From nobody Sun Oct 12 17:18:38 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cl6dd1FmYz6CFLd;
	Sun, 12 Oct 2025 17:18:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cl6dc6QMYz3GM4;
	Sun, 12 Oct 2025 17:18:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1760289524;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qyT4lI1HLL6MXic7Y5XRfUnUC+Vm/TIznGMTyFNgQvI=;
	b=ujO5fC61wOxf9R1X0ob1NfHyaxarAf2lny5pebkYIxk0fao1UF/lG3PopbHB59BVPG4ZkD
	UUS8eD1BNM9ms0AFMCuv5E33eFRTGPKQ2BRYHMxJsIwpQnXO1pfSD1Beg2+VBLaL6YodRz
	mcqZsnwNa4fGHIvXEYVOGhS4v1K3LUbFYBj+0zWMo+Un1TGYG40RKjLo4m9OiN9XlDCuwx
	Fg9ZxjMXBrsHbQwU+5Jb3tk+D7TJL/IaDp+7pJrM0nFPiq7RfLqjl0wmGIYb6OTy1+6Luc
	iVTy3mP956MU/to2STAXRAUIRrKvFzZHT8gsujxj34L4cpNuZPf+V/d+NC9iFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1760289524;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qyT4lI1HLL6MXic7Y5XRfUnUC+Vm/TIznGMTyFNgQvI=;
	b=QjtwxG+gHXErf3rnfS23BmDgm4grOf3L71ZxEK6I8B2VhkIhzP+CcbPV8Wp8nXEMP6g5Tb
	+/lzlLBapw53UTcpO3TrAuvPt+3PKPR5L93KcZ2O18leRzQg7FGyOA98iRUv1XzvpmnG+N
	ESAi1FeG3tkyzMOWbEhZ/Mgje4VqYubbvnr/vr2TVcaxkI9FnjM5IG2bLHeng8FCkGiCzU
	NCg3Vt2f0p6uH7A75JWR4jNpgfsHF3DgUcb27fu7w8JMva0KMKE/LDB0lotsHt5xilFqKQ
	2Ungg9SoKVuWAackD+n7nToxeCYbMeKAgdW0+b421FUFVBBmDAW3DheiuJ/leg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760289524; a=rsa-sha256; cv=none;
	b=ARYvgoD2ABOpNPJayGXUyUt2BESG3XCZhVCBwc9ed6jxD4sEPqPLIzkjPVeUI/LeiXRlbs
	1m8xrleOkwCUe+pJCZvsbO5CgojUQSln5+dUMEayTNJO+aGI8aW5FGzE86pAf9cK/dGX/L
	3+ob+INSobxhAtjz/B4bVDUQuh/G6ILQd3FvDE0h/WIsIQg4SHOfKvGyZ1DfiWc6VsIHsI
	JfOEuqiIiwDuJpt9d/2yhPsPCYbKeMjMDQA4qvs5rzMeFxudiWFzyjzgA+B32FIVtqJmIL
	t8MYx1NUF1tiGB6a3E4dbCjISTO2xRvJZGx33NFO2ECPPwdYogIJPnZG3FYk0Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cl6dc5lLwzTgH;
	Sun, 12 Oct 2025 17:18:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59CHIi2L030767;
	Sun, 12 Oct 2025 17:18:44 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59CHIcfT030739;
	Sun, 12 Oct 2025 17:18:38 GMT
	(envelope-from git)
Date: Sun, 12 Oct 2025 17:18:38 GMT
Message-Id: <202510121718.59CHIcfT030739@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Jose Luis Duran <jlduran@FreeBSD.org>
Subject: git: 48e64ca13d4f - main - MFV: Import blocklist 2025-04-28
  (8aa81bf)
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jlduran
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 48e64ca13d4f36795ac718911b805e3e9a726f1b
Auto-Submitted: auto-generated

The branch main has been updated by jlduran:

