| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
PR: 243380
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1106
(cherry picked from commit 783baf00128f6cf6fc08404eaad6a11b29d4025d)
|
| |
|
|
|
|
|
|
| |
This was copied from arm to aarch64 to riscv, but only arm uses it.
MFC after: 1 week
(cherry picked from commit 02d06043ba88f931f9debd5aa519fc303ca70d11)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was applying a NetBSD fix to FreeBSD. However, the original code
was correct for FreeBSD. NetBSD's obj->tlsoffset is relative to the end
of the TCB, not the TCB itself, whilst ours is relative to the TCB[1]
itself. For example, our allocate_tls uses (char *)tcb + obj->tlsoffset
for the memcpy and memset calls.
Without this reverted, for dynamically loaded shared objects, Initial
Exec accesses to TLS variables on variant I architectures (non-x86) use
the correct address, whilst General Dynamic and dlsym(3) use the
incorrect address (TLS_TCB_SIZE past the start). Note that, on arm64,
LLVM only supports TLSDESC (including LLD) and TLSDESC will use the
static resolver if the variable ends up allocated to the static TLS
block, even in the presence of dlopen(3), so only dlsym(3) shows the
discrepancy there.
Whilst here, add a comment to explain this difference to try and avoid
the same mistake being made in future.
[1] In the case of variant II, it's the amount to subtract, so still
positive
This reverts commit e9a38ed2fa61fd264a80f24ceb35f39b0ac6463d.
Reviewed by: kib (prior version)
Fixes: e9a38ed2fa61 ("rtld: fix allocate_module_tls() variant I fallback to static allocation")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50565
(cherry picked from commit ccfb1c50e45dbb7fcadf7e1932f63cf1702ef13a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Provided you don't run out of extra static TLS space this should work,
but it's wholly unnecessary and not how things are supposed to be done.
Only static TLS relocations should allocate static TLS.
Reviewed by: kib
Fixes: 4b1859c0e943 ("Add support for RISC-V architecture.")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50563
(cherry picked from commit 03801d449a3731cb643a51625c8c4d5d07b2e54c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For direct exec mode we reuse map_object, but tls_max_index is
initialised to 1. As a result, the executable ends up being assigned
module 2 (and the generation is pointlessly incremented, unlike in
digest_phdr for the normal case). For most architectures this is
harmless, since TLS linker relaxation will optimise General Dynamic
accesses to Initial Exec or Local Exec for executables, but on RISC-V
this relaxation does not exist, yet the linker will initialise the
tls_index in the GOT with module 1, and at run time the call to
__tls_get_addr will fail with:
ld-elf.so.1: Can't find module with TLS index 1
Fix this by making map_object use 1 for obj->tlsindex when it's loading
the main executable, and don't bother to increment tls_dtv_generation
either, matching digest_phdr (though that one is harmless).
(Note this also applies to MIPS on stable/13)
Reviewed by: kib
Fixes: 0fc65b0ab82c ("Make ld-elf.so.1 directly executable.")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50186
(cherry picked from commit a08d92def20a41243d4afc97cf4a2124be5386b9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If no extra rtld arguments are provided, rtld_argc will be 1 (for
argv[0] and so we are shifting the entire memory range down by a single
pointer. However, unlike argv and envp, auxp's entries are two pointers
in size, not one, and so in this case the source and destination
overlap, meaning simple assignment is UB (C99 6.5.16.1p3). On many
architectures this ends up being harmless as the compiler will emit
double machine word loads and stores, or if it splits them it may still
schedule them such that it works in this case, but our RISC-V baseline
does not include such instructions and LLVM ends up picking a schedule
that copies the second word before the first word, thereby replacing the
first word with a copy of the second word. This results in direct exec
mode segfaulting on RISC-V when given no arguments.
Fix this by using a temporary in the source and let the compiler safely
elide its use.
