From nobody Mon Aug 5 00:32:39 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wccpc11s0z5S8V8; Mon, 05 Aug 2024 00:32:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wccpc0T0Nz4Cs3; Mon, 5 Aug 2024 00:32:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722817960; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DRBpGOlqvtZe1NtjaXr5FSfz2M08OCLstahvWaiamTk=; b=AxlDv0vjSUJX7k6G0AlZG/Um0SfBddbsfeAxj0vl3H+3dcwM2GpIi6sKpvKA3uGKNxsX7g Rs2bPh41CgggBaKeki10ssiuw166vZdEa2Fxn+0YxYOka5TSJS9APcrEjArIkeJD6/iwl3 M5XXXTh7qAP7fc+6ZJrpOOcEKqUhYXABrfALdEfr8O7UVFh3asv2EaSEc/uE5k0RUb7676 0mPyMQLhQWMlozGt4aRCYqBDYc0S/HoEL3oytVHm8k9vUuxOYaGChycHGwW4195t719dLj pa5Viz1T41H7u2aXIyqcIeoHq2Ojq0fB3SUvrJeXcBJwHQw3bVfqHU2zvs+9vA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722817960; a=rsa-sha256; cv=none; b=T32VS3m3KNll5JBfi4pH+i8Gur3PWdzs5lBMggV8HDyr7uAcRiWLwGCDhxBRljTeX3FVlm BAt21cFI3tpTf6UfWpJXFCY/0EiJnRPE8SrEzNsYHRVX37xjrVxxzAI82eIUCJyNVbjkTH l4wQ5qYrE5PDEswJOqjcJSNZfGBPlAsOXN98nAhoGFfLCkiUUsldIX9Y7tCm4U6giXNn1x 3+ZjZuxl3Aw8wuK0chePwjpRSZfyvROShOXRPOLv1/7mY5bNJKtFvWGzjIAlFLgmyoOx2j eBYN0fb5DAui0hNy1CRGHaPak2qBdobK0+ezPr09qNkeb5MbNYJcAzxt74zHlg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722817960; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DRBpGOlqvtZe1NtjaXr5FSfz2M08OCLstahvWaiamTk=; b=iyFKY05th+VoXYN4KkqgZ2gSowAQLAC8RqaPpIK2n0g7hQWcWIE9Aj5yPfWrMw/FEkW3m6 UtFdAhjS5Kk4Aa1Ss1cWS2eyXXyWss4MbS2xVrGva+wsm8m6gH7USzU1RQHZIb77PuGPwe zApCkbjybU540upN4LHiSKBMLCL3lZ4TccWVgUIVdvtRTWpqQXHOpiNGysoxC4Vkvjm7sE QQGNcQlQDYhE3/giifpzk7MRXyqiNRX/q6q2XsiAoKgOm+HwzKKTjcUkIW9Ejb773l56r5 /SNbVzXCm9ZdmjttCqNjAFl1Eaa0Iz/GyQMF/Fiz1tr/wF/n8bTVTLCmnbLC1w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wccpc04HYz1G9j; Mon, 5 Aug 2024 00:32:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4750WdbL003055; Mon, 5 Aug 2024 00:32:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4750WdtB003052; Mon, 5 Aug 2024 00:32:39 GMT (envelope-from git) Date: Mon, 5 Aug 2024 00:32:39 GMT Message-Id: <202408050032.4750WdtB003052@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: f0d4329dc213 - stable/14 - rtld(1): Spell value as VALUE, not NAME List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: f0d4329dc213c7ef336d1bc3282b4f861f8ea8b3 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=f0d4329dc213c7ef336d1bc3282b4f861f8ea8b3 commit f0d4329dc213c7ef336d1bc3282b4f861f8ea8b3 Author: Konstantin Belousov AuthorDate: 2024-07-25 11:50:01 +0000 Commit: Konstantin Belousov CommitDate: 2024-08-05 00:32:11 +0000 rtld(1): Spell value as VALUE, not NAME (cherry picked from commit bc25bc6850e512c4c45effdff6178d20b5eca558) --- libexec/rtld-elf/rtld.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libexec/rtld-elf/rtld.1 b/libexec/rtld-elf/rtld.1 index 4cc5b639c89a..992138b1ffc0 100644 --- a/libexec/rtld-elf/rtld.1 +++ b/libexec/rtld-elf/rtld.1 @@ -352,7 +352,7 @@ The syntax of the direct invocation is .Op Fl b Ar exe .Op Fl d .Op Fl f Ar fd -.Op Fl o Ar OPT=NAME +.Op Fl o Ar OPT=VALUE .Op Fl p .Op Fl u .Op Fl v From nobody Mon Aug 5 00:32:41 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wccpd37wYz5S8bB; Mon, 05 Aug 2024 00:32:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wccpd1l7xz4DF1; Mon, 5 Aug 2024 00:32:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722817961; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g4Pe8Xd6xEsyS40JCaeqdd23qoS0EYdOgKaq96C+iXQ=; b=psBSj4YJpOElRlvV0HG1m/4CaVS9TJRc7KgxvmmAwvT76Wl2brxjQiMMZ5lifkyqVMbx8K 0ecJHZJnUHFRuf+gip+sRO+TDbt1G0eJmgYoVZO/Qmmn8oWEP0cwe2mRSrQFNaTylzKZ/s qWR+KjLboBz5yuBFT9hpOYWnBlqc3yzrpjJLryRzAdYAT2OUhw8EzmS3B+CIRjeWZcLmM6 ajg9SAKrPbKU27ciIqLY19rgYhS2tEpnSiiQLxCrWU+CebAxvdfQoS7vyx3bH64ladja+W jsagFtDPb73yUHYUWzmktVK+IwKtTis6ZyA+5j9qYIiwTUtrFPXvGJAK3d+hSQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722817961; a=rsa-sha256; cv=none; b=ntBW9V9FhGC/Yp25/b31Y/m+SB9igvLV6u3hFCYzGyM1XZ+81/KjCD5x1AS+ZtyvHxpQjg ulwTQTho6BIclJbgHC15Z/X39uimKrTOzyhVSWWrJ452pw4fOu2iEV7QVtLnYeEUgRj5g6 MwPsXWcHBhvksIqx9l9AxnUJggfEzfpUoVqb28v+cL1LrZBIo975FJqluMsYn5v5uqLDUX uPlemF5wfBEwIci9I75etMu2y8pBEZY5iFypAHF16FgIoyzDXs1rynVh4fH8o9xu4wcFH+ 3O/F7nI423SjKD9Vv3D5ucHnZ90OcEZq87xgc4su9ykfn0CRxnXdtKzXrg118w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722817961; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g4Pe8Xd6xEsyS40JCaeqdd23qoS0EYdOgKaq96C+iXQ=; b=Gxr5rTv3SGtPb6ST2IYB7T97UU98mZyMnuFirKR3dEuw6DcAxsS04aZF6Zz9/a7r33pZWG w7zAyMaO4TRsYdw6IedmXhddUpyhwdqxTq9Xnwq5aG7+NPjkUREHlq4ifXrI+O+o0lwFxF xGQM5MIE5mUfwKZQS0EgfXvHfTa8T5ffSNnmM+hHCmBnx2v9H/kn0I+KsX23faP8nibm6D ylfiDxErB59plx1GDeYfBI7T4IL+TKzphAlPO8IlaUQTKPaLr6N/RCk70rBLAB5dGB8pMY LFzPLtjvAicGk6xKH2wBDQGwBZXpF1JLLGe0Sd2tDbQmwD8gbDy2iSVhI8do+g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wccpd12tQz1Ghp; Mon, 5 Aug 2024 00:32:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4750WfFM003109; Mon, 5 Aug 2024 00:32:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4750Wfld003106; Mon, 5 Aug 2024 00:32:41 GMT (envelope-from git) Date: Mon, 5 Aug 2024 00:32:41 GMT Message-Id: <202408050032.4750Wfld003106@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: da32a0616bdc - stable/14 - rtld: make ld_get_env_var() usable for all rtld source files List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: da32a0616bdc84e12791e280d9d92acc34f5dd70 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=da32a0616bdc84e12791e280d9d92acc34f5dd70 commit da32a0616bdc84e12791e280d9d92acc34f5dd70 Author: Konstantin Belousov AuthorDate: 2024-07-17 03:59:24 +0000 Commit: Konstantin Belousov CommitDate: 2024-08-05 00:32:11 +0000 rtld: make ld_get_env_var() usable for all rtld source files (cherry picked from commit 47315d6d3562111883142bb09320d35f05d34a58) --- libexec/rtld-elf/rtld.c | 28 +--------------------------- libexec/rtld-elf/rtld.h | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 27 deletions(-) diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index 96042f7b5af3..411fe7956873 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -344,32 +344,6 @@ ld_utrace_log(int event, void *handle, void *mapbase, size_t mapsize, utrace(&ut, sizeof(ut)); } -enum { - LD_BIND_NOW = 0, - LD_PRELOAD, - LD_LIBMAP, - LD_LIBRARY_PATH, - LD_LIBRARY_PATH_FDS, - LD_LIBMAP_DISABLE, - LD_BIND_NOT, - LD_DEBUG, - LD_ELF_HINTS_PATH, - LD_LOADFLTR, - LD_LIBRARY_PATH_RPATH, - LD_PRELOAD_FDS, - LD_DYNAMIC_WEAK, - LD_TRACE_LOADED_OBJECTS, - LD_UTRACE, - LD_DUMP_REL_PRE, - LD_DUMP_REL_POST, - LD_TRACE_LOADED_OBJECTS_PROGNAME, - LD_TRACE_LOADED_OBJECTS_FMT1, - LD_TRACE_LOADED_OBJECTS_FMT2, - LD_TRACE_LOADED_OBJECTS_ALL, - LD_SHOW_AUXV, - LD_STATIC_TLS_EXTRA, -}; - struct ld_env_var_desc { const char * const n; const char *val; @@ -404,7 +378,7 @@ static struct ld_env_var_desc ld_env_vars[] = { LD_ENV_DESC(STATIC_TLS_EXTRA, false), }; -static const char * +const char * ld_get_env_var(int idx) { return (ld_env_vars[idx].val); diff --git a/libexec/rtld-elf/rtld.h b/libexec/rtld-elf/rtld.h index a4f2c35cc03f..96a9da3c4ea3 100644 --- a/libexec/rtld-elf/rtld.h +++ b/libexec/rtld-elf/rtld.h @@ -359,6 +359,32 @@ typedef struct Struct_SymLook { struct Struct_RtldLockState *lockstate; } SymLook; +enum { + LD_BIND_NOW = 0, + LD_PRELOAD, + LD_LIBMAP, + LD_LIBRARY_PATH, + LD_LIBRARY_PATH_FDS, + LD_LIBMAP_DISABLE, + LD_BIND_NOT, + LD_DEBUG, + LD_ELF_HINTS_PATH, + LD_LOADFLTR, + LD_LIBRARY_PATH_RPATH, + LD_PRELOAD_FDS, + LD_DYNAMIC_WEAK, + LD_TRACE_LOADED_OBJECTS, + LD_UTRACE, + LD_DUMP_REL_PRE, + LD_DUMP_REL_POST, + LD_TRACE_LOADED_OBJECTS_PROGNAME, + LD_TRACE_LOADED_OBJECTS_FMT1, + LD_TRACE_LOADED_OBJECTS_FMT2, + LD_TRACE_LOADED_OBJECTS_ALL, + LD_SHOW_AUXV, + LD_STATIC_TLS_EXTRA, +}; + void _rtld_error(const char *, ...) __printflike(1, 2) __exported; void rtld_die(void) __dead2; const char *rtld_strerror(int); @@ -380,6 +406,7 @@ void dump_Elf_Rela(Obj_Entry *, const Elf_Rela *, u_long); /* * Function declarations. */ +const char *ld_get_env_var(int idx); uintptr_t rtld_round_page(uintptr_t); uintptr_t rtld_trunc_page(uintptr_t); Elf32_Word elf_hash(const char *); From nobody Mon Aug 5 00:32:42 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wccpf45dCz5S8SJ; Mon, 05 Aug 2024 00:32:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wccpf2Rfjz4DHH; Mon, 5 Aug 2024 00:32:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722817962; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P0BtX8PzPZqXtpcrGNck/esyisMx4DrGfzKjvTp3wbk=; b=YwBfWS4W2IgR4ECKgq4XJR9k+WCFplDP/gYdzFK1IOGImjaUplPcxqiTnhcIlQjPCJ6wna L/K7NCCilO/aguJuWMfJSzrd4WJBfbX6tUhssjwg8/a5BsefmJK6u9gX8kGX/ReIhZS3wU SNtcOGFt1ZjFbUDeRqfWSH0cnDT5IvXWTY8xeLfaiWvUeLpiPcrgMSHK7pTRJ2q9GmDI9/ DdJmhUlDWtHC1BymmSQp7KuuAmKqvFxUmUoyA1sgT11D2uYkaxejxq7O/zeVSevDQHlQIq eyKE2wubmQhxsoWYL6e24VQG4nOCSuj9lsgj4/vqPq5t+go/kx0OFB24fsLCVw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722817962; a=rsa-sha256; cv=none; b=nZTA64e2oUX+jq2c2SlIf5dMN2Uj29t1m3Tn6a6mXbrayM2hPVhg5m2tVHmOIeDI3CCD3X ddtIbCRpR5RXezNn1sIL/MKRDr198O8o+8WTYXzwfYzhkO3e9NWxdb34T8raybOYaCEnAR H4x1d9tAOOmNFt0L/fRrj7m3OIBkUR2AZaZ6+BMckHJMvrCDGmMDvDEk6ETBBJWidpZxzR o0y59G8bQm2i7GTlrV/FBEtfB+nrc3jhMzIdjekGsUuu0S+MEWCwywP3TYtckGnzp9Zx+c 0G8jgHBVh0DtFKN3fGh+Pryl39WGb0DfiQQ7Hea3iDCCF5WGlWkXX85K2gmXbQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722817962; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P0BtX8PzPZqXtpcrGNck/esyisMx4DrGfzKjvTp3wbk=; b=nvzCeRlLzW1Nbc87froh7JpowGFHZH7guuNOjae8buaawlm9cIPNu+rrgTf1jgifnDSyBS zKnK17bGRuPWGFqJ7Db2Bbkdx1Ph6UqOwRRCuCjH41JjJBaKwx4gUaFwlnj1g87X0l8bIp +yUcP5jR86sK3VgnOSqgVzzAOfAGikRmgqFsuV3KrICHpq8+Z2PzclRDworMK071h4dxtp 3LQvzQn8tds8kfbvIh/0+1/YaCMwrEyeVHBKlBrUP9suiZtAceeN6OhLgNE1Tct6yOc1HY YfhAMW+ec0u4butmxLRY99JLiu2PsPcMfh+n+YjPdYBoxXCOwyygqc8mOlxYuQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wccpf23P7z1Ghq; Mon, 5 Aug 2024 00:32:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4750WgYB003158; Mon, 5 Aug 2024 00:32:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4750WgOb003155; Mon, 5 Aug 2024 00:32:42 GMT (envelope-from git) Date: Mon, 5 Aug 2024 00:32:42 GMT Message-Id: <202408050032.4750WgOb003155@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 279e543dc707 - stable/14 - rtld: add LD_NO_DL_ITERATE_PHDR_AFTER_FORK env var List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 279e543dc707ee19b28cee8a00deafea1f8b8d8e Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=279e543dc707ee19b28cee8a00deafea1f8b8d8e commit 279e543dc707ee19b28cee8a00deafea1f8b8d8e Author: Konstantin Belousov AuthorDate: 2024-07-17 04:05:33 +0000 Commit: Konstantin Belousov CommitDate: 2024-08-05 00:32:11 +0000 rtld: add LD_NO_DL_ITERATE_PHDR_AFTER_FORK env var PR: 280318 (cherry picked from commit 860c4d94ac46cee35a678cf3c9cdbd437dfed75e) --- libexec/rtld-elf/rtld.1 | 10 +++++++++- libexec/rtld-elf/rtld.c | 1 + libexec/rtld-elf/rtld.h | 1 + libexec/rtld-elf/rtld_lock.c | 7 +++++-- 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/libexec/rtld-elf/rtld.1 b/libexec/rtld-elf/rtld.1 index 992138b1ffc0..31e046a5cdc4 100644 --- a/libexec/rtld-elf/rtld.1 +++ b/libexec/rtld-elf/rtld.1 @@ -26,7 +26,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 28, 2024 +.Dd July 24, 2025 .Dt RTLD 1 .Os .Sh NAME @@ -329,6 +329,14 @@ The static TLS extra space is used when loading objects compiled for initial-exec TLS code model with .Xr dlopen 3 . The minimum value that can be specified is \'128\'. +.It Ev LD_NO_DL_ITERATE_PHDR_AFTER_FORK +Allow +.Xr dl_iterate_phdr 3 +to block in callback, without causing deadlock with the +.Xr fork 2 . +The drawback is that the image started in this mode cannot use +.Xr dl_iterate_phdr 3 +after fork. .El .Sh DIRECT EXECUTION MODE .Nm diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index 411fe7956873..e7fcfde8f474 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -376,6 +376,7 @@ static struct ld_env_var_desc ld_env_vars[] = { LD_ENV_DESC(TRACE_LOADED_OBJECTS_ALL, false), LD_ENV_DESC(SHOW_AUXV, false), LD_ENV_DESC(STATIC_TLS_EXTRA, false), + LD_ENV_DESC(NO_DL_ITERATE_PHDR_AFTER_FORK, false), }; const char * diff --git a/libexec/rtld-elf/rtld.h b/libexec/rtld-elf/rtld.h index 96a9da3c4ea3..97187b24ce84 100644 --- a/libexec/rtld-elf/rtld.h +++ b/libexec/rtld-elf/rtld.h @@ -383,6 +383,7 @@ enum { LD_TRACE_LOADED_OBJECTS_ALL, LD_SHOW_AUXV, LD_STATIC_TLS_EXTRA, + LD_NO_DL_ITERATE_PHDR_AFTER_FORK, }; void _rtld_error(const char *, ...) __printflike(1, 2) __exported; diff --git a/libexec/rtld-elf/rtld_lock.c b/libexec/rtld-elf/rtld_lock.c index 0c790450dcec..323bb7494c32 100644 --- a/libexec/rtld-elf/rtld_lock.c +++ b/libexec/rtld-elf/rtld_lock.c @@ -463,6 +463,7 @@ _rtld_atfork_pre(int *locks) if (locks == NULL) return; + bzero(ls, sizeof(ls)); /* * Warning: this did not worked well with the rtld compat @@ -472,7 +473,8 @@ _rtld_atfork_pre(int *locks) * _rtld_atfork_pre() must provide the working implementation * of the locks anyway, and libthr locks are fine. */ - wlock_acquire(rtld_phdr_lock, &ls[0]); + if (ld_get_env_var(LD_NO_DL_ITERATE_PHDR_AFTER_FORK) == NULL) + wlock_acquire(rtld_phdr_lock, &ls[0]); wlock_acquire(rtld_bind_lock, &ls[1]); /* XXXKIB: I am really sorry for this. */ @@ -492,5 +494,6 @@ _rtld_atfork_post(int *locks) ls[0].lockstate = locks[2]; ls[1].lockstate = locks[0]; lock_release(rtld_bind_lock, &ls[1]); - lock_release(rtld_phdr_lock, &ls[0]); + if (ld_get_env_var(LD_NO_DL_ITERATE_PHDR_AFTER_FORK) == NULL) + lock_release(rtld_phdr_lock, &ls[0]); } From nobody Mon Aug 5 00:32:43 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wccpg4rQ3z5S8XT; Mon, 05 Aug 2024 00:32:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wccpg3ZKKz4D3P; Mon, 5 Aug 2024 00:32:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722817963; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OmVPCHmN+/5OB+UZLfAlOzRLEcO14QbMXGul3MCHHBQ=; b=KoVUMXK/NKx17lTZq6yoN/uLFHMgje9oM3IdAIkN/38hdpFFZt32QVvixHldi5wful95u0 6Fdy/shq42y7sqzd4m8u7hnDFGcVlFaLtIQWKYs0YpOJbpbnTBdpevSJNCfst4qaxhLf3e mnxR1oKudBbTJ9Rddf6QIXeQRlhTrv0XX/hdKGLLqqZQjUG4we8kKIIfCXV2LbIYWVvJfH 3T7JjJ0Id7QI01aW7+qlf+mgYfOnyo0aCFdDeRXIk0UBozg0u0nRcS0cedoZc4mj4z+nqx tPupSGwZ4T7aLC43enRsvXTAbQxiseEcLsEmoODR/+yA1J4EvgxBfNCPNCM6WA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722817963; a=rsa-sha256; cv=none; b=tVnsV208XyFBUpLHUHo4kTmVH2ksHHdeK4SZup73YCezE9FMd/IpkulEF14fd87TeGmBgH eqx11gTc3VhDGvVo8cvZa/aULBgKIqH6iYPGBqhKaL+At93vtvrU/r+XZj78VR2w9D1YAt 6JRkakRz2EkntwcEya/NQj6WdJD3gCVk24CSkGVGiam9nIHN7kxQD/EZwQfp0M1mDATCy/ FVvd1oTX2uzijaxvXxy6evnh/GDHrDSAoKtB/AujNNDeF7PZpLMw9V1Yj95dsCTlztPZvh ZjMsOMTDW4OhTAViQKBwYjOWvGCfcP2Ljz5n2ga9qdNg2hfmp1SmrtJKJyWT6w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722817963; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OmVPCHmN+/5OB+UZLfAlOzRLEcO14QbMXGul3MCHHBQ=; b=LnxWVVUJq7SXUmcz9eLNH/FqNPM9Zk52J6HxlJ/hlaJ1nqBqiSNtN7hlQwz2DqLthmyz9Y TMeZCHL8eFJEI8MrBCijmNXPrlcNK6pcYLSaO1USmiiCYI4GFEW2RCdXvpVW+fK/uog1wK gWzuGmXI6HpQbiGqzXovKnShQhQ7aPTK9vDo5IUTkei+sCOTOxAzwQlgbJa2nsH3+5jAEL YM1Suda+oEGal2TLTRpKY0WxnyLdfW2xXncOLB1RWRh+jaWIL2srN+gDAJ6WxCGeD/Lt3l LJAmprkfAwcAcoKekvitvgYvMF/wVWSX3j/xpBYEQJFUtwQfyFNZX/n24hB/eg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wccpg33lYz1Gfr; Mon, 5 Aug 2024 00:32:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4750Whjh003200; Mon, 5 Aug 2024 00:32:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4750WhA6003197; Mon, 5 Aug 2024 00:32:43 GMT (envelope-from git) Date: Mon, 5 Aug 2024 00:32:43 GMT Message-Id: <202408050032.4750WhA6003197@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 15ee14d0f7d0 - stable/14 - rtld: avoid division in __thr_map_stacks_exec() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 15ee14d0f7d0d8af7e12f16be7fe5b3fa5b2e5de Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=15ee14d0f7d0d8af7e12f16be7fe5b3fa5b2e5de commit 15ee14d0f7d0d8af7e12f16be7fe5b3fa5b2e5de Author: Konstantin Belousov AuthorDate: 2024-07-24 10:17:55 +0000 Commit: Konstantin Belousov CommitDate: 2024-08-05 00:32:11 +0000 rtld: avoid division in __thr_map_stacks_exec() (cherry picked from commit 31f688a26d82ce00d1ec7ca9ed17b9914bf5176f) --- lib/libthr/thread/thr_stack.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/libthr/thread/thr_stack.c b/lib/libthr/thread/thr_stack.c index 5e888bbfe9b6..68a658a1ddfd 100644 --- a/lib/libthr/thread/thr_stack.c +++ b/lib/libthr/thread/thr_stack.c @@ -127,10 +127,7 @@ static char *last_stack = NULL; static inline size_t round_up(size_t size) { - if (size % _thr_page_size != 0) - size = ((size / _thr_page_size) + 1) * - _thr_page_size; - return size; + return (roundup2(size, _thr_page_size)); } void From nobody Tue Aug 6 01:23:58 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdFvL2R3Hz5SLZk; Tue, 06 Aug 2024 01:23:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdFvL1q1jz4Src; Tue, 6 Aug 2024 01:23:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722907438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=48XauAdPE5Vwod+6akqJYB0XqkPYRaYKvX188yO1UnE=; b=cP4gX7lSMctzOmw0b6MA19g75RRlGXOrIWvGJ/qLNNqijVs2CJSjryvQbQnPYENvnP1r2k g4E+hLmD/3P6w14um75dcs6W/8xyWiSoVSGCGZWuNaoKH9tQtvumkPdM1Uz+cDQKgvCUe9 0cl0outIAu6ONLlHBu0eIZ0+xLuuI9pdizTmC9MNy9Y3wOpJc0LH1QKgSjrwbwOkrATvCT XI+zaMtlN3sPasQvJV9j3fxuOKe4aUCwuOuOdtbB7FYz5z/Tk2wx7/nO23Qi1S3Soavub4 tlkln1BZdIHRu13U5O1BqtGaaWh7xcP9ewAqvzb/R9wbzP0LZajPewbZXkp0cg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722907438; a=rsa-sha256; cv=none; b=M4JFBPDfMgq5dwDqw1vw+Cfb3Mkb2C+8O40ZOIYJeDGwZChsZkNEw/iORcFYMTmTW0Cnzh 3AgAuLhu6yH9mIM4hIgqP1Hag8rdWdghcUyKujoBBf8UU3SsEq+02tCxwtVFUhrRkuwoSm AzJoe4Juln3Lkm04h8rhQhg0UFKuyas76MFtOsDcXC1csY/WfUm7TBkzNB1A4a8QmHak0a Dt/beJBDAVJC4UfrVILCOfgXexL9GMor1f9rYCMl6rc+8QFEKtl5OZNQA3Rmd0Tgk8S3u8 jNY62bTbXkKuKnB3Pb1YWk78XucrGUvr6tmBmaLFO+0Y2LXtTVUuiQBY5K6UoQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722907438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=48XauAdPE5Vwod+6akqJYB0XqkPYRaYKvX188yO1UnE=; b=iFrQaN6jPIBZVZaFOIvSU+QdjJ0jE9jbJl4kqTNbNRmfQROVvsMwWSiai7Aoz5lwv1q8qn YIps1OpDtkL5jVUi1uGKQvM286IVnX6q7KZNxMMljXBW/9nG1xr77sMjKEZ7dQhXZC/X7i 20OQtZ7Yir6Ed74piRsbNeMQhWDOBnQexgWU6bH7EwDh7E49AOFgG4vjsMsyVc86JJLdCG Mp9Su0EcLwY9gfttub+Z6wE7WO6a3j5BNAdiS5ijuOXx5mvaHD9JUBQYNUA/KSynD9u4CB dMcTdt9TNTK/PL5HAKsPfyWFvr02ckbtbmSmxKWXNcKT/dWW/D5Bv1lAsbH2BA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdFvL0nK4zmT6; Tue, 6 Aug 2024 01:23:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4761Nw8e030694; Tue, 6 Aug 2024 01:23:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4761Nw0L030691; Tue, 6 Aug 2024 01:23:58 GMT (envelope-from git) Date: Tue, 6 Aug 2024 01:23:58 GMT Message-Id: <202408060123.4761Nw0L030691@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Sergey A. Osokin" Subject: git: d5eb39c8b732 - stable/14 - bsd-family-tree: add FreeBSD 14.1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: d5eb39c8b732b2a9f2dbd84ecc9c2a1ab90bc992 Auto-Submitted: auto-generated The branch stable/14 has been updated by osa: URL: https://cgit.FreeBSD.org/src/commit/?id=d5eb39c8b732b2a9f2dbd84ecc9c2a1ab90bc992 commit d5eb39c8b732b2a9f2dbd84ecc9c2a1ab90bc992 Author: Sergey A. Osokin AuthorDate: 2024-08-03 15:48:55 +0000 Commit: Sergey A. Osokin CommitDate: 2024-08-06 01:23:43 +0000 bsd-family-tree: add FreeBSD 14.1 MFC after: 3 days (cherry picked from commit 2b4aa2816cd2988d0e20cee9035d8ab9712d6708) --- share/misc/bsd-family-tree | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index ed18b96cb39a..a664be3161a5 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -453,13 +453,15 @@ FreeBSD 5.2 | | | | | | | | OpenBSD 7.4 | *--FreeBSD | | | | | | 14.0 | | | | | - | | | | | | - | FreeBSD | | | | - | 13.3 | | | | - | | *--NetBSD | | - | | | 10.0 | | - | | | | | - | | | OpenBSD 7.5 | + | | | | | | | + | | FreeBSD | | | | + | | 13.3 | | | | + | | | *--NetBSD | | + | | | | 10.0 | | + | | | | | | + | | | | OpenBSD 7.5 | + | FreeBSD | | | | + | 14.1 | | | | | | | | | FreeBSD 15 -current | NetBSD -current OpenBSD -current DragonFly -current | | | | | @@ -893,6 +895,7 @@ FreeBSD 14.0 2023-11-20 [FBD] FreeBSD 13.3 2024-03-05 [FBD] NetBSD 10.0 2024-03-28 [NBD] OpenBSD 7.5 2024-04-05 [OBD] +FreeBSD 14.1 2024-06-04 [FBD] Bibliography ------------------------ From nobody Tue Aug 6 01:48:45 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdGRy0Bb5z5SP20; Tue, 06 Aug 2024 01:48:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdGRx6kS1z4Vd1; Tue, 6 Aug 2024 01:48:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908925; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3l67NLiy0rf8BV054APViw4/kD7JsJw/SdNkSVc1ph0=; b=Ild2nqS+9K2d49CmzDHu7WzN3pnXPtKTbuHop8zNE0DeheCRfa1llMGUD4W5EnG7GkF9Uy xW3mhrMGGZoCju9ZppBg+GmjmzXuawtciPLYcJJksf618rAJU8/EM8ztAmu0wrUvuqHHYL xImfax86loXu1VInALJLbQJMdCKOcbM9/d5iEPCZlGkKEAT54HdOJgpAsPDwNaZC+OMdaJ g3JJXDpB3fsmjmBF9zWqjQQ16LvourDzYjL6W5jb6iuLssj6+MYXPnpDOLnh6IhdCeWwDg oiNS7wEAs9gCvEkcLzPrNGZ11WeQfPc0WebumaLI3q06I85wfnPgmGCszJAgbQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722908925; a=rsa-sha256; cv=none; b=KtZXV6nQerP1AAHMGE1ur96GBrNJgiNjsr9axtoAfgUcQ7cRau8v1dacMs3oyh3Zm7zrs3 xWFap8HGo7vElioctIbSSa9qRMNwf/SDy5wJ3Cdp4GMRzLWJkmN8mnLoEkNrXKGjoF/T4r iX5WNMhUioCJIgDGvurSnuQf5d8Hsf1fh32dS80uIKd/Ke2sddx8yYenlntcHpuWkti4a8 RglIHZxhkqGje606uqKbo9b0xWB5wqycmYasHawvARCY6KwkS8qYmMcZS4duMmDEF3G3UQ iLH4v2VEhQ6QaC0BW4Dc/x/R+3V8tOUnTblYf6VOK7I+XxWzTjiG4gAVndWXqg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908925; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3l67NLiy0rf8BV054APViw4/kD7JsJw/SdNkSVc1ph0=; b=sqDiHE6wO01bDhOfnGguDkd0AQ0+XKGxqK8pB8LRG1I3XY3niagffnYWY0AsvNaUlshfZv gXnqAsjdGNPWrl57OqEXCzbfkp7mFgEUq9KRrKc8pn/YvBVnH92sEHMku9y8hdcMf9KM6w cDW29hpCDcaoCWUZvR/HXf4Vf7XeGmIQNX1Q/ebJmqaLLx9zydR9KDyaFIFM0l4PM99/Ac x8fzZ2UyXs5qYBhvFbjyBzdXA3b8ZEWu3dyVy6xmImwIxeTW62zMTIWvcYmFnYiby/BfG7 ftqHmWvSYHnwW3nJB90xDtNuEiQvFAWIgdoLh9oYC2V2liXm2Vh/lsqnuz0PgQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdGRx6LXTzmvw; Tue, 6 Aug 2024 01:48:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4761mjqk064440; Tue, 6 Aug 2024 01:48:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4761mjcJ064437; Tue, 6 Aug 2024 01:48:45 GMT (envelope-from git) Date: Tue, 6 Aug 2024 01:48:45 GMT Message-Id: <202408060148.4761mjcJ064437@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Sergey A. Osokin" Subject: git: 7424d5cbf6f1 - stable/13 - bsd-family-tree: QCU: ISBN and EAN numbers List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 7424d5cbf6f1032f91a3c107e7cd4f89b3095f69 Auto-Submitted: auto-generated The branch stable/13 has been updated by osa: URL: https://cgit.FreeBSD.org/src/commit/?id=7424d5cbf6f1032f91a3c107e7cd4f89b3095f69 commit 7424d5cbf6f1032f91a3c107e7cd4f89b3095f69 Author: Graham Perrin AuthorDate: 2023-12-27 23:36:25 +0000 Commit: Sergey A. Osokin CommitDate: 2024-08-06 01:29:37 +0000 bsd-family-tree: QCU: ISBN and EAN numbers ISBN 0201547775 and International Article Number (EAN) 9780201547771 for 'A Quarter Century of UNIX' by Peter H. Salus. Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/812 (cherry picked from commit 3dfb39ef1d66e8370c302b158173ed8065887c2a) --- share/misc/bsd-family-tree | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index d81c8829f4e8..46f271342346 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -479,7 +479,8 @@ was the announcement in Usenet or if it was available as tape. Distribution UNIX Version 2.9, July, 1983. [NBD] NetBSD Project, The. [OBD] OpenBSD Project, The. -[QCU] Salus, Peter H. A quarter century of UNIX. +[QCU] Salus, Peter H. A quarter century of UNIX. ISBN 0201547775, + EAN 9780201547771 [SMS] Steven M. Schultz. 2.11BSD, UNIX for the PDP-11. [TUHS] The Unix Historical Society. https://minnie.tuhs.org/Unix_History/. [USE] Usenet announcement. From nobody Tue Aug 6 01:48:46 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdGRz14vkz5SNj7; Tue, 06 Aug 2024 01:48:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdGRz0P5Qz4Vt4; Tue, 6 Aug 2024 01:48:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908927; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=e+V1pKZgSczOMqUuiTJQH0FU95f4q1l5VqGsbULYIss=; b=QHsms0NEnfgGIKI0hiSAn9yOsxAYCo6nzmu2WKxL/L5OrUd8a0+2NeUVsdPfAET3aqoQfV Q5qMxfHCZQGeG1awWZU91BpM8j4jSOm2d49TmglIzLMhWqcUfvT6qLDPWyYiwY+Mk88MJY QD8UHyp1KN0ta0fUKz8iHKu05SGMNYlXljF54DYpr/6OEi0HvR5y91t6pGKbJkYzicOODC XLfvCu+IOqEaOL02b6IpFSk5DgFl9xn/5/AeL/SUprLshGq3CmaxtqFQMIftR6HWp6Xq78 MTFog8hVNdaU61/K6F7IWLRDAmgwx0TIAn1bhdXQP5jVxlNztRq7fysUY343Jw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722908927; a=rsa-sha256; cv=none; b=AnOMchcplgW7xkQ6ctyebes/vFwPUZOShaj5c3uQBe+hBtbr7MKMrxlAospeDeo9CbOVxs tKDC6ZuFN8m44PyAx+3KZLp7mewdLOt5qUvTfc093/Xvxsi9Gr/+uFHTkAM4W8V7TQqq+b aTymxdFieTMNJb9nBtlda/ynLIQFMAvt2X7fOdzNy0boql/aXbV/lIrgApkBFxlU1GPNBJ UZa9tkhNCddjCWAXJZWqgwbdRz6dcbAAzALhXifa5yNR/Yfy2TkwrNUtud1kdxvNd+WqH9 aBCOFlviXWpPCkLRwqxmSfCv8YXjykrZi1RJtmymhphjhqz3tVBPWpCfa0kxOg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908927; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=e+V1pKZgSczOMqUuiTJQH0FU95f4q1l5VqGsbULYIss=; b=Sl+LokGeRsypYp4NvPlLpY3nlGViTM/HtquXBccQtkNV9/NwBzKjhrWv7spm7FFal9WXpU 9pc+21rTvvNHbIjeoXTt62CI42u7p+2fg0pkq7PN4PO5dZPZaz/oX5JJUzfCYa9PVloMtJ NpzGq5QOMbHf7J3cRTPFBjk5JF9xDd+BDEwM2wlnNFlszqK7OFyHG17/A1k/m+LUWFCxAJ CxGBeOO46wltqKHi61EAWpWbC2dwYUvBzJ4vyQbhr+ijW4O8JYgHRR938d16Sv4daO2qPB bImLuGwZd3FklNOspMgumciaeupf4f4TKvC5TRO9rsrP8vikhii0ntmlQBUDtw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdGRz00DtznLM; Tue, 6 Aug 2024 01:48:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4761mkDE064482; Tue, 6 Aug 2024 01:48:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4761mkws064479; Tue, 6 Aug 2024 01:48:46 GMT (envelope-from git) Date: Tue, 6 Aug 2024 01:48:46 GMT Message-Id: <202408060148.4761mkws064479@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Sergey A. Osokin" Subject: git: 2d31963f2a5a - stable/13 - bsd-family-tree: tidiness, width List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 2d31963f2a5a8ab111b1dfbc9c73c2e5967962e5 Auto-Submitted: auto-generated The branch stable/13 has been updated by osa: URL: https://cgit.FreeBSD.org/src/commit/?id=2d31963f2a5a8ab111b1dfbc9c73c2e5967962e5 commit 2d31963f2a5a8ab111b1dfbc9c73c2e5967962e5 Author: Graham Perrin AuthorDate: 2023-12-27 23:36:26 +0000 Commit: Sergey A. Osokin CommitDate: 2024-08-06 01:45:56 +0000 bsd-family-tree: tidiness, width Tidy the raggedness in the section that begins [44B]. As the line that begins [KB] was previously tidied, now tidy the section to accommodate [BSDI] and [TUHS]. Rewrap the section to fit the same number of columns. Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/812 (cherry picked from commit db348fdba461519d4ea7be45f96719b1bd76485d) --- share/misc/bsd-family-tree | 51 +++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index 46f271342346..82b245079486 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -459,33 +459,32 @@ FreeBSD 15 -current | NetBSD -current OpenBSD -current DragonFly -curren Time ---------------- -Time tolerance +/- 6 months, depending on which book/article you read; if it -was the announcement in Usenet or if it was available as tape. +Time tolerance +/- 6 months, depending on which book/article you read; if it was +the announcement in Usenet or if it was available as tape. -[44B] McKusick, Marshall Kirk, Keith Bostic, Michael J Karels, - and John Quarterman. The Design and Implementation of - the 4.4BSD Operating System. -[APL] Apple website [https://www.apple.com/macosx/] +[44B] McKusick, Marshall Kirk, Keith Bostic, Michael J Karels, and John + Quarterman. The Design and Implementation of the 4.4BSD Operating System. +[APL] Apple website [https://www.apple.com/macosx/] [BSDI] Berkeley Software Design, Inc. -[DFB] DragonFlyBSD Project, The. -[DOC] README, COPYRIGHT on tape. -[FBD] FreeBSD Project, The. -[KB] Keith Bostic. BSD2.10 available from Usenix. comp.unix.sources, - Volume 11, Info 4, April, 1987. -[KKK] Mike Karels, Kirk McKusick, and Keith Bostic. tahoe announcement. +[DFB] DragonFlyBSD Project, The. +[DOC] README, COPYRIGHT on tape. +[FBD] FreeBSD Project, The. +[KB] Keith Bostic. BSD2.10 available from Usenix. comp.unix.sources, Volume 11, + Info 4, April, 1987. +[KKK] Mike Karels, Kirk McKusick, and Keith Bostic. tahoe announcement. comp.bugs.4bsd.ucb-fixes, June 15, 1988. -[KSJ] Michael J. Karels, Carl F. Smith, and William F. Jolitz. - Changes in the Kernel in 2.9BSD. Second Berkeley Software - Distribution UNIX Version 2.9, July, 1983. -[NBD] NetBSD Project, The. -[OBD] OpenBSD Project, The. -[QCU] Salus, Peter H. A quarter century of UNIX. ISBN 0201547775, - EAN 9780201547771 -[SMS] Steven M. Schultz. 2.11BSD, UNIX for the PDP-11. -[TUHS] The Unix Historical Society. https://minnie.tuhs.org/Unix_History/. -[USE] Usenet announcement. -[WRS] Wind River Systems, Inc. -[dmr] Dennis Ritchie, via E-Mail +[KSJ] Michael J. Karels, Carl F. Smith, and William F. Jolitz. Changes in the + Kernel in 2.9BSD. Second Berkeley Software Distribution UNIX Version 2.9, + July, 1983. +[NBD] NetBSD Project, The. +[OBD] OpenBSD Project, The. +[QCU] Salus, Peter H. A quarter century of UNIX. ISBN 0201547775, EAN + 9780201547771 +[SMS] Steven M. Schultz. 2.11BSD, UNIX for the PDP-11. +[TUHS] The Unix Historical Society. https://minnie.tuhs.org/Unix_History/. +[USE] Usenet announcement. +[WRS] Wind River Systems, Inc. +[dmr] Dennis Ritchie, via E-Mail Multics 1965 UNIX Summer 1969 @@ -916,10 +915,10 @@ URL: https://web.archive.org/web/20081230094857/http://www.byte.com/art/9410/sec Andreas Klemm, Lars Köller. If you're going to San Francisco ... Die freien BSD-Varianten von Unix. c't April 1997, page 368ff. -BSD Release Announcements collection. +FreeBSD Release Information URL: https://www.FreeBSD.org/releases/ -BSD Hypertext Man Pages +Manual pages for FreeBSD and ports URL: https://www.FreeBSD.org/cgi/man.cgi UNIX history graphing project From nobody Tue Aug 6 01:48:48 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdGS03KHYz5SP3y; Tue, 06 Aug 2024 01:48:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdGS01YNjz4VtB; Tue, 6 Aug 2024 01:48:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908928; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bmFPnu5EcuBv6n6iHvOw7jA9sJaULMa3430B3Wj8zlU=; b=pZ3v+hfRca7WjpDuhT4dZdbDkEFIuSV6VQevTfjh1kctkNXEemW+f1oEMUT1RdBpdisyVv 7m8Eza9A2Y8OcAcDeDTQxJ28E1CwFWvO5FrtjBrQ2Kr8bgg2K5HBqw/EAsANR9Nn5UTb9a dmGGkLGu2YMqDXZEkNAwWFhzLh0Pabzx6SKVAsuuGcTNOcg71alI5MnMJUvhgUzLxJDRku hAUqXL7PC9EhMqOzYE8vauuSBKoarOxBPoGqCnP0CMkRAgLljeoQRRMj4UavBTDOkOQ3Mc G8I+8pPpaTTbgL+QInqBYaEDxasmKH2veAcexIbSCr1iV3NDBcTqDgHbKTBIhQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722908928; a=rsa-sha256; cv=none; b=AX6xG8lV6yrw4haTNjSFY5Jc7kDvbljvY+EV6bM99GAKivPVecYpXVq89naWPM/4PzAdSl HFVvrwZkXQck6k3o4cq7rvGekwXlJgK9wwLU/R9fpOzINf2i1l1/UB1TPBaXz0pAEo/KpO P8+xWj712TgBQ8/kqzEA2CX5yvZxQn4AmYI1ztoIjcoCiwqXg6KkJhxYV/Y3U/xOL0Qsvs jS0U5d2ybE6LRdDHVWmIbOrIWVrosWkd34Jpk7aMp7LKynKpc2nYemSZW2ExLgV675fMS1 30Qewvx/jLzciaTNcCdXeKMgc0d3H2CBIm6LldO1PDr92j8s3m2U+dttUyKAmA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908928; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bmFPnu5EcuBv6n6iHvOw7jA9sJaULMa3430B3Wj8zlU=; b=uklqTAOSCnp2ajaXwwW+Qq9fBsI6NXoIlohnEpTuO8L23QUQF1JumcVO2SOfZ06rFaVskY SkTNHfn/YKL8eM/UeMJPBNywkWO6/rXI2LdieVYrARI5bux3UB7qkhsHD5pNENx60mIZwK fynD99znQ78qhbTy68esxc+sAIThlI6L7VrW6fzjakd3UWtScjZ6W+PnRu4An59MPwuRZS sh/DwEoLmvKtdCsbtgPKTLduv6KRlWIraf8ZNBVB0JbrVXUu2SSkRjbhzAZAJn2V7wfeDc fZUIpaa0mQYpPNlVKpfjPAlx2m9zaRdgwtU7KaYcxYGWIxKek1SxxFzhlCG61A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdGS00y3fzn6Y; Tue, 6 Aug 2024 01:48:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4761mmPS064533; Tue, 6 Aug 2024 01:48:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4761mmZQ064530; Tue, 6 Aug 2024 01:48:48 GMT (envelope-from git) Date: Tue, 6 Aug 2024 01:48:48 GMT Message-Id: <202408060148.4761mmZQ064530@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Sergey A. Osokin" Subject: git: ce50faabafef - stable/13 - bsd-family-tree: add FreeBSD 13.3 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: ce50faabafef5dc0b9483b3e986cdd962edd9fe0 Auto-Submitted: auto-generated The branch stable/13 has been updated by osa: URL: https://cgit.FreeBSD.org/src/commit/?id=ce50faabafef5dc0b9483b3e986cdd962edd9fe0 commit ce50faabafef5dc0b9483b3e986cdd962edd9fe0 Author: Sergey A. Osokin AuthorDate: 2024-03-05 13:38:09 +0000 Commit: Sergey A. Osokin CommitDate: 2024-08-06 01:46:53 +0000 bsd-family-tree: add FreeBSD 13.3 MFC after: 3 days (cherry picked from commit 885590b4f1ad218995df0fc127601e0f59bcc57f) --- share/misc/bsd-family-tree | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index 82b245079486..f72b0befbb1a 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -446,11 +446,16 @@ FreeBSD 5.2 | | | | | | | | OpenBSD 7.3 | | FreeBSD | | | | | 13.2 | | | | - | macOS | | | - | 14 | | | - | | | OpenBSD 7.4 | - *--FreeBSD | | | | - | 14.0 | | | | + | | | | | | + | `------. | | | | + | | macOS | | | + | | 14 | | | + | | | | OpenBSD 7.4 | + *--FreeBSD | | | | | + | 14.0 | | | | | + | | | | | | + | FreeBSD | | | | + | 13.3 | | | | | | | | | FreeBSD 15 -current | NetBSD -current OpenBSD -current DragonFly -current | | | | | @@ -880,6 +885,7 @@ FreeBSD 13.2 2023-04-11 [FBD] macOS 14 2023-09-26 [APL] OpenBSD 7.4 2023-10-16 [OBD] FreeBSD 14.0 2023-11-20 [FBD] +FreeBSD 13.3 2024-03-05 [FBD] Bibliography ------------------------ From nobody Tue Aug 6 01:48:50 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdGS25qs9z5SP6g; Tue, 06 Aug 2024 01:48:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdGS23LF2z4W2m; Tue, 6 Aug 2024 01:48:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908930; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5aHAj2QhWctxIsNdqyWSJDmlYAr/zzjG8XZS6XVJW8g=; b=pEml/05QPkmDIyLoRSzC8sWTQGhzkjY0sEh8LqGZGOnq6D2Syt6UgpTaBJXTdo3Vji+hbr wF4ZlCReGuA7FKjcJTwQnyE9WEcrIzchmX3KH+wz4NSLSWMG6IyBO25DRT1BYluxOX+7Lx m0hw55paC8GZS2Xgb6q2X8AeG3hXwpZOCPKd311vFVZx+4JrcY7jFFm70aKprFDGT/UJOd 60eXTUIXHfZcep9qEIim1cLkfKq7IoCwwtDOhDeCb4luxeBtPxWjuh84cHoZziEyQBnPSx wy3v4D3HVxk3zsXQRQpZEuZqbl6oOSSDKZIWJz6YMOY5Hr/LEKTpP1GqyHjvOw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722908930; a=rsa-sha256; cv=none; b=ZQPyO9BS14ynyn5Od722duas6VLABrlo8dOJONbmw0ZrIdcbhWB3YQycxVgLJpR1Mb4fcw JsoPqV7TQQpv0oUhiuQhV4U2DzXFAfoKuSzHyc3qFSo+Ini+lCXJrQPr0vc3rGbSMfHcld Ol4O7ZQBu1SQfSWODAOm8wPl2VZvD8VZ1bC0PDwCJYQ8Nxbm7CQd7C1iefZDy3QSGZyeK3 8l06rfeXsQUNpMKn7UQl7K0GOWF1+y88FtsDBUs/pWkBvXgdc6Lpi2VDQcDE9I81o6bjbP V+8pwhO2wpTU2gInhcg8vSWwGXqb+Dz6lKa573s68b2DSO4q2Shoq4VgQj/vIg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908930; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5aHAj2QhWctxIsNdqyWSJDmlYAr/zzjG8XZS6XVJW8g=; b=IFIVmPZuKjPOy96VbHIPeK+EAoxbOm2ckfpgCGEO41RHrv/jtrJPR3BSif979ZfXnCoT+Z KeXDS8OE0k3svOj0b/bdkA3hYZLp77gaPAGVfSMOj4PaUjsDFq/MbazXMy9aHSH8D0aQ50 UsuZLQhyFWAiz4wiQCcZm/qtnn0N6I/DHDtbsMLyMWWhLKSmYL0EgNOV1lDGSZ/jD6V3F3 8fzkHMqQoj72gjNbvRrUvmOdnwef1Pd08QrB50dCRRikHyaRgvp2rXhcY31bIWPEFTtvJZ wwdBeQZBusglI9uy9pzBnLqAUjolpdNGaUKvjQQ/4dv4PqW+jWOOIjQAhWQt+A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdGS22xsjzn6Z; Tue, 6 Aug 2024 01:48:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4761mopj064622; Tue, 6 Aug 2024 01:48:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4761moOG064619; Tue, 6 Aug 2024 01:48:50 GMT (envelope-from git) Date: Tue, 6 Aug 2024 01:48:50 GMT Message-Id: <202408060148.4761moOG064619@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Sergey A. Osokin" Subject: git: dcfa8b67184f - stable/13 - bsd-family-tree: remove EoL whitespace List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: dcfa8b67184ff54759aa15822f5bf4e2a9d94d87 Auto-Submitted: auto-generated The branch stable/13 has been updated by osa: URL: https://cgit.FreeBSD.org/src/commit/?id=dcfa8b67184ff54759aa15822f5bf4e2a9d94d87 commit dcfa8b67184ff54759aa15822f5bf4e2a9d94d87 Author: Maxim Konovalov AuthorDate: 2024-03-31 18:36:03 +0000 Commit: Sergey A. Osokin CommitDate: 2024-08-06 01:47:36 +0000 bsd-family-tree: remove EoL whitespace (cherry picked from commit ad5ec5136ba3aa7d2863db23dc97fd875213f7ad) --- share/misc/bsd-family-tree | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index 2cb894059acd..0f99d6d946cc 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -924,7 +924,7 @@ URL: https://web.archive.org/web/20081230094857/http://www.byte.com/art/9410/sec Andreas Klemm, Lars Köller. If you're going to San Francisco ... Die freien BSD-Varianten von Unix. c't April 1997, page 368ff. -FreeBSD Release Information +FreeBSD Release Information URL: https://www.FreeBSD.org/releases/ Manual pages for FreeBSD and ports From nobody Tue Aug 6 01:48:49 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdGS14158z5SNj8; Tue, 06 Aug 2024 01:48:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdGS12Qn1z4Vm9; Tue, 6 Aug 2024 01:48:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908929; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=A0i1C7f274hKrFxK106AogkyjQkBaLRw0myXaJ9LTbc=; b=X9FriRrmdEsHsC9KqjRwOky+eAlUBQSvSF3CAjat0vrL31NecYIDeD75bDP9g89rpSV2lu UT7ZY4nGlUH6InUnX2eGKHuuAIacPTPEIyGSFvxr5V2ZFvjbGrT3Q/dXjuqPRMb0/eENS8 wE6Tet7Rk87RX7w2mZQj3UHRj1yg/Je5PCG8A+UnSTGv14uMm7+v+AnTACunYSG68uwF5v zbAjf/5T46yfZhcHSFs8GVbhQcTB1OxZ6fD8FWNp9vzEA9vA66EGm7/q/BTmpCG56UddTp gXvaxdqRuZeoSiG9PtSKZcZuMDdQvQ3An4/gRf7lwLWgC1q8h1mN5e5sP0NqNg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722908929; a=rsa-sha256; cv=none; b=udVO1pMGm1uE4T4g+49Xg6pfq4gN+r3SfsiFQhCm1SYJUqxjlSWsCvABf/hrijjfss3bs8 mQm0gErH0AAch3X/HcaTjmqB8M4e9wr6p7oZj06dyYIZU/W5B/ewOzTof2OWS4IjlgKEFC CPlktRBoMLd40TFaNruSoQJw/EoZXD6Y6t/GyrOBt28uAimhcfbaoB8ZPHnwRlf/ME4ULR mNRlIjaxFDzpfwzNZKjYRQpgPWHIa5unPMkwEiC3SWmIJ0NABgh3uG+nyomFNAGfTu7sIV kNDfUnLTSZ2ByupeudCHKoFleRFNrkyxUej11A+Yt019LOGhlmRo+hb2hAYStw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908929; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=A0i1C7f274hKrFxK106AogkyjQkBaLRw0myXaJ9LTbc=; b=vwgnBhZ3puEzekg2oF8McEfCi2oXXKqJCzkRBimyJFxCG+GBDlMYybnsjGoepNgrnYxwwp IW+ZOpZSSj2yhxBOh5iCLxPjWkkgoWjNTLrOcuoxNzNE8OVXZb5N/q1llFRZQwdNVrn3Gg wXlIV9F9aegj6/9zMprN4Dwfhu1bf4z0szSgESB/GqYo947w20edZQ2Uwh2b8ciSfCOFQU 5lstPaAng2b8f+KYTw+8fJDTlaEBg5viNQukuT4DoHnNWxLPZbW/ZMOvNduSAXCVXamzZW 4SvU13dHVdJdV6VjLKSgpsB2nrjlbyshtx3FWQGc7V41EXp0wAAx3mCOJXpeHQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdGS1208rzmrk; Tue, 6 Aug 2024 01:48:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4761mnuX064580; Tue, 6 Aug 2024 01:48:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4761mnA6064577; Tue, 6 Aug 2024 01:48:49 GMT (envelope-from git) Date: Tue, 6 Aug 2024 01:48:49 GMT Message-Id: <202408060148.4761mnA6064577@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Sergey A. Osokin" Subject: git: a5661f5d9020 - stable/13 - bsd-family-tree: add NetBSD 10.0 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a5661f5d9020e4acab23318671cb6f7341369bc1 Auto-Submitted: auto-generated The branch stable/13 has been updated by osa: URL: https://cgit.FreeBSD.org/src/commit/?id=a5661f5d9020e4acab23318671cb6f7341369bc1 commit a5661f5d9020e4acab23318671cb6f7341369bc1 Author: Maxim Konovalov AuthorDate: 2024-03-31 18:35:02 +0000 Commit: Sergey A. Osokin CommitDate: 2024-08-06 01:47:14 +0000 bsd-family-tree: add NetBSD 10.0 (cherry picked from commit 07b17a1692a3c067e8f3e2dad31441ae441c5387) --- share/misc/bsd-family-tree | 3 +++ 1 file changed, 3 insertions(+) diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index f72b0befbb1a..2cb894059acd 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -456,6 +456,8 @@ FreeBSD 5.2 | | | | | | | | | | | FreeBSD | | | | | 13.3 | | | | + | | *--NetBSD | | + | | | 10.0 | | | | | | | FreeBSD 15 -current | NetBSD -current OpenBSD -current DragonFly -current | | | | | @@ -886,6 +888,7 @@ macOS 14 2023-09-26 [APL] OpenBSD 7.4 2023-10-16 [OBD] FreeBSD 14.0 2023-11-20 [FBD] FreeBSD 13.3 2024-03-05 [FBD] +NetBSD 10.0 2024-03-28 [NBD] Bibliography ------------------------ From nobody Tue Aug 6 01:48:51 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdGS41RT6z5SNrn; Tue, 06 Aug 2024 01:48:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdGS36RGfz4W0d; Tue, 6 Aug 2024 01:48:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+RCFjzR4qtcIPf+mPU4HWHLUAadA8JmhJQjClm0DpGU=; b=OJTv7JApFC4dvc22Srop4qYMhz3C5mqyivofy4bhCr84EvxBaq8UDRCogrrjPos+lNHhED WGcsEXBf5iviTnte1oeZCGxWqKe37BJx+JVUkyeOqjlKUdTJQRepG3+rJtX84lSxcnJ9Dx Bw7yDNZzJ7iLRGURL45OVQllzMb2e6OspYwrzpKeSQ3uHOUZJAiy45RXcC57+IFokoIqG4 wrTvUSE9VdImOkzuNoIukO7Tz7w+FJ1Te9EDN6nYfMdTKkiBbTROn5lgjYjbAx0Ul+2wQo dDtXhIr2mLaeCv26YfN3Tj31NI8gvp6yXpbEKuFqLYNLTFZ2ReKDLiScvBcJLg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722908931; a=rsa-sha256; cv=none; b=u7JaQ6ASrcZGg186MBVJEhG8ulvnAlfvj6deO0p3SzUBmCU2Ezto6B9NNAJz9Am4FJW7hu qi2ouVA8H9kflYzOx5MA945Vd6qQwULr64NkHRZmLAuBycuzi4sy4wWjptkqI8WTduR2qc LzzmkuMOIDoQzYIRzwHWsMa/CdEH6co0Q+gI5WHuu8qpf5NMfonLsFSeWrIuQ9oFaaNTpa VbbVGBQzPgUyrOz1UU24QLtQcOzprPZejxZqEXEEOXt53LbIdWLRJhm1vR5MddEJ20dLx5 qFp9l9DLCF7Btamx3mMZVyknzbjfnscODgvEEnTfIDY5r3SrjvCocobHTLJjjw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+RCFjzR4qtcIPf+mPU4HWHLUAadA8JmhJQjClm0DpGU=; b=oL5lPMiDw+j+Cfa1Xwcqu1cCmmw07isaig8IsY2aste8N9gag45KnTJmaNEjI76Q20MsHC 9k3QVNDFZUzCSdJ0AY7IOIC2EW/CUHuZcq0Cdol/l8cCVcOjlR8Ab21hAU1VeU+i3rDWC7 GHrDjVe3bAF7ufxmp1WD4kluasCW3qbUy+KLYWCz5LlcTq4pzp1dLD9nrOHPCKEgbyfqnX d4GCWqIRJfSKOCftxYfFhKvYxxrbTJGlwcnxbXjavW4sfzShAIkCYHH8wze+E2sXaCQKFk mcUmYndQ7cxlhpiYCPei9okwoHgZb2+fQ29I5stXRZkxBLZDqZxG/4d1YcQu/A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdGS33zJTznLN; Tue, 6 Aug 2024 01:48:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4761mpvw064672; Tue, 6 Aug 2024 01:48:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4761mpMA064667; Tue, 6 Aug 2024 01:48:51 GMT (envelope-from git) Date: Tue, 6 Aug 2024 01:48:51 GMT Message-Id: <202408060148.4761mpMA064667@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Sergey