jail(3): fix common usage after mac.label support
Nobody else's mac.conf(5) has any entries for jails, so they get a
trivial ENOENT and we fail before we can fetch any jail parameters.
Most notably, this breaks `jls -s` / `jls -n` if you do not have any
loaded policy that applies jail labels.
Add an entry that works for everyone, and hardcode that as an ENOENT
fallback in libjail to provide a smoother transition. This is probably
not harmful to leave in long-term, since mac.conf(5) will override it.
This unearthed one additional issue, in that mac_get_prison() in the
MAC framework handled the no-label-policies bit wrong. We don't want
to break jail utilities enumerating jail parameters automatically, so
we must ingest the label in all cases -- we can still use it as a small
optimization to avoid trying to copy out any label. We will break
things if a non-optional element is specified in the copied in label,
but that's expected.
[8 lines not shown]
mac(4): also list jails in the example enumeration of objects
The prison may also be considered part of the subject by way of its
ucred association, but I don't think this is significantly different
enough today than before recent work -- policies could have always
taken them into account, and some did (e.g., mac_bsdextended).
Reported by: olce
Reviewed by: olce, ziaee
Differential Revision: https://reviews.freebsd.org/D54748
math/octave-forge-instrument-control: New port.
Octave low level I/O functions for serial, i2c, parallel, tcp, gpib,
udp and usbtmc interfaces. Not vxi11 as there doesn't seem to be
FreeBSD support.
editors/openoffice-devel: Fix with python >= 3.12
Fix build with python >= 3.12.
Since this is only a build fix, and builds with older python versions
are not changed other than an additional BUILD_DEPENDS, no PORTREVISION
bump is necessary.
PR: 292190
Reported by: George Mitchell <george at m5p.com>
pfctl(8): change default limiter action from no-match to block
pf(4) users who use limiters in current should update the rules
accordingly to reflect the change in default behavior. The existing
rule which reads as follows:
pass in from any to any state limiter test
needs to be changed to:
pass in from any to any state limiter test (no-match)
OK dlg@
Obtained from: OpenBSD, sashan <sashan at openbsd.org>, c600931321
Sponsored by: Rubicon Communications, LLC ("Netgate")
net/rustdesk-server: Update to 1.1.15
- Patch version in Cargo.toml file, distribution has old version number
- Update dependencies in Cargo.lock, distribution is missing updates
mail/courier-imap: Fix inotify support on FreeBSD 15 and up
FreeBSD 15 introduced a native inotify implementation in libc; avoid
depending and linking libinotify on these relases, since it interferes
with the libc implementation.
MFH: 2026Q1
(cherry picked from commit c6a80d646d95392f13da873351a68c79d1c2efec)
sctp: improve compilation as module
When compiling SCTP as a module, don't compile sctp_crc32.c into
the module. This avoids code and variable duplication since
sctp_crc32.c is compiled into the kernel. In particular, the variable
system_base_info is not duplicated. This fixes the handling of the
statistic counters sctps_sendhwcrc and sctps_sendswcrc when using
sctp_delayed_cksum.
MFC after: 3 days
mail/courier-imap: Fix inotify support on FreeBSD 15 and up
FreeBSD 15 introduced a native inotify implementation in libc; avoid
depending and linking libinotify on these relases, since it interferes
with the libc implementation.
MFH: 2026Q1
databases/galera26: Update to 26.4.25
This release includes a patch that makes galera work on OpenZFS >= 2.3.0
PR: 291561
Approved by: maintainer timeout
Extend security-officer keys for another couple years.
Certify key until 2030 (planning to move to a PQC algo then).
Encrypt and Sign keys until 2028.
Approved by: so
