OPNSense/src 7efda34sys/dev/wg if_wg.c

if_wg: use proper barriers around pkt->p_state

Without appropriate load-synchronization to pair with store barriers in
wg_encrypt() and wg_decrypt(), the compiler and hardware are often
allowed to reorder these loads in wg_deliver_out() and wg_deliver_in()
such that we end up with a garbage or intermediate mbuf that we try to
pass on.  The issue is particularly prevalent with the weaker
memory models of !x86 platforms.

Switch from the big-hammer wmb() to more explicit acq/rel atomics to
both make it obvious what we're syncing up with, and to avoid somewhat
hefty fences on platforms that don't necessarily need this.

With this patch, my dual-iperf3 reproducer is dramatically more stable
than it is without on aarch64.

PR:             264115
Reviewed by:    andrew, zlei

(cherry picked from commit 3705d679a6344c957cae7a1b6372a8bfb8c44f0e)
DeltaFile
+4-6sys/dev/wg/if_wg.c
+4-61 files

OPNSense/src 358e20esys/opencrypto criov.c

crypto: Advance the correct pointer in crypto_cursor_copydata()

PR:             271766
Reported by:    Michael Laß <bevan at bi-co.net>
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D40468

(cherry picked from commit 9f7fdd8c1ab153104275e59b49b2d567cec95256)
DeltaFile
+1-1sys/opencrypto/criov.c
+1-11 files

OPNSense/src 77b1d4dsys/opencrypto criov.c

opencrypto: Handle end-of-cursor conditions in crypto_cursor_segment()

Some consumers, e.g., swcr_encdec(), may call crypto_cursor_segment()
after having advanced the cursor to the end of the buffer.  In this case
I believe the right behaviour is to return NULL and a length of 0.

When this occurs with a CRYPTO_BUF_VMPAGE buffer, the cc_vmpage pointer
will point past the end of the page pointer array, so
crypto_cursor_segment() ends up dereferencing a random pointer before
the function returns a length of 0.  The uio-backed cursor has
a similar problem.

Address this by keeping track of the residual buffer length and
returning immediately once the length is zero.

PR:             271766
Reported by:    Andrew "RhodiumToad" Gierth <andrew at tao11.riddles.org.uk>
Reviewed by:    jhb
MFC after:      1 week

    [4 lines not shown]
DeltaFile
+27-7sys/opencrypto/criov.c
+27-71 files

OPNSense/src bf7adf6sys/opencrypto cbc_mac.c

opencrypto: Respect alignment constraints in xor_and_encrypt()

Copy operands to an aligned buffer before performing operations which
require alignment.  Otherwise it's possible for this code to trigger an
alignment fault on armv7.

Reviewed by:    jhb
MFC after:      2 weeks
Sponsored by:   Klara, Inc.
Sponsored by:   Stormshield
Differential Revision:  https://reviews.freebsd.org/D41211

(cherry picked from commit 96c2538121390c872f68ac48f97b35fb973c11dc)
DeltaFile
+8-11sys/opencrypto/cbc_mac.c
+8-111 files

OPNSense/src 8b6369bsys/crypto/ccp ccp.c, sys/dev/cxgbe/crypto t4_crypto.c

ccr,ccp: Fix argument order to sglist_append_vmpages.

The offset comes before the byte count.

Reported by:    br
Reviewed by:    asomers, markj
MFC after:      1 week
Sponsored by:   DARPA
Differential Revision:  https://reviews.freebsd.org/D38375

(cherry picked from commit 70efe1a2fe13642732e56c7f040fe63f62bc6a6b)
DeltaFile
+1-1sys/crypto/ccp/ccp.c
+1-1sys/dev/cxgbe/crypto/t4_crypto.c
+2-22 files

OPNSense/src 8d1f37bsys/crypto sha1.c

crypto: another annotation fix
DeltaFile
+0-2sys/crypto/sha1.c
+0-21 files

OPNSense/src 9578562sys/crypto/openssl/arm bsaes-armv7.S

ossl: Add missing labels to bsaes-armv7.S

There is a bug in the OpenSSL script which generates this file; the bug
is in the process of being fixed upstream.

