tr: fix class handling in unicode world
toupper/tolower logic was only handled for CCLASS_TOUPPER and
CCLASS_TOLOWER, add support for CCLASS ([:alpha:])
PR: 219900
MFC After: 1 week
kern: mac: add a prison_cleanup entry point
The MAC framework provides a lot of useful functionality that can be
configured per-jail without requiring the use of labels. Having another
entry point that we invoke just for general prison cleanup rather than
freeing the label is useful to allow a module that can otherwise work
off of a series of MAC entry points + sysctls for configuration to free
its per-jail configuration without having to bring in osd(9).
One such example in the wild is HardenedBSD's secadm, but some of my
own personal use had wanted it as well- it was simply overlooked in the
final version because my first policy made more sense with labels. On
that note, it's expected that prison_cleanup and prison_destroy_label
will effectively be mutually exclusive -- the former only used when
a label isn't needed, the latter when it is.
Note that prison_cleanup isn't perfectly symmetrical w.r.t.
prison_created: the latter takes a label as well, because it's called
later in jail setup and a better point for propagation than when the
[11 lines not shown]
HBSD: Resolve merge conflicts
This also brings us a little closer to upstream's llvm-related
Makefiles. Reintroduce the MK_LLVM_LINK_STATIC_LIBRARIES option,
defaulted to yes.
It is not advised for HardenedBSD users to set
WITHOUT_LLVM_LINK_STATIC_LIBRARIES just yet. Initial testing
demonstrated some issues with linking the right libraries. I do plan to
still move us towards supporting the src compiler toolchain being
compiled as PIEs.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
sys/compat/freebsd32: Fix i386 compilation
The compile assertion now failing is due to the change '__int64_t' =>
'__int32_t' as the type of 'time32_t' on i386, which is the correct
value. The use of 'freebsd32.h' on i386 may seem strange, but it comes
from 'kern_umtx.c' including it unconditionally as it needs 'struct
umutex32'.
Fixes: 87632ddf67b0 ("openzfs sys/types32.h: use abi_compat.h for time32_t")
Sponsored by: The FreeBSD Foundation
sys: ELF: Rename SHN_FBSD_CACHED => SHN_FREEBSD_CACHED
All other FreeBSD-specific constants have FREEBSD fully spelled out in
their names. Be consistent.
No functional change (intended).
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55224
security/libgcrypt: Fix Curve25519 key validation
Starting with version 1.12.0, libgcrypt was failing to validate
Curve25519 secret keys on FreeBSD-main. This resulted in failures such
as in the example below. Incorporate the patch from
https://dev.gnupg.org/T8094 to fix the problem.
% TEMP_GPG=$(mktemp -d)
% GNUPGHOME=$TEMP_GPG gpg --batch --import < ./test/openpgp4-secret-key.asc
gpg: keybox '/tmp/tmp.gkqFaMAlVu/pubring.kbx' created
gpg: /tmp/tmp.gkqFaMAlVu/trustdb.gpg: trustdb created
gpg: key 7E6ABE924645CC60: public key "Notmuch Test Suite (INSECURE!) <test_suite at notmuchmail.org>" imported
gpg: key 7E6ABE924645CC60: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
[10 lines not shown]