAM modules from things that use PAM (e.g. runtime),
allowing custom/embedded systems to omit these easily.
This change adds a new package to the system so, until we have a proper
policy on how to handle this in release/stable branches, it should not
be MFC'd.
MFC after: never
Reviewed by: des, bapt
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53602
These are user-facing manpages, but were installed in the runtime-dev
package since the PAM modules use bsd.lib.mk. Use MANNODEV instead of
MAN to put them in the base runtime package instead.
Fixes: 031e711647 ("packages: Install development manpages in the -dev package")
MFC after: 3 days
Reviewed by: bapt
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53601
We have an existing rdma package for IB/rdma-related files, but most
of ofed isn't in that package, making it rather useless. Move all of
lib/ofed to the rdma package.
Add a separate rdma-lib package using LIB_PACKAGE, since utilities
depends on the rdma libraries and we don't want that to pull in all
of rdma.
This change moves files between packages so, until we have a proper
policy on how to handle this in release/stable branches, it should
not be MFC'd.
PR: 263227
MFC after: never
Reviewed by: manu
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53604
gtest/gmock are not normally used by users unless running the tests,
so they shouldn't be in the utilities package. Move them to a new
googletest package, to match what we did with ATF/Kyua.
While here, move tests dependencies from tests-all.ucl to tests.ucl,
which is the canonical place for that.
This change adds a new package to the system so, until we have a proper
policy on how to handle this in release/stable branches, it should not
be MFC'd.
MFC after: never
Reported by: emaste
Reviewed by: manu
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53607
The libcasper package exists to contain libcasper, but for some reason
only the libcap_net service was in the package, with libcasper itself
and the rest of the services being in runtime. Move everything to the
libcasper package, except tests which stay in the tests package.
MFC after: 1 day
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53576
ZFS has since been changed to use EOPNOTSUPP instead of EINVAL, and
fusefs/nfs are following suit. POSIX Issue 8 had also made this move,
so it makes sense for us to standardize on EOPNOTSUPP.
Note in the HISTORY section where we're diverging from our previous
versions to align with the new standard.
Reviewed by: asomers, imp (both previous version), kib
Differential Revision: https://reviews.freebsd.org/D53537
Add: slider dialog.
Imported to enable testing and to complete the geomman(8) utility.
Developed as part of the "Full Disk Administration Tool for FreeBSD"
project, Braulio Rivas (brauliorivas@), Google Summer of Code 2025.
Sponsored by: Google LLC (GSoC 2025)
Merge commit '5a70558d32b9680c10ab579c7491652e0838cee4'
Add: slider dialog.
Imported to enable testing and to complete the geomman(8) utility.
Developed as part of the "Full Disk Administration Tool for FreeBSD"
project, Braulio Rivas (brauliorivas@), Google Summer of Code 2025.
Sponsored by: Google LLC (GSoC 2025)
Commit d6864221d8 added support for the _PC_CASE_INSENSITIVE
name for pathconf, to indicate if case insensitive lookups
are configured.
This patch documents this new name and also updates
the description for _PC_HAS_HIDDENSYSTEM to also
include UF_ARCHIVE.
This is a content change.
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D53508
static_libpam's Makefile includes libpam's Makefile after setting some
variables (like MAN) to empty to avoid installing the manpages twice.
After commit 031e711647, it neglected to do this for MANNODEVLINKS,
causing pam.d.5.gz to be installed twice. This is harmless for
installworld, but breaks some things that rely on METALOG (NO_ROOT
installs) since it causes two METALOG entries to be generated for
the same file.
Fixes: 031e711647 ("packages: Install development manpages in the -dev package")
MFC after: 3 days
PR: 290708
Reported by: emaste
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53512
The list of addresses is potentially very large. Larger than we can fit in a
single netlink request, so we indicate via the PFR_FLAG_START/PFR_FLAG_DONE
flags when we start and finish, so the kernel can work out which addresses need
to be removed.
Sponsored by: Rubicon Communications, LLC ("Netgate")
This picks up the accelerated string functions written by
strajabot@.
Event: Google Summer of Code 2024
MFC after: 1 month
MFC to: stable/15
See also: 79e01e7e64
Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D53248
We don't support CPU hotplug, but we do support cpuset(8) restrictions
on jails (including prison0, which uses cpuset 1). The process cannot
widen its cpuset beyond its root set, so it makes sense to instead
report the number of cpus enabled there rather than the total number
in the system.
This change is effectively a nop for the majority of systems and jails
in the wild, though it does reduce the performance of this query now
that we can't take advantage of AT_NCPUS being provided in the auxinfo.
The implementation here is notably different than Linux, which would not
take cgroups into account. They do, however, take CPU hotplug into
account, so the possibility for it to diverge from (and be lower than)
the # configured count to reflect what the process can actually be
scheduled on doesn't really diverge in semantics.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D52295
MAC policies, like mac_biba(4), may forbid changing the login class once
a label has been applied. For setting up the initial login context,
this isn't really expected and in-fact may break some class-based
configuration.
Defer setting the MAC label until after the login class is set, and
remove the requirement that we have a pwd entry since the label is
pulled from the login class -- we only use pwd for syslog in this path.
Patch is largely by Kevin Barry, with some modifications and this commit
message by kevans@.
PR: 177698
Reviewed by: des, olce
MFC after: 3 days
Co-authored-by: Kevin Barry <ta0kira gmail com>
Differential Revision: https://reviews.freebsd.org/D53362
zlib is a standalone third-party component, and deserves its own
package rather than living in runtime. For example, this will make
future security updates less invasive. This also means there's no
dependency on runtime for ports that just require zlib, which is
useful for service jails.
