git: 4690a369ff6d - releng/14.4 - Adapt changes from blocklist 2026-02-07 (10a907f)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 11 Feb 2026 06:15:40 UTC
The branch releng/14.4 has been updated by cperciva:
URL: https://cgit.FreeBSD.org/src/commit/?id=4690a369ff6da368872eb7ac8664fb81b202ad5b
commit 4690a369ff6da368872eb7ac8664fb81b202ad5b
Author: Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2026-02-10 02:05:42 +0000
Commit: Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2026-02-11 06:14:53 +0000
Adapt changes from blocklist 2026-02-07 (10a907f)
Also apply the fix from PR 258411.
This is a direct commit to stable/14, as blacklist has been renamed to
blocklist upstream.
Approved by: re (cperciva)
(cherry picked from commit 30c04399f2e81b8e71045fc410837461abeb2d8b)
---
contrib/blocklist/bin/blacklistd.c | 29 +++++++-------
contrib/blocklist/bin/blacklistd.conf.5 | 4 +-
contrib/blocklist/bin/run.c | 13 +++---
contrib/blocklist/bin/support.c | 1 -
contrib/blocklist/port/popenve.c | 71 +++++++++++++++++----------------
5 files changed, 61 insertions(+), 57 deletions(-)
diff --git a/contrib/blocklist/bin/blacklistd.c b/contrib/blocklist/bin/blacklistd.c
index 714abcbcaf0e..ded8e684f63c 100644
--- a/contrib/blocklist/bin/blacklistd.c
+++ b/contrib/blocklist/bin/blacklistd.c
@@ -339,10 +339,10 @@ addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd,
exit(EXIT_FAILURE);
if (*nfd >= *maxfd) {
*maxfd += 10;
- *blp = realloc(*blp, sizeof(**blp) * *maxfd);
+ *blp = reallocarray(*blp, *maxfd, sizeof(**blp));
if (*blp == NULL)
err(EXIT_FAILURE, "malloc");
- *pfdp = realloc(*pfdp, sizeof(**pfdp) * *maxfd);
+ *pfdp = reallocarray(*pfdp, *maxfd, sizeof(**pfdp));
if (*pfdp == NULL)
err(EXIT_FAILURE, "malloc");
}
@@ -366,7 +366,7 @@ uniqueadd(struct conf ***listp, size_t *nlist, size_t *mlist, struct conf *c)
}
if (*nlist == *mlist) {
*mlist += 10;
- void *p = realloc(*listp, *mlist * sizeof(*list));
+ void *p = reallocarray(*listp, *mlist, sizeof(*list));
if (p == NULL)
err(EXIT_FAILURE, "Can't allocate for rule list");
list = *listp = p;
@@ -451,8 +451,8 @@ main(int argc, char *argv[])
case 's':
if (nblsock >= maxblsock) {
maxblsock += 10;
- void *p = realloc(blsock,
- sizeof(*blsock) * maxblsock);
+ void *p = reallocarray(blsock, maxblsock,
+ sizeof(*blsock));
if (p == NULL)
err(EXIT_FAILURE,
"Can't allocate memory for %zu sockets",
@@ -527,14 +527,15 @@ main(int argc, char *argv[])
state = state_open(dbfile, flags, 0600);
if (state == NULL)
state = state_open(dbfile, flags | O_CREAT, 0600);
- if (state == NULL)
- return EXIT_FAILURE;
-
- if (restore) {
- if (!flush)
- rules_flush();
- rules_restore();
+ else {
+ if (restore) {
+ if (!flush)
+ rules_flush();
+ rules_restore();
+ }
}
+ if (state == NULL)
+ exit(EXIT_FAILURE);
if (!debug) {
if (daemon(0, 0) == -1)
@@ -556,7 +557,7 @@ main(int argc, char *argv[])
if (errno == EINTR)
continue;
(*lfun)(LOG_ERR, "poll (%m)");
- return EXIT_FAILURE;
+ exit(EXIT_FAILURE);
case 0:
state_sync(state);
break;
@@ -572,5 +573,5 @@ main(int argc, char *argv[])
update();
}
state_close(state);
- return 0;
+ exit(EXIT_SUCCESS);
}
diff --git a/contrib/blocklist/bin/blacklistd.conf.5 b/contrib/blocklist/bin/blacklistd.conf.5
index 70036441eb4b..e557e51a9642 100644
--- a/contrib/blocklist/bin/blacklistd.conf.5
+++ b/contrib/blocklist/bin/blacklistd.conf.5
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd May 18, 2020
+.Dd January 13, 2026
.Dt BLACKLISTD.CONF 5
.Os
.Sh NAME
@@ -102,7 +102,7 @@ The syntax for the
.Va location
is:
.Bd -literal -offset indent
- [<address>|<interface>][/<mask>][:<port>]
+ [<address>|<interface>[/<mask>]:]<port>
.Ed
.Pp
The
diff --git a/contrib/blocklist/bin/run.c b/contrib/blocklist/bin/run.c
index 5588f0198c04..e11f8b28e2ef 100644
--- a/contrib/blocklist/bin/run.c
+++ b/contrib/blocklist/bin/run.c
@@ -62,10 +62,10 @@ static char *
run(const char *cmd, const char *name, ...)
