FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=stable%2F14 2026-02-01T14:33:50Z 2026-02-01T14:33:50Z Jilles Tjoelker jilles@FreeBSD.org 2025-11-17T17:42:01Z urn:sha1:21d665d7dd9e50e3975b117a4f3c0f50ed7bd642 Calling dotrap() can do almost anything, including reallocating the jobtab array. Convert the job pointer to an index before calling dotrap() and then restore a proper job pointer afterwards. PR: 290330 Reported by: bdrewery Reviewed by: bdrewery Differential Revision: https://reviews.freebsd.org/D53793 (cherry picked from commit f44ac8cc9c10d7305223a10b8dbd8e234388cc73) 2026-02-01T14:33:50Z Jilles Tjoelker jilles@FreeBSD.org 2025-11-15T16:43:03Z urn:sha1:c0dcdc3decb413af6188da624b22aa6b45126317 The command sh -c 'sleep 3 | sleep 2 & sleep 3 & kill %1; wait %1' crashes (with appropriate sanitization such as putting MALLOC_CONF=abort:true,junk:true in the environment or compiling with -fsanitize=address). What happens here is that waitcmdloop() calls dowait() with a NULL job pointer, instructing dowait() to freejob() if it's a non-interactive shell and $! was not and cannot be referenced for it. However, waitcmdloop() then uses fields possibly freed by freejob() and calls freejob() again. This only occurs if the job being waited for is identified via % syntax ($! has never been referenced for it), it is a pipeline with two or more elements and another background job has been started before the wait command. That seems special enough for a bug to remain. Test scripts written by Jilles would almost always use $! and not % syntax. We can instead make waitcmdloop() pass its job pointer to dowait(), fixing up things for that (waitcmdloop() will have to call deljob() if it does not call freejob()). The crash from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290330#c2 appears to be the same bug. PR: 290330 Reported by: bdrewery Reviewed by: bdrewery Differential Revision: https://reviews.freebsd.org/D53773 (cherry picked from commit 75a6c38e4d5c651b7398bf2bea5baa41a0939e92) 2026-01-28T01:03:36Z Joseph Mingrone jrm@FreeBSD.org 2025-05-15T14:42:14Z urn:sha1:1b3972ac0f75c659afcd05574878cadaab4d61da If run as alias '' uninitialized memory could be referenced. This is based on a fix from NetBSD. For more information, refer to https://github.com/NetBSD/src/commit/10cfed82c28 . Obtained from: NetBSD (Robert Elz <kre@netbsd.org>, 10cfed82c28) MFC after: 3 days Reported by: mckusick, Robert Elz <kre@netbsd.org> Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D50364 (cherry picked from commit 9d29fc2e4bfba9fcd3b0944e683458a3f1fa0c47) 2026-01-02T20:44:28Z Dimitry Andric dim@FreeBSD.org 2025-12-25T20:13:48Z urn:sha1:3cd0026966d0174c7143ac1d8233ed81ffa68ddf Mark `optletter` and `t_op::op_text` as `__non_string`, to avoid warnings from clang 21 similar to: bin/sh/options.h:77:36: error: initializer-string for character array is too long, array size is 19 but initializer has size 20 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization] 77 | const char optletter[NSHORTOPTS] = "efIimnsxvVECabupTPh"; | ^~~~~~~~~~~~~~~~~~~~~ bin/test/test.c:153:3: error: initializer-string for character array is too long, array size is 2 but initializer has size 3 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization] 153 | {"==", STREQ}, | ^~~~ MFC after: 3 days Reviewed by: jilles Differential Revision: https://reviews.freebsd.org/D54362 (cherry picked from commit e6546807f4c1a8a6a6fa53fceab7b8c80e3ed802) 2025-11-25T03:19:16Z Dag-Erling Smørgrav des@FreeBSD.org 2025-11-19T10:43:13Z urn:sha1:7f691e07efe63ea01273833e44fd03ee00106b2b While waiting for input in the read builtin, if select() is interrupted but there is no pending signal, we act