OpenBSD/src axKf6qFshare/man/man4 pfsync.4

   The pfsync manual page has no mention about safety of this protocol.
   Furthermore there are no configuration options for "key negotation",
   so we believe everyone knows to run this on a dedicated wire or on L2 inside
   some sort of encryption tunnel (it is the natural way to do it in anycase).
   Books do mention this detail, because books enjoy being more wordy.
   But the AI's can't figure it out, so put in some words to stop future
   AI's from sending us slop.
VersionDeltaFile
1.40+9-2share/man/man4/pfsync.4
+9-21 files

OpenBSD/src DG5zBkssys/net if_pfsync.c if_pfsync.h

   The pfcksum[] field in the pfsync packet header is not a hash of the
   packet.  It provides absolutely no security benefits, keep reading to
   find out.

   According to dlg, during early development this field was hopefully
   going to be a hash related to the ruleset for optimizing state
   match. That approach was abandoned (I guess because ruleset drift
   between firewalls happens too often during normal practice). As is
   usual in protocol development, at least 6 people were already using
   pfsync in production, so for compatibility the field was not
   removed...  and forgotten.  On send, it was left as zero, due to
   the full-header zero initialization code.

   So there is no useful checksum or hash stored in this field called
   'pfcksum[PF_MD5_DIGEST_LENGTH]'.  Actually there isn't a single line
   of code in the entire tree which writes to this array.  Besides the
   field definition in the structure, there is 1 comment elsewhere
   mentioning the field.  So no code at all.  I said no code, which is
   why there is no code checking it on receive, not even checking if it

    [19 lines not shown]
VersionDeltaFile
1.333+2-2sys/net/if_pfsync.c
1.66+2-2sys/net/if_pfsync.h
+4-42 files

FreeBSD/src fee3ebasys/amd64/amd64 machdep.c

kern/amd64/machdep: Replace memset in wrmsr_early_safe_end

GENERIC-KASAN kernel failed to boot on a Dell PowerEdge C6615 with
an AMD EPYC 8224P CPU; UEFI BIOS caught a #GP exception with %RIP
in kasan_memset where %GS relative pointer (curthread->td_pflags2)
was dereferenced. Investigation led to wrmsr_early_safe_end which
calls memset to clear early #GP IDT entry. Replacing memset with
__builtin_memset_inline still resulted in the compiler emitting a
call to the memset resolver in GENERIC-KASAN build and the kernel
stil faulted during boot. This version which has been successfully
tested with both GENERIC and GENERIC-KASAN kernels uses memset_early.

Signed-off-by: Kristofer Peterson <kris at tranception.com>
Reviewed-by: kib
(cherry picked from commit 615f1b9eb17c921bbcb0cce2b9ad61910361325b)
DeltaFile
+1-1sys/amd64/amd64/machdep.c
+1-11 files

FreeBSD/src cc5125ausr.sbin/bhyveload bhyveload.c

bhyveload: simplify cb_open() and eliminate minor TOCTOU

It's not at all clear why I wrote it like this, but we can do better.

I wouldn't think this really has any meaningful security implications
since the hierarchy in question can't really be modified by the guest
scripts, but it would seem to make it a little more robust.

Reviewed by:    bnovkov, markj

(cherry picked from commit 6da9d465c54bf2e3496e83db025c5d22f3b3cc17)
DeltaFile
+12-14usr.sbin/bhyveload/bhyveload.c
+12-141 files

FreeBSD/src 7bb6c19bin/ls ls.c, bin/ls/tests ls_tests.sh

ls: check fts_children() for errors that may not surface otherwise

In particular, if one simply does a non-recursive `ls` on a directory
that is not accessible, there are some classes of errors that may cause
it to fail that wouldn't be surfaced unless we do an fts_read() that
will recurse into the inaccessible directory.  Catch those kinds of
errors here since we cannot expect to an FTS_ERR/FTS_DNR entry to follow
up on them.

PR:             287451
Reviewed by:    kib
Discusssed with:        des

(cherry picked from commit 7bf81e39d83087dc7f984077b5eed5a48df794d4)
DeltaFile
+30-0bin/ls/tests/ls_tests.sh
+17-0bin/ls/ls.c
+47-02 files

FreeBSD/src a41c4d9release Makefile.vm

release: Pass optional VM_IMAGE_CONFIG to vm-image

`make vm-image` calls mk-vmimage.sh, which supports
`-c CONFFILE`. This file gets sourced before building the image.

