BSD Commit Log Search

evdev: create sysctl entries before cdev to close userspace race

evdev_register_common() was creating the character device before
registering the kern.evdev.input.N.* sysctl entries. The moment
the cdev appears, devd fires a CREATE event for /dev/input/eventN,
and userspace libraries (e.g. libudev-devd) immediately call
sysctlbyname("kern.evdev.input.N.name") to enumerate device
capabilities. With the old ordering, that call could arrive before
the sysctl tree was populated, causing it to fail. The result was
that the device was not recognised by the input stack, leaving
keyboards and other HID devices non-functional after plug-in or
resume from suspend.

Fix the race by calling evdev_sysctl_create() before
evdev_cdev_create(). On cdev failure, free the already-registered
sysctl context with sysctl_ctx_free() to avoid leaking it.

Enable usbhid driver for improved support of modern HID devices

Enable usbhid driver for improved support of modern HID devices

Enable usbhid driver for improved support of modern HID devices

bump version to 26.2-R15.1a4

Enable usbhid driver for improved support of modern HID devices

Merge remote-tracking branch 'freebsd/releng/15.1' into releng/15.1

Cloud releases: More firstboot_pkg_upgrade

Update a couple more cloudware images which I forgot about earlier.

Approved by:    re (cperciva)
Reviewed by:    ziaee
Fixes: 464a351267dc ("Cloud releases: Switch to firstboot_pkg_upgrade")
Differential Revision:  https://reviews.freebsd.org/D57006

(cherry picked from commit 4080419d9a2d88d44d20baaf3ea01934561819c1)
(cherry picked from commit 1ae97c95d025277fb542936b0a2686180dd4a7b7)

Cloud releases: Switch to firstboot_pkg_upgrade

Cloud images are deployed with base system packages. Introduce a
firstboot package auto updater to patch the base system on first boot.

Approved by:    re (cperciva)
MFC after:              1 hour
MFC to:                 stable/15
Reviewed by:            cperciva
Sponsored by:           Google Cloud
Differential Revision:  https://reviews.freebsd.org/D56890

(cherry picked from commit 464a351267dc0d1843b919dd72ad1c70c24815ce)
(cherry picked from commit 0bb2b2a45f3c0c147d7c55e010be45e55af8df87)

15.1: Update to BETA3

Approved by:    re (implicit)
Sponsored by:   OpenSats Initiative

freebsd-base.7: Document adding a local repo

Approved by:    re (cperciva)
MFC after:              1 day
Discussed with:         bcr, ivy, kevans, ngie
Differential Revision:  https://reviews.freebsd.org/D56608

(cherry picked from commit c4af3f13a4e9932968d92872aaf22312a6e79e4e)
(cherry picked from commit 635743c6ec35f11434339f79222fb0a259ed8bfb)

zfs: merge openzfs/zfs at 6330a45b0 (zfs-2.4-release) into stable/15

OpenZFS 2.4.2

Notable upstream pull request merges:
 #18208 6f14581e1 Cleanup allocation class selection
 #18235 7590972f7 Prevent range tree corruption race by updating
                  dnode_sync()
 #18255 b06caaeec range_tree: use zfs_panic_recover() for partial-overlap
                  remove
 #18258 33961142a Fix deadlock on dmu_tx_assign() from vdev_rebuild()
 #18262 02ed09106 Fix check for .cfi_negate_ra_state on aarch64
 #18263 9f92266b7 Fix redundant declaration of dsl_pool_t
 #18276 3862aadf7 Fix vdev_rebuild_range() tx commit
 #18290 a94b137aa FreeBSD: Improve dmesg kernel message prefix
 #18294 938c8c98b draid: fix data corruption after disk clear
 #18310 b40cd9191 Fix s_active leak in zfsvfs_hold() when z_unmounted is
                  true
 #18380 9b8ccbd2c draid: fix import failure after disks replacements

    [16 lines not shown]

nuageinit: fix command injection and related issues

- Add shell_escape() helper to safely escape shell arguments
- Apply shell_escape to all user-controlled values in shell commands:
  adduser (usershow, useradd, lock, primary_group, groups)
  addgroup (groupshow, groupadd, members)
  exec_change_password (usermod)
  settimezone (tzsetup root and timezone)
  install_package (pkg package names)
- Escape double quotes in hostname when writing rc.conf.d/hostname
- Add missing 'local' declaration for resolvconf_command in nameservers()
- Escape interface name in resolvconf -a command
- Change open_resolvconf_conf() from 'w' to 'a' mode to prevent
  data loss when nameservers() is called multiple times
- Clean up stale resolvconf.conf at the start of each boot
  (skip on postnet to preserve config written by first call)

Approved by:    re (cperciva)
MFC After: 1 day

    [3 lines not shown]

Make "make update-packages" idempotent

If the user runs "make update-packages" without bumping BRANCH, then it
isn't possible to copy packages from the old location to the new one
(because the two locations are the same).  So just skip that step.

