Mk/bsd.default-versions.mk: bump java default to 21
After an extensive time of testing OpenJDK 21 LTS is now the default
java version on FreeBSD.
Some major ports already used Java 21 and some olders ports are now
pinned to OpenJDK 8 or other versions.
For armv6/armv7 OpenJDK 11 is the latest version with support
for these platforms on FreeBSD.
Thanks to everybody involved in making Java a vivid environment on
FreeBSD.
PR: 272855
Relnotes: yes
lib/libnetbsd: bring in `__type_m{ax,in}*` macro family
These macros are used by some of the NetBSD tests which calculate the
size of types, e.g., `__type_max(time_t)`.
This wraps up the set of macros needed in order to update to the a
netbsd-tests snapshot from this past month.
Obtained from: https://github.com/netbsd/src (55b4b44)
MFC after: 1 week
style.mdoc: Add example manuals to FILES
This is the OG meat and potatoes.
MFC after: 3 days
Reviewed by: 0mp, carlavilla
Differential Revision: https://reviews.freebsd.org/D55301
Refinements to the output when the EXTERROR_VERBOSE environment is set
When kernel external errors are available they are included in the
err(3) library function messages. In addition to the extended error
itself, the kernel also tracks the kernel file and line number at
which the error was generated. This additional information is not
included in the err(3) messages unless the EXTERROR_VERBOSE environment
variable is present. Currently, when EXTERROR_VERBOSE is present,
all the internal extended error information associated with the
error is printed most of which is redundant with the formatted error
message printed by err(3). This change will add only the kernel
file and line number to the err(3) message when EXTERROR_VERBOSE
is present and set to "brief".
Sample output with bad protection bits to mmap:
guest_16 % ./Example bigfile
Example: mmap bigfile: Invalid argument (unknown PROT bits 0x8)
[12 lines not shown]
lpd: Add timeout option
Set a 120-second receive timeout on all client connections, and add a
command-line option to change that value.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D55400
lpd: Improve robustness
* Check for integer overflow when receiving file sizes.
* Check for buffer overflow when receiving file names, and fully
validate the names.
* Check for integer overflow when checking for available disk space.
* Check for I/O errors when sending status codes.
* Enforce one job per connection and one control file per job (see
code comments for additional details).
* Simplify readfile(), avoiding constructs vulnerable to integer
overflow.
* Don't delete files we didn't create.
[9 lines not shown]
security/py-unicode-show: New port: Detect and annotate suspicious Unicode characters in text or files
unicode-show is a utility that reads text input (from standard input
or files) and highlights suspicious Unicode characters, such as
those outside the safe ASCII range. This tool is useful for identifying
potentially malicious or misleading Unicode characters in source
code, logs, or user input.
WWW: https://www.kicksecure.com/wiki/Unicode-show
build: Move all of lp under LPR option
* Tag related directories with package=lp
* Make the examples/printing directory conditional on MK_LPR
* Make the hosts.lpd(5) manual page conditional on MK_LPR
MFC after: 3 days
(cherry picked from commit d4f6cb75424950ee776833ebc6b57855c094a610)
lpr: Add deprecation notice
These programs require elevated privileges to work and have not seen
regular maintenance in decades. Unless someone steps up and overhauls
them, we will have to remove them before 16.0. Better-maintained
alternatives are available in ports (print/cups, sysutils/LPRng).
MFC after: 3 days
(cherry picked from commit d57dee7ab66f60537b557cb602be194e3eed253d)
libfetch: Gracefully skip unsupported protocols
If socket() fails because the address family or protocol is unsupported,
just continue with the next address.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55407
(cherry picked from commit b5d570e711da1dad303312bebaf1bd2fb720f0dc)
libfetch: Fail hard if interrupted while connecting
This fixes an issue where the first address that DNS returns is blocked
by a packet filter, so we hang for a while, then the user hits Ctrl-C,
interrupting connect(2), whereupon we move on to the next address, get
a connection, request the file, and return to fetch(1), which sees that
SIGINT was caught and bails.
Note that we make no attempt to enforce fetchTimeout in the connection
phase, and never have. It's feasible, but non-trivial, so we'll leave
it as an exercise for future us.
PR: 293312
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55406
(cherry picked from commit afbdcd402bb439bd3d487baaad63b68e95929265)
libfetch: Clean up fetch_info usage
* Provide a wrapper for the common if (verbose) fetch_info(...) idiom.
