membarrier(2): use atomic for lockless read of curproc->p_flag2
Reviewed by: markj, Ricardo Branco <rbranco at suse.com>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56507
rtld: fix processing of preloaded z_initfirst objects
After we found some preloaded z_initfirst object, we must process till
the end of the preload list still, not stopping on the first found
object.
Reported by: des
Reviewed by: des, markj, siderop1 at netapp.com
Fixes: 78aaab9f1cf359f3b7325e4369653f6b50593393
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56466
ctld: Return from the inner "main" loop on EINTR
This ensures that child processes are reaped in the outer loop in
main().
PR: 294035
Reviewed by: asomers
Fixes: 66b107e82b2f ("ctld: Use kevent(2) for socket events rather than select(2)")
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56525
nvmf_che: Don't leak a socket if an error occurs finalizing the socket
If soreserve() or sosetopt() (to set TCP_NODELAY) fails after claiming
the socket from the file descriptor, explicitly close the socket
before returning failure.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D55493
security/zeek: Update to 8.0.7
https://github.com/zeek/zeek/releases/tag/v8.0.7
This release fixes the following potential DoS vulnerabilities:
- A series of DNS messages containing long DNS compression chains
can cause Zeek to spend a long time processing packets and
potentially crash. Due to the fact that these packets can be
received from remote hosts, this is a DoS risk.
- A specially-crafted LDAP search request can cause Zeek to spend
a long time processing the packet, resulting in Zeek silently
dropping the LDAP analyzer for the connection. Due to the fact
that these packets can be received from remote hosts, this is
an evasion risk.
- A specially-crafted series of ASN.1 messages in LDAP packets can
cause Zeek to spend a long time processing the packets, resulting
[25 lines not shown]
security/vuxml: Mark security/zeek < 8.0.7 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v8.0.7
This release fixes the following potential DoS vulnerabilities:
- A series of DNS messages containing long DNS compression chains
can cause Zeek to spend a long time processing packets and
potentially crash. Due to the fact that these packets can be
received from remote hosts, this is a DoS risk.
- A specially-crafted LDAP search request can cause Zeek to spend
a long time processing the packet, resulting in Zeek silently
dropping the LDAP analyzer for the connection. Due to the fact
that these packets can be received from remote hosts, this is
an evasion risk.
- A specially-crafted series of ASN.1 messages in LDAP packets can
cause Zeek to spend a long time processing the packets, resulting
[5 lines not shown]
geom_part: Restore the human readable format of size
Prior to the change 4f809ffec69c, the sizes are formated by
humanize_number(3) with the flag HN_DECIMAL, which displays the result
using one decimal place when it is less than 10. That is more accurate
and useful. Add equivalent field modifier hn-decimal to xo_emit() to
restore the previous behavior.
Reported by: Mark Millard
Reviewed by: js
Fixes: 4f809ffec69c gpart: add libxo support for "show" subcommand + man page updates
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56514
pf: Use MTX_DUPOK to initialize hash chain mutexes
pf_udp_mapping_insert() may lock more than one row at a time.
Fixes: cd5ff4e841fb ("pf: use hashalloc(9) for key, id, src-node and udp-endpoint hashes")
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D56501
ntp_adjtime.2: Increase visibility
+ s/ntp/ntpd/ for correctness + apropos results in document description
+ silence a linter warning by escaping a period with a zero-width space
MFC after: 3 days
(cherry picked from commit b49b3ccd40bda02f530c679f23f42ba9e0e4b2e2)
freebsd-base.7: Break examples into subsections
Break the examples into subsections, so that we can have multi-step
examples.
MFC after: 3 days (to 15 only)
Discussed with: ivy
Differential Revision: https://reviews.freebsd.org/D55526
(cherry picked from commit 5f922bd20d81af4b5759b8f104d5c22ee3e5cd1b)
Bourne shell -> POSIX shell
The FreeBSD shell is a POSIX compatible shell. It evolved over several
decades from the Almquist shell, which was preceeded a decade before
that by the Bourne shell. Most readers today have never seen a Bourne
shell. If someone wants to learn to use our shell, they need to look for
tutorials on the POSIX shell. Align descriptions through out the tree
with this reality, consistent with it's manual and common parlance.
We made a similar change to the doc tree in b4d6eb01540fe.
MFC after: 3 days
Reviewed by: carlavilla
Differential Revision: https://reviews.freebsd.org/D56382
(cherry picked from commit dc140a9fc151f3717bce2157f49070daafa13ec0)