Approved by:    re (cperciva)
Sponsored by:           ConnectWise
PR:                     295085
Reviewed by:            ivy, emaste
Differential Revision:  https://reviews.freebsd.org/D56872

(cherry picked from commit bd1e789b8452a8c2f166a3b4defb95330c71dadd)
(cherry picked from commit 89a0148521aefe0a190d4b62749186c705962d32)

Fix LOCAL_PEERCRED in 32-bit compat mode

Previously the cr_pid field would be incorrectly copied to userland, due
to a size mismatch between the structure as defined in 32-bit vs 64-bit
builds.  Fix it by converting the structure before copying it to
userland.

Approved by:    re (cperciva)
PR:             294833
Sponsored by:   ConnectWise
Reviewed by:    emaste
Differential Revision: https://reviews.freebsd.org/D56675

(cherry picked from commit 1d24638d3e8875e4b99a4b5e39f4241e37221b3d)
(cherry picked from commit 3298d82ea34059354dc1ff1a60d8b7d3e495c2cd)

pkg-stage.sh: Add ext2 and ntfs

Having these packages available on release media may help users who
need to sneakernet other packages (e.g. firmware) from systems running
Linux or Windows.

Approved by:    re (cperciva)
Suggested by:   vladlen, ziaee
MFC after:      3 days

(cherry picked from commit 6881fd278d80ac63b4d511fc130a79ff16d1bb48)
(cherry picked from commit 01d5910b8766671afdbd9e274fd62b397aca9e1a)

release/tools: use same pkg settings in containers as in /etc/pkg/FreeBSD.conf

Instructions in /etc/pkg/FreeBSD.conf and elsewhere recommend putting
changes in /usr/local/etc/pkg/repos/FreeBSD.conf so bring OCI containers
into line as well.

Reviewed by:    dfr, ivy
Differential Revision:  https://reviews.freebsd.org/D54090

Approved by:    re (cperciva)
MFC after:      5 days
Sponsored by:   SkunkWerks, GmbH

(cherry picked from commit c73ae67348998a0056145e88debbea9ff6860c4f)
(cherry picked from commit d889f6c466d4cec73c34bc71093d08b25e321071)

fdescfs: do not change vnode type on VOP_GETATTR()

Approved by:    re (cperciva)
PR:     294768

(cherry picked from commit fbecfc4aa028964f972a0457809aa041d415f61b)
(cherry picked from commit 5af938fb03d004ef97621f4c9319446f2fb8f77c)

bsdinstall: do pkgbase installations with the "script" command

"bsdinstall script" will now do a pkgbase installation by default.  The
system components to install can be specified in the COMPONENTS
variable, and have the same names as those used in the interactive
installer.  bsdinstall will still do a legacy distset installation if
DISTRIBUTIONS is defined in the installerconfig file.

Approved by:    re (cperciva)
PR:             290375
Sponsored by:   ConnectWise
Reviewed by:    ziaee, ivy, jduran
Differential Revision: https://reviews.freebsd.org/D56717

(cherry picked from commit dc14ae4217a0babb1240f813b642edc2d7b955a6)
(cherry picked from commit 1f5869130f6ebd299e65a627eff23a8c3d360afb)

bsdinstall.8: Document DISTRIBUTIONS defaults correctly

Some targets override the default value of DISTRIBUTIONS.
Document that in the manual page.

