- Make it platform agnostic
- Separate FreeBSD related code
- Fix tests
- Make it report all non-loaded modules instead of the first occurrence
only
- Update kyuafile.5 man page
Reviewed by: ngie
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/kyua/pull/270
(cherry picked from commit 939fec44a79323ba06cf0ad60d4b69300a8abbc6)
This adds a metadata variable, require.kmods, and corresponding functions
or methods in C, C++, and shell, which allow a test to specify that it
requires particular kernel modules to run. If the kernel modules are not
present, the test is skipped. One might want to consider a kyua option
which makes it attempt to load the modules instead.
Differential Revision: https://reviews.freebsd.org/D47470
(cherry picked from commit 83a1ee578c9d1ab7013e997289c7cd470c0e6902)
It cannot be used safely, and Kyua doesn't even pretend to try.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: igoro
Differential Revision: https://reviews.freebsd.org/D51680
(cherry picked from commit 65bae451c23b8d61b2433259d8e707250660eeff)
libarchive 3.8.1
New features:
#2088 7-zip reader: improve self-extracting archive detection
#2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support
#2403 zip writer: added LZMA + RISCV BCJ filter
#2601 bsdtar: support --mtime and --clamp-mtime
#2602 libarchive: mbedtls 3.x compatibility
Security fixes:
#2422 tar reader: Handle truncation in the middle of a GNU long linkname
(CVE-2024-57970)
#2532 tar reader: fix unchecked return value in list_item_verbose()
(CVE-2025-25724)
#2532 unzip: fix null pointer dereference (CVE-2025-1632)
#2568 warc: prevent signed integer overflow (CVE-2025-5916)
#2584 rar: do not skip past EOF while reading (CVE-2025-5918)
#2588 tar: fix overflow in build_ustar_entry (CVE-2025-5917)
#2598 rar: fix double free with over 4 billion nodes (CVE-2025-5914)
#2599 rar: fix heap-buffer-overflow (CVE-2025-5915)
Important bugfixes:
#2399 7-zip reader: add SPARC filter support for non-LZMA compressors
#2405 tar reader: ignore ustar size when pax size is present
#2435 tar writer: fix bug when -s/a/b/ used more than once with b flag
#2459 7-zip reader: add POWERPC filter support for non-LZMA compressors
#2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
#2539 libarchive: add missing seeker function to archive_read_open_FILE()
#2544 gzip: allow setting the original filename for gzip compressed files
#2564 libarchive: improve lseek handling
#2582 rar: support large headers on 32 bit systems
#2587 bsdtar: don't hardlink negative inode files together
#2596 rar: support large headers on 32 bit systems
#2606 libarchive: support @-prefixed Unix epoch timestamps as date strings
#2634 tar: Support negative time values with pax
#2637 tar: Keep block alignment after pax error
#2642 libarchive: fix FILE_skip regression
#2643 tar: Handle extra bytes after sparse entries
#2649 compress: Prevent call stack overflow
#2651 iso9660: always check archive_string_ensure return value
CVE: CVE-2024-57970, CVE-2025-1632, CVE-2025-25724,
CVE-2025-5914, CVE-2025-5915, CVE-2025-5916,
CVE-2025-5917, CVE-2025-5918
PR: 286944 (exp-run, main, libarchive 3.8.0)
Approved by: so
Security: FreeBSD-SA-25:07.libarchive
(cherry picked from commit 2e113ef82465598b8c26e0ca415fbe90677fbd47)
(cherry picked from commit 6dad4525a2910496ecf3c41de659aac906f6c1f4)
When recursing into a directory to delete it, start by chmod'ing it to
0700. This fixes an issue where kyua is able to run, but not debug, a
test case that creates unwriteable directories, because when debugging
it tries (and fails) to delete the directory after the test completes.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: igoro
Differential Revision: https://reviews.freebsd.org/D51229
(cherry picked from commit 9bf14f2a475e221c48488984dc5a02a4608bb877)
For $reasons, we can't rely on flags in wireguard-tools for the kernel
side of WireGuard. Provide a mapping function that uses flags from the
kernel that we're building against and fail the operation if we made it
to the end without turning some wg(8) flag off.
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
Reviewed by: ivy (previous version), Jason A. Donenfeld, jhb
(cherry picked from commit f6d9e22982a1d0354c0199e94ebdb4474eaa74b9)
Update wireguard-tools to the latest version, which has some stubbed out support
for incremental Allowed-IPs updates that we would need to add kernel support
for.