A. Osokin" Subject: git: ac00a7e1d42a - stable/13 - Add OpenBSD 7.5 to bsd-family-tree List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: ac00a7e1d42a8703bf724de726bd19891359552d Auto-Submitted: auto-generated The branch stable/13 has been updated by osa: URL: https://cgit.FreeBSD.org/src/commit/?id=ac00a7e1d42a8703bf724de726bd19891359552d commit ac00a7e1d42a8703bf724de726bd19891359552d Author: Juraj Lutter AuthorDate: 2024-04-05 06:27:12 +0000 Commit: Sergey A. Osokin CommitDate: 2024-08-06 01:47:57 +0000 Add OpenBSD 7.5 to bsd-family-tree Summary: Add OpenBSD 7.5 to bsd-family-tree Subscribers: imp Differential Revision: https://reviews.freebsd.org/D44643 (cherry picked from commit bb4e55242ecb03b3f6876114b0708b0efa85044a) --- share/misc/bsd-family-tree | 3 +++ 1 file changed, 3 insertions(+) diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index 0f99d6d946cc..bbeb054c1c59 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -459,6 +459,8 @@ FreeBSD 5.2 | | | | | | *--NetBSD | | | | | 10.0 | | | | | | | + | | | OpenBSD 7.5 | + | | | | | FreeBSD 15 -current | NetBSD -current OpenBSD -current DragonFly -current | | | | | v v v v v @@ -889,6 +891,7 @@ OpenBSD 7.4 2023-10-16 [OBD] FreeBSD 14.0 2023-11-20 [FBD] FreeBSD 13.3 2024-03-05 [FBD] NetBSD 10.0 2024-03-28 [NBD] +OpenBSD 7.5 2024-04-05 [OBD] Bibliography ------------------------ From nobody Tue Aug 6 01:48:52 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdGS54L33z5SNj9; Tue, 06 Aug 2024 01:48:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdGS45zLGz4W0p; Tue, 6 Aug 2024 01:48:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908932; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hkRQl94sSIe3ntfwWOwXjhBDdjNg+tliirWhlOeHNiQ=; b=LSTTcGTW/JuBje5YoXRAC20kvQlRHNQeleDPmbPBFmzAInfU69OnREtEPcMaSUTLf2lJsM 4YcXpBu7zqMzhi0w2wF/48v8n6qyMAEgX3WZNlJ0455VX9ULmQ3Przjy1eCPx4fTknKPj7 o4bw4i+UBPebKKbBVHGtuh5vxmosMfD19kbaB8P+hBX8kSMikoUxEdMPOUo1JRlij4IvNf ZuU0m5A7OlQ4aBtICaU0fv2QtpWKQLi4WGZrFAPock0P+3VYmCi7ywLTjq42ovcgB3u1qX B9u3QSMLAX9c2wGUmJvHbgqEicquIIs7JgRxPs+LHrxYE7PCzZHnOnixgZULsA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722908932; a=rsa-sha256; cv=none; b=M2ZTxXcpwptADoujhIzIvjbdFMWKXmxMNvw+m4+PVtjuEbqTyoEyTzxoar3MkoHVBKg7JL z/ju6UO+J3kbtvz26g7hfT4/UCWyiX3tCAw9913ktpJpxkbNDdpvlEhPHxw9nf95EVfqV/ 59qiZtiJrDB/CDgVARk7vSbu0QDN+NTOR25UMkh6NP9+N8Eus1SGtmgGdtigaffMp+zZxm vC7TXrPjKVtIbAPfrorq9XmdVSbjJUtweaJjoBaRBfTecvHNnNgT+u+5Rmna+l5qOliYjO gKRG7qxqwzRGUhq0KP6Bt0K4JX+029jUxNjmHLZLLDeIBP/BTX4ZtkaIbhRjJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722908932; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hkRQl94sSIe3ntfwWOwXjhBDdjNg+tliirWhlOeHNiQ=; b=G6kLo5e/fxDeDBRpy9tb8D+IeZa3cxkSfGXQS5zSQ8qxm9ZlX7kReP6RGdQkVHQPeLzj93 M0nfKcU3PLUWLFhjwAZ+Hzm+p83W9fDuElsNUl9cigqLscG/h7ZJN3R5MqVSqGbsZXAhqU RrR2ZRJl4KfOmlIoWpiHl7LAwBcOD5Psxqq1cg/hR/YRmGiYWP6zp7y9fNTIkdNlWTm1J2 nsb79Fe1LN5twqit1MOygzN6QGDYZptXoK5EJqhGnvTU9Byr0l5UxTFonLAAsdvVCuArTH mU2LXlorA5DX9le/BwghJnlA/ZjbsX7k8WNe/7HeVhlLxioJDVY13DzYbH/8cw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdGS44fNzzn6b; Tue, 6 Aug 2024 01:48:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4761mqEG064716; Tue, 6 Aug 2024 01:48:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4761mqSN064713; Tue, 6 Aug 2024 01:48:52 GMT (envelope-from git) Date: Tue, 6 Aug 2024 01:48:52 GMT Message-Id: <202408060148.4761mqSN064713@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Sergey A. Osokin" Subject: git: 38e43c905725 - stable/13 - bsd-family-tree: add FreeBSD 14.1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 38e43c90572511498fbad9e717870eec954cffed Auto-Submitted: auto-generated The branch stable/13 has been updated by osa: URL: https://cgit.FreeBSD.org/src/commit/?id=38e43c90572511498fbad9e717870eec954cffed commit 38e43c90572511498fbad9e717870eec954cffed Author: Sergey A. Osokin AuthorDate: 2024-08-03 15:48:55 +0000 Commit: Sergey A. Osokin CommitDate: 2024-08-06 01:48:15 +0000 bsd-family-tree: add FreeBSD 14.1 MFC after: 3 days (cherry picked from commit 2b4aa2816cd2988d0e20cee9035d8ab9712d6708) --- share/misc/bsd-family-tree | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/share/misc/bsd-family-tree b/share/misc/bsd-family-tree index bbeb054c1c59..a30ad2835676 100644 --- a/share/misc/bsd-family-tree +++ b/share/misc/bsd-family-tree @@ -453,13 +453,15 @@ FreeBSD 5.2 | | | | | | | | OpenBSD 7.4 | *--FreeBSD | | | | | | 14.0 | | | | | - | | | | | | - | FreeBSD | | | | - | 13.3 | | | | - | | *--NetBSD | | - | | | 10.0 | | - | | | | | - | | | OpenBSD 7.5 | + | | | | | | | + | | FreeBSD | | | | + | | 13.3 | | | | + | | | *--NetBSD | | + | | | | 10.0 | | + | | | | | | + | | | | OpenBSD 7.5 | + | FreeBSD | | | | + | 14.1 | | | | | | | | | FreeBSD 15 -current | NetBSD -current OpenBSD -current DragonFly -current | | | | | @@ -892,6 +894,7 @@ FreeBSD 14.0 2023-11-20 [FBD] FreeBSD 13.3 2024-03-05 [FBD] NetBSD 10.0 2024-03-28 [NBD] OpenBSD 7.5 2024-04-05 [OBD] +FreeBSD 14.1 2024-06-04 [FBD] Bibliography ------------------------ From nobody Tue Aug 6 02:46:47 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdHkv4Mxlz5STRd; Tue, 06 Aug 2024 02:46:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdHkv3sDsz4brV; Tue, 6 Aug 2024 02:46:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722912407; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kIHA1s3r7tYfABU09V7E0m9fZJAwJBZoXmYwpsrVH1Q=; b=GmZY+TvgCoOxnlYoRKn+bbMj5kX5frsAu0O+/QYPZhXNAeWvVTn46Lsf9PLY+7KWFrzaxf xTl5nJ9tMwx3AKYlDsVLt/M4cVvMwyZhIE+PvFb3bt4vEK05s942NGmOir98sw8h9/TsaN AWgHZs2sCnf7j6/VQBswAv1xvLCZYqJvTrqAPNd+RVlpJiDv/ZFM9wOc5o8HzE9Um9xtxD xdUjMz2pU+LTOZILgFhtBJOo1Z0CPqtYN+2IC4WM1pNzFqFKspRJ3Qccu+fJixdSX8xTZV ssRcy/r3NnR6OuhuCFx8XcBNpWa1+Gv4DVDPudCqHZ4krlE//EY7wXKAudNDlg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722912407; a=rsa-sha256; cv=none; b=CKhC3ZCPsNBxAJ1gfEIMMnPPbuv+zBUOflvBtHFAeN6Xp4yfD7xUMZV9iJR9gqAan8prLb z2rMaDDvge2ZX/qdLE1CRyD1Myuu/meyQAp0OhwVUV1A1rR74XotqwCxVCi0qxl9wB5+5/ ezfOZbjNe3f/lMz1TypFBYmpGmocj6M2VQXPJqytA0Z4bN1/QWA08tn9Rw8HKXBKfrS35K tGO7igitih/y9PWsl5Ln5xULpOHNCjBAtzyCuTkywqeCR1hHew4h/Ga3su2Ndh1+03FWAT DL8wWuW+2HBfRMv8T2zvAfZM14shCND/LUn+ICxdeTQj844fCZF9liMskSpCeg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722912407; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kIHA1s3r7tYfABU09V7E0m9fZJAwJBZoXmYwpsrVH1Q=; b=d/54j6ih1uk9S4kEXvbR7MFkGXVcgzaU8uWaH1u0kWPCAQBQszHafOney/hWHuTGLj3irv 1tsk8G9K25s8WyZAOzMuH8QdrIhUDzvcuvV21EFywQQnJuKbAWk6808ORZmgfeWFJHgxvF aXdWZ6qj6ZLjsHj0DqLnTCbIv6cktzJizfOCo0kRZRqZfJxBYKcc7OItWPFzY46QqvchTz xMf5X6pJFVMhXd4pSsMCBnzdRL0foSlMl8vqCm7Ulsza78aAKZ2n/qVdaUFM/TEh9b+1eu 0exyPoQQaI7GYV8ORGF46YSsx+HXioFPbwMHGjFr2NYGtIBmeAO/DsRqhzM45w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdHkv3KfczpZf; Tue, 6 Aug 2024 02:46:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4762klwo066111; Tue, 6 Aug 2024 02:46:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4762kltZ066108; Tue, 6 Aug 2024 02:46:47 GMT (envelope-from git) Date: Tue, 6 Aug 2024 02:46:47 GMT Message-Id: <202408060246.4762kltZ066108@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 5b1211bb358f - stable/14 - mlx5en: limit reporting eeprom read failure due to unplugged module to verboseboot List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5b1211bb358f649b36375361395359541b3ed5d7 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=5b1211bb358f649b36375361395359541b3ed5d7 commit 5b1211bb358f649b36375361395359541b3ed5d7 Author: Konstantin Belousov AuthorDate: 2024-07-26 21:09:58 +0000 Commit: Konstantin Belousov CommitDate: 2024-08-06 02:46:26 +0000 mlx5en: limit reporting eeprom read failure due to unplugged module to verboseboot (cherry picked from commit 2204a4829083bf2a40304ea873d287a5498973d7) --- sys/dev/mlx5/mlx5_en/mlx5_en_main.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sys/dev/mlx5/mlx5_en/mlx5_en_main.c b/sys/dev/mlx5/mlx5_en/mlx5_en_main.c index 97ec1b4420a8..55a4bc3cec79 100644 --- a/sys/dev/mlx5/mlx5_en/mlx5_en_main.c +++ b/sys/dev/mlx5/mlx5_en/mlx5_en_main.c @@ -3674,9 +3674,11 @@ out: /* Check if module is present before doing an access */ module_status = mlx5_query_module_status(priv->mdev, module_num); if (module_status != MLX5_MODULE_STATUS_PLUGGED_ENABLED) { - mlx5_en_err(ifp, - "Query module %d status: not plugged (%d), eeprom reading is not supported\n", - module_num, module_status); + if (bootverbose) + mlx5_en_err(ifp, + "Query module %d status: not plugged (%d), " + "eeprom reading is not supported\n", + module_num, module_status); error = EINVAL; goto err_i2c; } From nobody Tue Aug 6 16:40:59 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdfFR1vplz5SFys; Tue, 06 Aug 2024 16:40:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdfFR1TnDz42N5; Tue, 6 Aug 2024 16:40:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722962459; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KvZ1AjuqiGxKmYlx0vMHlqlUalSuEJWdBj1Xdhq8+wU=; b=dBEn/TMnYnACmZCFedoIhjKZzJhIsJP4lW/3iTO3tYX2PUnb6V4l9KtZPMLPGqVw+/gVZ+ 0DW46tttUWVs2TJnHkubPZi3uyWewdO4ykoXfIUfSl0+faKkHyP5jukypCIE7XfsaECLP1 KJDVKgb1N1EV4ljpX0sC1SxyZqbxuP/hRBlz5/A0n5UjvyftY/73zyUyAtVWxRd7l+j1xI yCPjOSzzM6RKci7TsgcYq3JNZR4hP3o3De0T1MQjKiuUaG1XXKykDlw8/HjcZZnNa9LAOK YPrxlK4MF2EPMNF8Neh+PN+mu7XBf462sP1coKVAgjCXQb7K37TE2umamquasA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722962459; a=rsa-sha256; cv=none; b=UbuddeN68wDUm8/1tH5z+hmgNCgVGHN+Q8XIxOfXHsPenEUDPUN1H4sSsYz9RVv4MOC/Xi vlfGNEk9QlGet+w3HQM4DxPX1OI08jI+SdKeVAGnpgN49JybupgACBRpNKSwvFDmlrEr3m 4GiImNYQYireN9WdrUDK9ZW4XA2ED1UT2B96qwmRDEQAyoVC7FkyuZUSCSAjV9W4X3TbZf gCwlQDyDFXZ+hyyMyD/NKH0XenfHRgo2qEoRojlGGea7mqj0zxHVxWN4oUcgxi3WR6TITI 2qS4vbapTbU6jHtDTzY3r95024FqfB92gO/RKfS3lPmOjrnVREyvb5NzehBG2Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722962459; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KvZ1AjuqiGxKmYlx0vMHlqlUalSuEJWdBj1Xdhq8+wU=; b=ymkSRwptqKm8PsIslaCrPIXoGtpq/FDbpvP+0BFX2USL40SPl1xP2t5j/t7p7Xc1RCpyO9 pBfebuVfEgOZJTEYoAlWlJAD04YLy/SUbOjJaZADhYbgL8OagWAh5Z0bEZb6tDwd1hQld+ VNRsTZLox1Hb+lBzTweLKa3QLQOuyYkBeRhqeLg4pQrN/tlgvW5gC0z+GzE/elaGrA5Au6 98Xlx5r24MdK2GLj+pJ7A+O8BUeo1hehPh8wuF+j9wKFjcpeg02ICSqB14uVx9r6NQb1K/ JZCTOI6kdebVcUShIKXhs5uYidovNwgjOJuLElSBrkmlpiDDRkRImkzGizPXUQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdfFR15lVzFHq; Tue, 6 Aug 2024 16:40:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476GexXX083975; Tue, 6 Aug 2024 16:40:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476Gex60083972; Tue, 6 Aug 2024 16:40:59 GMT (envelope-from git) Date: Tue, 6 Aug 2024 16:40:59 GMT Message-Id: <202408061640.476Gex60083972@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 067adbb4beac - stable/14 - malloc: Handle large malloc sizes in malloc_size() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 067adbb4beace0c5554926012ae1b782748bc660 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=067adbb4beace0c5554926012ae1b782748bc660 commit 067adbb4beace0c5554926012ae1b782748bc660 Author: Mark Johnston AuthorDate: 2024-07-24 20:16:20 +0000 Commit: Mark Johnston CommitDate: 2024-08-06 16:40:51 +0000 malloc: Handle large malloc sizes in malloc_size() Reviewed by: kib, emaste MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D45661 (cherry picked from commit 1c30cf95098e999ee24b2396763b4f65d021cdf0) --- sys/kern/kern_malloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c index 6e0d12983a2b..08530b2a8930 100644 --- a/sys/kern/kern_malloc.c +++ b/sys/kern/kern_malloc.c @@ -1068,7 +1068,7 @@ malloc_size(size_t size) int indx; if (size > kmem_zmax) - return (0); + return (round_page(size)); if (size & KMEM_ZMASK) size = (size & ~KMEM_ZMASK) + KMEM_ZBASE; indx = kmemsize[size >> KMEM_ZSHIFT]; From nobody Tue Aug 6 16:41:00 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdfFS5nB3z5SFsH; Tue, 06 Aug 2024 16:41:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdfFS49Dbz42l3; Tue, 6 Aug 2024 16:41:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722962460; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Nz7hM2uIbImfOsmpJ25J6wNTSK1BXjwpu9ZSb66mtFA=; b=KrZkiYhOMkgiYMDznJSw5iWi+vS7jiIKFKgXExDiuxdc0HKSCwED3VGFmlTw1PBWVv2Njd 5azM8GpqMObPTrmg1rFVNaMt7kZkAaFFFFVULodQsAghkkCf/n4q2LZ8GJl6nUriV4golt fxxP6Pw/KXWzW76BZCZmdJ/b2rf7RXIDvMDMkt/Cdw1625GkK5n4RKO4qOpdz+UsklFta4 6F/VQwIrXknMddRBzu0cksek8eKUdr0xuOsveQFgNHd59aGYTUoBgxOvh24aWnC5YUFzc5 cFR9rJSBMsYxekdaVzc81NTQe0MY1hSYahz3AfJLcgWBLHfg8ACTS/LEfEKbYg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722962460; a=rsa-sha256; cv=none; b=aDXZBCanrru2r976YYPKPyWUoGA3CNhndTer9xvp+dc08QfQx6Azo0rgT/RXTQAztPK5uu cuqENe4Sa0keWKlkFCYwKN++wsGhp1U/eCKaneqWWuenTcCPbwjwHzYSTL7MsrDZN7mq+B jGeriag/mfAI/0igdA7+cUfp4LJI80M7iwKNEMJYzd3+CAx+IwLBB+k5WbaNDtUAn/tj1Z 6m5/n0WR6ZJYEtrHW+Rpnrr3vmBhL2LlCdiM/muUJRzNpxdkfO9UibceLIO0Ay+6pKmeEf aEYdzJXxSsXHrmyn0xC2rC8Nf2sfxFyCSbOPJu2S2sP/t98xfMBk9ITmEUaLlg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722962460; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Nz7hM2uIbImfOsmpJ25J6wNTSK1BXjwpu9ZSb66mtFA=; b=iE1vL7qRUdZhD7tvuugxsDKncqdF+Qez1BwbOKt/UAg5ITt/Tu5StpQ8uky58rKsxW7f8w cGOw1PwkgbS3gXZHNkOVVm2ISeKz9D3//vqfEcfna28NNwJOHmo8ErW3j+KPG0IkOWPdox aLgYQSd1bQ2uVYsrqDtEbzrqJgb7P81a5JwI0vknGAqdazO9QB6myHN8TCF1DNNVitiWE1 nwn5bbOPqBaQDyRoHZsL/LGCuUb/Q8UkDPBGloouCM/1OSweslTd6ru6+oFiFwjA6PuNHq KNNVRvnWbQ1Tjt9dp3whPctTy8PnO/LyP7yK9k/UkQJIi0s7zcemcEcxHfZJOw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdfFS24KdzFQH; Tue, 6 Aug 2024 16:41:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476Gf0cG084033; Tue, 6 Aug 2024 16:41:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476Gf0BM084030; Tue, 6 Aug 2024 16:41:00 GMT (envelope-from git) Date: Tue, 6 Aug 2024 16:41:00 GMT Message-Id: <202408061641.476Gf0BM084030@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 014b6c341d9c - stable/14 - ktrace tests: Add a missing mode in open(O_CREAT) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 014b6c341d9cfec30ec28cea9f304abbc156e625 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=014b6c341d9cfec30ec28cea9f304abbc156e625 commit 014b6c341d9cfec30ec28cea9f304abbc156e625 Author: Mark Johnston AuthorDate: 2024-07-28 15:31:40 +0000 Commit: Mark Johnston CommitDate: 2024-08-06 16:40:51 +0000 ktrace tests: Add a missing mode in open(O_CREAT) MFC after: 1 week (cherry picked from commit 9cc67e43610e34a692398a65adcc5e8846e84250) --- tests/sys/kern/ktrace_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sys/kern/ktrace_test.c b/tests/sys/kern/ktrace_test.c index 21868441c687..9d4c2dbdcd74 100644 --- a/tests/sys/kern/ktrace_test.c +++ b/tests/sys/kern/ktrace_test.c @@ -116,7 +116,7 @@ cap_trace_child(int cpid, struct ktr_cap_fail *v, int numv) int error, fd, i; ATF_REQUIRE((fd = open("ktrace.out", - O_RDONLY | O_CREAT | O_TRUNC)) != -1); + O_RDONLY | O_CREAT | O_TRUNC, 0600)) != -1); ATF_REQUIRE(ktrace("ktrace.out", KTROP_SET, KTRFAC_CAPFAIL, cpid) != -1); /* Notify child that we've starting tracing. */ From nobody Tue Aug 6 19:43:54 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdkJV3CfVz5SXTy; Tue, 06 Aug 2024 19:43:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdkJV2Nfkz4M5L; Tue, 6 Aug 2024 19:43:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722973434; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6EK/gXhUpjZpkpHfubqX804N/y4N7d9k+JkyoJ6WINI=; b=cBIu35WL+9UDa4C4s2aVuQjAURt7avFdKNQ+lVE8OZEXx88Diy85RsCaBUU5Q61Lrh262H dCbRZ4Ls9GoSEqU/aMotIFuQ0tnyXJdxv3L2V325ikULDIqJK8YS07I/DpkAMGGBrus+a+ Scv6+K0cYlSXLkY6zstpcorKF74WPk0knKqcroZlnXxbZcYAAW5r3jTb74nva4vT7NQ1KL jBTTVVdLsghgUpmfsTfeZx/+VcBAmqOVz/YYmttiVGAaoksXOrCbsdAGvLhrBaXLYbfBUe l4zk9QtgTl2in4bjf4ReNCjgW1aSPSHLv17Pb3uym5yDjsySoClvOV8Rw+emsg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722973434; a=rsa-sha256; cv=none; b=Xj94FwieUHcW//j0PYLsxhneHpJn5Cj0pVbQTZqC5ZBnyWvzlD+Q5gqbPxUkadtGH25GG6 N604Y/3ta6YkXc9H8rGgwcmn8O0DgpclbsZqso7v+k0gmLKE2zqb44GCgi/I10T8uDEa0o +RPeOM2dTh9b4I+YgaL7SmIwoyUN4XAc13Isr7t6GRCqQyCUM05nNaoYUeLeBa1aHvKFcC seV+don8R/wxo9ZHBJLZGtSQmtn6QTLWAAL0htz474WooJ2fvNV8xuxFXYHzAW/hycHZOX 4mXuQ0JYIkIHCVzCpUNkvgyi6f9J/SPKkuguNlfqi7FQFSbx0vGx5h9x51S0iQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722973434; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6EK/gXhUpjZpkpHfubqX804N/y4N7d9k+JkyoJ6WINI=; b=rY8x9CnbIs0wrIbxPciCoZMHIt/DVEogHQYsBcDtVgvWQqvV2Po8P/LDP226OZw1pDmTzo AKJkZwHqEl3bqRNfgfLT1YpNJVQ5LRF9OvWjjfDon+AQdXSMikGLc1JS0mPpcuYCVj6g/w DlUiX6y1qkyQXPGBw7YVAGPfwOX6wH0i8sYXaI2C5d8zYD5Xc18smjrG5ayz2N/zsfCbMS qmN9CsjHFcqz4jF3Aypj32U1yYFVwDYr6S9vfK1Ob2v5sHVKBMEfLeS0PnDWd3+sGESina W5YP1qFY82tlkfJpRKRON94cOKIo/73gFuyBDH4VQv7it8sRpdVSf+6PdkKZOQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdkJV1dnyzKvS; Tue, 6 Aug 2024 19:43:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476JhsEG095770; Tue, 6 Aug 2024 19:43:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476JhsNs095767; Tue, 6 Aug 2024 19:43:54 GMT (envelope-from git) Date: Tue, 6 Aug 2024 19:43:54 GMT Message-Id: <202408061943.476JhsNs095767@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 73466449a9bf - stable/14 - sshd: remove blacklist call from grace_alarm_timer List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 73466449a9bf1888147c53d622236cebc0aa591b Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=73466449a9bf1888147c53d622236cebc0aa591b commit 73466449a9bf1888147c53d622236cebc0aa591b Author: Ed Maste AuthorDate: 2024-08-01 00:04:46 +0000 Commit: Ed Maste CommitDate: 2024-08-06 19:39:40 +0000 sshd: remove blacklist call from grace_alarm_timer Under certain circumstances it may call log(3), which is not async- signal-safe. For now just remove the blacklist integration from this path, which means that blacklistd will not detect and firewall hosts that establish a connection but do nothing further. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46203 (cherry picked from commit 2739a6845031e69be7c03461a9335d8bbb9f59bd) (cherry picked from commit 3d3bae9b95388169d396adc8007585699c5a23e0) Approved by: so --- crypto/openssh/sshd.c | 2 -- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 0c83e0ea468e..889f2056bc75 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -377,8 +377,6 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } - BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, "ssh"); - /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", ssh_remote_ipaddr(the_active_state), diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index a06f8fcc13d1..7f559775e3b3 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240318 +#VersionAddendum FreeBSD-20240806 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 0715b1f9d581..4de510ac8795 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1944,7 +1944,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240318 . +.Qq FreeBSD-20240806 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 836b5650b247..82be0be8498f 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240701" +#define SSH_VERSION_FREEBSD "FreeBSD-20240806" From nobody Tue Aug 6 19:46:19 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdkMJ29bVz5SXbX; Tue, 06 Aug 2024 19:46:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdkMJ1fzbz4MV0; Tue, 6 Aug 2024 19:46:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722973580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1k2QIiakN19gveCBQxpiG0TGijUsgrXvlRqLq9z6m6g=; b=bd/EsCoU3P0N8tx55eCnJH3CjFIHD8D74YGfL+uEK4iRI3S9ToDO7ck4FgA2Ez4T6eG5T0 U0ZkN6qXmDT7fAIhnP5EHyRs38d7jXyX0ItKSSTcKkbGLqukGx9axqz8sGmq+f1g5oYcCF P1XYFmOtZZZSrWZ7XzmBC9e1GNC7azfXs758V7U0d9Sq8AnsTGz4XQxAmGgm4ZrPhNL8tC +PS6VHJ1dPn//Mk+xk6Ttkf6SO1eDXTY/46U/4/FUKs40RwITpGCEDRtYzzDWI5GmWxo+g MlJefgdFmf3Jetd+ob/2vC5earJ5F0Vh6OCOmGs5bZhVV2vQfJRyPtwCb5vMew== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722973580; a=rsa-sha256; cv=none; b=NVdZx7goKctn5KEB9CqddSzmNh1m1xN2jCheLAwVfuHNoNq3BnyHgUFhWE5fRY0+hYRkKr NPu7EhKkR1oowYESClH99yVU7zxNmX+ZfsiexIriuXa3pR7qGQbTKqus6b5LIOMNFei/WS zgioIMJjhyAjaOIT76uPLfiWVX3XVbtlIygilmH1OqTAa+Fm9EnTaQgCMdHNUHecTkUggr uNFPRet37/Gt4jVvD/YzzfekVyew6bhwqEzpfIOb39D7ThsD+u18xlCSig+TmDDW+InFe4 UUckeZnydFHf3irIvy+27TwfFirvDvY6tpSI7FXtiNK5LMEEpCS3iF49oo+crg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722973580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1k2QIiakN19gveCBQxpiG0TGijUsgrXvlRqLq9z6m6g=; b=Sm/VhZ5Z4vhSqNo3Rn0vcAZ/VZ2OKy22VLs9UXYPa2KBqvPtm8JrvZAqbRK20VpWrgcqqR AvgaiFsX69JNZUIV/AUDSwcz8mTUcByeCDm5WE+Ye5H/KExN5JDerLkdJk2fyAjyN3L3+B vFp5wMzNdlO5GwGKunUvIosOup9TvghSxGZwqLAm7TBhLD2ZgfZAK2MoIeEDwWSlcfy5ED hoNPGGhMpDsKV2WCrhb2wvIlXHak4mYryvUYcgjvJNWUV4njomEDJz6/kNzg4RYjGjewpR lZUq7H4qyZIHL/nBcvDbJzusxirw859g0KreQS3EBmqWGVxMhO17ZfPsD45+Ag== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdkMJ0zxTzKrq; Tue, 6 Aug 2024 19:46:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476JkJTr096224; Tue, 6 Aug 2024 19:46:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476JkJCb096221; Tue, 6 Aug 2024 19:46:19 GMT (envelope-from git) Date: Tue, 6 Aug 2024 19:46:19 GMT Message-Id: <202408061946.476JkJCb096221@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: d5f16ef6463d - stable/13 - sshd: remove blacklist call from grace_alarm_timer List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: d5f16ef6463d73270e4380f3498410c8ad91f495 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=d5f16ef6463d73270e4380f3498410c8ad91f495 commit d5f16ef6463d73270e4380f3498410c8ad91f495 Author: Ed Maste AuthorDate: 2024-08-01 00:04:46 +0000 Commit: Ed Maste CommitDate: 2024-08-06 19:46:01 +0000 sshd: remove blacklist call from grace_alarm_timer Under certain circumstances it may call log(3), which is not async- signal-safe. For now just remove the blacklist integration from this path, which means that blacklistd will not detect and firewall hosts that establish a connection but do nothing further. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46203 (cherry picked from commit 2739a6845031e69be7c03461a9335d8bbb9f59bd) (cherry picked from commit 3d3bae9b95388169d396adc8007585699c5a23e0) (cherry picked from commit 73466449a9bf1888147c53d622236cebc0aa591b) Approved by: so --- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 2 +- crypto/openssh/sshd.c | 2 -- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 6 files changed, 5 insertions(+), 7 deletions(-) diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 36c6c7785fd2..a047ce2deb93 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -44,4 +44,4 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # UserKnownHostsFile ~/.ssh/known_hosts.d/%k -# VersionAddendum FreeBSD-20240318 +# VersionAddendum FreeBSD-20240806 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 020d254f7f0d..de1903ba43a2 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -2137,7 +2137,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20240318 . +.Dq FreeBSD-20240806 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 0c83e0ea468e..889f2056bc75 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -377,8 +377,6 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } - BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, "ssh"); - /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", ssh_remote_ipaddr(the_active_state), diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 54a1d9d486d0..866e905d9515 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240318 +#VersionAddendum FreeBSD-20240806 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 1c3de78d1cf0..a354c1ef2b0a 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1947,7 +1947,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240318 . +.Qq FreeBSD-20240806 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 836b5650b247..82be0be8498f 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240701" +#define SSH_VERSION_FREEBSD "FreeBSD-20240806" From nobody Tue Aug 6 20:43:35 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdldM33s5z5Sd5V; Tue, 06 Aug 2024 20:43:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdldM2XLCz4ThZ; Tue, 6 Aug 2024 20:43:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722977015; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RTk5BX/wY+TZsuPy5reFE4ZE1eiLBX4CnxhatW6oOpI=; b=g1go5RwzGf7ScM7u26Wdaqtdd6x0Lwfir9Tazd5igFuyUL1QVzSikDN3xI07NSo0Dsmg8x 9y+6FM0W6KrZrx9LTXAsPdrfI9//MnMCRATOqZrwedUTu/LaXlibpSj5fOUucLozwlzOfe 69Hf1CJ654Mn1HtGV1LsE8qvOjXJ345WkiO4iN9v9vZ9mCVGTVjcSybWWuV3sh3qms3mbj NAgNteGU1fbvdbcXwMzF1yNZpIbqjN1TqLiMhpzDvCTi7NxA6pXgWYDy+vihWM8shRmS7h jd6VX6tS5iDbtye5rZY9bpuyjEmKXiW8HeRIF4pMhu3Ck2F0lNe7QRcMDKOxWA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722977015; a=rsa-sha256; cv=none; b=kWO3MeFuy6MjZ0t+q88hdOqnIoLkVZ7QH3tvA97am35Uqi08wFPperQ+T8FW4/k0ym9b9+ VUMMFwzDQBPOtUv3t90pwb3OVTPAT3YVf+Q+EoFUD47mnAIy6p28djnGq9e2fOpcbjTDJl +vJkL6e54zDQyLrGYdS8CEcWHMfGHroPsnSbCtzFlQv9UkaVgdOAi6DIbQYVWMQq78F2Cw DBEAgxDAiYmYsTuMFVVTf1Q2teFjBboOeo3sC0M7u2EVr31080Zi/ia1S/k1djouqgoG48 KQegcRsmnsqQKDCQRXAiQpHX0BTXhtsWQSYFd7a1wQIWtwFp9cbs/GH26EbTBQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722977015; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RTk5BX/wY+TZsuPy5reFE4ZE1eiLBX4CnxhatW6oOpI=; b=k5eUthutBHOqf1odC9j09Kd8KFoBG5jtuZBwz+t2InvNpF6+EGb+8K5ZnwHft78a074rMa /XrJUnl8WtSJVZmgp0Ws32LIC4yXbnnv7vPhlfruoKN9KtvKAnYzob82rDYCQZ+kgRl4DA NRcelt0OVa2crHZTa+0Sc0ugr+whuNNHuqHmvHhDtq12niBdF/yo/NlxFtuVW+9YXvlbmF 3YCfrFKBNVUFuzmmCPnlvft9K4wvFVNNHXARXevRAM/apM/SQqWdDDfSnsEIFRoU9H3Ha1 ps2Ujv0T2CvddWYlMn+bhpqllYWv2yZROQ37i3FWXqnPO5uwK5mNApJdMhlftQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdldM27Y1zMPN; Tue, 6 Aug 2024 20:43:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476KhZEo097610; Tue, 6 Aug 2024 20:43:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476KhZG3097607; Tue, 6 Aug 2024 20:43:35 GMT (envelope-from git) Date: Tue, 6 Aug 2024 20:43:35 GMT Message-Id: <202408062043.476KhZG3097607@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 6cd4450c6c9a - stable/14 - msun: update Clang bug reference in fma test List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 6cd4450c6c9a83a0fd9430df7ec02c4c3203ad25 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=6cd4450c6c9a83a0fd9430df7ec02c4c3203ad25 commit 6cd4450c6c9a83a0fd9430df7ec02c4c3203ad25 Author: Ed Maste AuthorDate: 2024-06-12 00:23:44 +0000 Commit: Ed Maste CommitDate: 2024-08-06 19:39:52 +0000 msun: update Clang bug reference in fma test LLVM bugzilla bug 8100 became issue #8472 with the migration to GitHub. https://github.com/llvm/llvm-project/issues/8472 (cherry picked from commit 92927b8bcf51dcbcf99d633c1b3cab3cab2373ac) --- lib/msun/src/s_fma.c | 4 ++-- lib/msun/src/s_fmal.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/msun/src/s_fma.c b/lib/msun/src/s_fma.c index b8a342646d85..16902d321290 100644 --- a/lib/msun/src/s_fma.c +++ b/lib/msun/src/s_fma.c @@ -244,7 +244,7 @@ fma(double x, double y, double z) zs = copysign(DBL_MIN, zs); fesetround(FE_TONEAREST); - /* work around clang bug 8100 */ + /* work around clang issue #8472 */ volatile double vxs = xs; /* @@ -276,7 +276,7 @@ fma(double x, double y, double z) * rounding modes. */ fesetround(oround); - /* work around clang bug 8100 */ + /* work around clang issue #8472 */ volatile double vrlo = r.lo; adj = vrlo + xy.lo; return (ldexp(r.hi + adj, spread)); diff --git a/lib/msun/src/s_fmal.c b/lib/msun/src/s_fmal.c index 3d333632127c..9d08bc72e12e 100644 --- a/lib/msun/src/s_fmal.c +++ b/lib/msun/src/s_fmal.c @@ -225,7 +225,7 @@ fmal(long double x, long double y, long double z) zs = copysignl(LDBL_MIN, zs); fesetround(FE_TONEAREST); - /* work around clang bug 8100 */ + /* work around clang issue #8472 */ volatile long double vxs = xs; /* @@ -257,7 +257,7 @@ fmal(long double x, long double y, long double z) * rounding modes. */ fesetround(oround); - /* work around clang bug 8100 */ + /* work around clang issue #8472 */ volatile long double vrlo = r.lo; adj = vrlo + xy.lo; return (ldexpl(r.hi + adj, spread)); From nobody Tue Aug 6 20:44:09 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wdlf12YCXz5SdBN; Tue, 06 Aug 2024 20:44:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wdlf121Y1z4VCj; Tue, 6 Aug 2024 20:44:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722977049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+YD1y9wyhLvXWjO4HCXy2mRoolUfC28XzNzEyMuBtt0=; b=rgFShhBcscUBgHB0M2BIUbSOvDWDgThKNXf83c6Z6lUrsi8sj1/NQgVWcu1YvNT1BALmdg 2FtjuQq/Oz823VubNOWsoN76wLfMxfxHT/O8d98NzXmU8i/T9MM8MqDnLaobIAp4FOXqey UgkGH3b75mH+HoFjNFZwLWLa8ecr8OLSJF1Ja5z2ceCTwgt/1hm1BeI88UVqGYBW3m1gQE 7XlfXVKon2U3J99IC52IamwHdKpnxMkLI2iZP+4sSYzXy2cQb/L+Wf5pupTFbQ/aAagZ6g w0I//y49eTQ9sZgcORXjRdZxDH8gPEn7xDrTm0XoLaMS+N4sZq+TSw3CNhr4HQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722977049; a=rsa-sha256; cv=none; b=Al0Po1WE8dRBR9ygDjQmm/hRnPSVe7Qr67V0leFq1JygpE8suERXP9bWiRBmdKUwRfGTHW b2hm/Ur6pdsiKjvt33rL1Tl43XFMy7XFLPDHUcMbcM3923q5G6AT7xFKBmakR6oBBij7TM 1wfWz591/N52phZ2K0KXFUk++vco4iiMd1xPijZxp1H4Z7qJq7W2DhMh2RPkN9uomagE2I vwarD7+b3OTItCit8CugWtd0f32qOU1x0c6AKdkW9/wztIGokht1EZsGWruTQKF+SbkJnw fxO/dcHm+A1jBIRnCPAiPjpgwq2v64I/jSkEu7DF+9bcW8AvQ05s9Y4uw0EOcQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722977049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+YD1y9wyhLvXWjO4HCXy2mRoolUfC28XzNzEyMuBtt0=; b=GEKyq7949F0NBSV8Efu5LExJJlvMB5war0gCAICgj5jM6YlYz2VwVVfcTe7W+WXHuexp5A FojTUqs6M+QKCgWcEQSXfuT/+ejIvZ7jVSYYbuM+thLVd9j2PlMLJKso1Glsw9p0hCH0ny j3GEsbcEa7pyrNqhLSEzXc7NIdyZmlqA49bTGQPxXHFiHgVILoiaqkjJkNlqGI5aj9TITj us05v6yECRbzQc+skfhQ/+czKNBVQqEdNpHQzdf00LCaPNTWZoj7zHrnFY2EOX8eJ+4j2x EWEJYQiyxD/XYoNgDJaIL4srpV3/zGNOMehksYu+sVsSyPfBGez5kunEF1ZBDw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wdlf11cPJzMTb; Tue, 6 Aug 2024 20:44:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476Ki9xk097857; Tue, 6 Aug 2024 20:44:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476Ki9L1097854; Tue, 6 Aug 2024 20:44:09 GMT (envelope-from git) Date: Tue, 6 Aug 2024 20:44:09 GMT Message-Id: <202408062044.476Ki9L1097854@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: d1d8c9114751 - stable/14 - libm: add parens to clarify expressions in fma, fmal List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: d1d8c9114751ee481aa6ff980caa2640f8d6848d Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=d1d8c9114751ee481aa6ff980caa2640f8d6848d commit d1d8c9114751ee481aa6ff980caa2640f8d6848d Author: Ed Maste AuthorDate: 2024-06-18 01:30:44 +0000 Commit: Ed Maste CommitDate: 2024-08-06 19:39:52 +0000 libm: add parens to clarify expressions in fma, fmal Obtained from: NetBSD (cherry picked from commit 001606523a48ca2aa440c985db47327a00671358) --- lib/msun/src/s_fma.c | 6 +++--- lib/msun/src/s_fmal.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/msun/src/s_fma.c b/lib/msun/src/s_fma.c index 16902d321290..6c889a6a46ca 100644 --- a/lib/msun/src/s_fma.c +++ b/lib/msun/src/s_fma.c @@ -222,17 +222,17 @@ fma(double x, double y, double z) case FE_TONEAREST: return (z); case FE_TOWARDZERO: - if (x > 0.0 ^ y < 0.0 ^ z < 0.0) + if ((x > 0.0) ^ (y < 0.0) ^ (z < 0.0)) return (z); else return (nextafter(z, 0)); case FE_DOWNWARD: - if (x > 0.0 ^ y < 0.0) + if ((x > 0.0) ^ (y < 0.0)) return (z); else return (nextafter(z, -INFINITY)); default: /* FE_UPWARD */ - if (x > 0.0 ^ y < 0.0) + if ((x > 0.0) ^ (y < 0.0)) return (nextafter(z, INFINITY)); else return (z); diff --git a/lib/msun/src/s_fmal.c b/lib/msun/src/s_fmal.c index 9d08bc72e12e..80c835d09c2b 100644 --- a/lib/msun/src/s_fmal.c +++ b/lib/msun/src/s_fmal.c @@ -203,17 +203,17 @@ fmal(long double x, long double y, long double z) case FE_TONEAREST: return (z); case FE_TOWARDZERO: - if (x > 0.0 ^ y < 0.0 ^ z < 0.0) + if ((x > 0.0) ^ (y < 0.0) ^ (z < 0.0)) return (z); else return (nextafterl(z, 0)); case FE_DOWNWARD: - if (x > 0.0 ^ y < 0.0) + if ((x > 0.0) ^ (y < 0.0)) return (z); else return (nextafterl(z, -INFINITY)); default: /* FE_UPWARD */ - if (x > 0.0 ^ y < 0.0) + if ((x > 0.0) ^ (y < 0.0)) return (nextafterl(z, INFINITY)); else return (z); From nobody Tue Aug 6 21:10:12 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdmD51gsjz5Sfvj; Tue, 06 Aug 2024 21:10:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdmD518hRz4X6H; Tue, 6 Aug 2024 21:10:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722978613; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pHAjSCohOTCDt7rJRT/zLmKNsHdwfq4eZ4o9oDEXn7M=; b=EXUeyZSGX72aS+oLMWJob3JHBQshbXocOnpWSFXXXXeluhlKqvnzu/wiVVyjqg8z0kKlek mvMFnLsY5AEhzl8o1pbY7IlyBbxLUKHV/j/O3YkokyOgGMlizm3WkA6L1NZJWDGAzv2eWl AezV7K4q5QnbV8JPthQHUiPrMqLxYl1VcN+Yl9YwG49FnlcBQF7q/q65GqLpqNRRcETfO1 wQtoKAf5eFPyaB8sivHuAoxZoZm9rHiKclEA4LQZAfb8SsgEFUeJeMmgxmk3udBkjNS23X 60YyQi6ZQq8kqsitdfPMB6v6AwmkPplME+14/kCbnZpsiXX5wOzUeCUPi3xScw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722978613; a=rsa-sha256; cv=none; b=uP4qfvmq0rqDbG749FOVdP2mbeLsRmkI1s4TRLL+Kokdhlu6uEOQRBjAVNJtEHwXWk7+eP NImqAOtag7cQWSwfezZomo/pZtebfULtA245AtQaauieW+8rVlyGQhcQR1IL8s31v8oAPE n6XekrHggOgC+6RWriaD4mj5vWTBZKs+CHQpjdWGRwNzNSSfyZp//VB4mULzRg4s8PX/pJ 5XGq8rWMwFpEOStO6e6f1SV8baTgDXNqvFDEnbqoi05lh0rnzSgJ04ju64WBBTXRTntsLq TTtTm6pQK2mZte/Sfv3s4Y25e8erPW+CpeSrpYOpN/X0Ks+ADV97FYSdjkb1iQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722978613; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pHAjSCohOTCDt7rJRT/zLmKNsHdwfq4eZ4o9oDEXn7M=; b=XIFw/jUeOI04s/EhyrIfuZI0tkZpDt4IXoUoDmskCAkSjamA8LSI/lidg4oLspDiktrBUo VF5/Uyvyo4rEDfT3xxaF71XbiDQ7IBw38HIJ3Wf/0OivsyCQDrUCB1/U+Igi5651D+45Xz v8IeH3BD0G4O/o6kPMs0ujRvbYwHTaiTWIo3TZYEq1lB3s7StHTvNZROekzbhogB25Eh7y HlrhXG17VDyqAoNm2pjhm9YL+FyL8Yd3IEhB7fSY4Gaf2n64Ox6xqHvgiWfRyBOjjpHpGM jluNcwOEAQaMO/n+/VsyVojkjQaHQ4p4Ywt+di10lKL7Ys+XyZmAV9CBrkcrFQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdmD50lyPzMYm; Tue, 6 Aug 2024 21:10:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476LADwq040102; Tue, 6 Aug 2024 21:10:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476LACcE040093; Tue, 6 Aug 2024 21:10:12 GMT (envelope-from git) Date: Tue, 6 Aug 2024 21:10:12 GMT Message-Id: <202408062110.476LACcE040093@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: ed4fbdda588d - stable/14 - tools/build/make.py: Minor typo fix List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ed4fbdda588d711d9dc5cb318f01dffa7b0c58b2 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=ed4fbdda588d711d9dc5cb318f01dffa7b0c58b2 commit ed4fbdda588d711d9dc5cb318f01dffa7b0c58b2 Author: Jose Luis Duran AuthorDate: 2024-07-25 04:32:33 +0000 Commit: Ed Maste CommitDate: 2024-08-06 19:39:52 +0000 tools/build/make.py: Minor typo fix If the object directory prefix does not exist, make.py previously exited with a message indicating that the chosen prefix does not exit. Reviewed by: emaste Pull request: https://github.com/freebsd/freebsd-src/pull/1348 (cherry picked from commit d55de30efd09ee011bf4604be1c15ce4155775c1) --- tools/build/make.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/build/make.py b/tools/build/make.py index 5c483e8b45be..5ac99ddb2ee5 100755 --- a/tools/build/make.py +++ b/tools/build/make.py @@ -242,7 +242,7 @@ if __name__ == "__main__": sys.exit("MAKEOBJDIRPREFIX is not set, cannot continue!") if not Path(MAKEOBJDIRPREFIX).is_dir(): sys.exit( - "Chosen MAKEOBJDIRPREFIX=" + MAKEOBJDIRPREFIX + " doesn't exit!") + "Chosen MAKEOBJDIRPREFIX=" + MAKEOBJDIRPREFIX + " doesn't exist!") objdir_prefix = Path(MAKEOBJDIRPREFIX).absolute() source_root = Path(__file__).absolute().parent.parent.parent From nobody Tue Aug 6 21:22:04 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdmTm3X0qz5Sgcc; Tue, 06 Aug 2024 21:22:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdmTm339hz4Y5b; Tue, 6 Aug 2024 21:22:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979324; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vpCLzBFgeQc9vOUB+cm5C4dcDYh40rUEqzXhzdkKPBI=; b=ZKptIIpWoGD9tziJVisnWN/y0Hl+LTatRVtib/Iypr/7FCkJa9kAdqIsordmodg9I1cn3p qJGsCO9KcmKiCfiTndRjVF9ccryZYZOnSywXAyKu82jh59lNcOE1PwjIuIT8Fe++1cfGww Pn5cFMI8FJFCqeD2iy4Q0oQEgmseNU4EaPMWjbE6mM6xb9UirxXYYDGrhE/Use/oOjTJVj L5Mf451TxbLR1s0JRYrRMbZiYtl8nhF6rDtGUBc/jzkQs72JZUmoJ/XYp41+lFAE6Ki+s/ aAAV5KuwKfoCMSzTZ0YNbuX2w3URHvSH3XhjbtMuA+q5LcitT1f5rV6Mmd9bqA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722979324; a=rsa-sha256; cv=none; b=TfBGc6gxVV0060H5r/MU3Mcbv5uxgbMW5dQ0sxQTi+FzZ9wp3T3DSviFXoPV9UxqCrbqw+ IBHugi29exmXk5jQPEteDI97J40un3VQY/uKFbIENbtvMEdIwPdYgS3WPc07wB2hZaTPTU eSvyXkz6m/hULVn5KA9GIa5YQR7mAJuBNVZQxi/P0Xm2Dg/TL7vPrI2yXxXwgdJCyMZhrk D0dCSeLBRxbG2+RCzqYVHZo+lTWHNvPbM7Lwk63yZ4HbcMJTjR4iyd+wtnaBXhL6x1hVXn oLy5RVsHZOdZ7+Jzwnmre2rfgGt7MzLJhjBuzCBfItclO4AtNgxzPGj/W973nw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979324; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vpCLzBFgeQc9vOUB+cm5C4dcDYh40rUEqzXhzdkKPBI=; b=bhxRdvYRrIdqA4pTb5WfoxN8vS51bj0JHtRFdgzMga8Ck4aRKYg0jy1iE+2gvxR9TBbzkD SjJIWb/Pvtfqy6FQIWADwpEWKL1+dCmDifYwwZZY0StQqCQuisLEPJkRY8ETHlQbdFob// iLfaILL+XfALfMHaTPfFvOCn6g2RdoS0Yd+NUh7qSvspf4OKGR7373SnEXCEl/+PQyyqh/ QVn/DlJvZ90YR7czjESpMmVVVnZsaFksleXh7MkIoU56OBDFne9oElo8YP28ws9upu7lEl kw0Bu1d7Qas45QTgEXJVnZ+qCeE3BwcVBPi9ZE7M6VN8duyrYcFI2GeyIeJuog== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdmTm1nDMzNGm; Tue, 6 Aug 2024 21:22:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476LM4FL064030; Tue, 6 Aug 2024 21:22:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476LM4M1064027; Tue, 6 Aug 2024 21:22:04 GMT (envelope-from git) Date: Tue, 6 Aug 2024 21:22:04 GMT Message-Id: <202408062122.476LM4M1064027@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 5daa7f5bef21 - stable/14 - depend-cleanup: remove entries from 2020 and 2021 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5daa7f5bef2162889b0eb43bcd4adf0cfa74a2f0 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=5daa7f5bef2162889b0eb43bcd4adf0cfa74a2f0 commit 5daa7f5bef2162889b0eb43bcd4adf0cfa74a2f0 Author: Ed Maste AuthorDate: 2024-07-29 17:06:48 +0000 Commit: Ed Maste CommitDate: 2024-08-06 19:39:52 +0000 depend-cleanup: remove entries from 2020 and 2021 > These tests increase the build time (albeit by a small amount), so > they should be removed once enough time has passed and it is extremely > unlikely anyone would try a NO_CLEAN build against an object tree from > before the related change. The comment suggests a year is a reasonable period but we'll be somewhat more conservative for now, in part so that we retain different examples of special cases. Reviewed by: brooks, imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46178 (cherry picked from commit 4a06d149371c16287e1dd5a8fa51e92346a0c3f4) --- tools/build/depend-cleanup.sh | 51 ------------------------------------------- 1 file changed, 51 deletions(-) diff --git a/tools/build/depend-cleanup.sh b/tools/build/depend-cleanup.sh index bed654cfb4bb..2627b19d4607 100755 --- a/tools/build/depend-cleanup.sh +++ b/tools/build/depend-cleanup.sh @@ -103,57 +103,6 @@ clean_dep() } # Date Rev Description -# 20200310 r358851 rename of openmp's ittnotify_static.c to .cpp -clean_dep lib/libomp ittnotify_static c -# 20200414 r359930 closefrom -clean_dep lib/libc closefrom S - -# 20200826 r364746 OpenZFS merge, apply a big hammer (remove whole tree) -if [ -e "$OBJTOP"/cddl/lib/libzfs/.depend.libzfs_changelist.o ] && \ - egrep -qw "cddl/contrib/opensolaris/lib/libzfs/common/libzfs_changelist.c" \ - "$OBJTOP"/cddl/lib/libzfs/.depend.libzfs_changelist.o; then - echo "Removing old ZFS tree" - for libcompat in "" $ALL_libcompats; do - dirprfx=${libcompat:+obj-lib${libcompat}/} - run rm -rf "$OBJTOP"/${dirprfx}cddl - done -fi - -# 20200916 WARNS bumped, need bootstrapped crunchgen stubs -if [ -e "$OBJTOP"/rescue/rescue/rescue.c ] && \ - ! grep -q 'crunched_stub_t' "$OBJTOP"/rescue/rescue/rescue.c; then - echo "Removing old rescue(8) tree" - run rm -rf "$OBJTOP"/rescue/rescue -fi - -# 20210105 fda7daf06301 pfctl gained its own version of pf_ruleset.c -if [ -e "$OBJTOP"/sbin/pfctl/.depend.pf_ruleset.o ] && \ - egrep -qw "sys/netpfil/pf/pf_ruleset.c" \ - "$OBJTOP"/sbin/pfctl/.depend.pf_ruleset.o; then - echo "Removing old pf_ruleset dependecy file" - run rm -rf "$OBJTOP"/sbin/pfctl/.depend.pf_ruleset.o -fi - -# 20210108 821aa63a0940 non-widechar version of ncurses removed -if [ -e "$OBJTOP"/lib/ncurses/ncursesw ]; then - echo "Removing stale ncurses objects" - for libcompat in "" $ALL_libcompats; do - dirprfx=${libcompat:+obj-lib${libcompat}/} - run rm -rf "$OBJTOP"/${dirprfx}lib/ncurses - done -fi - -# 20210608 f20893853e8e move from atomic.S to atomic.c -clean_dep cddl/lib/libspl atomic S -# 20211207 cbdec8db18b5 switch to libthr-friendly pdfork -clean_dep lib/libc pdfork S - -# 20211230 5e6a2d6eb220 libc++.so.1 path changed in ldscript -if [ -e "$OBJTOP"/lib/libc++/libc++.ld ] && \ - fgrep -q "/usr/lib/libc++.so" "$OBJTOP"/lib/libc++/libc++.ld; then - echo "Removing old libc++ linker script" - run rm -f "$OBJTOP"/lib/libc++/libc++.ld -fi # 20220326 fbc002cb72d2 move from bcmp.c to bcmp.S if [ "$MACHINE_ARCH" = "amd64" ]; then From nobody Tue Aug 6 21:22:51 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdmVg3ckjz5Sgw6; Tue, 06 Aug 2024 21:22:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdmVg3JxHz4YTJ; Tue, 6 Aug 2024 21:22:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979371; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ozf+hvAiGkp8ZzSDF4z01nQ1HlKPw5TQf4ll0gzVD7o=; b=AFQi2YF4s155GmHd/4/qhB6r3g8832MdZSmmNrC4fUz1y0XBATReSb7VM9DcFBISABpTxU Nc4k+tDGYFj7KCTg5PFZHPlW3xKIj0KoY4y4KDuhlHugV3gAsLYyU9lFxdEqWIIHBfAAqu 1c9ZUiexNmMzRH5KrT8spjE5yac13x6Rt7cUw95ufWqKnPrCaIaNdn3nwlFJHJxZvhot4x tlPiXCEvWJGRS/0zmZoV+Fu2ZF2Cgm9EDscO0e1LHP8Zvc69eu8ovX8WFI0YFgC24NjrMJ ztA2HsiUKgAB7t20VsIt8QklzdrMG+JwbwHq+sRC/gAmzD37DXns4GInVhlN3g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722979371; a=rsa-sha256; cv=none; b=xCv3qR4PVJ+EWhicjW7NFgpWXFVs0AKQh7rSXPw/mVw15AybUka77BFxO29zOub76xveiW qeV2x0PWeO3LQ6id3WC0BCDbkOnTnKCltk0UJu9K7unRto3iXfGdKw6FdJZVREYoTjhlJp HMRO1pmcDUiHLZNpwphPaCVEW0QYPQCZa77C/FQQtPPPxUgRWYKaahjBt/kPgJB8bNF+/F