Reviewed by: kib
Fixes: 0fc65b0ab82c ("Make ld-elf.so.1 directly executable.")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50185
(cherry picked from commit 2b04ba6e08b983d8756552286846059507bca7a3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation of dl_iterate_phdr abuses tls_get_addr_slow to get to
the start of the TLS block, inlining the implementation of
__tls_get_addr as if the tls_index's ti_offset were 0 (historically it
called __tls_get_addr itself but changed due to locking issues). For
most architectures, tls_index's ti_offset (relocated by DTPOFF/DTPREL
for GOT entries) is just the offset within that module's TLS block.
However, for PowerPC and RISC-V, which have a non-zero TLS_DTV_OFFSET
and thus are designed assuming DTV entries are biased by that value,
ti_offset normally has TLS_DTV_OFFSET pre-subtracted, but it's
__tls_get_addr's responsibility to compensate for that. By using an
offset of zero here, tls_get_addr_slow will return a pointer to the
start of the TLS block itself, so by adding TLS_DTV_OFFSET we will point
TLS_DTV_OFFSET past the module's TLS block.
Fix this by removing the extra bias (the alternative would be to pass
-TLS_DTV_OFFSET and keep the addition, which would more closely follow
what __tls_get_addr does, but this is more direct).
(Note this also applies to MIPS on stable/13)
Reviewed by: kib
Fixes: d36d68161517 ("rtld dl_iterate_phdr(): dlpi_tls_data is wrong")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50184
(cherry picked from commit c02aaba1b4549c1c3b1481f7c935f6cc80b98e8d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation here is meant to mirror what a GOT entry for the
given symbol would use for ti_offset. However, on PowerPC and RISC-V,
TLS_DTV_OFFSET is non-zero, and so the GOT entries are normally biased
by this, but we fail to do so here. As a result we end up getting a
pointer TLS_DTV_OFFSET past where the variable actually is.
(Note this also applies to MIPS on stable/13)
Reviewed by: kib
Fixes: 5ceeeba90c6c ("Import DragonFly BSD commit")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50183
(cherry picked from commit 8ad9cec3a2cc643020a286ee68f70eb01225fbdd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU/Linux has historically had the following two resolver prototypes:
1. Elf_Addr(uint64_t, void *)
2. Elf_Addr(uint64_t, void *, void *)
For the former, AT_HWCAP is passed in the first argument, and NULL in
the second. For the latter, AT_HWCAP is still passed, and the second
argument is a pointer to their home-grown __riscv_hwprobe function.
Should they want to use the third argument in future, they'll have to
introduce yet another prototype to allow for later expansion, and then
all users will have to check whether the second argument is NULL to know
if the third argument really exists. This is all rather silly and will
surely prove fun in the face of type-checking CFI.
Instead, be like arm64 and just define all 8 possible general purpose
register arguments up front. To naive source code that forgets non-Linux
OSes exist this will be compatible with prototype 1 above, since the
second argument will be 0 and it won't look further (though should we
start using the second argument for something that wouldn't be true any
more and it might think it's __riscv_hwprobe, but that incompatibility
is one we can defer committing to, and can choose to never adopt).
Until the standard interface for querying extension information[1] is
settled and implemented in FreeBSD there's not much you can do in a
resolver other than use HWCAP_ISA_B, but this gets the infrastructure in
place for when that day comes.
[1] https://github.com/riscv-non-isa/riscv-c-api-doc/pull/74
Reviewed by: kib, mhorne
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D46278
(cherry picked from commit 729d2b16b74fa5207a12aa1de190bd930432810e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we pass the raw pointer to the on-stack auxargs. This can
legitimately have fewer than AT_COUNT entries, so the use of
__min_size(AT_COUNT), i.e. static AT_COUNT, is inaccurate, and also
needlessly forces the callee to iterate over the elements to find the
entry for a given type. Instead we can just pass aux_info like we use
for everything else.
Note that the argument has been left unused by every callee since its
introduction in 4352999e0e6c ("Pass CPUID[1] %edx (cpu_feature), %ecx
(cpu_feature2) and CPUID[7].%ebx (cpu_stdext_feature), %ecx
(cpu_stdext_feature2) to the ifunc resolvers on x86.")
Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D46276
(cherry picked from commit 33658afd4e4d11cd71d92e52ca9da5381cdd829b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ipfilter options are erased and reset to default when ipfilter is
disabled. This results in nullifying options from rc.conf that were
previously set.
