FreeBSD/ports 023f86dsysutils/spiped Makefile, sysutils/spiped/files spiped.in

sysutils/spiped: Clean up UNIX sockets

When a TCP socket is closed, it becomes possible to create a new
socket listening on the same address; the behaviour of UNIX (aka
"local") sockets is different, in that an inode remains even after
it is closed, and blocks the creation of a new socket with the same
address.

When spiped is launched with a UNIX socket as its source address,
delete any existing socket with that address first.  This makes it
possible to "service spiped restart" when UNIX sockets are used.

Deleting the socket when stopping spiped would also work for the
case of restarting the daemon, but not for the case of starting the
daemon after an unclean system shutdown; so deleting only prior to
starting the daemon seemed like the better option.

PR:     295432
Reported by:    feld
DeltaFile
+5-0sysutils/spiped/files/spiped.in
+1-0sysutils/spiped/Makefile
+6-02 files

FreeBSD/src b516c23lib/libc/gen posix_spawn.c

do_posix_spawn(): use bool

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
DeltaFile
+3-3lib/libc/gen/posix_spawn.c
+3-31 files

FreeBSD/src 70fb92clibexec/rtld-elf map_object.c

rtld: unify the return path for map_object()

Reviewed by:    kevans
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D57908
DeltaFile
+4-6libexec/rtld-elf/map_object.c
+4-61 files

FreeBSD/src 559f456libexec/rtld-elf xmalloc.c rtld.c

rtld: add spinlock around the crt malloc calls

Right now, the rtld malloc is called under the write-locked rtld bind
lock. A future change adds places where only read-locked rtld bind lock
is held, and then the spinlock protects the malloc structures from the
parallel updates.

Reviewed by:    kevans
Tested by:      Marek Zarychta <zarychtam at plan-b.pwste.edu.pl>
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D57908
DeltaFile
+71-1libexec/rtld-elf/xmalloc.c
+0-25libexec/rtld-elf/rtld.c
+71-262 files

FreeBSD/src 1e370f0libexec/rtld-elf rtld.c map_object.c

rtld: stop using unbound alloca()

For DoneList allocations, its size depends on the number of loaded DSOs.
Small images could be served by alloca(), but large donelists need to
go into heap.

For map_object(), alloca size is the number of segments in the object.

In both cases, over-grown situations would cause a stack overflow.

PR:     295991
Noted and reviewed by:  kevans
Tested by:      Marek Zarychta <zarychtam at plan-b.pwste.edu.pl>
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D57908
DeltaFile
+58-24libexec/rtld-elf/rtld.c
+3-1libexec/rtld-elf/map_object.c
+2-0libexec/rtld-elf/rtld.h
+63-253 files

FreeBSD/ports d10cb9fnet/py-lib389 Makefile pkg-message, net/py-lib389/files patch-lib389_nss__ssl.py patch-lib389_instance_remove.py

net/py-lib389: Add new port

lib389 provides the Python library and command-line administration
tools for 389 Directory Server.

It includes tools for creating and managing Directory Server
instances, configuring servers, and managing directory entries.

This port is required for the development of net/freeipa-server.

WWW: https://www.port389.org/

Sponsored by:   Netzkommune GmbH
DeltaFile
+273-0net/py-lib389/files/patch-lib389_nss__ssl.py
+49-0net/py-lib389/Makefile
+26-0net/py-lib389/pkg-message
+19-0net/py-lib389/files/patch-lib389_instance_remove.py
+18-0net/py-lib389/files/patch-pyproject.toml
+17-0net/py-lib389/files/patch-lib389_____init____.py
+402-04 files not shown
+425-010 files

FreeBSD/ports f91f48a. GIDs UIDs, net/389-ds-base Makefile

net/389-ds-base: Fix instance creation

Add a dedicated dirsrv user and group.

Use FreeBSD-compatible paths for runtime files, databases, backups,
LDIF files, and logs.  Create the persistent database and log parent
directories with suitable permissions.

Detect getpeereid(3) during configuration and fix peer credential
handling for LDAPI SASL EXTERNAL authentication.

Sponsored by:   Netzkommune GmbH
DeltaFile
+22-0net/389-ds-base/files/patch-ldap_admin_src_defaults.inf.in
+11-0net/389-ds-base/files/patch-configure.ac
+11-0net/389-ds-base/files/patch-ldap_servers_slapd_getsocketpeer.c
+9-0net/389-ds-base/Makefile
+1-1GIDs
+1-1UIDs
+55-21 files not shown
+57-27 files

FreeBSD/ports 5cf63efmail/thunderbird distinfo Makefile

mail/thunderbird: update to 152.0.1 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/152.0.1/releasenotes/

(cherry picked from commit dd44df872babb3c9ab1639465ddb5522608df38c)
DeltaFile
+3-3mail/thunderbird/distinfo
+1-1mail/thunderbird/Makefile
+4-42 files

FreeBSD/ports d59a637mail/thunderbird-esr distinfo Makefile

mail/thunderbird-esr: update to 140.12.1 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/140.12.1esr/releasenotes/

