libsecureboot: do further checks on files without manifests
verify_prep can return VE_FINGERPRINT_NONE. Consider such scenario so
the VE_GEUSS heuristics works with files that likely will not have
fingerprints in the manifest file.
Obtained from: Hewlett Packard Enterprise
Reviewed by: sjg
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53940
mdo.1: Document group-related and fine-grained control functionalities
This is a manual page update describing the functionality that was added
to mdo(1) in commit 3ca1e69028ac ("mdo(1): Add support and shortcuts for
fully specifying users and groups"). Please either refer to that commit
or the new manual page's content for more information.
While here:
- Add to the introduction a description of process credentials and some
specific vocabulary that is used throughout the page, as well as the
relationship between mdo(1) and mac_do(4).
- Update the HISTORY section.
- Add AUTHORS and SECURITY CONSIDERATIONS sections.
Approved by: re (cperciva)
Reviewed by: ziaee
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
Sponsored by: Google LLC (GSoC 2025)
[5 lines not shown]
bsdinstall: Ignore -p[0-9]+ in determining BRANCH
The patch level is not part of the branch per se and should not be
used in constructing the FreeBSD-base.conf file used by bsdinstall.
Approved by: re (cperciva)
MFC after: 1 day
(cherry picked from commit d45816f369eb0099fd274fee23a3bf137ee794b1)
(cherry picked from commit 56275b7b06726aa530c1bcab176d225d5d4b7893)
bsdinstall: Ignore -p[0-9]+ in determining BRANCH
The patch level is not part of the branch per se and should not be
used in constructing the FreeBSD-base.conf file used by bsdinstall.
MFC after: 1 day
(cherry picked from commit d45816f369eb0099fd274fee23a3bf137ee794b1)
sound: Remove vchan_passthrough() and hw.snd.passthrough_verbose
Unused and confusing.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
(cherry picked from commit 3612ef642f511a1bd9f759da87abeafe7d6ff110)
sound: Fix KASSERT panics in chn_read() and chn_write()
INVARIANTS kernels may trigger a KASSERT panic from sndbuf_acquire(),
when fuzzing write(2) using stress2, because of a race in chn_write().
In the case of chn_write(), what sndbuf_acquire() does is extend the
ready-to-read area of the buffer by a specified amount of bytes. The
KASSERT in question makes sure the number of bytes we want to extend the
ready area by, is less than or equal to the number of free bytes in the
buffer. This makes sense, because we cannot extend the ready area to
something larger than what is available (i.e., free) in the first place.
What chn_write() currently does for every write is; calculate the
appropriate write size, let's say X, unlock the channel, uiomove() X
bytes to the channel's buffer, lock the channel, and call
sndbuf_acquire() to extend the ready area by X bytes. The problem with
this approach, however, is the following.
Suppose an empty channel buffer with a length of 1024 bytes, and 2
[45 lines not shown]
papers: Retire phkmalloc paper
It has not been installed since commit cdc37953165c ("In preparation for
the removal of the roff toolchain, disconnect the") and turned up in
a search for outdated MALLOC_OPTIONS settings.
The rendered paper is available at
https://papers.freebsd.org/1998/phk-malloc
PR: 287357
Reviewed by: bapt
Event: Kitchener-Waterloo Hackathon 202506
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50908
vt: Allow VT_SETMODE with frsig=0
Linux does not check that any of the signals in vt_mode VT_SETMODE ioctl
(relsig, acqsig, frsig) are valid, but FreeBSD required that all three
are valid. frsig is unusued in both Linux and FreeBSD, and software
typically leaves it unset. To improve portability, allow frsig to be
set to zero.
PR: 289812
Reported by: Dušan Gvozdenović
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52835
ipfilter: fix broken build
Every commit earns me a dozen emails that LINT is broken. This should
stop that.
