blocklist: Add an UPDATING entry
Add an UPDATING entry about the renaming of blocklist.
Approved by: emaste (mentor)
Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist")
MFC after: 1 day
(cherry picked from commit ffa8165009365ff93050626d880f2d1d6aacc31a)
blacklist: Avoid duplicate manual pages in METALOG
Previously, blacklist man pages were just a symlink to their blocklist
counterpart, this in turn installed blocklist man pages twice, and
resulted in a duplicate error when running metalog_reader.lua -c.
Take advantage of the duplication to document nuances in blacklist, such
as the fact that it uses the new database and socket name (blocklist).
Also, note that it has been renamed to blocklist. In the future, it
will help to document its deprecation.
Approved by: emaste (mentor)
Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist")
MFC after: 2 days
(cherry picked from commit c6240045536548c22ce40d9ef36c1dc52abcfc9c)
blocklist-helper: Silence a bogus pf warning
Silence a bogus warning about (an ethernet) anchor not being found.
It has been reported as PR 280516. In the meantime, just sweep under
the carpet.
Approved by: emaste (mentor)
MFC after: 2 days
(cherry picked from commit 2347ca21d657121670e6e7246c6ac32efc996cac)
blocklist: Rename blacklist to blocklist
Follow up upstream rename from blacklist to blocklist.
- Old names and rc scripts are still valid, but emitting an ugly warning
- Old firewall rules and anchor names should work, but emitting an ugly
warning
- Old MK_BLACKLIST* knobs are wired to the new ones
Although care has been taken not to break current configurations, this
is a large patch containing mostly duplicated code. If issues arise, it
will be swiftly reverted.
Reviewed by: ivy (pkgbase)
Approved by: emaste (mentor)
MFC after: 2 days
Relnotes: yes
(cherry picked from commit 7238317403b95a8e35cf0bc7cd66fbd78ecbe521)
blocklist: Revert upstream commit ddf6d71
Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a "one-count"
failure") introduced BLOCKLIST_BAD_USER with a one-count failure
mechanism. BLOCKLIST_AUTH_FAIL was implemented with a two-count failure
mechanism. Since we have been utilizing BLOCKLIST_AUTH_FAIL, the number
of failed attempts now doubles towards the maximum limit (nfails),
giving system administrators the impression that the number of failed
authentication attempts is inaccurate.
Revert this commit until a consensus has been reached. We do not want
to introduce yet another breaking change with the renaming of the
library.
Approved by: emaste (mentor)
MFC after: 2 days
(cherry picked from commit 4d56eb007b18881becb2107f87bd2a7edca3e6bf)
MFV: Import blocklist 2025-04-28 (8aa81bf)
Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15'
Breaking changes:
- Upstream commit 24932b6 ("blocklistd: log the conf file line number
with bad protocol errors") breaks backward database compatibility.
An error will be displayed:
Key size mismatch 296 != 288
A new and compatible database, with the new name, will be created when the
service starts (committed separately).
- Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a
"one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count
failure mechanism. BLOCKLIST_AUTH_FAIL was implemented with a
two-count failure mechanism. Since we utilize BLOCKLIST_AUTH_FAIL, the
number of failed attempts now doubles towards the maximum limit
(nfails). This commit will be reverted separately.
[10 lines not shown]
Add --libxo support for geom status and list sub commands.
Submitted-by: Johan Söllvander
MFC-after: 1 week
Differential Revision: https://reviews.freebsd.org/D37615
tcp: remove notion of ticks from HPTS
To improve consistency of the code, don't use slots and ticks,
just use slots.
Reviewed by: tuexen
Sponsored by: Netflix, Inc.
Makefile.inc1: Build source packages before sets
To build set-src, we first need to build the source packages. Add a
.ORDER to ensure this happens. Otherwise, in a parallel build, sets
might be built before the src-* packages have finished building, and
set-src will be mysteriously missing.
MFC after: 3 seconds
Reported by: cperciva
Actually diagnosed by: jrtc27
One-line fix by: ivy
Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D53076
(cherry picked from commit ea5685ba79fc9309698ef72cf48bc1f0c91ad3dd)
Makefile.inc1: Build source packages before sets
To build set-src, we first need to build the source packages. Add a
.ORDER to ensure this happens. Otherwise, in a parallel build, sets
might be built before the src-* packages have finished building, and
set-src will be mysteriously missing.
MFC after: 3 seconds
Reported by: cperciva
Actually diagnosed by: jrtc27
One-line fix by: ivy
Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D53076
mmap_test: determine page size at run time rather than compile time
Sponsored by: Netflix
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D52735
mdconfig_test: determine page size at run time rather than assuming 4k
Sponsored by: Netflix
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D52736
MFC: libbz2: add pkg-config file (bzip2.pc)
Add generation of a bzip2.pc file for use with pkg-config and create
a basic template as bzip2.pc.in.
This allows other software to easily locate and link against libbz2
using standard pkg-config mechanisms instead of manual compiler and
linker flags.
The version number is extracted automatically from bzlib.h to keep
it consistent with the library sources.
Approved by: re (cperciva)
Tested: pkg-config --exists --print-errors "bzip2 >= 1.0.9" (fail, expected)
pkg-config --exists --print-errors "bzip2 >= 1.0" (succeeded)
pkg-config --libs bzip2 (-lbz2)
pkg-config --cflags bzip2 ()
(cherry picked from commit 586319793368cbc664b48187bda60d27e171753a)
(cherry picked from commit f139a644d3ee01667480ff6d698757d3e3689794)
fwget: pci: mediatek: correct package name
The port is called wifi-firmware-mt76-kmod not "mediatek" in the
moddle.
Reported by: Lars Tunkrans (drsnx60 gmail.com)
MFC after: 3 days
Reviewed by: emaste, jrm, imp
Differential Revision: https://reviews.freebsd.org/D53067
blocklist: Add an UPDATING entry
Add an UPDATING entry about the renaming of blocklist.
Approved by: emaste (mentor)
Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist")
MFC after: 1 day
realpath: Report correct path on failure
If lstat() fails with EACCES or ENOTDIR, the path we need to return in
the caller-provided buffer is that of the parent directory (which is
either unreadable or not a directory; the latter can only happen in the
case of a race) rather than that of the child we attempted to stat.
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D53025
realpath: Belatedly document POSIX conformance
We've been mostly POSIX-conforming since r236400 and fully since r240410,
which fixed a corner case where a missing non-leaf directory would be
reported as ENOTDIR instead of ENOENT.
Sponsored by: Klara, Inc.
Fixes: 7877ed7ce33e ("Avoid mapping ENOENT to ENOTDIR for non-existent path components.")
Reviewed by: ziaee, markj
Differential Revision: https://reviews.freebsd.org/D53027
realpath: Additional test cases
* Passing NULL should result in EINVAL
* Passing an empty path should result in ENOENT
* Failure with a non-null buffer should leave a partial result. As
pointed out in a comment in the test case, this reveals a discrepancy
between the documentation and reality.
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D53024