krb5: Fix -Wint-conversion when bootstrapping on GNU/Linux
This shows up in GitHub Actions as a warning, and some compilers can
default to it being an error.
pf: fix 'no rdr'
Ensure we always have a non-NULL rule pointer (ctx.rm).
It might have gotten set to NULL by pf_get_translation().
While here also restore the previous rdr behaviour be re-adding the incorrectly
removed 'break' in pf_match_translation_rule.
PR: 290177
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D53191
(cherry picked from commit cb36bfee25b71d1223b8fb1237fcf823d514b50e)
src.conf.5: Regen
after recent MFCs:
9d0b660e6949 ("jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION")
ac5378d93ce0 ("Add build option for the ia32 loader")
Sponsored by: The FreeBSD Foundation
random: garbage collect the RANDOM_PURE_OCTEON entropy source
It was used for Octeon MIPS and all producers have been removed
from the source tree.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D53146
Revert "release: Switch back to latest packages for now"
We now have 15.x quarterly package sets for both amd64 and arm64.
This reverts commit dc5aae134a44d18921e179355e9b93a7eff534ed.
Approved by: re (cperciva)
vmimage.subr: Fix when/where we fix up METALOG
We only need to check for unMETALOGed directories and sort the METALOG
file if we're using it, i.e. if we're doing a NO_ROOT build. This
non-NO_ROOT builds by no longer bogusly writing to /METALOG*.
We only need to add databases (spwd.db etc) to METALOG if we're doing
a pkgbase-enabled NO_ROOT build; but we should always do this before
creating the filesystem, not only if we installed extra packages (in
vm_extra_install_packages, where that code was erroneously placed).
This fixes non-cloud VM images, which in 15.0-BETA2 shipped without
password databases.
Approved by: re (cperciva)
Reviewed by: ivy
MFC after: 3 days
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D53194
[2 lines not shown]
bsdinstall: jail: Fix DISTMENU items
The menu was incorrectly using the fourth column (distname) instead of
the first (dist) of the MANIFEST.
The actual file name is on the first column of the MANIFEST file.
Remove the .txz part of the name to build the menu options.
Reviewed by: jamie
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D53177
release: Add pkg .conf to METALOG on dvd
We're correctly recording all of the packages in the dvd METALOG file,
but if we don't record ./packages/repos/FreeBSD_install_cdrom.conf then
users won't be able to install them very easily.
Reviewed by: markj
Reported by: Lars Tunkrans
MFC after: 3 days
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D53199
(cherry picked from commit 2b5c62494df95cdb844b5f6f852412f2178f66dd)
Fix getmntpoint(3) to operate as it is documented in its manual page.
The -libutil function getmntpoint(3) is documented as accepting a device
name “with or without /dev/ prepended to it” but did not attempt to
prepend /dev/. This patch corrects the problem by prepending /dev/ to
names that do not begin with a '/'.
Reported-by: Dag-Erling Smørgrav
Differential Revision: https://reviews.freebsd.org/D53185
MFC-after: 1 week
Sponsored-by: Netflix
libc: Add "Z" as TZ designator for strptime.
ISO 8601 allows use of "Z" as the time zone designator. Update the
strptime parser to allow this usage.
While we are at it, update the manpage to reflect that both UTC and Z
are now valid options.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D53083
(cherry picked from commit 79e57ea662d92ffcbe7d65854a284aefac6a332d)
libc: Add "Z" as TZ designator for strptime.
ISO 8601 allows use of "Z" as the time zone designator. Update the
strptime parser to allow this usage.
While we are at it, update the manpage to reflect that both UTC and Z
are now valid options.
Reviewed by: des
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53083
(cherry picked from commit 79e57ea662d92ffcbe7d65854a284aefac6a332d)
libc: Add "Z" as TZ designator for strptime.
ISO 8601 allows use of "Z" as the time zone designator. Update the
strptime parser to allow this usage.
While we are at it, update the manpage to reflect that both UTC and Z
are now valid options.
Reviewed by: des
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53083
(cherry picked from commit 79e57ea662d92ffcbe7d65854a284aefac6a332d)
mtree: Remove stray atm directory
ATM support for netgraph was removed in af0cc0b22362 ("NgATM: Remove
netgraph ATM support")
Remove the directory from the mtree specification.
