pseries/llan: call init when ioctl sets interface UP
This should fix dhcp on an unitialized interface. This solution was
found while comparing against another driver, SIOCSIFFLAGS is used by
dhclient to force the interface up before it has an IP address.
However, all setup work is done in llan_init(), so the interface would
not be enabled if configured via only the SIOCSIFFLAGS ioctl. By
running llan_init() when the interface is forced up via SIOCSIFFLAGS,
the interface is initialized properly.
PR: 292164
packages: Register pkgconf
This should fix the creation of the new packages introduced by the
import of pkgconf into the base system.
Fixes: b8352da33f34 ("pkgconf: import into the base system")
PR: 294724
Reviewed by: ivy, ngie
Approved by: ngie
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D56589
ping6: treat setsockopt failures as fatal
ping6 needs IPV6_RECVPKTINFO and IPV6_RECVHOPLIMIT to process
incoming replies. When these options fail, replies are silently
dropped and ping6 appears to hang. Use err(3) instead of warn(3)
so the user gets a clear error and immediate exit.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: pouria, jlduran, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56237
(cherry picked from commit 9a4a9f623bbaf991b3ba580593d47f2ee9f7b03b)
ping6: treat setsockopt failures as fatal
ping6 needs IPV6_RECVPKTINFO and IPV6_RECVHOPLIMIT to process
incoming replies. When these options fail, replies are silently
dropped and ping6 appears to hang. Use err(3) instead of warn(3)
so the user gets a clear error and immediate exit.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: pouria, jlduran, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56237
(cherry picked from commit 9a4a9f623bbaf991b3ba580593d47f2ee9f7b03b)
ping6: treat setsockopt failures as fatal
ping6 needs IPV6_RECVPKTINFO and IPV6_RECVHOPLIMIT to process
incoming replies. When these options fail, replies are silently
dropped and ping6 appears to hang. Use err(3) instead of warn(3)
so the user gets a clear error and immediate exit.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: pouria, jlduran, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56237
(cherry picked from commit 9a4a9f623bbaf991b3ba580593d47f2ee9f7b03b)
emulators/virtualbox-ose*-71,www/phpvirtualbox-71: Deprecate with expiration date 2026-12-31
"VirtualBox 7.1.x is no longer supported!"
https://www.virtualbox.org/wiki/Changelog-7.1
Upstream EOL reaches on 2025-04-15, use emulators/virtualbox-ose*-72
instead.
Set expiration date to 2026-12-31.
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit c1b7acedbae9694bc4211bdd5d2f48dd1309d581)
emulators/virtualbox-ose*-71,www/phpvirtualbox-71: Deprecate with expiration date 2026-12-31
"VirtualBox 7.1.x is no longer supported!"
https://www.virtualbox.org/wiki/Changelog-7.1
Upstream EOL reaches on 2025-04-15, use emulators/virtualbox-ose*-72
instead.
Set expiration date to 2026-12-31.
Sponsored by: UNIS Labs
MFH: 2026Q2
emulators/virtualbox-ose{,-nox11}{,-legacy,-70,-71,-72}: Fix build with custom USERS/GROUPS not in UIDs/GIDs
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit 87ffb193231a5aa75d37c1206059f309ef82c9cd)
Tools/scripts: Add git-diff-ports.sh
This script prints the list of ports with uncommitted changes.
It is called git-diff-ports because it prints the processed output of
'git diff'.
I found is useful while working on ports.
mac_seeotheruids: allow specificgid to be a list of groups
The specificgid functionality has historically allowed only a single
group to be exempt, but in practice one might want a few services to
be exempt for reasons. From a security perspective, we probably don't
want to encourage unrelated users to be grouped together solely for
this purpose, as that creates one point of shared access that could be
used for nefarious purposes.
Normalize the group list as we do cr_groups to allow for linear matching
rather than quadratic, we just need to account for the differences in
FreeBSD 15.0+ where cr_groups is entirely supplementary groups vs.
earlier versions, where cr_groups[0] is the egid and the rest is
sorted.
Reviewed by: csjp, des (earlier version)
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D56592
geom manuals: Clarify units
The gpart manual says that sizes are specified in blocks, unless an SI
unit suffix is provided. This confuses new operators because GEOM uses
binary bytes, a large difference at modern storage pool sizes. Rewrite
suffixes in all GEOM manuals to consistently clarify this, matching what
we and the rest of the industry have been doing in other documentation.
While here, use non-breaking spaces between numbers and units, unless
they are already written with a hyphen.
MFC after: 3 days
Reviewed by: fuz
Reported by: bbaovanc <bbaovanc at bbaovanc.com>
Differential Revision: https://reviews.freebsd.org/D56534
(cherry picked from commit 975e3605ebb15cbaf5a25c1c9d1f51aed41291d0)
Fix memory corruption bugs in BSM record parsing
fetch_newgroups_tok(3): clamp group count to AUDIT_MAX_GROUPS before the
loop to prevent a stack buffer overflow when a crafted record specifies
more than 16 groups.
fetch_execarg_tok(3), fetch_execenv_tok(3): add a bounds check at the
top of the string-walking loop to prevent an out-of-bounds read when the
previous string's nul byte is the last byte of the record buffer.
fetch_sock_unix_tok(3): clamp the memchr search length to the number of
bytes remaining in the buffer to prevent an out-of-bounds read on short
tokens. Also clamp slen to sizeof(path) to prevent a one-byte overflow
when no nul byte is found within the path data.
fetch_socket_tok: fix copy-paste error where the remote address was
written into l_addr instead of r_addr.
Previously reported by: @haginara
[12 lines not shown]
pf: Document broadcast/multicast forwarding through route-to
pf_route() and pf_route6() forward broadcast and multicast traffic
when a route-to rule matches, without any check against the output
interface's broadcast domain. This is a deliberate property of the
route option code path, but it is not documented and the workaround
is non-obvious.
Document the behavior in pf.conf(5) with example block-out rules on
the target interface, scoped with the received-on qualifier so that
only forwarded traffic is dropped while the router's own broadcast
and multicast traffic continues to pass.
Add regression tests covering the full broadcast/multicast and
forwarded/local matrix on both IPv4 and IPv6.
Reviewed by: glebius, kp
Approved by: kp (mentor)
MFC after: 1 week
[2 lines not shown]
ctld: Move the pidfile handle out to a global variable
This ensures it will be destroyed (removing the associated pidfile)
anytime the process exits, including from exit(3) calls. This fixes
a few places that would "leak" the pidfile on certain errors.
This also removes the need for some convoluted logic where
configuration objects would hand-off ownership of the pidfile handle
from the old configuration to the new configuration.
Reviewed by: asomers
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56527
ctld: Ports without a portal group are not dummy ports
The default implementation of is_dummy should return false. Only
portal group ports should possibly return true.
PR: 293076
Reported by: Ken J. Thomson <thomsonk at yandex.com>
Fixes: 6acc7afa34aa ("ctld: Convert struct port to a hierarchy of C++ classes")
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56524
