linux: Fix some problems with header pollution
- Avoid including sys/proc.h in linux_vdso_gtod.c. It's not needed, but
the implicit inclusion of sys/param.h via sys/ucred.h->bsm/audit.h was
bringing in some required definitions.
- Include a couple of required headers: sys/time.h (for struct bintime),
and limits.h (for INT_MAX).
- Move some helpers from linux.h, which depend on sys/param.h for NODEV,
to the one CU where they're actually used.
No functional change intended.
Reviewed by: imp, kib, emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D56982
Cloud releases: Switch to firstboot_pkg_upgrade
Cloud images are deployed with base system packages. Introduce a
firstboot package auto updater to patch the base system on first boot.
Approved by: re (cperciva)
MFC after: 1 hour
MFC to: stable/15
Reviewed by: cperciva
Sponsored by: Google Cloud
Differential Revision: https://reviews.freebsd.org/D56890
(cherry picked from commit 464a351267dc0d1843b919dd72ad1c70c24815ce)
(cherry picked from commit 0bb2b2a45f3c0c147d7c55e010be45e55af8df87)
Cloud releases: Switch to firstboot_pkg_upgrade
Cloud images are deployed with base system packages. Introduce a
firstboot package auto updater to patch the base system on first boot.
MFC after: 1 hour
MFC to: stable/15
Reviewed by: cperciva
Sponsored by: Google Cloud
Differential Revision: https://reviews.freebsd.org/D56890
(cherry picked from commit 464a351267dc0d1843b919dd72ad1c70c24815ce)
nfsd: Allow vfs.nfsd.srvmaxio to be up to 4Mbytes
Without this patch, the maximum setting for
vfs.nfsd.srvmaxio was 1Mbyte. This patch increases
that to 4Mbytes.
The same as for any setting above 128Kbytes, settings up to
4Mbytes require that kern.ipc.maxsockbuf be increased.
(A message generated after setting vfs.nfsd.srvmaxio via
the /etc/rc.conf variable nfs_server_maxio will indicate
the minimum setting, which will be somewhat greater than
four times the setting of vfs.nfsd.srvmaxio.)
Requested by: Cedric Blancher <cedric.blancher at gmail.com>
MFC after: 2 weeks
Fixes: 13d3bd165e22 ("subr_uio.c: Remove a KASSERT() for large NFS server I/O")
subr_uio.c: Remove a KASSERT() for large NFS server I/O
When the NFS server is set to allow an I/O size greater
than 1Mbyte (not allowed in FreeBSD's main yet), a
KASSERT() in allocuio() can fail when:
zfs_freebsd_write()->zfs_write()->zfs_uiocopy()
->cloneuio()->allocuio()
is called for a large NFS server write.
Since the userland API callers to allocuio() already
check that the size does not exceed UIO_MAXIOV,
there does not seem to be a need to a KASSERT()
here.
Removing the KASSERT() allows NFS server writes
of greater than 1Mbyte to work, once the NFS code
is patched to allow them.
Reviewed by: kib
[2 lines not shown]
Cloud releases: More firstboot_pkg_upgrade
Update a couple more cloudware images which I forgot about earlier.
Reviewed by: ziaee
Fixes: 464a351267dc ("Cloud releases: Switch to firstboot_pkg_upgrade")
Differential Revision: https://reviews.freebsd.org/D57006
Cloud releases: Switch to firstboot_pkg_upgrade
Cloud images are deployed with base system packages. Introduce a
firstboot package auto updater to patch the base system on first boot.
MFC after: 1 hour
MFC to: stable/15
Reviewed by: cperciva
Sponsored by: Google Cloud
Differential Revision: https://reviews.freebsd.org/D56890
nuageinit: fix command injection and related issues
- Add shell_escape() helper to safely escape shell arguments
- Apply shell_escape to all user-controlled values in shell commands:
adduser (usershow, useradd, lock, primary_group, groups)
addgroup (groupshow, groupadd, members)
exec_change_password (usermod)
settimezone (tzsetup root and timezone)
install_package (pkg package names)
- Escape double quotes in hostname when writing rc.conf.d/hostname
- Add missing 'local' declaration for resolvconf_command in nameservers()
- Escape interface name in resolvconf -a command
- Change open_resolvconf_conf() from 'w' to 'a' mode to prevent
data loss when nameservers() is called multiple times
- Clean up stale resolvconf.conf at the start of each boot
(skip on postnet to preserve config written by first call)
Approved by: re (cperciva)
MFC After: 1 day
[3 lines not shown]
Make "make update-packages" idempotent
If the user runs "make update-packages" without bumping BRANCH, then it
isn't possible to copy packages from the old location to the new one
(because the two locations are the same). So just skip that step.
Approved by: re (cperciva)
Sponsored by: ConnectWise
PR: 295085
Reviewed by: ivy, emaste
Differential Revision: https://reviews.freebsd.org/D56872
(cherry picked from commit bd1e789b8452a8c2f166a3b4defb95330c71dadd)
(cherry picked from commit 89a0148521aefe0a190d4b62749186c705962d32)
Fix LOCAL_PEERCRED in 32-bit compat mode
Previously the cr_pid field would be incorrectly copied to userland, due
to a size mismatch between the structure as defined in 32-bit vs 64-bit
builds. Fix it by converting the structure before copying it to
userland.
