nuageinit: fix command injection and related issues
- Add shell_escape() helper to safely escape shell arguments
- Apply shell_escape to all user-controlled values in shell commands:
adduser (usershow, useradd, lock, primary_group, groups)
addgroup (groupshow, groupadd, members)
exec_change_password (usermod)
settimezone (tzsetup root and timezone)
install_package (pkg package names)
- Escape double quotes in hostname when writing rc.conf.d/hostname
- Add missing 'local' declaration for resolvconf_command in nameservers()
- Escape interface name in resolvconf -a command
- Change open_resolvconf_conf() from 'w' to 'a' mode to prevent
data loss when nameservers() is called multiple times
- Clean up stale resolvconf.conf at the start of each boot
(skip on postnet to preserve config written by first call)
MFC After: 1 day
ipfw: fix IPv6 flow label matching
* do not require just only ip6 proto for flow-id opcode in ipfw(8).
ipv6-icmp, tcp, udp should be fine too.
* fix off-by-one bug leading to out-of-bounds read.
* apply IPV6_FLOWLABEL_MASK before comparison in flow6id_match(),
so flow-id opcode will match a specified flow label. No need to
take protocol version and traffic class into account.
* add the test to verify that opcode is working correctly.
Reviewed by: pouria
Obtained from: Yandex LLC
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56869
fsck_msdosfs: fix FAT header correction not persisting in cache mode
When fsck_msdosfs runs with FAT32 cache mode (used for large
filesystems that cannot be mmap'd), a detected FAT header correction
was written into the in-memory buffer but the corresponding cache
entry (fat32_cache_allentries[0]) was never marked dirty. As a
result, fat_flush_fat32_cache_entry() skipped it, the corrected
bytes were never written to disk, and copyfat() propagated the
uncorrected on-disk data to all backup FAT copies. Every subsequent
fsck run would repeat the same "FAT starts with odd byte sequence /
FIXED" cycle indefinitely.
Fix by marking fat32_cache_allentries[0].dirty = true after applying
the in-memory correction, ensuring the chunk is flushed before
copyfat() runs.
Obtained from: https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/4047981
(cherry picked from commit 10e342c1ec78af5a0b97739c806b16a632118fa5)
fsck_msdosfs: fix FAT header correction not persisting in cache mode
When fsck_msdosfs runs with FAT32 cache mode (used for large
filesystems that cannot be mmap'd), a detected FAT header correction
was written into the in-memory buffer but the corresponding cache
entry (fat32_cache_allentries[0]) was never marked dirty. As a
result, fat_flush_fat32_cache_entry() skipped it, the corrected
bytes were never written to disk, and copyfat() propagated the
uncorrected on-disk data to all backup FAT copies. Every subsequent
fsck run would repeat the same "FAT starts with odd byte sequence /
FIXED" cycle indefinitely.
Fix by marking fat32_cache_allentries[0].dirty = true after applying
the in-memory correction, ensuring the chunk is flushed before
copyfat() runs.
Obtained from: https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/4047981
(cherry picked from commit 10e342c1ec78af5a0b97739c806b16a632118fa5)
spkr.4: Reflect latest changes and add history
- speaker(4) was recently modernized to lock the driver per-playback
instead of per-open. Update the man page to explain this change.
- added a reference to MML and SMX in the historical context to make
it easier for users to find additional documentation online.
Signed-off-by: Raphael Poss <knz at thaumogen.net>
Reviewed by: ziaee
Closes: https://github.com/freebsd/freebsd-src/pull/2183
if_media: Claim 10BASE-T1S and 10BASE-T1L constants
These are two single-pair Ethernet (SPE) variants that run at 10 Mbps.
10BASE-T1S has automotive origins and supports multiple nodes on up to
25m of cable. 10BASE-T1L is intended for building and industrial
automation and supports long-distance point to point links of over 1km.
Reviewed by: kbowling
Differential Revision: https://reviews.freebsd.org/D56952
power: Rename sleep types
Make sleep type names clearer and more consistent, and allow space for
something like "os_hibernate" once that gets added to FreeBSD.
