Add: slider dialog.
Imported to enable testing and to complete the geomman(8) utility.
Developed as part of the "Full Disk Administration Tool for FreeBSD"
project, Braulio Rivas (brauliorivas@), Google Summer of Code 2025.
Sponsored by: Google LLC (GSoC 2025)
Merge commit '5a70558d32b9680c10ab579c7491652e0838cee4'
Assume tzdata is not fresh if last_checked is zero, as comparing the
current time to last_checked less than __tz_change_interval after boot
may produce a false negative.
While here, invert the return value from tzdata_is_fresh() to better
match its new name (it was previously called recheck_tzdata(), so zero
for fresh and non-zero for stale made sense, but it doesn't now).
PR: 269207
MFC after: 3 days
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D53502
[Driver] Enable outline atomics for FreeBSD/aarch64 (#156089)
The compiler_rt helper functions have been built since 12.4, 13.1, 14
and anything newer.
This reverts commit 51e8e8b0f3.
MFC after: immediately
This UFS-only test verifies that attempting to create more links than
permitted by the file system returns EMLINK, but has been broken ever
since UFS_LINK_MAX was increased because a) it hardcodes the previous
value of UFS_LINK_MAX, and b) the new value requires more space than
the test allocates, so it ends up getting ENOSPC instead of EMLINK.
* Switch to retrieving {PC_LINK_MAX} at runtime.
* Stop the test when we reach {PC_LINK_MAX} links. This ensures that
we don't go on for hours if the actual limit turns out to be much
higher than we anticipated (e.g. INT64_MAX on ZFS).
* Double the size of the test filesystem.
MFC after: 3 days
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Fixes: 35a301555b ("Increase UFS/FFS maximum link count from 32767 to 65530.")
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D53442
[Driver] Enable outline atomics for FreeBSD/aarch64 (#156089)
The compiler_rt helper functions have been built since 12.4, 13.1, 14
and anything newer.
MFC after: 3 days
This reverts commit 2347ca21d6.
A fix has been implemented in 99560fe98c ("pfctl: Do not warn if there
is no Ethernet anchor").
Revert this commit to avoid having differences with upstream.
MFC after: 2 days
This reverts commit 67ade69eb6.
A fix has been implemented in a943a96a50 ("libpfctl: Fix displaying
deeply nested anchors").
Revert this commit to avoid having differences with upstream.
Upstream introduced a fix that avoids blocklistd(8) from running into an
endless loop when it tries to delete an address from the database which
has been added multiple times.
Apply the same fix to blacklistd(8).
Upstream PR: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=57193
MFC after: 2 days
It has been reported as PR 290478. In the meantime, just sweep under
the carpet.
It is worth noting that neither commit:
2347ca21d6 ("blocklist-helper: Silence a bogus pf warning")
nor this one will be upstreamed, as this is a FreeBSD-specific issue.
PR: 290478
MFC after: 2 days
Upstream introduced an extra column in blocklistctl(8) to display the
name of the rule associated in the database entry.
It is intended to avoid confusion when seemingly duplicate locations
appear in the output of the blocklistctl dump command. Especially when
users are transitioning from the old nomenclature to the new one.
The latest patches will not be fully backported to blacklistctl(8), to
avoid breaking current scripts that may be parsing its output. Also we
are slowly preparing to feature-freeze everything related to blacklist.
