FreeBSD/src c8d7592release/tools vmimage.subr

vmimage.subr: Install pkg on pkgbase images

When building VM and Cloud images with a packaged base system, install
the pkg package; this makes it possible for the base system to be
updated without installing pkg from the FreeBSD-ports repository.

Sponsored by:   Amazon

(cherry picked from commit f0ecf357aad984ac3b175f41027baac06d886f16)
DeltaFile
+3-0release/tools/vmimage.subr
+3-01 files

FreeBSD/src c73ae67release/tools oci-image-static.conf

release/tools: use same pkg settings in containers as in /etc/pkg/FreeBSD.conf

Instructions in /etc/pkg/FreeBSD.conf and elsewhere recommend putting
changes in /usr/local/etc/pkg/repos/FreeBSD.conf so bring OCI containers
into line as well.

Reviewed by:    dfr, ivy
Differential Revision:  https://reviews.freebsd.org/D54090

MFC after:      5 days
Sponsored by:   SkunkWerks, GmbH
DeltaFile
+1-5release/tools/oci-image-static.conf
+1-51 files

FreeBSD/src 331316blib/libc/net getnetbydns.c

libc: Don't use uninitialised string for getnetbyaddr[_r](0) DNS lookup

If net is all-zero, the loop to extract all leading non-zero octets will
iterate zero times and leave nn with the value 4, which the following
switch statement to initialise qbuf does not handle. As a result,
_dns_getnetbyaddr will look up the PTR record for this uninitialised
string, which will leak the pre-existing contents of that stack memory
to the DNS resolver and, if remote and not otherwise protected, network.

Note that _dns_getnetbyaddr is only used if nsswitch.conf is configured
to enable the "dns" source for the "networks" database, which is not the
default configuration in FreeBSD.

For glibc this same bug, in code also derived from BIND's, was issued
CVE-2026-0915. This commit adopts the same behaviour as glibc's fix,
which is to regard a net of 0 as being for 0.0.0.0. Apparently NetBSD
will return NS_UNAVAIL instead, which may or may not make more sense,
but in general glibc compatibility tends to cause less friction when
there's not a good reason to avoid it.

    [5 lines not shown]
DeltaFile
+3-0lib/libc/net/getnetbydns.c
+3-01 files

FreeBSD/src 8a95085tests/sys/kern ssl_sendfile.c

tests/kern: make ssl_sendfile:truncate and ssl_sendfile:grow less flaky

First problem is a trivial race that the client thread doesn't see updated
c.sbytes.  Second problem applies only to the truncate test.  On a machine
with huge default buffer sizes, there is a chance that sendfile(2) will
fill both buffers with amount of data that is larger than the size we plan
to truncate.  To minimise chances for this scenario, increase file size
and truncate it less aggressively, also try to decrease buffer sizes.
DeltaFile
+16-2tests/sys/kern/ssl_sendfile.c
+16-21 files

FreeBSD/src 938915acontrib/netbsd-tests/lib/libc/regex t_exhaust.c

netbsd-tests: Fix regcomp_too_big flakiness

The test sometimes crashes with ASLR enabled.  This seems to happen when
regcomp() grows the process stack and happens to run into the virtual
memory limit set at the beginning of the test.  ASLR triggers the
problem since it introduces a bit of fragmentation and thus introduces
cases where stack allocation can be the trigger of virtual memory
exhaustion, rather than dynamic memory allocation in regcomp().

Make the test stable by priming the stack before doing anything else.
This effectively reserves 16MB of virtual memory for the stack, which in
practice is enough to make the test stable on amd64.

PR:             259971
Reviewed by:    ngie, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54880
DeltaFile
+14-3contrib/netbsd-tests/lib/libc/regex/t_exhaust.c
+14-31 files

FreeBSD/src 37d86e9sys/kern subr_witness.c

witness: mark relationships defined in order_lists[]

Mark the lock relationships defined in order_lists[] and use that
information to print better messages when a LOR violates one of these
relationships.

Suggested by:   markj
Reviewed by:    kib, markj
MFC after:      1 month
Sponsored by:   Netflix
Differential Revision:  https://reviews.freebsd.org/D54903
DeltaFile
+11-4sys/kern/subr_witness.c
+11-41 files

FreeBSD/src 1741502crypto/openssl/crypto/asn1 a_strex.c, crypto/openssl/crypto/bio bf_lbuf.c

openssl: Fix multiple vulnerabilities

This is a rollup commit from upstream to fix:
  Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
  Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
  Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
  Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
  NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
  Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
  ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)

See https://openssl-library.org/news/secadv/ for additional details.

