HardenedBSD/src c6245bcsys/modules/iwlwifi Makefile, sys/modules/rtw89 Makefile

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+132-13sys/x86/x86/local_apic.c
+10-3usr.sbin/periodic/etc/daily/460.status-mail-rejects
+9-2usr.sbin/periodic/etc/security/800.loginfail
+9-2usr.sbin/periodic/etc/security/900.tcpwrap
+2-0sys/modules/iwlwifi/Makefile
+2-0sys/modules/rtw89/Makefile
+164-206 files

HardenedBSD/src 8ac6427usr.sbin/periodic/etc/daily 460.status-mail-rejects, usr.sbin/periodic/etc/security 800.loginfail 900.tcpwrap

by Joseph Mingrone (jrm) on ⎇
periodic: Support RFC 5424 syslog timestamps

This is based on an initial implementation by michaelo in
https://reviews.freebsd.org/D54361.

PR:             270497
Reported by:    michaelo
Reviewed by:    michaelo
Tested by:      michaelo
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D54606
DeltaFile
+10-3usr.sbin/periodic/etc/daily/460.status-mail-rejects
+9-2usr.sbin/periodic/etc/security/800.loginfail
+9-2usr.sbin/periodic/etc/security/900.tcpwrap
+28-73 files

HardenedBSD/src 0f0b833sys/modules/iwlwifi Makefile, sys/modules/rtw89 Makefile

by Bjoern A. Zeeb (bz) on ⎇
modules: iwlwifi/rtw89 allow standalone build

The KERN_OPTS:MDEV_ACPI checks are fine for as long as we are building
modules along the kernel.  If one wants to just build the module
standalone out of the module directory this would fail.
Add the missing include for kmod.opts.mk (as was done for tcp
in 1319a76179682).

Sponsored by:   The FreeBSD Foundation
Reported by:    Tassilo Philipp (tphilipp potion-studios.com)
Fixes:  f5a77dc8f8df ("improve module Makefile dependency on ACPI")
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54769
DeltaFile
+2-0sys/modules/iwlwifi/Makefile
+2-0sys/modules/rtw89/Makefile
+4-02 files

HardenedBSD/src 11f954bsys/x86/x86 local_apic.c

by Konstantin Belousov (kib) on ⎇
x86: mask all LAPIC vectors early, before BSP interrupts are enabled

If APIC is left in somewhat bad state, with some source hot (not masked
and active, e.g. timers after kexec or due to BIOS bug), we get the
interrupt too early.

Reported by:    jmg
Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54543
DeltaFile
+28-0sys/x86/x86/local_apic.c
+28-01 files

HardenedBSD/src 87ed56asys/x86/x86 local_apic.c

by Konstantin Belousov (kib) on ⎇
x88/local_apic.c: for each lvt element, add LVT register index

Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54543
DeltaFile
+12-0sys/x86/x86/local_apic.c
+12-01 files

HardenedBSD/src 4938ee8sys/x86/x86 local_apic.c

by Konstantin Belousov (kib) on ⎇
x86/local_apic.c: convert lvts[] and elvts[] arrays to designated initializers

Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54543
DeltaFile
+92-13sys/x86/x86/local_apic.c
+92-131 files

HardenedBSD/src a17a404sbin/ifconfig af_link.c, share/man/man4 rtnetlink.4 genetlink.4

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+5-2share/man/man4/rtnetlink.4
+1-1sbin/ifconfig/af_link.c
+1-1usr.bin/netstat/sctp.c
+1-0share/man/man4/genetlink.4
+1-0share/man/man4/netlink.4
+9-45 files

HardenedBSD/src 0ef8f71usr.bin/netstat sctp.c

by Michael Tuexen (tuexen) on ⎇
netstat: fix typo

MFC after:      3 days
DeltaFile
+1-1usr.bin/netstat/sctp.c
+1-11 files

HardenedBSD/src 2f900cbsbin/ifconfig af_link.c

by Amy Vargas via Pouria Mousavizadeh Tehrani (pouria) on ⎇
ifconfig: Use strlcpy(3) instead of strncpy(3) for interface name

No functional change intended.

Reviewed by: pouria, delphij, imp
Approved by: glebius (mentor)
Differential Revision: https://reviews.freebsd.org/D54752
DeltaFile
+1-1sbin/ifconfig/af_link.c
+1-11 files

HardenedBSD/src adb66efshare/man/man4 rtnetlink.4 genetlink.4

by Pouria Mousavizadeh Tehrani (pouria) on ⎇
netlink(4): Add snl(3) to See Also section

While here, fix manlint warnings in rtnetlink(4).

