Commit Graph

302521 Commits

Author SHA1 Message Date
Ed Maste b55439338d openssh: Add detail on client side VersionAddendum
FreeBSD introduced VersionAddendum for the server as a local change in
2001 in commit 933ca70f8f and later extended it to the client in
commit 9e2cbe04ff.

In 2012 upstream added support for server VersionAddendum, in commit
23528816dc10.  They did not add client support.

We removed the client support in commit bffe60ead0 ("ssh: retire
client VersionAddendum").

As of the 10.0p2 release upstream has added client-side VersionAddendum.
Make note of this in FREEBSD-upgrade's patches section.

Sponsored by:	The FreeBSD Foundation
2025-08-26 16:32:27 -04:00
Ed Maste 665bf6ffb5 sshd-auth: Chase MK_GSSAPI changes
Fixes: 8e28d84935 ("OpenSSH: Update to 10.0p2")
Sponsored by: The FreeBSD Foundation
2025-08-26 15:13:07 -04:00
John Baldwin 95c8b4d74b acpica: Fix build of acpidb(8) on i386
Fixes:		b5daf675ef ("acpica: Merge ACPICA 20250807")
2025-08-26 15:06:09 -04:00
Ed Maste 8e28d84935 OpenSSH: Update to 10.0p2
Full release notes are available at
https://www.openssh.com/txt/release-10.0

Selected highlights from the release notes:

Potentially-incompatible changes

- This release removes support for the weak DSA signature algorithm.
  [This change was previously merged to FreeBSD main.]

- This release has the version number 10.0 and announces itself as
  "SSH-2.0-OpenSSH_10.0".  Software that naively matches versions using
  patterns like "OpenSSH_1*" may be confused by this.

- sshd(8): this release removes the code responsible for the user
  authentication phase of the protocol from the per-connection
  sshd-session binary to a new sshd-auth binary.

Security

- sshd(8): fix the DisableForwarding directive, which was failing to
  disable X11 forwarding and agent forwarding as documented.
  [This change was previously merged to FreeBSD main.]

New features

- ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 is now
  used by default for key agreement.

Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51630
2025-08-26 15:04:16 -04:00
Cy Schubert c553872b77 RELNOTES: Fix another typo 2025-08-26 10:01:31 -07:00
Cy Schubert 099e61a665 RELNOTES: Fix typo 2025-08-26 09:12:13 -07:00
Alexander Ziaee 739c4905dd ObsoleteFiles: Remove sysdecode_syscallnames.3
MFC after:	3 days
Reported by:	mhorne
PR:		278383
Fixes:		4ba91e076e (sysdecode_syscallnames.3: s/names/name)
2025-08-26 11:49:13 -04:00
Cy Schubert 863d5cc2ad RELNOTES: Document MIT KRB5 import 2025-08-26 07:53:00 -07:00
Cy Schubert 621e0e7f27 krb5: Update to 1.22.1
Reviewed by:		des
Differential revision:	https://reviews.freebsd.org/D52100

Merge commit 'e5fe63eaf1d35ebbeac17eeed04cf873fbb9b3da' into main
2025-08-26 07:33:03 -07:00
Cy Schubert 5bc59bbb48 krb5: Remove documentation
Requested by des in D52100.
2025-08-26 06:20:50 -07:00
Michael Tuexen 6d988ec3a7 netstat: improve statistic output for sctp
Provide counters for receive and transmit checksum offloading for
SCTP.

MFC after:	1 week
2025-08-26 14:57:20 +02:00
Michael Tuexen f5dbf1b1c7 epair: don't include if_var.h twice
MFC after:	3 days
Sponsored by:	Netflix, Inc.
2025-08-26 14:19:37 +02:00
Jashank Jeremy 768ce2eba6 puc: Add support for Systembase SB16C1054, SB16C1058.
The Systembase SB16C1054 and SB16C1058 are PCI quad- and octal-UART
complexes, based on multiple Systembase SB16C1050 cores, which appear to
be compatible with the NS8250 family (except for the "enable interrupts"
bit in the other BAR).

The SB16C105x family are one of two families of PCIe UART complexes on
cards by StarTech.com, such as the PEX4S1050 and PEX8S1050. (Other
StarTech.com serial offerings use the ASIX AX99100 or ASIX MCS990x.)

This is derived from the NetBSD driver.

