Currently libbz2 is in the libbz2 package, while bzip2 itself is in
-utilities, which is inconsistent. Move both the library and the
utility to a new -bzip2 package, and use LIB_PACKAGE to create a
separate -bzip2-lib package for runtime dependencies.
Add the bzip2 package to the minimal set, and since newsyslogd uses
bzip2 for logfile compression, add a dependency from there.
MFC after: 1 day
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D52663
Due to the size of libpmc.so.5, this reduces the size of the -utilities
package by 10%.
MFC after: 1 day
Reviewed by: manu, adrian, emaste
Differential Revision: https://reviews.freebsd.org/D52662
Includes diff reduction to upstream version of this patch.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D39715
by forwarding the reference to libsys syscall symbol, for the libc.so
case.
Reviewed and tested by: kevans
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D52672
We don't want a tests-dev package, because this means set-devel depends
on tests-dev, which transitively depends on tests, which means you can't
install set-devel without also getting tests.
The only real "dev" files in tests-dev are from ATF (libprivateatf),
so move that to its own package and add a dependency from tests.
Also move Kyua to its own package, since this might be useful for
running tests even when the user doesn't want the whole set of base
tests installed.
Add a dependency from -tests to both -atf and -kyua, and a dependency
on -set-base, since the tests won't work without the full base system
installed.
The remaining "dev" files in tests are actually test artifacts, not real
development libraries. Add a new NO_DEV_PACKAGE option to bsd.lib.mk,
which causes dev files to be installed in the base package instead of
creating a -dev package, and set this option for everything that
installs test libraries.
While here, add a slightly more informative description for the tests
package.
MFC after: 3 seconds
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D52597
Fixes compiler error when the caller passes a const bdaddr_t *
paramemeter (e.g., NG_HCI_BDADDR_ANY).
Sponsored by: The FreeBSD Foundation
MFC after: 1 day
Reviewed by: markj, emaste
Differential Revision: https://reviews.freebsd.org/D52582
Clarify and be more precise about the behavior of getgroups(2), in
particular with respect to 'gidsetlen'.
Prefer a terminology referring to POSIX terms, i.e., use "supplementary
groups" instead of "group access list".
Say that getgroups(2) reports the supplementary groups in strictly
ascending order and returns the cardinal of the set they form (and
mention this has been the case since FreeBSD 14.3).
Add a new SECURITY CONSIDERATIONS section contrasting the new behavior
after commit 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) to
match other platforms") with the historical one.
While here, fix some style.
Note for MFC to stable/14: The content will have to be revised as the
new behavior is not in place. The latter should be mentioned as
upcoming in 15.
Reviewed by: gbe (older version)
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52286
Reviewed by: gbe
Fixes: 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) to match other platforms")
MFC after: 5 days
MFC to: stable/15
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52285
Add a new SECURITY CONSIDERATIONS section describing in details what the
new behavior is after commit 9da2fe96ff ("kern: fix setgroups(2) and
getgroups(2) to match other platforms"), what setgroups(2) does not
do anymore, and how programs using it are affected.
Fix the groups limit after commit 9da2fe96ff ("kern: fix setgroups(2)
and getgroups(2) to match other platforms").
Prefer a terminology referring to POSIX terms, i.e., use "effective
group list" instead of "group access list".
While here, fix some style.
Note for MFC to stable/14: The content will have to be revised as the
new behavior is not in place. The latter should still be mentioned as
upcoming in 15.
Fixes: 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) to match other platforms")
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52284
Bring up to date with NSS by substituting "file" with "database".
Describe more precisely which database is accessed, i.e., only the group
database, which value should be used and where it lands in the result.
Prefer a terminology referring to POSIX terms, i.e., use "effective
group list" instead of "group access list".
Reviewed by: gbe
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52283
After commit 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) to
match other platforms"), initgroups() does not set the effective GID
anymore and uses all passed groups as the supplementary group list.
This effectively breaks backwards compatibility with programs/libraries
compiled on a FreeBSD 14 or earlier system.
