x86/efiboot: Put writable variables in .data, not .text.
And define them in the .c file where they're used; no need to have
extra unnecessary .S stuff just to define a global variable.
Based on patch by Paul Ripke to bootx64.efi, adapted for bootia32.efi
too.
PR kern/59151: efiboot hangs on new motherboard
Import unbound 1.25.1 (previous was 1.24.2)
Bug Fixes
Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation.
Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie,
padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the
report.
Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks
to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths
from 'calif.io' for the report.
Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo
Alto Networks, for the report.
[25 lines not shown]
mi pmap: support code for HW updated referenced and modified PTE bits
Previously the MI PMAP would rely on mod/ref emulation to update
mdpg_attrs if a page was modified or referenced. Now support checking
each mapping's HW modified PTE bits (and updating mdpg_attrs).
mi pmap: aarch64: fix ref/mod emulation in pmap_fault_fixup
If a PTE changes in pmap_fault_fixup the entry in the TLB needs
to be invalidated.
While I'm here use atomic_load_relaxed to fetch the PTE and fix a
comment.
risc-v: fix ref/mod emulation PTE handling.
The previous code has zero chance of working and now that pmap_test_mod_ref
exists it can prove this code is correct.
aarch64: pmap: misc improvements to pmap_test_mod_ref
- remove the need for pmap_debugva by using uvm_km_{alloc,free}
- deactivate curlwp so the kernel pmap is always activate
- sprinkle pmap_udpate()
CVS: ----------------------------------------------------------------------
axen(4): brush up
Align .Cd introduced in previous with the others.
Don't abuse -tag for -item. Mark up ifconfig media types.
Drop confusing parens around the sentence that says autoselect is the
default. The next sentence is the logical continuation of that
thought, and yet it was outside the parens, torn away from the
sentence it expands upon.
Avoid most 30-40 character runs of alphabet soup. A slash and an 'A'
is an especially nasty combination. Fortunately, commas are a thing.
Give remaining slashes a bit of kerning.
octeon: Add second errata syncw in membar_release
The second syncw is relevant to CN5xxx/Octeon+ for us (ERLite), we don't
currently support CN3xxx but attempt to clarify the commentary around all
this.
There is a seemingly similar detail on cnMIPS, the SYNC_PLUNGER, which is not
dealt with or changed here. This syncw is specifically to work around two
related errata in CN3xxx and CN5xxx.
The OCTEON2 path is a future breadcrumb, we don't build it yet.
Reviewed by: skrll@
axen.4: note examples of presently unsupported features
(These could go under a bugs section, but it perhaps makes more sense
to keep all this information together.)
axen.4: add and adjust examples of supported devices
Noted to work with TP-Link UE300 (those that come with ASIX chips,
apparently some come with an RTL8153) and UE306. While here, also
correct the transliteration of "Kuroutoshikou", following OpenBSD.
tcp: set initial RTO to 1s per RFC 6298
Lower TCPTV_SRTTDFLT from 3s to 1s and adjust the t_rttvar seed in
tcp_tcpcb_template() so the pre-measurement TCP_REXMTVAL() equals
TCPTV_SRTTDFLT (was 2*TCPTV_SRTTDFLT). Active opens and SYN|ACK
retransmits now start at 1s and back off 1, 2, 4, ... per RFC 6298
sections 2.1 and 5.5. Post-first-sample RTO is unchanged.
Pin tcp_msl_remote_threshold to its previous numeric default (3*PR_SLOWHZ)
so the SRTTDFLT change does not move an unrelated TIME_WAIT-shortening
tunable.
This is conceptually https://reviews.freebsd.org/D18941 which we ran at a
large CDN, modified for NetBSD's stack.
Import bind 9.20.23 (previous was 9.20.22)
Security Fixes
Limit resolver server list size. (CVE-2026-3592)
When resolving a domain with many nameservers that shared overlapping
IP addresses (e.g., 10 NS records all pointing at the same set of
addresses), BIND could previously waste time querying duplicate
addresses and build up excessively large server lists. Addresses
in the resolver's server list are now deduplicated so that each
unique IP is only queried once per resolution attempt, regardless
of how many NS records point to it. The number of addresses stored
per nameserver name is also now capped at six (combined A and AAAA),
preventing memory and CPU overhead from domains with unusually
large NS/glue sets.
ISC would like to thank Shuhan Zhang from Tsinghua University for
reporting this issue. [GL #5641]
[222 lines not shown]