MFC after: 3 days
Reviewed by: bapt, emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53058
Set the number of rulesets (i.e., anchors) directly attached to the
anchor and its path in pfctl_get_ruleset().
While here, add a test to document this behavior.
PR: 290478
Reviewed by: kp
Fixes: 041ce1d690 ("pfctl: recursively flush rules and tables")
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53358
Also provide the pointer to the latest POSIX standard that justifies the
requirement.
Reviewed by: emaste
Discussed with: rmacklem
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53361
mac_text(3) as-written would seem to indicate that a `mac_t` should be
freed with free(3), but this isn't the case. One can derive from
context from when the change was introduced and COMPATIBILITY that this
was intended to talk about *text in `mac_to_text`, so move the comment
there.
PR: 179832
Co-authored-by: Priit Järv <priit cc ttu ee>
MFC after: 3 days
Add a new per-group SUBPACKAGE option to bsd.man.mk. When MANSPLITPKG
is enabled, this is forced to "-man", otherwise it defaults to empty
but can be overridden by the caller.
Use this in bsd.lib.mk to install library manpages in the -dev package
instead of the base package. This is nearly always preferable, since
library manpages are usually in section 2 or 3 and are only relevant
to people with development packages installed.
For manpages which should be installed in the base package even for
libraries, add a new MANNODEV group in bsd.lib.mk. Update existing
Makefiles to use this where appropriate.
MFC after: 3 days
Discussed with: olce
Reviewed by: olce
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D52832
The ffs() function conforms to IEEE Std 1003.1-2008 ("POSIX.1").
The ffsl() and ffsll() functions conform to IEEE Std 1003.1-2024 ("POSIX.1").
Reviewed by: ziaee
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D53352
Add 14.2, as this was cherry-picked prior to release.
Reported by: Harald Eilertsen
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53320
Both files are used by kernel and userspace.
Move them to sys/crypto where they belong.
No functional changes intended.
In preparation of D45670.
Reviewed by: markj
Approved by: markj (mentor)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D52909
The -libutil function getmntpoint(3) is documented as accepting a device
name “with or without /dev/ prepended to it” but did not attempt to
prepend /dev/. This patch corrects the problem by prepending /dev/ to
names that do not begin with a '/'.
Reported-by: Dag-Erling Smørgrav
Differential Revision: https://reviews.freebsd.org/D53185
MFC-after: 1 week
Sponsored-by: Netflix
Update vendor/libarchive to 3.8.2
Important bugfixes:
#2477 tar writer: fix replacing a regular file with a dir for
ARCHIVE_EXTRACT_SAFE_WRITES
#2659 lib: improve filter process handling
#2664 zip writer: fix a memory leak if write callback error early
#2665 lib: archive_read_data: handle sparse holes at end of file correctly
#2668 7zip: Fix out of boundary access
#2670 zip writer: fix writing with ZSTD compression
#2672 lib: fix error checking in writing files
#2678 zstd write filter: enable Zstandard's checksum feature
#2679 lib: handle possible errors from system calls
#2707 lib: avoid leaking file descriptors into subprocesses
#2713 RAR5 reader: fix multiple issues in extra field parsing function
#2716 RAR5 reader: early fail when file declares data for a dir entry
#2717 bsdtar: Allow filename to have CRLF endings
#2719 tar reader: fix checking the result of the strftime (CVE-2025-25724)
#2737 tar reader: fix an infinite loop when parsing V headers
#2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big
enough
Obtained from: libarchive
Vendor commit: 7f53fce04e4e672230f4eb80b219af17975e4f83
Security: CVE-2025-25724
PR: 290303 (exp-run)
MFC after: 1 week
GCC does not like passing NULL (__null) to std::ostringstream::operator<<
inside of ATF_REQUIRE_EQ:
lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_ntop_invalid::body() const':
lib/libc/tests/net/inet_net_test.cc:306:9: error: passing NULL to non-pointer argument 1 of 'std::__1::basic_ostream<_CharT, _Traits>& std::__1::basic_ostream<_CharT, _Traits>::operator<<(long int) [with _CharT = char; _Traits = std::__1::char_traits<char>]' [-Werror=conversion-null]
306 | ATF_REQUIRE_EQ(ret, NULL);
| ^~~~~~~~~~~~~~
In file included from /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/sstream:317,
from /usr/obj/.../amd64.amd64/tmp/usr/include/atf-c++/macros.hpp:29,
from /usr/obj/.../amd64.amd64/tmp/usr/include/atf-c++.hpp:29,
from lib/libc/tests/net/inet_net_test.cc:33:
/usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__ostream/basic_ostream.h:338:81: note: declared here
338 | basic_ostream<_CharT, _Traits>& basic_ostream<_CharT, _Traits>::operator<<(long __n) {
| ~~~~~^~~
...
Fixes: 8f4a0d2f7b ("libc: Import OpenBSD's inet_net_{ntop,pton}")
GCC warns about the sign mismatch in comparisons:
lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_inet4::body() const':
lib/libc/tests/net/inet_net_test.cc:86:17: error: comparison of integer expressions of different signedness: 'int' and 'const unsigned int' [-Werror=sign-compare]
86 | ATF_REQUIRE_EQ(bits, addr.bits);
| ^~~~~~~~~~~~~~
lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_inet6::body() const':
lib/libc/tests/net/inet_net_test.cc:205:17: error: comparison of integer expressions of different signedness: 'int' and 'const unsigned int' [-Werror=sign-compare]
205 | ATF_REQUIRE_EQ(bits, addr.bits);
| ^~~~~~~~~~~~~~
Fixes: 8f4a0d2f7b ("libc: Import OpenBSD's inet_net_{ntop,pton}")