Approved by:    re (cperciva)
Reported by:    Nia Alarie <nia at NetBSD.org>
Reviewed by:    jlduran
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56528

(cherry picked from commit 4029e765436ff1633139c1afe1bc25185a0f4ef1)
(cherry picked from commit f4678f7613538c63567e2e44cd5aceaee4b4a383)

krb5: Adjust additional version strings

Approved by:    re (cperciva)
Fixes:          736e411a737b

(cherry picked from commit c64ee36e5d09ecee4ce4951047014c8461734fb5)
(cherry picked from commit e3fc367366319466dd91fe0217a06c0655e35a8a)

krb5: Adjust version to 1.22.2

Approved by:    re (cperciva)
Fixes:          736e411a737b
(cherry picked from commit 8f46ba065143d9d89968a20b23844287d54c04a2)
(cherry picked from commit ea93554de436e84d27200d12f3a3b6dc1670fac9)

krb5: Fix two NegoEx parsing vulnerabilities

Bring in upstream commit 2e75f0d93 fixing two CVEs. Upstream commit
log is:

 In parse_nego_message(), check the result of the second call to
 vector_base() before dereferencing it.  In parse_message(), check for
 a short header_len to prevent an integer underflow when calculating
 the remaining message length.

 Reported by Cem Onat Karagun.

 CVE-2026-40355:

 In MIT krb5 release 1.18 and later, if an application calls
 gss_accept_sec_context() on a system with a NegoEx mechanism
 registered in /etc/gss/mech, an unauthenticated remote attacker can
 trigger a null pointer dereference, causing the process to terminate.


    [13 lines not shown]

krb5: import MIT 1.22.2

Merge commit '90c687295e2d62f9411fc5b571f5af4e8ee187a7'

Approved by:    re (cperciva)

(cherry picked from commit 736e411a737b9f57c1303e6d15c5afd4f63af0d3)
(cherry picked from commit 919b10729753336ef16338295c61ebd085348fb9)

BSD.root.dist: Correct tag for /etc/sysctl.kld.d

This is only used by rc.subr and belongs in rc, not runtime.

Approved by:    re (cperciva)
Fixes:          fa6d67cd16b5 ("BSD.root.dist: Add package tag for all directories")
MFC after:      3 days
Reviewed by:    ivy
Differential Revision:  https://reviews.freebsd.org/D56900

(cherry picked from commit 44338ccd12685621c4b1c57e692a4f27f5a655d3)
(cherry picked from commit 714f6ac0003482d3270a9d0026e59909cff73c3f)

ctld: normalize iSCSI TargetName on login

Case-insensitive TargetName matching on logins was accidentally removed,
let's fix that by normalizing TargetName again according to RFC 3722.

Approved by:    re (cperciva)
PR:                     294522
Fixes:                  4b1aac931465f39c5c26bfa1d5539a428d340f20
Sponsored by:           ConnectWise
Reviewed by:            asomers, jhb
Approved by:            asomers (mentor)
Differential Revision:  https://reviews.freebsd.org/D56469

(cherry picked from commit eb837cb8b2073c09bafaf3318f5bb103827b2bca)
(cherry picked from commit 0baae6223a6350215d7b11264e59408362b15a19)

fsck_msdosfs: fix FAT header correction not persisting in cache mode

When fsck_msdosfs runs with FAT32 cache mode (used for large
filesystems that cannot be mmap'd), a detected FAT header correction
was written into the in-memory buffer but the corresponding cache
entry (fat32_cache_allentries[0]) was never marked dirty.  As a
result, fat_flush_fat32_cache_entry() skipped it, the corrected
bytes were never written to disk, and copyfat() propagated the
uncorrected on-disk data to all backup FAT copies.  Every subsequent
fsck run would repeat the same "FAT starts with odd byte sequence /
FIXED" cycle indefinitely.

Fix by marking fat32_cache_allentries[0].dirty = true after applying
the in-memory correction, ensuring the chunk is flushed before
copyfat() runs.

Approved by:    re (cperciva)
Obtained from:  https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/4047981


    [2 lines not shown]

bump version to 26.2-R15.1a3

uipc_shm.c: make large page allocation interruptible

Approved by:    re (cperciva)

(cherry picked from commit 839d3266d8c6f6471cb92a3c0ae32eb16d117427)
(cherry picked from commit c335dafd77363b67493d37ab260bc82e70c8cfa7)

unix: Make sure we signal EOF on the write side when disconnecting

Add a regression test.

Approved by:    re (cperciva)
PR:             294014
Reported by:    diizzy
Reviewed by:    glebius
MFC after:      1 week
Fixes:          d15792780760 ("unix: new implementation of unix/stream & unix/seqpacket")
Differential Revision:  https://reviews.freebsd.org/D56764

(cherry picked from commit 476805133f5736c2c8638e41d2b5d8dd2c597f3a)
(cherry picked from commit f06697907f360b02682594c6179a7361644d3c87)