(cherry picked from commit 137de4b34d45192985e21f6d6163533da547fbac)
Test cleanup times out after 60 seconds, causing the test to fail if the
cleanup hasn't finished in time. This timeout should be configurable,
but it currently is not.
Several tests (e.g. bridge, pf) are now reaching this limit; as a
workaround, increase the timeout to 300 seconds.
Reviewed by: igoro, kevans, des
Approved by: des (mentor), kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D50499
(cherry picked from commit 0e33211f911c906b47cd0c457a86372c4b5daf87)
In /usr/include/c++/v1/__locale_dir/locale_base_api.h, xlocale.h is
included without first including stdio.h and stdlib.h, which causes
functions like strtoll_l() or sscanf_l() to not be declared.
When compiling with -fmodules, locale_base_api.h is processed separately
due to a declaration in /usr/include/c++/v1/module.modulemap, and this
will cause errors due to the above undeclared symbols.
Meanwhile, upstream has substantially reorganized this part of libc++'s
headers, so apply a minimalistic workaround: specifically when compiling
with -fmodules, add includes of stdio.h and stdlib.h.
PR: 286342
Approved by: re (cperciva)
MFC after: 1 week
(cherry picked from commit c809b0184d0a6543bc5327d4252fa56a07ce4689)
(cherry picked from commit cab029073dc6cb5814df44556e585b8fdb1c9846)
The Secure RPC authenticator for telnet prompts the local user for the
username to use for authentication. Previously it was using sprintf()
into a buffer of 256 bytes, but the username received over the wire
can be up to 255 bytes long which would overflow the prompt buffer.
Fix this in two ways: First, use snprintf() and check for overflow.
If the prompt buffer overflows, fail authentication without prompting
the user. Second, add 10 bytes to the buffer size to account for the
overhead of the prompt so that a maximally sized username fits.
While here, replace a bare 255 in the subsequent telnet_gets call with
an expression using sizeof() the relevant buffer.
PR: 270263
Reported by: Robert Morris <rtm@lcs.mit.edu>
Tested on: CHERI
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D49832
(cherry picked from commit 5737c2ae06e143e49496df2ab5a64f76d5456012)
AF_INET assumes that IPv4 is built into the kernel, but it's completely
valid to build a kernel without it. unix(4) sockets, on the other hand,
are not-optional in the kernel build. Given that interface ioctls can
be invoked on any kind of socket, switch to the safer one to avoid
breaking on IPv6-only kernels.
Reported and tested by: ivy
(cherry picked from commit 0d238bc50d453d7ac29476fa71edd1fc9a5fbbf9)
This test case verifies that grep detects symlink loops when traversing
a directory hierarchy.
Fixes: fc12c191c087 ("grep: Default to -p instead of -S.")
Reviewed by: ngie, jhb
Reported by: Jenkins
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D46544
(cherry picked from commit a700bef1e4ee3e6f4e1a86a374bf9b4044f69a70)
The changes between the two versions can be found in this diff of the
two release tags:
https://github.com/google/googletest/compare/v1.14.0...v1.15.2
One notable change is that GoogleTest 1.15.x now officially requires
C++-14 (1.14.x required C++-11).
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47197
Merge commit '14f7077fed7d82046bdcbe347004132f08aba886'
(cherry picked from commit 5ca8c28cd8c725b81781201cfdb5f9969396f934)
98e34e8e2557 circumvented an upstream patch which caused an IPv6
pool regresson. This patch removes the circumvention and replaces
it with an upstream patch planned for the new release of ntp.
(cherry picked from commit bc02e655872021595c434850fbcbdb8dd11d4a46)
98e34e8e2557 circumvented an upstream patch which caused an IPv6
pool regression. This patch, discussed in
https://bugs.ntp.org/show_bug.cgi?id=3958, addresses another
unworkable combination of link-local local address with
non-link-local server.
(cherry picked from commit c1767cf87cb64c25426fd7fe119be283b134509a)
Upstream bug 3943 (https://bugs.ntp.org/show_bug.cgi?id=3943) discusses:
Starting with 4.2.8p18 ntp does not synchronize or even connect to the
configured NTP server any more. ntp stays in .INIT. state indefinitely
and checking the network traffic shows that ntp does not attempt to
contact the NTP server.
This is regression introduced by the fix for upstream bug 3913. This
is a similar bug I reported upstream (ntp bug 3841).
