BSD Commit Log Search

setcred(): Remove an optimization for when cr_groups[0] was the egid

Because setcred() has (always) treated the effective GID separately from
the supplementary groups, when cr_groups[0] was storing the effective
GID, it internally needed to build an array containing both the
effective GID and the specified supplementary groups to eventually call
crsetgroups_internal().

As kern_setcred() was only used to actually implement
user_setcred()/sys_setcred(), which need to allocate a buffer to copy in
the userland groups array into, some optimization was put in place where
these would allocate an array with one more element than
'wc_supp_groups', copyin() the latter into the subarray starting at
index 1 and pass the pointer to the whole array to kern_setcred() in
'preallocated_groups'.  This would allow kern_setcred() not to have to
allocate memory again to make room for the additional effective GID.

Since commit be1f7435ef21 ("kern: start tracking cr_gid outside of
cr_groups[]"), crsetgroups_internal() only takes supplementary groups,

    [8 lines not shown]

mdo(1): Avoid calling getgroups() in some unnecessary cases

If the basis for supplementary groups are the current ones, we do not
need to fetch them when they are to be replaced entirely (which we
already have been doing), as in the '!start_from_current_groups' case,
but specifically also when they are not going to be touched at all.

This change in passing makes the modified code block's comment saying
that SETCREDF_SUPP_GROUPS need not be set here correct.

MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53771

ipfw: fix lookup dst-ip opcode

Opcode handling should not fall through to the LOOKUP_DSCP type.

Reviewed by:    melifaro
Obtained from:  Yandex LLC
Differential Revision:  https://reviews.freebsd.org/D53775

(cherry picked from commit 8012c61bef3bb19a48d8459b38b65e27d46c186c)

handbooks: Add Accessibility Handbook

The Accessibility Handbook describes the assistive technologies
available in the base system and in the Ports Collection.
Currently, it covers features useful for visual impairments.

Reviewed by:            pauamma_gundo.com
Approved by:            carlavilla
Sponsored by:           The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D50894

website: add translation of missing pages

Reviewed by: andy
Differential Revision: https://reviews.freebsd.org/D53794

update macOS 10.15.x

www/firefox: update to 145.0.2 (rc1)

(cherry picked from commit df3bd1e3c5f65f1b224f77a8433d7249932dbf4a)

www/firefox: update to 145.0.2 (rc1)

lang/rust-nightly: update 1.93.0.20251109 → 1.93.0.20251123

Approved by:    rust (implicit)

irdma(4): fix potential memory leak on qhash cqp operation

It was found that in some circumstances when launching
non-waiting create qhash cqp operation the refcount on
the cqp_request may be not properly decremented leading to a memory
leak.

Signed-off-by: Bartosz Sobczak <bartosz.sobczak at intel.com>

Reviewed by:    anzhu_netapp.com
Tested by:      mateusz.moga_intel.com
Approved by:    kbowling (mentor)
MFC after:      1 week
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D53732

cxgbe: Fix the RSS build

When "options RSS" is configured, opt_rss.h defines the "RSS" token.

PR:     291068
Fixes:  17b4a0acfaf5 ("cxgbe(4): T7 related updates to shared code")

misc/claude-code: update 2.0.42 → 2.0.50

devel/cargo-deny: update 0.18.5 → 0.18.6

net/mvfst: update 2025.11.17.00 → 2025.11.24.00

net/fb303: update 2025.11.17.00 → 2025.11.24.00

www/proxygen: update 2025.11.17.00 → 2025.11.24.00

devel/folly: update 2025.11.17.00 → 2025.11.24.00

devel/fatal: update 2025.11.17.00 → 2025.11.24.00

math/lean4: update 4.23.0 → 4.25.1

devel/fbthrift: update 2025.11.17.00 → 2025.11.24.00

net/wangle: update 2025.11.17.00 → 2025.11.24.00

security/fizz: update 2025.11.17.00 → 2025.11.24.00

devel/gitleaks: update 8.29.0 → 8.29.1

vm_object_page_remove(): clear pager even if there is no resident pages

Swap pager might still carry the data.

Debugging help from:    mmel
Reviewed by:    alc
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D53891

[phb][Uses]: Add Uses=sudo

15.0: Update to RC4

This will hopefully be the final RC build before the release.

Approved by:    re (implicit)

inotify: Work around the vput() bug directly

For 15.0, apply a minimal fix which at least ensures that inotify can't
trigger the latent race described in commit 99cb3dca4773 ("vnode: Rework
vput() to avoid holding the vnode lock after decrementing").

Approved by:    re (cperciva)
Reviewed by:    olce, kib
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53774

(cherry picked from commit ebc17879f0885ca87644980f6275b9759b311eb3)
(cherry picked from commit 1f6e3abf41718e8e4a309be122f0a6048e9c5772)

devel/lfcbase: 1.22.3 -> 1.22.4, databases/cego: 2.52.43 -> 2.52.44

- Warning elimination for G++ based compiles

multimedia/vlc: fix build with ffmpeg8

Incorporate patches to fix build with ffmpeg 7 and 8

PR:             289056
Obtained from:  Linux From Scatch

nvme: Fix some comments

Tweak a couple of comments and fix a spelling error.

Sponsored by:           Netflix