One example of how to use it is to define
vm_extra_filter_base_packages() to filter the list of packages
installed into the VM image:

    # vm-nodbg32.conf
    vm_extra_filter_base_packages() {
        grep -v -E '(-dbg|lib32)'
    }

    $ make VM_IMAGE_CONFIG=path/to/vm-nodbg32.conf \
        VMFORMATS=raw \
        -DWITH_VMIMAGES \
        vm-image


    [3 lines not shown]
DeltaFile
+1-0release/Makefile.vm
+1-01 files

FreeBSD/src 2b5087elib/libbe be.c libbe.3, lib/libbe/tests target_prog.c be_create.sh

bectl: Add -E flag to create an empty boot environment

Signed-off-by: Pat Maddox <pat at patmaddox.com>
Reviewed by:    kevans
(cherry picked from commit 2e020c84cb5ee1452e448f27ff7a7b6076c0147a)
DeltaFile
+50-14lib/libbe/be.c
+14-2sbin/bectl/bectl.c
+13-1sbin/bectl/bectl.8
+7-4lib/libbe/tests/target_prog.c
+8-1lib/libbe/libbe.3
+9-0lib/libbe/tests/be_create.sh
+101-223 files not shown
+111-239 files

FreeBSD/src 2129e62. ObsoleteFiles.inc

ObsoleteFiles: remove the shar(1) manpage as well

Fixes:  3fde39073c ("shar: remove from the tree [...]")
(cherry picked from commit bb0734cf2446ce2be829edfa421af3aa558d2c70)
DeltaFile
+1-0ObsoleteFiles.inc
+1-01 files

FreeBSD/src 07ce814tools/build/mk OptionalObsoleteFiles.inc

OptionalObsoleteFiles: Add etc/zfs/compatibility.d

If the world is built and installed with WITHOUT_ZFS, then make
-DBATCH_DELETE_OLD_FILES delete-old-dirs will give the error:

> rmdir: /etc/zfs: Directory not empty

because /etc/zfs/compatibility.d is still there.  While we're here,
clean out /usr/share/zfs as well.

Co-authored-by: kevans

(cherry picked from commit 5c9d988d865cc4ce849507173c0a2e2f399d0f62)
DeltaFile
+58-0tools/build/mk/OptionalObsoleteFiles.inc
+58-01 files

FreeBSD/src 21fcae1sys/dev/tpm tpm20.c tpm20.h

tpm20: fix suspend/resume and entropy harvesting

There were a few problem here:
  - TPM2_Shutdown results in a response that we need to either process
    or ignore, otherwise any tpm20_write or tpm20_harvest call will
    trivially hang on an `sc->pending_data_length != 0`
  - We should have a matching TPM2_Startup upon resume to restore any
    state that should have persisted
  - We must drain the harvest task before we suspend to avoid problems
    there

This commit is sufficient to avoid breaking suspend/resume.

PR:             291067
Co-authored-by: markj
Tested by:      garga

(cherry picked from commit 38a4995eb52db21116f8b37ed942e66a8c2f050f)
DeltaFile
+65-0sys/dev/tpm/tpm20.c
+1-0sys/dev/tpm/tpm20.h
+1-0sys/dev/tpm/tpm_crb.c
+1-0sys/dev/tpm/tpm_tis_core.c
+68-04 files

FreeBSD/src afe262bsys/dev/tpm tpm_crb.c

tpm: crb: add support for the Pluton startmethod

The Pluton startmethod uses a simple doorbell mechanism to wakeup the
TPM unit after we've issued various forms of state change, with the
registers to use specified in the startmethod-specific segment of the
TPM2 table (up to 12 bytes after the StartMethod).

At the very least, this is the kind of TPM in use by my AMD Zen 4-based
Minisforum machine.

(cherry picked from commit e6fa918c4a3ebeb4bcae7614dbb281bda35e06e1)
DeltaFile
+207-5sys/dev/tpm/tpm_crb.c
+207-51 files

FreeBSD/src b6321b9sys/dev/uart uart_tty.c

uart: fix sleeping while holding mutex in uart_tty_detach()

Move swi_remove() call before acquiring the tty lock. swi_remove() calls
intr_event_remove_handler() which may sleep via msleep(), causing a lock
order violation when called with the tty mutex held.

