HardenedBSD/src 8ec609ecrypto/krb5/src/util/et compile_et.sh, lib/libutil trimdomain.3

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+5-7lib/libutil/trimdomain.3
+4-4usr.bin/m4/eval.c
+3-0sbin/recoverdisk/recoverdisk.c
+2-0usr.bin/m4/tests/regress.eval.out
+2-0usr.sbin/bhyveload/bhyveload.c
+1-1crypto/krb5/src/util/et/compile_et.sh
+17-124 files not shown
+19-1610 files

HardenedBSD/src 0f2b718usr.sbin/bhyveload bhyveload.c

bhyveload: If disk cannot be opened RW try RO. (=same as bhyve)

Not expecting it to turn into yak-shaving: kevans
DeltaFile
+2-0usr.sbin/bhyveload/bhyveload.c
+2-01 files

HardenedBSD/src d7d0369sbin/recoverdisk recoverdisk.c

recoverdisk: Ensure medium_read is multiple of small_read.
DeltaFile
+3-0sbin/recoverdisk/recoverdisk.c
+3-01 files

HardenedBSD/src c4130a8secure/lib/libcrypto/man/man3 Makefile

OpenSSL: install EVP_CIPHER_CTX_get_app_data.3 once

A separate EVP_CIPHER_CTX_get_app_data.3 was added in the OpenSSL 3.5.5
import, but the link to EVP_EncryptInit.3 was still being installed
which stomped on the file and created inconsistent entries in the METALOG.

Reviewed by:    emaste
Found by:       package_check script in Cirrus-CI
Fixes:          1731fc70f734 ("OpenSSL: update vendor sources to match 3.5.5 content")
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D55332
DeltaFile
+0-1secure/lib/libcrypto/man/man3/Makefile
+0-11 files

HardenedBSD/src 9607197lib/libutil trimdomain.3

trimdomain.3: Explain DISPLAY a bit more

MFC after:              3 days
Reported by:            jrtc27
Reviewed by:            des
Differential Revision:  https://reviews.freebsd.org/D54629
DeltaFile
+5-7lib/libutil/trimdomain.3
+5-71 files

HardenedBSD/src 4c247f1crypto/krb5/src/util/et compile_et.sh, krb5/lib/gssapi/generic Makefile.inc

krb5: Make the build a bit quieter

compile_et.sh is run during buildworld and prints a bunch of debug
output.  It's intrusive and probably not needed, at least by default, so
let's make the build output a bit cleaner.  This is an upstream script,
but it hasn't been modified in 15 years so the local modification is
unlikely to cause any pain.

Also remove a print that shows up in buildworld -s output.

Reviewed by:    cy
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D55317
DeltaFile
+1-1crypto/krb5/src/util/et/compile_et.sh
+0-1krb5/lib/gssapi/generic/Makefile.inc
+1-22 files

HardenedBSD/src f3a0e54sys/net pfvar.h, sys/netpfil/pf pf.c

pf: fix use of uninitialised variable

In pf_match_rule() we attempt to append matching rules to the end of
'match_rules'. We want to preserve the order to make the multiple
pflog entries easier to understand. So we keep track of the last added
rule item in 'rt'. However, that assumed that 'match_rules' was only
ever added to in that one call to pf_match_rules(). This isn't always
the case, for example if we have match rules in different anchors.
In that case we'd end up using the uninitialised 'rt' variable in the
SLIST_INSERT_AFTER call.

Instead track the match rules and the last matching rule (to enable
easy appending) in the struct pf_test_ctx.
This also allows us to reduce the number of arguments for some
functions, because we passed a ctx to most functions that needed
'match_rules'.

While here also make pf_match_rules() static, because it's only ever
used in pf.c

    [7 lines not shown]
DeltaFile
+58-0tests/sys/netpfil/pf/match.sh
+19-22sys/netpfil/pf/pf.c
+3-4sys/net/pfvar.h
+80-263 files

HardenedBSD/src 507c611usr.bin/m4 eval.c misc.c, usr.bin/m4/tests eval.m4 regress.eval.out

m4: Fix eval output width

According to POSIX, the optional third argument is the minimum number
of digits to print regardless of sign.  We interpreted it as the minimum
width of the output including the sign.  Additionally, the variable used
to hold this value was confusingly named “maxdigits”.

PR:             293214
MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D55311
DeltaFile
+4-4usr.bin/m4/eval.c
+2-0usr.bin/m4/tests/eval.m4
+2-0usr.bin/m4/tests/regress.eval.out
+0-2usr.bin/m4/misc.c
+8-64 files

HardenedBSD/src b6279belib/libc/stdlib ldiv.3 div.3

libc: Improve {,l,ll,imax}div(3) manpages

Mainly rename numerator parameter of div(3) and ldiv(3) from num to
numer, and explicitly specify what "numer", "denom", and "rem" mean in
the manpages.

MFC after:      3 days
Obtained from:  https://github.com/apple-oss-distributions/libc (partially)
Sponsored by:   Klara, Inc.