MFC: 2 days
Update vendor/libarchive to 3.8.2
Important bugfixes:
#2477 tar writer: fix replacing a regular file with a dir for
ARCHIVE_EXTRACT_SAFE_WRITES
#2659 lib: improve filter process handling
#2664 zip writer: fix a memory leak if write callback error early
#2665 lib: archive_read_data: handle sparse holes at end of file correctly
#2668 7zip: Fix out of boundary access
#2670 zip writer: fix writing with ZSTD compression
#2672 lib: fix error checking in writing files
#2678 zstd write filter: enable Zstandard's checksum feature
#2679 lib: handle possible errors from system calls
#2707 lib: avoid leaking file descriptors into subprocesses
#2713 RAR5 reader: fix multiple issues in extra field parsing function
#2716 RAR5 reader: early fail when file declares data for a dir entry
#2717 bsdtar: Allow filename to have CRLF endings
#2719 tar reader: fix checking the result of the strftime (CVE-2025-25724)
#2737 tar reader: fix an infinite loop when parsing V headers
#2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big
enough
Obtained from: libarchive
Vendor commit: 7f53fce04e4e672230f4eb80b219af17975e4f83
Security: CVE-2025-25724
PR: 290303 (exp-run)
MFC after: 1 week
Important bugfixes:
#2477 tar writer: fix replacing a regular file with a dir for
ARCHIVE_EXTRACT_SAFE_WRITES
#2659 lib: improve filter process handling
#2664 zip writer: fix a memory leak if write callback error early
#2665 lib: archive_read_data: handle sparse holes at end of file correctly
#2668 7zip: Fix out of boundary access
#2670 zip writer: fix writing with ZSTD compression
#2672 lib: fix error checking in writing files
#2678 zstd write filter: enable Zstandard's checksum feature
#2679 lib: handle possible errors from system calls
#2707 lib: avoid leaking file descriptors into subprocesses
#2713 RAR5 reader: fix multiple issues in extra field parsing function
#2716 RAR5 reader: early fail when file declares data for a dir entry
#2717 bsdtar: Allow filename to have CRLF endings
#2719 tar reader: fix checking the result of the strftime (CVE-2025-25724)
#2737 tar reader: fix an infinite loop when parsing V headers
#2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big
enough
Obtained from: libarchive
Vendor commit: 7f53fce04e4e672230f4eb80b219af17975e4f83
Security: CVE-2025-25724
Previously, blacklist man pages were just a symlink to their blocklist
counterpart, this in turn installed blocklist man pages twice, and
resulted in a duplicate error when running metalog_reader.lua -c.
Take advantage of the duplication to document nuances in blacklist, such
as the fact that it uses the new database and socket name (blocklist).
Also, note that it has been renamed to blocklist. In the future, it
will help to document its deprecation.
Approved by: emaste (mentor)
Fixes: 7238317403 ("blocklist: Rename blacklist to blocklist")
MFC after: 2 days
Silence a bogus warning about (an ethernet) anchor not being found.
It has been reported as PR 280516. In the meantime, just sweep under
the carpet.
Approved by: emaste (mentor)
MFC after: 2 days
Follow up upstream rename from blacklist to blocklist.
- Old names and rc scripts are still valid, but emitting an ugly warning
- Old firewall rules and anchor names should work, but emitting an ugly
warning
- Old MK_BLACKLIST* knobs are wired to the new ones
Although care has been taken not to break current configurations, this
is a large patch containing mostly duplicated code. If issues arise, it
will be swiftly reverted.
Reviewed by: ivy (pkgbase)
Approved by: emaste (mentor)
MFC after: 2 days
Relnotes: yes
Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a "one-count"
failure") introduced BLOCKLIST_BAD_USER with a one-count failure
mechanism. BLOCKLIST_AUTH_FAIL was implemented with a two-count failure
mechanism. Since we have been utilizing BLOCKLIST_AUTH_FAIL, the number
of failed attempts now doubles towards the maximum limit (nfails),
giving system administrators the impression that the number of failed
authentication attempts is inaccurate.
Revert this commit until a consensus has been reached. We do not want
to introduce yet another breaking change with the renaming of the
library.
Approved by: emaste (mentor)
MFC after: 2 days
Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15'
Breaking changes:
- Upstream commit 24932b6 ("blocklistd: log the conf file line number
with bad protocol errors") breaks backward database compatibility.
An error will be displayed:
Key size mismatch 296 != 288
A new and compatible database, with the new name, will be created when the
service starts (committed separately).
- Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a
"one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count
failure mechanism. BLOCKLIST_AUTH_FAIL was implemented with a
two-count failure mechanism. Since we utilize BLOCKLIST_AUTH_FAIL, the
number of failed attempts now doubles towards the maximum limit
(nfails). This commit will be reverted separately.
Changes:
https://github.com/zoulasc/blocklist/compare/7093cd9...8aa81bf
Approved by: emaste (mentor)
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D52869
Version for change and feature requests.