Specifically, when generating the output, bsaes-armv7.pl strips some
labels that are used when the output asm is compiled with __KERNEL__
defined, resulting in a build error.  As a step towards adding armv7
support to ossl(4), manually patch the generated asm.  The upstream fix
will be imported later.

Reviewed by:    andrew, jhb, emaste
MFC after:      1 week
Sponsored by:   Klara, Inc.
Sponsored by:   Stormshield
Differential Revision:  https://reviews.freebsd.org/D41303

(cherry picked from commit 454c425dbed1d341025c71a8645011a980e20ccd)
DeltaFile
+4-4sys/crypto/openssl/arm/bsaes-armv7.S
+4-41 files

OPNSense/src 6f471dasys/opencrypto cbc_mac.c criov.c

opencrypto: clear the differences to stable/13
DeltaFile
+0-2sys/opencrypto/cbc_mac.c
+0-2sys/opencrypto/criov.c
+0-2sys/opencrypto/crypto.c
+0-2sys/opencrypto/cryptodeflate.c
+0-2sys/opencrypto/cryptodev.c
+0-2sys/opencrypto/cryptosoft.c
+0-1215 files not shown
+0-4221 files

OPNSense/src aa4fd75sys/net vnet.h

vnet: add CURVNET_ASSERT_SET for !VIMAGE

Reported by:    ler
Sponsored by:   Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 430e0e409ce94246bb252cbdddef866fc69dea95)
DeltaFile
+1-0sys/net/vnet.h
+1-01 files

OPNSense/src 878c694sys/net vnet.h

vnet: add CURVNET_ASSERT_SET

Reviewed by:    kp
Sponsored by:   Rubicon Communications, LLC ("Netgate")
Differential Revision:  https://reviews.freebsd.org/D34312

(cherry picked from commit 75cde1f872a4dc2187e6d172e5a5e69a2b3a59cf)
DeltaFile
+4-0sys/net/vnet.h
+4-01 files

OPNSense/src 58b0ed1sys/netipsec xform_esp.c

ipsec esp: avoid dereferencing freed secasindex

(cherry picked from commit 1a56620b7958cac2b9048589cb730c46958ab539)
DeltaFile
+7-0sys/netipsec/xform_esp.c
+7-01 files

OPNSense/src 0475af2contrib/ofed/libirdma irdma_user.h irdma_uk.c, sys/dev/irdma irdma_verbs.c irdma_kcompat.c

irdma(4): Upgrade to 1.2.36-k

Update Intel irdma driver to version 1.2.36-k.

Notable changes:

- Start using ib_sge directly instead of irdma_sge
- Turn off flush completion generator for libirdma
- Minor formatting changes

Signed-off-by: Bartosz Sobczak <bartosz.sobczak at intel.com>
Signed-off-by: Eric Joyner <erj at FreeBSD.org>

Reviewed by:    erj@
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D43567

(cherry picked from commit 5b5f7d0e77a9eee73eb5d596f43aef4e1a3674d8)
DeltaFile
+45-157sys/dev/irdma/irdma_verbs.c
+10-188contrib/ofed/libirdma/irdma_user.h
+42-64contrib/ofed/libirdma/irdma_uk.c
+37-59sys/dev/irdma/irdma_kcompat.c
+57-38sys/dev/irdma/irdma_ctrl.c
+25-64contrib/ofed/libirdma/irdma_uverbs.c
+216-57031 files not shown
+422-78937 files

OPNSense/src 65147f6contrib/ofed/libirdma irdma_uverbs.c irdma_umain.h

irdma(4): remove artificial completion generator

Removing artificial completion generator as there had been no indication
of the code being required for E810 cards.  Further more it was found
that the code may have unpleasant side effects on user experience when
using ucmatose tool.

