local-unbound-setup: Set so-sndbuf to 0
Without this setting, Unbound 1.24.0 and newer will attempt to set the
socket buffer size to 4 MB to mitigate issues that mostly affect servers
with large numbers of clients on local networks, which is not a scenario
local-unbound is intended for. This is not only a waste of resources,
it can also fail, resulting in a warning message on daemon startup.
Fixes: b2efd602aea8 ("unbound: Vendor import 1.24.0")
Reviewed by: jlduran, cy
Differential Revision: https://reviews.freebsd.org/D52977
(cherry picked from commit de3faa85d8f99d260cbfa6242dd8e4ece693e4f8)
ipfilter: Plug ip_htable kernel information leak
ipf_htable_stats_get() constructs an iphtstat_t on the stack and only
initializes select fields before copying the entire structure to
userland. The trailing padding array iphs_pad[16] is never initialized,
so ~128 bytes of uninitialized kernel stack memory can be leaked to user
space on each call. This is a classic information disclosure
vulnerability that can reveal pointers and other sensitive data.
We fix this by zeroing out the data structure prior to use.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: emaste
Differential revision: https://reviews.freebsd.org/D53275
(cherry picked from commit 0d589ecbc7aa916537fd21c0344919491cfcb293)
ipfilter: Plug ip_nat kernel information leak
ipf_nat_getent() allocates a variable-sized nat_save_t buffer with
KMALLOCS() (which does not zero memory) and then copies only a subset
of fields into it before returning the object to userland using
ipf_outobjsz(). Because the structure is not fully initialized on all
paths, uninitialized kernel heap bytes can be copied back to user space,
resulting in an information leak.
We fix this by zeroing out the data structure immediately after
allocation.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: emaste
Differential revision: https://reviews.freebsd.org/D53274
(cherry picked from commit 6535e9308a26e17023831fe68fb71d2febf2a002)
local-unbound-setup: Set so-sndbuf to 0
Without this setting, Unbound 1.24.0 and newer will attempt to set the
socket buffer size to 4 MB to mitigate issues that mostly affect servers
with large numbers of clients on local networks, which is not a scenario
local-unbound is intended for. This is not only a waste of resources,
it can also fail, resulting in a warning message on daemon startup.
Fixes: b2efd602aea8 ("unbound: Vendor import 1.24.0")
Reviewed by: jlduran, cy
Differential Revision: https://reviews.freebsd.org/D52977
(cherry picked from commit de3faa85d8f99d260cbfa6242dd8e4ece693e4f8)
ipfilter: Plug ip_nat kernel information leak
ipf_nat_getent() allocates a variable-sized nat_save_t buffer with
KMALLOCS() (which does not zero memory) and then copies only a subset
of fields into it before returning the object to userland using
ipf_outobjsz(). Because the structure is not fully initialized on all
paths, uninitialized kernel heap bytes can be copied back to user space,
resulting in an information leak.
We fix this by zeroing out the data structure immediately after
allocation.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: emaste
Differential revision: https://reviews.freebsd.org/D53274
(cherry picked from commit 6535e9308a26e17023831fe68fb71d2febf2a002)
ipfilter: Plug ip_htable kernel information leak
ipf_htable_stats_get() constructs an iphtstat_t on the stack and only
initializes select fields before copying the entire structure to
userland. The trailing padding array iphs_pad[16] is never initialized,
so ~128 bytes of uninitialized kernel stack memory can be leaked to user
space on each call. This is a classic information disclosure
vulnerability that can reveal pointers and other sensitive data.
We fix this by zeroing out the data structure prior to use.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: emaste
Differential revision: https://reviews.freebsd.org/D53275
(cherry picked from commit 0d589ecbc7aa916537fd21c0344919491cfcb293)
local-unbound-setup: Set so-sndbuf to 0
Without this setting, Unbound 1.24.0 and newer will attempt to set the
socket buffer size to 4 MB to mitigate issues that mostly affect servers
with large numbers of clients on local networks, which is not a scenario
local-unbound is intended for. This is not only a waste of resources,
it can also fail, resulting in a warning message on daemon startup.