(cherry picked from commit 381956e267569031883a516e10446c29490ee41d)
Kyua and ATF speak different naming styles. In this case, the
unprivileged user property can be named with underscore on the Kyua
side, and with a hyphen on the ATF side. Sometimes it is not obvious
which style should be used in which situation. For instance, a test case
may require this configuration property being set using require.config.
Also, a test case may want to read the property using something like
atf_tc_get_config_var(). Which names should be used in these cases?
From the perspective of the original code, it is expected to be this:
require.config unprivileged-user
atf_tc_get_config_var(tc, "unprivileged-user")
But, as long as Kyua is the main interface, its users expect to work
with kyua.conf(5), which says that it must be named as unprivileged_user
(with underscore). As a result, test authors tend to do this instead:
require.config unprivileged_user
atf_tc_get_config_var(tc, "unprivileged_user")
Kyua already has hacks to understand both unprivileged_user and
unprivileged-user coming from require.config. And this patch covers the
missing second part -- make Kyua pass both names back to ATF as two
identical configuration properties named different ways.
Reviewed by: ngie, asomers
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D49039
(cherry picked from commit 51a8eb6410461c94c8e0f2b59e3417cfb5d7da75)
findsym() is intended for use while parsing input, so it should not be
called from addsym2() or indirectsym(), which are called before any
input is processed.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D48733
(cherry picked from commit c63af363c2458aebc30c01cd0b93b4b902580019)
Replaced by arm-optimized-routines in commit 2e8ff4d1d5 ("Switch to
Arm Optimized Routines for mem* & str*").
Reviewed by: andrew
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48500
(cherry picked from commit 4a7d6666c5ddd135b2023b4b3b4962770ff2e73b)
Set media mode correctly to IFM_IEEE80211_VHT5G if vht_enabled is set
on the channel. Otherwise we'll end up setting 11NA.
Not a problem on first sight given net80211 does the upgrade to VHT
for us. But we would not set iv_des_mode ("desired mode") on the vap.
Setting this will put a contraint on/help scanning for our desired
(VHT) channels to my understanding of the code.
Sponsored by: The FreeBSD Foundation
Reviewed by: cy, adrian
Differential Revision: https://reviews.freebsd.org/D35978
(cherry picked from commit a0e45db6f6eb6660e78921bbd5307fa7fc13d0a9)
This was a comment in a configuration example.
Reported by: bapt
Reviewed by: bapt, jlduran
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48810
(cherry picked from commit 513c4e20790a24526cb1c2f5a4725971a09d928a)
Jan 14, 2025
Fix incorrect error line number issues. unput has
no business managing lineno. Thanks to Ozan Yigit.
Jan 05, 2025
Fix hex detection in is_valid_number.
Fix indirect field specification with non-numeric string
eg. $("foo") in indirect. This is not illegal.
Thanks to Arnold Robbins.
Jan 01, 2025
Fixed openfile to not try to read from a directory.
Thanks to Arnold Robbins.
Sponsored by: Netflix
(cherry picked from commit dd78d987cb38ef162d40aad86229f1dc19884f78)
On ATF side it is named "is.exclusive".
Reviewed by: ngie, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D47671
(cherry picked from commit 2ed24e28d1d95c62cc37ca3534d4d33360b4cef2)
This change brings the descriptor for target "elf64-riscv-freebsd"
in line with its documentation.
I missed this somehow when reviewing https://reviews.freebsd.org/D20768.
Reported by: Haowu Ge (on elftoolchain-developers)
Reviewed by: emaste, imp
Differential Revision: https://reviews.freebsd.org/D48271
(cherry picked from commit aac74b708b3dc49466b0fb5365bc2923b7727a1c)
The patch for upstream (ntp.org) fix for upstream Bug 3851 may have
fixed a Linux bug but it caused a regression when ntpd is run on
FreeBSD.
Suggested that so@ publish an errata and merge this to releng/14.2.
PR: 283116
(cherry picked from commit 98e34e8e255767e18dd8a6c348cff8bfc01b2662)
The 2.6.1 - 2.6.3 releases address several security issues with the
library.
The release notes for the 2.6.1-2.6.3 releases can be found at
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes .
Differential Revision: https://reviews.freebsd.org/D46829
Merge commit '8e1eae2319cd3a651941c88b46d95e8ee8507c6c'
(cherry picked from commit ffd294a1f4c23863c3e515d16dce31d5509bcb01)
