FreeBSD/src 07db030tests/sys/netinet socket_afinet.c

tests/socket_afinet: make multibind test more verbose on failure
DeltaFile
+5-1tests/sys/netinet/socket_afinet.c
+5-11 files

FreeBSD/src 51eb574tests/sys/netinet socket_afinet.c

tests/netinet/socket_afinet: reduce tautology in test cases names

Just avoid repeating the test program name in every test case name.
No functional change.

Reviewed by:            markj
Differential Revision:  https://reviews.freebsd.org/D56727
DeltaFile
+31-31tests/sys/netinet/socket_afinet.c
+31-311 files

FreeBSD/src 0bc0b0ctests/sys/netinet socket_afinet.c

tests/socket_afinet: extend bind_connected_port_test to cover more cases

- Test SOCK_DGRAM (UDP) sockets.
- Test binding to 0:port and to a addr:port in presence of connected socket
  using the port.

Differential Revision:  https://reviews.freebsd.org/D56707
DeltaFile
+105-28tests/sys/netinet/socket_afinet.c
+105-281 files

FreeBSD/src 57cc010tests/sys/netinet socket_afinet.c

tests/socket_afinet: make child_bind() return a full spectre of results

There is no functional change for existing tests, but allows to write a test
that would expect an immediate success of bind(2).
DeltaFile
+31-22tests/sys/netinet/socket_afinet.c
+31-221 files

FreeBSD/src 6b75f8fsys/netinet6 in6_pcb.c

inpcb: use correct mask in in6_pcblookup_lbgroup()

There is no visible bug fixed as in current tree masks are the same.

Fixes:  6883b120c53735ff1681ef96d257f376731f56b3
DeltaFile
+1-1sys/netinet6/in6_pcb.c
+1-11 files

FreeBSD/src 4f293e3cddl/usr.bin/ctfmerge ctfmerge.1

ctfmerge.1: Fix uniqlabel typos

The flag is -D, but it was written as a second -d. Add a period too.

MFC after:      3 days
DeltaFile
+2-2cddl/usr.bin/ctfmerge/ctfmerge.1
+2-21 files

FreeBSD/src a88932bsys/powerpc/conf QORIQ64

powerpc/conf: Remove temporary additions from QORIQ64

These were added during the DPAA driver rewrite, and should not have
gone in then.  Remove them.
DeltaFile
+0-3sys/powerpc/conf/QORIQ64
+0-31 files

FreeBSD/src 21ae611sys/powerpc/conf MPC85XX

powerpc: Remove DPAA from MPC85XX, it's 64-bit only now
DeltaFile
+0-1sys/powerpc/conf/MPC85XX
+0-11 files

FreeBSD/src 17f02f7sys/powerpc/booke pmap_32.c

powerpc/pmap: Fix 32-bit Book-E build
DeltaFile
+2-2sys/powerpc/booke/pmap_32.c
+2-21 files

FreeBSD/src a8566c7sys/dev/iicbus/rtc hym8563.c, sys/modules/i2c/hym8563 Makefile

hym8563: Fix 32-bit powerpc build

Depend on clknode_if.h in the module Makefile, so that it gets
explicitly built for the module.  Also, reduce the #if guards to only
the new clock output code, and gate them on all powerpc, not just
powerpc64.

Fixes:  6b77d34f("HYM8563: Add support for clock output.")
Reviewed by:    mmel
Differential Revision:  https://reviews.freebsd.org/D57795
DeltaFile
+11-7sys/dev/iicbus/rtc/hym8563.c
+1-0sys/modules/i2c/hym8563/Makefile
+12-72 files

FreeBSD/src 2b5d1d8sys/dev/rge if_rge.c

rge: Fix 32-bit powerpc build

Book-E powerpc has 64-bit bus_addr_t but only a 32-bit bus_size_t.  Use
the right macros for maxsize and maxsegsize to fix the build.

Fixes:  4bf8ce037 ("if_rge: initial import of if_rge driver from OpenBSD.")
Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D57794
DeltaFile
+2-2sys/dev/rge/if_rge.c
+2-21 files

FreeBSD/src 08cda4bshare/man/man4 ktls.4, sys/kern uipc_ktls.c

ktls: Add a tunable to disable TLS receive

TLS receive offload is really only beneficial for in-kernel use cases
(such as NFS over TLS) or when using a hardware offload.  In addition,
several recent SAs have involved the TLS receive path, but the only
current mitigation for those is to disable TLS offload entirely.

