FreeBSD/src 1c091d1sys/amd64/amd64 fpu.c, sys/i386/i386 npx.c

x86: handle MXCSR from XSAVEOPT when x87 state was optimized

PR:     275322
Reported by:    Cheyenne Wills <cheyenne.wills at gmail.com>
Reviewed by:    emaste, jhb, olce
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D44522
DeltaFile
+21-0sys/amd64/amd64/fpu.c
+21-0sys/i386/i386/npx.c
+42-02 files

FreeBSD/src 7a0d63c. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump the branch version.

Approved by:    so
Approved by:    re (so, implicit, appease the commit-hook)
DeltaFile
+8-0UPDATING
+1-1sys/conf/newvers.sh
+9-12 files

FreeBSD/src 26059a4contrib/llvm-project/llvm/lib/CodeGen PrologEpilogInserter.cpp

Merge commit f800c1f3b207 from llvm-project (by Arthur Eubanks):

  [PEI] Don't zero out noreg operands

  A tail call may have $noreg operands.

  Fixes a crash.

  Reviewed By: xgupta

  Differential Revision: https://reviews.llvm.org/D156485

This should fix an assertion failure building qemu, specifically those
parts using -fzero-call-used-regs.

Reported by:    Daniel Berrangé <dan-freebsd at berrange.com>
PR:             277474
MFC after:      3 days
Approved by:    so

    [5 lines not shown]
DeltaFile
+7-2contrib/llvm-project/llvm/lib/CodeGen/PrologEpilogInserter.cpp
+7-21 files

FreeBSD/src f07351fsys/dev/wg if_wg.c

if_wg: use proper barriers around pkt->p_state

Without appropriate load-synchronization to pair with store barriers in
wg_encrypt() and wg_decrypt(), the compiler and hardware are often
allowed to reorder these loads in wg_deliver_out() and wg_deliver_in()
such that we end up with a garbage or intermediate mbuf that we try to
pass on.  The issue is particularly prevalent with the weaker
memory models of !x86 platforms.

Switch from the big-hammer wmb() to more explicit acq/rel atomics to
both make it obvious what we're syncing up with, and to avoid somewhat
hefty fences on platforms that don't necessarily need this.

With this patch, my dual-iperf3 reproducer is dramatically more stable
than it is without on aarch64.

PR:             264115
Reviewed by:    andrew, zlei
Approved by:    so

    [5 lines not shown]
DeltaFile
+4-6sys/dev/wg/if_wg.c
+4-61 files

FreeBSD/src fb393d2sys/arm/conf NOTES

arm: Remove TI from NOTES

TI support was removed so remove it from NOTES too.

Sponsored by:   Beckhoff Automation GmbH & Co. KG
DeltaFile
+0-3sys/arm/conf/NOTES
+0-31 files

FreeBSD/src f5ac4e1. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump the branch version.

Approved by:    so
DeltaFile
+11-0UPDATING
+1-1sys/conf/newvers.sh
+12-12 files

FreeBSD/src d9d90e5contrib/unbound configure, contrib/unbound/daemon worker.c

unbound: Vendor import 1.19.1

Release notes at
    https://www.nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

Security:       CVE-2023-50387, CVE-2023-50868
Security:       FreeBSD-SA-24:03.unbound
Approved by:    so

(cherry picked from commit 8f76bb7dad48538c6832c2fb466a433d2a3f8cd5)
(cherry picked from commit 4f4adb0576dfbcd0d956db0146c9de7e1bb71563)
(cherry picked from commit 948e11aaf420cd7d493cc2e118cacc06d18653fe)
(cherry picked from commit f5a091c1f6a068cdc5c3bd23536830de9dfe7b84)
(cherry picked from commit 6e71235e558ef579605e7f35b02f983b9a246a4a)
(cherry picked from commit 64ac3bca3a6ec8510ae7175cbdd73aa594756e2a)
(cherry picked from commit 103ba509e72e3949d22485666949e9705d4af8cd)
(cherry picked from commit 2bdab519a5c9822571d005c62adec484cf65c2e7)
(cherry picked from commit 5aab39b24ce7437265b94461ffdd9b12c0723658)
(cherry picked from commit a077e95570d9cef9882be688dc28303b6257cfd0)

    [4 lines not shown]
DeltaFile
+301-492contrib/unbound/configure
+516-129contrib/unbound/validator/validator.c
+317-160contrib/unbound/daemon/worker.c
+474-1contrib/unbound/doc/Changelog
+301-124contrib/unbound/util/netevent.c
+190-204contrib/unbound/services/mesh.c
+2,099-1,110179 files not shown
+11,845-2,617185 files

FreeBSD/src d338712. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump the branch version.