Approved by:    so
Obtained from:  OpenSSL
Security:       FreeBSD-SA-26:01.openssl
Security:       CVE-2025-68160
Security:       CVE-2025-69418
Security:       CVE-2025-69419

    [4 lines not shown]
DeltaFile
+26-6crypto/openssl/crypto/bio/bf_lbuf.c
+8-2crypto/openssl/crypto/pkcs12/p12_kiss.c
+8-2crypto/openssl/crypto/modes/ocb128.c
+6-0crypto/openssl/crypto/pkcs12/p12_decr.c
+4-2crypto/openssl/crypto/asn1/a_strex.c
+5-0crypto/openssl/crypto/pkcs12/p12_utl.c
+57-123 files not shown
+63-159 files

FreeBSD/src ee8d50bcrypto/openssl/crypto/asn1 evp_asn1.c a_strex.c, crypto/openssl/crypto/bio bf_lbuf.c

openssl: Fix multiple vulnerabilities

This is a rollup commit from upstream to fix:
  Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
  Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
  Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
  Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
  Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
  NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
  Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
  ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)

See https://openssl-library.org/news/secadv/ for additional details.

Approved by:    so
Obtained from:  OpenSSL
Security:       FreeBSD-SA-26:01.openssl
Security:       CVE-2025-15467
Security:       CVE-2025-68160

    [6 lines not shown]
DeltaFile
+26-6crypto/openssl/crypto/bio/bf_lbuf.c
+20-0crypto/openssl/crypto/asn1/evp_asn1.c
+8-2crypto/openssl/crypto/pkcs12/p12_kiss.c
+8-2crypto/openssl/crypto/modes/ocb128.c
+4-2crypto/openssl/crypto/asn1/a_strex.c
+2-3crypto/openssl/crypto/evp/evp_lib.c
+68-155 files not shown
+84-1811 files

FreeBSD/src 5626e81crypto/openssl/apps pkeyutl.c, crypto/openssl/apps/lib apps.c

openssl: Fix multiple vulnerabilities

This is a rollup commit from upstream to fix:
  Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)
  Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
  NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)
  "openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)
  TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)
  Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
  Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
  Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
  Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
  NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
  Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
  ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)

See https://openssl-library.org/news/secadv/ for additional details.

Approved by:    so

    [14 lines not shown]
DeltaFile
+28-27crypto/openssl/apps/lib/apps.c
+18-18crypto/openssl/apps/pkeyutl.c
+26-6crypto/openssl/crypto/bio/bf_lbuf.c
+20-0crypto/openssl/crypto/asn1/evp_asn1.c
+16-2crypto/openssl/crypto/pkcs12/p12_mutl.c
+8-2crypto/openssl/crypto/modes/ocb128.c
+116-5512 files not shown
+158-7018 files

FreeBSD/src 9c151e1crypto/openssl/apps pkeyutl.c, crypto/openssl/apps/lib apps.c

openssl: Fix multiple vulnerabilities

This is a rollup commit from upstream to fix:
  Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)
  Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
  NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)
  "openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)
  TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)
  Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
  Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
  Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
  Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
  NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
  Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
  ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)

See https://openssl-library.org/news/secadv/ for additional details.

Approved by:    so

    [14 lines not shown]
DeltaFile
+28-27crypto/openssl/apps/lib/apps.c
+18-18crypto/openssl/apps/pkeyutl.c
+26-6crypto/openssl/crypto/bio/bf_lbuf.c
+20-0crypto/openssl/crypto/asn1/evp_asn1.c
+16-2crypto/openssl/crypto/pkcs12/p12_mutl.c
+8-2crypto/openssl/crypto/modes/ocb128.c
+116-5512 files not shown
+158-7018 files

FreeBSD/src 72a6991sys/netgraph/bluetooth/include ng_hci.h

bluetooth: Don't use a non-string to initialize NG_HCI_BDADDR_ANY

Explicitly use an array of 6 zeroes instead of a C string containing
nul characters.  GCC 15 warns about the truncation, but this is
cleaner regardless.

