Removes the file size limit for -C comparisons. The limit was
meant to prevent oversized mmap allocations, which is no longer
relevant as mmap is no longer used here (removed by
a0439a1b82, review D44809).
Credit to bdrewery.
See: https://reviews.freebsd.org/D57230
Reviewed by: bdrewery, glebius, ziaee
Approved by: glebius (mentor)
Obtained from: Fudo Security
MFC after: 2 weeks
Sponsored by: Fudo Security
Differential Revision: https://reviews.freebsd.org/D57503
Regenerate gd_qnan.h on riscv using the qnan.c
config tool found in contrib/gdtoa.
This fixes the following tests in CI:
lib/libc/stdio/scanfloat_test:infinities_and_nans
lib/libc/stdlib/strtod_test:strtold_nan
Reviewed by: jrtc27
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57405
Eliminate panic when re-setting a paused failpoint to pause
(address of feq_mtx changes whilst in mtx_sleep, triggering
assertion when reacquiring mtx).
Reviewed by: rlibby
Pull Request: https://github.com/freebsd/freebsd-src/pull/2267
While here, use the more specific "pidfile" consistently instead of
ambiguous "filename".
Reviewed by: ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57531
Replace the `(bool(*)(bool))` probe in `__assert_sanitize()` with an unevaluated
conditional expression, so types with `explicit operator bool()` that require a
contextually converted constant expression of type `bool` are handled correctly.
Ergo, arity check is now performed separately via `__assert_sanitize_arity()`, a
unary template whose parameter pack must bind to exactly on argument after
`__VA_ARGS__` is substituted into the call.
Also align NDEBUG with C23 requirements.
Reported by: dim, aokblast
Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: aokblast, fuz
MFC after: 1 week
Fixes: 867b51452e
Pull Request: https://github.com/freebsd/freebsd-src/pull/2265
This change is a security release which resolves several issues with OpenSSL 3.5,
the highest severity issue being ranked "High". Users are strongly encouraged to
update to this release.
More information about the release (from a high level) can be found in
the release notes [1].
1. https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md
All conflicts were resolved with `--theirs`, taking the release diff
over the local diff; the conflicts occurred due to preemptive security
fixes applied by so@ in e508c343.
MFC after: 3 days (the important security issues have been
preemptively addressed)
Merge commit '3a71a35ad9dad0e5d2cad8efecc8ba9d57c42d43'
Conflicts:
crypto/openssl/include/internal/quic_channel.h
crypto/openssl/ssl/quic/quic_channel_local.h
crypto/openssl/ssl/quic/quic_rx_depack.c
crypto/openssl/test/cmsapitest.c
crypto/openssl/test/evp_extra_test.c
The Book-E watchdog is effectively a state machine based around an AND
mask of the timebase register. A single bit (0-63) is watched in the
timebase register, and when it transitions (by counting *or* by
programmatically setting) an exception is triggered. The first
exception triggers a core interrupt. The second is programmable.
In our case, we panic on the first and reset on second.
* Force the type of the literal `1` passed to nstosbt() to ensure it's a
64-bit type (or larger). Otherwise it gets inconveniently typed to
int, resulting in truncation.
* Use `flsll()` when converting sbt to power-of-2-nanoseconds to fix
32-bit compatibility.
PR: 292616
Obtained from: Hewlett Packard Enterprise
Fixes: 26d6617f3 ("watchdog: Convert to using sbintime_t format")
MFC after: 3 days
RFC 1994 does not place any limit on the length of the value field in
challenge messages except that the length is a single octet which
bounds the maximum length to 255.
NB: I'm not sure why the local[] and peer[] arrays contain room for an
authentication name (AUTHLEN) in addition to a challenge value/response,
but I've just left that in place.
PR: 271955
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D57138
Only fetch the optional mode argument to ID0open to pass to open(2) if
O_CREAT is present in the flags argument. It is UB to fetch an
argument that doesn't exist. On CHERI this UB results in a fault.
Reviewed by: brooks
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D57137
The man page incorrectly stated that hdestroy() calls free(3) for
each comparison key. The implementation (hdestroy_r.c) only frees
the internal table structure, not the user-provided keys or data.
This matches POSIX, which says hdestroy "shall dispose of the
search table" without mentioning key deallocation.
Update the description to clarify that the caller is responsible
for freeing any memory associated with table entries.
PR: 291240
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2095
Add documentation for the ATU (Address Translation Unit) commands
that were implemented but not documented in the man page:
- atu dump: display the MAC address table
- atu flush all: clear all dynamic ATU entries
- atu flush port <n>: clear ATU entries for a specific port
Also add atu to the SYNOPSIS section.
PR: 275413
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2096
The man page only mentioned jumbo frame support for the 8169, 8169S,
and 8110S chips. The 8168 and 8111 family also support jumbo frames,
with varying MTU limits depending on the chip revision (6K for C
variants, 9K for D and later). Update the documentation to reflect
the actual driver capabilities.
PR: 160399
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2097
Add documentation for the vt_font, vt_keymap, vt_repeat, vt_saver,
vt_screenmap, and vt_ttys commands which are available at runtime
but were not listed in the man page.
Also clarify that the existing syscons_* commands are for the
syscons(4) console driver and remove stale commented-out entries.
PR: 291051
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2100
Since commit 97e1303791, the -P flag works without -R as
required by POSIX. Update the man page to state that only -H
and -L are ignored without -R, while -P can be used independently.