(cherry picked from commit 0bba277f2223a31e4453ade39be110b1b3aeb1dd)
DeltaFile
+8-6lib/libc/stdlib/ldiv.3
+8-6lib/libc/stdlib/div.3
+3-5lib/libc/stdlib/ldiv.c
+3-3lib/libc/stdlib/div.c
+3-3lib/libc/stdlib/imaxdiv.3
+3-3lib/libc/stdlib/lldiv.3
+28-266 files

HardenedBSD/src 69a3d9ausr.bin/touch touch.c

touch: Fix setting time of created file if fstat() fails

Previously, if creating the file and fstat() fails, we would've ended up
calling utimensat() on that file anyways with whatever was in sb.  Not
that this is an error likely to happen...

We don't check for the return value of close() as we aren't writing
anything to the file and the file is always created on success of
open().

Reviewed by:    kevans
Approved by:    kevans
Fixes:  cb54c500d0e1 ("touch: don't leak descriptor if fstat(2) fails")
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D55117
MFC after: 1 week

(cherry picked from commit b8d55a86995b5a8db5d1651c8dc9fc5093b67d2c)
DeltaFile
+4-9usr.bin/touch/touch.c
+4-91 files

HardenedBSD/src d93f337share/man/man9 EVENTHANDLER.9

EVENTHANDLER.9: EVENTHANDLER_REGISTER never fails

Since ecdf4409f910 ("Rework the eventhandler locking [...]"),
EVENTHANDLER_REGISTER() can never return NULL.

Suggested by:   olce
Reviewed by:    olce, ziaee, zlei
Approved by:    olce, zlei
Fixes:  ecdf4409f910 ("Rework the eventhandler locking [...]")
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D55014

(cherry picked from commit 9d4bad45e233ca7d93666ff1feff6282a88f8a9d)
DeltaFile
+1-2share/man/man9/EVENTHANDLER.9
+1-21 files

HardenedBSD/src 44b2f2fcontrib/ee ee.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+409-232contrib/ee/ee.c
+409-2321 files

HardenedBSD/src 3bd7defusr.sbin/mixer/tests mixer_test.sh Makefile

mixer/tests: use require.kmods property instead of ad-hoc checks

Reviewed by:    christos
Approved by:    lwhsu (mentor)
Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D55221

(cherry picked from commit 5fa297f4bcd277dca7eef03e68363fb1e721799e)
DeltaFile
+0-12usr.sbin/mixer/tests/mixer_test.sh
+2-1usr.sbin/mixer/tests/Makefile
+2-132 files

HardenedBSD/src 62fba00contrib/ee ee.c

ee: add unicode support

- Add native support for unicode everywhere.
- Remove Big5 specific code (and the menu entry)

PR:             291279
MFC After:      1 month
Tested by:       Marek Zarychta
Differential Revision:  https://reviews.freebsd.org/D55303
DeltaFile
+409-232contrib/ee/ee.c
+409-2321 files

HardenedBSD/src ff2744asys/netpfil/ipfilter/netinet fil.c ip_fil.h

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+2-2sys/netpfil/ipfilter/netinet/fil.c
+1-1sys/netpfil/ipfilter/netinet/ip_fil.h
+1-1sys/netpfil/ipfilter/netinet/ip_state.c
+4-43 files

HardenedBSD/src 3fdbd8asys/netpfil/ipfilter/netinet fil.c ip_fil.h

ipfilter: Avoid negative array indicies

Array indices must always be posive. We avoid this by making each index
unsigned. This mitigates out-of-bounds reads and writes.

Reported by:            Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by:            glebius
MFC after:              3 days
Differential revision:  https://reviews.freebsd.org/D55260
DeltaFile
+2-2sys/netpfil/ipfilter/netinet/fil.c
+1-1sys/netpfil/ipfilter/netinet/ip_fil.h
+1-1sys/netpfil/ipfilter/netinet/ip_state.c
+4-43 files

HardenedBSD/src eb1c78esys/sys priv.h

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+2-7sys/sys/priv.h
+2-71 files

HardenedBSD/src fdac606tests/sys/capsicum capsicum.h syscalls.h, tests/sys/kern pdrfork.c

Merge remote-tracking branch 'origin/freebsd/current/main' into hardened/current/master

Conflicts:
        sys/sys/priv.h (unresolved)
DeltaFile
+4-144tests/sys/capsicum/capsicum.h
+0-144tests/sys/capsicum/syscalls.h
+0-140tests/sys/capsicum/capability-fd-pair.cc
+62-66tests/sys/kern/pdrfork.c
+0-103tests/sys/capsicum/capsicum-rights.h
+76-25usr.sbin/bhyve/rfb.c
+142-62235 files not shown
+350-1,07141 files

HardenedBSD/src fba81b3tests/sys/capsicum capsicum.h syscalls.h

capsicum-tests: remove Linux support

Now that this project is part of freebsd-src, it no longer needs to be
portable.  Remove Linux-only tests, cross-os compatibility code, and
compatibility with older FreeBSD versions.  Leave in place some
originally Linux-only tests that could now be ported to FreeBSD, like the
pipe2 tests.

