From nobody Wed Jun 3 14:06:35 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gVqJG490nz6fv3x for ; Wed, 03 Jun 2026 14:06:54 +0000 (UTC) (envelope-from rionda@gmail.com) Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gVqJG0bk5z3T7s for ; Wed, 03 Jun 2026 14:06:54 +0000 (UTC) (envelope-from rionda@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-qk1-x732.google.com with SMTP id af79cd13be357-91550f68089so406862285a.2 for ; Wed, 03 Jun 2026 07:06:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780495608; x=1781100408; darn=freebsd.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:sender:from:to:cc:subject :date:message-id:reply-to; bh=/mjrJYeAPPZoxDvIu1B/6JGK6DbM/UXbWXF7ooKB55o=; b=OCvJq61iuKRHC7T9q3yZirwBZ7UuG/Ntx2peT97mv4n8sw/vBsuWrKk+L2K1X09BGb OF7trFDIDGTvfS4OHYJ/uXnwMuUVlzm3SAMn4B1sODyhtcrYuk3Kc2wzLjqxH+xjQzrQ ui7qDlNbNT1fF5wov5dr3uKEdJWr4ON3Ai0ov37It5q/tFtWqvrWwdT3R9q2LerCI5WO 2qKOAYsdmKrQbw6Q6QgXU/qFYun4qM0s05Z1gDmXbD9JkyEW6NWcUT7oQo8G36pabt3T gLbpna8mbikmH/edzt8xvbiN+fak0pGJZjkxr/KgABTGhFHB2feYX1WfSCxBTO5xbKOl maiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780495608; x=1781100408; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:sender:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/mjrJYeAPPZoxDvIu1B/6JGK6DbM/UXbWXF7ooKB55o=; b=mrNr2IBeVHu6e8r9OR3CTSRKM5sWHZpkti+hZO/dRaTS/eCHMPnPQeCDvBiKo2TRcf uihYBDeWlk9iXcptQOAb+ScC9KFrnmW8W9AZ5JfLtulIyCHor2LxrABDcdjDZdO7iB4w NbkS2KB1bZbtbf1Ol700K1YazBqvLhLVESkbmj4aPxYSDVFGR7bRr6lKIhK4CzZyAXO1 rWycdNdBSims6Qabwmia5yTCnEil2rKAMnZYei6y1MRRMSBmywRFxgXNOSYXH6DUUDBD yfAJmOpTnBUbgWTCBtEJNbmQrP371iNOfDQh0Fi9xTmkuBOP8AKZ5fv5IZ5CK9Ste9ba 0foA== X-Forwarded-Encrypted: i=1; AFNElJ/bpCvEj5o82au/XLsVnumY2t///BD7QCv7zZOkal5g+urZwlE/KRgqDqLiYQwMIwHebwcn1SlGiOGr1iuwscw0y+57@freebsd.org X-Gm-Message-State: AOJu0YwLgAsAUBwOac7UqsvWHzmCfVG+wAy0nVyJC7VfefNjozw4xgag BpmorQYEfPvUNTD1CZd8PUk/fUgPj6dfKVKnI2f2VM0fTh4IhX8+Dfl7 X-Gm-Gg: Acq92OEQbok906knVJ7oMFKvOduFhFeA+X76JbySzpVYIkNIbhqzUnkLTUjLmfLOBTI jKZC0hf0dHNf46mBb4aqW4Gvde330S25h3w3fNUAeWnsLgAIjhOJ4pUhDbYkbOSIXKbzjFVsGVm AS0bMM2XbieRBkSEOsdFP2460ZaR2yxNNjU0P4Yv4sr5o77g7SSj4IUinyHo1m+t1qtA6q79JXq HruMWrDgzXDwDkz5hERoONBSmkE0LbIKEnQsk0ZglMPN824Seipqr+QCVHV93wifvEOR70g0XnV zkPRoUKOrSvPCCSGQFejV41p8QBXBbJVPlZKe/B3WgW7oxSbVwicOUFnBbrOY3JbSNhwJomoYbp T/XVbDBVWMw6C+QZuwcMfZL17iomZ9Jx5PDwOWL/u1DQTlkgVY5/jZ6SLvTzVTc6QURcZ/O9fDk 97viBICyOmoV9+gJara0C0J4WGM5RQPnNGhOazIFHgF8Yh5Gqoh4gewOFOzCTqJgdobJ58z9Jvs XGf/IPAFEokSn5khNCJCEAZrauUKgMyXFPm X-Received: by 2002:a05:622a:346:b0:50e:a1aa:2cd9 with SMTP id d75a77b69052e-517785cd43emr50963911cf.15.1780495608022; Wed, 03 Jun 2026 07:06:48 -0700 (PDT) Received: from smtpclient.apple (pafw-natd-255-179.amherst.edu. [148.85.255.179]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51775d81f7asm24555871cf.19.2026.06.03.07.06.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Jun 2026 07:06:46 -0700 (PDT) Content-Type: text/plain; charset=utf-8 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.600.51.1.1\)) Subject: Re: git: 3d9cd10b2857 - main - pfdenied: fix checking root anchor From: Matteo Riondato In-Reply-To: <6a2028fe.3230e.63c5c7f2@gitrepo.freebsd.org> Date: Wed, 3 Jun 2026 10:06:35 -0400 Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <6a2028fe.3230e.63c5c7f2@gitrepo.freebsd.org> To: Kristof Provost X-Mailer: Apple Mail (2.3864.600.51.1.1) X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4gVqJG0bk5z3T7s X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated This also fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D292184= > On Jun 3, 2026, at 9:15=E2=80=AFAM, Kristof Provost = wrote: >=20 > The branch main has been updated by kp: >=20 > URL: = https://cgit.FreeBSD.org/src/commit/?id=3D3d9cd10b2857ee7a9ec1b04457d9ec44= f614d32c >=20 > commit 3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c > Author: Kristof Provost > AuthorDate: 2026-06-03 08:49:31 +0000 > Commit: Kristof Provost > CommitDate: 2026-06-03 08:52:06 +0000 >=20 > pfdenied: fix checking root anchor >=20 > pfctl doesn't like empty anchors (-a ''), but we can specify the = root > anchor as '/' too, so do that instead. >=20 > PR: 295324 > Tested by: Pawe=C5=82 Krawczyk > MFC after: 1 week > Sponsored by: Rubicon Communications, LLC ("Netgate") > --- > usr.sbin/periodic/etc/security/520.pfdenied | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/usr.sbin/periodic/etc/security/520.pfdenied = b/usr.sbin/periodic/etc/security/520.pfdenied > index d87dfa0ae64c..a3cddf30d726 100755 > --- a/usr.sbin/periodic/etc/security/520.pfdenied > +++ b/usr.sbin/periodic/etc/security/520.pfdenied > @@ -41,7 +41,7 @@ rc=3D0 > if check_yesno_period security_status_pfdenied_enable > then > TMP=3D`mktemp -t security` > - for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a = "blocklistd" -sA 2>/dev/null) = ${security_status_pfdenied_additionalanchors} > + for _a in "/" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a = "blocklistd" -sA 2>/dev/null) = ${security_status_pfdenied_additionalanchors} > do > pfctl -a "${_a}" -sr -v -z 2>/dev/null | \ > nawk '{if (/^block/) {buf=3D$0; getline; gsub(" +"," ",$0); if ($5 > = 0) print buf$0;} }' >> ${TMP} >=20 Thanks,=20 Matteo