FreeBSD/src 14d2a98sys/kern kern_prot.c

kern_prot.c: Belatedly add copyright

See the commit log for the why.

MFC after:      3 days
Sponsored by:   The FreeBSD Foundation

(cherry picked from commit 1c0e5c53ff1672a93fc42988020723bb6bc427c1)
DeltaFile
+5-0sys/kern/kern_prot.c
+5-01 files

FreeBSD/src 39d5cf0share/man/man9 style.9

style.9: Fix a typo (missing word)

Fixes:          af2c7d9f6452 ("style.9: Encourage style changes when doing significant modifications")
MFC after:      1 day
Sponsored by:   The FreeBSD Foundation

(cherry picked from commit 1876f629b97608679f1bd71b9aa88a57b55c4574)
DeltaFile
+3-3share/man/man9/style.9
+3-31 files

FreeBSD/src 8451c8asys/security/mac_do mac_do.c

MAC/do: Clarify comments about flags attached per-ID or per-ID-type

No functional change.

MFC after:      3 days
Sponsored by:   The FreeBSD Foundation

(cherry picked from commit 0c2d64ce3da9c042da133c8b6d7391abb177f2c9)
DeltaFile
+7-5sys/security/mac_do/mac_do.c
+7-51 files

FreeBSD/src 7370414tests/sys/mac/do invalid_configs.sh valid_configs.sh

MAC/do: Tests: Quote the source directory

In a standard test suite installation, this is not necessary, but be
bullet-proof to custom ones, however improbable.

Reviewed by:    bapt
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38

(cherry picked from commit 33daea3f862d7fe996602756805a92a600356f94)
DeltaFile
+1-1tests/sys/mac/do/invalid_configs.sh
+1-1tests/sys/mac/do/valid_configs.sh
+2-22 files

FreeBSD/src f4b3983tests/sys/mac/do common.sh Makefile

MAC/do: Tests: Declare required programs closer to use

Reviewed by:    bapt
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38

(cherry picked from commit 6159187329b56a9b550db193796ae4d76c1a306c)
DeltaFile
+2-0tests/sys/mac/do/common.sh
+0-1tests/sys/mac/do/Makefile
+2-12 files

FreeBSD/src 472d977tests/sys/mac/do invalid_configs.sh valid_configs.sh

MAC/do: Tests: Fix copyrights

No comma needed after a single year.  Add SPDX.

Reviewed by:    bapt
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38

(cherry picked from commit b0c948fe92acc8bd295cc53584e25c082c749cd1)
DeltaFile
+3-1tests/sys/mac/do/invalid_configs.sh
+3-1tests/sys/mac/do/valid_configs.sh
+2-1tests/sys/mac/do/common.sh
+8-33 files

FreeBSD/src d5c5f2dtests/sys/mac/do invalid_configs.sh valid_configs.sh

MAC/do: Tests: Remove shebang lines

They are automatically added by <bsd.test.mk>.

Reviewed by:    bapt
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38

(cherry picked from commit 79a987aba154aca5965e4746ec5f867be8f22997)
DeltaFile
+0-2tests/sys/mac/do/invalid_configs.sh
+0-2tests/sys/mac/do/valid_configs.sh
+0-42 files

FreeBSD/src 7941d18sys/dev/acpica acpi.c

acpi: On /dev/power suspend, trigger userspace notifications

On a suspend request via ioctl(), /dev/acpi (and compatible /dev/apm)
both call acpi_ReqSleepState() instead of directly calling
acpi_EnterSleepState().  The former does more checks, returns success if
the machine is already suspending, and notifies user space (via devd(8))
about the impending suspend.  In other words, it seems to have been
designed for user consumption more than the latter function.

So, use acpi_ReqSleepState() in place of acpi_EnterSleepState() in
acpi_pm_func(), which is ultimately called by power_pm_suspend(), itself
called by power_ioctl().  Other callers of power_pm_suspend() (such as
the console drivers) are also user-facing facilities, so should also
benefit from this change.

Reviewed by:    mhorne, imp
Tested by:      mhorne
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation

    [3 lines not shown]
DeltaFile
+1-1sys/dev/acpica/acpi.c
+1-11 files

FreeBSD/ports c2aef36filesystems Makefile, filesystems/pjdfstest distinfo Makefile.crates

filesystems/pjdfstest: new port

pjdfstest is a file system test suite to assess the correctness of file
system implementations in terms of POSIX compliance.  This port is for the
Rust rewrite of the sh-based original, which remains in contrib/ for
now.

