FreeBSD/src a7fc4e3usr.sbin/rpc.tlsservd rpc.tlsservd.c

rpc.tlsservd.c: Pin max threads at 1 for now

PR#289734 reports a crash in tcp_use_close() when the rpc.tlsservd
daemon is being used.  Although I have no, as yet, had time to track
down/fix the race, it turns out setting rpctls_maxthreads to 1
avoids the problem.

This patch pins rpctls_maxthreads to 1 to avoid the problem,
until there is a proper fix.

PR:     289734

(cherry picked from commit 7a289fe3cd5c6de7ddbe394b7700b20b0bafdb3e)
DeltaFile
+7-0usr.sbin/rpc.tlsservd/rpc.tlsservd.c
+7-01 files

FreeBSD/src 0c7c1c2sys/vm vm_fault.c

vm_fault_busy_sleep(): update comment after addition of allocflags arg

(cherry picked from commit f1b656f14464c2e3ec4ab2eeade3b00dce4bd459)
DeltaFile
+4-5sys/vm/vm_fault.c
+4-51 files

FreeBSD/src d1cdb4asys/vm vm_fault.c

vm_fault: assert that first_m is xbusy

(cherry picked from commit a38483fa2b3a26414d3409b12dd35ac406c44cea)
DeltaFile
+8-0sys/vm/vm_fault.c
+8-01 files

FreeBSD/src f4d5c6dsys/vm vm_fault.c

vm_fault: add helper vm_fault_can_cow_rename()

(cherry picked from commit 3f05bbdbd80f2eefb647e595dc73e80d6186d6a5)
DeltaFile
+11-9sys/vm/vm_fault.c
+11-91 files

FreeBSD/src e7422f7sys/vm vm_fault.c

vm_fault: add vm_fault_might_be_cow() helper

(cherry picked from commit 5bd4c04a4e7f7bda657e6027e64675d0caf50715)
DeltaFile
+11-5sys/vm/vm_fault.c
+11-51 files

FreeBSD/src 94ea604sys/vm vm_fault.c

vm_fault: try to only share-busy page for soft faults

(cherry picked from commit 149674bbac5842ac883414a6c1e75d829c70d42b)
DeltaFile
+93-15sys/vm/vm_fault.c
+93-151 files

FreeBSD/src 4b938edsys/vm vm_fault.c

vm_fault_busy_sleep(): pass explicit allocflags for vm_page_busy_sleep()

(cherry picked from commit c6b79f587f27649f90e00bc131d37bafa50ffc62)
DeltaFile
+3-3sys/vm/vm_fault.c
+3-31 files

FreeBSD/src 3126c57sys/vm vm_fault.c

vm_fault: drop never-true busy_sleep test

(cherry picked from commit 2d6185cf87e815d4951a9ddcf5c535ebd07a8815)
DeltaFile
+1-2sys/vm/vm_fault.c
+1-21 files

FreeBSD/src 5f4168fsys/vm vm_fault.c

vm/vm_fault.c: cleanup includes

(cherry picked from commit 0854b4f569e1e68032e431b1efb45b9fd9849194)
DeltaFile
+0-2sys/vm/vm_fault.c
+0-21 files

FreeBSD/src 84b5127sys/kern sys_procdesc.c

pdgetpid(2): switch back returning EBADF for non-procdesc fd

(cherry picked from commit a85525a5c8b28f1516d49e5d6ae5842873c24643)
DeltaFile
+1-1sys/kern/sys_procdesc.c
+1-11 files

FreeBSD/src 3bd1780sys/kern sys_procdesc.c kern_event.c

kern: replace several EBADF with EINVAL

(cherry picked from commit fd9e09cb2ab07993e8dc783c802f273329e70bb8)
DeltaFile
+2-2sys/kern/sys_procdesc.c
+1-1sys/kern/kern_event.c
+3-32 files

FreeBSD/src f0f57fdsys/kern kern_exit.c

kern_exit.c: do not leak reaper bitmap busy bits

PR:     289917

(cherry picked from commit f19ef352ec63f9fcc10076a263b8ce402ba31379)
DeltaFile
+23-23sys/kern/kern_exit.c
+23-231 files

FreeBSD/src 0cc81b3release/tools vmimage.subr

vmimage.subr: Sort METALOG before running makefs

When creating VM images from pkgbase, the METALOG may not be in order;
in particular, files may be listed before the directories which contain
them.  This causes makefs to create directories with 000 permissions.

Interestingly, such VM images boot just fine, since root ignores those
permissions; the first sign of trouble was sshd refusing logins with an
error message which said absolutely nothing about /etc/ having
incorrect permissions or being unable to read files inside it.

Immediately prior to running makefs, sort the METALOG file.  While
we're here, uniquify as well; this does not guarantee that we do not
have duplicate paths, but if there are duplicate paths with different
settings something else has gone wrong and we don't really have any
good way of solving the problem anyway.

