acpi: Use only AcpiGetSleepTypeData() to determine Sx support
Previously, we would first call AcpiEvaluateObject() to execute \_Sx
before calling AcpiGetSleepTypeData(). This was unnecessary, as
AcpiGetSleepTypeData() performs the same call itself. While doing so,
the latter function logs any other error than AE_NOT_FOUND (which
indicates that a particular sleep state is not supported), which most
probably is an added benefit of this change.
Reviewed by: obiwac
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54624
acpi_spmc(4): Fix compilation on 32-bit platforms
Fixes: c5daa5a4c32c ("acpi_spmc: Add system power management controller driver")
Sponsored by: The FreeBSD Foundation
posix_spawn: use rfork_thread on all arches
Do not allocate or switch to the custom stack on non-x86.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54898
libsys, libc: provide rfork_thread() and pdrfork_thread() on all arches
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54898
lualoader: Add distinct brand for installer
Make it obvious to users that the system is booting into the installer.
Reviewed by: kevans, manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51001
(cherry picked from commit ac7a19d41ee5eb1271c46fbc620b2f98dffa2230)
vmimage.subr: Install pkg on pkgbase images
When building VM and Cloud images with a packaged base system, install
the pkg package; this makes it possible for the base system to be
updated without installing pkg from the FreeBSD-ports repository.
Sponsored by: Amazon
(cherry picked from commit f0ecf357aad984ac3b175f41027baac06d886f16)
release/tools: use same pkg settings in containers as in /etc/pkg/FreeBSD.conf
Instructions in /etc/pkg/FreeBSD.conf and elsewhere recommend putting
changes in /usr/local/etc/pkg/repos/FreeBSD.conf so bring OCI containers
into line as well.
Reviewed by: dfr, ivy
Differential Revision: https://reviews.freebsd.org/D54090
MFC after: 5 days
Sponsored by: SkunkWerks, GmbH
libc: Don't use uninitialised string for getnetbyaddr[_r](0) DNS lookup
If net is all-zero, the loop to extract all leading non-zero octets will
iterate zero times and leave nn with the value 4, which the following
switch statement to initialise qbuf does not handle. As a result,
_dns_getnetbyaddr will look up the PTR record for this uninitialised
string, which will leak the pre-existing contents of that stack memory
to the DNS resolver and, if remote and not otherwise protected, network.
Note that _dns_getnetbyaddr is only used if nsswitch.conf is configured
to enable the "dns" source for the "networks" database, which is not the
default configuration in FreeBSD.
For glibc this same bug, in code also derived from BIND's, was issued
CVE-2026-0915. This commit adopts the same behaviour as glibc's fix,
which is to regard a net of 0 as being for 0.0.0.0. Apparently NetBSD
will return NS_UNAVAIL instead, which may or may not make more sense,
but in general glibc compatibility tends to cause less friction when
there's not a good reason to avoid it.
[5 lines not shown]
tests/kern: make ssl_sendfile:truncate and ssl_sendfile:grow less flaky
First problem is a trivial race that the client thread doesn't see updated
c.sbytes. Second problem applies only to the truncate test. On a machine
with huge default buffer sizes, there is a chance that sendfile(2) will
fill both buffers with amount of data that is larger than the size we plan
to truncate. To minimise chances for this scenario, increase file size
and truncate it less aggressively, also try to decrease buffer sizes.
netbsd-tests: Fix regcomp_too_big flakiness
The test sometimes crashes with ASLR enabled. This seems to happen when
regcomp() grows the process stack and happens to run into the virtual
memory limit set at the beginning of the test. ASLR triggers the
problem since it introduces a bit of fragmentation and thus introduces
cases where stack allocation can be the trigger of virtual memory
exhaustion, rather than dynamic memory allocation in regcomp().
Make the test stable by priming the stack before doing anything else.
This effectively reserves 16MB of virtual memory for the stack, which in
practice is enough to make the test stable on amd64.
PR: 259971
Reviewed by: ngie, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D54880
witness: mark relationships defined in order_lists[]
Mark the lock relationships defined in order_lists[] and use that
information to print better messages when a LOR violates one of these
relationships.
Suggested by: markj
Reviewed by: kib, markj
MFC after: 1 month
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54903
openssl: Fix multiple vulnerabilities
This is a rollup commit from upstream to fix:
Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)
See https://openssl-library.org/news/secadv/ for additional details.
Approved by: so
Obtained from: OpenSSL
Security: FreeBSD-SA-26:01.openssl
Security: CVE-2025-68160
Security: CVE-2025-69418
Security: CVE-2025-69419
[4 lines not shown]
openssl: Fix multiple vulnerabilities
This is a rollup commit from upstream to fix:
Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)
See https://openssl-library.org/news/secadv/ for additional details.