In file included from /usr/obj/.../amd64.amd64/tmp/usr/include/bluetooth.h:51,
                 from usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:45:
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c: In function 'register_sdp':
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:96:13: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (7 chars into 6 available) [-Werror=unterminated-string-initialization]
   96 |             NG_HCI_BDADDR_ANY, (const uint8_t *)&record, sizeof(record),
      |             ^~~~~~~~~~~~~~~~~

Reviewed by:    dim
Differential Revision:  https://reviews.freebsd.org/D54869
DeltaFile
+2-2sys/netgraph/bluetooth/include/ng_hci.h
+2-21 files

FreeBSD/src 5c504c6usr.bin/kyua Makefile

kyua: Workaround unclear warning from GCC

GCC 15 does not like a push_back() invocation in utils::find_core()
and incorrectly believes libc++ will free a non-heap pointer.  Disable
the warning to pacify GCC.

In function 'void std::__1::__libcpp_operator_delete(_Args ...) [with _Args = {void*, long unsigned int}]',
    inlined from 'void std::__1::__do_deallocate_handle_size(void*, size_t, _Args ...) [with _Args = {}]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:298:39,
    inlined from 'void std::__1::__libcpp_deallocate(void*, size_t, size_t)' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:311:39,
    inlined from 'void std::__1::allocator<_Tp>::deallocate(_Tp*, size_t) [with _Tp = utils::fs::path]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocator.h:132:31,
    inlined from 'static void std::__1::allocator_traits<_Alloc>::deallocate(allocator_type&, pointer, size_type) [with _Alloc = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocator_traits.h:314:19,
    inlined from 'std::__1::__split_buffer<_Tp, _Allocator>::~__split_buffer() [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>&]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__split_buffer:365:31,
    inlined from 'std::__1::vector<_Tp, _Alloc>::pointer std::__1::vector<_Tp, _Alloc>::__push_back_slow_path(_Up&&) [with _Up = utils::fs::path; _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1504:1,
    inlined from 'void std::__1::vector<_Tp, _Alloc>::push_back(value_type&&) [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1526:34,
    inlined from 'utils::optional<utils::fs::path> utils::find_core(const fs::path&, const process::status&, const fs::path&)' at contrib/kyua/utils/stacktrace.cpp:217:25:
/usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:274:38: error: 'void operator delete(void*, size_t)' called on pointer '<unknown>' with nonzero offset [24, 9223372036854775807] [-Werror=free-nonheap-object]
  274 |   __builtin_operator_delete(__args...);
      |                                      ^
In function 'void* std::__1::__libcpp_operator_new(_Args ...) [with _Args = {long unsigned int}]',

    [13 lines not shown]
DeltaFile
+2-0usr.bin/kyua/Makefile
+2-01 files

FreeBSD/src 6fb87a1share/mk bsd.sys.mk

bsd.sys.mk: Silence a few GCC warnings for C++

These warnings were already marked with -Wno-error=, but they trigger
so many false positives in libc++ headers to be utterly useless for
C++ code, so disable them entirely for C++.

Reviewed by:    imp, dim
Differential Revision:  https://reviews.freebsd.org/D54867
DeltaFile
+6-0share/mk/bsd.sys.mk
+6-01 files

FreeBSD/src 2dea50acontrib/netbsd-tests/lib/libc/regex t_regex_att.c

netbsd-tests t_regex_att: Use __nonstring for a non-string constant

Fixes the following warning from GCC 15:

contrib/netbsd-tests/lib/libc/regex/t_regex_att.c:54:30: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (4 chars into 3 available) [-Werror=unterminated-string-initialization]
   54 | static const char delim[3] = "\\\\\0";
      |                              ^~~~~~~~

Reviewed by:    ngie, imp, dim
Differential Revision:  https://reviews.freebsd.org/D54866
DeltaFile
+1-1contrib/netbsd-tests/lib/libc/regex/t_regex_att.c
+1-11 files

FreeBSD/src bfc6e56contrib/llvm-project/libcxx/include/__type_traits remove_all_extents.h remove_extent.h

Merge commit 81b20e110b3f from llvm git (by Roland McGrath):

    [libc++] Work around new GCC 15 type_traits builtins that can't be
    used as Clang's can (#137871)

    GCC 15 has added builtins for various C++ type traits that Clang
    already had.  Since `__has_builtin(...)` now finds these, the #if
    branches previously only used for Clang are now used for GCC 15.
    However, GCC 15 requires that these builtins only be used in type
    aliases, not in template aliases.