Approved by: re (cperciva)
PR: 294833
Sponsored by: ConnectWise
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D56675
(cherry picked from commit 1d24638d3e8875e4b99a4b5e39f4241e37221b3d)
(cherry picked from commit 3298d82ea34059354dc1ff1a60d8b7d3e495c2cd)
pkg-stage.sh: Add ext2 and ntfs
Having these packages available on release media may help users who
need to sneakernet other packages (e.g. firmware) from systems running
Linux or Windows.
Approved by: re (cperciva)
Suggested by: vladlen, ziaee
MFC after: 3 days
(cherry picked from commit 6881fd278d80ac63b4d511fc130a79ff16d1bb48)
(cherry picked from commit 01d5910b8766671afdbd9e274fd62b397aca9e1a)
release/tools: use same pkg settings in containers as in /etc/pkg/FreeBSD.conf
Instructions in /etc/pkg/FreeBSD.conf and elsewhere recommend putting
changes in /usr/local/etc/pkg/repos/FreeBSD.conf so bring OCI containers
into line as well.
Reviewed by: dfr, ivy
Differential Revision: https://reviews.freebsd.org/D54090
Approved by: re (cperciva)
MFC after: 5 days
Sponsored by: SkunkWerks, GmbH
(cherry picked from commit c73ae67348998a0056145e88debbea9ff6860c4f)
(cherry picked from commit d889f6c466d4cec73c34bc71093d08b25e321071)
bsdinstall: do pkgbase installations with the "script" command
"bsdinstall script" will now do a pkgbase installation by default. The
system components to install can be specified in the COMPONENTS
variable, and have the same names as those used in the interactive
installer. bsdinstall will still do a legacy distset installation if
DISTRIBUTIONS is defined in the installerconfig file.
Approved by: re (cperciva)
PR: 290375
Sponsored by: ConnectWise
Reviewed by: ziaee, ivy, jduran
Differential Revision: https://reviews.freebsd.org/D56717
(cherry picked from commit dc14ae4217a0babb1240f813b642edc2d7b955a6)
(cherry picked from commit 1f5869130f6ebd299e65a627eff23a8c3d360afb)
krb5: Fix two NegoEx parsing vulnerabilities
Bring in upstream commit 2e75f0d93 fixing two CVEs. Upstream commit
log is:
In parse_nego_message(), check the result of the second call to
vector_base() before dereferencing it. In parse_message(), check for
a short header_len to prevent an integer underflow when calculating
the remaining message length.
Reported by Cem Onat Karagun.
CVE-2026-40355:
In MIT krb5 release 1.18 and later, if an application calls
gss_accept_sec_context() on a system with a NegoEx mechanism
registered in /etc/gss/mech, an unauthenticated remote attacker can
trigger a null pointer dereference, causing the process to terminate.
[13 lines not shown]
OpenSSH: Update to 10.3p1
Full release notes are available at
https://www.openssh.com/txt/release-10.3
Selected highlights from the release notes:
* ssh(1), sshd(8): remove bug compatibility for implementations
that don't support rekeying. If such an implementation tries to
interoperate with OpenSSH, it will now eventually fail when the
transport needs rekeying.
* ssh(1), sshd(8): support IANA-assigned codepoints for SSH agent
forwarding, as per draft-ietf-sshm-ssh-agent. Support for the new
names is advertised via the EXT_INFO message. If a server offers
support for the new names, then they are used preferentially.
* ssh(1): add a ~I escape option that shows information about the
current SSH connection.
[10 lines not shown]
pkg-stage.sh: Add ext2 and ntfs
Having these packages available on release media may help users who
need to sneakernet other packages (e.g. firmware) from systems running
Linux or Windows.
Suggested by: vladlen, ziaee
MFC after: 3 days
(cherry picked from commit 6881fd278d80ac63b4d511fc130a79ff16d1bb48)
Revert "nvme: Only attach to storage NVMe devices"
This reverts commit 0a19464bf7afa35ce2aa7649152bc3a7629faa98. It's
incorrect for ahci attachments. Reverting to merge to stable/15
to merge to releng/15.1 for the release.
Sponsored by: Netflix
linux/io: handle memtype_wc mapping for !DMAP range
The amdgpu driver in drm-kmod will attempt to update/reserve certain GPU
VRAM ranges as write-combining. Depending on the system, this address
range may fall outside of FreeBSD's constructed DMAP. We cannot use
pmap_change_attr() in this case.
When INVARIANTS is enabled, this results in the following:
panic: physical address 0x880000000 not covered by the DMAP
Add a guard against triggering the KASSERT in PHYS_TO_DMAP().
This limitation in our implementation of arch_io_reserve_memtype_wc() is
already known in drm-kmod's amdgpu_bo_init(), and errors are ignored
there (see "BSDFIXME"). This change is only to eliminate the preventable
assertion failure within this scheme.
Tested by: kevans
[4 lines not shown]
