Update to OpenSSL 3.0.14
This release resolves 3 upstream found CVEs:
- Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741)
- Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603)
- Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)
MFC after: 3 days
Merge commit '1070e7dca8223387baf5155524b28f62bfe7da3c'
(cherry picked from commit 44096ebd22ddd0081a357011714eff8963614b65)
tcp: minor cleanup
Fix two KASSERTs to catch the condition they are intended to,
add two asserts to ensure that the appropriate locking is in
place and fix some things related to style.
No functional change intended.
MFC after: 1 week
Sponsored by: Netflix, Inc.
Import bmake-20240625
Intersting/relevant changes since bmake-20240520
ChangeLog since bmake-20240520
2024-06-25 Simon J Gerraty <sjg at beast.crufty.net>
* VERSION (_MAKE_VERSION): 20240625
Merge with NetBSD make, pick up
o job.c: ensure shellPath is always duped, avoid upsetting free()
2024-06-16 Simon J Gerraty <sjg at beast.crufty.net>
* VERSION (_MAKE_VERSION): 20240616
Merge with NetBSD make, pick up
o clean up collection of context information for error messages
o in warnings, move the word "warning" to the front
o var.c: throw an error on attempt to override an internal
[50 lines not shown]
release: Bump default VM size for riscv64 to 6 GB
Due to issues with the riscv64 toolchain, some binaries end up
significantly larger on riscv64 than they should be. This results
in riscv64 VM images -- and at present *only* riscv64 images -- not
fitting within the default 5 GB filesystem size.
Bump the default size for riscv64 to 6 GB until the toolchain issues
can be resolved.
MFC after: 1 week
Sponsored by: Amazon
ctladm: don't require the use of "-p" with "port -r"
When removing a port, the ioctl frontend requires the "-p" argument.
But other frontends, like cfiscsi, do not. So don't require that
argument in the ctladm command. The frontend driver will report an
error if any required argument is missing.
Sponsored by: Axcient
Reviewed by: mav
Pull Request: https://github.com/freebsd/freebsd-src/pull/1279
(cherry picked from commit edbd489d09babebdc6c03924a912013be584c409)
ctladm: print port number with a succesful "port -c" command
Make "ctladm port -c" print the port number of the newly successful
port. This way it won't have to be guessed by a subsequent "ctladm
portlist" command. That means it's safe to use it concurrently with
other ctladm processes. In particular, this allows the tests to be run
in parallel.
Sponsored by: Axcient
Reviewed by: mav
Pull Request: https://github.com/freebsd/freebsd-src/pull/1279
(cherry picked from commit 591de7534fb3acb2e6eef94a1e5e92000d2cf83d)
ctladm.8: fix several errors in the "port" section
* Document the "-d" option.
* Add the "-c" and "-r" options to the summary.
* Correct the list of required options.
* Clarify that the "-t" option is only for use with "-o", "-w", and "-W"
* Replace references to the nonexistent "-n" with "-p".
Also, fix a few related error strings in the ctladm command.
Sponsored by: Axcient
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D45503
(cherry picked from commit 60107d23d8f2c05f418c024000a31a6148d2f7de)
fusefs: make the tests more robust to changes to maxphys
Remove assumptions in two test cases that maxphys won't be huge.
Reported by: kib
Sponsored by: Axcient
(cherry picked from commit b2792a300ddb8d8334b234fe7744f5141cc96103)
tests/fusefs: fix all tests that depend on kern.maxphys
The tests try to read kern.maxphys sysctl into int value, while
unsigned long is required. Not sure when this was broken, seems like
since cd8537910406e.
Reviewed by: asomers
Differential Revision: https://reviews.freebsd.org/D45053
(cherry picked from commit e9b411d273336647e61704213964b995952a44fd)
libusb: claim to be version 1.0.16
We are not 100% compatible with 1.0.16, but implement some
functionality from that version that is required by certain ports.
PR: 277799
PR: 279555 (exp-run)
Event: Kitchener-Waterloo Hackathon 202406
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45514
Fix "%hhi" conversion for kvprintf()
The signedness of "char" is implementation-dependent.