Restore compatibility by creating a new version of the 'initgroups'
symbol that designates the current implementation and providing
a pre-FreeBSD-15-compatible version under the symbol's previously
exported version. The new version calls the new setgroups(2) system
call, while the compatible one calls the original one (called
freebsd14_setgroups()).
Update the manual page with some history and comparison with other
current open-source systems. Add a "SECURITY CONSIDERATIONS" section
highlighting some security properties of this approach and the reasons
we adopt it. While here, revamp the manual page, in particular to use
the exact POSIX terminology where possible.
Note for MFC to stable/14: Only the manual page update is to be MFCed,
and the text changed to reflect the old behavior and inform readers of
the new upcoming behavior in 15.
Reviewed by: kib
Fixes: 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) to match other platforms")
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52282
We must not return ENOMEM, but rather -1 with 'errno' set to ENOMEM, as
described in the manual page and as other implementations are doing.
A malloc() failure actually already sets ENOMEM for us. Add comments
indicating which function set 'errno' each time we return.
While here, improve style and remove useless headers.
Reviewed by: kib, emaste
Fixes: 54404cfb13 ("In preparation for raising NGROUPS and NGROUPS_MAX, ...")
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52580
In particular, fixes 'procstat -s -M' (for processes with more than 16
groups).
Reviewed by: kib
Fixes: be1f7435ef ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after: 5 days
MFC to: stable/15
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52275
Fixes the following warnings:
ld: error: relocation R_X86_64_32S cannot be used against local symbol; recompile with -fPIC
>>> defined in /usr/obj/usr/src/amd64.amd64/lib/libsamplerate/libsamplerate.a(samplerate.o)
>>> referenced by samplerate.c:498 (/usr/src/contrib/libsamplerate/samplerate.c:498)
>>>
>>> samplerate.o:(src_new) in archive /usr/obj/usr/src/amd64.amd64/lib/libsamplerate/libsamplerate.a
Related discussion: https://reviews.freebsd.org/D52306
Sponsored by: The FreeBSD Foundation
Reviewed by: fuz
Differential Revision: https://reviews.freebsd.org/D52307
Framgent count and statistics are stored in struct pf_status. From
there pfctl(8) and systat(1) collect and show them. Note that pfctl
-s info needs the -v switch to show fragments.
input claudio@; OK henning@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 19e99d0613
Sponsored by: Rubicon Communications, LLC ("Netgate")
The manual page does not directly mention this reason for getting EPERM,
instead referring the reader to chroot(2). We have had some questions
about it recently, in part due to a bug (fixed), and this case is not an
obvious permission/problem, so let's be more explicit.
PR: 280809
Reviewed by: jamie
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52319
I botched a style fix to a pull request, and didn't catch it on amd64,
but it broke almost everything else. It's a false positive to the style
program and spaces cannot be inserted here. It's not math, but a funky
notation.
Fixes: 9dd78db9c3
In __hdtoa() and __hldtoa(), rounding is incorrectly applied when
the requested precision exactly matches the number of significant
hexadecimal digits. In this case, the redux adjustment can trigger
an unintended exponent increment and shift the rounding position
left by one bit. This causes the least significant digit to be
rounded incorrectly.
The fix adds a new condition based on MAX_HEX_DIGITS (derived from
MANT_DIG) so that rounding is performed only when precision is
strictly less than the number of significant digits. This avoids
the unintended shift while preserving correct rounding for other
cases.
A new regression test
(printfloat_test:hexadecimal_rounding_offset_eq_exp) covers both
the binary64 (%.13a) and binary128 (%.28La on arm64) cases that
previously fail, ensuring the bug does not regress.
Note: MAX_HEX_DIGITS represents the maximum number of hexadecimal
digits needed to express the mantissa. It is computed by subtracting
the implicit integer bit from [L]DBL_MANT_DIG, dividing the remaining
mantissa bits by 4 (with +3 to round up any remainder), and finally
adding +1 for the leading integer digit. This makes its meaning
explicit and distinct from SIGFIGS, which serves a different purpose.