URL: https://cgit.FreeBSD.org/src/commit/?id=48e64ca13d4f36795ac718911b805e3e9a726f1b

commit 48e64ca13d4f36795ac718911b805e3e9a726f1b
Merge: 039eba16f969 70f30afd4e9a
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-10-12 17:01:03 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-10-12 17:01:03 +0000

    MFV: Import blocklist 2025-04-28 (8aa81bf)
    
    Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15'
    
    Breaking changes:
    
    - Upstream commit 24932b6 ("blocklistd: log the conf file line number
      with bad protocol errors") breaks backward database compatibility.
      An error will be displayed:
          Key size mismatch 296 != 288
      A new and compatible database, with the new name, will be created when the
      service starts (committed separately).
    
    - Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a
      "one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count
      failure mechanism.  BLOCKLIST_AUTH_FAIL was implemented with a
      two-count failure mechanism.  Since we utilize BLOCKLIST_AUTH_FAIL, the
      number of failed attempts now doubles towards the maximum limit
      (nfails).  This commit will be reverted separately.
    
    Changes:
    
    https://github.com/zoulasc/blocklist/compare/7093cd9...8aa81bf
    
    Approved by:    emaste (mentor)
    MFC after:      2 days
    Differential Revision:  https://reviews.freebsd.org/D52869

 contrib/blocklist/Makefile                         |   2 +-
 contrib/blocklist/Makefile.inc                     |   7 +-
 contrib/blocklist/README                           |  52 ++--
 contrib/blocklist/TODO                             |  49 +++-
 contrib/blocklist/bin/Makefile                     |  12 +-
 .../bin/{blacklistctl.8 => blocklistctl.8}         |  69 +++++-
 .../bin/{blacklistctl.c => blocklistctl.c}         |   9 +-
 .../blocklist/bin/{blacklistd.8 => blocklistd.8}   |  75 +++---
 .../blocklist/bin/{blacklistd.c => blocklistd.c}   |  48 ++--
 .../bin/{blacklistd.conf.5 => blocklistd.conf.5}   |  82 ++++---
 contrib/blocklist/bin/conf.c                       | 200 ++++++++++++---
 contrib/blocklist/bin/conf.h                       |   3 +-
 contrib/blocklist/bin/internal.c                   |   8 +-
 contrib/blocklist/bin/internal.h                   |   8 +-
 contrib/blocklist/bin/run.c                        |   9 +-
 contrib/blocklist/bin/run.h                        |   2 +-
 contrib/blocklist/bin/state.c                      |   6 +-
 contrib/blocklist/bin/state.h                      |   2 +-
 contrib/blocklist/bin/support.c                    |  11 +-
 contrib/blocklist/bin/support.h                    |   7 +-
 contrib/blocklist/diff/ftpd.diff                   |  12 +-
 contrib/blocklist/diff/named.diff                  |  12 +-
 contrib/blocklist/diff/postfix.diff                |  98 ++++++++
 contrib/blocklist/diff/proftpd.diff                |  20 +-
 contrib/blocklist/diff/ssh.diff                    |  14 +-
 contrib/blocklist/etc/Makefile                     |  10 +-
 .../etc/{blacklistd.conf => blocklistd.conf}       |   7 +-
 contrib/blocklist/etc/ipf.conf                     |  45 ++++
 contrib/blocklist/etc/npf.conf                     |   4 +-
 contrib/blocklist/etc/rc.d/Makefile                |   4 +-
 .../blocklist/etc/rc.d/{blacklistd => blocklistd}  |  20 +-
 contrib/blocklist/include/Makefile                 |   4 +-
 contrib/blocklist/include/bl.h                     |  11 +-
 .../blocklist/include/{blacklist.h => blocklist.h} |  44 ++--
 contrib/blocklist/lib/Makefile                     |  20 +-
 contrib/blocklist/lib/bl.c                         | 112 +++++----
 contrib/blocklist/lib/{blacklist.c => blocklist.c} |  49 ++--
 .../lib/{libblacklist.3 => libblocklist.3}         | 124 +++++-----
 contrib/blocklist/lib/shlib_version                |   2 +-
 contrib/blocklist/libexec/Makefile                 |   4 +-
 contrib/blocklist/libexec/blacklistd-helper        | 134 ----------
 contrib/blocklist/libexec/blocklistd-helper        | 272 +++++++++++++++++++++
 contrib/blocklist/port/Makefile.am                 |  42 ++--
 contrib/blocklist/port/_strtoi.h                   |   2 +-
 contrib/blocklist/port/configure.ac                |  12 +-
 contrib/blocklist/port/fgetln.c                    |   2 +-
 contrib/blocklist/port/fparseln.c                  |   6 +-
 contrib/blocklist/port/pidfile.c                   |   6 +-
 contrib/blocklist/port/popenve.c                   |   6 +-
 contrib/blocklist/port/port.h                      |  32 ++-
 contrib/blocklist/port/sockaddr_snprintf.c         |   6 +-
 contrib/blocklist/port/strlcat.c                   |   7 +-
 contrib/blocklist/port/strlcpy.c                   |   7 +-
 contrib/blocklist/port/strtoi.c                    |   6 +-
 contrib/blocklist/port/vsyslog_r.c                 |  13 +
 contrib/blocklist/test/Makefile                    |   2 +-
 contrib/blocklist/test/cltest.c                    |   6 +-
 contrib/blocklist/test/srvtest.c                   |  42 +++-
 58 files changed, 1293 insertions(+), 587 deletions(-)

