git: d73fac00cdd4 - stable/15 - MFV: Import blocklist 2026-02-07 (10a907f)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 10 Feb 2026 01:39:28 UTC
The branch stable/15 has been updated by jlduran:
URL: https://cgit.FreeBSD.org/src/commit/?id=d73fac00cdd413ebfe6f18907ea9ca4cb6051200
commit d73fac00cdd413ebfe6f18907ea9ca4cb6051200
Author: Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2026-02-07 22:59:49 +0000
Commit: Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2026-02-10 01:33:09 +0000
MFV: Import blocklist 2026-02-07 (10a907f)
Merge commit 'a39ba5e2935176fe982235556e46ba3f51178187'
Changes:
https://github.com/zoulasc/blocklist/compare/8a4b011...10a907f
MFC after: 3 days
(cherry picked from commit 56c94c76432b1aafcc9b099398e674f0ae87623c)
---
contrib/blocklist/bin/blocklistd.c | 28 ++++++------
contrib/blocklist/bin/blocklistd.conf.5 | 6 +--
contrib/blocklist/bin/run.c | 17 ++++----
contrib/blocklist/bin/support.c | 5 +--
contrib/blocklist/port/popenve.c | 75 +++++++++++++++++----------------
5 files changed, 67 insertions(+), 64 deletions(-)
diff --git a/contrib/blocklist/bin/blocklistd.c b/contrib/blocklist/bin/blocklistd.c
index 7bbb03c0cc41..86f878960d03 100644
--- a/contrib/blocklist/bin/blocklistd.c
+++ b/contrib/blocklist/bin/blocklistd.c
@@ -1,4 +1,4 @@
-/* $NetBSD: blocklistd.c,v 1.14 2025/12/15 15:51:37 christos Exp $ */
+/* $NetBSD: blocklistd.c,v 1.15 2026/02/07 14:32:04 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
#ifdef HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: blocklistd.c,v 1.14 2025/12/15 15:51:37 christos Exp $");
+__RCSID("$NetBSD: blocklistd.c,v 1.15 2026/02/07 14:32:04 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -346,10 +346,10 @@ addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd,
exit(EXIT_FAILURE);
if (*nfd >= *maxfd) {
*maxfd += 10;
- *blp = realloc(*blp, sizeof(**blp) * *maxfd);
+ *blp = reallocarray(*blp, *maxfd, sizeof(**blp));
if (*blp == NULL)
err(EXIT_FAILURE, "malloc");
- *pfdp = realloc(*pfdp, sizeof(**pfdp) * *maxfd);
+ *pfdp = reallocarray(*pfdp, *maxfd, sizeof(**pfdp));
if (*pfdp == NULL)
err(EXIT_FAILURE, "malloc");
}
@@ -373,7 +373,7 @@ uniqueadd(struct conf ***listp, size_t *nlist, size_t *mlist, struct conf *c)
}
if (*nlist == *mlist) {
*mlist += 10;
- void *p = realloc(*listp, *mlist * sizeof(*list));
+ void *p = reallocarray(*listp, *mlist, sizeof(*list));
if (p == NULL)
err(EXIT_FAILURE, "Can't allocate for rule list");
list = *listp = p;
@@ -410,7 +410,7 @@ rules_restore(void)
db = state_open(dbfile, O_RDONLY, 0);
if (db == NULL) {
(*lfun)(LOG_ERR, "Can't open `%s' to restore state (%m)",
- dbfile);
+ dbfile);
return;
}
for (f = 1; state_iterate(db, &c, &dbi, f) == 1; f = 0) {
@@ -468,12 +468,12 @@ main(int argc, char *argv[])
case 's':
if (nblsock >= maxblsock) {
maxblsock += 10;
- void *p = realloc(blsock,
- sizeof(*blsock) * maxblsock);
+ void *p = reallocarray(blsock, maxblsock,
+ sizeof(*blsock));
if (p == NULL)
- err(EXIT_FAILURE,
- "Can't allocate memory for %zu sockets",
- maxblsock);
+ err(EXIT_FAILURE, "Can't allocate "
+ "memory for %zu sockets",
+ maxblsock);
blsock = p;
}
blsock[nblsock++] = optarg;
@@ -552,7 +552,7 @@ main(int argc, char *argv[])
}
}
if (state == NULL)
- return EXIT_FAILURE;
+ exit(EXIT_FAILURE);
