macOS, like Linux, does not include an outer const qualifier for its
fts_open callback arguments, so -Wincompatible-function-pointer-types
also picks this up and breaks the build now Clang 16 makes it an error
by default. Extend the existing Linux support to fix this.
MFC after: 1 week
(cherry picked from commit 75464941dc)
Most importantly:
* Make local variables local.
* Use `$()` instead of backticks.
* Avoid unsafe use of `-a` and `-o` operators in `test` expressions.
* Remove a hack intended to ease the transition from Perl 22 years ago.
MFC after: 1 week
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D44863
(cherry picked from commit 170d088290)
adduser: A few more improvements.
MFC after: 1 week
Reviewed by: jrm
Differential Revision: https://reviews.freebsd.org/D44871
(cherry picked from commit b37333899b)
adduser: Fix a syntax error
Reported by: Jose Luis Duran <jlduran@gmail.com>
Fixes: b37333899b
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44871
(cherry picked from commit 5cafc38f11)
adduser: Really fix a syntax error
Fixes: 5cafc38f11
Differential Revision: https://reviews.freebsd.org/D44871
(cherry picked from commit 9e8618276f)
On systems utilizing ZFS, default to creating a ZFS dataset for a new
user's home directory if the parent directory resides on a ZFS dataset.
Add a flag that disables this behavior if the administrator explicitly
does not want it.
If run during installation from within a chroot, set mountpoint to legacy
after dataset creation and mount directly into the chroot. Then umount
and reset the mountpoint to inherit from parent.
Also support ZFS default encryption on user's home directory.
Feedback by: delphij
Reviewed by: imp, kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/881
(cherry picked from commit 215c0a5158)
Previously, freebsd-update provided ready-to-go commands for copying and
pasting into the terminal. This causes problems as soon as options are
used and not supplied again by the user, e.g., '-b' or '-d'.
Stop making them copiable and force the user to construct a valid command
line by himself to avoid failures.
PR: 276102
Approved by: jrm (mentor), emaste
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D43700
If we're doing restarts, then we must supervise -- the 'R' case simply
got missed.
PR: 278342
Fixes: f907027b49 ("daemon: set supervise_enabled during [..]")
(cherry picked from commit bbc6e6c5ec)
If a string is at or near the end of an input file and the amount of
remaining data in the file is smaller than the maximum string size,
the pread(2) system call would return a short read which is treated as
an error. Instead, add a new helper function for reading a string
which permits short reads so long as the data read from the file
contains a terminated string.
Reported by: jrtc27
Reviewed by: jrtc27
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D44419
(cherry picked from commit 785600d0fb)
The change in 33bd05c318 was incomplete
because it did not mark "cron" as ISFETCHED=1 although it performs the
same operations as "install", but less output and does not perform a
hard exit. Mark result as such and make "install" know that updates have
been fetched.
PR: 277699
Approved by: jrm (mentor), emaste, cperciva
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D44356
For NFSv4.2, a Copy operation can take a long time to complete.
If there is a concurrent ExchangeID or DelegReturn operation
which requires the exclusive lock on all NFSv4 state, this can
result in a stall of the nfsd server.
This patch documents ways to avoid this problem.
This is a content change.
(cherry picked from commit 8f13abb4fd)
newfs always sets sectorsize to DEV_BSIZE (512) and derives some other
values based on the number of 512-byte sectors per real sector. Similar
logic is required in makefs. Until that happens, emit a warning that
the image may be incorrect.
PR: 276571
(cherry picked from commit 176b9e0d72)
(cherry picked from commit 8e40217819)
In modes -p or -s, add an option -l to start each line
with a device name separated with a tab. Update the manual page.
Add an example to list names with corresponding serial numbers:
diskinfo -ls /dev/da?
(cherry picked from commit e333110d1d)
crunchgen generates a foo.lo for each binary it will end up crunching
into the final product. While they have a dependency on the libs that
are used to link them, nothing will force relinking if the set of libs
needed to link them is changed. Because of this, incremental builds may
not be possible if one builds a version of, e.g., rescue/ with a broken
set of libs specified for a project -- a subsequent fix won't be rolled
in cleanly, it will require purging the rescue/ objdir.
This is a bit crude, but the foo.mk we generate doesn't actually get
regenerated all that often in practice, so a spurious relink for the
vast majority of crunched objects won't actually happen all that often.
Reviewed by: bapt, emaste, imp
(cherry picked from commit 6e2cfb24ee)
I observed the problem on a system with fairly old and, apparently,
buggy EFI implementation. A list of boot devices had an invalid
trailing entry. efidp_size() for that entry returned zero, which means
that the code got stuck looping on that entry.
(cherry picked from commit bf87d4a4bf)
Merge vendor sendmail 8.18.1 into HEAD
(cherry picked from commit d39bd2c138)
Add new source file for sendmail 8.18.1
(cherry picked from commit 19d4fb85bf)
New sendmail 8.18.1 cf file
(cherry picked from commit 1b6a5580c1)
Minor change to update these files so new freebsd*.cf files are
generated
(cherry picked from commit 2c191ba6b0)
Belatedly update version and date for sendmail 8.18.1 upgrade
(cherry picked from commit 31fbc98c94)
Add a note about sendmail 8.18.1's stricter SMTP protocol enforcement
(akin to commit 21c1f1deb6 in main)
Update import date for stable/14
Relnotes: Yes
Security: CVE-2023-51765
mpsutil doesn't use libutil, so doesn't need to include libutil.h. See
commit 76103694a0.
