This change is a security release which resolves several issues with OpenSSL 3.5,
the highest severity issue being ranked "High". Users are strongly encouraged to
update to this release.
More information about the release (from a high level) can be found in
the release notes [1].
1. https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md
All conflicts were resolved with `--theirs`, taking the release diff
over the local diff; the conflicts occurred due to preemptive security
fixes applied by so@ in e508c343.
MFC after: 3 days (the important security issues have been
preemptively addressed)
Merge commit '3a71a35ad9dad0e5d2cad8efecc8ba9d57c42d43'
Conflicts:
crypto/openssl/include/internal/quic_channel.h
crypto/openssl/ssl/quic/quic_channel_local.h
crypto/openssl/ssl/quic/quic_rx_depack.c
crypto/openssl/test/cmsapitest.c
crypto/openssl/test/evp_extra_test.c
The Book-E watchdog is effectively a state machine based around an AND
mask of the timebase register. A single bit (0-63) is watched in the
timebase register, and when it transitions (by counting *or* by
programmatically setting) an exception is triggered. The first
exception triggers a core interrupt. The second is programmable.
In our case, we panic on the first and reset on second.
* Force the type of the literal `1` passed to nstosbt() to ensure it's a
64-bit type (or larger). Otherwise it gets inconveniently typed to
int, resulting in truncation.
* Use `flsll()` when converting sbt to power-of-2-nanoseconds to fix
32-bit compatibility.
PR: 292616
Obtained from: Hewlett Packard Enterprise
Fixes: 26d6617f3 ("watchdog: Convert to using sbintime_t format")
MFC after: 3 days
RFC 1994 does not place any limit on the length of the value field in
challenge messages except that the length is a single octet which
bounds the maximum length to 255.
NB: I'm not sure why the local[] and peer[] arrays contain room for an
authentication name (AUTHLEN) in addition to a challenge value/response,
but I've just left that in place.
PR: 271955
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D57138
Only fetch the optional mode argument to ID0open to pass to open(2) if
O_CREAT is present in the flags argument. It is UB to fetch an
argument that doesn't exist. On CHERI this UB results in a fault.
Reviewed by: brooks
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D57137
The man page incorrectly stated that hdestroy() calls free(3) for
each comparison key. The implementation (hdestroy_r.c) only frees
the internal table structure, not the user-provided keys or data.
This matches POSIX, which says hdestroy "shall dispose of the
search table" without mentioning key deallocation.
Update the description to clarify that the caller is responsible
for freeing any memory associated with table entries.
PR: 291240
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2095
Add documentation for the ATU (Address Translation Unit) commands
that were implemented but not documented in the man page:
- atu dump: display the MAC address table
- atu flush all: clear all dynamic ATU entries
- atu flush port <n>: clear ATU entries for a specific port
Also add atu to the SYNOPSIS section.
PR: 275413
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2096
The man page only mentioned jumbo frame support for the 8169, 8169S,
and 8110S chips. The 8168 and 8111 family also support jumbo frames,
with varying MTU limits depending on the chip revision (6K for C
variants, 9K for D and later). Update the documentation to reflect
the actual driver capabilities.
PR: 160399
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2097
Add documentation for the vt_font, vt_keymap, vt_repeat, vt_saver,
vt_screenmap, and vt_ttys commands which are available at runtime
but were not listed in the man page.
Also clarify that the existing syscons_* commands are for the
syscons(4) console driver and remove stale commented-out entries.
PR: 291051
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2100
Since commit 97e1303791, the -P flag works without -R as
required by POSIX. Update the man page to state that only -H
and -L are ignored without -R, while -P can be used independently.
PR: 289959
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2102
The --si option (human-readable output with SI units based on
powers of 1000) was implemented but missing from both the SYNOPSIS
and the options list.
PR: 265199
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2104
Improve error handling for invalid user names and UIDs in renice:
- Use warnx() and err() for consistent error reporting
- Set errno = EINVAL for invalid input
- Provide clearer error messages for invalid user names and UIDs
- Add test cases for invalid user input
Signed-off-by: androvonx95 <androvonx95@tutamail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1768
Update the GCE image creation process to automatically apply the
'public-image=true' label when publishing new images. This aligns
with standard labeling expectations for images hosted in public
projects.
MFC after: 3 days
Implement the getsockopt for TCP_INFO by mapping FreeBSD's version to
what Linux expects.
MFC after: 1 month
Relnotes: yes
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D55882
When `boot_policy` is `RELAXED`, `find_currdev()` tried ZFS pools on every
disk before searching the boot ESP and sibling partitions. Booting install
media from USB could therefore select an installed ZFS root on internal
storage instead of the intended memstick UFS image.
Extract the boot-device partition walk into `try_boot_device_partitions()`
and run it before relaxed foreign-pool probing. The ZFS search order is
preserved; pools on the boot device are tried first, followed by pools on
other devices when `boot_policy` is `RELAXED` and the boot device yields
no bootable root.
Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2239
Recalculate it to iterate over the right set of processes.
Prevent reaper' struct proc reuse by holding the tree ref on it.
Since our reference is taken under the proctree lock and we know that
the process is reaper, it cannot go away. The process hold count
(p_lock) cannot be used there because p_lock intent is prevent exit, but
reaper owns its reap-children until reaped itself, i.e. even a zombie
reaper is still on duty.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
Owning the reference prevents reuse of the struct proc.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
This restores existing error code for connect(2) over unix domain socket
when the empty string is specified as socket address.
Reported by: eduardo
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57509
No existing tests require it, and I cannot understand what kinds of test
scenarios are supposed to require it. Just remove it.
While here, improve the documentation of test variables a bit.
Reviewed by: ngie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56604
AMD does not have a CPUID bit to indicate the lack of K8 PMCs. If all
other PMC features are not present we should test an event selector to
see if it stores and returns a value. If the VM is implemented
correctly, this should result in a #GP on the initial wrmsr_safe. Bhyve
and a few other VMs ignore writes, so I got one step further and test
that it retains the OS and USR bits.
Tested on Zen 5 native and a Zen 5 Bhyve virtual machine. This code
should not run on any recent hardware, except in a VM, as it checks that
the core counter extension is missing.
PR: 268943
Reported by: Sandipan Das, John F. Carr <jfc@mit.edu>
Reviewed by: mhorne, imp
Sponsored by: Netflix
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/2272/changes
I've been the quasi-defacto component maintainer for OpenSSL since
14.0-RELEASE. Make it official via CODEOWNERS/MAINTAINERS.
The goal is to help guide those interested in making changes in this
space to solicit my input with the new vendor import process and
coordinate fixes with upstream until things are at a point where most of
this is automated a system of automated checks and balances to confirm
that the updates being made to the component help maintain a security
supply chain for this given component.
Thank you benl and jkim for your past efforts in this component area.
Hopefully I can do my part to help improve this critical space further
as you both did in your respective tenures.
MFC after: 3 days
This is a rollup commit from upstream to fix:
Reject oversized inputs in ASN1_mbstring_ncopy()
cms: kek_unwrap_key: Fix out-of-bounds read in check-byte validation
cms: kek_unwrap_key: test for fix out-of-bounds read in check-byte validation
Avoid length truncation in ASN1_STRING_set
pkcs12: verify that the pbmac1 key length is safe
Reject potentially forged encrypted CMS AuthEnvelopedData messages
QUIC stack must limit the number of PATH_CHALLENGE frames processed in RX
Fix NULL dereference in QUIC address validation
Fix potential NULL dereference processing CMS PasswordRecipientInfo
Fix potential NULL dereference in OSSL_CRMF_ENCRYPTEDVALUE_decrypt()
Enforce implicit rejection for CMS/PKCS#7 decryption
Use the correct issuer when validating rootCAKeyUpdate
Match the local q DHX parameter against the peer's q
Apply the buffered IV on the AES-OCB EVP_Cipher() path
Fix handling of empty-ciphertext messages in AES-GCM-SIV and AES-SIV
Fix possible use-after-free in OpenSSL PKCS7_verify()
Approved by: so
Obtained from: OpenSSL
Security: FreeBSD-SA-26:35.openssl
Security: CVE-2026-7383
Security: CVE-2026-9076
Security: CVE-2026-34180
Security: CVE-2026-34181
Security: CVE-2026-34182
Security: CVE-2026-34183
Security: CVE-2026-42764
Security: CVE-2026-42766
Security: CVE-2026-42767
Security: CVE-2026-42768
Security: CVE-2026-42769
Security: CVE-2026-42770
Security: CVE-2026-45445
Security: CVE-2026-45446
Security: CVE-2026-45447
Otherwise an unprivileged user can disable randomization of the base
address for PIEs even if they are setugid.
Add a regression test.
Approved by: so
Security: FreeBSD-SA-26:32.elf
Security: CVE-2026-49414
Reported by: David Berard
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57397
- ARM C1-Premium erratum 4193780
- ARM C1-Ultra erratum 4193780
- ARM Cortex-A76 erratum 4193800
- ARM Cortex-A76AE erratum 4193801
- ARM Cortex-A77 erratum 4193798
- ARM Cortex-A78 erratum 4193791
- ARM Cortex-A78AE erratum 4193793
- ARM Cortex-A78C erratum 4193794
- ARM Cortex-A710 erratum 4193788
- ARM Cortex-X1 erratum 4193791
- ARM Cortex-X1C erratum 4193792
- ARM Cortex-X2 erratum 4193788
- ARM Cortex-X3 erratum 4193786
- ARM Cortex-X4 erratum 4118414
- ARM Cortex-X925 erratum 4193781
- ARM Neoverse-N1 erratum 4193800
- ARM Neoverse-N2 erratum 4193789
- ARM Neoverse-V1 erratum 4193790
- ARM Neoverse-V2 erratum 4193787
- ARM Neoverse-V3 erratum 4193784
- ARM Neoverse-V3AE erratum 4193784
These are all variants on an erratum where TLBI+DSB instructions on
one CPU may incorrectly complete early leading to stores to an updated
address using an incorrect translation on another CPU.
