[continued from previous message]
device drivers on x86 for stuff like reducing the latency of the Framework
trackpad with Sheng-Yi.
• Implement some more S0i3 debugging features for AMD to help us debug why
we
would not be entering S0i3.
Ports (Joseph Mingrone)
• Mk/Scripts/qa.sh: Fix false positives in LIB_DEPENDS warnings Patch:
https://reviews.freebsd.org/D50860
• editors/emacs-devel: Update to 2025-06-17 snapshot Patch: 4170f6575380
Miscellaneous (Ed Maste, Olivier Certner, Sheng-Yi Hung, Li-Wen Hsu)
• Enable sccache support as an alternative to ccache when building (through
WITH_CCACHE_BUILD environment variable). Commit: 10cb3979a9bd
• Discussion on the CPPC implementation (Sheng-Yi, Olivier), see in
particular D49587.
• Other various fixes. Patches: D50876, 956100d60fa8, fc77abfd1e62, D50938,
6d8cfd29d477, 4f33d073003c
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
Userland
Changes affecting the base system and programs in it.
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
ucred / group changes in FreeBSD 15.0
Links:
freebsd-arch@ discussion URL:
https://lists.freebsd.org/archives/freebsd-hackers/2025-August/004825.html
Primary kernel change URL:
https://cgit.freebsd.org/src/commit/sys/sys/ucred.h?id=be1f7435e
218b1df35aebf3b90dd65ffd8bbe51
Primary userspace change URL:
https://cgit.freebsd.org/src/commit/sys/kern/kern_prot.c?id=9da2
e96ff2ea227e4d5f03ef92b55aabeabb7fc
Contact: Kyle Evans
Contact: Olivier Certner
FreeBSD 15.0 will change how supplementary groups are handled in both userspace
and the kernel in FreeBSD 15.0 in a way that warrants additional attention and
feedback.
For some background: FreeBSD has historically tracked the effective group-ID of
a process in the ucred(9) cr_groups array as the first element, with the rest
of the array describing its supplementary groups. The natural consequence of
this decision is that the arrays used in setgroups(2) and getgroups(2) follow
the same format, and setgroups(2) has the documented side effect of setting the
effective group-ID. The vast majority of other platforms do not exhibit this
behavior anymore, including NetBSD and OpenBSD. macOS appears to be the only
exception found in testing.
The problem is that the vast majority of software in the FreeBSD Ports
Collection comes from other platforms, where setgroups(2) and setgroups(2)
operate purely on the supplementary groups. This kind of a behavior difference
is very subtle and would need to be audited more carefully to be sure that we
have not introduced a potential security issue in ported software.
In FreeBSD 15.0, the primary user-facing change is that setgroups(2), getgroups
(2), and initgroups(3) behavior will change to match other platforms, and users
are requested to be extra vigilant in areas that may be affected as we proceed
through the release cycle. In general, the expectation is that this change may:
• Fix some small number of bugs where we would have lost either our
expected
effective group membership or one of the supplementary groups we should
have been in
• (Less likely) Introduce some even smaller number of bugs where something
expected setgroups(2) to change our effective group membership but now it
is just a supplementary group and our effective group-ID is unchanged
Software included in the base system is largely unaffected or improved by this
change, with OpenSSH being a notable example of a strange bug caused by the
historical implementation.
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
MIT Kerberos Import into FreeBSD
Contact: Cy Schubert
The FreeBSD Foundation was approached to import MIT KRB5 into FreeBSD with the
intent to replace our aging Heimdal.
The Enterprise Working Group made a request to the Foundation to replace
Heimdal with MIT KRB5.
This is the first report for this project.
Tasks completed:
• MIT KRB5 has been imported into FreeBSD 15-CURRENT.
• The WITH_MITKRB5 option is disabled until a successful ports exp-run is
complete.
Additional remaining tasks:
• Fix port build errors identified by a ports exp-run.
• Produce a writeup of the new Kerberos.
• Determine if migration of the Heimdal database to an MIT database is
possible. (At the moment this appears unlikely due to the age of our
ancient Heimdal and the lack of support for old crypto in newer Heimdal
MIT).
• Produce Heimdal Kerberos database to MIT database migration documentation
(if possible).
• (Optional) Develop and discuss the import and migration options at the
next
BSDCan.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
SysctlTui
Link:
Project Repository URL: https://gitlab.com/alfix/sysctltui
Contact: Alfonso Sabato Siciliano
SysctlTUI is an interactive text user interface (TUI) utility for exploring and
managing sysctl(3) parameters. It presents the sysctl Management Information
Base (MIB) as a hierarchical and navigable tree, enabling users to:
• Browse metadata for each kernel parameter.
• Retrieve and display current values.
• Modify parameters interactively from within the interface.
The UI consists of three panels: a tree view of the MIB hierarchy, a detail
panel showing metadata, and a value editor. Pressing the F1 key opens a help
dialog explaining:
• When the MIB is built.
• When values are retrieved or updated.
• A link to an online guide for getting started with sysctl, including
guidance on interpreting and using the displayed data.
Although still in early development (currently at version 0.0.2), SysctlTUI
already offers functionality comparable to tools like sysutils/nsysctl and
deskutils/sysctlview. A manual page is included, with suggestions to make the
output similar to sysctl(8) or nsysctl(8). The ToDo list outlining plans for
enhancements like configuration file integration and subtree sorting by names.
SysctlTUI is open source and available via the FreeBSD Ports Collection:
sysutils/sysctltui. Note: TUIs are a known accessibility issue, as they are not
usable with most screen readers. Users who access FreeBSD using a screen reader
can use the sysutils/nsysctl package instead. It is a command line utility that
provides the same information as SysctlTUI, since both tools use the same
underlying kernel interface.
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