Fixes: 76303a9735 ("Make several changes to the way printf handles hex floating point (%a):")
Signed-off-by: Osamu Sho <osamusho@gmail.com>
Reviewed by: imp,jlduran
Pull Request: https://github.com/freebsd/freebsd-src/pull/1837
Like lastjid, desc should count as a pseudo-parameter. The difference
lies entirely in the security.jail.param sysctls, which list all of
the jail parameters. Since desc opens and returns a file descriptor,
it has no place in such uses as "jls all." Like lastjid, it's still
recognized by the kernel if passed in/out, and hard-coded into libjail
so it can be recognized there.
MFC after: 3 days
We need <unistd.h> to get our prototype normally, but WARNS in libc is
way too low to surface that.
Additionally, _FORTIFY_SOURCE needs to include <ssp/unistd.h> by way of
<unistd.h> to actually export an implementation of getgrouplist(3). The
version defined in the .c gets named __ssp_real_getgrouplist() and the
actual implementation comes from the redirect stub in <ssp/unistd.h>,
which basically gets optimized away in the built object because our
__builtin_object_size() check is trivially false when we cannot resolve
any object sizes in this translation unit.
This could be argued as a design flaw in _FORTIFY_SOURCE, but we should
grab <unistd.h> for our prototype anyways so let's kick the can down
the road instead of re-thinking it for 15.0.
Reported by: Shawn Webb (HardenedBSD)
Fixes: d3f8ed6066 ("getgrouplist(3): Remove superfluous [...]")
MFC after: 3 days
libc's C memcmp currently returns the difference in byte values rather
than just -1/0/1 as the AArch64 assembly implementation, many non-
FreeBSD implementations, and compiler built-in optimizations do.
It is a bug for a user to expect memcmp to return the difference in the
byte values as the compiler is free to inline memcmp() with an
implementation that does not do this. Change the test to validate only
what the standard requires.
PR: 289084
Reviewed by: markj, fuz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52502
Commit f9513c334f moved the shared libraries for ZFS and UFS into
separate packages (libzfs and libufs), which resulted in a rather
large number of packages being created, e.g. for ZFS:
FreeBSD-libzfs
FreeBSD-libzfs-dbg
FreeBSD-libzfs-dbg-lib32
FreeBSD-libzfs-dev
FreeBSD-libzfs-dev-lib32
FreeBSD-libzfs-lib32
FreeBSD-zfs
FreeBSD-zfs-dbg
FreeBSD-zfs-dbg-lib32
FreeBSD-zfs-dev
FreeBSD-zfs-dev-lib32
FreeBSD-zfs-lib32
FreeBSD-zfs-man
Use LIB_PACKAGE instead, which significantly reduces the number of
packages:
FreeBSD-zfs
FreeBSD-zfs-dbg
FreeBSD-zfs-dbg-lib32
FreeBSD-zfs-dev
FreeBSD-zfs-dev-lib32
FreeBSD-zfs-lib
FreeBSD-zfs-lib32
FreeBSD-zfs-man
MFC after: 3 days
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D52416
Give jail descriptors the same kevent flags as jails. Also fix the
event reporting in jails, where it was including data for events the
user didn't ask for.
MFC after: 3 days
Instead of using the EVFILT_PROC model of attempting to automatically
register new events when a child jail is created, just give a single
event when a child jail is created. As was already done with jail
attach events, make a best-effort report of the added jail's id in
kn_data. If the are multiple NOTE_JAIL_CHILD and/or NOTE_JAIL_ATTACH
events, set the NOTE_JAIL_MULTI flag, and don't report anything in
data, indicating that the caller will need to query the system state
on their own.
MFC after: 3 days
Jail descriptors were given a file-like mode, user, and group, for the
purpose of controlling how the descriptor may be used. This is too far
removed from the file paradigm to make sense. Remove it in favor of a
better access control method to be added, such as Capsicum.
Also add missing code in jaildesc_fill_kinfo.