No functional change intended.
MFC after: 1 week
(cherry picked from commit d56ce5915c)
Make, by default, daily diff(1) ignore whitespace changes and the unified output
a context of zero (0) lines. This reduces output of unrelated lines in e-mails
delivered to root.
PR: 270266
Approved by: jrm (mentor), karels
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D42762
(cherry picked from commit e2f6bafc38)
Make, by default, security diff(1) produce a unified output with a context of
zero (0) lines. This reduces output of unrelated lines in e-mails delivered
to root.
PR: 270266
Approved by: jrm (mentor), karels
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D43071
(cherry picked from commit 3aa71ea7c2)
Add a NVMe Qualified Name (NQN) to the Controller Data structure using
the "first format" (i.e., "... used by any organization that owns a
domain name" Section 7.9 NVM-Express 1.4c 2021.06.28 Ratified).
This avoids a Linux kernel warning about a missing or invalid NQN.
(cherry picked from commit 32557d16e2)
The USB3 spec mandates that the device-descriptor max packet size
be 512 bytes, which requires a field size of 9 since it is a
power-of-2.
Linux kernels recently started validating this field, resulting in
the table not being probed and the cursor not working in bhyve VNC.
PR: 275760
(cherry picked from commit 0c243cd4a3)
The modern zcat(1) is capable of handling compressed and uncompressed
text files, so we can simply use zcat command.
PR: 253168
Reviewed by: delphij
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D43357
(cherry picked from commit 1fa4ddcc6d)
The situation is improved now that we're running in a sandbox, but there
is still some host machine access that could be concerning depending on
the context. These concerns may be somewhat mitigated by the fact that
the host machine usually provides the loader binary, even when the guest
image is providing the loader scripts -- they only bring the lua
scripts, and they have to be able to execute arbitrary syscalls rather
than the interfaces provided by libsa(3).
Reviewed by: jhb, markj
(cherry picked from commit 5df041c4bb)
In the case of hostbase_fd, this is infact a bug fix; we have a seek
callback that the host: filesystem may use in loader, and we really
don't have a good excuse to break it.
bootfd-derived fds will only be used with fdlopen(3) and rtld doesn't
seem to need pread / lseek at all for it today, but there's no reason to
break if it finds a good reason to later.
Suggested by: markj
(cherry picked from commit cef5e56f3f)
Previously we used a mix of perror(3) + exit(3) and err(3); standardize
on the latter instead. This does remove one free() in an error path,
because we're decidedly leaking a lot more than just the loader name
there (loader handle, vcpu, vmctx...) anyways.
Reviewed by: markj
(cherry picked from commit a4a838a31a)
userboot has a EXIT_REBOOT code that it uses when the 'reboot' loader
command is executed. Use that and longjmp back to reinit the VM
entirely with a reboot request. This fixes the 'reboot' option in the
loader menu to actually reboot rather than shutdown the VM.
The JMP_* constants are introduced to keep track of why we're doing a
longjmp, though they aren't currently used. We'll notably still do a
complete reload of the interpreter to give the rebooted VM that new
loader smell. It just seemed forward thinking to just keep track of the
different setjmp points.
While we're here, we don't actually need to keep the fd we passed to
fdlopen(3), so let's avoid leaking it.
Reviewed by: markj
(cherry picked from commit 24cd5c26fe)
In neither case do we need write access to the directories we're working
with; userboot doesn't support fo_write on the host device, and the
bootfd is only ever needed for loader loading.
This improves on 8bf0882e18 ("bhyveload: enter capability mode [...]")
so that arbitrary code in the loader can't open writable fds to either
of the directories we need to maintain access to.
Reviewed by: imp
(cherry picked from commit c067be72e8)
(cherry picked from commit f9b17005bf)
The next change will push bhyveload into capability mode right after we
allocate vcpu state, before we've setup or entered the loader, to limit
the surface area that a rogue loader script can touch.
With an explicit -l loader, we don't need to preopen /boot because
changing interpreters isn't allowed. We'll just dlopen() entirely in
advance in that case to eliminate some complexity.
Reviewed by: allanjude (earlier version), markj
(cherry picked from commit bf7c4fcbbb)
(cherry picked from commit 67082f077f)
* Don't segfault when parsing a misformatted auth-group section
* If the config file specifies a chap section within a target but no
auth-group, create a new anonymous auth-group. That matches the
behavior with non-UCL config files.
* Protect some potential segfaults with assertions
PR: 274380
Sponsored by: Axcient
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D43198
(cherry picked from commit 2391e536c0)
Existing powerpc kernels include additional sections beyond .dynamic
in the PT_DYNAMIC segment. Relax the requirement for an exact size
match of the section and segment for PowerPC files as a workaround.
Reported by: jrtc27
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43123
(cherry picked from commit 6631e2f9b4)