From nobody Wed Jun  3 14:06:35 2026
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gVqJH63qkz6fv3y
	for <dev-commits-src-main@mlmmj.nyi.freebsd.org>; Wed, 03 Jun 2026 14:06:55 +0000 (UTC)
	(envelope-from rionda@gmail.com)
Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gVqJH0HVYz3T3G
	for <dev-commits-src-main@freebsd.org>; Wed, 03 Jun 2026 14:06:55 +0000 (UTC)
	(envelope-from rionda@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-qk1-x731.google.com with SMTP id af79cd13be357-91550dfc11fso428832585a.1
        for <dev-commits-src-main@freebsd.org>; Wed, 03 Jun 2026 07:06:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1780495608; x=1781100408; darn=freebsd.org;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:sender:from:to:cc:subject
         :date:message-id:reply-to;
        bh=/mjrJYeAPPZoxDvIu1B/6JGK6DbM/UXbWXF7ooKB55o=;
        b=OCvJq61iuKRHC7T9q3yZirwBZ7UuG/Ntx2peT97mv4n8sw/vBsuWrKk+L2K1X09BGb
         OF7trFDIDGTvfS4OHYJ/uXnwMuUVlzm3SAMn4B1sODyhtcrYuk3Kc2wzLjqxH+xjQzrQ
         ui7qDlNbNT1fF5wov5dr3uKEdJWr4ON3Ai0ov37It5q/tFtWqvrWwdT3R9q2LerCI5WO
         2qKOAYsdmKrQbw6Q6QgXU/qFYun4qM0s05Z1gDmXbD9JkyEW6NWcUT7oQo8G36pabt3T
         gLbpna8mbikmH/edzt8xvbiN+fak0pGJZjkxr/KgABTGhFHB2feYX1WfSCxBTO5xbKOl
         maiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780495608; x=1781100408;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:sender:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=/mjrJYeAPPZoxDvIu1B/6JGK6DbM/UXbWXF7ooKB55o=;
        b=IzCwPROIqhbl7Ej+rcD4B9XIUxY/XiOVN0F+151Ky6Pq297ecVqhRV3StJPCLTz//5
         phYOVOq0wyC2rewVD5/fmzkp527QtI3DqTWpCs7f5FWkO17Bt/bc5f4iEoN125zaEROS
         JtLhG/jLtFYwSWxs3VoKbNuFs++g/CyUZrc8lGUGVsODEiAkUMF9G9tAC5BOvIdR9RCH
         EHB7jhLwfWxJ7zX7+3NhgHqCP5ZDjeyMfrQXHegvIb4/82Uz6TQL/eSiKNKXxUytHiVM
         w36fwtK86X7YodqHkX+eVwTLaWLhq9I3ZxgjW3FovmzOEtYVFQHoBdFnu+mrws0WMobq
         rUTg==
X-Forwarded-Encrypted: i=1; AFNElJ/AZckxBf4bsnabyv6EgmD2P7qPfCg89ZWTYxMFS+ECzBLuP8fqCwdg3Q+gESbVQzrWtrlLpJ5wTs7ChFjT2hqcbB8Onw==@freebsd.org
X-Gm-Message-State: AOJu0YwmUsR8FGFgc5KynBAK3nQ2g8D9EbwGI2tE8zG/GMV120dxJncU
	xPkTfPVaWtMxguyNNipqn6ifSpIEiPT/w9sW9Fy2ETFsRPQiiK2xlBeAXsMUKQ==
X-Gm-Gg: Acq92OEGUJdjok+VxFWLP8gIMhaG7GSm3e8aA2W7NmxFzG673M3tVpfFW3PirxdhpBX
	uZGZ5Q7x6VXlLaO1tQJDJrWka0tz7h/rt35VOZCq783B/QQMKDlff9xx2aZbOuMRk+K4QU1Jea+
	l3ytsS17JiPlS2mzB3anZndD6ySl5SPogqq6mhg9j7C/giPGd+n5hVDr+LJJjjfIGRdvXHHW+q6
	7jeX56Kzg2b9aYtfu7Lqttr0kRLFGhzTVyxFT1RkurKTFcXL/b/MlqhgUS4cu1kzEoKQszg+9gx
	Rt/z/i70ONoi+medtSEdjASVoj4kwPz5uztA+h+v/6VTum7fUvFttJhbj7f7kYSmd4vH39bF1tR
	0mt9UVlTyOLHgZxuIw/wIr3Zqmr2gq5QOOy1MmfJwxjHGOjvyyObl0u8xHbPmqvcmGSUgE7m7l4
	Rg7JpfMhriZLTwL9gecqUGm3kq4WLUpgTDQg7sUA8kfFkeEBSNlZ10JLyXtyqhIq8UeWOrJOquk
	7zyaF5G5I7g0k1D5tEAKazFMAscUDMbiecm
X-Received: by 2002:a05:622a:346:b0:50e:a1aa:2cd9 with SMTP id d75a77b69052e-517785cd43emr50963911cf.15.1780495608022;
        Wed, 03 Jun 2026 07:06:48 -0700 (PDT)
Received: from smtpclient.apple (pafw-natd-255-179.amherst.edu. [148.85.255.179])
        by smtp.gmail.com with ESMTPSA id d75a77b69052e-51775d81f7asm24555871cf.19.2026.06.03.07.06.46
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 03 Jun 2026 07:06:46 -0700 (PDT)
Content-Type: text/plain;
	charset=utf-8
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
List-Id: <dev-commits-src-main.FreeBSD.org>
List-Post: <mailto:dev-commits-src-main@FreeBSD.org>
List-Help: <mailto:dev-commits-src-main+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.600.51.1.1\))
Subject: Re: git: 3d9cd10b2857 - main - pfdenied: fix checking root anchor
From: Matteo Riondato <matteo@FreeBSD.org>
In-Reply-To: <6a2028fe.3230e.63c5c7f2@gitrepo.freebsd.org>
Date: Wed, 3 Jun 2026 10:06:35 -0400
Cc: "src-committers@freebsd.org" <src-committers@FreeBSD.org>,
 "dev-commits-src-all@freebsd.org" <dev-commits-src-all@FreeBSD.org>,
 "dev-commits-src-main@freebsd.org" <dev-commits-src-main@FreeBSD.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C719F4BE-3D8A-47F0-BC06-ED4845672BBA@FreeBSD.org>
References: <6a2028fe.3230e.63c5c7f2@gitrepo.freebsd.org>
To: Kristof Provost <kp@FreeBSD.org>
X-Mailer: Apple Mail (2.3864.600.51.1.1)
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4gVqJH0HVYz3T3G
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated

This also fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D292184=



> On Jun 3, 2026, at 9:15=E2=80=AFAM, Kristof Provost <kp@FreeBSD.org> =
wrote:
>=20
> The branch main has been updated by kp:
>=20
> URL: =
https://cgit.FreeBSD.org/src/commit/?id=3D3d9cd10b2857ee7a9ec1b04457d9ec44=
f614d32c
>=20
> commit 3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c
> Author:     Kristof Provost <kp@FreeBSD.org>
> AuthorDate: 2026-06-03 08:49:31 +0000
> Commit:     Kristof Provost <kp@FreeBSD.org>
> CommitDate: 2026-06-03 08:52:06 +0000
>=20
>    pfdenied: fix checking root anchor
>=20
>    pfctl doesn't like empty anchors (-a ''), but we can specify the =
root
>    anchor as '/' too, so do that instead.
>=20
>    PR:             295324
>    Tested by:      Pawe=C5=82 Krawczyk
>    MFC after:      1 week
>    Sponsored by:   Rubicon Communications, LLC ("Netgate")
> ---
> usr.sbin/periodic/etc/security/520.pfdenied | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>=20
> diff --git a/usr.sbin/periodic/etc/security/520.pfdenied =
b/usr.sbin/periodic/etc/security/520.pfdenied
> index d87dfa0ae64c..a3cddf30d726 100755
> --- a/usr.sbin/periodic/etc/security/520.pfdenied
> +++ b/usr.sbin/periodic/etc/security/520.pfdenied
> @@ -41,7 +41,7 @@ rc=3D0
> if check_yesno_period security_status_pfdenied_enable
> then
> TMP=3D`mktemp -t security`
> - for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a =
"blocklistd" -sA 2>/dev/null) =
${security_status_pfdenied_additionalanchors}
> + for _a in "/" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a =
"blocklistd" -sA 2>/dev/null) =
${security_status_pfdenied_additionalanchors}
> do
> pfctl -a "${_a}" -sr -v -z 2>/dev/null | \
> nawk '{if (/^block/) {buf=3D$0; getline; gsub(" +"," ",$0); if ($5 > =
0) print buf$0;} }' >> ${TMP}
>=20

Thanks,=20
Matteo