Reported by: crest at rlwinm.de, kib
MFC after: 3 days
This function was never safe to use. We marked it deprecated in the
manual page in 2016, and it is marked obsolete in POSIX 2024. We
previously added a linker warning and annotated the prototype; now that
stable/15 has been branched, we can remove it from main.
Relnotes: yes
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D52474
Following fd9e09cb, EBADF is not the suitable error code for a non-
jail descriptor passed to jail_set, jail_get, jail_attach_fd, and
jail_remove_fd.
Reported by: kib
In particular, fixes 'procstat -s -M' (only if there are less than 16
groups).
Reviewed by: kib, emaste
Fixes: be1f7435ef ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after: 9 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52260
* Bumps to versions in lib/clang
* Bumps to sys/conf/newvers.sh and sys/sys/param.h
* Update to UPDATING
Approved by: re (implicit)
Sponsored by: https://www.patreon.com/cperciva
Similar to process descriptors, jail desriptors are allow jail
administration using the file descriptor interface instead of JIDs.
They come from and can be used by jail_set(2) and jail_get(2),
and there are two new system calls, jail_attach_jd(2) and
jail_remove_jd(2).
Reviewed by: bz, brooks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D43696
Add kqueue tracking to jails, inspired by how it's done with processes.
EVFILT_JAIL takes a jail ID, and tracks with NOTE_JAIL_SET,
NOTE_JAIL_ATTACH, NOTE_JAIL_REMOVE, and NOTE_JAIL_CHILD. It also uses
the NOTE_TRACK mechanism that EVFILT_PROC uses, using the same result
flags (NOTE_CHILD and NOTE_TRACKERR).
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D51940
When LIB_PACKAGE was added, MIT Kerberos was updated to use it but
Heimdal was not, so it still used PACKAGE=kerberos-lib. Since we
deleted kerberos-lib-all.ucl, this caused update-packages to fail
when WITHOUT_MITKRB5 is set.
Change the Heimdal libraries to use LIB_PACKAGE by setting this in
kerberos5/lib/Makefile.inc, and remove PACKAGE=kerberos-lib from the
individual Makefiles for each library. This means Heimdal gets the
same set of packages as MIT Kerberos, except for kerberos-kdc which
we don't create for Heimdal.
Fixes: 929f5966a9 ("packages: Improve handling of -lib packages")
Reported by: jlduran
Reviewed by: jlduran, cy
Differential Revision: https://reviews.freebsd.org/D52371
internal representation of icmp type/code in pfctl(8)/pf(4) does not
fit into u_int8_t. Issue has been noticed and kindly reported by
amalinin _at_ bh0.amt.ru via bugs@.
OK bluhm@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 1fdb608f55
Sponsored by: Rubicon Communications, LLC ("Netgate")
This catches a bug in tzcode which incorrectly considers TZDEFAULT as
unsafe as if it came from the environment.
Also deduplicate some repeated code, and fix a missing mode in an
open(2) call with O_CREAT set.
Event: Oslo Hackathon 202508
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D52241
Adds `ifconfig_set_up()` to set and unset the `IFF_UP`
on a network interface using `RTM_NEWLINK`.
Sponsored by: Google LLC (GSoC)
Reviewed by: obiwac, mckusick (mentor), kp
Approved by: obiwac, mckusick (mentor), kp
Differential Revision: https://reviews.freebsd.org/D52128
Add a test case for a typical thin jail scenario where TZDIR does not
exist and we get our information from /etc/localtime. This is
technically already covered by the detect_tz_changes test case, but
this new test case is independent of the DETECT_TZ_CHANGES option.
To permit checking the sources out on systems such as Windows with
more restrictive file name requirements, rename the manpage source
files to replace colons with underscrores. Use MANSRC.foo to point
<bsd.man.mk> at the new source file names.
Reviewed by: ivy
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D51794
The sysdecode_syscallname function was accidentally documented as being
plural. Move it to reflect it's actual name, and adjust all references.
PR: 278383
Reviewed by: ziaee
Differential Revision: https://reviews.freebsd.org/D51002