{
const char *argv[20];
- size_t i;
+ size_t i, len;
va_list ap;
FILE *fp;
- char buf[10240], *res;
+ char *line, *res;
argv[0] = "control";
argv[1] = cmd;
@@ -77,6 +77,7 @@ run(const char *cmd, const char *name, ...)
va_end(ap);
if (debug) {
+ char buf[2048];
size_t z;
int r;
@@ -97,10 +98,10 @@ run(const char *cmd, const char *name, ...)
(*lfun)(LOG_ERR, "popen %s failed (%m)", controlprog);
return NULL;
}
- if (fgets(buf, sizeof(buf), fp) != NULL)
- res = strdup(buf);
- else
- res = NULL;
+ line = res = NULL;
+ len = 0;
+ if (getline(&line, &len, fp) >= 0)
+ res = line;
pclose(fp);
if (debug)
(*lfun)(LOG_DEBUG, "%s returns %s", cmd, res);
diff --git a/contrib/blocklist/bin/support.c b/contrib/blocklist/bin/support.c
index d560d2303223..3e14fcbdc688 100644
--- a/contrib/blocklist/bin/support.c
+++ b/contrib/blocklist/bin/support.c
@@ -117,7 +117,6 @@ fmtydhms(char *b, size_t l, time_t t)
y = t;
- z = 0;
o = 0;
#define APPEND(a) \
if (a) { \
diff --git a/contrib/blocklist/port/popenve.c b/contrib/blocklist/port/popenve.c
index 20f6b5b86b68..df57cde9d51f 100644
--- a/contrib/blocklist/port/popenve.c
+++ b/contrib/blocklist/port/popenve.c
@@ -45,19 +45,19 @@ __RCSID("$NetBSD: popenve.c,v 1.2 2015/01/22 03:10:50 christos Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
-#include <sys/param.h>
-#include <sys/wait.h>
+#include <sys/types.h>
#include <sys/socket.h>
+#include <sys/wait.h>
#include <assert.h>
#include <errno.h>
+#include <fcntl.h>
#include <paths.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-#include <fcntl.h>
#ifdef __weak_alias
__weak_alias(popen,_popen)
@@ -71,8 +71,8 @@ static struct pid {
int fd;
#endif
pid_t pid;
-} *pidlist;
-
+} *pidlist;
+
#ifdef _REENTRANT
static rwlock_t pidlist_lock = RWLOCK_INITIALIZER;
#endif
@@ -109,11 +109,25 @@ pdes_get(int *pdes, const char **type)
#endif
}
- if ((cur = malloc(sizeof(*cur))) != NULL)
- return cur;
+ if ((cur = malloc(sizeof(*cur))) != NULL) {
+ if (**type == 'r') {
+ cur->fp = fdopen(pdes[0], *type);
+#ifdef _REENTRANT
+ cur->fd = pdes[0];
+#endif
+ } else {
+ cur->fp = fdopen(pdes[1], *type);
+#ifdef _REENTRANT
+ cur->fd = pdes[1];
+#endif
+ }
+ if (cur->fp != NULL)
+ return cur;
+ }
serrno = errno;
(void)close(pdes[0]);
(void)close(pdes[1]);
+ free(cur);
errno = serrno;
return NULL;
}
@@ -123,16 +137,6 @@ pdes_child(int *pdes, const char *type)
{
struct pid *old;
- /* POSIX.2 B.3.2.2 "popen() shall ensure that any streams
- from previous popen() calls that remain open in the
- parent process are closed in the new child process. */
- for (old = pidlist; old; old = old->next)
-#ifdef _REENTRANT
- (void)close(old->fd); /* don't allow a flush */
-#else
- (void)close(fileno(old->fp)); /* don't allow a flush */
-#endif
-
if (type[0] == 'r') {
(void)close(pdes[0]);
if (pdes[1] != STDOUT_FILENO) {
@@ -148,31 +152,30 @@ pdes_child(int *pdes, const char *type)
(void)close(pdes[0]);
}
}
+
+ /* POSIX.2 B.3.2.2 "popen() shall ensure that any streams
+ from previous popen() calls that remain open in the
+ parent process are closed in the new child process. */
+ for (old = pidlist; old; old = old->next) {
+#ifdef _REENTRANT
+ (void)close(old->fd); /* don't allow a flush */
+#else
+ (void)close(fileno(old->fp)); /* don't allow a flush */
+#endif
+ }
}
static void
pdes_parent(int *pdes, struct pid *cur, pid_t pid, const char *type)
{
- FILE *iop;
-
- /* Parent; assume fdopen can't fail. */
- if (*type == 'r') {
- iop = fdopen(pdes[0], type);
-#ifdef _REENTRANT
- cur->fd = pdes[0];
-#endif
+ /* Parent */
+ if (*type == 'r')
(void)close(pdes[1]);
- } else {
- iop = fdopen(pdes[1], type);
-#ifdef _REENTRANT
- cur->fd = pdes[1];
-#endif
+ else
(void)close(pdes[0]);
- }
/* Link into list of file descriptors. */
- cur->fp = iop;
- cur->pid = pid;
+ cur->pid = pid;
cur->next = pidlist;
pidlist = cur;
}
@@ -198,7 +201,7 @@ popenve(const char *cmd, char *const *argv, char *const *envp, const char *type)
#ifdef _REENTRANT
(void)rwlock_rdlock(&pidlist_lock);
#endif
- switch (pid = vfork()) {
+ switch (pid = fork()) {
case -1: /* Error. */
serrno = errno;
#ifdef _REENTRANT