8d6feaaaa26f, which added this code, was incorrect as it was for a bug in
ipfilter 4.2.28 and no longer applies to ipfilter 5.1.2.
Fixes: 8d6feaaaa26f
(cherry picked from commit cc1e4aae5a67a20f3c0fff13612364e6e4404f93)
|
| |
|
|
| |
(cherry picked from commit f04b23ce3547c238dcd52d4fa1a7d401ad38d1b1)
|
| |
|
|
|
|
|
|
|
|
| |
This prevents dumping the memory layout of setugid processes.
MFC after: 3 days
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D54033
(cherry picked from commit 5242bcff202fa2a5a39895423c8d8c11c02ad76a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_size_max ipf tuneable adjusts this but the adjustment is made
in the ipfilter rc script, invoked after the ippool script (because it
depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
ipfilter_optionlist load will also occur in the ipfilter rc script in case
the user uses ipfilter without ippool.
Fixes: df381bec2d2b
(cherry picked from commit d5d005e9bf4933d5680dd0bb5d42bdf440122aa4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow umask to be configurable.
Being able to set the umask via an rc variable is useful when setting:
security.bsd.unprivileged_read_msgbuf=0
As it allows a user to configure:
dmesg_umask="066"
Without modifying the rc script, and preventing the contents of the
$dmesg_file (/var/run/dmesg.boot) from being publicly readable.
PR: 272552
Reviewed by: netchild
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53169
(cherry picked from commit edadbc6ee95570627679f3bc14a1d5476d0ce339)
|
| |
|
|
|
|
|
|
| |
Reviewed by: emaste
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53168
(cherry picked from commit 982d70ca2e6333b7e8ccf828b004ccf20a9cc550)
|
| |
|
|
|
|
|
|
|
|
| |
Reviewed by: emaste
Approved by: emaste (mentor)
Obtained from: NetBSD
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52746
(cherry picked from commit 1060684b04b0ee1e07c6c91f7c52978835ff676a)
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a blocklist probe when user access is denied.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52747
(cherry picked from commit 307929b211e07f91260105211b57678e906327af)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When processing a notification, instead of accepting any file name
that doesn't begin with a slash, accept only file names that don't
contain any slashes at all. This makes it possible to notify a
user about a mailbox that doesn't bear their name, as long as they
are permitted to read it, but prevents comsat from reading files
outside the mail spool.
PR: 270404
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D51580
(cherry picked from commit 4a4338d94401f0012380d4f1a4d332bd6d44fa8e)
comsat: Don't return from the child
Fixes: 91629228e3df
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D51581
(cherry picked from commit e40a2c4927a8068d7b6adee69c90ae3be8efc4df)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Just return from jkfprintf if either (a) user lookup fails (that is,
getpwnam fails) or (b) setuid() to the user's uid fails. If comsat is
invoked from inetd using the default of tty:tty we will now return due
to setuid() failing rather than fopen() failing.
PR: 270404
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47823
(cherry picked from commit 062b69ba045dc0fef3d9b8d73365d2798c05a480)
comsat: Use initgroups and setgid not just setuid
PR: 270404
Reviewed by: jlduran
Obtained from: NetBSD
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47828
(cherry picked from commit d4dd9e22c13896e6b5e2a6fc78dad4f8496cc14d)
comsat: move uid/gid setting earlier
It's good to reduce privilege as early as possible.