Signed-off-by: Bartosz Sobczak <bartosz.sobczak at intel.com>
Signed-off-by: Eric Joyner <erj at FreeBSD.org>

Reviewed by:    erj@
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D41593

(cherry picked from commit ffafa6a4d157e49e6b12567958c4ab0c9151c080)
DeltaFile
+1-160contrib/ofed/libirdma/irdma_uverbs.c
+0-8contrib/ofed/libirdma/irdma_umain.h
+1-1682 files

OPNSense/src c185757sys/netinet6 nd6_nbr.c scope6.c

netinet6: Fix two typos in source code comments

- s/adddress/address/

(cherry picked from commit 496432f192165b8700da4b0ab8ebdd253002e265)
DeltaFile
+1-1sys/netinet6/nd6_nbr.c
+1-1sys/netinet6/scope6.c
+2-22 files

OPNSense/src 03723b1sys/netinet/cc cc_cubic.c

tcp: cubic - restart epoch after RTO

This is a migitation to avoid sudden extreme jumps in
cwnd, as t_epoch can be very out of date after an RTO.
Per RFC9438, sec 4.8, t_epoch is to be reset whenever
cwnd grows beyond ssthresh (CC phase transitions from
slow start to congestion avoidance), to be fixed with
the upcoming cc_cubic changes.

MFC after:              3 days
Reviewed By:            cc, #transport
Sponsored by:           NetApp, Inc
Differential Revision:  https://reviews.freebsd.org/D44023

(cherry picked from commit 038699a8f18a0a651ee06b85fa1dbbee1eab56f1)
DeltaFile
+1-0sys/netinet/cc/cc_cubic.c
+1-01 files

OPNSense/src 7b99b5fsys/netinet/cc cc_htcp.c

tcp: prevent div by zero in cc_htcp

Make sure the divident is at least one. While cwnd should
never be smaller than t_maxseg, this can happen during
Path MTU Discovery, or when TCP options are considered
in other parts of the stack.

PR:                     276674
MFC after:              3 days
Reviewed By:            tuexen, #transport
Sponsored by:           NetApp, Inc.
Differential Revision:  https://reviews.freebsd.org/D43797

(cherry picked from commit 38983d40c18ec5705dcba19ac320b86c5efe8e7e)
DeltaFile
+3-3sys/netinet/cc/cc_htcp.c
+3-31 files

OPNSense/src 61e3a1esys/netinet sctp_indata.c

sctp(4): Fix a typo in a source code comment

- s/anthing/anything/

(cherry picked from commit 2fb174d18a42d1b2965164186843540ee65881ea)
DeltaFile
+1-1sys/netinet/sctp_indata.c
+1-11 files

OPNSense/src 76bf853sys/netinet tcp_hpts.c

tcp_hpts: Fix a typo of a function name in a comment

- s/tcp_ouput/tcp_output/

(cherry picked from commit ef0ac0a1ad6750291b881203030384b7f7241efb)
DeltaFile
+1-1sys/netinet/tcp_hpts.c
+1-11 files

OPNSense/src f5dc131sbin/ifconfig ifieee80211.c, sys/net80211 ieee80211.h ieee80211_vht.c

net80211: adjust more VHT structures/fields

Replace ieee80211_ie_vhtcap with ieee80211_vht_cap and
ieee80211_ie_vht_operation with ieee80211_vht_operation.
The "ie" version has the two bytes type/length at the beginning which
we did not actually use as such (the one place doing did just as unused
extra work).

Using the non-"ie" versions allows us to re-use them on shared code.
Using an enum helps us to not accidentally get unsuppored or unhandled
values tough we cannot use it in the struct as we need to ensure the
field width.

ieee80211_vht_operation is guarded by _KERNEL/WANT_NET80211.  While the
header is supposed to be exported to user land historically, software
such as wpa bring their own structure definitions.  For in-tree usage
it is only ifconfig which really cares (at least for now).