Reviewed by:    ziaee, gallatin, markj
Relnotes:       yes
Sponsored by:   Netflix
Sponsored by:   Chelsio Communications
Co-authored-by: John Baldwin <jhb at FreeBSD.org>
Differential Revision:  https://reviews.freebsd.org/D57974
DeltaFile
+58-32tests/sys/kern/ktls_test.c
+6-1sys/kern/uipc_ktls.c
+3-1share/man/man4/ktls.4
+67-343 files

FreeBSD/src 9cee481sys/kern uipc_ktls.c

ktls: Centralize the check for CBC ciphers

Move the check out of ktls_enable_(rx|tx) and into ktls_create_session.

Reviewed by:    gallatin, markj
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D57973
DeltaFile
+3-6sys/kern/uipc_ktls.c
+3-61 files

FreeBSD/src 43b1adelib/libpkgconf Makefile, lib/libpkgconf/libpkgconf config.h

pkgconf: match the update to version 2.9.93

This update brings spdxtool(1), with the ability to generate software
bill of material files (SBOM) in the SPDX 3.0.1 format (JSON-LD).

Reviewed by:    markj
Approved by:    markj
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57953
DeltaFile
+58-35lib/libpkgconf/libpkgconf/config.h
+29-4lib/libpkgconf/Makefile
+30-0usr.bin/spdxtool/Makefile
+4-4packages/pkgconf/pkgconf.ucl
+2-0usr.bin/pkgconf/Makefile
+1-0usr.bin/Makefile
+124-431 files not shown
+125-437 files

FreeBSD/src 592efe2contrib/pkgconf/cli main.c core.c, contrib/pkgconf/cli/spdxtool core.c

Merge commit '0cf7106da9f36671ef62142c27de98eee9d874d6' into khorben/pkgconf-2.9.93
DeltaFile
+173-1,493contrib/pkgconf/cli/main.c
+1,585-0contrib/pkgconf/tests/test-runner.c
+1,464-0contrib/pkgconf/cli/core.c
+194-975contrib/pkgconf/libpkgconf/win-dirent.h
+475-447contrib/pkgconf/libpkgconf/pkg.c
+854-0contrib/pkgconf/cli/spdxtool/core.c
+4,745-2,915542 files not shown
+24,800-6,437548 files

FreeBSD/src bb1e071sys/dev/asmc asmc.c asmcmmio.c

asmc: try PIO before MMIO to avoid false T2 detection

Add hw.asmc.system-state and hw.asmc.board-id read-only sysctls to
expose the T2 system state register and Mac board identifier via SMC.

Try PIO access before MMIO during probe to prevent false T2 detection
on Macs that happen to have something mapped at the T2 BAR address.

Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D57844
DeltaFile
+34-27sys/dev/asmc/asmc.c
+1-1sys/dev/asmc/asmcmmio.c
+1-1sys/dev/asmc/asmcvar.h
+36-293 files

FreeBSD/src a2d087bsys/net80211 ieee80211_crypto.c

net80211: fix CCMP/GCMP AAD for MFP frames

Update ieee80211_crypto_init_aad() to do what 802.11-2020 says -
only mask fc[0] bits 4-6 on data frames, not on management frames.
This (with other diffs to actually negotiate MFP and configure
ath(4) for MFP + software keys) allows the CCMP path to decrypt
CCMP MFP frames in the software path.

Differential Revision:  https://reviews.freebsd.org/D57799
DeltaFile
+7-2sys/net80211/ieee80211_crypto.c
+7-21 files

FreeBSD/src 126f82asys/dev/asmc asmc.c

asmc: deduplicate sensor converters and cause sysctls

Replace per-type spXX_to_milli() functions with a table-driven
asmc_sensor_convert() that looks up the divisor by SMC type string.

Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D57854
DeltaFile
+46-109sys/dev/asmc/asmc.c
+46-1091 files

FreeBSD/src 6a1bd52sys/dev/asmc asmc.c asmcvar.h

asmc: add system state and board identity sysctls

Add dev.asmc.0.system subtree with read-only sysctls for SMC diagnostic
and identity keys: shutdown_cause (MSSD), sleep_cause (MSSP),
thermal_status (MSAL), time_of_day (CLKT), power_state (MSPS),
board_id (RPlt), and chip_gen (RGEN).

Each sysctl is registered only if the key exists on the hardware.

Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D57853
DeltaFile
+220-0sys/dev/asmc/asmc.c
+86-0sys/dev/asmc/asmcvar.h
+306-02 files

FreeBSD/src 9ea1324usr.sbin/bhyve bhyverun.c

bhyve: Add CPU pinning diagnostic message

When pinning a vcpu to a hostcpu fails, print out a diagnostic message
to stderr indicating the failing CPU pair.

MFC after:      1 month
Reviewed by:    bnovkov
Differential Revision:  https://reviews.freebsd.org/D57619
DeltaFile
+10-4usr.sbin/bhyve/bhyverun.c
+10-41 files

FreeBSD/src 8a62a5fusr.sbin/syslogd syslogd.c syslogd_cap_config.c, usr.sbin/syslogd/tests syslogd_test.sh Makefile

syslogd: Handle connection errors when setting up forwarding sockets

Since syslogd was converted to run in a Capsicum sandbox, it needs to
explicitly connect() its forwarding sockets rather than using sendmsg().
At the time syslogd starts during boot, some of its forwarding
destinations may not be routable, in which case connect() fails.

Fix this by making connect() failures non-fatal, and use cap_net to
lazily connect sockets once something actually tries logging to the
destination.

Add a regression test.

Reported by:    ae
Reviewed by:    ae
Discussed with: jfree
Fixes:          4ecbee2760f7 ("syslogd: Open forwarding socket descriptors")
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D57394
DeltaFile
+111-23usr.sbin/syslogd/syslogd.c
+69-0usr.sbin/syslogd/tests/syslogd_test.sh
+7-0usr.sbin/syslogd/syslogd_cap_config.c
+1-2usr.sbin/syslogd/tests/Makefile
+188-254 files

FreeBSD/src 1361901tools/tools/git git-mfc git-mfc.1

tools: Add git-mfc

This is a utility that effectively wraps git-cherry-pick for performing
MFCs, though it has some other usages.  In addition to actually
cherry-pick the specified commits, it looks at the upstream branch for
fixup commits, denoted by a `Fixes:` tag which references the fixed
commit.

Aside from actually cherry-picking commits, git-mfc can also be used to
list pending MFCs (commits in the upstream branch which are eligible for
MFC based on the `MFC after` tag), and "dangling" MFCs, where a commit
was MFCed to the currently checked out stable branch, and the upstream
branch has one or more fixup commits which have not been merged.

The utility requires python and the gitpython module.

Reviewed by:    des
Differential Revision:  https://reviews.freebsd.org/D57845
DeltaFile
+523-0tools/tools/git/git-mfc
+288-0tools/tools/git/git-mfc.1
+811-02 files

FreeBSD/src 76aa776stand/common gfx_fb.c

stand: Fix shadow buffer offset handling

The shadow buffer is addressed relative to `tg_origin`, which includes
the padding offset, whereas `gfxfb_blt` operates on coordinates without
that offset. To make `gfx_fb_copy_area` emulate the behavior of
`gfxfb_blt`, the source coordinates must include the padding offset,
while the destination coordinates must not. The original implementation
omitted the offset from the source coordinates; this change corrects
that.

Additionally, `gfx_fb_cons_display` already applies the padding offset,
so the redundant adjustment is removed.

PR:             296246
Reported by:    2khramtsov at gmail.com
Reviewed by:    imp
Tested by:      2khramtsov at gmail.com, junchoon at dec.sakura.ne.jp,
naito.yuichiro_ at gmail.com
Fixes:          32da2f23ae4d

    [3 lines not shown]
DeltaFile
+15-11stand/common/gfx_fb.c
+15-111 files

FreeBSD/src eca2680sys/kern kern_sig.c subr_syscall.c, sys/sys sysent.h

kern: syscall_thread_enter() cannot fail

Attempting to handle the error gracefully can easily result in missing
SIGSYS, so this was made to always succeed in
39024a89146 ("syscalls: fix missing SIGSYS for several ENOSYS errors")
and returns the nosys entry on failure.

Drop the pretense of returning an error and clean up a few dead error
paths.

Reviewed by:    kib, markj
Differential Revision:  https://reviews.freebsd.org/D57848
DeltaFile
+2-6sys/kern/kern_sig.c
+1-5sys/kern/subr_syscall.c
+2-3sys/kern/kern_syscalls.c
+1-1sys/sys/sysent.h
+6-154 files

FreeBSD/src 1756d1csys/opencrypto ktls_ocf.c

ktls CBC decrypt: Avoid creating zero length iovec entries

If an mbuf's length in the chain for an encrypted TLS record exactly
matches the remaining length of header bytes to skip, skip the mbuf
entirely rather than adding a zero-length iovec entry.

