Import OpenSSL 3.5.7 (previous was 3.5.6)
OpenSSL 3.5.7 is a security patch release. The most severe CVE fixed
in this release is High.
This release incorporates the following bug fixes and mitigations:
Fixed heap use-after-free in PKCS7_verify().
(CVE-2026-45447)
Fixed CMS AuthEnvelopedData processing may accept forged messages.
(CVE-2026-34182)
Fixed unbounded memory growth in the QUIC PATH_CHALLENGE handler.
(CVE-2026-34183)
Fixed NULL pointer dereference in QUIC server initial packet handling.
(CVE-2026-42764)
[35 lines not shown]
Fix missing TLF action on Closing -> Initial transition
When a Down event occurs in the Closing state, the FSM transitions
to Initial without a TLF action. Previously, the PPPoE layer was not
explicitly stopped during this transition, leaving the PPP phase
stuck in SPPP_PHASE_ESTABLISH.
As a result, if an Open event occurred afterward, the PPPoE layer
would wait for the PPPOE_SLOW_RETRY delay instead of reconnecting
immediately.
Added an additional TLF action to reset the phase and ensure
immediate reconnection upon the next Open event.
Expand the RPi5 comment to explain the positioning of the BRCM5D12 entries.
comCVS: ----------------------------------------------------------------------
PR/60314 Raspberry PI 5 SD support doesn't work under UEFI
Apply the necessary SDHC_FLAG_* flags to make the Broadcom STB SDHCI
controllers (Arasan IP) with HID BRCM5D12 work.
Thanks to Jared for help with this.
Pull up following revision(s) (requested by mlelstv in ticket #1270):
sys/dev/sdmmc/sdhc.c: revision 1.126
When seeing an error from the host controller, delay the soft reset by 100us.
This helps the hardware found in Rockchip RK3568 and RK3588 SoCs.
See PR kern/60311.
Pull up following revision(s) (requested by mlelstv in ticket #305):
sys/dev/sdmmc/sdhc.c: revision 1.126
When seeing an error from the host controller, delay the soft reset by 100us.
This helps the hardware found in Rockchip RK3568 and RK3588 SoCs.
See PR kern/60311.
When seeing an error from the host controller, delay the soft reset by 100us.
This helps the hardware found in Rockchip RK3568 and RK3588 SoCs.
See PR kern/60311.
Needs pullup to netbsd-10 and -11.
Restore aprint_error_dev() for early errors. It's not perfect, but on
reflection better than removing it for when we run `dmesg` later.
(partially reverts r1.15)
arm: relax coherent DMA ordering barriers from DSB to DMB
Use DMB instead of DSB for the ARM coherent DMA ordering macros dma_*_*()
The previous definitions used DSB, which enforces completion semantics and
is heavier than needed for coherent device DMA ordering. DMB provides ordering
of memory operations without requiring full completion, making it the
appropriate barrier for these coherent-only CPU/device DMA paths.
Tested on Fusion VM, Orion O6, and Thunderx.
There is an approximate 1% performance improvement for the Fusion VM, but
less for Orion O6 and Thunderx.