Approved by:    so
DeltaFile
+17-0UPDATING
+1-1sys/conf/newvers.sh
+18-12 files

FreeBSD/src c189b94contrib/unbound configure, contrib/unbound/daemon worker.c

unbound: Vendor import 1.19.1

Release notes at
    https://www.nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

Security:       CVE-2023-50387, CVE-2023-50868
Security:       FreeBSD-SA-24:03.unbound
Approved by:    so

(cherry picked from commit 8f76bb7dad48538c6832c2fb466a433d2a3f8cd5)
(cherry picked from commit 1b5982339ced0f39ef588a07a3e960954e87c65e)
(cherry picked from commit 948e11aaf420cd7d493cc2e118cacc06d18653fe)
(cherry picked from commit 9afc0c849e6e0436351fbdaf6157d1c822793d80)
(cherry picked from commit 6e71235e558ef579605e7f35b02f983b9a246a4a)
(cherry picked from commit 8a9416b18f8a894c4bb0c3a284746d5e0bc81152)
(cherry picked from commit 103ba509e72e3949d22485666949e9705d4af8cd)
(cherry picked from commit 4631a5104763c01123dad62546b1325cb16bf44c)
(cherry picked from commit 5aab39b24ce7437265b94461ffdd9b12c0723658)
(cherry picked from commit a118088ff3741023c24caeff1a4fff7b660817fd)

    [4 lines not shown]
DeltaFile
+301-492contrib/unbound/configure
+516-129contrib/unbound/validator/validator.c
+317-160contrib/unbound/daemon/worker.c
+474-1contrib/unbound/doc/Changelog
+301-124contrib/unbound/util/netevent.c
+190-204contrib/unbound/services/mesh.c
+2,099-1,110179 files not shown
+11,845-2,617185 files

FreeBSD/src c48fe39kerberos5/lib/libroken fbsd_ossl_provider_load.c

kerberos5: Mitigate the possibility of using an old libcrypto

By using the full library name (libcrypto.so.30) we avoid the exposure
of using an old, possibly vulnerable, library.

Reported by:            jrtc27
Fixes:                  476d63e091c2
Approved by:            so
Security:               FreeBSD-EN-24:08.kerberos

(cherry picked from commit 0990136ed1753ac7837206f9c5f4b83ccff6c405)
(cherry picked from commit 17e941a0c88cac2d8cd28d6614448adbd65d4b72)
DeltaFile
+2-1kerberos5/lib/libroken/fbsd_ossl_provider_load.c
+2-11 files

FreeBSD/src aaf2c7fcrypto/heimdal/lib/kadm5 create_s.c, crypto/heimdal/lib/krb5 salt.c

kerberos: Fix numerous segfaults when using weak crypto

Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.

When the legacy provider is loaded into the default context the default
provider will no longer be automatically loaded. Without the default
provider the various kerberos applicaions and functions will abort().

This is the second attempt at this patch. Instead of linking
secure/lib/libcrypto at build time we now link it at runtime, avoiding
buildworld failures under Linux and MacOS. This is because
TARGET_ENDIANNESS is undefined at pre-build time.

PR:             272835
Tested by:      netchild
                Joerg Pulz <Joerg.Pulz at frm2.tum.de> (previous version)
Approved by:    so
Security:       FreeBSD-EN-24:08.kerberos

    [3 lines not shown]
DeltaFile
+77-0kerberos5/lib/libroken/fbsd_ossl_provider_load.c
+6-2kerberos5/lib/libroken/Makefile
+5-0crypto/heimdal/lib/krb5/salt.c
+4-0kerberos5/include/crypto-headers.h
+4-0kerberos5/include/fbsd_ossl_provider.h
+4-0crypto/heimdal/lib/kadm5/create_s.c
+100-24 files not shown
+109-210 files

FreeBSD/src 711422dcontrib/llvm-project/llvm/lib/CodeGen PrologEpilogInserter.cpp

Merge commit f800c1f3b207 from llvm-project (by Arthur Eubanks):

  [PEI] Don't zero out noreg operands

  A tail call may have $noreg operands.

  Fixes a crash.

