security/vuxml: add FreeBSD SAs issued on 2026-06-09
FreeBSD-SA-26:25.thr affects all supported releases
FreeBSD-SA-26:26.ktls affects all supported releases
FreeBSD-SA-26:27.sound affects all supported releases
FreeBSD-SA-26:28.capsicum affects all supported releases
FreeBSD-SA-26:29.ip6_multicast affects all supported releases
FreeBSD-SA-26:30.linux affects all supported releases
FreeBSD-SA-26:31.arm64 affects all supported releases
FreeBSD-SA-26:32.elf affects all supported releases
FreeBSD-SA-26:33.unbound affects all supported releases
FreeBSD-SA-26:34.vt affects all supported releases
FreeBSD-SA-26:35.openssl affects all supported releases
FreeBSD-SA-26:36.ldns affects all supported releases
compat32 wait4/6(2): only copy out when there is a pid to report
PR: 295965
Reported and tested by: mandree
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57513
GCE: Apply public-image label on GCE images
Update the GCE image creation process to automatically apply the
'public-image=true' label when publishing new images. This aligns
with standard labeling expectations for images hosted in public
projects.
MFC after: 3 days
linux: Add TCP_INFO support
Implement the getsockopt for TCP_INFO by mapping FreeBSD's version to
what Linux expects.
MFC after: 1 month
Relnotes: yes
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D55882
loader.efi: Search boot device before foreign ZFS pools
When `boot_policy` is `RELAXED`, `find_currdev()` tried ZFS pools on every
disk before searching the boot ESP and sibling partitions. Booting install
media from USB could therefore select an installed ZFS root on internal
storage instead of the intended memstick UFS image.
Extract the boot-device partition walk into `try_boot_device_partitions()`
and run it before relaxed foreign-pool probing. The ZFS search order is
preserved; pools on the boot device are tried first, followed by pools on
other devices when `boot_policy` is `RELAXED` and the boot device yields
no bootable root.
Signed-off-by: Faraz Vahedi <kfv at kfv.io>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2239
jail: Don't double-free the current prison in kern_jail_set/get
Reported by: Yuxiang Yang, et al <yangyx22 at mails.tsinghua.edu.cn>
Discussed with: markj
MFC after: 3 days
Avoid incorrect UFS1 timestamp corrections when system clock fails at boot.
Git 1111a44301da - main - Defer the January 19, 2038 date limit in
UFS1 file systems to February 7, 2106 - did so by changing the UFS1
32-bit signed timestamps to unsigned. With this change, time stamps
from before January 1, 1970 went from being negative numbers to
large positive numbers implying times in the future. When such a
time stamp is encountered when an inode is read into memory or when
it is encountered by fsck, its timestamp is replaced with the
kernel's current time.
Andre Albsmeier reported that he had a machine reboot after a power
failure and the battery that maintained its real-time clock had
died. The result was that the system booted with the time set to
five years earlier (absent a real-time clock value, the boot ROM
used the time that the boot ROM had last been updated). The net
result was that fsck reset the time stamps of all files newer than
five years old to the five year old time.
[31 lines not shown]
reap_kill_subtree_once: when proctree_lock is dropped, reaper might change
Recalculate it to iterate over the right set of processes.
Prevent reaper' struct proc reuse by holding the tree ref on it.
Since our reference is taken under the proctree lock and we know that
the process is reaper, it cannot go away. The process hold count
(p_lock) cannot be used there because p_lock intent is prevent exit, but
reaper owns its reap-children until reaped itself, i.e. even a zombie
reaper is still on duty.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
proc: add tree ref count
Owning the reference prevents reuse of the struct proc.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
connectat(2): do not enable EMPTYPATH for AT_FDCWD
This restores existing error code for connect(2) over unix domain socket
when the empty string is specified as socket address.
Reported by: eduardo
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57509