    For now, just don't use the `__has_builtin(...)` branches under newer
    GCC versions, so both 14 and 15 work during the transition.  This
    can be cleaned up later to use all the GCC 15 builtins available.

    Fixed: #137704
    Fixed: #117319

Reviewed by:    dim
Differential Revision:  https://reviews.freebsd.org/D54865
DeltaFile
+1-1contrib/llvm-project/libcxx/include/__type_traits/remove_all_extents.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/remove_extent.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/add_lvalue_reference.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/add_pointer.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/add_rvalue_reference.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/decay.h
+6-66 files

FreeBSD/src 093fffasys/amd64/amd64 vm_machdep.c, sys/i386/i386 vm_machdep.c

sys: Use __is_aligned and __align_down for some kstack alignment operations

Reviewed by:    kib, jhibbits
Effort:         CHERI upstreaming
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54840
DeltaFile
+2-3sys/powerpc/powerpc/machdep.c
+2-2sys/powerpc/powerpc/vm_machdep.c
+2-2sys/powerpc/powerpc/exec_machdep.c
+1-2sys/amd64/amd64/vm_machdep.c
+2-1sys/i386/i386/vm_machdep.c
+9-105 files

FreeBSD/src 9272b78sys/powerpc/powerpc exec_machdep.c vm_machdep.c

powerpc: Fix alignment of initial PCB on kstack

Commit cc81c44dd806737f98b4fd4094674dd71c8749f3 aimed to consolidate
duplicated code between the Book-E and AIM backends.  For
cpu_thread_alloc cpu_thread_alloc and cpu_fork it used the AIM
functions which used a bogus alignment mask (~0x2f).  The Book-E
functions used a proper alignment mask (~0x3f).  The AIM functions
appear to have been busted since they were first imported in commit
919cb3362fded33aca682a6ac57777f8fff86e36.

To fix, use the Book-E mask which requests 64 byte alignment.
Probably this was harmless in practice since td_kstack is page aligned
and struct pcb is probably a multiple of 32 bytes in size, so the 0x10
bit should have been clear anyway.

Reviewed by:    fuz, jhibbits
Fixes:          cc81c44dd806 ("Unify ABI-related bits of the Book-E and AIM...")
Effort:         CHERI upstreaming
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54839
DeltaFile
+1-1sys/powerpc/powerpc/exec_machdep.c
+1-1sys/powerpc/powerpc/vm_machdep.c
+2-22 files

FreeBSD/src 05609c5sys/arm/arm machdep.c, sys/arm/include machdep.h

arm: Make init_proc0 static

This function is not used outside of machdep.c and is already static
on arm64 and riscv.

Reviewed by:    imp
Effort:         CHERI upstreaming
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54838
DeltaFile
+1-1sys/arm/arm/machdep.c
+0-1sys/arm/include/machdep.h
+1-22 files

FreeBSD/src 4054439usr.sbin/ctld kernel.cc

ctld: Do not remove item from an nvlist while iterating it

While here, make use of cnvlist_* to simplify this code.

Fixes:          d42a73fb6a85 ("ctld: Add a dedicated API between parse.y and the rest of the program")
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D49650
(cherry picked from commit 30020689fb1e5c9549e430bd23600c88e1257697)
DeltaFile
+4-3usr.sbin/ctld/kernel.cc
+4-31 files

FreeBSD/src 4ecaa02usr.sbin/ctld ctld.hh ctld.h

ctld: Rename {ctld,isns}.h to {ctld,isns}.hh

Subsequent commits will use C++ in these headers rather than only C.
conf.h remains as a C-only header since it is intended for use by the
C code generated from parse.y.