Fixes: b2efd602aea8 ("unbound: Vendor import 1.24.0")
Reviewed by: jlduran, cy
Differential Revision: https://reviews.freebsd.org/D52977
(cherry picked from commit de3faa85d8f99d260cbfa6242dd8e4ece693e4f8)
ipfilter: Plug ip_htable kernel information leak
ipf_htable_stats_get() constructs an iphtstat_t on the stack and only
initializes select fields before copying the entire structure to
userland. The trailing padding array iphs_pad[16] is never initialized,
so ~128 bytes of uninitialized kernel stack memory can be leaked to user
space on each call. This is a classic information disclosure
vulnerability that can reveal pointers and other sensitive data.
We fix this by zeroing out the data structure prior to use.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: emaste
Differential revision: https://reviews.freebsd.org/D53275
(cherry picked from commit 0d589ecbc7aa916537fd21c0344919491cfcb293)
ipfilter: Plug ip_nat kernel information leak
ipf_nat_getent() allocates a variable-sized nat_save_t buffer with
KMALLOCS() (which does not zero memory) and then copies only a subset
of fields into it before returning the object to userland using
ipf_outobjsz(). Because the structure is not fully initialized on all
paths, uninitialized kernel heap bytes can be copied back to user space,
resulting in an information leak.
We fix this by zeroing out the data structure immediately after
allocation.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: emaste
Differential revision: https://reviews.freebsd.org/D53274
(cherry picked from commit 6535e9308a26e17023831fe68fb71d2febf2a002)
inet_net_test: Compare pointers against nullptr
GCC does not like passing NULL (__null) to std::ostringstream::operator<<
inside of ATF_REQUIRE_EQ:
lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_ntop_invalid::body() const':
lib/libc/tests/net/inet_net_test.cc:306:9: error: passing NULL to non-pointer argument 1 of 'std::__1::basic_ostream<_CharT, _Traits>& std::__1::basic_ostream<_CharT, _Traits>::operator<<(long int) [with _CharT = char; _Traits = std::__1::char_traits<char>]' [-Werror=conversion-null]
306 | ATF_REQUIRE_EQ(ret, NULL);
| ^~~~~~~~~~~~~~
In file included from /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/sstream:317,
from /usr/obj/.../amd64.amd64/tmp/usr/include/atf-c++/macros.hpp:29,
from /usr/obj/.../amd64.amd64/tmp/usr/include/atf-c++.hpp:29,
from lib/libc/tests/net/inet_net_test.cc:33:
/usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__ostream/basic_ostream.h:338:81: note: declared here
338 | basic_ostream<_CharT, _Traits>& basic_ostream<_CharT, _Traits>::operator<<(long __n) {
| ~~~~~^~~
...
Fixes: 8f4a0d2f7b96 ("libc: Import OpenBSD's inet_net_{ntop,pton}")
(cherry picked from commit aa358ce3ca8e1fcfb305025fd00beb2a119c7c77)
inet_net_test: Use int to hold expected return values from inet_net_pton
GCC warns about the sign mismatch in comparisons:
lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_inet4::body() const':
lib/libc/tests/net/inet_net_test.cc:86:17: error: comparison of integer expressions of different signedness: 'int' and 'const unsigned int' [-Werror=sign-compare]
86 | ATF_REQUIRE_EQ(bits, addr.bits);
| ^~~~~~~~~~~~~~
lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_inet6::body() const':
lib/libc/tests/net/inet_net_test.cc:205:17: error: comparison of integer expressions of different signedness: 'int' and 'const unsigned int' [-Werror=sign-compare]
205 | ATF_REQUIRE_EQ(bits, addr.bits);
| ^~~~~~~~~~~~~~
Fixes: 8f4a0d2f7b96 ("libc: Import OpenBSD's inet_net_{ntop,pton}")
(cherry picked from commit e1aeb58cbbc3839db93ec38ce491b7b9383d5649)
packages: dhclient, local-unbound require resolvconf
Both of these packages use resolvconf for various things. Add a
dependency to make this work.