PR: 289959
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2102
The --si option (human-readable output with SI units based on
powers of 1000) was implemented but missing from both the SYNOPSIS
and the options list.
PR: 265199
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2104
Improve error handling for invalid user names and UIDs in renice:
- Use warnx() and err() for consistent error reporting
- Set errno = EINVAL for invalid input
- Provide clearer error messages for invalid user names and UIDs
- Add test cases for invalid user input
Signed-off-by: androvonx95 <androvonx95@tutamail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1768
Update the GCE image creation process to automatically apply the
'public-image=true' label when publishing new images. This aligns
with standard labeling expectations for images hosted in public
projects.
MFC after: 3 days
Implement the getsockopt for TCP_INFO by mapping FreeBSD's version to
what Linux expects.
MFC after: 1 month
Relnotes: yes
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D55882
When `boot_policy` is `RELAXED`, `find_currdev()` tried ZFS pools on every
disk before searching the boot ESP and sibling partitions. Booting install
media from USB could therefore select an installed ZFS root on internal
storage instead of the intended memstick UFS image.
Extract the boot-device partition walk into `try_boot_device_partitions()`
and run it before relaxed foreign-pool probing. The ZFS search order is
preserved; pools on the boot device are tried first, followed by pools on
other devices when `boot_policy` is `RELAXED` and the boot device yields
no bootable root.
Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2239
Recalculate it to iterate over the right set of processes.
Prevent reaper' struct proc reuse by holding the tree ref on it.
Since our reference is taken under the proctree lock and we know that
the process is reaper, it cannot go away. The process hold count
(p_lock) cannot be used there because p_lock intent is prevent exit, but
reaper owns its reap-children until reaped itself, i.e. even a zombie
reaper is still on duty.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
Owning the reference prevents reuse of the struct proc.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
This restores existing error code for connect(2) over unix domain socket
when the empty string is specified as socket address.
Reported by: eduardo
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57509
No existing tests require it, and I cannot understand what kinds of test
scenarios are supposed to require it. Just remove it.
While here, improve the documentation of test variables a bit.
Reviewed by: ngie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56604
AMD does not have a CPUID bit to indicate the lack of K8 PMCs. If all
other PMC features are not present we should test an event selector to
see if it stores and returns a value. If the VM is implemented
correctly, this should result in a #GP on the initial wrmsr_safe. Bhyve
and a few other VMs ignore writes, so I got one step further and test
that it retains the OS and USR bits.
Tested on Zen 5 native and a Zen 5 Bhyve virtual machine. This code
should not run on any recent hardware, except in a VM, as it checks that
the core counter extension is missing.
PR: 268943
Reported by: Sandipan Das, John F. Carr <jfc@mit.edu>
Reviewed by: mhorne, imp
Sponsored by: Netflix
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/2272/changes
I've been the quasi-defacto component maintainer for OpenSSL since
14.0-RELEASE. Make it official via CODEOWNERS/MAINTAINERS.
The goal is to help guide those interested in making changes in this
space to solicit my input with the new vendor import process and
coordinate fixes with upstream until things are at a point where most of
this is automated a system of automated checks and balances to confirm
that the updates being made to the component help maintain a security
supply chain for this given component.
Thank you benl and jkim for your past efforts in this component area.
Hopefully I can do my part to help improve this critical space further
as you both did in your respective tenures.
MFC after: 3 days
This is a rollup commit from upstream to fix:
Reject oversized inputs in ASN1_mbstring_ncopy()
cms: kek_unwrap_key: Fix out-of-bounds read in check-byte validation
cms: kek_unwrap_key: test for fix out-of-bounds read in check-byte validation
Avoid length truncation in ASN1_STRING_set
pkcs12: verify that the pbmac1 key length is safe
Reject potentially forged encrypted CMS AuthEnvelopedData messages
QUIC stack must limit the number of PATH_CHALLENGE frames processed in RX
Fix NULL dereference in QUIC address validation
Fix potential NULL dereference processing CMS PasswordRecipientInfo
Fix potential NULL dereference in OSSL_CRMF_ENCRYPTEDVALUE_decrypt()
Enforce implicit rejection for CMS/PKCS#7 decryption
Use the correct issuer when validating rootCAKeyUpdate
Match the local q DHX parameter against the peer's q
Apply the buffered IV on the AES-OCB EVP_Cipher() path
Fix handling of empty-ciphertext messages in AES-GCM-SIV and AES-SIV
Fix possible use-after-free in OpenSSL PKCS7_verify()
Approved by: so
Obtained from: OpenSSL
Security: FreeBSD-SA-26:35.openssl
Security: CVE-2026-7383
Security: CVE-2026-9076
Security: CVE-2026-34180
Security: CVE-2026-34181
Security: CVE-2026-34182
Security: CVE-2026-34183
Security: CVE-2026-42764
Security: CVE-2026-42766
Security: CVE-2026-42767
Security: CVE-2026-42768
Security: CVE-2026-42769
Security: CVE-2026-42770
Security: CVE-2026-45445
Security: CVE-2026-45446
Security: CVE-2026-45447
Otherwise an unprivileged user can disable randomization of the base
address for PIEs even if they are setugid.
Add a regression test.
Approved by: so
Security: FreeBSD-SA-26:32.elf
Security: CVE-2026-49414
Reported by: David Berard
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57397