The software interrupt handler removal operates on the interrupt event
structure independently and does not require the tty lock. This matches
the pattern used in other drivers such as tcp_hpts.c where swi_remove()
is called without holding other locks.

Reviewed by:    imp, kevans

(cherry picked from commit ed3a2469a71e0ef48cf8e636c35e64a011756da3)
DeltaFile
+2-1sys/dev/uart/uart_tty.c
+2-11 files

FreeBSD/src caa3700sys/kern subr_firmware.c

firmware: Fix inverted FIRMWARE_GET_NOWARN logic

The try_binary_file() function has inverted logic for the
FIRMWARE_GET_NOWARN flag.  When the flag is set (meaning "don't warn"),
the code sets warn=true and makes noise anyway.

Invert the assignment to warn to correctly suppress warnings when
FIRMWARE_GET_NOWARN is set.

Reviewed by:    kevans

(cherry picked from commit fdcd67be8274d237ae2c87d6475d9d34b440b8d8)
DeltaFile
+1-1sys/kern/subr_firmware.c
+1-11 files

FreeBSD/src ebf890dlibexec/rc/rc.d zfs

rc: run the zfs rc script before tmp

The tmp rc script has much the same problem that the var does: it wants
to test if /tmp is writable, and mount a tmpfs if it's not.  This means
that we actually want our zfs datasets mounted first, because we might
have a /tmp dataset that changes the story.

The ordering problem is particularly noticable with a r/o zfs root,
since the write test will fail and we'll mount a tmpfs that later gets
covered by our /tmp dataset.  If that /tmp dataset inherited readonly,
then we're still in trouble.

This also fixes `tmpmfs=yes`, which would again get covered by a zfs
dataset with the existing ordering.

Reviewed by:    des

(cherry picked from commit d3f21856aa72c28408660ed40ce76bbd0716a991)
DeltaFile
+1-1libexec/rc/rc.d/zfs
+1-11 files

FreeBSD/src 6c143ffsys/dev/vt vt_core.c vt.h

vt(4): allow up to _SIG_MAXSIG (128) for VT_SETMODE

VT_SETMODE ioctl currently checks the provided signal numbers with its
own ISSIGVALID macro that uses NSIG (32) as a maximum, although the code
that will actually send the signal in sys/kern/kern_sig.c uses
_SIG_VALID which allows up to _SIG_MAXSIG (128).

This change aligns the vt code with the kernel internals and enables the
use of higher signal numbers so that applications are not limited to
SIGUSR1 and SIGUSR2 for vt release and acquire signals.

Signed-off-by:  Quentin Thébault <quentin.thebault at defenso.fr>
Reviewed by:    emaste, imp, kevans

(cherry picked from commit 5e1c7867e1b9a8abe7307d01087cddc057e39859)
DeltaFile
+3-3sys/dev/vt/vt_core.c
+0-1sys/dev/vt/vt.h
+3-42 files

FreeBSD/src cf62b00usr.bin/truncate truncate.c, usr.bin/truncate/tests truncate_test.sh

truncate: fix a minor nit + add a hole-punching test

The struct spacectl_range we use is only really used in these three
lines of code, so re-scope it down to just the dealloc branch.  This is
marginally easier to reason about what might be necessary to replace in
porting our truncate(1) to other platforms.

While we're here, add a test for the -d flag to be sure it really does
punch a hole in the file.  The test also tries to confirm that it does
not disturb other segments of the file in the process, just to inspire
some confidence that it's not corrupting the file somehow.

Sponsored by:   Klara, Inc.
Reviewed by:    markj

(cherry picked from commit eacc501eff52db16b7b784c89a3a4a03c9a3ef34)
DeltaFile
+48-0usr.bin/truncate/tests/truncate_test.sh
+2-1usr.bin/truncate/truncate.c
+50-12 files

FreeBSD/src 4b7f99fsys/modules/tpm Makefile

tpm: fix the conditional for the arm64 build

The intention was clearly that these ACPI bits would be included for
arm64, but MACHINE_ARCH there is aarch64 -- correct the minor typo to
build everything that should be there.

(cherry picked from commit c490bc73eb68556bc44da9893af9be48a360de8c)
DeltaFile
+1-1sys/modules/tpm/Makefile
+1-11 files

FreeBSD/src cd42ecfsys/conf files.amd64

files.amd64: remove some lines duplicated from files.x86

These were added to files.x86 because they were duplicated in both
files.i386 and files.amd64, but they did not end up removed in the
latter.  Garbage collect them now.

