Revert "build: provide a FORTIFY_SOURCE.<src file> override"
This reverts commit c46a0b590716144d772eeba83ca88d96ee12c2f1. It broke
the build and I'm not awake yet.
linux: Implement setfsuid(2) and setfsgid(2) as no-ops
These system calls exist to decouple the Linux filesystem credentials
from the effective credentials, avoiding signal exposure during
privilege transitions.
The signal permission model that motivated this was revised
in Linux 2.0, making these syscalls obsolete for new applications.
Implement both syscalls as no-ops that return the current effective
UID/GID as the previous filesystem UID/GID.
Linux returns the previous filesystem UID/GID for these syscalls
with no error indication.
Same for the equivalent setfsuid16() & setfsgid16() system calls.
Signed-off-by: Ricardo Branco <rbranco at suse.de>
PR: 294879
Reviewed by: kib, pouria
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2175
amdsmu: Add Krackan Point support
Reviewed by: obiwac, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56619
Revert "release: Ship firmware from kmods repo on DVD"
As we did in 14.4, this needs to be backed out of 15.1 to fix the
build. We're going to ship kmods built on 15.0 instead of 15.1 on
the DVD but hopefully those will work.
This reverts commit b0fbed20ceb9b899e7e20bf785e9d303608bc7a0.
Approved by: re (cperciva)
fexecve(2): call out a scenario where you want !O_EXEC
We note a reason why you might need it, but there's an equally important
reason you may need to omit it: interpreted programs. Add a note
accordingly, along with the workaround configuration if there's reason
you can't help it.
PR: 294780
Reviewed by: Jan Bramkamp <crest_freebsd_rlwinm.de>, kib
Differential Revision: https://reviews.freebsd.org/D56704
stat: fix use of devname(3)
Besides being a little hard to parse through visually, this had its own
bug of inspecting st->st_mode to determine what to pass to devname(3),
which is only correct for st_rdev.
For st_dev, you're likely to be looking at files or directories and
attempting to assess what device they're located on, so the mode is
meaningless- we just have to assume that our filesystems are on
character devices and attempt to resolve st_dev as such.
Reviewed by: des, kib (previous version)
Differential Revision: https://reviews.freebsd.org/D56565
build: provide a FORTIFY_SOURCE.<src file> override
For native files we can do more minimal fixes to avoid this large of a
hammer, but for third party files it may not be worth the effort to try
and patch them. NetBSD has the original _FORTIFY_SOURCE implementation
that ours is based on, for instance, but tests sourced from there can't
do an __ssp_real(foo) without being certain that `foo` actually has a
fortified definition.
This change does always define _FORTIFY_SOURCE as a result, so gate it
on CFLAGS not already containing _FORTIFY_SOURCE definitions.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56733
tests: fix remaining test failures under _FORTIFY_SOURCE
The getgroups test is a NetBSD tests, so just apply our larger hammer
and disable the feature entirely. The audit test can take a more
surgical approach and use __ssp_real() appropriately, since it's a local
one.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56735
ssp: fix our gets_s implementation under _FORTIFY_SOURCE
Annex K specifies an interface for handling constraint violations from
gets_s, but we previously broke this for some classes of get_s misuse.
Provide a more nuanced version that tries to dodge errors that would
trigger a constraint handler while still providing value. Notably, we
don't want to trigger a failure unless the passed-in length reasonably
fits within an RSIZE_MAX, because gets_s will immediately call larger
lengths bogus and fail.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56734
uipc_shm.c: make large page allocation interruptible
in cases there is no page pressure or when the user lost patience
waiting for very large allocation. Other case is already handled by
vm_wait_intr().
Reported by: "Lizzie from Eden Emulator project"
Reviewed by: adrian, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56725
krb5: Fix two NegoEx parsing vulnerabilities
Bring in upstream commit 2e75f0d93 fixing two CVEs. Upstream commit
log is:
In parse_nego_message(), check the result of the second call to
vector_base() before dereferencing it. In parse_message(), check for
a short header_len to prevent an integer underflow when calculating
the remaining message length.
Reported by Cem Onat Karagun.
CVE-2026-40355:
In MIT krb5 release 1.18 and later, if an application calls
gss_accept_sec_context() on a system with a NegoEx mechanism
registered in /etc/gss/mech, an unauthenticated remote attacker can
trigger a null pointer dereference, causing the process to terminate.
[8 lines not shown]
powerpc/pic: fix the openpic CPU logic to work on powermac
Earlier work (40bcad56f - powerpc/pic: Add a PIC_AP_INIT() to
set up AP PIC info) broke booting my dual G5 powermac.
After much digging, jhibbits@ and I discovered that the openpic
implementation for the memory/bus controller used in the G5 CPUs
doesn't implement /all/ of the openpic specification.
Notably it sticks the WHOAMI register in a different location.
This is reading 0x0 back for all the PICs which is .. very not great.
So to restore the previous behaviour, use a quick for now that jhibbits@
can set appropriately to trust WHOAMI.
I've tested this on my dual G5 PPC and it boots/runs fine.