like we timed out, and return the same status as if we had been interrupted by SIGALRM, instead of looping until we actually do time out. * Replace the single select() call with a ppoll() loop. * Improve validation of the timeout value. We now accept things like "1h30m15s", which we used to silently truncate to "1h". The flip side is that we no longer accept things like "1hour" or "5sec". * Modify the existing `read -t 0` test case to verify that read returns immediately when there is input and fails immediately when there isn't. * Add a second test case which performs the same tests with a non-zero timeout value. PR: 290844 MFC after: 1 week Fixes: c4539460e3a4 ("sh: Improve error handling in read builtin:") Reviewed by: jilles, bdrewery Differential Revision: https://reviews.freebsd.org/D53761 (cherry picked from commit 3c2643a7dbac370b7232f4e5ac15fd77b9ff396d) 2025-11-25T03:19:16Z Bryan Drewery bdrewery@FreeBSD.org 2025-11-07T17:28:37Z urn:sha1:e9019e777ca3bbb3217df7b54590dcb075430f4e This was sometimes exiting while the child fifo was created resulting in [ENOTEMPTY] from rm. The child fifo isn't needed, just sleep. PR: 290837 Fixes: e31fb97148f ("read builtin: Empty variables on timeout") MFC after: 3 days (cherry picked from commit 5d55553e160a93788372785300f5bd07c2451f93) 2025-09-10T20:41:08Z Lexi Winter ivy@FreeBSD.org 2025-09-02T08:22:56Z urn:sha1:f103de98b855e69f1c0e1e90f7a174ae06acf892 The file /.profile is installed as a hard link to /root/.profile. The file in /root has the config tag, but the file in / does not, which causes it to be overwritten by pkg upgrade. Since they're linked, this also overwrites the file in /root. Add the config tag to the file in / as well, so pkg treates both links as config files and won't overwrite them. For stable/14, also add this to /.cshrc, which is no longer installed in 15.0. PR: 289097 MFC after: 3 days Reviewed by: bapt, emaste Differential Revision: https://reviews.freebsd.org/D52162 (cherry picked from commit aa730a66bc74696df85b21ec2719c75d8eab8c9f) sh: Fix non-NO_ROOT installconfig When building without NO_ROOT, ${TAG_ARGS} is not set, which means we pass ",config" as an install(1) argument. Only add the config tag if ${TAG_ARGS} is defined to begin with. Fixes: aa730a66bc74 ("sh: Add config tag to /.profile") Reported by: bz (cherry picked from commit b197d2abcb6895d78bc9df8404e374397aa44748) 2025-09-03T13:06:47Z Ed Maste emaste@FreeBSD.org 2025-06-17T15:33:33Z urn:sha1:1ff48c6810a1c4e340e63eea166ad46631496c57 MALLOC_OPTIONS=J -> MALLOC_CONF=junk:true PR: 287357 Reviewed by: markj Event: Kitchener-Waterloo Hackathon 202506 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D50910 (cherry picked from commit 4f33d073003ccd91390709e14e5c1bf1f0c1c85c) 2025-03-15T14:00:17Z Michael Osipov michaelo@FreeBSD.org 2024-05-03T07:57:06Z urn:sha1:1245f6e34884699b6bb2a2e9f414d58ac8585034 This partially reverts b14cfdf665bb8b7b2898a4ee5b073ab87f8ea3d0 and has been discussed in D42719. Reviewed by: jrm (mentor), otis (mentor), mandree, ziaee (manpages) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D45073 (cherry picked from commit 7bd8da72c5814b486ae7f492286fe3ac0a5bf03d) 2025-02-27T01:40:40Z Alexander Ziaee ziaee@FreeBSD.org 2025-01-09T17:51:57Z urn:sha1:77eacf8278036353ead50e1317f8936dfc49186d TIL the `:` command accepts and discards arguments, and this is occasionally used to embed comments in interesting places. While here, fix another `...` argument that was not marked up. MFC after: 3 days Thanks: Community Discord Approved by: carlavilla, mhorne (mentors) Differential Revision: https://reviews.freebsd.org/D48398 (cherry picked from commit f4727eca405763dd1feb4ca3e17be40c2da337de)