Sponsored by:   Chelsio Communications
Pull Request:   https://github.com/freebsd/freebsd-src/pull/1794

(cherry picked from commit 34e8d66412cd81d020f0e75d078a4404ec39cf5a)
DeltaFile
+362-0usr.sbin/ctld/ctld.hh
+0-362usr.sbin/ctld/ctld.h
+0-90usr.sbin/ctld/isns.h
+90-0usr.sbin/ctld/isns.hh
+2-2usr.sbin/ctld/isns.cc
+2-2usr.sbin/ctld/ctld.cc
+456-4565 files not shown
+461-46111 files

FreeBSD/src e11dec7usr.sbin/ctld login.cc

ctld: Remove dead logging code

Portal discovery auth groups are always named auth groups

Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D49649

(cherry picked from commit ce8cfd998b4fc01cfd47e009b0f6dead404841b4)
DeltaFile
+2-6usr.sbin/ctld/login.cc
+2-61 files

FreeBSD/src a8ab78ausr.sbin/ctld uclparse.cc

ctld: Remove dead code in UCL parsing of hex DSCP values

libucl treats strings starting with "0x" as an integer if they do
not contain invalid characters.  The code also looks broken as it
only calls strtol if the string exactly matches "0x" without any
trailing characters.

Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D49644

(cherry picked from commit 251439f1a06867a6baccb274c671b2169c9959fd)
DeltaFile
+0-3usr.sbin/ctld/uclparse.cc
+0-31 files

FreeBSD/src 0b418deusr.sbin/ctld conf.cc

ctld: Permit valid integer LUN device types

Fixes:          2e0caa7c7e14 ("libutil: Really fix expand_number(3)")
Sponsored by:   Chelsio Communications
(cherry picked from commit 14f2cd78042372d27138a91dcb4f4845fe2e8194)
DeltaFile
+1-1usr.sbin/ctld/conf.cc
+1-11 files

FreeBSD/src 8c211a0usr.sbin/ctld ctld.cc

ctld: Require a mask if / is specified in an initiator portal

If the / separator in a portal string is the last character in the
string, treat the portal as invalid.

Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D49648

(cherry picked from commit 4449cf28a3152cf6e87a45176ae15ae250e543de)
DeltaFile
+2-0usr.sbin/ctld/ctld.cc
+2-01 files

FreeBSD/src 541c6c9usr.sbin/ctld ctld.cc

ctld: Tighten parsing of IPv6 addresses for initiator-portal

If an address starts with a [ character, require that it ends with a ]
character.  Also, if an address starts with a [ character, assume it
is an IPv6 address.

Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D49647

(cherry picked from commit f3eb1514ce44aea5d288a74f34a0c6925ecd43ea)
DeltaFile
+9-6usr.sbin/ctld/ctld.cc
+9-61 files

FreeBSD/src 88b3dabusr.sbin/ctld uclparse.cc

ctld: Properly validate mutual user/secret for CHAP-MUTUAL in the UCL parser

The code was checking the non-mutual UCL objects twice instead.

Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D49645

(cherry picked from commit bf41156712929460aaf968e9d38ddc3847f90f6a)
DeltaFile
+4-4usr.sbin/ctld/uclparse.cc
+4-41 files

FreeBSD/src ac930feusr.sbin/ctld conf.cc

ctld: Use strtonum in lun_set_device_type

This is a direct commit to stable of part of commit
2e0caa7c7e14d7bdc89ec43be9bc848abe1ca264.  The full commit is not
merged as it changes the API/ABI of expand_number(3).
DeltaFile
+8-4usr.sbin/ctld/conf.cc
+8-41 files

FreeBSD/src 8f799d4usr.sbin/ctld ctld.cc

ctld: Drop commented-out code to print the configuration

This code is incomplete (it does not handle some of the options that
can be set) and easily rots since it is not enabled by default or
hooked up to anything that calls it.

Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D49646

(cherry picked from commit 0708eb01f28040a50693f40833562ab14fbfe2ad)
DeltaFile
+0-62usr.sbin/ctld/ctld.cc
+0-621 files

FreeBSD/src 80888d8usr.sbin/ctld ctld.cc

ctld: Reduce code duplication in auth_check_secret_length

Only check a single secret length in the function and call it twice
for the CHAP-MUTUAL case.

Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D49642

(cherry picked from commit 4214775235ebc01e0d22da5f09a2e4cff16bfa74)
DeltaFile
+18-49usr.sbin/ctld/ctld.cc
+18-491 files

FreeBSD/src be8bf6ctools/build depend-cleanup.sh

depend-cleanup: Handle ctld moving from C to C++

Reviewed by:    asomers
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D49140

(cherry picked from commit 7feee915ace1adcbbeca6bdbaf68ac27dee13ce5)
DeltaFile
+9-0tools/build/depend-cleanup.sh
+9-01 files