  Reviewed By: xgupta

  Differential Revision: https://reviews.llvm.org/D156485

This should fix an assertion failure building qemu, specifically those
parts using -fzero-call-used-regs.

Reported by:    Daniel Berrangé <dan-freebsd at berrange.com>
PR:             277474
MFC after:      3 days
Approved by:    so

    [4 lines not shown]
DeltaFile
+7-2contrib/llvm-project/llvm/lib/CodeGen/PrologEpilogInserter.cpp
+7-21 files

FreeBSD/src 56be7cdsys/dev/wg if_wg.c

if_wg: use proper barriers around pkt->p_state

Without appropriate load-synchronization to pair with store barriers in
wg_encrypt() and wg_decrypt(), the compiler and hardware are often
allowed to reorder these loads in wg_deliver_out() and wg_deliver_in()
such that we end up with a garbage or intermediate mbuf that we try to
pass on.  The issue is particularly prevalent with the weaker
memory models of !x86 platforms.

Switch from the big-hammer wmb() to more explicit acq/rel atomics to
both make it obvious what we're syncing up with, and to avoid somewhat
hefty fences on platforms that don't necessarily need this.

With this patch, my dual-iperf3 reproducer is dramatically more stable
than it is without on aarch64.

PR:             264115
Reviewed by:    andrew, zlei
Approved by:    so

    [4 lines not shown]
DeltaFile
+4-6sys/dev/wg/if_wg.c
+4-61 files

FreeBSD/src a3ec305sys/kern tty.c

kern: fix panic with disabled ttys

PR: 277240, 277329
Reviewed by: kib (earlier version)
Fixes: f1d0a0cbecf2 ("jail: Fix information leak.")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44086
Approved by:    so
Security:       FreeBSD-EN-24:05.tty

(cherry picked from commit 975d7730828a8bde28c2a0092b6e95c4c4e22f34)
(cherry picked from commit 8d22744f5be165a2a82a2a204789e44bbdc5a2ee)
DeltaFile
+4-3sys/kern/tty.c
+4-31 files

FreeBSD/src 8f1f4e6sys/dev/wg if_wg.c

if_wg: use proper barriers around pkt->p_state

Without appropriate load-synchronization to pair with store barriers in
wg_encrypt() and wg_decrypt(), the compiler and hardware are often
allowed to reorder these loads in wg_deliver_out() and wg_deliver_in()
such that we end up with a garbage or intermediate mbuf that we try to
pass on.  The issue is particularly prevalent with the weaker
memory models of !x86 platforms.

Switch from the big-hammer wmb() to more explicit acq/rel atomics to
both make it obvious what we're syncing up with, and to avoid somewhat
hefty fences on platforms that don't necessarily need this.

With this patch, my dual-iperf3 reproducer is dramatically more stable
than it is without on aarch64.

PR:             264115
Reviewed by:    andrew, zlei
Approved by:    so

    [4 lines not shown]
DeltaFile
+4-6sys/dev/wg/if_wg.c
+4-61 files

FreeBSD/src f3195ccsys/kern tty.c

kern: fix panic with disabled ttys

PR: 277240, 277329
Reviewed by: kib (earlier version)
Fixes: f1d0a0cbecf2 ("jail: Fix information leak.")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44086
Approved by:    so
Security:       FreeBSD-EN-24:05.tty

(cherry picked from commit 975d7730828a8bde28c2a0092b6e95c4c4e22f34)
(cherry picked from commit 8d22744f5be165a2a82a2a204789e44bbdc5a2ee)
(cherry picked from commit a60220bbb5511469fe53fd4290713ba891f8f48a)
DeltaFile
+4-3sys/kern/tty.c
+4-31 files

FreeBSD/src 39f6f6flib/libmagic Makefile

libmagic: Use HOST_CC when compiling hostprog used by build

The "mkmagic" program should be built with the host compiler.

Only use BTOOLSPATH if not building for host

Obtained from:  Juniper Networks, Inc.
Reviewed by:    sjg
Differential Revision:  https://reviews.freebsd.org/D44539
DeltaFile
+3-2lib/libmagic/Makefile
+3-21 files

FreeBSD/src f6e77cbinclude Makefile

include: Allow SDESTDIR to be overridden

Obtained from:  Juniper Networks, Inc.
Reviewed by:    sjg
Differential Revision:  https://reviews.freebsd.org/D44540
DeltaFile
+1-1include/Makefile
+1-11 files

FreeBSD/src a6d8dcbbin/csh Makefile

csh: Use HOST_CC when compiling hostprog used by csh build

The "gethost" program should be built with the host compiler.