ENwF6syONGMs0CjdUWp3AqEVnIUZgD1I3YNOq8TWCWnzgkPy6SDyucAsj1z2JNjn47aRFn WHyUHkP9HZrSzdQPy1aqvXxzCP+elpM8ycbtncpQy2zei1CmA19ekPQ2qOKGOA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979371; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ozf+hvAiGkp8ZzSDF4z01nQ1HlKPw5TQf4ll0gzVD7o=; b=kxhKCn0E+q9pd3mYNJvFoEeyF4frEP5fFVb1KvPMEOcBfKLiwF0iw9oT2C0rdg5VMz0aXs I54cMg8cMYK36nZoGWI2riGIEMZir0wlBV4oTur3gm778vbn+CVdaXpBQS4do5sORi4tZ3 tgm0Mn62y6IBLeayAxTXrvEdVLVPMv6GIqnbD0vW+RwQxcgzh1FtfGY96wz/YR3U4h19yB Dp8HfnS/UnrV5HIJADqnd5+zVpaIKyU0Ldrd8XijJryNmaR+3yvsKRkmUahYYu0O0jgXkY gVjzbr5NOhCvavupdr1fsXEHSQjIddxjaNRkLNBJmf6fEmdEIZtGauL/aGPTcw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdmVg2vf9zNGr; Tue, 6 Aug 2024 21:22:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476LMpb6066855; Tue, 6 Aug 2024 21:22:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476LMpBs066852; Tue, 6 Aug 2024 21:22:51 GMT (envelope-from git) Date: Tue, 6 Aug 2024 21:22:51 GMT Message-Id: <202408062122.476LMpBs066852@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: f06d322e9d92 - stable/14 - Remove "All Rights Reserved" from FreeBSD Foundation copyrights List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: f06d322e9d925ab56a4aa8210a67637d4d341ab6 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=f06d322e9d925ab56a4aa8210a67637d4d341ab6 commit f06d322e9d925ab56a4aa8210a67637d4d341ab6 Author: Ed Maste AuthorDate: 2024-07-30 16:02:17 +0000 Commit: Ed Maste CommitDate: 2024-08-06 19:39:53 +0000 Remove "All Rights Reserved" from FreeBSD Foundation copyrights These ones were unambiguous cases where the Foundation was the only listed copyright holder. Sponsored by: The FreeBSD Foundation (cherry picked from commit 5c2bc3db201a4fe8d7911cf816bea104d5dc2138) --- include/xlocale.h | 1 - lib/libcasper/services/cap_dns/cap_dns.c | 1 - lib/libcasper/services/cap_dns/cap_dns.h | 1 - lib/libcasper/services/cap_dns/tests/dns_test.c | 1 - lib/libcasper/services/cap_grp/cap_grp.c | 1 - lib/libcasper/services/cap_grp/cap_grp.h | 1 - lib/libcasper/services/cap_grp/tests/grp_test.c | 1 - lib/libcasper/services/cap_pwd/cap_pwd.c | 1 - lib/libcasper/services/cap_pwd/cap_pwd.h | 1 - lib/libcasper/services/cap_pwd/tests/pwd_test.c | 1 - lib/libcasper/services/cap_sysctl/cap_sysctl.c | 1 - lib/libcasper/services/cap_sysctl/cap_sysctl.h | 1 - lib/libcasper/services/cap_sysctl/tests/sysctl_test.c | 1 - lib/libnv/common_impl.h | 1 - lib/libnv/tests/nvlist_add_test.c | 1 - lib/libnv/tests/nvlist_exists_test.c | 1 - lib/libnv/tests/nvlist_free_test.c | 1 - lib/libnv/tests/nvlist_get_test.c | 1 - lib/libnv/tests/nvlist_move_test.c | 1 - lib/libnv/tests/nvlist_send_recv_test.c | 1 - lib/libproc/proc_bkpt.c | 1 - lib/libproc/proc_regs.c | 1 - lib/libproc/proc_rtld.c | 1 - lib/librtld_db/librtld_db.3 | 1 - lib/librtld_db/rtld_db.c | 1 - lib/librtld_db/rtld_db.h | 1 - lib/libthr/plockstat.d | 1 - lib/libthr/thread/thr_malloc.c | 1 - lib/libthread_db/arch/aarch64/libpthread_md.c | 1 - libexec/ftpd/blacklist.c | 1 - libexec/ftpd/blacklist_client.h | 1 - libexec/rc/rc.d/blacklistd | 1 - libexec/rtld-elf/aarch64/reloc.c | 1 - libexec/rtld-elf/aarch64/rtld_start.S | 1 - libexec/rtld-elf/rtld_malloc.h | 1 - sbin/hastctl/hastctl.8 | 1 - sbin/hastctl/hastctl.c | 1 - sbin/hastd/activemap.c | 1 - sbin/hastd/activemap.h | 1 - sbin/hastd/control.c | 1 - sbin/hastd/control.h | 1 - sbin/hastd/ebuf.c | 1 - sbin/hastd/ebuf.h | 1 - sbin/hastd/hast_proto.h | 1 - sbin/hastd/hastd.8 | 1 - sbin/hastd/hastd.h | 1 - sbin/hastd/metadata.c | 1 - sbin/hastd/metadata.h | 1 - sbin/hastd/nv.c | 1 - sbin/hastd/nv.h | 1 - sbin/hastd/proto.c | 1 - sbin/hastd/proto.h | 1 - sbin/hastd/proto_impl.h | 1 - sbin/hastd/proto_socketpair.c | 1 - sbin/hastd/proto_uds.c | 1 - sbin/hastd/rangelock.c | 1 - sbin/hastd/rangelock.h | 1 - sbin/hastd/synch.h | 1 - share/examples/hast/ucarp.sh | 1 - share/examples/hast/ucarp_down.sh | 1 - share/examples/hast/ucarp_up.sh | 1 - share/examples/kld/khelp/h_example.c | 1 - tests/sys/fs/fusefs/unlink.cc | 1 - tests/sys/kern/kern_copyin.c | 1 - tools/regression/capsicum/syscalls/cap_fcntls_limit.c | 1 - tools/regression/capsicum/syscalls/cap_getmode.c | 1 - tools/regression/capsicum/syscalls/cap_ioctls_limit.c | 1 - tools/regression/capsicum/syscalls/misc.c | 1 - tools/regression/capsicum/syscalls/misc.h | 1 - tools/test/popss/popss.c | 1 - tools/test/vm86/vm86_test.c | 1 - tools/test/vm86/vm86_test_asm.s | 1 - tools/tools/vt/mkkfont/mkkfont.c | 1 - usr.bin/proccontrol/proccontrol.1 | 1 - usr.bin/proccontrol/proccontrol.c | 1 - 75 files changed, 75 deletions(-) diff --git a/include/xlocale.h b/include/xlocale.h index f39000d6b373..cc2fc0839593 100644 --- a/include/xlocale.h +++ b/include/xlocale.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2011, 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by David Chisnall under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_dns/cap_dns.c b/lib/libcasper/services/cap_dns/cap_dns.c index 8548715a6978..84b49e1d2081 100644 --- a/lib/libcasper/services/cap_dns/cap_dns.c +++ b/lib/libcasper/services/cap_dns/cap_dns.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2012-2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_dns/cap_dns.h b/lib/libcasper/services/cap_dns/cap_dns.h index 4bf8e3648a2d..556cac1158d2 100644 --- a/lib/libcasper/services/cap_dns/cap_dns.h +++ b/lib/libcasper/services/cap_dns/cap_dns.h @@ -1,6 +1,5 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_dns/tests/dns_test.c b/lib/libcasper/services/cap_dns/tests/dns_test.c index 3786414053ad..fda2dcf44062 100644 --- a/lib/libcasper/services/cap_dns/tests/dns_test.c +++ b/lib/libcasper/services/cap_dns/tests/dns_test.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_grp/cap_grp.c b/lib/libcasper/services/cap_grp/cap_grp.c index 6a5ad84fcd22..025ce00adf56 100644 --- a/lib/libcasper/services/cap_grp/cap_grp.c +++ b/lib/libcasper/services/cap_grp/cap_grp.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_grp/cap_grp.h b/lib/libcasper/services/cap_grp/cap_grp.h index a478a91cf760..9be2e7a78dd5 100644 --- a/lib/libcasper/services/cap_grp/cap_grp.h +++ b/lib/libcasper/services/cap_grp/cap_grp.h @@ -1,6 +1,5 @@ /*- * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_grp/tests/grp_test.c b/lib/libcasper/services/cap_grp/tests/grp_test.c index c120c61e0cf1..18c11746d3a4 100644 --- a/lib/libcasper/services/cap_grp/tests/grp_test.c +++ b/lib/libcasper/services/cap_grp/tests/grp_test.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_pwd/cap_pwd.c b/lib/libcasper/services/cap_pwd/cap_pwd.c index 263bc4cfd582..6550c35d1592 100644 --- a/lib/libcasper/services/cap_pwd/cap_pwd.c +++ b/lib/libcasper/services/cap_pwd/cap_pwd.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_pwd/cap_pwd.h b/lib/libcasper/services/cap_pwd/cap_pwd.h index 35e0e177bc62..496beea26392 100644 --- a/lib/libcasper/services/cap_pwd/cap_pwd.h +++ b/lib/libcasper/services/cap_pwd/cap_pwd.h @@ -1,6 +1,5 @@ /*- * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_pwd/tests/pwd_test.c b/lib/libcasper/services/cap_pwd/tests/pwd_test.c index e56c037536e2..20c76102847a 100644 --- a/lib/libcasper/services/cap_pwd/tests/pwd_test.c +++ b/lib/libcasper/services/cap_pwd/tests/pwd_test.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_sysctl/cap_sysctl.c b/lib/libcasper/services/cap_sysctl/cap_sysctl.c index 7d7f280fd00b..25793bd3c41d 100644 --- a/lib/libcasper/services/cap_sysctl/cap_sysctl.c +++ b/lib/libcasper/services/cap_sysctl/cap_sysctl.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2013, 2018 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_sysctl/cap_sysctl.h b/lib/libcasper/services/cap_sysctl/cap_sysctl.h index fd7d051f21c8..51243128a683 100644 --- a/lib/libcasper/services/cap_sysctl/cap_sysctl.h +++ b/lib/libcasper/services/cap_sysctl/cap_sysctl.h @@ -1,6 +1,5 @@ /*- * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c b/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c index 2e5ec83e1c82..41c49bdbeba2 100644 --- a/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c +++ b/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2013, 2018 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libnv/common_impl.h b/lib/libnv/common_impl.h index 03de9749aaf6..27af1710540a 100644 --- a/lib/libnv/common_impl.h +++ b/lib/libnv/common_impl.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libnv/tests/nvlist_add_test.c b/lib/libnv/tests/nvlist_add_test.c index 4478efadf4e0..28f2b6f45446 100644 --- a/lib/libnv/tests/nvlist_add_test.c +++ b/lib/libnv/tests/nvlist_add_test.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libnv/tests/nvlist_exists_test.c b/lib/libnv/tests/nvlist_exists_test.c index 7450256ab760..808692feb85b 100644 --- a/lib/libnv/tests/nvlist_exists_test.c +++ b/lib/libnv/tests/nvlist_exists_test.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libnv/tests/nvlist_free_test.c b/lib/libnv/tests/nvlist_free_test.c index c715aef6657b..bb5eeaf7d04c 100644 --- a/lib/libnv/tests/nvlist_free_test.c +++ b/lib/libnv/tests/nvlist_free_test.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libnv/tests/nvlist_get_test.c b/lib/libnv/tests/nvlist_get_test.c index d6e4a9b4d65a..f06be569c90d 100644 --- a/lib/libnv/tests/nvlist_get_test.c +++ b/lib/libnv/tests/nvlist_get_test.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libnv/tests/nvlist_move_test.c b/lib/libnv/tests/nvlist_move_test.c index 3c99f4582c5e..2ef7ca4de384 100644 --- a/lib/libnv/tests/nvlist_move_test.c +++ b/lib/libnv/tests/nvlist_move_test.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libnv/tests/nvlist_send_recv_test.c b/lib/libnv/tests/nvlist_send_recv_test.c index 25edaa5c3c10..5d4f392ed49c 100644 --- a/lib/libnv/tests/nvlist_send_recv_test.c +++ b/lib/libnv/tests/nvlist_send_recv_test.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/lib/libproc/proc_bkpt.c b/lib/libproc/proc_bkpt.c index 25ff3a86291d..d7b1a58019a5 100644 --- a/lib/libproc/proc_bkpt.c +++ b/lib/libproc/proc_bkpt.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Rui Paulo under sponsorship from the * FreeBSD Foundation. diff --git a/lib/libproc/proc_regs.c b/lib/libproc/proc_regs.c index 492fbf712ef5..bd991630ad07 100644 --- a/lib/libproc/proc_regs.c +++ b/lib/libproc/proc_regs.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Rui Paulo under sponsorship from the * FreeBSD Foundation. diff --git a/lib/libproc/proc_rtld.c b/lib/libproc/proc_rtld.c index db17c2b02b95..1d6fc732933a 100644 --- a/lib/libproc/proc_rtld.c +++ b/lib/libproc/proc_rtld.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Rui Paulo under sponsorship from the * FreeBSD Foundation. diff --git a/lib/librtld_db/librtld_db.3 b/lib/librtld_db/librtld_db.3 index 041cc2cfa67b..07e1b67c096b 100644 --- a/lib/librtld_db/librtld_db.3 +++ b/lib/librtld_db/librtld_db.3 @@ -1,6 +1,5 @@ .\"- .\" Copyright (c) 2010 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Rui Paulo under sponsorship from .\" the FreeBSD Foundation. diff --git a/lib/librtld_db/rtld_db.c b/lib/librtld_db/rtld_db.c index 2546f572780d..5d88089289bf 100644 --- a/lib/librtld_db/rtld_db.c +++ b/lib/librtld_db/rtld_db.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Rui Paulo under sponsorship from the * FreeBSD Foundation. diff --git a/lib/librtld_db/rtld_db.h b/lib/librtld_db/rtld_db.h index 24dc18a9a0ba..41aa7409fbf3 100644 --- a/lib/librtld_db/rtld_db.h +++ b/lib/librtld_db/rtld_db.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Rui Paulo under sponsorship from the * FreeBSD Foundation. diff --git a/lib/libthr/plockstat.d b/lib/libthr/plockstat.d index de620d893651..39d8946f33d3 100644 --- a/lib/libthr/plockstat.d +++ b/lib/libthr/plockstat.d @@ -1,6 +1,5 @@ /* * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Rui Paulo under sponsorship from the * FreeBSD Foundation. diff --git a/lib/libthr/thread/thr_malloc.c b/lib/libthr/thread/thr_malloc.c index d60fbc1b1fe8..dbc9e39e3c28 100644 --- a/lib/libthr/thread/thr_malloc.c +++ b/lib/libthr/thread/thr_malloc.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2019 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Konstantin Belousov * under sponsorship from the FreeBSD Foundation. diff --git a/lib/libthread_db/arch/aarch64/libpthread_md.c b/lib/libthread_db/arch/aarch64/libpthread_md.c index 17f8345e596b..93c7330baa1a 100644 --- a/lib/libthread_db/arch/aarch64/libpthread_md.c +++ b/lib/libthread_db/arch/aarch64/libpthread_md.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2014-2015 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Andrew Turner under * sponsorship from the FreeBSD Foundation. diff --git a/libexec/ftpd/blacklist.c b/libexec/ftpd/blacklist.c index e8954f11bbe7..0a45f9369074 100644 --- a/libexec/ftpd/blacklist.c +++ b/libexec/ftpd/blacklist.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2016 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Kurt Lidl under sponsorship from the * FreeBSD Foundation. diff --git a/libexec/ftpd/blacklist_client.h b/libexec/ftpd/blacklist_client.h index 94ecc66c17ce..0b6805dc218e 100644 --- a/libexec/ftpd/blacklist_client.h +++ b/libexec/ftpd/blacklist_client.h @@ -1,6 +1,5 @@ /*- * Copyright (c) 2016 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Kurt Lidl under sponsorship from the * FreeBSD Foundation. diff --git a/libexec/rc/rc.d/blacklistd b/libexec/rc/rc.d/blacklistd index b58c7c8a76b6..44a97ad4b3b0 100755 --- a/libexec/rc/rc.d/blacklistd +++ b/libexec/rc/rc.d/blacklistd @@ -1,7 +1,6 @@ #!/bin/sh # # Copyright (c) 2016 The FreeBSD Foundation -# All rights reserved. # # This software was developed by Kurt Lidl under sponsorship from the # FreeBSD Foundation. diff --git a/libexec/rtld-elf/aarch64/reloc.c b/libexec/rtld-elf/aarch64/reloc.c index 907377f2619a..828686af8b98 100644 --- a/libexec/rtld-elf/aarch64/reloc.c +++ b/libexec/rtld-elf/aarch64/reloc.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2014-2015 The FreeBSD Foundation - * All rights reserved. * * Portions of this software were developed by Andrew Turner * under sponsorship from the FreeBSD Foundation. diff --git a/libexec/rtld-elf/aarch64/rtld_start.S b/libexec/rtld-elf/aarch64/rtld_start.S index 8de3e021d567..53a7463e2634 100644 --- a/libexec/rtld-elf/aarch64/rtld_start.S +++ b/libexec/rtld-elf/aarch64/rtld_start.S @@ -1,6 +1,5 @@ /*- * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Andrew Turner under * sponsorship from the FreeBSD Foundation. diff --git a/libexec/rtld-elf/rtld_malloc.h b/libexec/rtld-elf/rtld_malloc.h index 247726b9f470..408cdc84d45e 100644 --- a/libexec/rtld-elf/rtld_malloc.h +++ b/libexec/rtld-elf/rtld_malloc.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2019 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Konstantin Belousov * under sponsorship from the FreeBSD Foundation. diff --git a/sbin/hastctl/hastctl.8 b/sbin/hastctl/hastctl.8 index a0a1e1f22634..f696858a8071 100644 --- a/sbin/hastctl/hastctl.8 +++ b/sbin/hastctl/hastctl.8 @@ -1,5 +1,4 @@ .\" Copyright (c) 2010 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Pawel Jakub Dawidek under sponsorship from .\" the FreeBSD Foundation. diff --git a/sbin/hastctl/hastctl.c b/sbin/hastctl/hastctl.c index ab2d618c698c..3375723b40fd 100644 --- a/sbin/hastctl/hastctl.c +++ b/sbin/hastctl/hastctl.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/activemap.c b/sbin/hastd/activemap.c index f5e3c60fd0a0..58fad137e5ae 100644 --- a/sbin/hastd/activemap.c +++ b/sbin/hastd/activemap.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/activemap.h b/sbin/hastd/activemap.h index a1dbf70e51af..ff598f841909 100644 --- a/sbin/hastd/activemap.h +++ b/sbin/hastd/activemap.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/control.c b/sbin/hastd/control.c index f6f937d3b180..48171fde9053 100644 --- a/sbin/hastd/control.c +++ b/sbin/hastd/control.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/control.h b/sbin/hastd/control.h index 4e16334dc824..ad7fb7978597 100644 --- a/sbin/hastd/control.h +++ b/sbin/hastd/control.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/ebuf.c b/sbin/hastd/ebuf.c index 522e4e821b11..8f58493270af 100644 --- a/sbin/hastd/ebuf.c +++ b/sbin/hastd/ebuf.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/ebuf.h b/sbin/hastd/ebuf.h index a79821735539..a4a2b30f4cb4 100644 --- a/sbin/hastd/ebuf.h +++ b/sbin/hastd/ebuf.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/hast_proto.h b/sbin/hastd/hast_proto.h index ab0a46494b45..0158aa4ccee6 100644 --- a/sbin/hastd/hast_proto.h +++ b/sbin/hastd/hast_proto.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/hastd.8 b/sbin/hastd/hastd.8 index fefd03f7dbe0..05a2d9b5e4e9 100644 --- a/sbin/hastd/hastd.8 +++ b/sbin/hastd/hastd.8 @@ -1,5 +1,4 @@ .\" Copyright (c) 2010 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Pawel Jakub Dawidek under sponsorship from .\" the FreeBSD Foundation. diff --git a/sbin/hastd/hastd.h b/sbin/hastd/hastd.h index 15ad243adf7c..a54ef316f37a 100644 --- a/sbin/hastd/hastd.h +++ b/sbin/hastd/hastd.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/metadata.c b/sbin/hastd/metadata.c index 2f9cbc5e0971..5318d9f6aee5 100644 --- a/sbin/hastd/metadata.c +++ b/sbin/hastd/metadata.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/metadata.h b/sbin/hastd/metadata.h index b5215c1a85c9..6d8c593f0a46 100644 --- a/sbin/hastd/metadata.h +++ b/sbin/hastd/metadata.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/nv.c b/sbin/hastd/nv.c index 5f50ae349023..fd6b56c1148d 100644 --- a/sbin/hastd/nv.c +++ b/sbin/hastd/nv.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/nv.h b/sbin/hastd/nv.h index d1214f2b29ec..657a66fe38eb 100644 --- a/sbin/hastd/nv.h +++ b/sbin/hastd/nv.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/proto.c b/sbin/hastd/proto.c index 56ff4933c9b8..35f73bb8d0bf 100644 --- a/sbin/hastd/proto.c +++ b/sbin/hastd/proto.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/proto.h b/sbin/hastd/proto.h index a7cecbe67479..729daa518d9d 100644 --- a/sbin/hastd/proto.h +++ b/sbin/hastd/proto.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/proto_impl.h b/sbin/hastd/proto_impl.h index 4f84f90c6f23..0a0074545f38 100644 --- a/sbin/hastd/proto_impl.h +++ b/sbin/hastd/proto_impl.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/proto_socketpair.c b/sbin/hastd/proto_socketpair.c index ab30a6a27263..9608eb13afff 100644 --- a/sbin/hastd/proto_socketpair.c +++ b/sbin/hastd/proto_socketpair.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/proto_uds.c b/sbin/hastd/proto_uds.c index 5bf4c64fe5f6..acb61a360180 100644 --- a/sbin/hastd/proto_uds.c +++ b/sbin/hastd/proto_uds.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/rangelock.c b/sbin/hastd/rangelock.c index 33aee39651a4..26025d1169ac 100644 --- a/sbin/hastd/rangelock.c +++ b/sbin/hastd/rangelock.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/rangelock.h b/sbin/hastd/rangelock.h index d01dbd755b40..4847887b6b7a 100644 --- a/sbin/hastd/rangelock.h +++ b/sbin/hastd/rangelock.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/sbin/hastd/synch.h b/sbin/hastd/synch.h index 9e03fcb8ca74..32463f836bd0 100644 --- a/sbin/hastd/synch.h +++ b/sbin/hastd/synch.h @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2009-2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/share/examples/hast/ucarp.sh b/share/examples/hast/ucarp.sh index 73253a295f53..67c7aecea44f 100755 --- a/share/examples/hast/ucarp.sh +++ b/share/examples/hast/ucarp.sh @@ -3,7 +3,6 @@ # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2010 The FreeBSD Foundation -# All rights reserved. # # This software was developed by Pawel Jakub Dawidek under sponsorship from # the FreeBSD Foundation. diff --git a/share/examples/hast/ucarp_down.sh b/share/examples/hast/ucarp_down.sh index 133d35c59d5b..df78de156b1e 100755 --- a/share/examples/hast/ucarp_down.sh +++ b/share/examples/hast/ucarp_down.sh @@ -3,7 +3,6 @@ # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2010 The FreeBSD Foundation -# All rights reserved. # # This software was developed by Pawel Jakub Dawidek under sponsorship from # the FreeBSD Foundation. diff --git a/share/examples/hast/ucarp_up.sh b/share/examples/hast/ucarp_up.sh index 9f22b4205909..62dee23c12c7 100755 --- a/share/examples/hast/ucarp_up.sh +++ b/share/examples/hast/ucarp_up.sh @@ -3,7 +3,6 @@ # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2010 The FreeBSD Foundation -# All rights reserved. # # This software was developed by Pawel Jakub Dawidek under sponsorship from # the FreeBSD Foundation. diff --git a/share/examples/kld/khelp/h_example.c b/share/examples/kld/khelp/h_example.c index 5bca2b36af50..431ed5a090b4 100644 --- a/share/examples/kld/khelp/h_example.c +++ b/share/examples/kld/khelp/h_example.