* Replace remaining instances of fprintf(stderr, ...) with fetch_info().
* Fix a few style nits.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55405
(cherry picked from commit 1b7c4d29fdfc975facdc43f6da50947cf3bb8e4a)
m4: Fix eval output width
According to POSIX, the optional third argument is the minimum number
of digits to print regardless of sign. We interpreted it as the minimum
width of the output including the sign. Additionally, the variable used
to hold this value was confusingly named “maxdigits”.
PR: 293214
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55311
(cherry picked from commit 507c611aeac7ca9aed12353b1044bb21ab00afae)
libfetch: Gracefully skip unsupported protocols
If socket() fails because the address family or protocol is unsupported,
just continue with the next address.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55407
(cherry picked from commit b5d570e711da1dad303312bebaf1bd2fb720f0dc)
libfetch: Fail hard if interrupted while connecting
This fixes an issue where the first address that DNS returns is blocked
by a packet filter, so we hang for a while, then the user hits Ctrl-C,
interrupting connect(2), whereupon we move on to the next address, get
a connection, request the file, and return to fetch(1), which sees that
SIGINT was caught and bails.
Note that we make no attempt to enforce fetchTimeout in the connection
phase, and never have. It's feasible, but non-trivial, so we'll leave
it as an exercise for future us.
PR: 293312
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55406
(cherry picked from commit afbdcd402bb439bd3d487baaad63b68e95929265)
libfetch: Clean up fetch_info usage
* Provide a wrapper for the common if (verbose) fetch_info(...) idiom.
* Replace remaining instances of fprintf(stderr, ...) with fetch_info().
* Fix a few style nits.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55405
(cherry picked from commit 1b7c4d29fdfc975facdc43f6da50947cf3bb8e4a)
m4: Fix eval output width
According to POSIX, the optional third argument is the minimum number
of digits to print regardless of sign. We interpreted it as the minimum
width of the output including the sign. Additionally, the variable used
to hold this value was confusingly named “maxdigits”.
PR: 293214
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55311
(cherry picked from commit 507c611aeac7ca9aed12353b1044bb21ab00afae)
libfetch: Clean up fetch_info usage
* Provide a wrapper for the common if (verbose) fetch_info(...) idiom.
* Replace remaining instances of fprintf(stderr, ...) with fetch_info().
* Fix a few style nits.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55405
(cherry picked from commit 1b7c4d29fdfc975facdc43f6da50947cf3bb8e4a)
libfetch: Fail hard if interrupted while connecting
This fixes an issue where the first address that DNS returns is blocked
by a packet filter, so we hang for a while, then the user hits Ctrl-C,
interrupting connect(2), whereupon we move on to the next address, get
a connection, request the file, and return to fetch(1), which sees that
SIGINT was caught and bails.
Note that we make no attempt to enforce fetchTimeout in the connection
phase, and never have. It's feasible, but non-trivial, so we'll leave
it as an exercise for future us.
PR: 293312
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55406
(cherry picked from commit afbdcd402bb439bd3d487baaad63b68e95929265)
m4: Fix eval output width
According to POSIX, the optional third argument is the minimum number
of digits to print regardless of sign. We interpreted it as the minimum
width of the output including the sign. Additionally, the variable used
to hold this value was confusingly named “maxdigits”.
PR: 293214
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55311
(cherry picked from commit 507c611aeac7ca9aed12353b1044bb21ab00afae)
libfetch: Gracefully skip unsupported protocols
If socket() fails because the address family or protocol is unsupported,
just continue with the next address.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55407
(cherry picked from commit b5d570e711da1dad303312bebaf1bd2fb720f0dc)
mwl: migrate to new net80211 encryption key API
Migrate to the new encryption key API rather than poking at the
key struct directly.
Notably this driver was very clear about its expectation the net80211
key layout w/ key, TX MIC and RX MIC matches the firmware layout
and just memcpy()'ed it. That has been refactored.
Differential Revision: https://reviews.freebsd.org/D54484
wpi: migrate to new net80211 encryption key API
Migrate to the new encryption key API rather than poking at the
key struct directly.
Differential Revision: https://reviews.freebsd.org/D54482
iwi: migrate to new net80211 encryption key API
Migrate to the new encryption key API rather than poking at the
key struct directly.
Differential Revision: https://reviews.freebsd.org/D54481