WWW: https://github.com/saidsay-so/pjdfstest

Reviewed by:    olivier
Differential Revision: https://reviews.freebsd.org/D56848
DeltaFile
+177-0filesystems/pjdfstest/distinfo
+87-0filesystems/pjdfstest/Makefile.crates
+23-0filesystems/pjdfstest/Makefile
+5-0filesystems/pjdfstest/pkg-descr
+1-0filesystems/Makefile
+293-05 files

FreeBSD/ports c3bbef0devel/kf6-kdbusaddons Makefile, devel/kf6-kdeclarative Makefile

*/kf6-*: Pet portlint
DeltaFile
+1-1devel/kf6-kdbusaddons/Makefile
+1-1devel/kf6-kdeclarative/Makefile
+1-1devel/kf6-kdoctools/Makefile
+1-1devel/kf6-kfilemetadata/Makefile
+1-1devel/kf6-ki18n/Makefile
+1-1devel/kf6-kidletime/Makefile
+6-662 files not shown
+68-6868 files

FreeBSD/ports ded74acwww/nextcloud-news distinfo Makefile

www/nextcloud-news: Update to 28.6.0
DeltaFile
+3-3www/nextcloud-news/distinfo
+1-1www/nextcloud-news/Makefile
+4-42 files

FreeBSD/ports 49d8977net/sendme distinfo Makefile.crates

net/sendme: Update to 0.35.0

MFH as the quarterly version was no longer functional

(cherry picked from commit 771a0f4011488ea46d364354e4dc752f01b47e9e)
DeltaFile
+705-755net/sendme/distinfo
+352-377net/sendme/Makefile.crates
+2-2net/sendme/Makefile
+1,059-1,1343 files

FreeBSD/src dded0absys/dev/hwpmc hwpmc_amd.c

hwpmc: Disable AMD PMCs if in an unsupported VM

AMD does not have a CPUID bit to indicate the lack of K8 PMCs.  If all
other PMC features are not present we should test an event selector to
see if it stores and returns a value.  If the VM is implemented
correctly, this should result in a #GP on the initial wrmsr_safe.  Bhyve
and a few other VMs ignore writes, so I got one step further and test
that it retains the OS and USR bits.

Tested on Zen 5 native and a Zen 5 Bhyve virtual machine.  This code
should not run on any recent hardware, except in a VM, as it checks that
the core counter extension is missing.

PR:             268943
Reported by:    Sandipan Das, John F. Carr <jfc at mit.edu>
Reviewed by:    mhorne, imp
Sponsored by:   Netflix
MFC after:      1 week
Pull Request:   https://github.com/freebsd/freebsd-src/pull/2272/changes
DeltaFile
+35-2sys/dev/hwpmc/hwpmc_amd.c
+35-21 files

FreeBSD/src 8f9aabb. MAINTAINERS, .github CODEOWNERS

OpenSSL: update MAINTAINERS/CODEOWNERS

I've been the quasi-defacto component maintainer for OpenSSL since
14.0-RELEASE. Make it official via CODEOWNERS/MAINTAINERS.

The goal is to help guide those interested in making changes in this
space to solicit my input with the new vendor import process and
coordinate fixes with upstream until things are at a point where most of
this is automated a system of automated checks and balances to confirm
that the updates being made to the component help maintain a security
supply chain for this given component.

Thank you benl and jkim for your past efforts in this component area.
Hopefully I can do my part to help improve this critical space further
as you both did in your respective tenures.

MFC after:      3 days
DeltaFile
+4-3.github/CODEOWNERS
+1-1MAINTAINERS
+5-42 files

FreeBSD/ports bf518dbwww/py-yubal-api pkg-plist Makefile, www/py-yubal-api/files yubal.in patch-src_yubal__api_services_log__buffer.py

www/py-yubal-api: New port: Self-hosted YouTube Music downloader (API)

yubal is a self-hosted YouTube Music downloader. Paste a link, get
a tagged, organized library.

Scheduled sync. Smart deduplication. Media server ready. Browser
extension included.