Reviewed by:    ivy
Hint from:      imp

    [3 lines not shown]
DeltaFile
+5-0release/tools/vmimage.subr
+5-01 files

FreeBSD/src 2347ca2contrib/blocklist/libexec blocklistd-helper, libexec/blocklistd-helper blacklistd-helper

blocklist-helper: Silence a bogus pf warning

Silence a bogus warning about (an ethernet) anchor not being found.

It has been reported as PR 280516.  In the meantime, just sweep under
the carpet.

Approved by:    emaste (mentor)
MFC after:      2 days
DeltaFile
+1-1contrib/blocklist/libexec/blocklistd-helper
+1-1libexec/blocklistd-helper/blacklistd-helper
+2-22 files

FreeBSD/src 7238317contrib/blocklist/bin blacklistd.c blacklistctl.c, contrib/blocklist/lib old_bl.c blacklist.c

blocklist: Rename blacklist to blocklist

Follow up upstream rename from blacklist to blocklist.

- Old names and rc scripts are still valid, but emitting an ugly warning
- Old firewall rules and anchor names should work, but emitting an ugly
  warning
- Old MK_BLACKLIST* knobs are wired to the new ones

Although care has been taken not to break current configurations, this
is a large patch containing mostly duplicated code.  If issues arise, it
will be swiftly reverted.

Reviewed by:    ivy (pkgbase)
Approved by:    emaste (mentor)
MFC after:      2 days
Relnotes:       yes
DeltaFile
+592-0contrib/blocklist/bin/blacklistd.c
+554-0contrib/blocklist/lib/old_bl.c
+293-0libexec/blocklistd-helper/blacklistd-helper
+170-0contrib/blocklist/bin/blacklistctl.c
+117-0contrib/blocklist/lib/blacklist.c
+97-0crypto/openssh/blocklist.c
+1,823-060 files not shown
+2,570-28866 files

FreeBSD/src 4d56eb0contrib/blocklist/bin blocklistd.c, contrib/blocklist/lib libblocklist.3

blocklist: Revert upstream commit ddf6d71

Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a "one-count"
failure") introduced BLOCKLIST_BAD_USER with a one-count failure
mechanism.  BLOCKLIST_AUTH_FAIL was implemented with a two-count failure
mechanism.  Since we have been utilizing BLOCKLIST_AUTH_FAIL, the number
of failed attempts now doubles towards the maximum limit (nfails),
giving system administrators the impression that the number of failed
authentication attempts is inaccurate.

Revert this commit until a consensus has been reached.  We do not want
to introduce yet another breaking change with the renaming of the
library.

Approved by:    emaste (mentor)
MFC after:      2 days
DeltaFile
+19-13contrib/blocklist/lib/libblocklist.3
+9-9contrib/blocklist/bin/blocklistd.c
+28-222 files

FreeBSD/src 48e64cacontrib/blocklist/bin blocklistd.c blacklistd.c, contrib/blocklist/libexec blocklistd-helper

MFV: Import blocklist 2025-04-28 (8aa81bf)

Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15'

Breaking changes:

- Upstream commit 24932b6 ("blocklistd: log the conf file line number
  with bad protocol errors") breaks backward database compatibility.
  An error will be displayed:
      Key size mismatch 296 != 288
  A new and compatible database, with the new name, will be created when the
  service starts (committed separately).

- Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a
  "one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count
  failure mechanism.  BLOCKLIST_AUTH_FAIL was implemented with a
  two-count failure mechanism.  Since we utilize BLOCKLIST_AUTH_FAIL, the
  number of failed attempts now doubles towards the maximum limit
  (nfails).  This commit will be reverted separately.

    [8 lines not shown]
DeltaFile
+592-0contrib/blocklist/bin/blocklistd.c
+0-576contrib/blocklist/bin/blacklistd.c
+303-0contrib/blocklist/bin/blocklistd.8
+0-284contrib/blocklist/bin/blacklistd.8
+272-0contrib/blocklist/libexec/blocklistd-helper
+237-0contrib/blocklist/bin/blocklistd.conf.5
+1,404-86062 files not shown
+2,833-2,12768 files

FreeBSD/src 70f30afbin conf.c blocklistd.conf.5, lib bl.c

Vendor import of blocklist 2025-04-28 (8aa81bf)

Upstream hash 8aa81bf70073715a749b1673884e84ac82cfce9f.

Approved by:    emaste (mentor)
Obtained from:  https://github.com/zoulasc/blocklist
DeltaFile
+169-32bin/conf.c
+161-18libexec/blocklistd-helper
+72-44lib/bl.c
+37-29bin/blocklistd.conf.5
+51-6bin/blocklistctl.8
+35-19bin/blocklistd.c
+525-14854 files not shown
+995-27760 files

FreeBSD/src 039eba1release/packages/ucl libbegemot-all.ucl yp-all.ucl

release/packages/ucl: Fix typos

MFC after:      3 days
Sponsored by:   https://www.patreon.com/bsdivy
DeltaFile
+2-2release/packages/ucl/libbegemot-all.ucl
+1-1release/packages/ucl/yp-all.ucl
+1-1release/packages/ucl/acpi-all.ucl
+1-1release/packages/ucl/audit-all.ucl
+1-1release/packages/ucl/libbsdstat-all.ucl
+1-1release/packages/ucl/mandoc-all.ucl
+7-76 files

FreeBSD/src 419dcdclib/virtual_oss Makefile.inc

virtual_oss: Move plugins to the sound package

This is the correct place for them, and also issues an incorrect
dependency from utilities to sound.

