Refinements to the output when the EXTERROR_VERBOSE environment is set
When kernel external errors are available they are included in the
err(3) library function messages. In addition to the extended error
itself, the kernel also tracks the kernel file and line number at
which the error was generated. This additional information is not
included in the err(3) messages unless the EXTERROR_VERBOSE environment
variable is present. Currently, when EXTERROR_VERBOSE is present,
all the internal extended error information associated with the
error is printed most of which is redundant with the formatted error
message printed by err(3). This change will add only the kernel
file and line number to the err(3) message when EXTERROR_VERBOSE
is present and set to "brief".
Sample output with bad protection bits to mmap:
guest_16 % ./Example bigfile
Example: mmap bigfile: Invalid argument (unknown PROT bits 0x8)
[12 lines not shown]
lpd: Add timeout option
Set a 120-second receive timeout on all client connections, and add a
command-line option to change that value.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D55400
lpd: Improve robustness
* Check for integer overflow when receiving file sizes.
* Check for buffer overflow when receiving file names, and fully
validate the names.
* Check for integer overflow when checking for available disk space.
* Check for I/O errors when sending status codes.
* Enforce one job per connection and one control file per job (see
code comments for additional details).
* Simplify readfile(), avoiding constructs vulnerable to integer
overflow.
* Don't delete files we didn't create.
[9 lines not shown]
security/py-unicode-show: New port: Detect and annotate suspicious Unicode characters in text or files
unicode-show is a utility that reads text input (from standard input
or files) and highlights suspicious Unicode characters, such as
those outside the safe ASCII range. This tool is useful for identifying
potentially malicious or misleading Unicode characters in source
code, logs, or user input.
WWW: https://www.kicksecure.com/wiki/Unicode-show
build: Move all of lp under LPR option
* Tag related directories with package=lp
* Make the examples/printing directory conditional on MK_LPR
* Make the hosts.lpd(5) manual page conditional on MK_LPR
MFC after: 3 days
(cherry picked from commit d4f6cb75424950ee776833ebc6b57855c094a610)
lpr: Add deprecation notice
These programs require elevated privileges to work and have not seen
regular maintenance in decades. Unless someone steps up and overhauls
them, we will have to remove them before 16.0. Better-maintained
alternatives are available in ports (print/cups, sysutils/LPRng).
MFC after: 3 days
(cherry picked from commit d57dee7ab66f60537b557cb602be194e3eed253d)
libfetch: Gracefully skip unsupported protocols
If socket() fails because the address family or protocol is unsupported,
just continue with the next address.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55407
(cherry picked from commit b5d570e711da1dad303312bebaf1bd2fb720f0dc)
libfetch: Fail hard if interrupted while connecting
This fixes an issue where the first address that DNS returns is blocked
by a packet filter, so we hang for a while, then the user hits Ctrl-C,
interrupting connect(2), whereupon we move on to the next address, get
a connection, request the file, and return to fetch(1), which sees that
SIGINT was caught and bails.
Note that we make no attempt to enforce fetchTimeout in the connection
phase, and never have. It's feasible, but non-trivial, so we'll leave
it as an exercise for future us.
PR: 293312
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55406
(cherry picked from commit afbdcd402bb439bd3d487baaad63b68e95929265)
libfetch: Clean up fetch_info usage
* Provide a wrapper for the common if (verbose) fetch_info(...) idiom.
* Replace remaining instances of fprintf(stderr, ...) with fetch_info().
* Fix a few style nits.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55405
(cherry picked from commit 1b7c4d29fdfc975facdc43f6da50947cf3bb8e4a)
m4: Fix eval output width
According to POSIX, the optional third argument is the minimum number
of digits to print regardless of sign. We interpreted it as the minimum
width of the output including the sign. Additionally, the variable used
to hold this value was confusingly named “maxdigits”.
PR: 293214
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55311
(cherry picked from commit 507c611aeac7ca9aed12353b1044bb21ab00afae)
libfetch: Gracefully skip unsupported protocols
If socket() fails because the address family or protocol is unsupported,
just continue with the next address.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55407
(cherry picked from commit b5d570e711da1dad303312bebaf1bd2fb720f0dc)
libfetch: Fail hard if interrupted while connecting
This fixes an issue where the first address that DNS returns is blocked
by a packet filter, so we hang for a while, then the user hits Ctrl-C,
interrupting connect(2), whereupon we move on to the next address, get
a connection, request the file, and return to fetch(1), which sees that
SIGINT was caught and bails.
Note that we make no attempt to enforce fetchTimeout in the connection
phase, and never have. It's feasible, but non-trivial, so we'll leave
it as an exercise for future us.