Fixes: eda1756d0454f ipfilter: Verify frentry on entry into kernel
Sponsored by: Netflix
mqueuefs: Export another symbol required by linux.ko
Fixes: e00a781c216c ("mqueue: Export kern_kmq_* symbols from kernel module")
Sponsored by: The FreeBSD Foundation
ipfilter: Load optionlist prior to ippool invocation
As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_size_max ipf tuneable adjusts this but the adjustment is made
in the ipfilter rc script, invoked after the ippool script (because it
depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
ipfilter_optionlist load will also occur in the ipfilter rc script in case
the user uses ipfilter without ippool.
Fixes: df381bec2d2b
MFC after: 3 days
openzfs: We are FreeBSD, not posix.
Partially revert:
https://github.com/openzfs/zfs/commit/99d7453b43dc0ef04a35e461ef14db72e1326c7c
which introduced this file upstream. This causes this definition to be
preferred for all builds. Make the smallest change possible to this file
to change the default to FreeBSD. We're talking to the upstraem folks
about the right fix. Feel free to revert this in the future, so long as
`bectl activate -t` still works properly afterwards.
Sponsored by: Netflix
strfmon: Fix negative sign handling for C locale
If the locale's positive_sign and negative_sign values would both be
returned by localeconv() as empty strings, strfmon() shall behave as if
the negative_sign value was the string "-".
This occurs with the C locale. The implementation previously assigned
"0" to sign_posn (parentheses around the entire string); now it assigns
it to "1" (sign before the string) when it is undefined (CHAR_MAX).
Austin Group Defect 1199[1] is applied, changing the requirements for
the '+' and '(' flags.
[1]: https://www.austingroupbugs.net/view.php?id=1199
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53913
strfmon: Add tests for Austin Group Defect 1199
Add tests for The Open Group Base Specifications Issue 8[1], Austin
Group Defect 1199[2].
Items marked with XXX represent an invalid output. These items will be
fixed in subsequent commits.
Notice that an existing test is now considered invalid.
Our locale definitions do not include int_p_sep_by_space nor
int_n_sep_by_space[3]. Those will be addressed in a subsequent commit.
However, the CLDR project defines them as "0", which causes the output
to appear as "USD123.45". If our locale definitions were to set the
international {n,p}_sep_by_space to "1", the output would display as the
expected "USD 123.45".
While here, use the SPDX license identifier and add my name to the
file.
[8 lines not shown]
mdo.1: Document group-related and fine-grained control functionalities
This is a manual page update describing the functionality that was added
to mdo(1) in commit 3ca1e69028ac ("mdo(1): Add support and shortcuts for
fully specifying users and groups"). Please either refer to that commit
or the new manual page's content for more information.
While here:
- Add to the introduction a description of process credentials and some
specific vocabulary that is used throughout the page, as well as the
relationship between mdo(1) and mac_do(4).
- Update the HISTORY section.
- Add AUTHORS and SECURITY CONSIDERATIONS sections.
Reviewed by: ziaee
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
Sponsored by: Google LLC (GSoC 2025)
Co-authored-by: Kushagra Srivastava <kushagra1403 at gmail.com>
[3 lines not shown]
mdo.1: Document group-related and fine-grained control functionalities
This is a manual page update describing the functionality that was added
to mdo(1) in commit 3ca1e69028ac ("mdo(1): Add support and shortcuts for
fully specifying users and groups"). Please either refer to that commit
or the new manual page's content for more information.
While here:
- Add to the introduction a description of process credentials and some
specific vocabulary that is used throughout the page, as well as the
relationship between mdo(1) and mac_do(4).
- Update the HISTORY section.
- Add AUTHORS and SECURITY CONSIDERATIONS sections.
Reviewed by: ziaee
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
Sponsored by: Google LLC (GSoC 2025)
Co-authored-by: Kushagra Srivastava <kushagra1403 at gmail.com>
Differential Revision: https://reviews.freebsd.org/D53905