Reviewed by:    jhibbits
Sponsored by:   Klara, Inc.
Sponsored by:   NetApp, Inc.

(cherry picked from commit a8c594d27779b95f33c856521ec1039fa552d869)
DeltaFile
+0-2sys/conf/files.amd64
+0-21 files

FreeBSD/src 1cf7c6clib/libsys Makefile.sys

libsys: install manpage links for jail_attach_jd/jail_remove_jd

This was a minor oversight from their introduction.

Commit message by kevans@.

Reviewed by:    kevans

(cherry picked from commit 51c5e2b60247b3deb204a1d78ea6edc91a8ac652)
DeltaFile
+3-1lib/libsys/Makefile.sys
+3-11 files

FreeBSD/src 40aab70sys/dev/tpm tpm_crb.c

tpm: crb: factor out idle/ready state transitions

Some TPM implementations have a different start method that requires
an additional notification for some state changes; for instance, the
"Pluton" start method.  Just factor these transitions out for now, and
the coming commits will introduce points that the start method can hook
in at.

Reviewed by:    obrien

(cherry picked from commit cca34aa1d005ffc859704331a3221b8c506d2f06)
DeltaFile
+50-11sys/dev/tpm/tpm_crb.c
+50-111 files

NetBSD/src rJ9E3gusys/arch/amiga/amiga machdep.c

   Call fpu_init() at the beginning of cpu_startup(), like the other
   m68k ports now do, and use the probed FPU information rather than
   flags from the loader.
VersionDeltaFile
1.272+20-53sys/arch/amiga/amiga/machdep.c
+20-531 files

NetBSD/pkgsrc i1BRUJDmail/s-nail distinfo, mail/s-nail/patches patch-src_mx_iconv.c

   s-nail: fixed building on NetBSD 11
VersionDeltaFile
1.1+15-0mail/s-nail/patches/patch-src_mx_iconv.c
1.6+2-1mail/s-nail/distinfo
+17-12 files

FreeNAS/freenas e9bbcffsrc/middlewared/middlewared/plugins/directoryservices_ secrets.py, src/middlewared/middlewared/plugins/smb_ groupmap.py

Use domain sid from secrets.tdb for groupmap construction

This commit transitions from using runtime detection of domain
SID via winbindd requests to reading the stored domain SID
from the secrets.tdb file. During reboot and failover process
there was a window in which an unhealthy AD join could cause
a failure to resolve the domain admins SID and subsequently
trigger it to be removed from the group_mapping.tdb. This
change robustizes the groupmap setup by not requiring a
healthy AD state.

(cherry picked from commit e6fbe76f3b325db606f3eea68a5fa53a433f3f49)
DeltaFile
+63-0tests/directory_services/test_activedirectory_groupmap.py
+59-0src/middlewared/middlewared/pytest/unit/utils/test_sid.py
+35-0src/middlewared/middlewared/utils/sid.py
+4-11src/middlewared/middlewared/plugins/smb_/groupmap.py
+12-0src/middlewared/middlewared/plugins/directoryservices_/secrets.py
+173-115 files

FreeNAS/freenas ea634fasrc/middlewared/middlewared/plugins/directoryservices_ secrets.py, src/middlewared/middlewared/plugins/smb_ groupmap.py

NAS-140647 / 27.0.0-BETA.1 / Use domain sid from secrets.tdb for groupmap construction (#18719)

This commit transitions from using runtime detection of domain SID via
winbindd requests to reading the stored domain SID from the secrets.tdb
file. During reboot and failover process there was a window in which an
unhealthy AD join could cause a failure to resolve the domain admins SID
and subsequently trigger it to be removed from the group_mapping.tdb.
This change robustizes the groupmap setup by not requiring a healthy AD
state.
DeltaFile
+63-0tests/directory_services/test_activedirectory_groupmap.py
+59-0src/middlewared/middlewared/pytest/unit/utils/test_sid.py
+35-0src/middlewared/middlewared/utils/sid.py
+4-11src/middlewared/middlewared/plugins/smb_/groupmap.py
+12-0src/middlewared/middlewared/plugins/directoryservices_/secrets.py
+173-115 files