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2010-2011 The FreeBSD Foundation - * All rights reserved. * * This software was developed at the Centre for Advanced Internet * Architectures, Swinburne University of Technology, Melbourne, Australia by diff --git a/tests/sys/fs/fusefs/unlink.cc b/tests/sys/fs/fusefs/unlink.cc index db54e286d85d..1d8a371649ee 100644 --- a/tests/sys/fs/fusefs/unlink.cc +++ b/tests/sys/fs/fusefs/unlink.cc @@ -1,6 +1,5 @@ /*- * Copyright (c) 2019 The FreeBSD Foundation - * All rights reserved. * * This software was developed by BFF Storage Systems, LLC under sponsorship * from the FreeBSD Foundation. diff --git a/tests/sys/kern/kern_copyin.c b/tests/sys/kern/kern_copyin.c index 25c9eda96541..a7da6c03f226 100644 --- a/tests/sys/kern/kern_copyin.c +++ b/tests/sys/kern/kern_copyin.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2015, 2020 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Konstantin Belousov * under sponsorship from the FreeBSD Foundation. diff --git a/tools/regression/capsicum/syscalls/cap_fcntls_limit.c b/tools/regression/capsicum/syscalls/cap_fcntls_limit.c index 55627579963b..48b7968b959e 100644 --- a/tools/regression/capsicum/syscalls/cap_fcntls_limit.c +++ b/tools/regression/capsicum/syscalls/cap_fcntls_limit.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/tools/regression/capsicum/syscalls/cap_getmode.c b/tools/regression/capsicum/syscalls/cap_getmode.c index a2584895b179..3818e7b32caf 100644 --- a/tools/regression/capsicum/syscalls/cap_getmode.c +++ b/tools/regression/capsicum/syscalls/cap_getmode.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/tools/regression/capsicum/syscalls/cap_ioctls_limit.c b/tools/regression/capsicum/syscalls/cap_ioctls_limit.c index b0d392c8f0c0..01bc60a71514 100644 --- a/tools/regression/capsicum/syscalls/cap_ioctls_limit.c +++ b/tools/regression/capsicum/syscalls/cap_ioctls_limit.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/tools/regression/capsicum/syscalls/misc.c b/tools/regression/capsicum/syscalls/misc.c index 914c606ac904..c88f2f625c97 100644 --- a/tools/regression/capsicum/syscalls/misc.c +++ b/tools/regression/capsicum/syscalls/misc.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/tools/regression/capsicum/syscalls/misc.h b/tools/regression/capsicum/syscalls/misc.h index 842500aff14d..22a0ab8094db 100644 --- a/tools/regression/capsicum/syscalls/misc.h +++ b/tools/regression/capsicum/syscalls/misc.h @@ -1,6 +1,5 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. diff --git a/tools/test/popss/popss.c b/tools/test/popss/popss.c index 004ccb29c546..bb66f050beb1 100644 --- a/tools/test/popss/popss.c +++ b/tools/test/popss/popss.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2018 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Konstantin Belousov * under sponsorship from the FreeBSD Foundation. diff --git a/tools/test/vm86/vm86_test.c b/tools/test/vm86/vm86_test.c index 1057fc5c83d6..cbdb2c68a6df 100644 --- a/tools/test/vm86/vm86_test.c +++ b/tools/test/vm86/vm86_test.c @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2018 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Konstantin Belousov * under sponsorship from the FreeBSD Foundation. diff --git a/tools/test/vm86/vm86_test_asm.s b/tools/test/vm86/vm86_test_asm.s index 22e5cf70b7f7..0d76d2e77b1e 100644 --- a/tools/test/vm86/vm86_test_asm.s +++ b/tools/test/vm86/vm86_test_asm.s @@ -2,7 +2,6 @@ * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2018 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Konstantin Belousov * under sponsorship from the FreeBSD Foundation. diff --git a/tools/tools/vt/mkkfont/mkkfont.c b/tools/tools/vt/mkkfont/mkkfont.c index 3f92f926c029..ec4675cfcf1b 100644 --- a/tools/tools/vt/mkkfont/mkkfont.c +++ b/tools/tools/vt/mkkfont/mkkfont.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2009 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Ed Schouten under sponsorship from the * FreeBSD Foundation. diff --git a/usr.bin/proccontrol/proccontrol.1 b/usr.bin/proccontrol/proccontrol.1 index 5cb5d584f480..7ab917e4a61f 100644 --- a/usr.bin/proccontrol/proccontrol.1 +++ b/usr.bin/proccontrol/proccontrol.1 @@ -1,5 +1,4 @@ .\" Copyright (c) 2019 The FreeBSD Foundation, Inc. -.\" All rights reserved. .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/usr.bin/proccontrol/proccontrol.c b/usr.bin/proccontrol/proccontrol.c index 5b48ef2916f8..4b7543d63793 100644 --- a/usr.bin/proccontrol/proccontrol.c +++ b/usr.bin/proccontrol/proccontrol.c @@ -1,6 +1,5 @@ /*- * Copyright (c) 2016 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Konstantin Belousov * under sponsorship from the FreeBSD Foundation. From nobody Tue Aug 6 21:25:52 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdmZ90BNLz5ShHK; Tue, 06 Aug 2024 21:25:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdmZ86cGMz4Z5X; Tue, 6 Aug 2024 21:25:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979552; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P0/1fciIm4qWJIcJE36xW1dpYkkmmmzbqIGZF7+9MqY=; b=RK0DqCktDXJoNV58cTXKF1zm9itXtJR7ME5c3ueMmcSUOan7aUyHe0knTQ0w75Sh8cWuQ5 jKBG2ucL7UJbbe6AeR0rkQyj7fYvMx5+ScjBw+Yt2u1kjtBLVfkZG4cg6QhxEABQ6qAoF/ WfTGE6MXzY5KbUf5LvRfxXhmLVx0KTbIrYtgUOTcub+e4E8vkbHNf8Uxp3o7t7XG0ZgLqQ /r+DwJW1V5+Nd+5zVaL+9IlVGkVd9fgs5UOdlEwzNE3MRf4rdnxW4KTd54y3/LPM9c0KMC keT8j65fz2Vs4CEcjodxAOcEMWqAq+FMDKEYeb4xhIGO51c2/8DfsVajcICmag== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722979552; a=rsa-sha256; cv=none; b=rPT0sOWIFNO1hozuKKb9Jm5M1NTzexI0JjRU5KvMV3vIkDla2if43B18OVVI627zSAZ7tN G6HZU4osn0uN4QX7wqVx+KvNVMwYedNCWPCMdotg5Hqy++fBa4/ySxRMHpb9sGKH79eFv5 3AS5qSZcR3EFTDS3eXhSkEk3L1d/5Pb2ltWgWRvFXyN1E6686XFEz0LkTJ3jUgA5t3VbL7 aNyCs6dvDTMolKxLZ7Ptv7ds908WZ4xkdwBniX/hBCdHfb2HZrgy9GrrqzR/yiXRx3k6Iu 6dTSpPl8uK1S/L62P7BexeGLGtOQll+7FCP6jNasO4S05Dn+XHGEHtkj+0or8g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979552; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P0/1fciIm4qWJIcJE36xW1dpYkkmmmzbqIGZF7+9MqY=; b=h7r3aJxipqYeshoRVXruGkBZ3nYXQENhAqFrUqXoUGlB+eh+nrmpvxzl4JqpO6KAg8P922 PKHJMrgBs86GoiKxqdlLPKff2j5y8G+NgcmhbHgSIXcC5+v+JUJozQ9s+KY5ChMlWXR52q N7awG9wGk/aDMr1BScypBGgIhNlt2HU6Nu4doGE3oCOMogxgL7B9S5qJC79d3pTBlsgFSm qW4G/u9LsR5iUTTHNdSIxZEy9Zr7LX88skUUIt9aCK72ItZ2fGt6dLGTE4cbkKwfN4ZNMw iNt0mvL7RUagaRQXmtOyh47+bJXBFc5swd94vlNUHCvU9mkBuSbez0gkFjLs+g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdmZ869G1zNGt; Tue, 6 Aug 2024 21:25:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476LPq1J067375; Tue, 6 Aug 2024 21:25:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476LPqi6067372; Tue, 6 Aug 2024 21:25:52 GMT (envelope-from git) Date: Tue, 6 Aug 2024 21:25:52 GMT Message-Id: <202408062125.476LPqi6067372@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: dc39004bc670 - stable/14 - libm: fma: correct zero sign with small inputs List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: dc39004bc670fe33ae6759816380c93a37268dd6 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=dc39004bc670fe33ae6759816380c93a37268dd6 commit dc39004bc670fe33ae6759816380c93a37268dd6 Author: Steve Kargl AuthorDate: 2024-06-16 23:41:38 +0000 Commit: Ed Maste CommitDate: 2024-08-06 21:25:10 +0000 libm: fma: correct zero sign with small inputs This is a fixed version of 888796ade284. PR: 277783 Reported by: Victor Stinner Reviewed by: emaste MFC after: 1 week (cherry picked from commit 888796ade2842486d3167067e8034254c38aadd3) (cherry picked from commit e77ad954bb825983b4346b9cc646c9c910b1be24) (cherry picked from commit 34f746cc7f8a8dd261027a8b392b76e70adc8438) --- lib/msun/src/s_fma.c | 4 ++-- lib/msun/src/s_fmal.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/msun/src/s_fma.c b/lib/msun/src/s_fma.c index 6c889a6a46ca..23a84491dd2a 100644 --- a/lib/msun/src/s_fma.c +++ b/lib/msun/src/s_fma.c @@ -260,14 +260,14 @@ fma(double x, double y, double z) spread = ex + ey; - if (r.hi == 0.0) { + if (r.hi == 0.0 && xy.lo == 0) { /* * When the addends cancel to 0, ensure that the result has * the correct sign. */ fesetround(oround); volatile double vzs = zs; /* XXX gcc CSE bug workaround */ - return (xy.hi + vzs + ldexp(xy.lo, spread)); + return (xy.hi + vzs); } if (oround != FE_TONEAREST) { diff --git a/lib/msun/src/s_fmal.c b/lib/msun/src/s_fmal.c index 80c835d09c2b..2fca20610157 100644 --- a/lib/msun/src/s_fmal.c +++ b/lib/msun/src/s_fmal.c @@ -241,14 +241,14 @@ fmal(long double x, long double y, long double z) spread = ex + ey; - if (r.hi == 0.0) { + if (r.hi == 0.0 && xy.lo == 0) { /* * When the addends cancel to 0, ensure that the result has * the correct sign. */ fesetround(oround); volatile long double vzs = zs; /* XXX gcc CSE bug workaround */ - return (xy.hi + vzs + ldexpl(xy.lo, spread)); + return (xy.hi + vzs); } if (oround != FE_TONEAREST) { From nobody Tue Aug 6 21:26:01 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdmZL0Zvcz5ShNy; Tue, 06 Aug 2024 21:26:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdmZK6Nh9z4ZHK; Tue, 6 Aug 2024 21:26:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979561; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9Btqzmr7pRrLuhGIEEQet91wzILj0q0FTIlIIUwzRqo=; b=Erc6nx9+Qrz9IguRknKHppoCTZ4zwo0Grv8O5ngdB3/FXyp8WXmfUB+gvPKVpXg+w1MrcC 1WVLLQ2SDmjc3I2I/7wbenvB67Uzd8mkzBGxW4yg2B58p7iAlsVAEqQukNXmR2DftXMuM9 YgG8ijmg+imSFeMgaszu5j1xu+YLfBOUxpJkHAP8agWBUPLdSeIeGxWAR43KPqKkl7jgdP c7p43vGMq5sPr54jYktCYHjib+zmXM8ySrRL6Q6IJw0ICvBBlYVvL9M1DQBRkhnd2Z/Nh2 zwD39Lg0nU4L2lxIXENan8iDbyYYfaAGnvD5wMVxgDRY+NA00REcgMa1WeLvzw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722979561; a=rsa-sha256; cv=none; b=EqqH+1o5NaNeOhgcTTyIs71CJvou3iLhdJQ4OT/RCZx48R5h1vmiY2v1PpQbglbA4DIZA/ zi/8mjcqctsyFux5G+UlEIC3r1uhPLsOWJE9EeNJTzsnmTG+Q3LHRbyyfNKbUd4suVs3qd fbJxDJOe7h+tAbrpFgHT3vw6fhAQwAvaZ8BWZdbAshhBIsKSzTvntxa8p148wbsqmytuE8 prU/9eDh6zp6x6X5OnEcGs8K3UhC1oh5Pol/NSW7nKhQWIuiDeTOpUYNcBLgTZ8QezBeTv 1gIpQmPFFBfJQDxWAd9nbp5YlD7gsYBYEYkRefWRc305ZM94qLzW+DCXU0kCZg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979561; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9Btqzmr7pRrLuhGIEEQet91wzILj0q0FTIlIIUwzRqo=; b=yp48Dc3wc9F7WG8+mkoWRQ8oG+7c4NDrJ4nRiCGEK8zhcg4NMK33qpI6s73eeIVXkWiRfK A7IcS9OajeDbIOF8m18tXwZSvEqaYujIAr8rHJmRUuYnBKwdZ9+/AlCypbw4xL8pQXrOzm ofdBu8t7IU53n27XuXWH4uhqF0SCbN2lu2lkIg8CyivtEQUvrmPGz27MHwANd58smakyVA 4yZyH7K4ZQJ6T8Spv+9IHtS23W7Si/vByjEWuJu4BnvUcL+Q/56bDp3LyXLc5N6jrjpbcl 4Rm/f/wlo/sccAUkbuzaI7fVZlesriMPfxWCFQG1WAoXg0NM9L3O8oQHhokvJw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdmZK60t6zNF4; Tue, 6 Aug 2024 21:26:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476LQ1s1067545; Tue, 6 Aug 2024 21:26:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476LQ1SI067542; Tue, 6 Aug 2024 21:26:01 GMT (envelope-from git) Date: Tue, 6 Aug 2024 21:26:01 GMT Message-Id: <202408062126.476LQ1SI067542@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 5bd6e6c1ddff - stable/14 - libusb: claim to be version 1.0.16 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5bd6e6c1ddff7f10e8b86703536d81af8ce0532b Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=5bd6e6c1ddff7f10e8b86703536d81af8ce0532b commit 5bd6e6c1ddff7f10e8b86703536d81af8ce0532b Author: Ed Maste AuthorDate: 2024-06-06 13:33:44 +0000 Commit: Ed Maste CommitDate: 2024-08-06 21:25:21 +0000 libusb: claim to be version 1.0.16 We are not 100% compatible with 1.0.16, but implement some functionality from that version that is required by certain ports. PR: 277799 PR: 279555 (exp-run) Event: Kitchener-Waterloo Hackathon 202406 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45514 (cherry picked from commit 5654b42142e1f689b26d405c90379b85f22349a0) --- lib/libusb/libusb-1.0.pc.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libusb/libusb-1.0.pc.in b/lib/libusb/libusb-1.0.pc.in index 7dbf746e773e..3a2f27cc52b8 100644 --- a/lib/libusb/libusb-1.0.pc.in +++ b/lib/libusb/libusb-1.0.pc.in @@ -6,6 +6,6 @@ includedir=@includedir@ Name: libusb-1.0 Description: Library that abstracts ways to access USB devices (v1.0) -Version: 1.0.13 +Version: 1.0.16 Libs: -L${libdir} -lusb Cflags: -I${includedir} From nobody Tue Aug 6 21:32:36 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wdmjx0m0rz5ShP6; Tue, 06 Aug 2024 21:32:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wdmjx0BmJz4bYk; Tue, 6 Aug 2024 21:32:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979957; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mxLh7ARsE2DPtttEYMaQosPtzg0eKRZQlmIHNF5n96o=; b=BqKMDadXq8JERrLE1qScN1sPAcvtc3ajB/V98vDHqDAyPceZk3BaWSWhbaiwabmbueJ9+m MdxQhB/NrcN0EDI63XC48EK9MQ0ybSD2rGh/8dWtw5GdgUlSdx9foTXA0113T7eK4/naP2 sPwuIjlHAmWnYhFNOkWMauqFlkUCoUpKD/WFPmFHhMaF8nhlS+KyqNTxkWCN3ovIDEAvZ7 aj7CONCsOTOohtdKJrNZA3Un22vbb/64bzsHAs3rIIY0e2SurBOFZ9075eKa227w5ef7yy 5n6qGf69fz6b//3lgOM207sve7u64EiwxCApUbCqDS5CbtLM8we9JzA+Z5EzSg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722979957; a=rsa-sha256; cv=none; b=T9AhtRbtjCh+g4NNoo6HcKLTbx52k3bwB0JeBHznxjZvsl7nCH2z3DJKn70SFIWLW4kQZX 1eVgBgcOdoDwMQpVv2KkRx5NO2QZFVkWhVvThWDIdl94SIMmY12Mm96m7vWzyKPPH2jWA1 q7OyQNiIc8YfAhzZwcvtq6ULw7T5qHMPMvPkw57UJeHuc14/DxDDhN/0cPVAu14y1ImlFZ XjRhExz+k8+nPWYWCMlS68rSYQQrdTHb4QfyXipltAKBZAFrIonIckUAep3j2Ho0lh9qdI RqnImMc8LXBejfpmhTWaGkjVUdnv5wdCCWk+MlrdxRxa4HmBaz6/CJdFPoGXTg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722979957; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mxLh7ARsE2DPtttEYMaQosPtzg0eKRZQlmIHNF5n96o=; b=YtBYn3nmevF+tuWuCuqbsM2Ik6bLlVOpUPzhTCgMLnnpP9S3wtEbJSN2KLAQLdL/2GSQxX axf86Ge0o+OrylkaY2apVUYZS4YgLZew5VE/G7do7YEka/OKm/CEFw+XTgUhD7QfddUTNm ELYE9E7oLUpHHmwV7fz5L2M7ApBkS2P87jtcgOnlzDMGUmyP1s9gYggtph7wb/UNOKUEHz nGZZ6nPvhRdtXrlLY2GoMn6hVDXw9B3VGn2iD8NA7Urk/yR9evCHPdmv0o+i18eYMuXiaO KuSBmAUpY6saN9omIh+OeiP7EIrbRUKzGRwKlh3Zp8EqSGBBb2grbhzsBcchDg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wdmjw6vpkzNlx; Tue, 6 Aug 2024 21:32:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476LWacn084059; Tue, 6 Aug 2024 21:32:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476LWanJ084056; Tue, 6 Aug 2024 21:32:36 GMT (envelope-from git) Date: Tue, 6 Aug 2024 21:32:36 GMT Message-Id: <202408062132.476LWanJ084056@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: feaaac5e153b - stable/14 - sctp: improve input validation for data chunks List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: feaaac5e153babd35b5b29b7e255d52e9b8f1093 Auto-Submitted: auto-generated The branch stable/14 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=feaaac5e153babd35b5b29b7e255d52e9b8f1093 commit feaaac5e153babd35b5b29b7e255d52e9b8f1093 Author: Michael Tuexen AuthorDate: 2024-08-03 11:27:18 +0000 Commit: Michael Tuexen CommitDate: 2024-08-06 21:32:06 +0000 sctp: improve input validation for data chunks fsn_included should only be considered, if first_frag_seen is true. Also, fix the resetting of the control structure, if stream queues are flushed. This fixes a bug where a legitimate message sequence was incorrectly classified as illegitimate. Thanks to Victor Boivie for reporting the issue on the userland stack. (cherry picked from commit 101a0f09e8baf8293e1eeb591de18caf15e49e00) --- sys/netinet/sctp_indata.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index 4c40e0de4326..693de313b970 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -746,21 +746,6 @@ sctp_build_readq_entry_from_ctl(struct sctp_queued_to_read *nc, struct sctp_queu nc->do_not_ref_stcb = control->do_not_ref_stcb; } -static void -sctp_reset_a_control(struct sctp_queued_to_read *control, - struct sctp_inpcb *inp, uint32_t tsn) -{ - control->fsn_included = tsn; - if (control->on_read_q) { - /* - * We have to purge it from there, hopefully this will work - * :-) - */ - TAILQ_REMOVE(&inp->read_queue, control, next); - control->on_read_q = 0; - } -} - static int sctp_handle_old_unordered_data(struct sctp_tcb *stcb, struct sctp_association *asoc, @@ -1922,7 +1907,8 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, SCTP_SNPRINTF(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid); goto err_out; } else { - if ((tsn == control->fsn_included + 1) && + if ((control->first_frag_seen) && + (tsn == control->fsn_included + 1) && (control->end_added == 0)) { SCTP_SNPRINTF(msg, sizeof(msg), "Illegal message sequence, missing end for MID: %8.8x", @@ -5430,12 +5416,25 @@ sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb, sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); } if (!TAILQ_EMPTY(&control->reasm)) { - /* This has to be old data, unordered */ + KASSERT(!asoc->idata_supported, + ("Reassembly queue not empty for I-DATA")); + KASSERT(!ordered, + ("Reassembly queue not empty for ordered data")); if (control->data) { sctp_m_freem(control->data); control->data = NULL; } - sctp_reset_a_control(control, stcb->sctp_ep, cumtsn); + control->fsn_included = 0xffffffff; + control->first_frag_seen = 0; + control->last_frag_seen = 0; + if (control->on_read_q) { + /* + * We have to purge it from there, hopefully this + * will work :-) + */ + TAILQ_REMOVE(&stcb->sctp_ep->read_queue, control, next); + control->on_read_q = 0; + } chk = TAILQ_FIRST(&control->reasm); if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { TAILQ_REMOVE(&control->reasm, chk, sctp_next); From nobody Tue Aug 6 21:38:40 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wdmrx17QRz5Sj4v; Tue, 06 Aug 2024 21:38:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wdmrx0ZrGz4bxs; Tue, 6 Aug 2024 21:38:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722980321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MRK7KelSXEQmxP7QtbmlorcBx6l7SJU4+D07qjQ8MYY=; b=XSAP0AovHEOR9ejdIiw8DvNiVmihouIOfVY+69IcRjXkmVl/tBhZ+Zo0+o4wTxaMmGTxo6 WkHok4WjSHccQknDUI/oGQ6gB321ks5RHmSnJldstPVPZpdWWtLJhE2AFTZitky7SMrqFh AdX06QK7mD+7LF/jaJE2oCzhi8dUcPRVyeCUO7d72BJyoKd74eEklT+UIKAB8AxVTdmrvU M2DBtNMWJBfbUPbRtEwCfkYjHfH62mdp9zlZKQcZmVrs8RJyFH/vkuVVNv2fVK+VWAA3Nl lfVVMU6qKPIqJpcrHmJCZ2eUz+3l8nmQAOTNS/gdO+ZOlJLGr+lyTD1j9Knw8w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722980321; a=rsa-sha256; cv=none; b=FM1i6wM+FUyuAKmXAdAf2QzArUL7PpGFlfhT5Mibo8FxQLDy7gOy3LJFPqPTt0ZcO9dHDs 2FRrG6RrrvEQMP1VwQzFpJZNUedSopJtNO1rsWp4wKZFXlYPNL0zmDf179jdCNeLUiy2Ju cei7mL19nmGx7dGZ9kFfSDN+2BYv86hT7IkYsRhAXqs6bqk2nOuEzCei1qqjAUOpK+zUvI 99uFsdQM9bQuIu7K2riq67aOrXxpZSY+X7U4cmdMnWhnxoY2dA2SS1+NgkM4inVG43h9zM QHvEmMiJvpo5LjfKGgAhKv+rha8P8c6M+ZZJH44LNnJ/cwi1DgwbHB26n432xQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722980321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MRK7KelSXEQmxP7QtbmlorcBx6l7SJU4+D07qjQ8MYY=; b=QnMdQEEnuo/65TPU+168N/Rw3fbo7TRYjDnoXg/eA8fOjd6SmZjvhNfpb9hkA0pElZUsHC glqrSkbLDcq8B9EW1n2QQLawnutkZ8mWRIb277zTaoXjf+CUYWmINXFTYG9ac++5OP//wE xFE3pyXArZQx9p2YFAel9yL5E4bCkAgf5N6HJxgUVD3MBse5OS/c3AnEm3yKyg4prwASuM cdTyhyC864hH1yWMGrxuG91Y66SCskgStE8pL5VBnGrlrx5wy/sJKbTe/R9GvR57/ZDCzV nrrjopmuVBN8xQ5dl++78VbgPZ4IevnvYmrp7BiKYP3uE+LuBinbvJVGx93rGQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wdmrx09yBzNG1; Tue, 6 Aug 2024 21:38:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476Lcetp085000; Tue, 6 Aug 2024 21:38:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476LceaS084997; Tue, 6 Aug 2024 21:38:40 GMT (envelope-from git) Date: Tue, 6 Aug 2024 21:38:40 GMT Message-Id: <202408062138.476LceaS084997@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: 18f4b705734e - stable/13 - sctp: improve input validation for data chunks List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 18f4b705734e1c76bac441ffe86cb8fbb131a153 Auto-Submitted: auto-generated The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=18f4b705734e1c76bac441ffe86cb8fbb131a153 commit 18f4b705734e1c76bac441ffe86cb8fbb131a153 Author: Michael Tuexen AuthorDate: 2024-08-03 11:27:18 +0000 Commit: Michael Tuexen CommitDate: 2024-08-06 21:38:16 +0000 sctp: improve input validation for data chunks fsn_included should only be considered, if first_frag_seen is true. Also, fix the resetting of the control structure, if stream queues are flushed. This fixes a bug where a legitimate message sequence was incorrectly classified as illegitimate. Thanks to Victor Boivie for reporting the issue on the userland stack. (cherry picked from commit 101a0f09e8baf8293e1eeb591de18caf15e49e00) --- sys/netinet/sctp_indata.