BSD Commit Log Search

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main

daemon: Add option for output file mode

The daemon utility has always created its output file with a fixed mode
of 0600. This causes issues for log collection setups where the collector
does not run as root but instead relies on group access to the watched
daemon’s log file.

Introduce a new option that allows specifying the output file mode using
install(1)-style semantics. This enables non-root log collectors to access
the file as intended and improves compatibility with log rotation tools.

Reviewed by:    kevans
MFC after:      1 week
Relnotes:       yes
Differential Revision:  https://reviews.freebsd.org/D54930

(cherry picked from commit a3b90a1f008365d9f62773998f89f9c872e2bed5)

diff: Improve directory loop detection

When we're done processing a directory, remove its entry from the tree
of visited inodes, ensuring that we only report a loop when we encounter
a descendant-to-ancestor link, not when we encounter a cousin-to-cousin
or sibling-to-sibling link.

MFC after:      1 week
Reported by:    Bakul Shah <bakul at iitbombay.org>
Sponsored by:   Klara, Inc.
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D55248

(cherry picked from commit 71569594d860a59d8362770a56d806e1d31fb946)

m4: Change defn processing order

Currently, defn pushes its arguments on the stack in order, which means
they are then processed in reverse order.  POSIX does not specify what
order they are processed in, which arguably suggests that they should be
processed in the order they are listed.  Push them in reverse order so
they will be processed in their original order.  This matches GNU m4.

PR:             292937
MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    obiwac, imp
Differential Revision:  https://reviews.freebsd.org/D55116

(cherry picked from commit 25a8168f86a1222388475ce858da405e4d06c1c3)

pwd: Error out if writing to stdout failed

POSIX requires us to print a diagnostic and return a non-zero exit
code if writing to stdout failed.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D55227

(cherry picked from commit 5b398611607b0dab2f2550ef73f62d41dab6fac5)

pwd: Clean up and adopt POSIX semantics

According to POSIX, the default should be -L.  Based on code history,
whoever first wrote BSD pwd(1) could not figure out how to implement
-L and therefore made -P the default (and only) option. Support for -L
was later added, but the default was never changed.

Clean up the code, make -L the default, and rewrite getcwd_logical() to
reject paths that contain dot or dot-dot, as required by POSIX.

MFC after:      1 week
Reviewed by:    olce
Differential Revision:  https://reviews.freebsd.org/D55146

(cherry picked from commit 2df923c5d2d02350abc29f61b603c5b9615b225c)

install: Expect EINTR while copying

Both copy_file_range() and read() / write() in our fallback loop can be
interrupted before copying anything at all, in which case it returns -1
and sets errno to EINTR.  If that happens, we should retry, not fail.

While here, drop the size argument from copy() (we always want to copy
the entire file anyway) and add test cases which exercise the metalog
and digest functionality.

PR:             293028
MFC after:      1 week
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D55168

(cherry picked from commit 0fb940fd63dd9b6d6b848421c53b1e9ac8387265)

cp: Expect EINTR while copying

Both copy_file_range() and copy_fallback() can be interrupted before
they have read anything at all, in which case they return -1 and set
errno to EINTR.  If that happens, we should retry, not fail.

PR:             293028
MFC after:      1 week
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D55167

(cherry picked from commit 7aa30669d6e04444b8ad1e4863a6e674fcac4afc)

pwd: Add tests

MFC after:      1 week
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D55153

(cherry picked from commit 36ec2b1c104f9e5383a160e21109e1308fce0364)

m4: Convert tests to ATF

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D55115

(cherry picked from commit 16e073df4a33646fa0e0fba5b41ddc6b44df3605)

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main

lib/libc/net/sockatmark.3: fix groff mdoc warning

PR:     293072

(cherry picked from commit 10fde719587c22085c95759a242e9c51d249d024)

sbin/setkey/setkey.8: cleanup groff mdoc warnings

PR:     293072

(cherry picked from commit c67d8acca30e9f96f0a56f197003d0a4c663a060)

asmc: Add MacPro3,1 temperature sensor support

Test and verified with Sonicblue7

Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D54952

Merge branch 'freebsd/current/main' into hardened/current/master

cam/scsi: Restore scsi_start_stop() and add scsi_start_stop_pc()

Revert the argument change that broke libcam in 8c35de49 and move
power_condition support to scsi_start_stop_pc().