Reviewed by: melifaro, ziaee, glebius
Approved by: glebius (mentor)
Differential Revision: https://reviews.freebsd.org/D53786
DeltaFile
+5-2share/man/man4/rtnetlink.4
+1-0share/man/man4/genetlink.4
+1-0share/man/man4/netlink.4
+7-23 files

HardenedBSD/src 22e60c9sys/netpfil/ipfw ip_fw_bpf.c

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+1-1sys/netpfil/ipfw/ip_fw_bpf.c
+1-11 files

HardenedBSD/src b9f90c6contrib/mtree mtree.8 create.c, release/tools gce.conf

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+12-12contrib/mtree/mtree.8
+3-4contrib/mtree/create.c
+3-0release/tools/gce.conf
+18-163 files

HardenedBSD/src 76af334sys/netpfil/ipfw ip_fw_bpf.c

by Gleb Smirnoff (glebius) on ⎇
ipfw: fix !VIMAGE build

NB: Rest of ipfw(4) sources get sx.h via vnet.h, which isn't perfect.
DeltaFile
+1-1sys/netpfil/ipfw/ip_fw_bpf.c
+1-11 files

HardenedBSD/src e2e7269contrib/mtree mtree.8 create.c

by Jose Luis Duran (jlduran) on ⎇
Import latest mtree from NetBSD

Merge commit '7e59b238fcf32f3d365e78ddc702ca494e1ff68d'

This commit partially reverts the previous vendor import, given that the
"type" keyword has been historically mandatory and should not be removed
by "-R all".  This was clarified in the man page.

Reported by:    glebius
PR:             219467
MFC after:      1 week

(cherry picked from commit 4250d2ad991b7bb9915e4c6b6d93b17369747ff0)
DeltaFile
+12-12contrib/mtree/mtree.8
+3-4contrib/mtree/create.c
+15-162 files

HardenedBSD/src 2184a2drelease/tools gce.conf

by William Carrel via Xin LI (delphij) on ⎇
GCE: ARM64 Support: Add hw.pci.honor_msi_blacklist=0.

This is required for MSI support on GCE ARM64 instances which is
prerequisite to gve(4) not panicking at boot, and nvme(4) also has
a real sad time without interrupts. Tested on a variety of c4a VMs.

This is meant to be a temporary hack; long term fix would be to
check for the hypervisor and quirk gve(4) device with
PCI_QUIRK_ENABLE_MSI_VM.

PR:             kern/292081
MFC after:      1 week

(cherry picked from commit 9ae43352c89c776c8171f5881a984bc39acf5d6a)
DeltaFile
+3-0release/tools/gce.conf
+3-01 files

HardenedBSD/src cd2100astand/powerpc/ofw cas.c, sys/dev/dwc if_dwc.c dwc1000_dma.c

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+10-4sys/dev/dwc/if_dwc.c
+3-3sys/dev/dwc/dwc1000_dma.c
+1-1stand/powerpc/ofw/cas.c
+1-1sys/dev/dwc/dwc1000_core.c
+1-1tests/sys/netpfil/pf/pflog.sh
+16-105 files

HardenedBSD/src 964d91etests/sys/netpfil/pf pflog.sh

by Jose Luis Duran (jlduran) on ⎇
pflog: tests: Fix rdr_action_head()

Fix a typo in the rdr_action_head() test.

Fixes:          685fb4253819 ("pf: Log the intended action when a NAT rule matches a packet")
MFC after:      1 week
DeltaFile
+1-1tests/sys/netpfil/pf/pflog.sh
+1-11 files

HardenedBSD/src dce3d3astand/powerpc/ofw cas.c

by Justin Hibbits (jhibbits) on ⎇
powerpc/loader: Size the CAS PVR array correctly

Fixes:          895eeb492 ("powerpc/loader: Add CAS support for older CPUs")
MFC after:      1 week
DeltaFile
+1-1stand/powerpc/ofw/cas.c
+1-11 files

HardenedBSD/src bbcd5f7share/man/man5 src.conf.5, share/mk src.opts.mk

by Shawn Webb on ⎇
HBSD: Resolve merge conflicts

Regen src.conf.5.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+1-9share/man/man5/src.conf.5
+0-5share/mk/src.opts.mk
+1-142 files

HardenedBSD/src 5d8777fsys/dev/dwc if_dwc.c dwc1000_dma.c

by Michael Tuexen (tuexen) on ⎇
dwc: add receive checksum offload for IPv6

This patch adds support for receive checksum offload for TCP/IPv6
and UDP/IPv6. Since receive checksum offload can't be configured
separately for IPv4 and IPv6, IFCAP_RXCSUM and IFCAP_RXCSUM_IPV6
can't be changed independently.

Reviewed by:            Timo Völker
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D54756
DeltaFile
+3-3sys/dev/dwc/if_dwc.c
+2-2sys/dev/dwc/dwc1000_dma.c
+1-1sys/dev/dwc/dwc1000_core.c
+6-63 files

HardenedBSD/src aca67c3sys/dev/dwc if_dwc.c dwc1000_dma.c

by Michael Tuexen (tuexen) on ⎇
dwc: add transmit checksum offload for IPv6

This patch adds support for transmit checksum offload for TCP/IPv6
and UDP/IPv6.