Sponsored by:   ConnectWise
Reviewed by:    oshogbo
Differential Revision: https://reviews.freebsd.org/D54985
DeltaFile
+4-144tests/sys/capsicum/capsicum.h
+0-144tests/sys/capsicum/syscalls.h
+0-140tests/sys/capsicum/capability-fd-pair.cc
+0-103tests/sys/capsicum/capsicum-rights.h
+5-65tests/sys/capsicum/capability-fd.cc
+15-51tests/sys/capsicum/procdesc.cc
+24-64716 files not shown
+55-93722 files

HardenedBSD/src dc9a8d3tests/sys/aio aio_test.c

aio(4) tests: do not rely on (int *)-1 being invalid address

Explicitly mmap guard and use it as the invalid address instead.

MFC after:      1 week
DeltaFile
+6-1tests/sys/aio/aio_test.c
+6-11 files

HardenedBSD/src 05492fftests/sys/kern pdwait.c

pdwait(2) tests: do not rely on (int *)-1 being invalid address

Explicitly mmap guard and use it as the invalid address instead.

MFC after:      1 week
DeltaFile
+17-3tests/sys/kern/pdwait.c
+17-31 files

HardenedBSD/src 11c1b69sys/netlink netlink_io.c

netlink: force uninline of nl_receive_message()

The entire netlink(4) message processing thread is all inlined into
nl_taskqueue_handler() making it difficult to dtrace(1) on a message
level.
DeltaFile
+1-1sys/netlink/netlink_io.c
+1-11 files

HardenedBSD/src 757b0bfusr.sbin/bhyve rfb.c

bhyve: Propagate errors from rfb_recv_* functions

Update rfb_recv_* functions to return -1 on failure and 0 on success.
Update rfb_handle to check these return values and drop the connection
if an error occurs.

Signed-off-by: Hayzam Sherif <hayzam at gmail.com>

Reviewed by:    markj
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
DeltaFile
+76-25usr.sbin/bhyve/rfb.c
+76-251 files

HardenedBSD/src 29ec390usr.sbin/syslogd syslogd.c

syslogd: Improve handling of configuration errors

Make parse_selector() print a warning to stderr and continue parsing the
config if it encounters an invalid facility or priority.  Note that
because the parsing is done from a casper service, there isn't a good
mechanism to log errors; the warnings are visible only when syslogd is
started in debug mode.

Reported by:    Doug Hardie <bc979 at lafn.org>
MFC after:      1 week
Fixes:          f4b4a10abb26 ("syslogd: Move selector parsing into its own function")
Reviewed by:    jfree, jlduran, eugen, delphij
Differential Revision:  https://reviews.freebsd.org/D55033
DeltaFile
+8-6usr.sbin/syslogd/syslogd.c
+8-61 files

HardenedBSD/src 793e891tests/sys/kern pdrfork.c

pdrfork(2) tests: enable on x86

Use pfrfork_thread(3) instead of pdrfork(RFSPAWN) to make tests working
on x86.

Tested by:      pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D55306
DeltaFile
+20-9tests/sys/kern/pdrfork.c
+20-91 files

HardenedBSD/src f90ee66tests/sys/kern pdrfork.c

pdrfork(2) tests: should wait for the child to exit

Tested by:      pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D55306
DeltaFile
+3-2tests/sys/kern/pdrfork.c
+3-21 files

HardenedBSD/src 94e4de7tests/sys/kern pdrfork.c

pdrfork(2) tests: split basic_usage

into pdrfork(2) call itself, and basic_usage_tail() that checks the
pdrfork(2) results.

Tested by:      pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D55306
DeltaFile
+19-9tests/sys/kern/pdrfork.c
+19-91 files

HardenedBSD/src 68ba270tests/sys/kern pdrfork.c

pdrfork(2) tests: RFPROCDESC|RFPROC are required

Tested by:      pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D55306
DeltaFile
+2-44tests/sys/kern/pdrfork.c
+2-441 files

HardenedBSD/src b05be03lib/libsys pdfork.2, sys/kern kern_fork.c

pdrfork(2): do require RFPROCDESC | RFPROC

when RFSPAWN is not specified, as stated in the man page.
rfork(2) cannot modify non-curproc, which is why RFPROC is required,
the syscall cannot act on arbitrary process descriptor.
If RFPROCDESC is not specified, the syscall does not make sense,
use rfork(2).

Reported and tested by: pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D55306
DeltaFile
+5-3lib/libsys/pdfork.2
+5-0sys/kern/kern_fork.c
+10-32 files

HardenedBSD/src 4484369tests/sys/kern pdrfork.c

pdrfork(2) tests: catch runaway child for EFAULT test

Reported and tested by: pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D55306
DeltaFile
+10-0tests/sys/kern/pdrfork.c
+10-01 files