WWW: https://github.com/guillevc/yubal/
DeltaFile
+158-0www/py-yubal-api/pkg-plist
+57-0www/py-yubal-api/Makefile
+45-0www/py-yubal-api/files/yubal.in
+19-0www/py-yubal-api/files/patch-src_yubal__api_services_log__buffer.py
+13-0www/py-yubal-api/files/patch-src_yubal__api_domain_types.py
+5-0www/py-yubal-api/pkg-descr
+297-02 files not shown
+303-08 files

FreeBSD/ports 9ea16bedevel Makefile, devel/py-ytmusicapi Makefile distinfo

devel/py-ytmusicapi: New port: Unofficial API for YouTube Music

ytmusicapi is a Python 3 library to send requests to the YouTube
Music API. It emulates YouTube Music web client requests using the
user's cookie data for authentication.

WWW: https://github.com/sigma67/ytmusicapi
DeltaFile
+25-0devel/py-ytmusicapi/Makefile
+21-0devel/py-ytmusicapi/files/patch-pyproject.toml
+3-0devel/py-ytmusicapi/distinfo
+3-0devel/py-ytmusicapi/pkg-descr
+1-0devel/Makefile
+53-05 files

FreeBSD/ports f4f0f11www Makefile, www/py-yubal Makefile pkg-descr

www/py-yubal: New port: Self-hosted YouTube Music downloader

yubal is a self-hosted YouTube Music downloader. Paste a link, get
a tagged, organized library.

Scheduled sync. Smart deduplication. Media server ready. Browser
extension included.

WWW: https://github.com/guillevc/yubal/
DeltaFile
+38-0www/py-yubal/Makefile
+5-0www/py-yubal/pkg-descr
+3-0www/py-yubal/distinfo
+1-0www/Makefile
+47-04 files

FreeBSD/src 3a71a35apps testrsa.h, crypto/cast cast_s.h

openssl: import 3.5.7

This change adds OpenSSL 3.5.7 from upstream [1].

The 3.5.7 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

This change is a security release which resolves several issues with OpenSSL 3.5,
the highest severity issue being ranked "High". Users are strongly encouraged to
update to this release.

More information about the release (from a high level) can be found in
the release notes [4].

Updated via [5] with `update_openssl.sh 3.5.7`.

Approved by:    so (gordon; implicit)

1. https://github.com/openssl/openssl/releases/download/openssl-3.5.7/openssl-3.5.7.tar.gz
2. https://github.com/openssl/openssl/releases/download/openssl-3.5.7/openssl-3.5.7.tar.gz.asc

    [3 lines not shown]
DeltaFile
+854-8,335test/quic_record_test.c
+449-4,467apps/testrsa.h
+380-3,027fuzz/dtlsserver.c
+284-2,821test/pkcs12_format_test.c
+224-2,214test/evp_extra_test2.c
+257-2,049crypto/cast/cast_s.h
+2,448-22,913204 files not shown
+8,075-35,360210 files

FreeBSD/src 20bfab9contrib/ldns net.c error.c, contrib/ldns/ldns error.h

ldns: Fix query response validation

Approved by:    so
Security:       FreeBSD-SA-26:36.ldns
Security:       CVE-2026-10846
DeltaFile
+90-2contrib/ldns/net.c
+6-0contrib/ldns/error.c
+4-1contrib/ldns/ldns/error.h
+100-33 files

FreeBSD/src 865c8ffcrypto/openssl/crypto/asn1 a_mbstr.c, crypto/openssl/ssl/quic quic_rx_depack.c quic_fifd.c

openssl: Fix multiple vulnerabilities

This is a rollup commit from upstream to fix:
  Reject oversized inputs in ASN1_mbstring_ncopy()
  cms: kek_unwrap_key: Fix out-of-bounds read in check-byte validation
  cms: kek_unwrap_key: test for fix out-of-bounds read in check-byte validation
  Avoid length truncation in ASN1_STRING_set
  pkcs12: verify that the pbmac1 key length is safe
  Reject potentially forged encrypted CMS AuthEnvelopedData messages
  QUIC stack must limit the number of PATH_CHALLENGE frames processed in RX
  Fix NULL dereference in QUIC address validation
  Fix potential NULL dereference processing CMS PasswordRecipientInfo
  Fix potential NULL dereference in OSSL_CRMF_ENCRYPTEDVALUE_decrypt()
  Enforce implicit rejection for CMS/PKCS#7 decryption
  Use the correct issuer when validating rootCAKeyUpdate
  Match the local q DHX parameter against the peer's q
  Apply the buffered IV on the AES-OCB EVP_Cipher() path
  Fix handling of empty-ciphertext messages in AES-GCM-SIV and AES-SIV
  Fix possible use-after-free in OpenSSL PKCS7_verify()