Reviewed by:    imp
Tested by:      Jashank Jeremy <jashank@rulingia.com.au>
Obtained from:  Jashank Jeremy <jashank@rulingia.com.au>
MFC after:      1 week
Differential Revision:  <https://reviews.freebsd.org/D52150
2025-08-26 21:09:15 +10:00
Alexander Leidinger 75b18baf09 UPDATING: fix typo in pattern 2025-08-26 12:06:21 +02:00
Alexander Leidinger bcefbb46d2 UPDATING: fix typo in the Secure RPC entry. 2025-08-26 11:23:04 +02:00
Alexander Leidinger 3463f02706 UPDATING: add an entry for [gs]etgroups 2025-08-26 11:22:03 +02:00
Gordon Bergling e0875bf019 linuxkpi: Fix a typo in a source code comment
- s/__FreeBSD_verison/__FreeBSD_version/

MFC after:	3 days
2025-08-26 09:46:00 +02:00
Lexi Winter e957c041d7 sendmail: Remove runtime dependency on clang
etc/mail/Makefile includes bsd.own.mk, which includes bsd.compiler.mk,
which fails with an error if it can't locate a C compiler.  Set
_WITHOUT_SRCCONF=yes before including bsd.own.mk to disable this
behaviour.

Reviewed by:	gshapiro
Differential Revision:	https://reviews.freebsd.org/D52134
2025-08-26 06:57:37 +01:00
ShengYi Hung 50efb5789d i6300esbwd: Note update in RELNOTES
Approved by:    markj (mentor), lwhsu (mentor)
Differential Revision: https://reviews.freebsd.org/D52152
2025-08-26 00:52:30 -04:00
Maxim Sobolev f74c0dc583 ng_nat: fix potential crash when attaching to L2 directly
Fix potential crash in the ng_nat module when attaching directly
to the layer 2 (ethernet) while calculating TCP checksum.

The issue is due to in_delayed_cksum() expecting to access IP
header at the offset 0 from the mbuf start, while if we are
attached to the L2 directly, the IP header at going to be at the
certain offset.

Reviewed by:	markj, tuexen
Approved by:	tuexen
Sponsored by:	Sippy Software, Inc.
Differential Revision:	https://reviews.freebsd.org/D49677
MFC After:	2 weeks
2025-08-25 21:34:45 -07:00
Maxim Sobolev 5feb38e378 netinet: provide "at offset" variant of the in_delayed_cksum() API
The need for such a variant comes from the fact that we need to
re-calculate checksum aftet ng_nat(4) transformations while getting
mbufs from the layer 2 (ethernet) directly.

Reviewed by:	markj, tuexen
Approved by:	tuexen
Sponsored by:	Sippy Software, Inc.
Differential Revision:	https://reviews.freebsd.org/D49677
MFC After:	2 weeks
2025-08-25 21:34:45 -07:00
Warner Losh 7df90d9590 RELNOTES: Fix typo
Sponsored by:		Netflix
2025-08-25 20:28:28 -06:00
Warner Losh d355a5e619 vchiq_arm: Don't free on error
When actual_pages is -1, calling vm_page_unhold_pages will loop
forever. We don't actually need to loop.  In fact, it will either be -1
or the right number of pages: we never return a partial allocation. It
might be more proper to assert this, but since this is contrib code,
make a minimal change to avoid the infinite loop.

Sponsored by:		Netflix
Reviewed by:		kib, markj
Differential Revision:	https://reviews.freebsd.org/D52154
2025-08-25 20:15:07 -06:00
Rick Macklem 200730f29d exports.5: Add a paragraph clarifying the use of "V4:"
The exports.5 man page is a bit of a monster.
One place of common confusion is the use of
the "V4:" line(s) for defining the location of the
root of the NFSv4 export subtree.

This patch adds a paragraph in an attempt to
clarify this.

This is a content change.

Reviewed by:	kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D52141
2025-08-25 18:38:54 -07:00
Felix Johnson 4ba91e076e sysdecode_syscallnames.3: s/names/name/
The sysdecode_syscallname function was accidentally documented as being
plural. Move it to reflect it's actual name, and adjust all references.

PR:			278383
Reviewed by:		ziaee
Differential Revision:	https://reviews.freebsd.org/D51002
2025-08-25 20:49:05 -04:00
Ingo Schwarze 93bc3d83a1 mandoc: Improve width calculation for GCC compat
Avoid implicitly converting a potentially negative page offset
to size_t and then back to int.  While this was not a bug and the end
result was portably correct, Alexander Ziaee@ privately reported to me
that the GCC 14 in the FreeBSD Jenkins CI felt uneasy about it.