Suggested by: jlduran
Reviewed by: jlduran
Obtained from: NetBSD
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47869
(cherry picked from commit 91629228e3df14997df12ffc6e7be6b9964e5463)
|
| |
|
|
|
|
|
|
|
|
| |
This script references variables beloning to the nfsd and zfs services,
therefore it needs to load their configurations.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D51473
(cherry picked from commit aa183bc7f96fdd51c4a6ead5586a1cb1ecec6bb2)
|
| |
|
|
|
|
|
|
|
|
|
| |
PR: 282404
Reviewed by: markj, netchild
Approved by: markj (mentor)
MFC after: 2 weeks
Event: Berlin Hackathon 202507
Differential Revision: https://reviews.freebsd.org/D47329
(cherry picked from commit 46f18ecf8d3cdda1cd433841c44a4c1268ab9721)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting multiple pf_fallback_rules in /etc/rc.conf as per the
documentation produces invalid pf syntax due to the lack of echo
quoting $pf_fallback_rules in /etc/rc.d/pf. Adding quotes around
the $pf_fallback_rules echo maintains newlines needed for valid
pfctl syntax. Provided patch resolves the issue
Also updating rc.conf(5) to reflect that multi-line pf_fallback_rules
should not include a trailing backslash (\) as line breaks are
needed when passing rules to pfctl via stdin.
PR: 288197
Reviewed by: kp
MFC after: 2 weeks
(cherry picked from commit 9e8c1f9576e75fcd34007c6e8a4a6da0b1b2f1e2)
|
| |
|
|
|
|
|
| |
MFC after: 3 days
Event: Berlin Hackathon 202507
(cherry picked from commit 5d5258653ba4b37c38e48443f265ee4dcedf9a50)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace "ifconfig -ul" with "ifconfig -n" because netlink-enabled
/sbin/ifconfig utility has sub-optimal performance for listing.
Combined with the commit b1b17432aa1be670564161232d110461a5dde4ce,
these changes mostly eliminate performance regression of the command
"service devd start" for a system having hundreds of network interfaces
created before devd starts, after FreeBSD 14+ switched
/sbin/ifconfig to netlink(4)
PR: 287872
(cherry picked from commit 6d3bc576abbd84f736d917f5bfec4e3fe7e6c125)
(cherry picked from commit 24e8ed535ff673b9ea751c3d3b2a68ef0a29b0e2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the ntpd -u option to set the credentials ntpd is to run under
while still using rc(8) to invoke causes some FreeBSD installs to fail
to load mac_ntp. The fact that that can_run_nonroot() does not
indicate why failures occur leaves people on the mailing lists
guessing as to why there are failures. Let's revert back to using
the rc(8) provided su. The ntpd rc script will be rewritten when
the ntpd chroot will be implemented.
Reported on: freebsd-stable@
This reverts commit 521f66715afb312b356afafc68cbc044a436a753.
(cherry picked from commit 5ca7754519e8c618968d8acbf54d653b6e968829)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up style and make more consistent.
Replace test with if-then-else to make the script more legible.
Replace the call to dirname with the shell %/* operator avoiding a
fork & exec.
Reorder the test for $var_run_autosave before the test for /var/run on
tmpfs. This avoids gratuitously scanning the mount table for a tmpfs
/var/run.
Initial concept by and in discussion with:
Harry Schmalzbauer <freebsd@omnilan.de>
No functional change intended.
MFC after: 2 weeks
Differnential revision: https://reviews.freebsd.org/D47773
(cherry picked from commit ed9712f8943573136fa92a0e61c8e7c10952eeb0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Using the rc plumbing to setuid(2) is preferred as it allows the user
to use the -i option in ntpd_flags to chroot ntpd.
Chrooting ntpd by default will be a 2025 project.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D48191
(cherry picked from commit 521f66715afb312b356afafc68cbc044a436a753)
|
| |
|
|
|
|
| |
- s/tralier/trailer/
(cherry picked from commit 5da0eee3d842bd0bef2c95553e75e462cda27ee6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sendmail startup script can run 4 daemons: sendmail, sendmail_submit,
sendmail_outbound, and sendmail_msp_queue. Of the first 3 at most one
can be enabled. There's a run_rc_command call for each and the ones for
sendmail and sendmail_msp_queue run unconditionally. For some rc
commands this triggers warnings or errors when sendmail_enable="NO" or
sendmail_msp_queue_enable="NO". Since d2e7bb630b83 these errors are
propagated and the whole script fails.
Fix this by first determining which daemons are enabled, setting ${name}
and ${rcvar} accordingly, and then always calling run_rc_command
conditionally.
Also replace ${name}.cf with sendmail.cf because ${name} isn't always
sendmail.
