rtsold: Validate entries in domain search lists
Reported by: Kevin Day <kevin at your.org>
Approved by: so
Security: FreeBSD-SA-25:12.rtsold
Security: CVE-2025-14558
rtsold: Validate entries in domain search lists
Reported by: Kevin Day <kevin at your.org>
Approved by: so
Security: FreeBSD-SA-25:12.rtsold
Security: CVE-2025-14558
rtsold: Validate entries in domain search lists
Reported by: Kevin Day <kevin at your.org>
Approved by: so
Security: FreeBSD-SA-25:12.rtsold
Security: CVE-2025-14558
rtsold: Validate entries in domain search lists
Reported by: Kevin Day <kevin at your.org>
Approved by: so
Security: FreeBSD-SA-25:12.rtsold
Security: CVE-2025-14558
netmap: silence -Wdefault-const-init-field-unsafe warning
The netmap_ring struct starts with various const members and rencent
clang warns about leaving them uninitialized. Having them const in the
first place is highly suspicious since they are updated with various
macros but using hand-coded __DECONST(). But fixing that is a more
invasive change that I am unable to test.
```
.../freebsd/sys/dev/netmap/netmap_kloop.c:320:21: error: default initialization of an object of type 'struct netmap_ring' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
320 | struct netmap_ring shadow_ring; /* shadow copy of the netmap_ring */
| ^
.../freebsd/sys/net/netmap.h:290:16: note: member 'buf_ofs' declared 'const' here
290 | const int64_t buf_ofs;
| ^
```
Test Plan: Compiles
[3 lines not shown]
cdefs.h: Introduce __nonstring attribute
This attribute can be used to annotate char arrays that are not supposed to
be terminated with a NUL char and is needed to silence clang's new
-Wunterminated-string-initialization warning. The name matches linuxkpi.
Reviewed by: emaste, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52565
rtld: silence clang's unterminated-string-initialization warning
Since the initializer is used in other places where we can't just
replace it with a char-by-char initializer, this adds a macro for the
nonstring attribute (match the linuxkpi definition).
Reviewed by: emaste, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52535
libfetch: Fix -Wunterminated-string-initialization
This defaults to an error in clang HEAD, use a char-by-char
initializer instead.
Reviewed by: emaste, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52532
libc/amd64: Disable baseline version of stpncpy()
This implementation appears to be broken on some CPUs. Disable it
until the issue can be investigated and fixed.
PR: 291720
Fixes: 66eb78377bf1 ("libc/amd64: fix overread conditions in stpncpy()")
Fixes: 90253d49db09 ("lib/libc/amd64/string: add stpncpy scalar, baseline implementation")
makefs/tests: Use require.kmods property instead of ad-hoc checks
Signed-off-by: Siva Mahadevan <me at svmhdvn.name>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/1870
Unskip test sys.netinet6.frag6.frag6_07.frag6_07
This is now consistently passing with 100+ consecutive runs.
Signed-off-by: Siva Mahadevan <me at svmhdvn.name>
PR: 244170
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
ipfilter: Prevent stack buffer overflow
When copying ipfs data from user space, don't just check that the payload
length is nonzero, but also that it does not exceed the size of the stack
buffer we're copying it into.
While we're at it, use a union to create a buffer of the exact size we
need instead of guessing that 2048 will be enough (and not too much).
Finally, check the size of the payload once it gets to where it's used.
MFC after: 3 days
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D54194
makeman.lua: Update for src.conf in the src tree
Copy the text change from the shell makeman to makeman.lua.
Fixes: dd8c666d8b78 ("src.sys.mk: Support src.conf in SRCTOP")
Sponsored by: The FreeBSD Foundation
amd64/vmm.c: Fix an incorrect memory segment check in vm_iommu_{un}map
This change fixes two checks that conflated memory mapping and memory
segment idenitifers. In both cases the code iterates over all memory
mappings but passes the index to `vm_memseg_sysmem`, which is wrong.
Fix this by passing the memory mapping's segment identifier instead.
Differential Revision: https://reviews.freebsd.org/D54210
Reviewed by: markj
Fixes: c76c2a19ae37
PR: 290920
Approved by: so
Security: FreeBSD-EN-25:20.vmm
(cherry picked from commit f1809eab82a796845f126b703c01d4a31ccf2193)
(cherry picked from commit 4f7436bf297b93fd9e835ffca3d56288ce934dc5)
zfs: Merge commit 86b064469dc9c2 from OpenZFS
FreeBSD: Fix a potential null dereference in zfs_freebsd_fsync()
In general it's possible for a vnode to not have an associated VM
object. This happens in particular with named pipes, which have
some distinct VOPs, defined in zfs_fifoops. Thus, this chunk of
zfs_freebsd_fsync() needs to check for the FIFO case, like other
vm_object_mightbedirty() callers do.
(Note that vn_flush_cached_data() calls are predicated on
zn_has_cached_data() returning true, and it checks for a NULL v_object
pointer already.)
Fixes: ef4058fcdc01838117dd93a654228bac7487a37c
Reported-by: Collin Funk <collin.funk1 at gmail.com>
Reviewed-by: Sean Eric Fagan <sef at FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
[9 lines not shown]
if_rge: Add PNP info for module
Add PNP info so the module can be matched by devmatch(8) and automatically
loaded.
Reviewed by: adrian
Approved by: adrian
Differential Revision: https://reviews.freebsd.org/D54254
diff3: Remove bespoke getopt.h
diff3's getopt.h included a function declaration without a prototype,
which produces a compiler warning. Just remove the bespoke getopt.h
and use the system header.
Reported by: Mark Millard
Reviewed by: fuz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53802
(cherry picked from commit 38829592dc77e9ead4259785e0bfb93bd4c2fe34)
(cherry picked from commit 437c77476e726e0414e460c973fd88fe812ce2b4)
