BSD Commit Log Search

dns/rfc2136: add missing changelog

dnsmasq: fix option values

monit: remove duplication from these strange test types

tests.xml doesn't list the field so none of this is ever shown
and most could probably be removed, but I have no idea how this
is supposed to work.  The default type is pinned to Custom.

system: simplify option values in trust

intrusion detection: clean up option values

openvpn: clean up these option values

Push flags not always mention "push" in label but their
context is clear and keys do not change so simplify.

interfaces: simplify VLAN type selection

Although 802.1Q is correct we don't need the translation
and can make all of it a bit shorter.

net/frr: OSPF/OSPF6 More visibility and safety for ModelRelationField references (#5459)

* Allow multiple prefix list selections in a route map in OSPF6 as well

* Improve visibility for route-maps and prefix-lists in OSPF/OSPF6 and enable internalModelUseSafeDelete

Improve visibility for route-maps and prefix-lists in OSPF/OSPF6 and enable internalModelUseSafeDelete

unbound: trim option values

This works since https://github.com/opnsense/core/commit/b187227683de93cb705d6290090aaa708354edf1

firewall: this works and I don't get it

src: expand lint and fix a few easy ones

trim this as well

trim this

leftover here

safeguard post as well

Services: Kea DHCPv4: Add DHCP4 compatibility options (#10336)

Refs: https://kea.readthedocs.io/en/stable/arm/dhcp4-srv.html#dhcp4-compatibility"

Co-authored-by: Franco Fichtner <franco at lastsummer.de>
Co-authored-by: Monviech <79600909+Monviech at users.noreply.github.com>

unbound: blocklist improvements (#10149)

* Organizes DNSBLs by provider/category.
* Adds the Social Network blocklist by hegizi.
* The tester now gives you the DNSBL name and category instead of its shortcode.

fix ACL and menu

update plist

Reporting: Settings: convert to MVC

make: add linter pass for the situation b187227683d addresses

mvc: OptionField: allow empty values in options

This falls back to the key which isn't going to be translated
since it's likely a technical term or keyword.

Also translate the $subvalue which appears to have been missed
before.

net/ndproxy: set EoL

Add UPDATING entries and bump version

Approved by:    so

cap_net: do not allow new limits to drop keys from the old ones

If the old limit had family/hosts/sockaddr set, the new limit must
have them too. Before, a missing key in the new limit was treated as
"allow any", which let a caller silently extend their limits.

Approved by:    so
Security:       FreeBSD-SA-26:24.cap_net
Security:       CVE-2026-45254
Reported by:    Joshua Rogers of AISLE Research Team
Reviewed by:    markj
MFC after:      1 day
Differential Revision:  https://reviews.freebsd.org/D56991

(cherry picked from commit d705a519525f2acae3c1efba11436ec6ee8aea0a)
(cherry picked from commit b79faca1c5964d89c125d02de35928b733041f3f)

bsdconfig: Make sure that SSID names are properly escaped

The f_menu_wpa_scan_results() function returns a list of networks
discovered by a scan.  The untrusted network names are evaluated in
f_dialog_menu_wireless_edit.  The quoting applied in
f_menu_wpa_scan_results() protects against evaluation of something like
"$(whoami)" but one can add single quotes to defeat that.

Pass the SSID names through f_shell_escape to work around this.  Escape
single quotes in f_dialog_wireless_edit() and f_menu_wireless_configs()
too for consistency.

I note that this module doesn't seem to actually work, see e.g.,
bugzilla PR 229883.

Approved by:    so
Security:       FreeBSD-SA-26:23.bsdinstall
Security:       CVE-2026-45255
Reported by:    Austin Ralls

    [2 lines not shown]

bsdinstall: Avoid invoking eval on the wlan SSID list

The wlanconfig utility is not careful about handling untrusted network
names, which can contain shell metacharacters.  Factor network selection
into a subroutine and use the `set -- "$@"` trick to build up a list of
positional parameters for bsddialog without evaluating them.

Approved by:    so
Security:       FreeBSD-SA-26:23.bsdinstall
Security:       CVE-2026-45255
Reported by:    Austin Ralls
Reviewed by:    dteske, des, asiciliano
Differential Revision:  https://reviews.freebsd.org/D56973

libcasper: switch from select(2) to poll(2)

The previous implementation used FD_SET() on a stack-allocated fd_set,
which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE
(1024).

poll(2) takes an array indexed by slot rather than by fd value, so it
has no FD_SETSIZE limit.

Approved by:    so
Security:       FreeBSD-SA-26:22.libcasper
Security:       CVE-2026-39461
Reported by:    Joshua Rogers
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D56695

ptrace: Fix validation of PT_SC_REMOTE arguments

- Fix an off-by-one in the system call number check.  A value of
  SYS_MAXSYSCALL was permitted.
- Validate the system call number after we've dealt with
  syscall(2)/__syscall(2), since they pass the syscall number as an
  argument.
- When the syscall number is for syscall(2) or __syscall(2), we must
  make sure that nargs > 0 to avoid an underflow when shifting arguments
  down.

Add regression tests.

Approved by:    so
Security:       FreeBSD-SA-26:21.ptrace
Security:       CVE-2026-45253
Fixes:          140ceb5d956b ("ptrace(2): add PT_SC_REMOTE remote syscall request")
Reported by:    Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by:    kib, emaste
Differential Revision:  https://reviews.freebsd.org/D56978