(cherry picked from commit bc2e59eb6ef49f187f49f2d97947b1944eba888b)
DeltaFile
+3-3mail/thunderbird-esr/distinfo
+1-1mail/thunderbird-esr/Makefile
+4-42 files

FreeBSD/ports 112b0a3www/firefox distinfo Makefile

www/firefox: update to 152.0.4 (rc1)

Release Notes (soon):
  https://www.firefox.com/en-US/firefox/152.0.4/releasenotes/

(cherry picked from commit 44713ce36986524df4c334d47347771145a9d3e0)
DeltaFile
+3-3www/firefox/distinfo
+1-1www/firefox/Makefile
+4-42 files

FreeBSD/src f9a0147lib/libc/net protocols, sys/netinet in.h

protocols: remove IPPROTO_DIVERT
DeltaFile
+0-3sys/netinet/in.h
+0-1lib/libc/net/protocols
+0-42 files

FreeBSD/src bdd0c4dsys/net bpf_ifnet.c, sys/netinet6 in6_ifattach.c nd6.c

netinet6: cleanse safeguards against IFT_PFLOG

This "interface" type is no more.  Leave the constant in if_types.h, we
probably need an exp-run before removing it.
DeltaFile
+3-3sys/netinet6/in6_ifattach.c
+0-5sys/net/bpf_ifnet.c
+2-2sys/netinet6/nd6.c
+0-1sys/netinet6/in6.c
+5-114 files

FreeBSD/ports bc2e59email/thunderbird-esr distinfo Makefile

mail/thunderbird-esr: update to 140.12.1 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/140.12.1esr/releasenotes/
DeltaFile
+3-3mail/thunderbird-esr/distinfo
+1-1mail/thunderbird-esr/Makefile
+4-42 files

FreeBSD/ports dd44df8mail/thunderbird distinfo Makefile

mail/thunderbird: update to 152.0.1 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/152.0.1/releasenotes/
DeltaFile
+3-3mail/thunderbird/distinfo
+1-1mail/thunderbird/Makefile
+4-42 files

FreeBSD/ports 44713cewww/firefox distinfo Makefile

www/firefox: update to 152.0.4 (rc1)

Release Notes (soon):
  https://www.firefox.com/en-US/firefox/152.0.4/releasenotes/
DeltaFile
+3-3www/firefox/distinfo
+1-1www/firefox/Makefile
+4-42 files

FreeBSD/ports e4e52ccaudio/aubio/files patch-waflib_Context.py

audio/aubio: fix build with python 3.12

The old waf build system relies on python module imp, which was removed
in python 3.12. This workaround is lifted directly from current waflib,
and allows aubio to build with recent python versions.
DeltaFile
+21-0audio/aubio/files/patch-waflib_Context.py
+21-01 files

FreeBSD/ports 811fa21www/nextcloud Makefile, www/nextcloud/files patch-PR296323

www/nextcloud: Fix CleanupBackgroundJobsJob.php

PR:             296323
Reported by:    Martin Birgmeier <d8zNeCFG aon at>
DeltaFile
+25-0www/nextcloud/files/patch-PR296323
+1-0www/nextcloud/Makefile
+26-02 files

FreeBSD/src bcf4e3csys/net if_loop.c

loopback: use new names for checksum offloading flags

No functional change intended.

Reviewed by:            tuexen
MFC after:              1 week
Differential Revision:  https://reviews.freebsd.org/D57945
DeltaFile
+5-6sys/net/if_loop.c
+5-61 files

FreeBSD/ports 697a1b7finance/gnucash-docs distinfo Makefile

finance/gnucash-docs: Update to 5.16
DeltaFile
+3-3finance/gnucash-docs/distinfo
+1-1finance/gnucash-docs/Makefile
+4-42 files

FreeBSD/ports cd9e074finance/gnucash pkg-plist distinfo, finance/gnucash/files patch-CMakeLists.txt

finance/gnucash: Update to 5.16
DeltaFile
+0-27finance/gnucash/files/patch-CMakeLists.txt
+5-4finance/gnucash/pkg-plist
+3-3finance/gnucash/distinfo
+1-1finance/gnucash/Makefile
+9-354 files

FreeBSD/src 309e4f0tests/sys/mac/do consistency.sh Makefile

MAC/do: Add consistency tests

Test that:
1. Concurrent changes to different parameters on the same jail are
   independent/atomic.
2. Inheritance works.
3. Relaxing only parent jail rules does not leak to a subjail thanks to
   sequential consistency.
4. Sysctl knobs and jail parameters stay consistent.

Some of these tests may be extended in the future with several layers of
jails (there is only a single subjail currently).

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38

(cherry picked from commit 851499046d25fbe5841a55fb7bfcc879522f59a8)
DeltaFile
+211-0tests/sys/mac/do/consistency.sh
+1-1tests/sys/mac/do/Makefile
+212-12 files

FreeBSD/src 0ab20f7tests/sys/mac/do common.sh

MAC/do: Tests: Add support for exec paths, jail parameters, subjails

And also allow configuration of the mdo(1) executable path.

