HBSD: Disable SafeStack for the Unbound daemon
When Unbound is built with SafeStack, attempts to kill the running
daemon process with SIGTERM does not kill the process. Instead, the
daemon stops responding.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
Reported-by: @northboot
issue: #110
MFC-to: 15-STABLE
pf: don't reject route-to'd too-large packets
If we're sending a packet via pf_route()/pf_route6() we check for packet
size and potentially generate ICMP(6) packet too big messages. If we do,
don't consider this a rejected packet. That is, return PF_PASS and set
the mbuf to NULL rather than returning PF_DROP.
This matters for locally generated packets, because with PF_DROP we
can end up returning EACCES to userspace, causing the connection to
terminate. Instead, with PF_PASS and a NULL mbuf this is translated to
PFIL_CONSUMED, which does not return an error to userspace.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
multimedia/recordmydesktop: Add missing deps
Fixes build with multimedia/libtheora 1.2.0.
audio/libvorbis wasn't needed by libtheora, but this port was
piggybacking off of it.
With hat: multimedia@
games/nexuiz: Add missing deps
Fixes build with multimedia/libtheora 1.2.0.
audio/libvorbis wasn't needed by libtheora, but this port was
piggybacking off of it.
With hat: multimedia@
netlink: Don't directly access ifnet members
Summary:
Remove the final direct access of struct ifnet members from netlink.
Since only the first address is used, create the iterator and then free,
without fully iterating.
Reviewed By: kp
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D42972
(cherry picked from commit b224af946a17b8e7a7b4942157556b5bc86dd6fb)
mac_ipacl: Use IfAPI
Use `if_t` instead of `struct ifnet *`, and if_name() accessor.
Sponsored by: Juniper Networks, Inc.
(cherry picked from commit b820820ece099a73511d7daec407d78f38185a9b)
astro/gpscorrelate: Take maintainership.
There is a new maintainer upstream, Dan Fandrich,
and he has new versions and FreeBSD in his CI pipelines.
Update to 2.3 coming up.
unionfs: detect common deadlock-producing mount misconfigurations
When creating a unionfs mount, it's fairly easy to shoot oneself
in the foot by specifying upper and lower file hierarchies that
resolve back to the same vnodes. This is fairly easy to do if
the sameness is not obvious due to aliasing through nullfs or other
unionfs mounts (as in the associated PR), and will produce either
deadlock or failed locking assertions on any attempt to use the
resulting unionfs mount.
Leverage VOP_GETLOWVNODE() to detect the most common cases of
foot-shooting at mount time and fail the mount with EDEADLK.
This is not meant to be an exhaustive check for all possible
deadlock-producing scenarios, but it is an extremely cheap and
simple approach that, unlike previous proposed fixes, also works
in the presence of nullfs aliases.
PR: 172334
Reported by: ngie, Karlo Miličević <karlo98.m at gmail.com>
[5 lines not shown]
