BSD Commit Log Search

rtsock: Fix stack overflow

Approved by:    so
Security:       FreeBSD-SA-26:05.route
Security:       CVE-2026-3038
Fixes:          92be2847e845 ("rtsock: Avoid copying uninitialized padding bytes")

(cherry picked from commit f3be7df50f01d9a6ead9f27b55bb4dfd7dc4f9d2)
(cherry picked from commit df932377e7dd7dc536fa14612d9e80aa3554772e)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>

Merge remote-tracking branch 'origin/freebsd/15-stable/main' into hardened/15-stable/main

HBSD: Resolve merge conflict

Regen src.conf.5.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge remote-tracking branch 'origin/freebsd/15-stable/main' into hardened/15-stable/main

Conflicts:
        share/man/man5/src.conf.5 (unresolved)

Mitigate a case where TCP rack can send an extra ack.

Rack will in theory send an extra rate limited ack when we get to a closing state (sending a FIN) so that
if we have only 1 packet outstanding we might encourage the connection to close out. However it does this
always which is not always wise. Change it so that it only does that if its been more than an srtt since
we have had some activity i.e. a send or a receive of a packet.
Reviewed by:tuexen, rscheff
Differential Revision:<https://reviews.freebsd.org/D55459>

rtsock: Fix stack overflow

Approved by:    so
Security:       FreeBSD-SA-26:05.route
Security:       CVE-2026-3038
Fixes:          92be2847e845 ("rtsock: Avoid copying uninitialized padding bytes")

(cherry picked from commit f3be7df50f01d9a6ead9f27b55bb4dfd7dc4f9d2)

rtsock: Fix stack overflow

Approved by:    so
Security:       FreeBSD-SA-26:05.route
Security:       CVE-2026-3038
Fixes:          92be2847e845 ("rtsock: Avoid copying uninitialized padding bytes")

elf_common.h: Sort SHT_ entries

Reviewed by:    jrtc27
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55488

bhyve: Fix truncate_iov()

The implementation was simply wrong.  It would always just return the
first entry in the iovec, even if the requested length is larger than
that first entry.

Note, this function will be removed soon, see D53468.

Reported by:    Vinod p n <vinod272 at gmail.com>
Reviewed by:    des, emaste, Hans Rosenfeld <rosenfeld at grumpf.hope-2000.org>
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D55438

camcontrol: Print 'transport revision'

As described in Serial ATA Revision 3.5a

Reviewed by:    mav
Pull Request:   https://github.com/freebsd/freebsd-src/pull/2044

ngctl.8: fix incorrect synopsis

Tiny manpage bug I caused in D50241
I left a line in the manpage that shouldn't be there.

MFC after:      3 days
Fixes:          72d01e62b082 ("netgraph: teach ngctl to attach and run itself in a jail")
Reviewed by:    des, markj
Differential Revision:  https://reviews.freebsd.org/D55485

ngctl: Fix getline loop

I misremembered when I wrote this code: getline() returns -1 on EOF, not
zero, so the loop condition and the error check are both incorrect
(though in practice getline() will never return 0).

MFC after:      3 days
Fixes:          3cbdcabf714d ("ngctl: Modernize code somewhat")
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D55487

sys: Restore sorting in sys/elf_common.h

These various definitions are meant to be kept sorted by machine prefix.

Fixes:  2bb61497ca76 ("elf_common.h: Add definitions for LoongArch ELF files")

ffs.4: Mlink to ufs.4

PR:             293423
MFC after:      3 days
Requested by:   bms

sbin/geom: Convert err/warn() to xo_err/warn() and style(9) fixes

Finishing up the libxo conversion of geom by switching err(3) to their
libxo equivalents.

While here, fix some style(9) issues. There are still a few left, but at
least they're fewer now.

Reviewed by:    asomers
Approved by:    asomers (mentor)
Sponsored by:   ConnectWise
Differential Revision:  https://reviews.freebsd.org/D54938

(cherry picked from commit 821243b3877d90290ba519f2aeccf6f48430db32)

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

libjail: avoid a double-free in the MAC label bits

As written, we'll repeatedly jps_free() the first element, which is
obviously bogus.  Fix it to index appropriately.

Fixes:  db3b39f063d9f ("libjail: extend struct handlers [...]")

src.conf.5: regen documenting WITH_IPFILTER_IPFS

(cherry picked from commit b9b1262a8ef95857101e538145703894e3b880b7)

options: describe WITH_IPFILTER_IPFS

Add a description for WITH_IPFILTER_IPFS.

Fixes:          0ff0c19e7f70 ("ipfilter: Disable ipfs(8) by default")
(cherry picked from commit c112ad75605ccdfcb8bbce2f57b0e7a077f057f8)

vfs_mount.c: Don't call VFS_MOUNT() if only exports are being updated

PR#293198 reports a hang within ZFS when exports
are being updated concurrently with a VOP_SETEXTATTR().
The hang appears to be caused by mishandling of the
z_teardown_lock, but fixing handling of this lock appears
to be a major effort. Since the hang occurs when
VFS_MOUNT() acquires a write/exclusive z_teardown_lock,
which rarely occurs, except when exports are being updated,
this patch avoids the VFS_MOUNT() call for this case.

Avoiding a VFS_MOUNT() call fixes the hang for the case
reported by PR#293198 and is also an optimization.
As such, this patch avoids the VFS_MOUNT() call when only exports
are being updated similar to what was already being done
within vnet prisons.

PR:     293198

(cherry picked from commit 935cf3284f520c90a63baaadb762caaa30084f5c)

syslogd/tests: use kern.features to detect INET support

This fixes INET feature detection with kernel configs
that do not include the kern.conftxt sysctl, such as
riscv64 currently[0].

[0] https://ci.freebsd.org/view/Test/job/FreeBSD-main-riscv64-test/16514/testReport/usr.sbin.syslogd/syslogd_forwarded_format_test/O_flag_bsd_forwarded_legacy/

Reviewed by:    markj
Approved by:    emaste (mentor)
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55383

(cherry picked from commit c721ceeb3ef0b29d06e6c3c634579f3bc85cc28b)

riscv: GENERIC: enable KERN_TLS

This unskips 585 sys/kern/ktls_test testcases[0] in CI. All 585 tests currently pass.

[0] https://ci.freebsd.org/view/Test/job/FreeBSD-main-riscv64-test/16514/testReport/sys.kern/

Approved by:            emaste (mentor)
MFC after:              3 days
Sponsored by:           The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55376

(cherry picked from commit 1e649491b8567151270095fda3bce8faea394952)

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main

multicast.4: Fix disabling multicast forwarding

Reviewed by: markj, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D55266

(cherry picked from commit f2c2e5b0bf9def01b10651b9802fa38d07d9d265)

OpenSSL: install EVP_CIPHER_CTX_get_app_data.3 once

A separate EVP_CIPHER_CTX_get_app_data.3 was added in the OpenSSL 3.5.5
import, but the link to EVP_EncryptInit.3 was still being installed
which stomped on the file and created inconsistent entries in the METALOG.

Reviewed by:    emaste
Found by:       package_check script in Cirrus-CI
Fixes:          1731fc70f734 ("OpenSSL: update vendor sources to match 3.5.5 content")
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D55332

(cherry picked from commit c4130a8a84e1ce0fc9c05d2b48f83e66ade302aa)