This commit only contains new or modified infrastructure.  No functional
change intended at this point.

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38

(cherry picked from commit a95ff5ef7d1ffcb701913028253a4700cd9a1459)
DeltaFile
+110-9tests/sys/mac/do/common.sh
+110-91 files

FreeBSD/src 406c84ashare/man/man4 mac_do.4

mac_do.4: Document executable paths, default jail values and consistency

While here, fix the bug of mentioning 'enable' as a possible value for
the 'mac.do' jail parameter whereas it is 'new' instead.

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38

(cherry picked from commit 39818654ae879788807d3a87c2d75cc700cc7113)
DeltaFile
+143-46share/man/man4/mac_do.4
+143-461 files

FreeBSD/ports 1d9ec9fscience Makefile, science/amrex pkg-plist Makefile

science/amrex: New port: AMReX: Software Framework for Block Structured AMR
DeltaFile
+372-0science/amrex/pkg-plist
+37-0science/amrex/Makefile
+6-0science/amrex/pkg-descr
+3-0science/amrex/distinfo
+1-0science/Makefile
+419-05 files

FreeBSD/ports 31b946dscience Makefile, science/py-phonors distinfo Makefile

science/py-phonors: New port: Rust kernels for phonopy and phono3py
DeltaFile
+175-0science/py-phonors/distinfo
+114-0science/py-phonors/Makefile
+6-0science/py-phonors/pkg-descr
+1-0science/Makefile
+296-04 files

FreeBSD/ports 64930b1misc/py-langchain-tests Makefile

misc/py-langchain-tests: Update dependency spec and test results
DeltaFile
+2-2misc/py-langchain-tests/Makefile
+2-21 files

FreeBSD/src 9dea58fsys/security/mac_do mac_do.c, tests/sys/mac/do invalid_configs.sh

MAC/do: Fix double-free on parse error after "executable paths" feature

parse_rules() has been calling toast_rules() in case of a parse error in
order to deallocate the 'struct rule' objects it has constructed up to
that point.

toast_rules() would take a pointer to a full 'struct rules' object, and
besides freeing all 'struct rule' referenced by it, would also free the
holding 'struct rules' itself.

With the introduction of the "executable paths" feature, and the
embedding of 'struct rules' into 'struct conf', meaning that the
lifecycle for 'struct rules' was no longer independent, toast_rules()
was changed not to free the passed 'struct rules' (as it was a field of
a 'struct conf' object).  Unfortunately, this change was not completed
with a reinitialization of the rules list head, so the 'struct conf'
object would continue to reference just-freed rules, which then would be
freed a second time on destruction of that container.


    [18 lines not shown]
DeltaFile
+8-8sys/security/mac_do/mac_do.c
+14-0tests/sys/mac/do/invalid_configs.sh
+22-82 files

FreeBSD/src 531c3easys/security/mac_do mac_do.c

MAC/do: Update copyright

Update years for the Foundation.

While here, remove the initial '/*-' which has been useless for a long
time.

While here, add a missing space on bapt@'s copyright line (approved by
him).

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38

(cherry picked from commit fcb0018634c77fe32ed99bca00f856af18ed240b)
DeltaFile
+3-3sys/security/mac_do/mac_do.c
+3-31 files

FreeBSD/src 29c5581sys/security/mac_do mac_do.c

MAC/do: Do not skip blanks when parsing executable paths

The kind of tolerance we apply to parsing rules, whose format we have
defined, cannot be applied to paths since blank characters are allowed
there.

There is still the limitation that no escape character is currently
supported, and so it is not possible to configure a path having a ':'
character.

Reviewed by:    bapt
Fixes:          9818224174c4 ("MAC/do: Executable paths feature (GSoC 2025's final state)")
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38

(cherry picked from commit 1fa1e3f3950fc0593ab73ea075c24c9bfbe8afd6)
DeltaFile
+1-1sys/security/mac_do/mac_do.c
+1-11 files

FreeBSD/src ac9d12fsys/security/mac_do mac_do.c

MAC/do: Serialize installing/modifying some jail's configuration

See the immediately preceding commit for explanations on what this is
fixing.

When setting 'mac.do' to 'inherit' on a jail with 'mac.do.rules' and
'mac.do.exec_paths' also specified in the same call, ensure that the
check that these passed parameters are the same as those to be inherited
is atomic with respect to enabling the inheritance (i.e., removing the
jail's 'struct conf' object).  (See previous commit "MAC/do: Fix the
recent logic to set jail parameters, make it more tolerant" as for why
this check exists.)

Because we currently only modify a single configuration object per
transaction, we introduce the parse_and_commit_conf() wrapper around
parse_and_set_conf() to remove duplicated code that would ensue from
calling the latter directly, namely, releasing the 'mac_do_rwl' lock and
freeing the old configuration object (if any).


    [11 lines not shown]
DeltaFile
+76-23sys/security/mac_do/mac_do.c
+76-231 files