Reported by:            imp
Reviewed By:            #cam, imp (mentor)
Sponsored by:           Samsung Electronics
Differential Revision:  https://reviews.freebsd.org/D54822

(cherry picked from commit 8ef8c6abfadfc9eb0465ce57c6b09ca310415bdd)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>

blocklist: blacklist: Chase recent upstream changes

MFC after:      3 days

(cherry picked from commit a25b12c6ce63be1fefb31d14daca332682fd31fc)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>

Vendor import of blocklist 2026-02-07 (10a907f)

Upstream hash 10a907f09f5a92068d86dcb4ef4f91d7bc10c501.

Obtained from:https://github.com/zoulasc/blocklist

(cherry picked from commit a39ba5e2935176fe982235556e46ba3f51178187)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>

netinet6: Return EAFNOSUPPORT for non-IPv6 addresses in mcast sockopts.

This is a non-functional change; it just returns the correct errno value
where IPv6 multicast socket options were passed non-AF_INET6 arguments,
in preparation for handling PR 193246 with a side-call into netinet as
xnu currently does.

Reviewed by:    glebius
Approved by:    glebius
PR:             193246 (with refinements)
Differential revision:  https://reviews.freebsd.org/D55233

Merge branch 'freebsd/current/main' into hardened/current/master

tr: fix class handling in unicode world

toupper/tolower logic was only handled for CCLASS_TOUPPER and
CCLASS_TOLOWER, add support for CCLASS ([:alpha:])

PR:             219900
MFC After:      1 week

kern: mac: add a prison_cleanup entry point

The MAC framework provides a lot of useful functionality that can be
configured per-jail without requiring the use of labels.  Having another
entry point that we invoke just for general prison cleanup rather than
freeing the label is useful to allow a module that can otherwise work
off of a series of MAC entry points + sysctls for configuration to free
its per-jail configuration without having to bring in osd(9).

One such example in the wild is HardenedBSD's secadm, but some of my
own personal use had wanted it as well- it was simply overlooked in the
final version because my first policy made more sense with labels.  On
that note, it's expected that prison_cleanup and prison_destroy_label
will effectively be mutually exclusive -- the former only used when
a label isn't needed, the latter when it is.

Note that prison_cleanup isn't perfectly symmetrical w.r.t.
prison_created: the latter takes a label as well, because it's called
later in jail setup and a better point for propagation than when the

    [11 lines not shown]

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Merge remote-tracking branch 'origin/freebsd/current/main' into hardened/current/master

Conflicts:
        share/mk/src.opts.mk (unresolved)

HBSD: Missed a file in the last merge conflict resolution

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Merge remote-tracking branch 'origin/freebsd/current/main' into hardened/current/master

HBSD: Resolve merge conflicts

This also brings us a little closer to upstream's llvm-related
Makefiles. Reintroduce the MK_LLVM_LINK_STATIC_LIBRARIES option,
defaulted to yes.

It is not advised for HardenedBSD users to set
WITHOUT_LLVM_LINK_STATIC_LIBRARIES just yet. Initial testing
demonstrated some issues with linking the right libraries. I do plan to
still move us towards supporting the src compiler toolchain being
compiled as PIEs.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

sys/compat/freebsd32: Fix i386 compilation

The compile assertion now failing is due to the change '__int64_t' =>
'__int32_t' as the type of 'time32_t' on i386, which is the correct
value.  The use of 'freebsd32.h' on i386 may seem strange, but it comes
from 'kern_umtx.c' including it unconditionally as it needs 'struct
umutex32'.

Fixes:          87632ddf67b0 ("openzfs sys/types32.h: use abi_compat.h for time32_t")
Sponsored by:   The FreeBSD Foundation

sys: ELF: Rename SHN_FBSD_CACHED => SHN_FREEBSD_CACHED

All other FreeBSD-specific constants have FREEBSD fully spelled out in
their names.  Be consistent.

No functional change (intended).

Reviewed by:    kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55224