bsdinstall: Use libarchive secure flags for extract
This doesn't really matter, as we trust that the installer tarballs are
not malicious, but it doesn't hurt to set these flags.
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57274
snd_uaudio: Lock usbd_transfer_start() in uaudio_mixer_ctl_set()
This section would be previously locked by sound(4)'s mixer lock (see
e87654db5a09 ("snd_uaudio: Stop using mixer_get_lock()")), but
snd_uaudio(4) no longer uses it. This particular code path was missed
during testing, because my sound card does not reach it.
Fixes: 9a00e0b8ca56 ("snd_uaudio: Do not use snd_mixer->lock as mixer_lock")
Reported by: netchild
Tested by: netchild
Sponsored by: The FreeBSD Foundation
MFC after: 6 days
sys: add safe_read(9)
The MD function with MI interface to provide a way to read arbitrary
(canonical) KVA. amd64 only for now.
Reviewed by: markj
Tested by: aokblast
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D49566
tests: Fix reliability issues in POSIX ACL tests
The ACL tests use UIDs and GIDs 41 through 49 and expect them to be
unassigned. Since GID 43 is now assigned to the audio group, some
tests have begun to fail.
While here, also fix a benign Perl syntax issue in the test runner.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57297
pf: fix incorrect table decoding in netlink
We used nla_p_table for pfr_table structures, but this netlink decoder
was intended for pfioc_table and decoded an extra field, outside
of pfr_table. This allowed userspace to write (slightly) outside of
pfr_table.
Use a separate nlattr_parser for pfr_table.
PR: 295218
Reported by: Robert Morris <rtm at lcs.mit.edu>
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 64327f769cee0c26e1b81e6195a5092498b10403)
ping: fix test timestamp_origin when tstamprepl is disabled
The timestamp_origin test sends an ICMP Timestamp Request (ping -Mt) and parses
the tso/tsr fields out of the reply.
When the sysctl net.inet.icmp.tstamprepl is 0, the kernel silently drops the
request, ping receives no reply, and the sed extraction yields an empty $tso.
The test then fails inside atf_check test -n "$tso" with the unhelpful message
Approved by: maxim
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D57287
virtual_oss(8): Create loopback devices with GID_AUDIO
Make sure the user is part of the audio group to avoid unintended
snooping of loopback audio by unprivileged users.
While here, retire voss_dsp_perm, since we don't use the same value
everywhere now.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/26
(cherry picked from commit 5f904cb1b05c94453727abb606d6109fe504b10b)
rc: virtual_oss: Create a loopback device in the default configuration
The loopback device allows us to record desktop sound by reading from
it, or even use it as an input device, for example during a call.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/16
(cherry picked from commit 8532b4a436364d04d5c1feb7af5ecd4b5df71a9f)
lpd: Avoid buffer overflow when sending a job
When forwarding a print job to a remote server, we could overflow the
command buffer if a control or data file had a very long name.
MFC after: 1 week
Reported by: Joshua Rogers <joshua at joshua.hu>
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57184
(cherry picked from commit f2c7c5f94803b67a9a6af625d4fc8882d2afda6c)
lpd: Restore ability to specify a port number
This has been broken since IPv6 support was added in 2000. We would
validate the port number (which had to be a port number, but can now
also be a service name) and then ignore it.
MFC after: 1 week
Fixes: 08829865f659 ("IPv6 support for lpr.")
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57181
(cherry picked from commit c0cae7d8da50daa87af4cd6d7c9a2043343b506f)
lpr: Add deprecation notice
These programs require elevated privileges to work and have not seen
regular maintenance in decades. Unless someone steps up and overhauls
them, we will have to remove them before 16.0. Better-maintained
alternatives are available in ports (print/cups, sysutils/LPRng).
MFC after: 3 days
(cherry picked from commit d57dee7ab66f60537b557cb602be194e3eed253d)
lpd: Avoid buffer overflow when sending a job
When forwarding a print job to a remote server, we could overflow the
command buffer if a control or data file had a very long name.
MFC after: 1 week
Reported by: Joshua Rogers <joshua at joshua.hu>
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57184
(cherry picked from commit f2c7c5f94803b67a9a6af625d4fc8882d2afda6c)
lpd: Restore ability to specify a port number
This has been broken since IPv6 support was added in 2000. We would
validate the port number (which had to be a port number, but can now
also be a service name) and then ignore it.
MFC after: 1 week
Fixes: 08829865f659 ("IPv6 support for lpr.")
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57181
(cherry picked from commit c0cae7d8da50daa87af4cd6d7c9a2043343b506f)
ttymsg: Overhaul
* Instead of an error string, return the usual 0 or -1 and let the caller
figure out what, if anything, to tell the user.
* Avoid string manipulations by opening /dev first and using openat()
with O_RESOLVE_BENEATH.
* Add a boolean argument which, if false, causes ttymsg() to return
without sending the message if the tty's group-writable bit is not
set. This saves programs that respect this setting (like syslogd(8))
from having to check before calling ttymsg().
* Update all callers.
The observable effect of this change is minimal except for slightly
different error messages when ttymsg() fails. However, syslogd(8) will
no longer print spurious error messages on the console after trying and
failing to write a log message to an X11 session.
[7 lines not shown]
ttymsg: Overhaul
* Instead of an error string, return the usual 0 or -1 and let the caller
figure out what, if anything, to tell the user.
* Avoid string manipulations by opening /dev first and using openat()
with O_RESOLVE_BENEATH.
* Add a boolean argument which, if false, causes ttymsg() to return
without sending the message if the tty's group-writable bit is not
set. This saves programs that respect this setting (like syslogd(8))
from having to check before calling ttymsg().
* Update all callers.
The observable effect of this change is minimal except for slightly
different error messages when ttymsg() fails. However, syslogd(8) will
no longer print spurious error messages on the console after trying and
failing to write a log message to an X11 session.
[7 lines not shown]