Reviewed by: jaeyoon, olce, markj
Approved by: jaeyoon, olce, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56920
rge: add the Intel Killer E5000 PCI ID
This and the E3000 are both handled by the r8169 driver in Linux, and
reportedly this is infact just a straight re-brand of the RTL8126.
Tested by: "Sinetek" on Discord
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D56917
libregex: fix our mapping for \w
A small oversight in our implementation of \w is that it's actually
not strictly [[:alnum:]]. According to the GNU documentation, it's
actually [[:alnum:]] + underscore. The fix is rather trivial: just add
it to our set explicitly, and amend our test set to be sure that _ is
actually included.
PR: 287396
(cherry picked from commit d0ff5773cefaf3fa41b1be3e44ca35bd9d5f68ee)
mana: support jumbo packet size
Remove the restriction of up to 4k packet size. Now the driver
supports up to MJUM16BYTES size packets as long as hardware
supporting it.
Tested on VMs in Azure.
Tested by: whu
MFC after: 1 week
Sponsored by: Microsoft
(cherry picked from commit d0a2bd2765b365c4be9b17c29306f848953e55a5)
Hyper-V: hn: just call vf's ioctl when changing mtu
When changing mtu, if a vf is attached to the netvsc interface, just
calling its ioctl to change vf's mtu is good enough.
Tested by: whu
MFC after: 3 days
Sponsored by: Microsoft
(cherry picked from commit 44f656641c238cb3db31026f3e3bef36cd5231a8)
linux: address executable stack warnings
Mark assembly files as not requiring executable stacks.
This still leaves linux32_vdso.so without a .note.GNU-stack section in
the gcc build for now.
Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D56894
if_geneve: Fix uninitialized variable use in geneve_udp_input()
Set the ifp variable as soon as soft_c becomes available
so that interface statistics can be incremented.
PR: 295129
Reported by: Robert Morris <rtm at lcs.mit.edu>
Fixes: e44d2e941e8e ("if_geneve: Add Support for Geneve ...")
sys/cdefs.h: move __BEGIN_DECLS/__END_DECLS into a helper sys/_decls.h
There are situations where nothing from sys/cdefs.h is needed except for
the declaration braces. More, the other facilities from sys/cdefs.h
might unnecessarly pollute the namespace.
Reviewed by: markj, imp
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56889
vop_read_pgcache_post(): report inotify IN_ACCESS same as for vop_read_post()
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56611
vnode: add VIRF_KNOTE flag
to indicate non-empty vnode knote list. Use it instead of
VN_KNLIST_EMPTY() and guard note activations with it.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56611
sys/vnode.h: remove stale comment
The source sweep is not going to happen.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56611
[libm] implementation of rsqrt, rsqrtf, and rsqrtl
From the PR:
The attached diff implements the inverse square root function, i.e,
rsqrt(x) = 1 / sqrt(x). Exhaustive testing of the float version
suggests that it is correctly rounded in round-to-nearest for all
test values in the range [0x1p-127,0x1p126].
Exhaustive testing of rsqrt and rsqrtl cannot be done, but 1100M
values of x for rsqrt and 400M values for rsqrtl were tested. All
tested values were correctly rounded.
I do not have access to LD128 (i.e., IEEE 128-bit floating point)
hardware, so the implementation of rsqrtl() is untested.
The following is a summary of changes to source code.
* lib/msun/Makefile:
. Add s_rsqrt.c and s_rsqrtf.c to COMMON_SRCS.
. For non-53-bit long double targets, add s_rsqrtl.c to COMMON_SRCS.
[31 lines not shown]
Add O_SYMLINK emulation
for MacOSX partial compatibility, defined as O_PATH | O_NOFOLLOW.
fstat(2) and freadlink(3) works on the resulting file descriptors,
but reads on the regular file do not.
More complete but more hackish version was developed but deemed too
hackish.
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D56365