For clarity and readability, rewrite the truncation statement
to not mix signed and unsigned types, to not use explicit casts,
and make handling of the lower and upper cutoff more similar
to each other.

Fixes:  6410c1b51637 (mandoc: vendor import of upstream at 2025-07-27)
MFC after:		3 days
Reported by:		ivy
Reviewed by:		ivy
Differential Revision:	https://reviews.freebsd.org/D52127
2025-08-25 19:02:27 -04:00
Aymeric Wibo a4d738d783 amdgpio: Mask and service interrupts
Mask all interrupts coming from the AMD GPIO controller and service any
potential interrupts. Unserviced interrupts can block entry to S0i3 on
certain AMD CPUs.

Reviewed by:	aokblast, mckusick (mentor)
Approved by:	aokblast, mckusick (mentor)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D51588
2025-08-26 00:53:11 +02:00
Aymeric Wibo 431856c868 netlink: Bypass refcounting when setting promiscuity
When asking for IFF_PROMISC when modifying interfaces with netlink, set
permanent flag instead (IFF_PPROMISC) as netlink interface modification
has no way of doing promiscuity reference counting through ifpromisc().
We can't do reference counting because every netlink interface
modification necessarily either sets or unsets IFF_PROMISC in ifi_flags,
and ifi_change is usually set to 0xFFFFFFFF.

This logic was the same between this and SIOCSIFFLAGS, so factor out
if_setppromisc() function.

Reviewed by:	melifaro, saheed, kp, mckusick (mentor)
Approved by:	melifaro, saheed, mckusick (mentor)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D52056
2025-08-26 00:40:17 +02:00
Aymeric Wibo 5bd5774ff6 netlink: Handle ifhwioctl(SIOCSIFMTU) failure
Print out error message if setting MTU fails when modifying interface
using netlink.

Reviewed by:	saheed, melifaro, mckusick (mentor)
Approved by:	saheed, melifaro, mckusick (mentor)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D52132
2025-08-26 00:32:21 +02:00
Maxim Sobolev ebf862fb55 build: fix list-old-dirs / check-old-dirs
Fix list-old-dirs to not generate empty line at the end of the
output if OLD_DIRS happens to have a space at the end of the
last word of the output before the final \n. Then that space
is turned into \n and we end up with a blank line.

Futhermore this gets converted into a "/" i.e. root fs when
calling check-old-dirs.

This is the regression since a8267ecc3d.

Reviewed by:	emaste
Approved by:	emaste
Sponsored by:	Sippy Software, Inc.
Differential Revision:	https://reviews.freebsd.org/D52153
MFC After:	3 days
2025-08-25 15:00:33 -07:00
Dag-Erling Smørgrav 0886019bf8 caroot: Rename script and normalize license
MFC after:	1 week
Reviewed by:	mandree, markj
Differential Revision:	https://reviews.freebsd.org/D51775
2025-08-25 23:41:52 +02:00
Dag-Erling Smørgrav b88b0bb784 caroot: Generate both trusted and untrusted
Until now, the untrusted directory has been maintained manually.  Modify
the script used to maintain the trusted directory so it can handle both.
While here, clean it up a bit.

MFC after:	1 week
Reviewed by:	mandree, markj
Differential Revision:	https://reviews.freebsd.org/D51774
2025-08-25 23:41:36 +02:00
Muhammad Saheed f89f82e404 netlink: Fix IFF_UP flag handling in RTM_NEWLINK's modify_link handler
IFF_UP could previously only be unset via RTM_NEWLINK. Requests to set
IFF_UP, though they succeeded, did not actually set the flag.

Reviewed by:	obiwac, kp, mckusick (mentor)
Approved by:	obiwac, kp, mckusick (mentor)
Sponsored by:	Google LLC (GSoC)
Differential Revision:	https://reviews.freebsd.org/D51871
2025-08-25 21:52:59 +02:00
Gleb Smirnoff 120e232f1a tcp: remove now unneeded icmp includes 2025-08-25 12:52:07 -07:00
Warner Losh dd1fc0bc57 RELNOTES: Note the vendor imports I did over the weekend: awk, lua
Lua 5.4.8 and awk August 04, 2025 merged ot the tree.

Sponsored by:		Netflix
2025-08-25 12:22:06 -06:00
Gleb Smirnoff 9ab31f821a heimdal: fix wrt OpenSSL 3.5
- Bump the library version.
- Don't load the legacy provider.  It is no longer enabled by default
  and looks like kdc doesn't actually need it.