Fixes: 40bcad56f
Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D56751
15.1: create releng/15.1 branch
Update from PRERELEASE to BETA1
Switch pkg(8) configuration to use the quarterly repositories
Bump __FreeBSD_version
Approved by: re (implicit)
Sponsored by: OpenSats Initiative
route(8): Add route get for multipath routes with -o flag
Get the next hops of the specified route.
route.8 manual will be updated when other actions for
this option are implemented.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56191
tests/netlink: Add nexthop group tests for multipath
Added tests:
* Test for creating multiple routes.
* Test for merge multiple nexthops into a single nexthop group.
* Test for nexthop expirations from a nexthop group.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56190
routing: Expire nhops inside the nhgrp
Fix route expiration of nhops that exists inside a nhgrp.
Differential Revision: https://reviews.freebsd.org/D56189
netlink: Fix RTA_MULTIPATH on RTM_GETROUTE
Before this patch, netlink never returned RTA_MULTIPATH.
Also, add RTA_MULTIPATH attribute in way that don't confuse
non-mpath support consumers.
Differential Revision: https://reviews.freebsd.org/D56188
routing: Implement merge of nhgrp in new multipath route
Routing subsystem allows creating new multipath routes by
nexthop groups (e.g RTA_MULTIPATH in netlink), in case of
a second nexthop group on the same route, don't panic and
merge the existing nhgrp with new one.
Reviewed by: melifaro (except one comment)
Differential Revision: https://reviews.freebsd.org/D56187
nfscl: Disable use of callbacks for NFSv4.0
The only use for callbacks for NFSv4.0 is delegations
and delegations rarely work well for NFSv4.0 anyhow.
Therefore, this patch disables callbacks for the
NFSv4.0 client. This is the same behavior as
occurred when the nfscbd(8) daemon was not running.
This change allowed a function called nfscl_getmyip()
to be removed from the kernel, which is nice since
maintaining this function was bothersome, due to its
use of routing, etc.
MFC after: 2 weeks
dhclient: Improve server and filename validation
* Don't iterate over each string three times; once is enough.
* Reject control characters (anything below space) in addition to the
double quote and backslash.
* If an unsafe character is encountered, discard the string instead of
rejecting the entire lease.
* If backslashes are encountered in the file name option, convert them
to forward slashes instead of rejecting the option.
* Tweak the warning messages a bit. Looking through the rest of the
code, it seems to me that notes generally end with a period while
warnings generally don't.
Fixes: 8008e4b88daf ("dhclient: Check for unexpected characters in some DHCP server options")
PR: 294886
[5 lines not shown]
md5: Encode non-printable filenames
Encode filenames in the VIS_CSTYLE | VIS_OCTAL style regardless of
output mode. When reading filenames from a checksum file, attempt to
decode them, and use the decoded name unless the decoded name does not
exist but the undecoded one does.
This breaks compatibility with GNU coreutils, which unfortunately uses
a non-reversible encoding when outputting filenames containing
non-printable characters.
While here, drop a sentence about preimage attacks against MD5 and SHA1
from the manual page, as I no longer trust it to be true.
MFC after: 1 week
Reviewed by: bcr, markj
Differential Revision: https://reviews.freebsd.org/D56615
(cherry picked from commit 70fde0ed6bbbb1f84c440190ba1e5435f8c90e13)
dhclient: Improve server and filename validation
* Don't iterate over each string three times; once is enough.
* Reject control characters (anything below space) in addition to the
double quote and backslash.
* If an unsafe character is encountered, discard the string instead of
rejecting the entire lease.
* If backslashes are encountered in the file name option, convert them
to forward slashes instead of rejecting the option.
* Tweak the warning messages a bit. Looking through the rest of the
code, it seems to me that notes generally end with a period while
warnings generally don't.
Fixes: 8008e4b88daf ("dhclient: Check for unexpected characters in some DHCP server options")
PR: 294886
[5 lines not shown]
dhclient: Improve server and filename validation
* Don't iterate over each string three times; once is enough.
* Reject control characters (anything below space) in addition to the
double quote and backslash.
* If an unsafe character is encountered, discard the string instead of
rejecting the entire lease.
* If backslashes are encountered in the file name option, convert them
to forward slashes instead of rejecting the option.
* Tweak the warning messages a bit. Looking through the rest of the
code, it seems to me that notes generally end with a period while
warnings generally don't.
Fixes: 8008e4b88daf ("dhclient: Check for unexpected characters in some DHCP server options")
PR: 294886
[5 lines not shown]
md5: Encode non-printable filenames
Encode filenames in the VIS_CSTYLE | VIS_OCTAL style regardless of
output mode. When reading filenames from a checksum file, attempt to
decode them, and use the decoded name unless the decoded name does not
exist but the undecoded one does.
This breaks compatibility with GNU coreutils, which unfortunately uses
a non-reversible encoding when outputting filenames containing
non-printable characters.
While here, drop a sentence about preimage attacks against MD5 and SHA1
from the manual page, as I no longer trust it to be true.
MFC after: 1 week
Reviewed by: bcr, markj
Differential Revision: https://reviews.freebsd.org/D56615
(cherry picked from commit 70fde0ed6bbbb1f84c440190ba1e5435f8c90e13)
devfs: add bpf example
Add an example for allowing members of the network group to read from
bpf devices. In particular, this allows members of the network group
to monitor traffic without running with root privileges.
Reviewed by: markj, glebius
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D56742