diff --cc contrib/blocklist/Makefile
index da4411d0ca75,000000000000..899746d01431
mode 100644,000000..100644
--- a/contrib/blocklist/Makefile
+++ b/contrib/blocklist/Makefile
@@@ -1,5 -1,0 +1,5 @@@
- # $NetBSD: Makefile,v 1.2 2015/01/22 17:49:41 christos Exp $
++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $
 +
 +SUBDIR = lib .WAIT include bin etc libexec
 +
 +.include <bsd.subdir.mk>
diff --cc contrib/blocklist/bin/Makefile
index 280c72fd3af1,000000000000..1856e2524f3c
mode 100644,000000..100644
--- a/contrib/blocklist/bin/Makefile
+++ b/contrib/blocklist/bin/Makefile
@@@ -1,15 -1,0 +1,15 @@@
- # $NetBSD: Makefile,v 1.11 2015/01/27 19:40:36 christos Exp $
++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $
 +
 +BINDIR=/sbin
 +
- PROGS=blacklistd blacklistctl
- MAN.blacklistd=blacklistd.8 blacklistd.conf.5
- MAN.blacklistctl=blacklistctl.8
- SRCS.blacklistd = blacklistd.c conf.c run.c state.c support.c internal.c
- SRCS.blacklistctl = blacklistctl.c conf.c state.c support.c internal.c
++PROGS=blocklistd blocklistctl
++MAN.blocklistd=blocklistd.8 blocklistd.conf.5
++MAN.blocklistctl=blocklistctl.8
++SRCS.blocklistd = blocklistd.c conf.c run.c state.c support.c internal.c
++SRCS.blocklistctl = blocklistctl.c conf.c state.c support.c internal.c
 +DBG=-g
 +
 +LDADD+=-lutil
 +DPADD+=${LIBUTIL}
 +
 +.include <bsd.prog.mk>
diff --cc contrib/blocklist/bin/blocklistd.8
index 82e1f15f61c9,38bf22175361..e0b9fb482cbd
--- a/contrib/blocklist/bin/blocklistd.8
+++ b/contrib/blocklist/bin/blocklistd.8
@@@ -152,8 -165,8 +165,8 @@@ The following options are available
  .It Fl C Ar controlprog
  Use
  .Ar controlprog
- to communicate with the packet filter, usually
- .Pa /usr/libexec/blacklistd-helper .
+ to communicate with the packet filter, instead of the default, which is
 -.Pa /libexec/blocklistd-helper .
++.Pa /usr/libexec/blocklistd-helper .
  The following arguments are passed to the control program:
  .Bl -tag -width protocol
  .It action
@@@ -256,20 -273,20 +273,22 @@@ This signal tell
  to decrease the internal debugging level by 1.
  .El
  .Sh FILES
- .Bl -tag -width /usr/libexec/blacklistd-helper -compact
- .It Pa /usr/libexec/blacklistd-helper
 -.Bl -tag -width /libexec/blocklistd-helper -compact
 -.It Pa /libexec/blocklistd-helper
++.Bl -tag -width /usr/libexec/blocklistd-helper -compact
++.It Pa /usr/libexec/blocklistd-helper
  Shell script invoked to interface with the packet filter.
- .It Pa /etc/blacklistd.conf
+ .It Pa /etc/blocklistd.conf
  Configuration file.
- .It Pa /var/db/blacklistd.db
+ .It Pa /var/db/blocklistd.db
  Database of current connection entries.
- .It Pa /var/run/blacklistd.sock
+ .It Pa /var/run/blocklistd.sock
  Socket to receive connection notifications.
  .El
  .Sh SEE ALSO
- .Xr blacklistd.conf 5 ,
- .Xr blacklistctl 8 ,
+ .Xr blocklistd.conf 5 ,
+ .Xr blocklistctl 8 ,
 -.Xr npfctl 8 ,
++.Xr ipf 8 ,
++.Xr ipfw 8 ,
 +.Xr pfctl 8 ,
  .Xr syslogd 8
  .Sh HISTORY
  .Nm
diff --cc contrib/blocklist/bin/internal.h
index 5a40e49fbbd5,b88e1330221a..553320e7afd5
--- a/contrib/blocklist/bin/internal.h
+++ b/contrib/blocklist/bin/internal.h
@@@ -32,13 -32,13 +32,13 @@@
  #define _INTERNAL_H
  