Reviewed by: emaste
Fixes: 21735dfaebdf ("include: Remove no longer existing netgraph/atm")
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D53260
moused: fix GCC build
error: 'static' is not at beginning of declaration [-Werror=old-style-declaration]
(cherry picked from commit 54cc3da443da7e4a8a483d1fe46071382ff06ed0)
vfs_cluster.c: Do not propagate VOP_BMAP errors to the caller
The code that makes this VOP_BMAP call tries to perform a read-ahead I/O
operation. Failing to do that for any reason isn't fatal for `cluster_read()`,
because we still can return some data to the caller. This change is consistent
with other places within `cluster_read()`, where error returned by VOP_BMAP is
not returned to the caller - see the `if (nblks > 1)` block above the changed
lines and `if (reqbp)` at the end of the function.
PR: 264196
Approved by: markj, kib
Differential Revision: https://reviews.freebsd.org/D51254
inpcb: Ignore SO_REUSEPORT_LB on connected sockets
While TCP disallows connect()ing a socket with SO_REUSEPORT_LB, UDP does
not. As a result, a connected UDP socket can be placed in the lbgroup
hash and thus receive datagrams from sources other than the connected
host.
Reported by: Amit Klein <amit.klein at mail.huji.ac.il>
Reported by: Omer Ben Simhon <omer.bensimhon at mail.huji.ac.il>
Reviewed by: glebius
Approved by: so
Security: FreeBSD-SA-25:09.netinet
Security: CVE-2025-24934
(cherry picked from commit 320ad3dec5ff1b37f6907a47961c18b9d77e6a53)
(cherry picked from commit df888c8f41f633be3aacecdd357ebaad62aa11bd)
inpcb: Ignore SO_REUSEPORT_LB on connected sockets
While TCP disallows connect()ing a socket with SO_REUSEPORT_LB, UDP does
not. As a result, a connected UDP socket can be placed in the lbgroup
hash and thus receive datagrams from sources other than the connected
host.
Reported by: Amit Klein <amit.klein at mail.huji.ac.il>
Reported by: Omer Ben Simhon <omer.bensimhon at mail.huji.ac.il>
Reviewed by: glebius
Approved by: so
Security: FreeBSD-SA-25:09.netinet
Security: CVE-2025-24934
(cherry picked from commit 320ad3dec5ff1b37f6907a47961c18b9d77e6a53)
(cherry picked from commit e276759b368701a49e543c45d5d6ea08ed4fbc38)
inpcb: Ignore SO_REUSEPORT_LB on connected sockets
While TCP disallows connect()ing a socket with SO_REUSEPORT_LB, UDP does
not. As a result, a connected UDP socket can be placed in the lbgroup
hash and thus receive datagrams from sources other than the connected
host.
Reported by: Amit Klein <amit.klein at mail.huji.ac.il>
Reported by: Omer Ben Simhon <omer.bensimhon at mail.huji.ac.il>
Reviewed by: glebius
Approved by: so
Approved by: re (cperciva)
Security: FreeBSD-SA-25:09.netinet
Security: CVE-2025-24934
(cherry picked from commit 320ad3dec5ff1b37f6907a47961c18b9d77e6a53)
(cherry picked from commit ef159100ec2b73c22caccc00555bae4c3cbc0ea1)
inpcb: Ignore SO_REUSEPORT_LB on connected sockets
While TCP disallows connect()ing a socket with SO_REUSEPORT_LB, UDP does
not. As a result, a connected UDP socket can be placed in the lbgroup
hash and thus receive datagrams from sources other than the connected
host.
Reported by: Amit Klein <amit.klein at mail.huji.ac.il>
Reported by: Omer Ben Simhon <omer.bensimhon at mail.huji.ac.il>
Reviewed by: glebius
Approved by: so
Security: FreeBSD-SA-25:09.netinet
Security: CVE-2025-24934
(cherry picked from commit 320ad3dec5ff1b37f6907a47961c18b9d77e6a53)
inpcb: Ignore SO_REUSEPORT_LB on connected sockets
While TCP disallows connect()ing a socket with SO_REUSEPORT_LB, UDP does
not. As a result, a connected UDP socket can be placed in the lbgroup
hash and thus receive datagrams from sources other than the connected
host.
Reported by: Amit Klein <amit.klein at mail.huji.ac.il>
Reported by: Omer Ben Simhon <omer.bensimhon at mail.huji.ac.il>
Reviewed by: glebius
Approved by: so
Security: FreeBSD-SA-25:09.netinet
Security: CVE-2025-24934
(cherry picked from commit 320ad3dec5ff1b37f6907a47961c18b9d77e6a53)