Reviewed by:            Timo Völker
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D54754
DeltaFile
+8-2sys/dev/dwc/if_dwc.c
+1-1sys/dev/dwc/dwc1000_dma.c
+9-32 files

HardenedBSD/src 032f8e7sys/netpfil/ipfw ip_fw_bpf.c, sys/powerpc/include atomic.h

by Shawn Webb on ⎇
Merge remote-tracking branch 'internal/freebsd/current/main' into hardened/current/master

Conflicts:
        share/man/man5/src.conf.5 (unresolved)
        share/mk/src.opts.mk (unresolved)
DeltaFile
+160-19tools/tools/nanobsd/defaults.sh
+112-1tools/tools/nanobsd/legacy.sh
+95-0tests/sys/netpfil/ipfw/log.sh
+56-26sys/powerpc/include/atomic.h
+34-26sys/netpfil/ipfw/ip_fw_bpf.c
+31-10usr.sbin/spi/spi.c
+488-8230 files not shown
+593-20236 files

HardenedBSD/src 34dc234sys/compat/linuxkpi/common/include/linux pci.h, sys/modules Makefile

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+18-9sys/compat/linuxkpi/common/include/linux/pci.h
+19-0sys/riscv/include/acpica_machdep.h
+11-3sys/modules/Makefile
+11-2sys/modules/rtw89/Makefile
+5-2sys/modules/iwlwifi/Makefile
+2-2sys/net80211/ieee80211_proto.c
+66-181 files not shown
+67-197 files

HardenedBSD/src 895eeb4stand/powerpc/ofw cas.c

by Justin Hibbits (jhibbits) on ⎇
powerpc/loader: Add CAS support for older CPUs

QEMU creates a "ibm,arch-vec-5-platform-support" property for all
pseries emulations.  Add POWER7 and POWER6 to the CAS list, more can be
added later as needed/desired.

MFC after:      1 week
DeltaFile
+6-0stand/powerpc/ofw/cas.c
+6-01 files

HardenedBSD/src 9be9ab2sys/netpfil/ipfw ip_fw_table_value.c

by Gordon Bergling (gbe) on ⎇
netpfil/ipfw: Fix a typo in a source code comment

- s/vaues/values/

MFC after:      5 days
DeltaFile
+1-1sys/netpfil/ipfw/ip_fw_table_value.c
+1-11 files

HardenedBSD/src cabb5adsys/dev/clk/rockchip rk_clk_fract.c

by Gordon Bergling (gbe) on ⎇
rockship: Fix a typo in a source code comment

- s/vaues/values/

MFC after:      5 days
DeltaFile
+1-1sys/dev/clk/rockchip/rk_clk_fract.c
+1-11 files

HardenedBSD/src 4cd4ccbtools/tools/nanobsd defaults.sh, tools/tools/nanobsd/dhcpd common

by Jose Luis Duran (jlduran) on ⎇
nanobsd: Fix typos

MFC after:      1 week
DeltaFile
+2-2tools/tools/nanobsd/embedded/common
+1-1tools/tools/nanobsd/defaults.sh
+1-1tools/tools/nanobsd/dhcpd/common
+4-43 files

HardenedBSD/src ecc039btools/tools/nanobsd legacy.sh defaults.sh

by Jose Luis Duran (jlduran) on ⎇
nanobsd: Add a NO_ROOT build option

Add a -U option to build NanoBSD images without root privileges.  It
relies on makefs/mkimg and metalog (mtree) files, similar to what
release engineering uses to build images.

Keep the current way to build NanoBSD images untouched.  Once this
method gets battle tested, it may be used to build images as root as
well.

Reviewed by:    imp, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48793
DeltaFile
+100-0tools/tools/nanobsd/legacy.sh
+34-6tools/tools/nanobsd/defaults.sh
+17-3tools/tools/nanobsd/nanobsd.sh
+151-93 files

HardenedBSD/src 8832f76tools/tools/nanobsd defaults.sh

by Jose Luis Duran (jlduran) on ⎇
nanobsd: Add a provisional populate /data function

Add a provisional _populate_data_part function.  It populates the
optional /data partition, but using makefs(8), which is more in-line
with what release engineering uses to create images.

Reviewed by:    emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48792
DeltaFile
+4-0tools/tools/nanobsd/defaults.sh
+4-01 files

HardenedBSD/src 800d390tools/tools/nanobsd defaults.sh

by Jose Luis Duran (jlduran) on ⎇
nanobsd: Add a provisional populate /cfg function

Add a provisional _populate_cfg_part function.  It populates the /cfg
partition, but using makefs(8), which is more in-line with what release
engineering uses to create images.

Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48791
DeltaFile
+4-0tools/tools/nanobsd/defaults.sh
+4-01 files