  #ifndef _PATH_BLCONF
- #define	_PATH_BLCONF	"/etc/blacklistd.conf"
+ #define	_PATH_BLCONF	"/etc/blocklistd.conf"
  #endif
  #ifndef _PATH_BLCONTROL
- #define	_PATH_BLCONTROL	"/libexec/blacklistd-helper"
 -#define	_PATH_BLCONTROL	"/libexec/blocklistd-helper"
++#define	_PATH_BLCONTROL	"/usr/libexec/blocklistd-helper"
  #endif
  #ifndef _PATH_BLSTATE
- #define	_PATH_BLSTATE	"/var/db/blacklistd.db"
+ #define	_PATH_BLSTATE	"/var/db/blocklistd.db"
  #endif
  
  extern struct confset rconf, lconf;
diff --cc contrib/blocklist/diff/postfix.diff
index 000000000000,6f14389515cf..6f14389515cf
mode 000000,100644..100644
--- a/contrib/blocklist/diff/postfix.diff
+++ b/contrib/blocklist/diff/postfix.diff
diff --cc contrib/blocklist/etc/Makefile
index 669528ddca89,000000000000..f4f2dc79f857
mode 100644,000000..100644
--- a/contrib/blocklist/etc/Makefile
+++ b/contrib/blocklist/etc/Makefile
@@@ -1,10 -1,0 +1,10 @@@
- #	$NetBSD: Makefile,v 1.3 2015/01/26 00:18:40 christos Exp $
++#	$NetBSD: Makefile,v 1.2 2025/02/05 20:24:26 christos Exp $
 +
- SUBDIR=rc.d
++SUBDIR=		rc.d
 +
- FILESDIR=               /usr/share/examples/blacklist
- FILESMODE=    644
- FILES=	blacklistd.conf npf.conf
++FILESDIR=	/usr/share/examples/blocklist
++FILESMODE=	644
++FILES=		blocklistd.conf ipf.conf npf.conf
 +
 +.include <bsd.files.mk>
 +.include <bsd.subdir.mk>
diff --cc contrib/blocklist/etc/ipf.conf
index 000000000000,f6bec74238d6..f6bec74238d6
mode 000000,100644..100644
--- a/contrib/blocklist/etc/ipf.conf
+++ b/contrib/blocklist/etc/ipf.conf
diff --cc contrib/blocklist/include/Makefile
index 6854907be25e,000000000000..b7ce1eca278c
mode 100644,000000..100644
--- a/contrib/blocklist/include/Makefile
+++ b/contrib/blocklist/include/Makefile
@@@ -1,10 -1,0 +1,10 @@@
- #	$NetBSD: Makefile,v 1.1 2015/01/21 16:16:00 christos Exp $
++#	$NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
 +
 +# Doing a make includes builds /usr/include
 +
 +NOOBJ=		# defined
 +
- INCS=	blacklist.h
++INCS=	blocklist.h
 +INCSDIR=	/usr/include
 +