    [19 lines not shown]
DeltaFile
+140-0crypto/openssl/test/evp_extra_test.c
+37-25crypto/openssl/ssl/quic/quic_rx_depack.c
+46-2crypto/openssl/test/cmsapitest.c
+43-0crypto/openssl/ssl/quic/quic_fifd.c
+39-0crypto/openssl/ssl/quic/quic_channel_local.h
+28-3crypto/openssl/crypto/asn1/a_mbstr.c
+333-3027 files not shown
+473-9433 files

FreeBSD/src e1cdc49sys/kern imgact_elf.c, tests/sys/kern aslr.c Makefile

imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images

Otherwise an unprivileged user can disable randomization of the base
address for PIEs even if they are setugid.

Add a regression test.

Approved by:    so
Security:       FreeBSD-SA-26:32.elf
Security:       CVE-2026-49414
Reported by:    David Berard
Reviewed by:    kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57397
DeltaFile
+157-0tests/sys/kern/aslr.c
+28-27sys/kern/imgact_elf.c
+2-0tests/sys/kern/Makefile
+187-273 files

FreeBSD/src 3ac9726sys/compat/linux linux_elf.c

linux: Correct the issetugid check in copyout_auxargs

The runtime linker in glibc relies on the AT_SECURE auxv entry to know
whether the executable is set-ugid, if so then various dangerous
functionality such as LD_PRELOAD is disabled.

The check added in commit 669414e4fb74 failed to take into account the
fact that during execve, P_SUGID may not yet be set for a set-ugid
process.  Correct the test.

Approved by:    so
Security:       FreeBSD-SA-26:30.linux
Security:       CVE-2026-49413
Reported by:    Minseong Kim
Fixes:          669414e4fb74 ("Implement AT_SECURE properly.")
Reviewed by:    kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57350
DeltaFile
+1-3sys/compat/linux/linux_elf.c
+1-31 files

FreeBSD/src 7628e1dsys/dev/sound/pcm dsp.c buffer.c, tests/sys/sound mmap.c

sound: Fix software buffer lifetime issues

The channel buffer mapped by dsp_mmap_single() may be freed when the
device handle is closed, but the mapping persists beyond that, allowing
userspace to read or write memory owned by a different consumer.

Fix the problem by adding a reference counter to the sound buffer.
Define pager ops for the VM object returned by dsp_mmap_single() and use
them to manage the extra reference.

Add a regression test.

Approved by:    so
Security:       FreeBSD-SA-26:27.sound
Security:       CVE-2026-49417
Reported by:    Lexpl0it, 75Acol, Liyw979, Rob1n
Reviewed by     kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57393
DeltaFile
+77-16sys/dev/sound/pcm/dsp.c
+60-0tests/sys/sound/mmap.c
+36-2sys/dev/sound/pcm/buffer.c
+4-0sys/dev/sound/pcm/buffer.h
+177-184 files

FreeBSD/src ce2b959sys/netinet in_mcast.c, sys/netinet6 in6_mcast.c

in6_mcast: Fix a race in in6p_set_source_filter()

We drop the inpcb lock in order to copy in the source list, but this
leaves a window where the multicast filter structure might be freed.
This can be exploited to obtain root privileges.

In the v4 code this race is mitigated by holding the global multicast
lock across the gap.

Restructure the code to copy in filters before doing anything else, so
that there's no need to drop the inpcb lock and reason about the
correctness of doing so.  Do the same in the v4 code for consistency.

Approved by:    so
Security:       FreeBSD-SA-26:29.ip6_multicast
Security:       CVE-2026-49412
Reported by:    Andrew Griffiths <andrew at calif.io>
Reported by:    Maik Münch <maik at secfault-security.com>
Reviewed by:    glebius

    [2 lines not shown]
DeltaFile
+19-22sys/netinet6/in6_mcast.c
+17-23sys/netinet/in_mcast.c
+36-452 files

FreeBSD/src a6a8b27sys/dev/sound/pcm dsp.c, tests/sys/sound mmap.c Makefile

sound: Check for offset overflow in dsp_mmap_single()

Approved by:    so
Security:       FreeBSD-SA-26:27.sound
Security:       CVE-2026-45258
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
DeltaFile
+51-0tests/sys/sound/mmap.c
+3-0sys/dev/sound/pcm/dsp.c
+1-0tests/sys/sound/Makefile
+55-03 files

FreeBSD/src afa0c67sys/kern kern_thr.c

thr_kill2: Respect p_cansignal()

