kexec: Disallow kexec_load if securelevel > 0
kexec_load() + reboot is intended to be equivalent to a system reboot.
However kexec_load() can load arbitrary data as the target kernel,
leading to execution of arbitrary code, even though it's effectively in
a new context. Rather than being equivalent to a system reboot, it's
also equivalent to kldload(), which loads arbitrary code into the
running kernel. Since kldload() is blocked at securelevel 1, also block
kexec_load().
Reported by: markj
Fixes: e02c57ff3 ("kern: Introduce kexec system feature (MI)")
Sponsored by: Hewlett Packard Enterprise
Differential Revision: https://reviews.freebsd.org/D56580
devel/forgejo-cli: Make DISTFILE unique to avoid DISTDIR collisions
While here, incorporate some minor cleanups:
- Remove unnecessary CARGO_ENV values
- Move pkg-plist entries to PLIST_FILES
Reviewed by: diizzy
Sponsored by: The FreeBSD Foundation
www/py-django-bootstrap3: Unbreak build after 21c2f9c595ac
* Relax the version requirements for py-uv-build which has been updated
recently.
Reported by: pkg-fallout
games/anki: Extend memory usage of NodeJS during build
* Set a higher value for V8's old memory to fix OOM issues during build:
[...]
vite v6.3.6 building for production...
transforming...
<--- Last few GCs --->
[85302:0x40cbfe36a000] 61573 ms: Mark-Compact (reduce) 505.7 (525.0) -> 502.2 (512.8) MB, pooled: 0 MB, 53.70 / 0.00 ms (+ 530.4 ms in 111 steps since start of marking, biggest step 5.2 ms, walltime since start of marking 659 ms) (average mu = 0.194, [85302:0x40cbfe36a000] 62211 ms: Mark-Compact 503.3 (512.8) -> 498.8 (515.5) MB, pooled: 0 MB, 631.85 / 0.00 ms (average mu = 0.113, current mu = 0.009) allocation failure; scavenge might not succeed
FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----
1: 0x19a5b74 node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/usr/local/bin/node]
2: 0x1be1c44 node::inspector::protocol::IO::DomainDispatcherImpl::~DomainDispatcherImpl() [/usr/local/bin/node]
3: 0x1e1a6b0 v8::internal::HeapLayout::CheckYoungGenerationConsistency(v8::internal::MemoryChunk const*) [/usr/local/bin/node]
4: 0x1e1d5f4 v8::internal::HeapLayout::CheckYoungGenerationConsistency(v8::internal::MemoryChunk const*) [/usr/local/bin/node]
[5 lines not shown]
INIT_ALL: Fix typo in option description
From GitHub pull request #2035; the change needs to be applied to the
source file for the option description, not the generated src.conf.5.
(cherry picked from commit c9f3de0ba95b8da31d35fa92e0a54cf6f3d3f1dd)
ctladm tests: Only use allowed chars in IQN
_ isn't part of the allowed IQN format, but - is.
None functional change.
Reviewed by: asomers, ngie
Approved by: asomers (mentor)
MFC after: 1 week
Sponsored by: ConnectWise
Differential Revision: https://reviews.freebsd.org/D56557
ctl: require ctladm in addition to sg_opcodes
Each test case in opcodes.sh uses ctladm to create and remove the LUN it
exercises, but only sg_opcodes was listed in require.progs.
On systems where ctladm is not builded the tests would fail at setup instead of
being skipped cleanly.
Approved by: asomers
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D56568
math/octave-forge-rf: New port.
RF and microwave network-parameter utilities for GNU Octave. Provides
S-parameter conversions (ST, SZ, SY, SABCD, SH, SG), cascading,
de-embedding, port reordering, renormalization, mixed-mode conversion
for differential pairs, and Touchstone I/O.
pkgbase: remove incorrect clang shlib requires
The FreeBSD-clang package contains a 32-bit shared object at
/usr/lib/clang/19/lib/freebsd/libclang_rt.asan-i386.so
This is expected, since clang uses this object when compiling for i386
targets with asan enabled.
What is not expected is that the FreeBSD-clang package currently depends
on 32-bit libc packages due to pkg's shared library analysis, making it
impossible to install pkgbase on x86_64 without any lib32 packages.
This commit leverages a new pkg feature implemented in [1], but could
be landed before a pkg version including that feature is released
without any ill effects. Unknown keys in package manifests are ignored.
[1]: https://github.com/freebsd/pkg/pull/2594
Reviewed by: ivy
[4 lines not shown]
libarchive: Staticize some variables
This code was not being built due to errors in our libarchive
configuration. Now that those have been addressed, staticize some
variables that trip a “no previous extern declaration” error. This
is a subset of upstream PR 2962.
MFC after: 1 week
Reviewed by: mm
Differential Revision: https://reviews.freebsd.org/D56471
(cherry picked from commit 7e9d974bc023755161742f66c8c77546bab88586)
libarchive: merge from vendor branch
libarchive 3.8.7
Important bugfixes:
#2871 libarchive: fix handling of option failures
#2897 iso9660: fix undefined behavior
#2898 RAR: fix LZSS window size mismatch after PPMd block
#2900 CAB: fix NULL pointer dereference during skip
#2911 libarchive: do not continue with truncated numbers
#2919 CAB: Fix Heap OOB Write in CAB LZX decoder
#2934 iso9660: fix posibble heap buffer overflow on 32-bit systems
#2939 cpio: Fix -R memory leak
#2947 libarchive: lzop and grzip filter support
Important bugfixes between 3.8.5 and 3.8.6:
#2860 bsdunzip: fix ISO week year and Gregorian year confusion
#2864 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation
#2875 7zip: fix out-of-bounds access on ELF 64-bit header
[14 lines not shown]
pkgconf: import into the base system
This introduces the following option:
* MK_PKGCONF: determines if pkgconf and bomtool should be built
The objective is to allow the creation of SBOM information while
building FreeBSD's src tree. The build system cannot rely on the
presence of bomtool (and eventually also spdxtool) in the build
environment, except for having it as part of the src tree directly.
The framework implementing the generation of SBOM files is under review
in D56474.
This will also help simplifying the build, with the introduction of
another framework relying on the availability of pkgconf.
Sponsored by: Alpha-Omega, The FreeBSD Foundation
Reviewed by: bapt, philip
[2 lines not shown]
lesspipe: Use zstdcat
zstdcat is equivalent to zstd -dcf, and matches our intention.
Suggested by: delphij (in D55101)
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 34d7f100c1d9e6f21d2f79097e891f7a17749d1b)