* Improve documentation for --alternate-screen and --normal-screen.
Request: https://bugs.freebsd.org/285459. (This PR is not about
bsddialog itself but is used as an example for an official FreeBSD
documentation request.)
* Reduce the number of screen refreshes to improve performance over a
115200 UART connection.
Request: https://gitlab.com/alfix/bsddialog/-/issues/8.
* Change textbox buttons to return distinct values (previously always
returned OK).
Request: https://reviews.freebsd.org/D48668; already committed in
contrib/ 96a241a359
* Change forms navigation key behavior for ENTER and TAB.
Request: https://bugs.freebsd.org/287592.
Refer to /usr/src/contrib/bsddialog/CHANGELOG to know more.
PR: 287592
Reported by: adrian
Sponsored by: The FreeBSD Foundation
Merge commit '653f765f05b8c7e3908ae92e9bf61522a50cefc9' into YYY
This version builds every module into the flua binary itself, since all
of the bootstrap tools are built -DNO_SHARED. As a result, we also
cannot dlsym(), so we can't really discover the names of our newly
builtin modules. Instead, just build out a linker set with all of our
luaopen_*() functions to register everything up-front.
Building in all of the modules isn't strictly necessary, but it means
that we have an example of how to add a bootstrap module everywhere you
go and one doesn't need to consider whether bootstrap flua can use a
module when writing scripts. On my build machine, the consequence on
our binary size is an increase from around 1.6M -> 1.9M, which isn't
really that bad.
.lua modules can install into their usual path below $WORLDTMP/legacy
and we'll pick them up automagically by way of the ctor that sets up
LUA_PATH early on.
This re-lands bootstrap module support with a more sensible subset, and
after having verified that it cross-builds fine on macOS and Linux -- we
cannot do libfreebsd on !FreeBSD because it's more system header
dependant. We also need to bootstrap libmd to bring in libhash, and
libucl + libyaml.
Reviewed by: bapt, emaste (both previous version)
Differential Revision: https://reviews.freebsd.org/D51890
This reverts commit 1953a12ee2, because it
cannot work at all on macOS without more work, at a minimum. We use
linker sets for module discovery, but we don't have a version of this
that works for mach-o at the moment.
This version builds every module into the flua binary itself, since all
of the bootstrap tools are built -DNO_SHARED. As a result, we also
cannot dlsym(), so we can't really discover the names of our newly
builtin modules. Instead, just build out a linker set with all of our
luaopen_*() functions to register everything up-front.
Building in all of the modules isn't strictly necessary, but it means
that we have an example of how to add a bootstrap module everywhere you
go and one doesn't need to consider whether bootstrap flua can use a
module when writing scripts. On my build machine, the consequence on
our binary size is an increase from around 1.6M -> 1.9M, which isn't
really that bad.
.lua modules can install into their usual path below $WORLDTMP/legacy
and we'll pick them up automagically by way of the ctor that sets up
LUA_PATH early on.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D51890
When an asterisk is encountered inside a C-style comment, we first check
if there is at least one more character left in the buffer, and if that
character is a slash, which would terminate the comment. If that is not
the case, the next two characters are consumed without being inspected.
If one of those is a double quote, or the initial asterisk of an
asterisk-slash pair, we end up misparsing the comment.
MFC after: 3 days
Reviewed by: kevans, bofh
Differential Revision: https://reviews.freebsd.org/D52808
This was previously deprecated and is slated for removal in 15.0.
Users who still need ftpd(8) can install the ftp/freebsd-ftpd port.
Retain the ftp(d) PAM services since other FTP daemons use them.
Update /etc/inetd.conf to point to /usr/local.
Add ftpd to ObsoleteFiles, but do not list configuration files since
users may want to preserve these to use with the freebsd-ftpd port.
There is still some language in the manual referring to ftpd(8)
which is relevant to the port, which has been retained but updated
to reference the port.