Sponsored by:   The FreeBSD Foundation

    [4 lines not shown]
DeltaFile
+17-21sys/net80211/ieee80211.h
+24-8sbin/ifconfig/ifieee80211.c
+6-17sys/net80211/ieee80211_vht.c
+8-8sys/net80211/ieee80211_output.c
+2-2sys/net80211/ieee80211_hostap.c
+2-2sys/net80211/ieee80211_vht.h
+59-581 files not shown
+61-607 files

OPNSense/src f7b006esys/dev/re if_re.c

if_re: Generate an address if there is none in the EEPROM

There exists hardware that has no ethernet address burned into
the EEPROM. Loading if_re on such a HW brings the device up
with '00:00:00:00:00:00' as the address, and that doesn't get
you too far in a real network.

PR: 262406
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/670
Signed-off-by: Evgeni Golov <evgeni at debian.org>
Differential Revision: https://reviews.freebsd.org/D34485
(cherry picked from commit 55747938b5c4c913f742fd03189f0c660ced7bef)
DeltaFile
+5-0sys/dev/re/if_re.c
+5-01 files

OPNSense/src ffa3953sys/dev/wg if_wg.c

wg: Attempt to detect loops in netmap mode

Given a netmap application which bridges the netmap and host ring pairs
for a wg interface, it's theoretically possible for a loop to arise.  In
particular, try to catch the case where an encrypted frame transmitted
from the netmap TX ring is received locally, decrypted, and placed on
the netmap RX ring.  Because the packet is delivered to userspace, mbuf
tags are lost, so the existing mechanism for detecting tunnel loops
doesn't work.

Taken from: https://github.com/markjdb/freebsd/commit/046c453af8584
DeltaFile
+9-0sys/dev/wg/if_wg.c
+9-01 files

OPNSense/src 8686974sys/netpfil/pf pf_ioctl.c

pf: uncomment counter asserts after mem leak fix

Reviewed by:    kp
Differential Revision:  https://reviews.freebsd.org/D43657

(cherry picked from commit 9d784da3a7af9b9b04536c2e97459a7d9f92e364)
DeltaFile
+0-5sys/netpfil/pf/pf_ioctl.c
+0-51 files

OPNSense/src 15e7db3libexec/rc rc.conf

rc.conf: correct $ntp_leapfile_sources

IETF is no longer serving leap-seconds.list.  Update to the canonical place.

This fixes "service ntpd fetch".

IERS is the source of truth for leap seconds. Their leapsecond file is
updated most quickly and is always right (unlike the IANA one which
often lags). IERS operates this public service for the express purpose
of random people downloading it. Their terms of service are compatible
with open source (we could include this in our release). Rather than
fighting with questions around this because the IANA one changed
locations or the auto update script broken, just use this.

This is in preference to the NIST ftp copy. NIST is in the process of
retiring their FTP services.

Sponsored by:           Netflix
Reviewed by:            philip, delphij, cy

    [9 lines not shown]
DeltaFile
+2-2libexec/rc/rc.conf
+2-21 files

OPNSense/src 874b03eusr.sbin/periodic/etc/daily 480.leapfile-ntpd

periodic/daily/480.leapfile-ntpd: only attempt to refresh leap-seconds.list
when ntpd is enabled.

The leap-seconds.list is used exclusively by ntpd, therefore, do not bother
to perform the fetch when ntpd is not enabled.

PR:             conf/275419
Reviewed by:    cy, michaelo, imp
Differential Revision: https://reviews.freebsd.org/D42875

(cherry picked from commit 3b3195f6767b39eb33b3523134ef988931c9c86d)
(cherry picked from commit 3ef596c6e80562710da09c16558d7351749ea143)

Security:       FreeBSD-EN-24:01.tzdata
Approved by:    so (gordon)
DeltaFile
+2-2usr.sbin/periodic/etc/daily/480.leapfile-ntpd
+2-21 files

OPNSense/src f95ea10. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump the branch version.

Approved by:    so
DeltaFile
+17-0UPDATING
+1-1sys/conf/newvers.sh
+18-12 files

OPNSense/src e63fd4fsys/kern tty.c

jail: Fix information leak.

There is a lack of proper visibility checking in kern.ttys sysctl handler
which leads to information leak about processes outside the current jail.