PR: 293312
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55406
(cherry picked from commit afbdcd402bb439bd3d487baaad63b68e95929265)
libfetch: Clean up fetch_info usage
* Provide a wrapper for the common if (verbose) fetch_info(...) idiom.
* Replace remaining instances of fprintf(stderr, ...) with fetch_info().
* Fix a few style nits.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55405
(cherry picked from commit 1b7c4d29fdfc975facdc43f6da50947cf3bb8e4a)
m4: Fix eval output width
According to POSIX, the optional third argument is the minimum number
of digits to print regardless of sign. We interpreted it as the minimum
width of the output including the sign. Additionally, the variable used
to hold this value was confusingly named “maxdigits”.
PR: 293214
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55311
(cherry picked from commit 507c611aeac7ca9aed12353b1044bb21ab00afae)
libfetch: Clean up fetch_info usage
* Provide a wrapper for the common if (verbose) fetch_info(...) idiom.
* Replace remaining instances of fprintf(stderr, ...) with fetch_info().
* Fix a few style nits.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55405
(cherry picked from commit 1b7c4d29fdfc975facdc43f6da50947cf3bb8e4a)
libfetch: Fail hard if interrupted while connecting
This fixes an issue where the first address that DNS returns is blocked
by a packet filter, so we hang for a while, then the user hits Ctrl-C,
interrupting connect(2), whereupon we move on to the next address, get
a connection, request the file, and return to fetch(1), which sees that
SIGINT was caught and bails.
Note that we make no attempt to enforce fetchTimeout in the connection
phase, and never have. It's feasible, but non-trivial, so we'll leave
it as an exercise for future us.
PR: 293312
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55406
(cherry picked from commit afbdcd402bb439bd3d487baaad63b68e95929265)
m4: Fix eval output width
According to POSIX, the optional third argument is the minimum number
of digits to print regardless of sign. We interpreted it as the minimum
width of the output including the sign. Additionally, the variable used
to hold this value was confusingly named “maxdigits”.
PR: 293214
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55311
(cherry picked from commit 507c611aeac7ca9aed12353b1044bb21ab00afae)
libfetch: Gracefully skip unsupported protocols
If socket() fails because the address family or protocol is unsupported,
just continue with the next address.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55407
(cherry picked from commit b5d570e711da1dad303312bebaf1bd2fb720f0dc)
mwl: migrate to new net80211 encryption key API
Migrate to the new encryption key API rather than poking at the
key struct directly.
Notably this driver was very clear about its expectation the net80211
key layout w/ key, TX MIC and RX MIC matches the firmware layout
and just memcpy()'ed it. That has been refactored.
Differential Revision: https://reviews.freebsd.org/D54484
wpi: migrate to new net80211 encryption key API
Migrate to the new encryption key API rather than poking at the
key struct directly.
Differential Revision: https://reviews.freebsd.org/D54482
iwi: migrate to new net80211 encryption key API
Migrate to the new encryption key API rather than poking at the
key struct directly.
Differential Revision: https://reviews.freebsd.org/D54481
ipw: migrate to new net80211 encryption key API
Migrate to the new encryption key API rather than poking at the
key struct directly.
Differential Revision: https://reviews.freebsd.org/D54480
ath: migrate to new net80211 encryption key API
Migrate to the new encryption key API rather than poking at the
key struct directly.
Differential Revision: https://reviews.freebsd.org/D54479
bsdinstall: fix EFI boot entry creation
update_uefi_bootentry assumes that the caller sets FREEBSD_BOOTNAME and
mntpt, which isn't the case anymore. The result is that there is no
"FreeBSD" boot entry created/updated after install. Most machines manage
to boot from the removable media path (if the loader is installed there
too), but some don't.
Take the loader's path as an argument and rename the variable used in
the ZFS mirror loop so mntpt can be reused below.
Also mark nentries as a local variable so it doesn't leak out of the
function.
PR: 293385
Fixes: 494de51bc0074472d1b01604f085daea0844f240
MFC after: 2 days
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55469
[2 lines not shown]
nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp()
nullfs_unlink_lowervp() is called with the lower vnode locked, so the
nullfs vnode is locked too. The following can occur:
1. the vunref() call decrements the usecount 2->1,
2. a different thread calls vrele() on the vnode, decrements the
usecount 0->1, then blocks on the vnode lock,
3. the first thread tests vp->v_usecount == 0 and observes that it is
true,
4. the first thread incorrectly unlocks the lower vnode.
Fix this by testing VN_IS_DOOMED directly. Since
nullfs_unlink_lowervp() holds the vnode lock, the value of the
VIRF_DOOMED flag is stable.
Thanks to leres@ for patiently helping to track this down.
PR: 288345
MFC after: 1 week
[5 lines not shown]
