unbound: Update to 1.24.2
Merge commit 'ec5b94f552d7cb2a9d456c67e9941bcf5e3698bf'
This is purely cosmetic as we already had the functional changes.
MFC after: 1 week
unbound: Tweak freebsd-configure script
Regenerating the configure script is optional and can introduce noise
if the installed versions of autoconf, automake, and libtool do not
match those used upstream. Tweak our script slightly so it will skip
this step if libtoolize is not found.
sendfile: Fix bug when using headers with SW KTLS offload
When using SW KTLS, we must account for the headers in sf_iodone()
in terms of either freeing or enqueuing them for TLS work.
Not doing so can lead to a situation where we enqueue only
the payload, and not the header, for encryption. Rather than
leaking the header, the socket is left "hung" with the header marked
M_NOTREADY.
Sponsored by: Netflix
Reviewed by: glebius, kib
Differential Revision: https://reviews.freebsd.org/D57134
MFC After: 14 days
mdoc.7: Revert upstream changes to Lb/LIBRARY
Since this manual describes the mdoc syntax throughout the ecosystem,
I had to blend what we had before with what upstream is doing now.
Thanks: adrian
MFC after: 3 days (we shipped this doc in 15.0/14.4)
Reviewed by: ivy, mhorne, des, adrian
Discussed with: arch@
Differential Revision: https://reviews.freebsd.org/D56153
tftpd: Simplify packet drop macro
The first argument is always the function name, for which we can simply
use __func__. This leaves only the optional return value, so we can use
a single variadic macro instead of two nearly-identical copies.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57076
tftpd: Add missing bounds checks
In send_[rw]rq(), we were using strlcpy() to avoid overflowing our
packet buffer, then failing to check the result and blithely advancing
our pointer by the full length.
Luckily, this code is only ever used by tftp(1), not tftpd(8).
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57075
tftp: Add test case with over-long URL
This adds a test case that passes a very long URL on the command line,
which would previously have resulted in a benign buffer overflow in
urihandling(), detectable only by compiling tftp with ASAN enabled.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57074
tftp: Close files when we're done with them
Also, delete the file we created if receiving it failed.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57071
tftp: Simplify URI handling
* No need to copy our argument into a new buffer; it is writeable and
will not be reused after we return.
* Instead of constructing the string "get path" and then splitting it
into an argument vector, just construct the vector directly. This
avoid potentially overrunning the buffer.
* Call settftpmode() just once, with either the default mode or the
user-provided value we already validated.
* Use errx() instead of fprintf(stderr) + exit().
Reported by: Moyao, Minghao Fu
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57070
lib/libc/gen/fts.3: use 'options' consistently in fts_set() description
The RETURN VALUES section used "instr" to describe the fts_set()
argument, while the SYNOPSIS and all other references use "options".
Fix the inconsistency.
MFC after: 1 week
Sponsored by: Google LLC (GSoC 2026)
Reviewed by: asomers
Pull Request: https://github.com/freebsd/freebsd-src/pull/2213
vmm/arm64: Compile vmm_nvhe.c without SSP
This file implements a set of EL2 hypercall handlers and is used to
switch between guests and the host kernel when VHE is not in use. There
is no SSP runtime available there.
Reported by: Jenkins
Fixes: 8deebce931fa ("kernel: Enable -fstack-protector-strong by default")