Obtained from:  Juniper Networks, Inc.
Reviewed by:    sjg
Differential Revision:  https://reviews.freebsd.org/D44537
DeltaFile
+1-1bin/csh/Makefile
+1-11 files

FreeBSD/src 3abd36cshare/mk sys.mk

sys.mk: Define HOST_CC as CC by default.

This allows for setting a different compiler for building hostprogs
when cross compiling.

Obtained from:  Juniper Networks, Inc.
Reviewed by:    sjg
Differential Revision:  https://reviews.freebsd.org/D44536
DeltaFile
+2-0share/mk/sys.mk
+2-01 files

FreeBSD/src 970ea0busr.sbin/bsdinstall/scripts netconfig

bsdinstall: draw attention to new network config options

The network configuration options have changed in bsdinstall, with
an Auto option to proceed directly to DHCP and IPv6 autoconfig (which
is the default) as well as Manual (the old mode).  For users like me
that were used to hitting return automatically to select an interface,
but want manual configuration, attempt to call out the difference:
Change the menu caption to say "Please select a network interface
and configuration mode:" and not just an interface.

Reviewed by:    jrtc27
DeltaFile
+1-1usr.sbin/bsdinstall/scripts/netconfig
+1-11 files

FreeBSD/src d5aead8sys/arm64/include pcpu.h

arm64: Delete stale comment

Fixes:  078a69abcbb8 ("Use a uint64_t to store the arm64 mpidr")
DeltaFile
+0-1sys/arm64/include/pcpu.h
+0-11 files

FreeBSD/src 3fa9578sys/sys socket.h

sockets: define shutdown(2) constants in cpp namespace

There is software that uses SHUT_RD, SHUT_WR as preprocessor defines and
its build was broken by enum declaration.  Keep the enum, but provide
defines to propagate the constants to cpp namespace.

PR:             277994
PR:             277995
Fixes:          c3276e02beab825824e3147b31af33af66298430
DeltaFile
+3-0sys/sys/socket.h
+3-01 files

FreeBSD/src c92400alibexec/dma/dmagent dma.conf

dma.conf: Fix typo

Pull Request: https://github.com/freebsd/freebsd-src/pull/1150
DeltaFile
+1-1libexec/dma/dmagent/dma.conf
+1-11 files

FreeBSD/src 280085etools/tools/git git-arc.sh

tools/git: ensure git-arc is more platform indepdendent

Summary:
Linux systems' tail doesn't have `-r`.
Instead, we can use git's own `--reverse` sorting for `rev-list`s.

Reviewed by:    markj, imp, jhibbits
Differential Revision: https://reviews.freebsd.org/D39975
DeltaFile
+1-1tools/tools/git/git-arc.sh
+1-11 files

FreeBSD/src ed505f8sys/netinet tcp_log_buf.c

tcp bblog: use correct length

The length of tldl_reason is TCP_LOG_REASON_LEN, not TCP_LOG_ID_LEN.
No functional change intended.
Reported by:            Coverity Scan
CID:                    1418074
CID:                    1418276
Reviewed by:            glebius, rscheff
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D44510
DeltaFile
+2-2sys/netinet/tcp_log_buf.c
+2-21 files

FreeBSD/src 2cab4beusr.bin/xinstall xinstall.c

install: Prefer strsnvis() to strsvis().

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    allanjude
Differential Revision:  https://reviews.freebsd.org/D44514
DeltaFile
+11-8usr.bin/xinstall/xinstall.c
+11-81 files

FreeBSD/src 2ae8d34bin/ln/tests ln_test.sh

ln: Add a test case for ln -sfF.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    allanjude, asomers
Differential Revision:  https://reviews.freebsd.org/D44513
DeltaFile
+17-0bin/ln/tests/ln_test.sh
+17-01 files

FreeBSD/src e0afcbcbin/ln/tests ln_test.sh

ln: Clean up and simplify tests.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    allanjude
Differential Revision:  https://reviews.freebsd.org/D44512
DeltaFile
+20-48bin/ln/tests/ln_test.sh
+20-481 files

FreeBSD/src 437d53dbin/ln ln.c

ln: Use stdbool, style nits.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    imp, allanjude
Differential Revision:  https://reviews.freebsd.org/D44511
DeltaFile
+39-37bin/ln/ln.c
+39-371 files