FreeBSD/src 51a80besecure/lib/libcrypto/man/man3 X509V3_EXT_print.3 Makefile

crypto/openssl: add new manpage from release 3.5.6

MFC after:      1 day (the security issues warrant a quick backport).
MFC with:       10a428653ee7216475f1ddce3fb4cbf1200319f8

(cherry picked from commit 9f7080ba6bcf18d013ae3b91dc9d92cfa731a8c0)
DeltaFile
+108-0secure/lib/libcrypto/man/man3/X509V3_EXT_print.3
+2-0secure/lib/libcrypto/man/man3/Makefile
+110-02 files

FreeBSD/src e2fcde7crypto/openssl CHANGES.md NEWS.md, crypto/openssl/doc/man1 openssl-ciphers.pod.in

MFV: crypto/openssl: update to 3.5.6

This change brings in version 3.5.6 of OpenSSL, which features
several security fixes (the highest of which is a MEDIUM severity
issue), as well as some miscellaneous feature updates.

Please see the release notes [1] for more details.

PS Apologies for the confusing merge commits -- I was testing out a
new automated update process and failed to catch the commit message
issues until after I pushed the change.

1. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md

MFC after:      1 day (the security issues warrant a quick backport).
Merge commit 'ab5fc4ac933ff67bc800e774dffce15e2a541e90'

(cherry picked from commit 10a428653ee7216475f1ddce3fb4cbf1200319f8)
DeltaFile
+438-329crypto/openssl/doc/man1/openssl-ciphers.pod.in
+363-212crypto/openssl/CHANGES.md
+232-195crypto/openssl/NEWS.md
+152-213crypto/openssl/util/platform_symbols/windows-symbols.txt
+84-35crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod
+109-1crypto/openssl/test/evp_extra_test.c
+1,378-985250 files not shown
+3,695-2,017256 files

FreeBSD/src 293c738secure/lib/libcrypto/man/man3 SSL_CTX_set1_curves.3 SSL_CONF_cmd.3, secure/lib/libcrypto/man/man7 property.7

crypto/openssl: update artifacts to match 3.5.6 release artifacts

A new manpage and any associated links will be added in the next commit.

MFC after:      1 day (the security issues warrant a quick backport).
MFC with:       10a428653ee7216475f1ddce3fb4cbf1200319f8

(cherry picked from commit 5254e16213ff1bb136ef24e0b0fe30625ac53563)
DeltaFile
+442-346secure/usr.bin/openssl/man/openssl-ciphers.1
+85-36secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3
+56-48sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S
+27-2secure/lib/libcrypto/man/man7/property.7
+9-11secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3
+12-3secure/lib/libcrypto/man/man3/PKCS5_PBE_keyivgen.3
+631-446903 files not shown
+1,654-1,424909 files

NetBSD/pkgsrc HAEOcMYdoc CHANGES-2026

   doc: Updated editors/mle to 1.8.1
VersionDeltaFile
1.2221+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc AFzXClQeditors/mle distinfo Makefile

   mle: update to 1.8.1

   ### changed
   - improve perf of mark functions
   - change syntax shortcut from `-y-` to `-yy`
   - avoid zeroing the viewport when paging less than screen height

   ### added
   - include cosmopolitan libc build
   - add `cmd_split_adjust`
   - add uninstall make target
   - display error on buffer open failure
   - add `cmd_print_macro`
   - add isearch conveniences
   - add `cmd_replace_all`
   - parameterize page up and down
   - add `cmd_macro_apply_last`

   ### fixed

    [19 lines not shown]
VersionDeltaFile
1.2+4-4editors/mle/distinfo
1.6+3-4editors/mle/Makefile
+7-82 files

LLVM/project af209b6llvm/lib/Target/RISCV RISCVISelLowering.cpp, llvm/test/CodeGen/RISCV/rvv fixed-vectors-fp2i.ll fixed-vectors-i2fp.ll

[RISCV] Split LMUL=8 f16 fixed vector (s/u)ittofp/fpto(s/u)i before promoting. (#191568)

The conversion needs to be done by promoting to f32. If we're already at
LMUL=8, we need to split before we can promote.
DeltaFile
+118-0llvm/test/CodeGen/RISCV/rvv/fixed-vectors-fp2i.ll
+118-0llvm/test/CodeGen/RISCV/rvv/fixed-vectors-i2fp.ll
+6-6llvm/lib/Target/RISCV/RISCVISelLowering.cpp
+242-63 files