if (!debug) {
if (daemon(0, 0) == -1)
@@ -574,7 +574,7 @@ main(int argc, char *argv[])
if (errno == EINTR)
continue;
(*lfun)(LOG_ERR, "poll (%m)");
- return EXIT_FAILURE;
+ exit(EXIT_FAILURE);
case 0:
state_sync(state);
break;
@@ -590,5 +590,5 @@ main(int argc, char *argv[])
update();
}
state_close(state);
- return 0;
+ exit(EXIT_SUCCESS);
}
diff --git a/contrib/blocklist/bin/blocklistd.conf.5 b/contrib/blocklist/bin/blocklistd.conf.5
index 3a7dbfc07f58..cff8b33302ef 100644
--- a/contrib/blocklist/bin/blocklistd.conf.5
+++ b/contrib/blocklist/bin/blocklistd.conf.5
@@ -1,4 +1,4 @@
-.\" $NetBSD: blocklistd.conf.5,v 1.7 2025/02/11 17:47:05 christos Exp $
+.\" $NetBSD: blocklistd.conf.5,v 1.9 2026/01/13 21:38:18 christos Exp $
.\"
.\" Copyright (c) 2015, 2025 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd February 5, 2025
+.Dd January 13, 2026
.Dt BLOCKLISTD.CONF 5
.Os
.Sh NAME
@@ -102,7 +102,7 @@ The syntax for the
.Va location
is:
.Bd -literal -offset indent
- [<address>|<interface>][/<mask>][:<port>]
+ [<address>|<interface>[/<mask>]:]<port>
.Ed
.Pp
The
diff --git a/contrib/blocklist/bin/run.c b/contrib/blocklist/bin/run.c
index adcc407e65c6..900712918114 100644
--- a/contrib/blocklist/bin/run.c
+++ b/contrib/blocklist/bin/run.c
@@ -1,4 +1,4 @@
-/* $NetBSD: run.c,v 1.3 2025/02/11 17:48:30 christos Exp $ */
+/* $NetBSD: run.c,v 1.4 2026/02/07 14:29:09 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
#ifdef HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: run.c,v 1.3 2025/02/11 17:48:30 christos Exp $");
+__RCSID("$NetBSD: run.c,v 1.4 2026/02/07 14:29:09 christos Exp $");
#include <stdio.h>
#ifdef HAVE_LIBUTIL_H
@@ -64,10 +64,10 @@ static char *
run(const char *cmd, const char *name, ...)
{
const char *argv[20];
- size_t i;
+ size_t i, len;
va_list ap;
FILE *fp;
- char buf[10240], *res;
+ char *line, *res;
argv[0] = "control";
argv[1] = cmd;
@@ -79,6 +79,7 @@ run(const char *cmd, const char *name, ...)
va_end(ap);
if (debug) {
+ char buf[2048];
size_t z;
int r;
@@ -99,10 +100,10 @@ run(const char *cmd, const char *name, ...)
(*lfun)(LOG_ERR, "popen %s failed (%m)", controlprog);
return NULL;
}
- if (fgets(buf, sizeof(buf), fp) != NULL)
- res = strdup(buf);
- else
- res = NULL;
+ line = res = NULL;
+ len = 0;
+ if (getline(&line, &len, fp) >= 0)
+ res = line;
pclose(fp);
if (debug)
(*lfun)(LOG_DEBUG, "%s returns %s", cmd, res);
diff --git a/contrib/blocklist/bin/support.c b/contrib/blocklist/bin/support.c
index 91e40812611e..66d6ccce7db0 100644
--- a/contrib/blocklist/bin/support.c
+++ b/contrib/blocklist/bin/support.c
@@ -1,4 +1,4 @@
-/* $NetBSD: support.c,v 1.3 2025/02/11 17:48:30 christos Exp $ */
+/* $NetBSD: support.c,v 1.4 2026/02/07 14:29:58 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
#ifdef HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: support.c,v 1.3 2025/02/11 17:48:30 christos Exp $");
+__RCSID("$NetBSD: support.c,v 1.4 2026/02/07 14:29:58 christos Exp $");
#include <time.h>
#include <string.h>
@@ -120,7 +120,6 @@ fmtydhms(char *b, size_t l, time_t t)
y = t;
- z = 0;
o = 0;
#define APPEND(a) \
if (a) { \
diff --git a/contrib/blocklist/port/popenve.c b/contrib/blocklist/port/popenve.c
index bdff8cdc1de4..30aac98a7f64 100644
--- a/contrib/blocklist/port/popenve.c
+++ b/contrib/blocklist/port/popenve.c