Fixes:  1b806e607f52 ("packages: Add a sound package")
MFC after:      3 days
Reviewed by:    christos, dch
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53015
DeltaFile
+2-0lib/virtual_oss/Makefile.inc
+2-01 files

FreeBSD/src 426891elib/libbluetooth Makefile

libbluetooth: Move to the bluetooth-lib package

Move the library, but not any of the runtime.  This allows executables
to link against libbluetooth without having to pull in the entire BT
stack.

MFC after:      3 days
Reviewed by:    dch, emaste
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53016
DeltaFile
+2-0lib/libbluetooth/Makefile
+2-01 files

FreeBSD/src 1129bf4. RELNOTES

RELNOTES: Fix up the entry for 5000d023a446
DeltaFile
+2-2RELNOTES
+2-21 files

FreeBSD/src 9504e95. RELNOTES

RELNOTES: Add an entry for commit 5000d023a446
DeltaFile
+7-0RELNOTES
+7-01 files

FreeBSD/src 051c12alib/libcasper/services/cap_fileargs cap_fileargs.h

libcasper: explicit cast in cap_fileargs header

The implicit cast is incompatible with standard compiler options in a
C++ project, making the library difficult to use.

Signed-off-by: Quentin Thébault <quentin.thebault at defenso.fr>
Sponsored by: Defenso
MFC after: 3 days
Discussed with: kevans
Reviewed by: emaste, vexeduxr
Pull request: https://github.com/freebsd/freebsd-src/pull/1857

(cherry picked from commit 349da4dbff722a58affd13d84729b1d399b41fb3)
(cherry picked from commit 998dd4a11a2b4857a55af8e656feaebc4fc78fe8)
DeltaFile
+1-1lib/libcasper/services/cap_fileargs/cap_fileargs.h
+1-11 files

FreeBSD/src 998dd4alib/libcasper/services/cap_fileargs cap_fileargs.h

libcasper: explicit cast in cap_fileargs header

The implicit cast is incompatible with standard compiler options in a
C++ project, making the library difficult to use.

Signed-off-by: Quentin Thébault <quentin.thebault at defenso.fr>
Sponsored by: Defenso
MFC after: 3 days
Discussed with: kevans
Reviewed by: emaste, vexeduxr
Pull request: https://github.com/freebsd/freebsd-src/pull/1857

(cherry picked from commit 349da4dbff722a58affd13d84729b1d399b41fb3)
DeltaFile
+1-1lib/libcasper/services/cap_fileargs/cap_fileargs.h
+1-11 files

FreeBSD/src 8a7ac88release/tools ec2-builder.conf ec2-small.conf

EC2: Fix additional files on small+builder AMIs

The file /usr/local/etc/ssl/cert.pem is not present on "small" and
"builder" AMIs, so we don't need to add it to METALOG.

Fixes:  2b0ffc0ee48c ("EC2: metalog_add missing files from packages")
MFC after:      3 days
Sponsored by:   https://www.patreon.com/cperciva
DeltaFile
+0-1release/tools/ec2-builder.conf
+0-1release/tools/ec2-small.conf
+0-22 files

FreeBSD/src abd9424usr.sbin/bsdinstall/scripts auto jail

bsdinstall: Tweak pkgbase/dist set labels

Have the button labels refer to the artifact type directly (distribution
sets / packages), and use "Tech Preview" as packaged base is no longer
experimental.

Reviewed by:    ivy, cperciva
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52999
DeltaFile
+2-2usr.sbin/bsdinstall/scripts/auto
+2-2usr.sbin/bsdinstall/scripts/jail
+4-42 files

FreeBSD/src 146b7bbusr.bin/netstat if.c

netstat: Fix -ia missing multicast addresses on some interfaces

sdl_data isn't always NULL terminated

Signed-off-by: nreilly at qnx.com

PR:             288958
Reviewed by:    markj
MFC after:      1 week

(cherry picked from commit 0952943a680dca12fe8f65f8813a9dca0783ce88)
DeltaFile
+2-1usr.bin/netstat/if.c
+2-11 files

FreeBSD/src 54a72bbusr.bin/netstat if.c

netstat: Fix -ia missing multicast addresses on some interfaces

sdl_data isn't always NULL terminated

Signed-off-by: nreilly at qnx.com

PR:             288958
Reviewed by:    markj
MFC after:      1 week

(cherry picked from commit 0952943a680dca12fe8f65f8813a9dca0783ce88)
DeltaFile
+2-1usr.bin/netstat/if.c
+2-11 files

FreeBSD/src 21716b6contrib/kyua/drivers run_tests.cpp

kyua: Make "test" command actually report about workdir cleanup issues

Reviewed by:    ngie
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D51136
DeltaFile
+1-1contrib/kyua/drivers/run_tests.cpp
+1-11 files