igmp: apply net.inet.igmp.default_version to existing interfaces
IGMP requires hosts to use the lowest version they have seen on the network.
When net.inet.igmp.default_version is changed, we do not change IGMP
version used by interface even if the interface use an higher version than
V_igmp_default_version. So we could send IGMPv3 even if the user has requested
IGMPv2 or IGMPv1 via the sysctl.
Change IGMP version for each interface when V_igmp_default_version is smaller
than the version used by the interface.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1615
Differential Revision: https://reviews.freebsd.org/D50071
igmp: do not upgrade IGMP version beyond net.inet.igmp.default_version
IGMP requires hosts to use the lowest version they've seen on the
network. When the IGMP timers expire we take the opportunity to upgrade again.
However, we did not take the net.inet.igmp.default_version sysctl
setting into account, so we could end up switching to IGMPv3 even if the
user had requested IGMPv2 or IGMPv1 via the sysctl.
Check V_igmp_default_version before we upgrade the IGMP version.
Reviewed by: adrian
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41628
Revert "e1000: Try auto-negotiation for fixed 100 or 10 configuration"
We've gotten a report of this breaking a fixed no autoneg setup.
Since no link is worse than what this intends to fix (negotiating full
duplex at forced speed), revert for the undeway 15.0 release cycle
until this can be further reviewed.
PR: 288827
Differential Revision: https://reviews.freebsd.org/D47336
This reverts commit 645c45e297c0fcbbb9d2d24cdeeb124234825019.
(cherry picked from commit 3ff0231c87f360afa4521e635b46f6c711dc4ee3)
ufs: change e96d270bd to be a straightfoward addition to existing code
The installer on UFS was not working on 26.1 anymore but it is fine
on 25.7.11. This commit changes UFS, but it does no appear to do it
in the right way. Make the change less intrusive fixing the installer.
openssl: Fix multiple vulnerabilities
This is a rollup commit from upstream to fix:
Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)
See https://openssl-library.org/news/secadv/ for additional details.
Approved by: so
Obtained from: OpenSSL
Security: FreeBSD-SA-26:01.openssl
Security: CVE-2025-15467
Security: CVE-2025-68160
[6 lines not shown]
vfs: Don't clobber namei flags in vn_open_cred()
Otherwise NAMEILOOKUP is cleared. More generally it seems quite
surprising that the flags set by vn_open_cred() callers are not
automatically preserved. Modify open2nameif() such that it takes
already-set namei flags into account.
Approved by: so
Reviewed by: olce, kib
Fixes: 7587f6d4840f ("namei: Make stackable filesystems check harder for jail roots")
Differential Revision: https://reviews.freebsd.org/D50531
(cherry picked from commit e05e33041c252dc236939683c01ca4b7b083562c)
(cherry picked from commit a66767844690dfd82e14df2d22bd9bc40e46546b)
namei: Make stackable filesystems check harder for jail roots
Suppose a process has its cwd pointing to a nullfs directory, where the
lower directory is also visible in the jail's filesystem namespace.
Suppose that the lower directory vnode is moved out from under the
nullfs mount. The nullfs vnode still shadows the lower vnode, and
dotdot lookups relative to that directory will instantiate new nullfs
vnodes outside of the nullfs mountpoint, effectively shadowing the lower
filesystem.
This phenomenon can be abused to escape a chroot, since the nullfs
vnodes instantiated by these dotdot lookups defeat the root vnode check
in vfs_lookup(), which uses vnode pointer equality to test for the
process root.
Fix this by extending nullfs and unionfs to perform the same check,
exploiting the fact that the passed componentname is embedded in a
nameidata structure to avoid changing the VOP_LOOKUP interface. That
is, add a flag to indicate that containerof can be used to get the full
[13 lines not shown]
arm64: Correctly align the SVE signal context
The SVE signal context needs to be correctly aligned. Fix this by
creating a new macro to calculate the needed size to provide this
alignment, and use it when setting and checking the saved SVE signal
context.
Approved by: so
Security: FreeBSD-EN-26:02.arm64
Reported by: cperciva
Reviewed by: cperciva, markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54396
(cherry picked from commit a9e77eb7016df70723c208fc09fbd01ec23a732d)
(cherry picked from commit bcd6bb8067d13d28d13a309e32818cda9e0d29ff)
openssl: Fix multiple vulnerabilities
This is a rollup commit from upstream to fix:
Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)
See https://openssl-library.org/news/secadv/ for additional details.
Approved by: so
Obtained from: OpenSSL
Security: FreeBSD-SA-26:01.openssl
Security: CVE-2025-15467
Security: CVE-2025-68160
[6 lines not shown]
vfs: Don't clobber namei flags in vn_open_cred()
Otherwise NAMEILOOKUP is cleared. More generally it seems quite
surprising that the flags set by vn_open_cred() callers are not
automatically preserved. Modify open2nameif() such that it takes
already-set namei flags into account.
Approved by: so
Reviewed by: olce, kib
Fixes: 7587f6d4840f ("namei: Make stackable filesystems check harder for jail roots")
Differential Revision: https://reviews.freebsd.org/D50531
(cherry picked from commit e05e33041c252dc236939683c01ca4b7b083562c)
(cherry picked from commit a66767844690dfd82e14df2d22bd9bc40e46546b)
namei: Make stackable filesystems check harder for jail roots
Suppose a process has its cwd pointing to a nullfs directory, where the
lower directory is also visible in the jail's filesystem namespace.
Suppose that the lower directory vnode is moved out from under the
nullfs mount. The nullfs vnode still shadows the lower vnode, and
dotdot lookups relative to that directory will instantiate new nullfs
vnodes outside of the nullfs mountpoint, effectively shadowing the lower
filesystem.
This phenomenon can be abused to escape a chroot, since the nullfs
vnodes instantiated by these dotdot lookups defeat the root vnode check
in vfs_lookup(), which uses vnode pointer equality to test for the
process root.
Fix this by extending nullfs and unionfs to perform the same check,
exploiting the fact that the passed componentname is embedded in a
nameidata structure to avoid changing the VOP_LOOKUP interface. That
is, add a flag to indicate that containerof can be used to get the full
[13 lines not shown]
arm64: Correctly align the SVE signal context
The SVE signal context needs to be correctly aligned. Fix this by
creating a new macro to calculate the needed size to provide this
alignment, and use it when setting and checking the saved SVE signal
context.
Approved by: so
Security: FreeBSD-EN-26:02.arm64
Reported by: cperciva
Reviewed by: cperciva, markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54396
(cherry picked from commit a9e77eb7016df70723c208fc09fbd01ec23a732d)
(cherry picked from commit bcd6bb8067d13d28d13a309e32818cda9e0d29ff)
Revert "e1000: Try auto-negotiation for fixed 100 or 10 configuration"
We've gotten a report of this breaking a fixed no autoneg setup.
Since no link is worse than what this intends to fix (negotiating full
duplex at forced speed), revert for the undeway 15.0 release cycle
until this can be further reviewed.
PR: 288827
Differential Revision: https://reviews.freebsd.org/D47336
This reverts commit 645c45e297c0fcbbb9d2d24cdeeb124234825019.
(cherry picked from commit 3ff0231c87f360afa4521e635b46f6c711dc4ee3)