Reviewed by:		cy
Differential Revision:	https://reviews.freebsd.org/D52114
2025-08-25 10:12:52 -07:00
ShengYi Hung 2b74ff5fce ichwd: introduce i6300esbwd watch dog driver
The intel 6300ESB watchdog is a special ICH-based watchdog device with a
different interface.
QEMU implements this watchdog for x86 systems.

This change enables watchdog mode (rather than free-running mode) and
introduces 1 sysctl:
- hw.i6300esbwd.0.locked: locks the watchdog register after the event is
triggered, preventing it from being disabled until a hard reset.

This feature has been tested on a Vultr AMD guest machine and local qemu
machine.

PR:    259673
Approved by:    markj (mentor), lwhsu (mentor)
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52049
2025-08-25 11:45:24 -04:00
Robert Clausecker 2765d8d5bc Revert "man/man7: drop i386 from simd(7)"
This reverts commit 9f4eb76796.

As we still build i386 user space for FreeBSD 15 at least, i386 support
is still relevant.

Reported by:	kib, jhb
2025-08-25 14:08:12 +02:00
Dag-Erling Smørgrav c6c7c7ac94 tzcode: Add test case for setugid programs
Fixes:		a6b19979bf ("tzcode: Fix TZ for non-setugid programs")
Differential Revision:	https://reviews.freebsd.org/D52124
2025-08-25 13:56:48 +02:00
Dag-Erling Smørgrav d879f1c896 ipfw: Add tests for the NPTv6 rule parser 2025-08-25 11:13:27 +00:00
Seyed Pouria Mousavizadeh Tehrani 64bc9ac8cd ipfw: Fix segfault in NPTv6 rule parser
If the user specified a prefix length with either the internal or
external prefix, we'd jump to check_prefix where we'd dereference p
which was most likely uninitialized.

Instead, store the various prefix lengths separately and check them
all after the loop.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D50597
2025-08-25 10:37:25 +00:00
Bjoern A. Zeeb fca43874e7 LinuxKPI: 802.11: rework multicat filter updates
Multicast filter updates are done at different times and either
triggered by net80211/if code or within LinuxKPI.

Keep the setting and address list and update that (only) if triggered
from net80211.  Otherwise we will (depending on state) just update
additional flags.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2025-08-25 09:54:03 +00:00
Bjoern A. Zeeb bdfe17f129 LinuxKPI: 802.11: dtim_period/beacon count
Hook into net80211's (*iv_recv_mgmt)() callback so we can track
beacons.  This is mostly for us to know if we have seen any after
assoc or for further debugging when we run into beacon/connection loss
based on a firmware/driver event.

Also set/reset dtim_period depending on state and beacon/probe response
so that the value available to the driver reflects reality.

Sponsonred by:	The FreeBSD Foundation
MFC after:	3 days
2025-08-25 09:54:03 +00:00
Bjoern A. Zeeb aa2989738a LinuxKPI: 802.11: stop using hw_value on a channel
During initial LinuxKPI 802.11 bringup looking at the usage in one
driver I started using hw_value as an equivalent for ic_ieee.
That is not correct.   Remove all usage but logging of hw_value
from LinuxKPI 802.11 code and leave the field to the drivers.

We have to go through some hoops to get the needed ic_ieee value
but so be it.  At some point we may want to clear this up in
net80211 (especially given we'll have to handle more per-band data
in the future).

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2025-08-25 09:54:03 +00:00
Gordon Bergling 49ae0c2592 hpt27xx(4): Fix a couple of typos in source code comments
- s/tranform/transform/

MFC after:	3 days
2025-08-25 10:48:25 +02:00
Gordon Bergling 62db40b564 ice(4): Fix a typo in a source code comment
- s/firwmare/firmware/

MFC after:	3 days
2025-08-25 10:46:20 +02:00
Gordon Bergling a848c85d27 bce(4): Fix a typo in a source code comment
- s/firwmare/firmware/

MFC after:	3 days
2025-08-25 10:45:32 +02:00
Gordon Bergling 4f768b8acd mwl(4): Fix a typo in a source code comment
- s/firwmare/firmware/

MFC after:	3 days
2025-08-25 10:44:41 +02:00
Gordon Bergling 444bb6a248 if_umb: Fix a typo in a source code comment
- s/tranfers/transfers/

MFC after:	3 days
2025-08-25 10:43:36 +02:00
Gordon Bergling ac40052191 msdofs(5): Fix a typo in a source code comment
- s/fist/first/

MFC after:	3 days
2025-08-25 10:42:23 +02:00