From nobody Thu Apr  2 11:20:45 2026
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fmfYB0Pb8z6YGs5
	for <dev-commits-src-branches@mlmmj.nyi.freebsd.org>; Thu, 02 Apr 2026 11:20:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4fmfY91Sj4z3JWY
	for <dev-commits-src-branches@FreeBSD.org>; Thu, 02 Apr 2026 11:20:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1775128845;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pgbnUSHWe4iWs6bvtkLgPS0PBagS5JYLwFxHyB/n5EE=;
	b=OUYFzvowEo/IHtR0nv167E6niPnduMDKtLXLrAdVZYSDVrbtXZlqtye1DPoc0DXBZ4uz8Z
	qlELjLQw6LIVsB78lW4+Wf/TdcZ1qpbJQdyl24hsi4FdgxOnBq4m/3kQ2nN5uyyMHTGB+a
	tteG7R1h9uF4cWgn36365TdsnIen9w/+Yqcjpu7oseKaQlD4vz/P2CZ0ehawZSjhRqg8Dv
	qU5G3Pk0wNAHY4cFUw7KuICggsZrxigZHRVcWUVEped7RUDMTh5q4AIEO+S3yRVKFWCWEl
	k8q7LNgmz2wyc00M/TxCvCB+0X0wmghbxXrBKSpaz9JzoQPkxDZDh7NsbYiPtg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1775128845; a=rsa-sha256; cv=none;
	b=R48XCPnZA+ea48KlgNOfGgKkkhgAc+KX+PbBw5Mddh97Vy1Rf81sAd4tmLUfjsoqLdIovO
	hGSh45626c8EqTVvk+Bz7xeNknxvc7RMnbZep5QXyqylBcH69jpSLa+bhbCCQ3BabMdX7f
	fxratpifiXdJ7iNL4HoxWrUAdFElPNq0KIDNg73XpZjlE0FTuKRr8B/UI3aFNGK5MWm0LI
	RzVkfnNxnPRg9XSJer/5O1pxp1WeqpXgHUBWHjI1wNuigX0zwwN29kbJ4mBLWqlxfLvkf/
	KSB2o3khNf9TvS+R4ucAn+VkWxXrC1b8Z+CBAg8vtYcowHc6Zmls+1LuIO9kEg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1775128845;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pgbnUSHWe4iWs6bvtkLgPS0PBagS5JYLwFxHyB/n5EE=;
	b=EdokZu8DnWhI3xHu5XaICU3s87U3OPVDbBbBupXsOW4aeFhss/EaWqQSrBGkSUdmEoHGVp
	AqlHyr/sAY176nkxVIbsfH7pZziY1hleR1ijMDghOSnQKoawi9dIKTxXiFEtCf+oFi8kHx
	2AE7oDOROv5vTobzEAq02MTNLLlTZXGihcvhWe1H37enH2iqUhjediyIb/KjjkESwnUqQM
	oi96cOaihRW9Y57Rm6kYfU9VXx1/SHv8904eIzzA1uPvZb2XKpcd4fqlbG2LUwDpvcwSPr
	AIddl95PeXM8/YPn4Zpbxi87YW1IcihnyRtuMw1PH37CBEyzA1nurs08SAGvdA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fmfY90q2Lz105c
	for <dev-commits-src-branches@FreeBSD.org>; Thu, 02 Apr 2026 11:20:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 1f3aa
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 02 Apr 2026 11:20:45 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav <des@FreeBSD.org>
Subject: git: 3e8b9c30c5a8 - stable/14 - tzcode: Don't treat TZDEFAULT as tainted
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 3e8b9c30c5a89ad2d7f8dd965924bdb58e53ef09
Auto-Submitted: auto-generated
Date: Thu, 02 Apr 2026 11:20:45 +0000
Message-Id: <69ce510d.1f3aa.7981ba51@gitrepo.freebsd.org>

The branch stable/14 has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=3e8b9c30c5a89ad2d7f8dd965924bdb58e53ef09

commit 3e8b9c30c5a89ad2d7f8dd965924bdb58e53ef09
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2025-09-01 06:33:28 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2026-04-02 11:16:00 +0000

    tzcode: Don't treat TZDEFAULT as tainted
    
    tzset() calls zoneinit() with the FROMENV flag set unconditionally, so
    if TZ is unset and we use TZDEFAULT instead, we were still treating it
    as if it came from the environment.  Unset the FROMENV flag if name is
    null and we switch to TZDEFAULT, or if, after skipping the optional
    leading colon, we find that name is identical to TZDEFAULT.
    
    This incorporates upstream change d0e0b00f846c ("Avoid unnecessary
    access, stat calls").
    
    Fixes:          b6ea2513f776 ("tzcode: Limit TZ for setugid programs")
    Event:          Oslo Hackathon 202508
    Reviewed by:    philip
    Differential Revision:  https://reviews.freebsd.org/D52240
    
    (cherry picked from commit ca89e15355097e9b57bf4e17a50506e081fe04b3)
---
 contrib/tzcode/localtime.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/contrib/tzcode/localtime.c b/contrib/tzcode/localtime.c
index a80d422f2955..15afeeecb6d0 100644
--- a/contrib/tzcode/localtime.c
+++ b/contrib/tzcode/localtime.c
@@ -615,6 +615,7 @@ tzloadbody(char const *name, struct state *sp, char tzloadflags,
 		name = TZDEFAULT;
 		if (! name)
 		  return EINVAL;
+		tzloadflags &= ~TZLOAD_FROMENV;
 	}
 
 	if (name[0] == ':')
@@ -670,11 +671,13 @@ tzloadbody(char const *name, struct state *sp, char tzloadflags,
 	fid = _open(name, (O_RDONLY | O_BINARY | O_CLOEXEC | O_CLOFORK
 			  | O_IGNORE_CTTY | O_NOCTTY));
 #else /* __FreeBSD__ */
+	if ((tzloadflags & TZLOAD_FROMENV) && strcmp(name, TZDEFAULT) == 0)
+          tzloadflags &= ~TZLOAD_FROMENV;
 	relname = name;
 	if (strncmp(relname, TZDIR "/", strlen(TZDIR) + 1) == 0)
 	  relname += strlen(TZDIR) + 1;
 	dd = _open(TZDIR, O_DIRECTORY | O_RDONLY);
-	if (issetugid() && (tzloadflags & TZLOAD_FROMENV)) {
+	if ((tzloadflags & TZLOAD_FROMENV) && issetugid()) {
 	  if (dd < 0)
 	    return errno;
 	  if (fstatat(dd, name, &sb, AT_RESOLVE_BENEATH) < 0) {
@@ -1624,14 +1627,13 @@ zoneinit(struct state *sp, char const *name, char tzloadflags)
 static void
 tzset_unlocked(void)
 {
+  char const *name = getenv("TZ");
 #ifdef __FreeBSD__
-  tzset_unlocked_name(getenv("TZ"));
+  tzset_unlocked_name(name);
 }
 static void
 tzset_unlocked_name(char const *name)
 {
-#else
-  char const *name = getenv("TZ");
 #endif
   struct state *sp = lclptr;
   int lcl = name ? strlen(name) < sizeof lcl_TZname : -1;