MFC after: 3 days
Relnotes: yes
Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D52739
Interesting changes:
+ mandoc db: Improve case sorting, found by our very own markj
+ history: Add macros for version 8 and 10 AT&T Unix
+ linter: Warn on blank lines in man(7) like mdoc(7)
+ manuals: Improve precision, man(7) syntax table, and roff(7) specifics
+ manuals: Fix PDF/PS footer regression detailed in our PR: 289786
PR: 289786
MFC after: 3 days
Upstream uses a set of flags that reduces to O_RDONLY | O_CLOEXEC when
you ignore flags that either don't exist in FreeBSD or have no effect.
We were using O_RDONLY | O_BINARY, which reduces to O_RDONLY. Add
O_CLOEXEC. Also replace O_RDONLY with the more accurate O_SEARCH when
opening TZDIR.
MFC after: 3 days
Fixes: 967a49a21a ("Update tzcode to 2025b")
This hasn't been needed in years and is a maintenance headache.
MFC after: 1 week
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D52694
Includes diff reduction to upstream version of this patch.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D39715
As of tzcode 2025a, if we are unable to load a time zone, we set tzname
to "-00" to indicate an error. This penalizes users who simply don't
set TZ or create /etc/localtime as a faster way of setting the time zone
to UTC (pointing /etc/localtime at /usr/share/zoneinfo/UTC forces us to
parse it every time for no real benefit). To rectify this, use "-00"
only if TZ was set or zoneinit() returned something else than ENOENT.
MFC after: 3 days
Fixes: 967a49a21a ("Update tzcode to 2025b")
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D52680
A new version of pfsync packet is introduced: 1500. This version solves
the issues with data alignment introduced in version 1400 and adds syncing
of information needed to sync states created by rules with af-to (original
interface, af and proto separate for wire and stack keys), of rt_af
needed for prefer-ipv6-nexthop, and of tag names.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52176
Apply part of LLVM commit 71315698c91d0cda054b903da0594ca6f072c350 to
silence the -Wnontrivial-memaccess warning that is triggered any time
this function is instantiated by user code. This fixes another
buildworld failure with Clang HEAD.
Original commit message:
[clang] Warn about memset/memcpy to NonTriviallyCopyable types (#111434)
This implements a warning that's similar to what GCC does in that
context: both memcpy and memset require their first and second operand
to be trivially copyable, let's warn if that's not the case.
Reviewed by: emaste, dim
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52534
Latest clang has become more strict in diagnosing deprecated decls, so
pull in LLVM commit 9feac2cbd0d80927ce9a8b4c3e810d2b81802d55.
Original commit message:
[libc++] Improve deprecated diagnostic guards.
Recent Clang-21 builds improved the deprecated diagnotics. This
uncovered missing guards in libc++ internally.
Reviewed by: dim
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52531
This was removed in upstream libc++ in commit
437ad06f762ab07d89badecdd20627db200b98d3, but as this does not apply
cleanly to the current repository, I am applying the equivalent change
in a minimally invasive way. This is needed to build with latest clang
HEAD as of today.
Reviewed by: dim
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52530
This pulls in LLVM commit accfbd4cb327411ad66c0109ba1841482b871967 to
avoid the use of __libcpp_is_trivially_relocatable.
This fixes building FreeBSD libc++ with clang HEAD as of today.
Original commit message:
[libc++] Replace __is_trivially_relocatable by is_trivially_copyable (#124970)
The __is_trivially_relocatable builtin has semantics that do not
correspond to any current or future notion of trivial relocation.
Furthermore, it currently leads to incorrect optimizations for some
types on supported compilers:
- Clang on Windows where types with non-trivial destructors get
incorrectly optimized
- AppleClang where types with non-trivial move constructors get
incorrectly optimized
Until there is an agreed upon and bugfree implementation of what it
means to be trivially relocatable, it is safer to simply use trivially
copyable instead. This doesn't leave a lot of types behind and is
definitely correct.
Reviewed by: dim
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52529
This update fixes a few bugs:
- Improper response to double SIGINT with editline.
- Not letting libedit handle terminal size changes.
- A dc crash from improperly handling an error.
- A duplicate check for reference arrays.
- Build failures with GCC 15.
Merge commit '682da5a0fdb2c38ecc3951047a882471d62aa1d1'