@@ -1,4 +1,4 @@
-/* $NetBSD: popenve.c,v 1.2 2025/02/11 17:48:30 christos Exp $ */
+/* $NetBSD: popenve.c,v 1.3 2026/02/07 14:26:07 christos Exp $ */
/*
* Copyright (c) 1988, 1993
@@ -43,23 +43,23 @@
#if 0
static char sccsid[] = "@(#)popen.c 8.3 (Berkeley) 5/3/95";
#else
-__RCSID("$NetBSD: popenve.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
+__RCSID("$NetBSD: popenve.c,v 1.3 2026/02/07 14:26:07 christos Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
-#include <sys/param.h>
-#include <sys/wait.h>
+#include <sys/types.h>
#include <sys/socket.h>
+#include <sys/wait.h>
#include <assert.h>
#include <errno.h>
+#include <fcntl.h>
#include <paths.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-#include <fcntl.h>
#ifdef __weak_alias
__weak_alias(popen,_popen)
@@ -73,8 +73,8 @@ static struct pid {
int fd;
#endif
pid_t pid;
-} *pidlist;
-
+} *pidlist;
+
#ifdef _REENTRANT
static rwlock_t pidlist_lock = RWLOCK_INITIALIZER;
#endif
@@ -111,11 +111,25 @@ pdes_get(int *pdes, const char **type)
#endif
}
- if ((cur = malloc(sizeof(*cur))) != NULL)
- return cur;
+ if ((cur = malloc(sizeof(*cur))) != NULL) {
+ if (**type == 'r') {
+ cur->fp = fdopen(pdes[0], *type);
+#ifdef _REENTRANT
+ cur->fd = pdes[0];
+#endif
+ } else {
+ cur->fp = fdopen(pdes[1], *type);
+#ifdef _REENTRANT
+ cur->fd = pdes[1];
+#endif
+ }
+ if (cur->fp != NULL)
+ return cur;
+ }
serrno = errno;
(void)close(pdes[0]);
(void)close(pdes[1]);
+ free(cur);
errno = serrno;
return NULL;
}
@@ -125,16 +139,6 @@ pdes_child(int *pdes, const char *type)
{
struct pid *old;
- /* POSIX.2 B.3.2.2 "popen() shall ensure that any streams
- from previous popen() calls that remain open in the
- parent process are closed in the new child process. */
- for (old = pidlist; old; old = old->next)
-#ifdef _REENTRANT
- (void)close(old->fd); /* don't allow a flush */
-#else
- (void)close(fileno(old->fp)); /* don't allow a flush */
-#endif
-
if (type[0] == 'r') {
(void)close(pdes[0]);
if (pdes[1] != STDOUT_FILENO) {
@@ -150,31 +154,30 @@ pdes_child(int *pdes, const char *type)
(void)close(pdes[0]);
}
}
+
+ /* POSIX.2 B.3.2.2 "popen() shall ensure that any streams
+ from previous popen() calls that remain open in the
+ parent process are closed in the new child process. */
+ for (old = pidlist; old; old = old->next) {
+#ifdef _REENTRANT
+ (void)close(old->fd); /* don't allow a flush */
+#else
+ (void)close(fileno(old->fp)); /* don't allow a flush */
+#endif
+ }
}
static void
pdes_parent(int *pdes, struct pid *cur, pid_t pid, const char *type)
{
- FILE *iop;
-
- /* Parent; assume fdopen can't fail. */
- if (*type == 'r') {
- iop = fdopen(pdes[0], type);
-#ifdef _REENTRANT
- cur->fd = pdes[0];
-#endif
+ /* Parent */
+ if (*type == 'r')
(void)close(pdes[1]);
- } else {
- iop = fdopen(pdes[1], type);
-#ifdef _REENTRANT
- cur->fd = pdes[1];
-#endif
+ else
(void)close(pdes[0]);
- }
/* Link into list of file descriptors. */
- cur->fp = iop;
- cur->pid = pid;
+ cur->pid = pid;
cur->next = pidlist;
pidlist = cur;
}
@@ -200,7 +203,7 @@ popenve(const char *cmd, char *const *argv, char *const *envp, const char *type)
#ifdef _REENTRANT
(void)rwlock_rdlock(&pidlist_lock);
#endif
- switch (pid = vfork()) {
+ switch (pid = fork()) {
case -1: /* Error. */
serrno = errno;
#ifdef _REENTRANT