openssl: update to 3.0.21
This change is a security release which resolves several issues with OpenSSL 3.0,
the highest severity issue being ranked "High". Users are strongly encouraged to
update to this release.
More information about the release (from a high level) can be found in
the release notes [1].
Tested with: (make tinderbox; spotchecks on dev hosts)
1. https://github.com/openssl/openssl/blob/openssl-3.0.21/NEWS.md
- :main and :stable/15 run OpenSSL 3.5 and :stable/14, et al runs
OpenSSL 3.0.
- This is not a merge commit because our pre-receive checkers still
don't allow direct MFVs without going through :main first.
- This is a direct commit to stable/14.
install: drop obsolete file size limit for -C
Removes the file size limit for -C comparisons. The limit was
meant to prevent oversized mmap allocations, which is no longer
relevant as mmap is no longer used here (removed by
a0439a1b820fa0e742c00d095f5f5c06f5f19432, review D44809).
Credit to bdrewery.
See: https://reviews.freebsd.org/D57230
Reviewed by: bdrewery, glebius, ziaee
Approved by: glebius (mentor)
Obtained from: Fudo Security
MFC after: 2 weeks
Sponsored by: Fudo Security
Differential Revision: https://reviews.freebsd.org/D57503
libc: fix strtold NaN representation on riscv
Regenerate gd_qnan.h on riscv using the qnan.c
config tool found in contrib/gdtoa.
This fixes the following tests in CI:
lib/libc/stdio/scanfloat_test:infinities_and_nans
lib/libc/stdlib/strtod_test:strtold_nan
Reviewed by: jrtc27
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57405
Pause failpoint: replace mtx_sleep with tsleep
Eliminate panic when re-setting a paused failpoint to pause
(address of feq_mtx changes whilst in mtx_sleep, triggering
assertion when reacquiring mtx).
Reviewed by: rlibby
Pull Request: https://github.com/freebsd/freebsd-src/pull/2267
inetd: Add missing argument to the -p flag description
While here, use the more specific "pidfile" consistently instead of
ambiguous "filename".
Reviewed by: ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57531
libc: Fix assert() sanitiser for C++ contextual bool conversion
Replace the `(bool(*)(bool))` probe in `__assert_sanitize()` with an unevaluated
conditional expression, so types with `explicit operator bool()` that require a
contextually converted constant expression of type `bool` are handled correctly.
Ergo, arity check is now performed separately via `__assert_sanitize_arity()`, a
unary template whose parameter pack must bind to exactly on argument after
`__VA_ARGS__` is substituted into the call.
Also align NDEBUG with C23 requirements.
Reported by: dim, aokblast
Signed-off-by: Faraz Vahedi <kfv at kfv.io>
Reviewed by: aokblast, fuz
MFC after: 1 week
Fixes: 867b51452ea78ece0b312a387e63fdbc2a11056a
Pull Request: https://github.com/freebsd/freebsd-src/pull/2265
libc: Suppress <stdalign.h> content for C23 and later
C23 deprecates <stdalign.h> and specifies that the header shall
provide no content (§7.15.1).
Signed-off-by: Faraz Vahedi <kfv at kfv.io>
Pull Request: https://github.com/freebsd/freebsd-src/pull/2223
MFC after: 1 month
Reviewed by: imp, fuz
MFV: openssl 3.5.7
This change is a security release which resolves several issues with OpenSSL 3.5,
the highest severity issue being ranked "High". Users are strongly encouraged to
update to this release.
More information about the release (from a high level) can be found in
the release notes [1].
1. https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md
All conflicts were resolved with `--theirs`, taking the release diff
over the local diff; the conflicts occurred due to preemptive security
fixes applied by so@ in e508c343.
MFC after: 3 days (the important security issues have been
preemptively addressed)
Merge commit '3a71a35ad9dad0e5d2cad8efecc8ba9d57c42d43'
[6 lines not shown]
powerpc/booke: Add watchdog driver
The Book-E watchdog is effectively a state machine based around an AND
mask of the timebase register. A single bit (0-63) is watched in the
timebase register, and when it transitions (by counting *or* by
programmatically setting) an exception is triggered. The first
exception triggers a core interrupt. The second is programmable.
In our case, we panic on the first and reset on second.
watchdog: Fix a couple type issues
* Force the type of the literal `1` passed to nstosbt() to ensure it's a
64-bit type (or larger). Otherwise it gets inconveniently typed to
int, resulting in truncation.
* Use `flsll()` when converting sbt to power-of-2-nanoseconds to fix
32-bit compatibility.
PR: 292616
Obtained from: Hewlett Packard Enterprise
Fixes: 26d6617f3 ("watchdog: Convert to using sbintime_t format")
MFC after: 3 days
ppp: Permit CHAP challenges up to 255 bytes
RFC 1994 does not place any limit on the length of the value field in
challenge messages except that the length is a single octet which
bounds the maximum length to 255.
NB: I'm not sure why the local[] and peer[] arrays contain room for an
authentication name (AUTHLEN) in addition to a challenge value/response,
but I've just left that in place.
PR: 271955
Reported by: Robert Morris <rtm at lcs.mit.edu>
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D57138
ppp: Don't fetch a non-existent variadic argument
Only fetch the optional mode argument to ID0open to pass to open(2) if
O_CREAT is present in the flags argument. It is UB to fetch an
argument that doesn't exist. On CHERI this UB results in a fault.
Reviewed by: brooks
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D57137
mii: Fix SMSC name
The LAN8700 / LAN8710 PHYs were Standard Microsystems Corporation (SMSC)
parts. I presume SMC was chosen as an abbreviation, but the company
always used SMSC as its short name.
SMSC was acquired by Microchip in 2012. I kept the pre-acquisition
name, as NetBSD (from where we obtained miidevs) uses SMSC.
Reviewed by: adrian
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56819
(cherry picked from commit 89c883c09ab5e0fdca7ac5dfe74fcc46b7669eb5)
linuxkpi: Make pm_qos.h self-contained
Include <linux/types.h> for `false`. This is needed by amdgpu somewhere
between Linux 6.12 and 6.15.
Reviewed by: Minsoo Choo <minsoo at minsoo.io>, bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57415
(cherry picked from commit 67df313015906d84d90df8e37795885e81cf8da5)
hcreate(3): fix incorrect claim that hdestroy frees keys
The man page incorrectly stated that hdestroy() calls free(3) for
each comparison key. The implementation (hdestroy_r.c) only frees
the internal table structure, not the user-provided keys or data.
This matches POSIX, which says hdestroy "shall dispose of the
search table" without mentioning key deallocation.
Update the description to clarify that the caller is responsible
for freeing any memory associated with table entries.
PR: 291240
Signed-off-by: Kit Dallege <xaum.io at gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2095
etherswitchcfg(8): document atu commands
Add documentation for the ATU (Address Translation Unit) commands
that were implemented but not documented in the man page:
- atu dump: display the MAC address table
- atu flush all: clear all dynamic ATU entries
- atu flush port <n>: clear ATU entries for a specific port
Also add atu to the SYNOPSIS section.
PR: 275413
Signed-off-by: Kit Dallege <xaum.io at gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2096