Reviewed by: imp,zlei,nightquick at proton.me
Pull Request: https://github.com/freebsd/freebsd-src/pull/1290
riscv: remove a redundant check on PGA_WRITEABLE
This is achieved by the preceding call to pmap_page_is_write_mapped().
It appears the second check and comment were left mistakenly when the
intent was to remove them.
Reviewed by: mhorne
MFC after: 1 week
Fixes: 638f867814a6 ("(6/6) Convert pmap to expect busy in write... ")
Pull Request: https://github.com/freebsd/freebsd-src/pull/1304
jail: allow adjustment of host time
Add a special permission to the jail to adjust and to set the host time.
This can be useful if we want to compartmentalize the NTP daemon
from the rest of the system.
Reviewed by: olce, imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D45545
libcapsicum: cache more time zone information
The functions like gmtime(3) expect to cache a GMT time zone. Some
sandboxed programs (like last(1)) use the gmtime(3) function.
In case of last(1), this function fails to load a proper time zone
because it is called after entering the capability mode.
_open () at _open.S:4
0x00000008011bc5a8 in tzloadbody (name=0x8018b9580 "/usr/share/zoneinfo/Etc/UTC", sp=0x801870140,
tzload (name=<optimized out>, sp=0x801870140, doextend=true)
0x00000008011bb8ba in gmtload (sp=0x801870140) at /usr/src/contrib/tzcode/localtime.c:1456
gmtcheck () at /usr/src/contrib/tzcode/localtime.c:1581
0x000000080111f85a in _libc_once (once_control=0x80127c550, init_routine=0x0)
_once (once_control=0x80127c550, init_routine=0x0) at /usr/src/lib/libc/gen/_once_stub.c:63
0x00000008011bb9d0 in gmtime_r (timep=0x7fffffffe3a8, tmp=0x80127c568)
gmtime (timep=timep at entry=0x7fffffffe3a8) at /usr/src/contrib/tzcode/localtime.c:1865
0x0000000001024cd4 in printentry (bp=bp at entry=0x8018b4800, tt=tt at entry=0x80186a0a0)
0x00000000010245ae in doentry (bp=0x8018b4800)
0x00000000010243a7 in main (argc=1, argv=<optimized out>)
[11 lines not shown]
libcapsicum: cache more time zone information
The functions like gmtime(3) expect to cache a GMT time zone. Some
sandboxed programs (like last(1)) use the gmtime(3) function.
In case of last(1), this function fails to load a proper time zone
because it is called after entering the capability mode.
_open () at _open.S:4
0x00000008011bc5a8 in tzloadbody (name=0x8018b9580 "/usr/share/zoneinfo/Etc/UTC", sp=0x801870140,
tzload (name=<optimized out>, sp=0x801870140, doextend=true)
0x00000008011bb8ba in gmtload (sp=0x801870140) at /usr/src/contrib/tzcode/localtime.c:1456
gmtcheck () at /usr/src/contrib/tzcode/localtime.c:1581
0x000000080111f85a in _libc_once (once_control=0x80127c550, init_routine=0x0)
_once (once_control=0x80127c550, init_routine=0x0) at /usr/src/lib/libc/gen/_once_stub.c:63
0x00000008011bb9d0 in gmtime_r (timep=0x7fffffffe3a8, tmp=0x80127c568)
gmtime (timep=timep at entry=0x7fffffffe3a8) at /usr/src/contrib/tzcode/localtime.c:1865
0x0000000001024cd4 in printentry (bp=bp at entry=0x8018b4800, tt=tt at entry=0x80186a0a0)
0x00000000010245ae in doentry (bp=0x8018b4800)
0x00000000010243a7 in main (argc=1, argv=<optimized out>)
[11 lines not shown]
isp: fix ISPCTL_ABORT_CMD switch case
Prevent kernel panic by not running ISPCTL_FCLINK_TEST after a
failed ISPCTL_ABORT_CMD.
Reviewed by: mav
Tested by: Arne Steinkamm <arne at steinkamm.com>
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D45718
(cherry picked from commit 8aa9192ce98aec07b24f8279c709237dd2c4421b)