Approved by:    so
Security:       FreeBSD-SA-26:25.thr
Security:       CVE-2026-45256
Reported by:    Igor Gabriel Sousa e Souza
Reported by:    Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by:    emaste, kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57237
DeltaFile
+1-1sys/kern/kern_thr.c
+1-11 files

FreeBSD/src 9d9d6c6sys/arm64/arm64 pmap.c

arm64: Workaround the following errata

 - ARM C1-Premium erratum 4193780
 - ARM C1-Ultra erratum 4193780
 - ARM Cortex-A76 erratum 4193800
 - ARM Cortex-A76AE erratum 4193801
 - ARM Cortex-A77 erratum 4193798
 - ARM Cortex-A78 erratum 4193791
 - ARM Cortex-A78AE erratum 4193793
 - ARM Cortex-A78C erratum 4193794
 - ARM Cortex-A710 erratum 4193788
 - ARM Cortex-X1 erratum 4193791
 - ARM Cortex-X1C erratum 4193792
 - ARM Cortex-X2 erratum 4193788
 - ARM Cortex-X3 erratum 4193786
 - ARM Cortex-X4 erratum 4118414
 - ARM Cortex-X925 erratum 4193781
 - ARM Neoverse-N1 erratum 4193800
 - ARM Neoverse-N2 erratum 4193789

    [15 lines not shown]
DeltaFile
+51-9sys/arm64/arm64/pmap.c
+51-91 files

FreeBSD/src a513457sys/kern uipc_ktls.c, sys/sys ktls.h

ktls: Don't attempt to modify non-anonymous mbufs on the receive path

Normally, data processed on the KTLS receive path is contained in
anonymous mbufs that can be modified in place.  Either the data
originates in receive buffers from a NIC driver, or for loopback
connections the data is anonymous-backed mbufs created when writing to
a socket.  One potential source of non-anonymous mbufs are mbufs
created by sendfile(2) which borrow the pages of the underlying file,
either via M_EXTPG or EXT_SFBUF that are sent over a loopback
connection.  For a well-formed loopback TLS session, the sender should
only use sendfile(2) if KTLS is enabled.  If TLS is fully handled in
userspace, the sender must use write(2) or send(2) which allocate
anonymous mbufs.  If KTLS transmit is enabled, then sendfile(2) on a
loopback connection will always use crypto via OCF and will allocate
anonymous pages to hold the encrypted data.

However, if sendfile(2) is used to send file-backed data directly over
a loopback connection where KTLS is not enabled on the sender side,
the KTLS receive path can modify the file-backed pages in place

    [18 lines not shown]
DeltaFile
+93-0tests/sys/kern/ktls_test.c
+14-3sys/kern/uipc_ktls.c
+1-0sys/sys/ktls.h
+108-33 files

FreeBSD/src e417948sys/kern imgact_elf.c, tests/sys/kern aslr.c Makefile

imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images

Otherwise an unprivileged user can disable randomization of the base
address for PIEs even if they are setugid.

Add a regression test.

Approved by:    so
Security:       FreeBSD-SA-26:32.elf
Security:       CVE-2026-49414
Reported by:    David Berard
Reviewed by:    kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57397
DeltaFile
+157-0tests/sys/kern/aslr.c
+28-27sys/kern/imgact_elf.c
+2-0tests/sys/kern/Makefile
+187-273 files

FreeBSD/src e99aa86sys/arm64/arm64 pmap.c

arm64: Workaround the following errata

 - ARM C1-Premium erratum 4193780
 - ARM C1-Ultra erratum 4193780
 - ARM Cortex-A76 erratum 4193800
 - ARM Cortex-A76AE erratum 4193801
 - ARM Cortex-A77 erratum 4193798
 - ARM Cortex-A78 erratum 4193791
 - ARM Cortex-A78AE erratum 4193793
 - ARM Cortex-A78C erratum 4193794
 - ARM Cortex-A710 erratum 4193788
 - ARM Cortex-X1 erratum 4193791
 - ARM Cortex-X1C erratum 4193792
 - ARM Cortex-X2 erratum 4193788
 - ARM Cortex-X3 erratum 4193786
 - ARM Cortex-X4 erratum 4118414
 - ARM Cortex-X925 erratum 4193781
 - ARM Neoverse-N1 erratum 4193800
 - ARM Neoverse-N2 erratum 4193789

    [15 lines not shown]
DeltaFile
+51-9sys/arm64/arm64/pmap.c
+51-91 files