SECURITY update to openvpn-2.7.2
fix race condition in TLS handshake that could lead to leaking of packet
data from a previous handshake under specific circumstances
(CVE-2026-40215)
fix server ASSERT() on receiving a suitably malformed packet with
a valid tls-crypt-v2 key (CVE-2026-35058)
Other changes: https://github.com/OpenVPN/openvpn/blob/v2.7.2/Changes.rst
ok naddy@
CodeGen: Fix double counting bundles in inst size verification
The AMDGPU implementation handles bundles by summing the
member instructions. This was starting with the size of the
bundle instruction, then re-adding all of the same instructions.
This loop is over the iterator, not instr_iterator, so it should
not be looking through the bundled instructions. Most of the other
uses of getInstSizeInBytes are also on the iterator, not the
instr_iterator so the convention seems to be targets need to handle
BUNDLE correctly themselves.
[DirectX] Apply DXIL op fnattrs to declarations (#193622)
We need to apply DXIL op attributes to the functions themselves, and all
DXIL ops should have the `unwind` attribute. This matches the DXC
behaviour and what consumers like warp's GPU-based validation expect.
Fixes #193620
[libclc] Make sure PACKAGE_VERSION is set for libclc (#193966)
Summary:
This can be unset because CMake does not expose this as a raw variable
when you use the find_package interface. If it is not set as in the case
of standalone builds the clang resource directory won't be found
pmc: Implement the feature bits for recent Zen 4/5
Ensure that the optional MSRs and the user flags are guarded by the
cpuid feature flags. This prevents the user from triggering undefined
behavior or crashes on AMD processors where some of these features are
not present. As part of this, I added the branch target and DATA4 MSRs
to the IBS op state as those are only present on a subset of the Zen
chips that I have tested.
Reviewed by: mhorne
Sponsored by: Netflix
Pull Request: https://github.com/freebsd/freebsd-src/pull/2133
sys/time: appease gcc -Wtype-limits
In environments where time_t is 32 bits, including the 32-bit library
build on amd64, the overflow being tested for cannot happen, and gcc
complains with -Wtype-limits, causing the gcc build to fail. Work
around this by ifdef'ing out the saturation code on i386.
Reviewed by: imp, jfree
Discussed with: markj
Fixes: e3799530b3ba ("sys/time: Add saturating sbt conversions")
Differential Revision: https://reviews.freebsd.org/D56369
(cherry picked from commit 00dccc3164c6dff38350a1baeeea7238acf2efc3)
rtld: silence clang's unterminated-string-initialization warning
Since the initializer is used in other places where we can't just
replace it with a char-by-char initializer, this adds a macro for the
nonstring attribute (match the linuxkpi definition).
Reviewed by: emaste, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52535
(cherry picked from commit 86f325711c07b723b85c031d581d0a5c1a0964f3)