PR: 282585
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47757
(cherry picked from commit 6b17d944a1d448dbb797c5fa5b0778242ba02e52)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As of LLD 14, it no longer falls back to the address of .text if it
can't find the entry point, and instead just uses address 0. Since the
mips port has always used rtld_start as its entry point symbol but has
never set RTLD_ENTRY to match (instead getting the default .rtld_start),
with LLD 14+ it ends up using an entry point of 0, i.e. reinterpreting
various headers and metadata sections as code, and thus quickly dies, in
my case with SIGILL. This has seemingly always been a warning with LLD
even when it defaulted to .text, but that went unnoticed this whole
time, until now. Fix this by specifying the right symbol name.
This is a direct commit to stable/13 as mips no longer exists in main.
|
| |
|
|
|
|
|
|
| |
We intend to create the containing directory here. Fix this typo.
PR: 282939
(cherry picked from commit 4d58cf6ff905377dbca1ecf004f53133e6b57a46)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
net/frr[89] revealed an interesting edge-case on arm when dynamically
linking a shared library that declares more than one static TLS variable
with at least one using the "initial-exec" TLS model. In the case
of frr[89], this library was libfrr.so which essentially does the
following:
#include <stdio.h>
#include "lib.h"
static __thread int *a
__attribute__((tls_model("initial-exec")));
void lib_test()
{
static __thread int b = -1;
printf("&a = %p\n", &a);
printf(" a = %p\n", a);
printf("\n");
printf("&b = %p\n", &b);
printf(" b = %d\n", b);
}
Allocates a file scoped `static __thread` pointer with
tls_model("initial-exec") and later a block scoped TLS int. Notice in
the above minimal reproducer, `b == -1`. The relocation process does
the wrong thing and ends up pointing both `a` and `b` at the same place
in memory.
The output of the above in the broken state is:
&a = 0x4009c018
a = 0xffffffff
&b = 0x4009c018
b = -1
With the patch applied, the output becomes:
&a = 0x4009c01c
a = 0x0
&b = 0x4009c018
b = -1
Reviewed by: kib
Approved by: kp (mentor)
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42415/
(cherry picked from commit 98fd69f0090da73d9d0451bd769d7752468284c6)
|
| |
|
|
|
|
|
|
|
|
|
| |
There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.
PR: 130555
Reviewed by: jlduran
Differential Revision: https://reviews.freebsd.org/D47346
(cherry picked from commit 8d6feaaaa26f444abb209360e52b993e39cb81bb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you have a mail server that is running sendmail daemon
(sendmail_enable=YES) and sendmail queue runner (sendmail_msp_queue=YES)
and the sendmail daemon dies, /etc/rc.d/sendmail status does see the
daemon is not running but returns 0 as the exit code. This prevents
other programs (like puppet) from restarting sendmail to fix the issue.
Make sure that the exit code is propagated towards the end of the script
if any of the sendmail services fail.
This patch does not call exit directly but instead just sets the exit
status code by calling exit in a subshell. This way we do not exit the
current shell in case the service script is sourced (e.g., when
rc_fast_and_loose is active).
PR: 223132
MFC after: 2 weeks
Reported by: pirzyk
Discussed with: jilles, eugen
Reviewed by: christos, gshapiro (previous version), markj
Approved by: christos (mentor), markj (mentor)
Differential Revision: https://reviews.freebsd.org/D46862
Co-authored-by: Jim Pirzyk <pirzyk@FreeBSD.org>
(cherry picked from commit d2e7bb630b83848a774d8213014a9e0747775019)
|
| |
|
|
|
|
|
|
| |
Just fixing a typo ("configuriing" => "configuring").
Pull Request: https://github.com/freebsd/freebsd-src/pull/1484
(cherry picked from commit 65691b2dafda23691c3989749def755a98e731ec)
|
| |
|
|
|
|
|
|
|
|
| |
oomprotect cannot be used in a jail.
