From nobody Fri May 29 16:01:58 2026
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gRp5M0TKcz6flTJ
	for <dev-commits-src-main@mlmmj.nyi.freebsd.org>; Fri, 29 May 2026 16:01:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gRp5L6SW5z3Hvq
	for <dev-commits-src-main@FreeBSD.org>; Fri, 29 May 2026 16:01:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1780070518;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vwQTyXCrb6lUOSci4Cq1MT1iZvK6jrrKQf5TJz8+P1A=;
	b=ZKyFWsaL6clTEx3+EqeFy/qNRbF7UteG8uaWn4UsIBppVCnqqL4m8rFULAggGAu+2dwAa8
	wOHOFf4J6anTgkekeolIa8/9UMwIFt7J8TqTTsRTbZtpAlwPY0M1fyk/biRhoFNLsYtTVK
	h1HiYvniPRmV2V3Ae8ZMNY0UksDHnM64AxiiZ6mibNYojU1dRKsG9LvomaplqhjMyXBRjR
	U7VRDIWsn88tyMUomyqObPf9txj0o9i2VBQEmHuHpsGOqhKWwyKJb5PRV9hz9FF2eIHwUu
	cF6qxsBJ4py6g7CO/wdyIldoUkGl/ildBAuRBWsbD3xjDI2/kJmYaXV/wsPF5g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1780070518; a=rsa-sha256; cv=none;
	b=UEgW3sJxprNch8eHHTM0cECqCBicNDM3c70mnN0f6JtNwByqv5B6d7Z14jpLidzbzIAxx+
	icslLCohpKNH2m7Gy1DZooS5VY191gi9h7l79oXLyu0o9YHFTGdLAWLmVOPQI0+yz7fT8G
	jy8o2asByPG4OjgkR+BhVrtL1LKTBhpaGMwcj/5CNIf48iAY24o+ZbTEik4Iy/16DwasLC
	uYH5MYXEJvt7BFb9HQIphFO36+A2BmSn9h/+ZwuXtP3suRU71JdSxH2vV0/tzLW5PiSwOO
	TPkPuJLF6lOemhD8A4E5vx/UXU/TIRdhFXkALud1PyagPj3Mzh9uLn3efLKLKQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1780070518;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vwQTyXCrb6lUOSci4Cq1MT1iZvK6jrrKQf5TJz8+P1A=;
	b=AY1LizFNMoCseCIz16AOPkDUU+qGizhUNYWI64oA2xVvq5boRRDIoFSZYs+w3s5oizWkDi
	i+hKD4zK45/XqfGEDrIh/97dS7az9TyFaDl/PMcygNxJu26XZWD7LRch2RcPbXh2o9xsxT
	Bt/2NGf/5ouYRuCZgvG5Kue2KVwq9PK71sLzce0OTV3cSiRIiw5AyZpBRknwkDlhVElw8K
	pRmZFpWbeheuH+T68sZTPHH/GSea6UjxJ6lNGPAXkwjL6wKb9uzyQ8Ccwo2Ithj9zcoBfH
	x2UD89jvHCr9r4uVjkQPe+w0B+NHeEQPV1t0sSkKYx5Lup2iwIv/MsOI/MCXng==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gRp5L5wkHzgcr
	for <dev-commits-src-main@FreeBSD.org>; Fri, 29 May 2026 16:01:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 36115
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Fri, 29 May 2026 16:01:58 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 1fa1e3f3950f - main - MAC/do: Do not skip blanks when parsing executable paths
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
List-Id: <dev-commits-src-main.FreeBSD.org>
List-Post: <mailto:dev-commits-src-main@FreeBSD.org>
List-Help: <mailto:dev-commits-src-main+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 1fa1e3f3950fc0593ab73ea075c24c9bfbe8afd6
Auto-Submitted: auto-generated
Date: Fri, 29 May 2026 16:01:58 +0000
Message-Id: <6a19b876.36115.530a6f75@gitrepo.freebsd.org>

The branch main has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=1fa1e3f3950fc0593ab73ea075c24c9bfbe8afd6

commit 1fa1e3f3950fc0593ab73ea075c24c9bfbe8afd6
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2026-05-07 15:32:28 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2026-05-29 15:37:14 +0000

    MAC/do: Do not skip blanks when parsing executable paths
    
    The kind of tolerance we apply to parsing rules, whose format we have
    defined, cannot be applied to paths since blank characters are allowed
    there.
    
    There is still the limitation that no escape character is currently
    supported, and so it is not possible to configure a path having a ':'
    character.
    
    Reviewed by:    bapt
    Fixes:          9818224174c4 ("MAC/do: Executable paths feature (GSoC 2025's final state)")
    MFC after:      1 month
    Sponsored by:   The FreeBSD Foundation
    Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
---
 sys/security/mac_do/mac_do.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index c30ece0a0794..9e9f57be6c3c 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -1163,7 +1163,7 @@ parse_exec_paths(const char *const string, struct exec_paths *const exec_paths,
 	MPASS(copy[len] == '\0');
 
 	p = copy;
-	while ((path = strsep_noblanks(&p, ":")) != NULL) {
+	while ((path = strsep(&p, ":")) != NULL) {
 		size_t path_len;
 
 		if (*path == '\0')