FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F14.4.0-p4 2025-08-05T09:30:03Z 2025-08-05T09:30:03Z Dag-Erling Smørgrav des@FreeBSD.org 2025-07-28T15:28:34Z urn:sha1:bba73c02879d11933ae29e8ef1a8b065cec2918e Fixes: 91629228e3df MFC after: 1 week Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D51581 (cherry picked from commit e40a2c4927a8068d7b6adee69c90ae3be8efc4df) 2025-08-05T09:30:02Z Dag-Erling Smørgrav des@FreeBSD.org 2025-07-28T15:28:26Z urn:sha1:4406fe5f220357223978de58d3c1f9847dfa9d1b When processing a notification, instead of accepting any file name that doesn't begin with a slash, accept only file names that don't contain any slashes at all. This makes it possible to notify a user about a mailbox that doesn't bear their name, as long as they are permitted to read it, but prevents comsat from reading files outside the mail spool. PR: 270404 MFC after: 1 week Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D51580 (cherry picked from commit 4a4338d94401f0012380d4f1a4d332bd6d44fa8e) 2024-12-04T18:38:31Z Ed Maste emaste@FreeBSD.org 2024-12-01T20:43:10Z urn:sha1:30bcbf8a2fefe81e28bd9e293d9ee970464b0da4 It's good to reduce privilege as early as possible. Suggested by: jlduran Reviewed by: jlduran Obtained from: NetBSD Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47869 (cherry picked from commit 91629228e3df14997df12ffc6e7be6b9964e5463) 2024-12-04T18:38:31Z Ed Maste emaste@FreeBSD.org 2024-11-28T16:54:48Z urn:sha1:bb9678f1ff6881b036220045adb58047332cfb0d PR: 270404 Reviewed by: jlduran Obtained from: NetBSD Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47828 (cherry picked from commit d4dd9e22c13896e6b5e2a6fc78dad4f8496cc14d) 2024-12-02T21:10:31Z Ed Maste emaste@FreeBSD.org 2024-11-27T20:36:46Z urn:sha1:957f7a2a58e550bd31d8ebec67f99d19087746a2 Just return from jkfprintf if either (a) user lookup fails (that is, getpwnam fails) or (b) setuid() to the user's uid fails. If comsat is invoked from inetd using the default of tty:tty we will now return due to setuid() failing rather than fopen() failing. PR: 270404 Reviewed by: kevans Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47823 (cherry picked from commit 062b69ba045dc0fef3d9b8d73365d2798c05a480) 2023-10-24T17:10:12Z John Baldwin jhb@FreeBSD.org 2023-09-25T14:54:56Z urn:sha1:260bab9f1e6f2a770eab029f5b37e6f4fa12edbe These do not use __FBSDID but instead use bare char arrays. Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D41957 (cherry picked from commit eba230afba4932f02a1ca44efc797cf7499a5cb0) 2023-08-16T17:55:15Z Warner Losh imp@FreeBSD.org 2023-08-16T17:55:15Z urn:sha1:b2c76c41be32f904179efed29c0ca04d53f3996c Remove /^\.\\"\s*\$FreeBSD\$$\n/ 2023-08-16T17:55:03Z Warner Losh imp@FreeBSD.org 2023-08-16T17:55:03Z urn:sha1:d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ 2023-04-19T00:14:23Z Simon J. Gerraty sjg@FreeBSD.org 2023-04-19T00:14:23Z urn:sha1:d9a42747950146bf03cda7f6e25d219253f8a57a 2017-11-20T19:49:47Z Pedro F. Giffuni pfg@FreeBSD.org 2017-11-20T19:49:47Z urn:sha1:8a16b7a18f5d0b031f09832fd7752fba717e2a97 Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.