MFC after: 3 days
Reviewed by: des
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53115
packages: Install development manpages in the -dev package
Add a new per-group SUBPACKAGE option to bsd.man.mk. When MANSPLITPKG
is enabled, this is forced to "-man", otherwise it defaults to empty
but can be overridden by the caller.
Use this in bsd.lib.mk to install library manpages in the -dev package
instead of the base package. This is nearly always preferable, since
library manpages are usually in section 2 or 3 and are only relevant
to people with development packages installed.
For manpages which should be installed in the base package even for
libraries, add a new MANNODEV group in bsd.lib.mk. Update existing
Makefiles to use this where appropriate.
MFC after: 3 days
Discussed with: olce
Reviewed by: olce
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D52832
mandoc: Also run makewhatis for /usr/share/openssl/man
We use a pkg(8) trigger to run makewhatis for /usr/share/man when
manpages are updated, but this doesn't cover /usr/share/openssl/man.
Rewrite the trigger to process a list of directories instead of a
single directory, and include /usr/share/openssl/man in the list.
MFC after: 3 days
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53064
share/man/man5: Use MANGROUPS.yes
Simplify the Makefile logic by using MANGROUPS.yes for optional
packages. Also, move bluetooth manpages to the correct package,
add the correct conditional for OpenSSH (MK_OPENSSH), and properly
alphabetise the file.
MFC after: 3 days
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53127
packages: Remove the /boot hack from mtree-to-plist.awk
Currently, files in /boot (other than /boot/kernel) are assigned to the
bootloader package using a filename match in mtree-to-plist.awk. This
causes some problems, most notably that debug info for userboot ends up
in the utilities-dbg package instead of bootloader-dbg.
Remove the path handling from mtree-to-plist and instead set PACKAGE
in the appropriate Makefiles to put these in the correct package.
While here, move userboot*.so from bootloader-dev to bootloader.
MFC after: 3 days
Reviewed by: cperciva
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53179
flua: Move to a new flua package
flua is a standalone third-party component that deserves its own
package. In particular, this means things can use flua without
having to depend on FreeBSD-utilities, which will be useful as
more base utilities use flua.
This saves ~500kB in FreeBSD-utilities for systems which don't
need flua.
MFC after: 3 days
Reviewed by: kevans
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53161
packages: Put dhclient in the minimal-jail set
This is somewhat widely used in VNET jails, it's fairly small (150kB on
amd64) and it's enough of a core system component that it's reasonable
to include, even if many jails don't require it.
MFC after: 3 days
Reviewed by: dch
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53154
cam: Bump deprecated sysctl removal to 16
The descriptions for these unmapped_io and rotating sysctls indicated
that they're deprecated and being removed for FreeBSD 15.0. That did
not happen, so update to FreeBSD 16 instead.
Sponsored by: The FreeBSD Foundation
blocklistd-helper: Silence another bogus pf warning
It has been reported as PR 290478. In the meantime, just sweep under
the carpet.
It is worth noting that neither commit:
2347ca21d657 ("blocklist-helper: Silence a bogus pf warning")
nor this one will be upstreamed, as this is a FreeBSD-specific issue.
PR: 290478
MFC after: 2 days
ipfw: Remove IP_DUMMYNET_GET case
IP_DUMMYNET_GET is no longer used in ipfw(1).
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53348
blocklist: blacklist: Chase recent upstream changes
Upstream introduced an extra column in blocklistctl(8) to display the
name of the rule associated in the database entry.
It is intended to avoid confusion when seemingly duplicate locations
appear in the output of the blocklistctl dump command. Especially when
users are transitioning from the old nomenclature to the new one.
The latest patches will not be fully backported to blacklistctl(8), to
avoid breaking current scripts that may be parsing its output. Also we
are slowly preparing to feature-freeze everything related to blacklist.
MFC: 2 days