Sponsored by:   Chelsio Communications
DeltaFile
+1-1sys/opencrypto/ktls_ocf.c
+1-11 files

FreeBSD/src b3041aclib/libiconv_modules/HZ citrus_hz.c, lib/libiconv_modules/UTF7 citrus_utf7.c

iconv(3): Fix problems in various encodings

Fix null pointer dereference with HZ8 encoding.

Fix output buffer overrun in UTF-7, VIQR, ZW encodings.

Approved by:    so
Security:       FreeBSD-SA-26:49.iconv
Security:       CVE-2026-58081
Reviewed by:    markj, kevans
Differential Revision:  https://reviews.freebsd.org/D57947
DeltaFile
+15-5lib/libiconv_modules/UTF7/citrus_utf7.c
+5-2lib/libiconv_modules/ZW/citrus_zw.c
+5-1lib/libiconv_modules/VIQR/citrus_viqr.c
+2-0lib/libiconv_modules/HZ/citrus_hz.c
+27-84 files

FreeBSD/src 034e21econtrib/netbsd-tests/lib/libc/locale t_iconv.c, lib/libiconv_modules/ISO2022 citrus_iso2022.c

iconv: Fix a stack buffer overflow in _ISO2022_sputwchar()

In the ISO2022-CN encoding, characters may require at least seven bytes,
and MB_LEN_MAX==6 is insufficient.  From code inspection,
_ISO2022_sputwchar() can emit 10 bytes in the worst case, so use that to
size buffers.

Add a regression test.

Approved by:    so
Security:       FreeBSD-SA-26:49.iconv
Security:       CVE-2026-58082
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D57950
DeltaFile
+20-0contrib/netbsd-tests/lib/libc/locale/t_iconv.c
+4-4lib/libiconv_modules/ISO2022/citrus_iso2022.c
+24-42 files

FreeBSD/src 10a7683contrib/netbsd-tests/lib/libc/locale t_iconv.c, lib/libc/tests/locale Makefile

iconv(3): Draft some automatic tests.

Based on a report by Nick Wellnhofer.

Approved by:    so
Security:       FreeBSD-SA-26:49.iconv
Reviewed by:    markj, kevans
Differential Revision:  https://reviews.freebsd.org/D57948
DeltaFile
+355-0contrib/netbsd-tests/lib/libc/locale/t_iconv.c
+1-0lib/libc/tests/locale/Makefile
+356-02 files

FreeBSD/src e4e6250sys/opencrypto ktls_ocf.c, tests/sys/kern ktls_test.c

ktls CBC decrypt: Only increment iovec index when an entry is used

If an mbuf in the chain was skipped because it only contained bytes
from the header, the iovec index ('i') was incremented even though the
entry was not populated.  Only increment 'i' when an iovec entry is
consumed.

Add a new type of KTLS receive test which writes a single TLS record
via two separate write(2) calls over a TCP_NODELAY socket to trigger
a split in the mbuf chain in the kernel.  Test various split locations
including after the "plain" TLS header (5 bytes), after the full TLS
header, in the middle of the data payload, just before the start of
the trailer, and in the middle of the trailer.  These tests are also
run against all supported ciphers, not just CBC.  The 'header' test
for CBC ciphersuites was able to trigger the bug.

Approved by:    so
Security:       FreeBSD-SA-26:46.ktls
Security:       CVE-2026-49423
Sponsored by:   Chelsio Communications
DeltaFile
+108-2tests/sys/kern/ktls_test.c
+2-1sys/opencrypto/ktls_ocf.c
+110-32 files

FreeBSD/src 5499a34sys/kern uipc_shm.c, tests/sys/posixshm posixshm_test.c

posixshm: Disallow truncation of largepage objects

We correctly handled ftruncate(), but not open(O_TRUNC).

Add a regression test.

Approved by:    so
Security:       FreeBSD-SA-26:44.posixshm
Security:       CVE-2026-49428
Reported by:    Chris Jarrett-Davies <chrisjd at openai.com>
Reviewed by:    kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57831
DeltaFile
+38-0tests/sys/posixshm/posixshm_test.c
+3-5sys/kern/uipc_shm.c
+41-52 files