In all cases the workaround is to add a second TLBI+DSB.
Approved by: so
Security: FreeBSD-SA-26:31.arm64
Security: CVE-2025-10263
Sponsored by: Arm Ltd
The runtime linker in glibc relies on the AT_SECURE auxv entry to know
whether the executable is set-ugid, if so then various dangerous
functionality such as LD_PRELOAD is disabled.
The check added in commit 669414e4fb failed to take into account the
fact that during execve, P_SUGID may not yet be set for a set-ugid
process. Correct the test.
Approved by: so
Security: FreeBSD-SA-26:30.linux
Security: CVE-2026-49413
Reported by: Minseong Kim
Fixes: 669414e4fb ("Implement AT_SECURE properly.")
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57350
We drop the inpcb lock in order to copy in the source list, but this
leaves a window where the multicast filter structure might be freed.
This can be exploited to obtain root privileges.
In the v4 code this race is mitigated by holding the global multicast
lock across the gap.
Restructure the code to copy in filters before doing anything else, so
that there's no need to drop the inpcb lock and reason about the
correctness of doing so. Do the same in the v4 code for consistency.
Approved by: so
Security: FreeBSD-SA-26:29.ip6_multicast
Security: CVE-2026-49412
Reported by: Andrew Griffiths <andrew@calif.io>
Reported by: Maik Münch <maik@secfault-security.com>
Reviewed by: glebius
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57347
The channel buffer mapped by dsp_mmap_single() may be freed when the
device handle is closed, but the mapping persists beyond that, allowing
userspace to read or write memory owned by a different consumer.
Fix the problem by adding a reference counter to the sound buffer.
Define pager ops for the VM object returned by dsp_mmap_single() and use
them to manage the extra reference.
Add a regression test.
Approved by: so
Security: FreeBSD-SA-26:27.sound
Security: CVE-2026-49417
Reported by: Lexpl0it, 75Acol, Liyw979, Rob1n
Reviewed by kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57393
Normally, data processed on the KTLS receive path is contained in
anonymous mbufs that can be modified in place. Either the data
originates in receive buffers from a NIC driver, or for loopback
connections the data is anonymous-backed mbufs created when writing to
a socket. One potential source of non-anonymous mbufs are mbufs
created by sendfile(2) which borrow the pages of the underlying file,
either via M_EXTPG or EXT_SFBUF that are sent over a loopback
connection. For a well-formed loopback TLS session, the sender should
only use sendfile(2) if KTLS is enabled. If TLS is fully handled in
userspace, the sender must use write(2) or send(2) which allocate
anonymous mbufs. If KTLS transmit is enabled, then sendfile(2) on a
loopback connection will always use crypto via OCF and will allocate
anonymous pages to hold the encrypted data.
However, if sendfile(2) is used to send file-backed data directly over
a loopback connection where KTLS is not enabled on the sender side,
the KTLS receive path can modify the file-backed pages in place
overwriting the file's data. One potential fix would be to replace
non-anonymous mbufs in a received TLS record with anonymous mbufs
(e.g. via m_dup()) before passing the record to OCF. However, there
is no legitimate use case for using sendfile(2) over a loopback TLS
connection without using KTLS on the sender side, so instead simply
fail decryption requests and close the connection if non-anonymous
mbufs are encountered in the RX decryption path.
Add a test for this that verifies that the original data backing the
file descriptor used as the source for sendfile() is unchanged after
being processed.
Approved by: so
Security: FreeBSD-SA-26:26.ktls
Security: CVE-2026-45257
Co-authored-by: Drew Gallatin <gallatin@FreeBSD.org>
Sponsored by: Chelsio Communications
Sponsored by: Netflix
Approved by: so
Security: FreeBSD-SA-26:25.thr
Security: CVE-2026-45256
Reported by: Igor Gabriel Sousa e Souza
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by: emaste, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57237
This is consistent with allow_read_dir and allow_ptrace.
PR: 293485
Fixes: c289291a67 ("tty: Add sysctl knob to globally disable TIOCSTI")
Sponsored by: The FreeBSD Foundation
Shell variable names cannot be safely quoted with shell_escape() —
only alphanumeric characters are valid. Add validation that set-name
only matches [a-zA-Z0-9]+; invalid values are rejected with a
warning and the rename is skipped entirely.