This can be demonstrated with pstat -t: when called from within a jail,
it will output all terminal devices including process groups and
session leader process IDs:

        jail# pstat -t | grep pts/ | head
              LINE   INQ  CAN  LIN  LOW  OUTQ  USE  LOW   COL  SESS  PGID STATE
             pts/2  1920    0    0  192  1984    0  199     0  4132 27245 Oi
             pts/3  1920    0    0  192  1984    0  199    16 24890 33627 Oi
             pts/5     0    0    0    0     0    0    0    25 17758     0 G
            pts/16     0    0    0    0     0    0    0     0 52495     0 G
            pts/15     0    0    0    0     0    0    0    25 53446     0 G
            pts/17     0    0    0    0     0    0    0  6702 33230     0 G
            pts/19     0    0    0    0     0    0    0    14  1116     0 G
             pts/0     0    0    0    0     0    0    0     0  2241     0 G

    [22 lines not shown]
DeltaFile
+22-4sys/kern/tty.c
+22-41 files

OPNSense/src 767c4c1usr.sbin/bhyveload bhyveload.c

bhyveload: use a dirfd to support -h

Don't allow lookups from the loader scripts, which in rare cases may be
in guest control depending on the setup, to leave the specified host
root.  Open the root dir and strictly do RESOLVE_BENEATH lookups from
there.

cb_open() has been restructured a bit to work nicely with this, using
fdopendir() in the directory case and just using the fd we already
opened in the regular file case.

hostbase_open() was split out to provide an obvious place to apply
rights(4) if that's something we care to do.

Reviewed by:    allanjude (earlier version), markj
Approved by:    so
Security:       FreeBSD-SA-24:01.bhyveload
Security:       CVE-2024-25940


    [2 lines not shown]
DeltaFile
+58-27usr.sbin/bhyveload/bhyveload.c
+58-271 files

OPNSense/src b01703fsys/kern kern_sig.c

EVFILT_SIGNAL: do not use target process pointer on detach

PR:     275286
Approved by:    so
Security:       FreeBSD-EN-24:03.kqueue

(cherry picked from commit ed410b78edc53e17b5a3e93ace2adbeb3a734ae9)
(cherry picked from commit 55e91944998c128d74b94b9b48a04ef41ff5e9d0)
DeltaFile
+1-3sys/kern/kern_sig.c
+1-31 files

OPNSense/src e056b01lib/libutil login_class.c

setusercontext(): Apply personal settings only on matching effective UID

Commit 35305a8dc114 (r211393) added a check on whether 'uid' was equal
to getuid() before calling setlogincontext().  Doing so still allows
a setuid program to apply resource limits and priorities specified in
a user-controlled configuration file ('~/.login_conf') where
a non-setuid program could not.  Plug the hole by checking instead that
the process' effective UID is the target one (which is likely what was
meant in the initial commit).

PR:                     271750
Reviewed by:            kib, des
Sponsored by:           Kumacom SAS
Differential Revision:  https://reviews.freebsd.org/D40351
Approved by:            so
Security:               FreeBSD-EN-24:02.libutil

(cherry picked from commit 892654fe9b5a9115815c30a423b8db47185aebbd)


    [3 lines not shown]
DeltaFile
+1-1lib/libutil/login_class.c
+1-11 files

OPNSense/src e1bb097contrib/tzdata leap-seconds.list asia

contrib/tzdata: import tzdata 2024a

Changes: https://github.com/eggert/tz/blob/2024a/NEWS
Approved by:    so
Security:       FreeBSD-EN-24:01.tzdata

(cherry picked from commit 2723c7ffb7f729a1d3f7c59e7db48b0edf3d30a6)
(cherry picked from commit f4256acec1c980b7d08e9e526be6d2a7c4751f0b)
DeltaFile
+89-224contrib/tzdata/leap-seconds.list
+109-65contrib/tzdata/asia
+65-33contrib/tzdata/zishrink.awk
+68-0contrib/tzdata/NEWS
+42-11contrib/tzdata/Makefile
+21-16contrib/tzdata/theory.html
+394-34911 files not shown
+477-39117 files