Approved by: so
Obtained from: OpenSSL
Security: FreeBSD-SA-26:01.openssl
Security: CVE-2025-15467
Security: CVE-2025-68160
[6 lines not shown]
openssl: Fix multiple vulnerabilities
This is a rollup commit from upstream to fix:
Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)
Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)
"openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)
TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)
Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)
See https://openssl-library.org/news/secadv/ for additional details.
Approved by: so
[14 lines not shown]
openssl: Fix multiple vulnerabilities
This is a rollup commit from upstream to fix:
Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)
Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)
"openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)
TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)
Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)
See https://openssl-library.org/news/secadv/ for additional details.
Approved by: so
[14 lines not shown]
bluetooth: Don't use a non-string to initialize NG_HCI_BDADDR_ANY
Explicitly use an array of 6 zeroes instead of a C string containing
nul characters. GCC 15 warns about the truncation, but this is
cleaner regardless.
In file included from /usr/obj/.../amd64.amd64/tmp/usr/include/bluetooth.h:51,
from usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:45:
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c: In function 'register_sdp':
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:96:13: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (7 chars into 6 available) [-Werror=unterminated-string-initialization]
96 | NG_HCI_BDADDR_ANY, (const uint8_t *)&record, sizeof(record),
| ^~~~~~~~~~~~~~~~~
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D54869
kyua: Workaround unclear warning from GCC
GCC 15 does not like a push_back() invocation in utils::find_core()
and incorrectly believes libc++ will free a non-heap pointer. Disable
the warning to pacify GCC.
In function 'void std::__1::__libcpp_operator_delete(_Args ...) [with _Args = {void*, long unsigned int}]',
inlined from 'void std::__1::__do_deallocate_handle_size(void*, size_t, _Args ...) [with _Args = {}]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:298:39,
inlined from 'void std::__1::__libcpp_deallocate(void*, size_t, size_t)' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:311:39,
inlined from 'void std::__1::allocator<_Tp>::deallocate(_Tp*, size_t) [with _Tp = utils::fs::path]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocator.h:132:31,
inlined from 'static void std::__1::allocator_traits<_Alloc>::deallocate(allocator_type&, pointer, size_type) [with _Alloc = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocator_traits.h:314:19,
inlined from 'std::__1::__split_buffer<_Tp, _Allocator>::~__split_buffer() [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>&]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__split_buffer:365:31,
inlined from 'std::__1::vector<_Tp, _Alloc>::pointer std::__1::vector<_Tp, _Alloc>::__push_back_slow_path(_Up&&) [with _Up = utils::fs::path; _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1504:1,
inlined from 'void std::__1::vector<_Tp, _Alloc>::push_back(value_type&&) [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1526:34,
inlined from 'utils::optional<utils::fs::path> utils::find_core(const fs::path&, const process::status&, const fs::path&)' at contrib/kyua/utils/stacktrace.cpp:217:25:
/usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:274:38: error: 'void operator delete(void*, size_t)' called on pointer '<unknown>' with nonzero offset [24, 9223372036854775807] [-Werror=free-nonheap-object]
274 | __builtin_operator_delete(__args...);
| ^
In function 'void* std::__1::__libcpp_operator_new(_Args ...) [with _Args = {long unsigned int}]',
[13 lines not shown]
bsd.sys.mk: Silence a few GCC warnings for C++
These warnings were already marked with -Wno-error=, but they trigger
so many false positives in libc++ headers to be utterly useless for
C++ code, so disable them entirely for C++.
Reviewed by: imp, dim
Differential Revision: https://reviews.freebsd.org/D54867
netbsd-tests t_regex_att: Use __nonstring for a non-string constant
Fixes the following warning from GCC 15:
contrib/netbsd-tests/lib/libc/regex/t_regex_att.c:54:30: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (4 chars into 3 available) [-Werror=unterminated-string-initialization]
54 | static const char delim[3] = "\\\\\0";
| ^~~~~~~~
Reviewed by: ngie, imp, dim
Differential Revision: https://reviews.freebsd.org/D54866
Merge commit 81b20e110b3f from llvm git (by Roland McGrath):
[libc++] Work around new GCC 15 type_traits builtins that can't be
used as Clang's can (#137871)
GCC 15 has added builtins for various C++ type traits that Clang
already had. Since `__has_builtin(...)` now finds these, the #if
branches previously only used for Clang are now used for GCC 15.
However, GCC 15 requires that these builtins only be used in type
aliases, not in template aliases.
For now, just don't use the `__has_builtin(...)` branches under newer
GCC versions, so both 14 and 15 work during the transition. This
can be cleaned up later to use all the GCC 15 builtins available.
Fixed: #137704
Fixed: #117319
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D54865