Reviewed by: bnovkov, christos, markj
Approved by: bnovkov (mentor), christos (mentor), markj (mentor)
MFC after: 1 week
(cherry picked from commit 6fa42b91ca3f481912af98c4d49c44507eb1b8e1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sendmail service script needs to be stopped during shutdown
to ensure a clean shutdown of active SMTP connections (and writing
any in memory queue files).
rcorder(8) requires the rcorder block to be an uninterrupted sequence of
REQUIRE, PROVIDE, BEFORE, and KEYWORD lines. Having a comment in between
REQUIRE and KEYWORD makes rcorder stop parsing the block when it reaches
the comment.
Fix that by moving the comment out from the rcorder block.
Reviewed by: bnovkov, christos, gshapiro, markj
Approved by: bnovkov (mentor), christos (mentor), markj (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46924
(cherry picked from commit 8751fbe36ff02ed695f02132ee6eac723d2bbe3f)
|
| |
|
|
|
|
|
| |
MFC after: 2 weeks
Approved by: christos
(cherry picked from commit 401516dbc54e4a4cba3085cd605fbf6cf8293b79)
|
| |
|
|
|
|
|
|
|
|
|
| |
As of 1b5be7204eaeeaf58eefdebe5b308f90792c693b we setup parts of IPv6
before IPv4 if configured. For consistency change a case in ifn_start()
calling ipv6_up() before ipv4_up() and reverse in ifn_stop().
Reviewed by: zlei
Differential Revision: https://reviews.freebsd.org/D33426
(cherry picked from commit ed4d2a54fc7a0397c2042f496f176305ca03ebdd)
|
| |
|
|
|
|
|
|
|
|
| |
These ones were unambiguous cases where the Foundation was the only
listed copyright holder.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 5c2bc3db201a4fe8d7911cf816bea104d5dc2138)
(cherry picked from commit f06d322e9d925ab56a4aa8210a67637d4d341ab6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new rc.conf option to not wait for ARP resolution within
dhclient. This is plausible on many modern networks where it is possible
to trust the DHCP server to know whether an IP address is available.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 503adcdf1db35eab0f3d35392947a6da3bd19539)
|
| |
|
|
|
|
|
| |
This is a direct commit to stable/13.
Reported by: mmel
Fixes: f9210d37c5c6 ("rtld: Add MD_OBJ_ENTRY to extend Struct_Obj_Entry")
|
| |
|
|
|
|
|
|
|
|
|
|
| |
11da791920ba switched Leap-seconds source from IANA to IERS, as IERS
is the canonoical source. The problem ist that IERS is not accessible
from IPv6 only networks. To work around this we must add IANA back in
order to provide IPv6-only users a source for leap-seconds fetch.
PR: 279413
Fixes: 11da791920ba
(cherry picked from commit 66f360515d2829d261c0ad7bd516e9dd18c2dd83)
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a macro the architectures can use to add per-arch fields to
Struct_Obj_Entry.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45116
(cherry picked from commit 06db20ffeca9898e5802d63f3b06caaa37c3a4ed)
|
| |
|
|
|
|
| |
Clarify that ${name}_offcmd is for method start.
(cherry picked from commit af1b0aa5b957bbfedc929167aa3459ad2d8b6653)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New variable ${name}_offcmd may be used to supply commands
executed if named service is not enabled. Previously start_precmd
could be used for such a task but now rc.subr(8) does not call it
if a service is not enabled.
Fix devd startup script to use it instead of start_precmd.
PR: 279198
Reported by: Dmitry S. Lukhtionov
Tested by: Dmitry S. Lukhtionov
(cherry picked from commit 32a579e4fc69a65e8901111ad5f65ec56a97dfab)
(cherry picked from commit c2db3a0c7d31116028b38b426a9b139d26cbc7e5)
|
| |
|
|
|
|
|
|
|
| |
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: imp, markj
Differential Revision: https://reviews.freebsd.org/D45129
(cherry picked from commit 816c4d3dcf99adcd40a03d93431237ddbd23bbdf)
|
| |
|
|
| |
(cherry picked from commit 6a7819e43f938992304472054c83f4a6602a9e19)
|
| |
|
|
| |
(cherry picked from commit ef2694f368cee5957ee44b0298da88ff8360d561)
|