 +.include <bsd.prog.mk>
diff --cc contrib/blocklist/lib/Makefile
index 4f1ab7717a99,000000000000..147f311c4782
mode 100644,000000..100644
--- a/contrib/blocklist/lib/Makefile
+++ b/contrib/blocklist/lib/Makefile
@@@ -1,19 -1,0 +1,19 @@@
- # $NetBSD: Makefile,v 1.7 2019/03/08 20:40:05 christos Exp $
++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
 +
 +.include <bsd.own.mk>
 +
 +USE_SHLIBDIR=   yes
 +
 +CPPFLAGS+=-D_REENTRANT
 +#LIBDPLIBS+=pthread ${NETBSDSRCDIR}/lib/libpthread
- LIB=blacklist
- SRCS=bl.c blacklist.c
- MAN=libblacklist.3
- MLINKS+=libblacklist.3 blacklist_open.3
- MLINKS+=libblacklist.3 blacklist_close.3
- MLINKS+=libblacklist.3 blacklist.3
- MLINKS+=libblacklist.3 blacklist_r.3
- MLINKS+=libblacklist.3 blacklist_sa.3
- MLINKS+=libblacklist.3 blacklist_sa_r.3
++LIB=blocklist
++SRCS=bl.c blocklist.c
++MAN=libblocklist.3
++MLINKS+=libblocklist.3 blocklist_open.3
++MLINKS+=libblocklist.3 blocklist_close.3
++MLINKS+=libblocklist.3 blocklist.3
++MLINKS+=libblocklist.3 blocklist_r.3
++MLINKS+=libblocklist.3 blocklist_sa.3
++MLINKS+=libblocklist.3 blocklist_sa_r.3
 +
 +.include <bsd.lib.mk>
diff --cc contrib/blocklist/libexec/Makefile
index 6537080bf465,000000000000..619d962c23b2
mode 100644,000000..100644
--- a/contrib/blocklist/libexec/Makefile
+++ b/contrib/blocklist/libexec/Makefile
@@@ -1,6 -1,0 +1,6 @@@
- # $NetBSD: Makefile,v 1.1 2015/01/22 17:49:41 christos Exp $
++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
 +
- SCRIPTS=        blacklistd-helper
++SCRIPTS=        blocklistd-helper
 +SCRIPTSDIR=     /libexec
 +
 +.include <bsd.prog.mk>
diff --cc contrib/blocklist/libexec/blocklistd-helper
index 000000000000,f27cde4ed4ea..f27cde4ed4ea
mode 000000,100755..100755
--- a/contrib/blocklist/libexec/blocklistd-helper
+++ b/contrib/blocklist/libexec/blocklistd-helper
diff --cc contrib/blocklist/port/vsyslog_r.c
index 000000000000,848f31b04453..848f31b04453
mode 000000,100644..100644
--- a/contrib/blocklist/port/vsyslog_r.c
+++ b/contrib/blocklist/port/vsyslog_r.c