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index 4c40e0de4326..693de313b970 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -746,21 +746,6 @@ sctp_build_readq_entry_from_ctl(struct sctp_queued_to_read *nc, struct sctp_queu nc->do_not_ref_stcb = control->do_not_ref_stcb; } -static void -sctp_reset_a_control(struct sctp_queued_to_read *control, - struct sctp_inpcb *inp, uint32_t tsn) -{ - control->fsn_included = tsn; - if (control->on_read_q) { - /* - * We have to purge it from there, hopefully this will work - * :-) - */ - TAILQ_REMOVE(&inp->read_queue, control, next); - control->on_read_q = 0; - } -} - static int sctp_handle_old_unordered_data(struct sctp_tcb *stcb, struct sctp_association *asoc, @@ -1922,7 +1907,8 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, SCTP_SNPRINTF(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid); goto err_out; } else { - if ((tsn == control->fsn_included + 1) && + if ((control->first_frag_seen) && + (tsn == control->fsn_included + 1) && (control->end_added == 0)) { SCTP_SNPRINTF(msg, sizeof(msg), "Illegal message sequence, missing end for MID: %8.8x", @@ -5430,12 +5416,25 @@ sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb, sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); } if (!TAILQ_EMPTY(&control->reasm)) { - /* This has to be old data, unordered */ + KASSERT(!asoc->idata_supported, + ("Reassembly queue not empty for I-DATA")); + KASSERT(!ordered, + ("Reassembly queue not empty for ordered data")); if (control->data) { sctp_m_freem(control->data); control->data = NULL; } - sctp_reset_a_control(control, stcb->sctp_ep, cumtsn); + control->fsn_included = 0xffffffff; + control->first_frag_seen = 0; + control->last_frag_seen = 0; + if (control->on_read_q) { + /* + * We have to purge it from there, hopefully this + * will work :-) + */ + TAILQ_REMOVE(&stcb->sctp_ep->read_queue, control, next); + control->on_read_q = 0; + } chk = TAILQ_FIRST(&control->reasm); if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { TAILQ_REMOVE(&control->reasm, chk, sctp_next); From nobody Tue Aug 6 21:52:54 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wdn9L3WFJz5SkRg; Tue, 06 Aug 2024 21:52:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wdn9L32fwz4cwX; Tue, 6 Aug 2024 21:52:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722981174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=h0X/1gDxCgCYrGc+njIqvKMv41GtQPwKDh8Qn15P2a4=; b=jN24xz+8ldqepsmHAP8Nz0dg5c3Q562xFACiWqWWIe0K2QNNmATIwnm8d2rh/mD6rxY8wb Cu+OSoNyDBgbJTN1ikOv4jfm/MkHdhCRk8FUgkTSTw78tdWgYWpukzVk41zAHJPKYByO33 VhWsxHA9IoE0gH2L4NP6og936n8raO3IO6mniS4jQ1H0y7NRPDaRwI+pMNl492tGCnX/li C9qAJpnVSRfPPuMv0CGMNPLWwHLWeTaCyuvqVXhZ9mBGBJ3SgEMpaPFtu71fQe6z0UQyfp QwDfZO2vdBGpB9p4kF9MvrJNNsXGOYfSjgiDypPR96gjrPTlQO3Ac+01x0EbeA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722981174; a=rsa-sha256; cv=none; b=yGc/8zSCJWLFqxrpyyVia9CNJnfda/aUGnt0PkisDBnxcpEgYHOwWsuBQmRQgK7oUur2s1 u6mFAtsE+DWyzadEOqtNUbxJ7roc64addP5qbRZO4IWKtqiCz19Pji5lmxAHOz7KEKAumL vws3LDMl8Hc2tVKwV/QoeaB1hjQlzdsvZvI6YX93Kp3YXEqUBxl2hW/cIknmUPIMWXpm8Z HIWRehdfOvq/tdjVLCje/uoucD109FO2nSe+hfVBfgX55PJGv3w8vfkmZ5ra/1znt9Flx+ 7BxPkRXtNk2rd7YCpOT47vPdALsyw6iPkpjc1YsGOh+jh+VrTCXaxWzCC2x6Yw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722981174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=h0X/1gDxCgCYrGc+njIqvKMv41GtQPwKDh8Qn15P2a4=; b=VCeIdcPGXet2u9IdcxaiPP5jh/Zp62cVCEPlBY0nS5brg0Fpl49X2Q4TP84x6fLKBPvZYZ UevrBZzIZyAku3u6x+LsBkQp5APFzrxWFkEE6qoJ2Mn5HwL9OwV6odp6TngHIBpXl+FRc7 S9Ns6QwblLNmvWIOjk7XJ0YcMtRKapf2JUFOUsTfE3rN+SGpW01CHJOZ2YlIgweatzOFg/ 7SYPv3QAC8eQejpJpkTYZyGhxBhT5Zsy/Wrtqv9u2GLhWYpVSh8jBOYBRQP/TsHM/6wVEi bXMitX1XZKndhMcZpDhKyYazi3Mg64N82p2UiCOWAM+cn4IFqv79k0sEV0KmqA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wdn9L2f7CzP0Z; Tue, 6 Aug 2024 21:52:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476LqskV017926; Tue, 6 Aug 2024 21:52:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476LqsMN017923; Tue, 6 Aug 2024 21:52:54 GMT (envelope-from git) Date: Tue, 6 Aug 2024 21:52:54 GMT Message-Id: <202408062152.476LqsMN017923@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 02ef8e4061ab - stable/13 - libusb: claim to be version 1.0.16 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 02ef8e4061abc0a0fc148a8e41efde46fde0d5b0 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=02ef8e4061abc0a0fc148a8e41efde46fde0d5b0 commit 02ef8e4061abc0a0fc148a8e41efde46fde0d5b0 Author: Ed Maste AuthorDate: 2024-06-06 13:33:44 +0000 Commit: Ed Maste CommitDate: 2024-08-06 21:52:37 +0000 libusb: claim to be version 1.0.16 We are not 100% compatible with 1.0.16, but implement some functionality from that version that is required by certain ports. PR: 277799 PR: 279555 (exp-run) Event: Kitchener-Waterloo Hackathon 202406 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45514 (cherry picked from commit 5654b42142e1f689b26d405c90379b85f22349a0) (cherry picked from commit 5bd6e6c1ddff7f10e8b86703536d81af8ce0532b) --- lib/libusb/libusb-1.0.pc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libusb/libusb-1.0.pc b/lib/libusb/libusb-1.0.pc index d748439c2257..0815a8eb6e9c 100644 --- a/lib/libusb/libusb-1.0.pc +++ b/lib/libusb/libusb-1.0.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: libusb-1.0 Description: Library that abstracts ways to access USB devices (v1.0) -Version: 1.0.13 +Version: 1.0.16 Libs: -L${libdir} -lusb Cflags: -I${includedir} From nobody Tue Aug 6 22:38:08 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wdp9Y1LhDz5SnQs; Tue, 06 Aug 2024 22:38:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wdp9Y0r6Xz4hZB; Tue, 6 Aug 2024 22:38:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722983889; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NbDRm1pexAhLn4dJnkQNdFVEs8/OaDJHldba/CoU3tM=; b=RywBIbyvLnNye97SEkrGh2LqIyS94l5+Xzmc/K93R9C8Mk3bJ4IaKk4woaS5NVpPwaf1px b+4ligYeVQNb3V5B/zIGsuQpNqVdukkdc7phTpLLKoVhyed8Vn7Tp7IGoqPHR1mVA5q5zp ylarlACZTHksvc/irauTDiNDqx5wStotoDOvqikpPiEO1kHiunzs8OS/7F84/4nKrZtgHZ RyYQOpsn91leb6az+MN25D0hO703lxg0c0w24D0OrkG283VmfeceFKrBoxngFczx948eYE W0thGOCYes0ZGLCZ0SXOG8UaJCuGpOrbz+ZCVl82stZAw6Gz/OmZSXOiJN4P5Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722983889; a=rsa-sha256; cv=none; b=NwqXl1L0FoQBWGG636BwmYw9mcASlsnSglymTEYgTs0Rgwv+YVOCirEDSJiosavtrE1Hd1 TMmDKpQIUWkj6HYKEfwGAVtx5XWjG61GiaFZp59T3028f7RtMywKAG1DdGBOjw39Cq4ybf VoCvBcgE/hG/56cEEYUmV6chkNDLUQI3MhojEZI/OqvGr23lFC9YgK1srj14bC9wBUPY32 50uaWZyfoPUaiSddQa5P7kYLrWctvcG76Mhc0gKQYvqkQpABH72GufHM3CbiNWBxWEQnao s0shUG68rDFKPAnrqvMfn5i88yU0bkZXxG11GR9su8GZ4jKhNs2s+zyrIbBAkA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722983889; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NbDRm1pexAhLn4dJnkQNdFVEs8/OaDJHldba/CoU3tM=; b=mWLdpqw77OFZmaNv79L1N/5S/hGfLDuIIXsgjIXKJJxOFNHL5/vTUpEcu2pgk4A9lxoxEJ rNckSPNCZU0VWo8TPIWf18vB28ACi8yX6xjasFONzoeI0J3HMuNUtTuOrQ64/ykNWYthnC mYaFD5iOIs7kqLIo4xQu8rLNdy78gfDKwiX7I/krY0OKd/Ecix5OMOFHpjGHN7dW7oicto uxc28AT1D+4syuO44jiZHuQjzbSMNoeQPf9Eb58seGOxaQH9OE/xYDZ9vP83EnBpaIVGW8 GBF5CW6U4Ru0jQRLG0zBJo420px9RuSM1qqbeREp41cuR+gPNGjfSdo1IwpS1Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wdp9Y0PdVzQ7G; Tue, 6 Aug 2024 22:38:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476Mc8I3086563; Tue, 6 Aug 2024 22:38:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476Mc8RJ086560; Tue, 6 Aug 2024 22:38:08 GMT (envelope-from git) Date: Tue, 6 Aug 2024 22:38:08 GMT Message-Id: <202408062238.476Mc8RJ086560@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: 9badd542e755 - releng/13.4 - sctp: improve input validation for data chunks List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: 9badd542e7552f9dfd4b868733a1e67c8f6df2df Auto-Submitted: auto-generated The branch releng/13.4 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=9badd542e7552f9dfd4b868733a1e67c8f6df2df commit 9badd542e7552f9dfd4b868733a1e67c8f6df2df Author: Michael Tuexen AuthorDate: 2024-08-03 11:27:18 +0000 Commit: Michael Tuexen CommitDate: 2024-08-06 22:36:18 +0000 sctp: improve input validation for data chunks fsn_included should only be considered, if first_frag_seen is true. Also, fix the resetting of the control structure, if stream queues are flushed. This fixes a bug where a legitimate message sequence was incorrectly classified as illegitimate. Thanks to Victor Boivie for reporting the issue on the userland stack. (cherry picked from commit 101a0f09e8baf8293e1eeb591de18caf15e49e00) (cherry picked from commit 18f4b705734e1c76bac441ffe86cb8fbb131a153) Approved by: re (cperciva) --- sys/netinet/sctp_indata.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index 4c40e0de4326..693de313b970 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -746,21 +746,6 @@ sctp_build_readq_entry_from_ctl(struct sctp_queued_to_read *nc, struct sctp_queu nc->do_not_ref_stcb = control->do_not_ref_stcb; } -static void -sctp_reset_a_control(struct sctp_queued_to_read *control, - struct sctp_inpcb *inp, uint32_t tsn) -{ - control->fsn_included = tsn; - if (control->on_read_q) { - /* - * We have to purge it from there, hopefully this will work - * :-) - */ - TAILQ_REMOVE(&inp->read_queue, control, next); - control->on_read_q = 0; - } -} - static int sctp_handle_old_unordered_data(struct sctp_tcb *stcb, struct sctp_association *asoc, @@ -1922,7 +1907,8 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, SCTP_SNPRINTF(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid); goto err_out; } else { - if ((tsn == control->fsn_included + 1) && + if ((control->first_frag_seen) && + (tsn == control->fsn_included + 1) && (control->end_added == 0)) { SCTP_SNPRINTF(msg, sizeof(msg), "Illegal message sequence, missing end for MID: %8.8x", @@ -5430,12 +5416,25 @@ sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb, sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); } if (!TAILQ_EMPTY(&control->reasm)) { - /* This has to be old data, unordered */ + KASSERT(!asoc->idata_supported, + ("Reassembly queue not empty for I-DATA")); + KASSERT(!ordered, + ("Reassembly queue not empty for ordered data")); if (control->data) { sctp_m_freem(control->data); control->data = NULL; } - sctp_reset_a_control(control, stcb->sctp_ep, cumtsn); + control->fsn_included = 0xffffffff; + control->first_frag_seen = 0; + control->last_frag_seen = 0; + if (control->on_read_q) { + /* + * We have to purge it from there, hopefully this + * will work :-) + */ + TAILQ_REMOVE(&stcb->sctp_ep->read_queue, control, next); + control->on_read_q = 0; + } chk = TAILQ_FIRST(&control->reasm); if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { TAILQ_REMOVE(&control->reasm, chk, sctp_next); From nobody Wed Aug 7 13:41:53 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBDL1nNqz5S96p; Wed, 07 Aug 2024 13:41:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBDK6795z4hFm; Wed, 7 Aug 2024 13:41:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038113; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k4WjGmOUNi9V5d3kXa5B5ZHvHlrNFDwTRtfIM+LqV7Q=; b=WUrMEhwgcPnovwMJZaDUOQeqq/5ractKjuhIBFQcajGP6tvaamip5CTlY8r9y8afJR9+cj E1aBZuuENYlv9zuqD3UV2FlvVpS56roWUCTv+gk4RPtQ1jLoMoovcQ5ib1+rZNRESSdZoP +0pZYeZBDNrsst5MgrqE1zcF0tfSjaQ3TgdxwnaSjFX2acObssQDeWTZoxVXHiGRNbpORc nSFqwlN7YyKBMUOxh6ZzMlRh8WuwwVEuafo6ahMlp932VfIIJy2uWSVRZk+btI2ma5vvnr 27fE285D8i4VVd9UMF3OQK/HrAqsth0RF86AjhE/EbFX3w5ZPIqq3IJpw4ThsQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038113; a=rsa-sha256; cv=none; b=yuBvuo/7U4Gu5VvqaiOqtlZ2fLozlgRxflQdt+ZRtdmj4vI9OSU8btvd8LtxSqqTDK3bUR rBBFKGIcFSc2dOaOdoOdJkIVr7N8XTnUi1iuA/kmdDV7EO7clK8/lL94xSLZCr/fZFMTIV rAZ2uglvrjc1oyRKNlsubattAY6Pb7LqT0m1WP03SdsfADCe4pOkxfFvYF73ppZWVzzrps lQ/ELhNazq5aKTeUIpBmcT7pbFQozWOujmwbW6EZhZ6C5K25/TOL8puqyXXfpsPfS5HGWv EwRFKNmhvzU7lV3vV0/XX4OX7GTGtlW7wI4j2ClzkOLk0qQtSOD42TNYksZYSQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038113; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k4WjGmOUNi9V5d3kXa5B5ZHvHlrNFDwTRtfIM+LqV7Q=; b=KFfOwTjUZR87L3zAxwKPPQ5m/jLfK5COVuktSPVK7gl8F5AQMt9evyYcxHyyRX2XnxLg5h UpwHbdoyWufgG9yn90IGJON9W1zf9TaC6JRz5OGIB6QndhYG9CvCG1QSVdfXv3OhS9+xkm eFu+CjkRTcWOp4SmVyxqqwMs2O0ATzMblHRIYMT7kPvfpNOTec8A5AfZX0h1UCJA4QtUnf vFMqk1rfn7rzEXHidVt5RF62hr6OpVfY9IhJzdQNmZU++OcCBBC5BYFiJnQMrxNqp+rRKx m8gm1xrsG8OSpzt9S4GYA6JnKExPEF/8o45AVI7FKBpNyAdl1A5YJhtpF/PGcw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBDK5kkrzsdR; Wed, 7 Aug 2024 13:41:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477Dfr6Z030727; Wed, 7 Aug 2024 13:41:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Dfrgi030724; Wed, 7 Aug 2024 13:41:53 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:41:53 GMT Message-Id: <202408071341.477Dfrgi030724@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 8b400c8488f0 - stable/14 - ktrace: Fix an inverted privilege check List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 8b400c8488f0b9e67ae269f6d8e5022a3bc7d854 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=8b400c8488f0b9e67ae269f6d8e5022a3bc7d854 commit 8b400c8488f0b9e67ae269f6d8e5022a3bc7d854 Author: Mark Johnston AuthorDate: 2024-08-07 13:38:54 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:41:42 +0000 ktrace: Fix an inverted privilege check Approved by: so Security: FreeBSD-24:06.ktrace Security: CVE-2024-6760 Fixes: 1762f674ccb5 ("ktrace: pack all ktrace parameters into allocated structure ktr_io_params") (cherry picked from commit 166b7573b5220aadf8b02a85933c9651b909b309) --- sys/kern/kern_ktrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 555762185411..1c6a2ae01f3d 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -593,7 +593,7 @@ ktrprocexec(struct proc *p) PROC_LOCK_ASSERT(p, MA_OWNED); kiop = p->p_ktrioparms; - if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED)) + if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED) == 0) return (NULL); mtx_lock(&ktrace_mtx); From nobody Wed Aug 7 13:42:10 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBDf1xVTz5S9KX; Wed, 07 Aug 2024 13:42:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBDf1TwKz4hQ7; Wed, 7 Aug 2024 13:42:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Tata4MkNvVXgPfLPelJSchqBwD3pVkeRszcXdu1bBVI=; b=ABW6TKC5Ej+qQCdLdNcvBEzHNTwtvzEB/g/HSAr/rvToc899e0j13ZyapcbCZxHzoW1Xg1 v8zUWbdQpNtu7KQRr9E49k0WIZRuHBBCZ4zSETXf0WQtzKpzOn4VrQxJ5xfStzkQNGXIaM XgH58wMEURihu+ZOjaBEBjbw5+4z6+0fZy0jjJwSYIzRSOyaF1Kknt2Vq5EMZ+U/AR64VR eFxXMWjc6/dc3z4hwlqs4uVWV0cvY/RM5SWypz3gjyns/dfw6VLvbLvfh1BDtwZ/WWC7c/ kR4yfNpN0K4yk/vRaoSrd8liSoYvmd2XD543fAe8azU1B1LfeuXYZ5Sv3SkysQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038130; a=rsa-sha256; cv=none; b=oKV61M7yzCnMbFiT7VTuhwZnjIxNAQQLovX2Gr3TrXr2pv7nmlm3kuZDp2PGJlOdHvhlBI tEzHQnZ02uAaIpiFMn0JTuvk0sc3nMTajR60IXVUq2zsa0ofbg13gXihuNVlFh6wm+zgqF j0+zeuD+fF/0kMbLDMLAGtlQ/JtyjgVkRlhRyNRc7D8K+woMvJH0dz4nyrpDhcKTT2tLnA LJLh1ip8p0LSzLV/R1LxYjWGfRjmXFNPWas4OGEL10ca9AqSpsM1sQfpm6KNzCls1lYsM1 ie6LL8vfgzfd5Ze0PCkRwgVl5YPPhbxgCgVriaaMWy0xpGqkmNVjjqTFbprMDQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Tata4MkNvVXgPfLPelJSchqBwD3pVkeRszcXdu1bBVI=; b=c+ym7wU1HbEa+rOWNmNx2WaRZxn9Rhw2hvPEIf013JSQAwGUk/KXX/9WYb81WSEJ9tCt91 VkJkiyWxpFD3Bt7obLmhbImkhEIQXI2rMqKBKxy7JKmTieXp0O8VtJLO4LqZw3bstK+q8h /as2JFgUy53bYXtJWU9pYj46XlH4kYGF088TRdCv8Kkw9XkJVbZSJ6Q+X0Qr5UsLxL0Gss YLRk0P8D08DpFpMWzuNoyL/mmrRgD8G8bvp/OwSIieh9qxvjA6XODcKQyU5750zO25DJZP 0ywwdWd0X7COExhdwVi/NiwW7IBe4Y/afZf/16+lTF5Evkm2sGImLN+h7ufjxg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBDf14jRzsmG; Wed, 7 Aug 2024 13:42:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DgAgY032866; Wed, 7 Aug 2024 13:42:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DgAJT032863; Wed, 7 Aug 2024 13:42:10 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:42:10 GMT Message-Id: <202408071342.477DgAJT032863@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: f702110bc4bc - stable/13 - ktrace: Fix an inverted privilege check List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: f702110bc4bcc593b38674ec6e4fadf6c4626432 Auto-Submitted: auto-generated The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=f702110bc4bcc593b38674ec6e4fadf6c4626432 commit f702110bc4bcc593b38674ec6e4fadf6c4626432 Author: Mark Johnston AuthorDate: 2024-08-07 13:38:54 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:42:02 +0000 ktrace: Fix an inverted privilege check Approved by: so Security: FreeBSD-24:06.ktrace Security: CVE-2024-6760 Fixes: 1762f674ccb5 ("ktrace: pack all ktrace parameters into allocated structure ktr_io_params") (cherry picked from commit 166b7573b5220aadf8b02a85933c9651b909b309) --- sys/kern/kern_ktrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 2729d0880b31..cc51dbae46f7 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -585,7 +585,7 @@ ktrprocexec(struct proc *p) PROC_LOCK_ASSERT(p, MA_OWNED); kiop = p->p_ktrioparms; - if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED)) + if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED) == 0) return (NULL); mtx_lock(&ktrace_mtx); From nobody Wed Aug 7 13:44:21 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBH94J1Cz5S8r2; Wed, 07 Aug 2024 13:44:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBH93hBCz4hWr; Wed, 7 Aug 2024 13:44:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038261; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rcFa05g/quTSmsQac8GoTI+wAFqajW5Wo9WxRGL/oxQ=; b=Ru7+7/lymlsABSabyeaBTjdTuEx5sVy4TyCpQo9Kxe799QJDvo37gLpPM0QGqDYM9pTXLL RRVTwlPAojzS/T7OGe/uRip5TPcpp8j02MaX8BHOCNO6dMsHROCwe5dc6JTxm0gmJ1of3G qNAy4Ww9QWEDgkSMfXFlKlToMymaK7FsbI8eMZYJ4gHNK/A29y0KE6tLpk/FVMibAzbxfN z3gIUgR4bn6pUQCcu+QuNNzwM5kL8SjcgeDsdVX4rnI9GdwdA1rOsqkNQlzt+mOMkidIZ2 XFZWpCHX0ci+2Cl4LBO7hUOCAIhQlH+YGQNWqWKozXwr8BacYOHfkbNaiVKyBQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038261; a=rsa-sha256; cv=none; b=wJd4mQPRY0n45MhiOcNmXyquj6xGo+ytiNgckjzflBJRs496et2z+kRby0ydzhwqKq0hgx efxbUFCgM1SUcjGUziixNc7cOH/M+jVw4Md1JNjX2UVS2THRmbjPgHNvX0JgJ/94odhcf5 hz0+2nshK4DH/lXKUizbY/F02hm98DlVE3W1xwBdclaQrdhrXJE4k6jYVEN3YW5jombiEv o5RMmNSSAdiCMCd0rco5lOjmI7bXfw5mzpTIgcDOHOd+77p1VD5yku4joo9NuunhlkAiX+ eyQEGDWQQEajIe5GgJLxmT1vakch/3ch/2bddwVwbNX/1rwnBdYcTPJmwXWU/A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038261; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rcFa05g/quTSmsQac8GoTI+wAFqajW5Wo9WxRGL/oxQ=; b=cDbkTPQv49bNZ3/BxfBzODWVRPzEIyUpDQZJFbXgbFH6pbXfPxDxaXpfOipmp6YVtQYhyV kFh3MqjmsoyoOYBYd6+EoEpNAwLGy9dZPH+FipGxmvMVvxdRh3AnQa/+MrnJfzlgufYaBB hYJGsiX7Ko4NcfzgMI6GEk14rcEquyy8L7SVRccmUDctXxpxCR9v9f6SZcgnUv6d2euNO+ tRO8ICQMYinM83fsVTnAch5n2E4HD7VRghpmim3AW6j5I04EAYba9kcDZxwoqf3Mk6GatN SNSASLmZ2THxag2tfArd86BtFj1WCZd8fnHpDtoyYh71Y6rDl9KOJIBgbevqgg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBH939L8zsjP; Wed, 7 Aug 2024 13:44:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiLtl033353; Wed, 7 Aug 2024 13:44:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiLSL033350; Wed, 7 Aug 2024 13:44:21 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:21 GMT Message-Id: <202408071344.477DiLSL033350@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 8533e927afc1 - releng/14.1 - nfscl: Scan readdir reply filenames for invalid characters List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: 8533e927afc1847fb8ff6b650a69999ec6612df3 Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=8533e927afc1847fb8ff6b650a69999ec6612df3 commit 8533e927afc1847fb8ff6b650a69999ec6612df3 Author: Rick Macklem AuthorDate: 2024-07-21 22:56:16 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:30:29 +0000 nfscl: Scan readdir reply filenames for invalid characters The NFS RFCs are pretty loose with respect to what characters can be in a filename returned by a Readdir. However, FreeBSD, as a POSIX system will not handle imbedded '/' or nul characters in file names. Also, for NFSv4, the file names "." and ".." are handcrafted on the client and should not be returned by a NFSv4 server. This patch scans for the above in filenames returned by Readdir and ignores any entry returned by Readdir which has them in it. Because an imbedded nul would be a string terminator, it was not possible to code this check efficiently using string(3) functions. Approved by: so Security: FreeBSD-SA-24:07.nfsclient Security: CVE-2024-6759 Reported by: Apple Security Engineering and Architecture (SEAR) (cherry picked from commit 026cdaa3b3a92574d9ac3155216e5cc0b0bd4c51) (cherry picked from commit 9328ded386d570c8455b9021e047520ef72e0e79) --- sys/fs/nfsclient/nfs_clrpcops.c | 137 ++++++++++++++++++++++++++++++++-------- 1 file changed, 110 insertions(+), 27 deletions(-) diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index 8c5532268287..c5c0ee9fa74f 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -142,6 +142,7 @@ static int nfsrpc_createv4(vnode_t , char *, int, struct vattr *, nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *, int *, int *); +static bool nfscl_invalidfname(bool, char *, int); static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *, struct nfscllockowner *, u_int64_t, u_int64_t, u_int32_t, struct ucred *, NFSPROC_T *, int); @@ -3279,6 +3280,31 @@ nfsrpc_rmdir(vnode_t dvp, char *name, int namelen, struct ucred *cred, return (error); } +/* + * Check to make sure the file name in a Readdir reply is valid. + */ +static bool +nfscl_invalidfname(bool is_v4, char *name, int len) +{ + int i; + char *cp; + + if (is_v4 && ((len == 1 && name[0] == '.') || + (len == 2 && name[0] == '.' && name[1] == '.'))) { + printf("Readdir NFSv4 reply has dot or dotdot in it\n"); + return (true); + } + cp = name; + for (i = 0; i < len; i++, cp++) { + if (*cp == '/' || *cp == '\0') { + printf("Readdir reply file name had imbedded / or nul" + " byte\n"); + return (true); + } + } + return (false); +} + /* * Readdir rpc. * Always returns with either uio_resid unchanged, if you are at the @@ -3331,6 +3357,8 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, KASSERT(uiop->uio_iovcnt == 1 && (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0, ("nfs readdirrpc bad uio")); + KASSERT(uiop->uio_segflg == UIO_SYSSPACE, + ("nfsrpc_readdir: uio userspace")); ncookie.lval[0] = ncookie.lval[1] = 0; /* * There is no point in reading a lot more than uio_resid, however @@ -3588,6 +3616,17 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, uiop->uio_resid) bigenough = 0; if (bigenough) { + struct iovec saviov; + off_t savoff; + ssize_t savresid; + int savblksiz; + + saviov.iov_base = uiop->uio_iov->iov_base; + saviov.iov_len = uiop->uio_iov->iov_len; + savoff = uiop->uio_offset; + savresid = uiop->uio_resid; + savblksiz = blksiz; + dp = (struct dirent *)uiop->uio_iov->iov_base; dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; @@ -3603,20 +3642,35 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base + DIRHDSIZ; uiop->uio_iov->iov_len -= DIRHDSIZ; + cp = uiop->uio_iov->iov_base; error = nfsm_mbufuio(nd, uiop, len); if (error) goto nfsmout; - cp = uiop->uio_iov->iov_base; - tlen -= len; - NFSBZERO(cp, tlen); - cp += tlen; /* points to cookie storage */ - tl2 = (u_int32_t *)cp; - uiop->uio_iov->iov_base = - (char *)uiop->uio_iov->iov_base + tlen + - NFSX_HYPER; - uiop->uio_iov->iov_len -= tlen + NFSX_HYPER; - uiop->uio_resid -= tlen + NFSX_HYPER; - uiop->uio_offset += (tlen + NFSX_HYPER); + /* Check for an invalid file name. */ + if (nfscl_invalidfname( + (nd->nd_flag & ND_NFSV4) != 0, cp, len)) { + /* Skip over this entry. */ + uiop->uio_iov->iov_base = + saviov.iov_base; + uiop->uio_iov->iov_len = + saviov.iov_len; + uiop->uio_offset = savoff; + uiop->uio_resid = savresid; + blksiz = savblksiz; + } else { + cp = uiop->uio_iov->iov_base; + tlen -= len; + NFSBZERO(cp, tlen); + cp += tlen; /* points to cookie store */ + tl2 = (u_int32_t *)cp; + uiop->uio_iov->iov_base = + (char *)uiop->uio_iov->iov_base + + tlen + NFSX_HYPER; + uiop->uio_iov->iov_len -= tlen + + NFSX_HYPER; + uiop->uio_resid -= tlen + NFSX_HYPER; + uiop->uio_offset += (tlen + NFSX_HYPER); + } } else { error = nfsm_advance(nd, NFSM_RNDUP(len), -1); if (error) @@ -3782,6 +3836,8 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, KASSERT(uiop->uio_iovcnt == 1 && (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0, ("nfs readdirplusrpc bad uio")); + KASSERT(uiop->uio_segflg == UIO_SYSSPACE, + ("nfsrpc_readdirplus: uio userspace")); ncookie.lval[0] = ncookie.lval[1] = 0; timespecclear(&dctime); *attrflagp = 0; @@ -4017,6 +4073,17 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, uiop->uio_resid) bigenough = 0; if (bigenough) { + struct iovec saviov; + off_t savoff; + ssize_t savresid; + int savblksiz; + + saviov.iov_base = uiop->uio_iov->iov_base; + saviov.iov_len = uiop->uio_iov->iov_len; + savoff = uiop->uio_offset; + savresid = uiop->uio_resid; + savblksiz = blksiz; + dp = (struct dirent *)uiop->uio_iov->iov_base; dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; @@ -4035,25 +4102,41 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, cnp->cn_nameptr = uiop->uio_iov->iov_base; cnp->cn_namelen = len; NFSCNHASHZERO(cnp); + cp = uiop->uio_iov->iov_base; error = nfsm_mbufuio(nd, uiop, len); if (error) goto nfsmout; - cp = uiop->uio_iov->iov_base; - tlen -= len; - NFSBZERO(cp, tlen); - cp += tlen; /* points to cookie storage */ - tl2 = (u_int32_t *)cp; - if (len == 2 && cnp->cn_nameptr[0] == '.' && - cnp->cn_nameptr[1] == '.') - isdotdot = 1; - else - isdotdot = 0; - uiop->uio_iov->iov_base = - (char *)uiop->uio_iov->iov_base + tlen + - NFSX_HYPER; - uiop->uio_iov->iov_len -= tlen + NFSX_HYPER; - uiop->uio_resid -= tlen + NFSX_HYPER; - uiop->uio_offset += (tlen + NFSX_HYPER); + /* Check for an invalid file name. */ + if (nfscl_invalidfname( + (nd->nd_flag & ND_NFSV4) != 0, cp, len)) { + /* Skip over this entry. */ + uiop->uio_iov->iov_base = + saviov.iov_base; + uiop->uio_iov->iov_len = + saviov.iov_len; + uiop->uio_offset = savoff; + uiop->uio_resid = savresid; + blksiz = savblksiz; + } else { + cp = uiop->uio_iov->iov_base; + tlen -= len; + NFSBZERO(cp, tlen); + cp += tlen; /* points to cookie store */ + tl2 = (u_int32_t *)cp; + if (len == 2 && + cnp->cn_nameptr[0] == '.' && + cnp->cn_nameptr[1] == '.') + isdotdot = 1; + else + isdotdot = 0; + uiop->uio_iov->iov_base = + (char *)uiop->uio_iov->iov_base + + tlen + NFSX_HYPER; + uiop->uio_iov->iov_len -= tlen + + NFSX_HYPER; + uiop->uio_resid -= tlen + NFSX_HYPER; + uiop->uio_offset += (tlen + NFSX_HYPER); + } } else { error = nfsm_advance(nd, NFSM_RNDUP(len), -1); if (error) From nobody Wed Aug 7 13:44:22 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHB408mz5S8tf; Wed, 07 Aug 2024 13:44:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHB3hYxz4hWs; Wed, 7 Aug 2024 13:44:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6Z9MTMZri7Q+DnNx3pYDjWvPXMwX8CF1ox+hwomupZE=; b=tQ6To2afXueebXjecvGJtisV5RPUcwEF6xuZwThd5bhZIeoS0E/nphvFpgsDcg0QNerFbd cOYg5pAnuj33Nc7jqP0AvWr+rDlITg5VL3Et14/lYJ9jwQo9gtv7kdcDdC/Dn7Ltt8vUKO pfFEjNSKdmdqMZG9oFfLtbIfjaAzo+yQQQG0+EE5XGZ6SU76pmUSQLQUYzEIDWX7CbvIPC NvEKDB4zad+eMo/tjCGYRVierT/NUid6ItyX5wVg1WXGqIRBYSOquHiMOXNXOlKVTe0tCj XyBly16SHxFYY9XLVToZxyLfWhxOmerpa8VGtmQ6lSgkEsBVBbJL6Q/IKrOoBQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038262; a=rsa-sha256; cv=none; b=lEOnSbwgIIItA9MI8ruyge66CJ65DtJOu4LAbfqSgbzu7wcxhk0mrOXmgCHq/nm7G9MTRE 1cZS9k5gqZb64YtsYsH+q7nMNXNtFN5a1SPCVYbBb0x0GUEUF9QI4T8zG3ASeA8X3Su5Ec NEEJCAewgOFGLPR0UbNnSIOyGyQ7LLyHSan9OpQi5F8I880BQe0m6tjqx8PShFDT0aYvDW BPUB+wx98hFLpt0uUOkwnl2Rf2X5IxrjOIZmiKjkBerV7OxF3ztgoEez0vHeSeO40Hgi7X IYD2d+4+K846gGWv+30zaC1ziP8/vWElP+nBW+4wXn0VNq3Uh0sQ8Y9dTrjVRw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6Z9MTMZri7Q+DnNx3pYDjWvPXMwX8CF1ox+hwomupZE=; b=HKJTwFILVm2TrF0ZbPLU9PG4Zh08Fi7E6TOPkBlK35dF0Z4YSzgKhMuIockR6u+JHWQ/xj j4s1aQtBXPbTcsR1FSvKqvZKcUOs7WokcggBN+d1b23ZAZXI1yZqWyqza4dyo1N4PBXWoR 3RwMyTF5W5i/NLvJ7p3OhonGIEumqRoOPqAG4RLuH2NVkwgcE8PRn+wVMcUdwcIbn2yGWz yexCSbyl/fgS5DL3IZH6bTqzYbyQa24Di3iAKrTrw71vuEFaxgX3ZQ8zDQayhbrUSxdwWt LGG0SkDJVfEWF35VLYCChr7AzzD5BZBMEY/UZ83NWPVr9D9f1+pXkM1b91omKg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHB3HnjzsmL; Wed, 7 Aug 2024 13:44:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiMtw033413; Wed, 7 Aug 2024 13:44:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiMad033410; Wed, 7 Aug 2024 13:44:22 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:22 GMT Message-Id: <202408071344.477DiMad033410@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 370e196bae46 - releng/14.1 - pf: stricter state checking for ICMP and ICMPv6 packets List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: 370e196bae469f776bb95b9733fe6a6481e189f6 Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=370e196bae469f776bb95b9733fe6a6481e189f6 commit 370e196bae469f776bb95b9733fe6a6481e189f6 Author: Kristof Provost AuthorDate: 2024-07-09 13:59:33 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:31:39 +0000 pf: stricter state checking for ICMP and ICMPv6 packets Include the ICMP type in one port of the state key, using the type to determine which side should be the id, and which should be the type. Also: - Handle ICMP6 messages which are typically sent to multicast addresses but recieve unicast replies, by doing fallthrough lookups against the correct multicast address. - Clear up some mistaken assumptions in the PF code: - Not all ICMP packets have an icmp_id, so simulate one based on other data if we can, otherwise set it to 0. - Don't modify the icmp id field in NAT unless it's echo - Use the full range of possible id's when NATing icmp6 echoy ok henning marco testing matthieu todd Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, mcbride 70bf7555ef4c Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 534ee17e61ee094ec175703bc50e88ff6587703e) (cherry picked from commit 2f6b4611b5b847aee1ff8d5017a0f8a657f4101d) --- sys/netpfil/pf/pf.c | 381 ++++++++++++++++++++++++++++++++++++++----------- sys/netpfil/pf/pf_lb.c | 19 ++- 2 files changed, 317 insertions(+), 83 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 5fc234c5aca9..3212a1443f63 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -291,6 +291,8 @@ static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *, u_int16_t, u_int8_t, sa_family_t); static int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *, struct tcphdr *, struct pf_state_peer *); +int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *, + int *, u_int16_t *, u_int16_t *); static void pf_change_icmp(struct pf_addr *, u_int16_t *, struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t *, u_int16_t *, u_int16_t *, @@ -337,6 +339,10 @@ static int pf_test_state_tcp(struct pf_kstate **, static int pf_test_state_udp(struct pf_kstate **, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *); +int pf_icmp_state_lookup(struct pf_state_key_cmp *, + struct pf_pdesc *, struct pf_kstate **, struct mbuf *, + int, struct pfi_kkif *, u_int16_t, u_int16_t, + int, int *, int); static int pf_test_state_icmp(struct pf_kstate **, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); @@ -389,6 +395,8 @@ extern struct proc *pf_purge_proc; VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); +enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK }; + #define PACKET_UNDO_NAT(_m, _pd, _off, _s) \ do { \ struct pf_state_key *nk; \ @@ -1734,6 +1742,142 @@ pf_isforlocal(struct mbuf *m, int af) return (false); } +int +pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, + int *icmp_dir, int *multi, u_int16_t *icmpid, u_int16_t *icmptype) +{ + /* + * ICMP types marked with PF_OUT are typically responses to + * PF_IN, and will match states in the opposite direction. + * PF_IN ICMP types need to match a state with that type. + */ + *icmp_dir = PF_OUT; + *multi = PF_ICMP_MULTI_LINK; + /* Queries (and responses) */ + switch (type) { + case ICMP_ECHO: + *icmp_dir = PF_IN; + case ICMP_ECHOREPLY: + *icmptype = ICMP_ECHO; + *icmpid = pd->hdr.icmp.icmp_id; + break; + + case ICMP_TSTAMP: + *icmp_dir = PF_IN; + case ICMP_TSTAMPREPLY: + *icmptype = ICMP_TSTAMP; + *icmpid = 0; /* Time is not a secret. */ + break; + + case ICMP_IREQ: + *icmp_dir = PF_IN; + case ICMP_IREQREPLY: + *icmptype = ICMP_IREQ; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_MASKREQ: + *icmp_dir = PF_IN; + case ICMP_MASKREPLY: + *icmptype = ICMP_MASKREQ; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_IPV6_WHEREAREYOU: + *icmp_dir = PF_IN; + case ICMP_IPV6_IAMHERE: + *icmptype = ICMP_IPV6_WHEREAREYOU; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_MOBILE_REGREQUEST: + *icmp_dir = PF_IN; + case ICMP_MOBILE_REGREPLY: + *icmptype = ICMP_MOBILE_REGREQUEST; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_ROUTERSOLICIT: + *icmp_dir = PF_IN; + case ICMP_ROUTERADVERT: + *icmptype = ICMP_ROUTERSOLICIT; + *icmpid = 0; /* Nothing sane to match on! */ + break; + +#ifdef INET6 + case ICMP6_ECHO_REQUEST: + *icmp_dir = PF_IN; + case ICMP6_ECHO_REPLY: + *icmptype = ICMP6_ECHO_REQUEST; + *icmpid = pd->hdr.icmp6.icmp6_id; + break; + + case MLD_LISTENER_QUERY: + *icmp_dir = PF_IN; + case MLD_LISTENER_REPORT: { + *icmptype = MLD_LISTENER_QUERY; + *icmpid = 0; + break; + } + + /* ICMP6_FQDN and ICMP6_NI query/reply are the same type as ICMP6_WRU */ + case ICMP6_WRUREQUEST: + *icmp_dir = PF_IN; + case ICMP6_WRUREPLY: + *icmptype = ICMP6_WRUREQUEST; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case MLD_MTRACE: + *icmp_dir = PF_IN; + case MLD_MTRACE_RESP: + *icmptype = MLD_MTRACE; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ND_NEIGHBOR_SOLICIT: + *icmp_dir = PF_IN; + case ND_NEIGHBOR_ADVERT: { + *icmptype = ND_NEIGHBOR_SOLICIT; + *multi = PF_ICMP_MULTI_SOLICITED; + *icmpid = 0; + break; + } + +#endif /* INET6 */ + /* These ICMP types map to other connections */ + case ICMP_UNREACH: + case ICMP_SOURCEQUENCH: + case ICMP_REDIRECT: + case ICMP_TIMXCEED: + case ICMP_PARAMPROB: +#ifdef INET6 + /* + * ICMP6_TIME_EXCEEDED is the same type as ICMP_UNREACH + * ND_REDIRECT can't be in this list because the triggering packet + * header is optional. + */ + case ICMP6_PACKET_TOO_BIG: +#endif /* INET6 */ + /* These will not be used, but set them anyways */ + *icmp_dir = PF_IN; + *icmptype = htons(type); + *icmpid = 0; + return (1); /* These types are matched to other state */ + /* + * All remaining ICMP types get their own states, + * and will only match in one direction. + */ + default: + *icmp_dir = PF_IN; + *icmptype = type; + *icmpid = 0; + break; + } + HTONS(*icmptype); + return (0); +} + void pf_intr(void *v) { @@ -4397,8 +4541,8 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, int tag = -1; int asd = 0; int match = 0; - int state_icmp = 0; - u_int16_t sport = 0, dport = 0; + int state_icmp = 0, icmp_dir, multi; + u_int16_t sport = 0, dport = 0, virtual_type, virtual_id; u_int16_t bproto_sum = 0, bip_sum = 0; u_int8_t icmptype = 0, icmpcode = 0; struct pf_kanchor_stackframe anchor_stack[PF_ANCHOR_STACKSIZE]; @@ -4432,33 +4576,37 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, case IPPROTO_ICMP: if (pd->af != AF_INET) break; - sport = dport = pd->hdr.icmp.icmp_id; hdrlen = sizeof(pd->hdr.icmp); icmptype = pd->hdr.icmp.icmp_type; icmpcode = pd->hdr.icmp.icmp_code; - - if (icmptype == ICMP_UNREACH || - icmptype == ICMP_SOURCEQUENCH || - icmptype == ICMP_REDIRECT || - icmptype == ICMP_TIMXCEED || - icmptype == ICMP_PARAMPROB) - state_icmp++; + state_icmp = pf_icmp_mapping(pd, icmptype, + &icmp_dir, &multi, &virtual_id, &virtual_type); + if (icmp_dir == PF_IN) { + sport = virtual_id; + dport = virtual_type; + } else { + sport = virtual_type; + dport = virtual_id; + } break; #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: if (af != AF_INET6) break; - sport = dport = pd->hdr.icmp6.icmp6_id; hdrlen = sizeof(pd->hdr.icmp6); icmptype = pd->hdr.icmp6.icmp6_type; icmpcode = pd->hdr.icmp6.icmp6_code; + state_icmp = pf_icmp_mapping(pd, icmptype, + &icmp_dir, &multi, &virtual_id, &virtual_type); + if (icmp_dir == PF_IN) { + sport = virtual_id; + dport = virtual_type; + } else { + sport = virtual_type; + dport = virtual_id; + } - if (icmptype == ICMP6_DST_UNREACH || - icmptype == ICMP6_PACKET_TOO_BIG || - icmptype == ICMP6_TIME_EXCEEDED || - icmptype == ICMP6_PARAM_PROB) - state_icmp++; break; #endif /* INET6 */ default: @@ -4552,7 +4700,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, } #ifdef INET case IPPROTO_ICMP: - nk->port[0] = nk->port[1]; if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET)) pf_change_a(&saddr->v4.s_addr, pd->ip_sum, nk->addr[pd->sidx].v4.s_addr, 0); @@ -4561,11 +4708,12 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, pf_change_a(&daddr->v4.s_addr, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); - if (nk->port[1] != pd->hdr.icmp.icmp_id) { + if (virtual_type == ICMP_ECHO && + nk->port[pd->sidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( pd->hdr.icmp.icmp_cksum, sport, - nk->port[1], 0); - pd->hdr.icmp.icmp_id = nk->port[1]; + nk->port[pd->sidx], 0); + pd->hdr.icmp.icmp_id = nk->port[pd->sidx]; pd->sport = &pd->hdr.icmp.icmp_id; } m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp); @@ -4573,7 +4721,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: - nk->port[0] = nk->port[1]; if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET6)) pf_change_a6(saddr, &pd->hdr.icmp6.icmp6_cksum, &nk->addr[pd->sidx], 0); @@ -6402,15 +6549,73 @@ pf_multihome_scan_asconf(struct mbuf *m, int start, int len, return (pf_multihome_scan(m, start, len, pd, kif, SCTP_ADD_IP_ADDRESS)); } +int +pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd, + struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif, + u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi) +{ + key->af = pd->af; + key->proto = pd->proto; + if (icmp_dir == PF_IN) { + *iidx = pd->sidx; + key->port[pd->sidx] = icmpid; + key->port[pd->didx] = type; + } else { + *iidx = pd->didx; + key->port[pd->sidx] = type; + key->port[pd->didx] = icmpid; + } + if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) { + switch (multi) { + case PF_ICMP_MULTI_SOLICITED: + key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; + key->addr[pd->sidx].addr32[1] = 0; + key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE; + key->addr[pd->sidx].addr32[3] = pd->src->addr32[3]; + key->addr[pd->sidx].addr8[12] = 0xff; + break; + case PF_ICMP_MULTI_LINK: + key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; + key->addr[pd->sidx].addr32[1] = 0; + key->addr[pd->sidx].addr32[2] = 0; + key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE; + break; + } + } else + PF_ACPY(&key->addr[pd->sidx], pd->src, key->af); + PF_ACPY(&key->addr[pd->didx], pd->dst, key->af); + + STATE_LOOKUP(kif, key, *state, pd); + + /* Is this ICMP message flowing in right direction? */ + if ((*state)->rule.ptr->type && + (((*state)->direction == direction) ? + PF_IN : PF_OUT) != icmp_dir) { + if (V_pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: icmp type %d in wrong direction (%d): ", + icmp_dir, pd->dir); + pf_print_state(*state); + printf("\n"); + } + return (PF_DROP); + } + return (-1); +} + static int pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason) { struct pf_addr *saddr = pd->src, *daddr = pd->dst; - u_int16_t icmpid = 0, *icmpsum; + u_int16_t *icmpsum, virtual_id, virtual_type; u_int8_t icmptype, icmpcode; - int state_icmp = 0; + int icmp_dir, iidx, ret, multi; struct pf_state_key_cmp key; +#ifdef INET + u_int16_t icmpid; +#endif + + MPASS(*state == NULL); bzero(&key, sizeof(key)); switch (pd->proto) { @@ -6420,49 +6625,43 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, icmpcode = pd->hdr.icmp.icmp_code; icmpid = pd->hdr.icmp.icmp_id; icmpsum = &pd->hdr.icmp.icmp_cksum; - - if (icmptype == ICMP_UNREACH || - icmptype == ICMP_SOURCEQUENCH || - icmptype == ICMP_REDIRECT || - icmptype == ICMP_TIMXCEED || - icmptype == ICMP_PARAMPROB) - state_icmp++; break; #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: icmptype = pd->hdr.icmp6.icmp6_type; icmpcode = pd->hdr.icmp6.icmp6_code; +#ifdef INET icmpid = pd->hdr.icmp6.icmp6_id; +#endif icmpsum = &pd->hdr.icmp6.icmp6_cksum; - - if (icmptype == ICMP6_DST_UNREACH || - icmptype == ICMP6_PACKET_TOO_BIG || - icmptype == ICMP6_TIME_EXCEEDED || - icmptype == ICMP6_PARAM_PROB) - state_icmp++; break; #endif /* INET6 */ } - if (!state_icmp) { + if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi, + &virtual_id, &virtual_type) == 0) { /* * ICMP query/reply message not related to a TCP/UDP packet. * Search for an ICMP state. */ - key.af = pd->af; - key.proto = pd->proto; - key.port[0] = key.port[1] = icmpid; - if (pd->dir == PF_IN) { /* wire side, straight */ - PF_ACPY(&key.addr[0], pd->src, key.af); - PF_ACPY(&key.addr[1], pd->dst, key.af); - } else { /* stack side, reverse */ - PF_ACPY(&key.addr[1], pd->src, key.af); - PF_ACPY(&key.addr[0], pd->dst, key.af); + ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir, + kif, virtual_id, virtual_type, icmp_dir, &iidx, + PF_ICMP_MULTI_NONE); + if (ret >= 0) { + if (ret == PF_DROP && pd->af == AF_INET6 && + icmp_dir == PF_OUT) { + if (*state != NULL) + PF_STATE_UNLOCK((*state)); + ret = pf_icmp_state_lookup(&key, pd, state, m, + pd->dir, kif, virtual_id, virtual_type, + icmp_dir, &iidx, multi); + if (ret >= 0) + return (ret); + } else + return (ret); } - STATE_LOOKUP(kif, &key, *state, pd); - (*state)->expire = time_uptime; (*state)->timeout = PFTM_ICMP_ERROR_REPLY; @@ -6485,14 +6684,14 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); - if (nk->port[0] != + if (nk->port[iidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( pd->hdr.icmp.icmp_cksum, icmpid, - nk->port[pd->sidx], 0); + nk->port[iidx], 0); pd->hdr.icmp.icmp_id = - nk->port[pd->sidx]; + nk->port[iidx]; } m_copyback(m, off, ICMP_MINLEN, @@ -6857,13 +7056,15 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, return (PF_DROP); } - key.af = pd2.af; - key.proto = IPPROTO_ICMP; - PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af); - PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af); - key.port[0] = key.port[1] = iih.icmp_id; + icmpid = iih.icmp_id; + pf_icmp_mapping(&pd2, iih.icmp_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); - STATE_LOOKUP(kif, &key, *state, pd); + ret = pf_icmp_state_lookup(&key, &pd2, state, m, + pd->dir, kif, virtual_id, virtual_type, + icmp_dir, &iidx, PF_ICMP_MULTI_NONE); + if (ret >= 0) + return (ret); /* translate source/destination address, if necessary */ if ((*state)->key[PF_SK_WIRE] != @@ -6873,21 +7074,23 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - nk->port[pd2.sidx] != iih.icmp_id) - pf_change_icmp(pd2.src, &iih.icmp_id, + (virtual_type == ICMP_ECHO && + nk->port[iidx] != iih.icmp_id)) + pf_change_icmp(pd2.src, + (virtual_type == ICMP_ECHO) ? + &iih.icmp_id : NULL, daddr, &nk->addr[pd2.sidx], - nk->port[pd2.sidx], NULL, + (virtual_type == ICMP_ECHO) ? + nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET); if (PF_ANEQ(pd2.dst, - &nk->addr[pd2.didx], pd2.af) || - nk->port[pd2.didx] != iih.icmp_id) - pf_change_icmp(pd2.dst, &iih.icmp_id, - saddr, &nk->addr[pd2.didx], - nk->port[pd2.didx], NULL, - pd2.ip_sum, icmpsum, - pd->ip_sum, 0, AF_INET); + &nk->addr[pd2.didx], pd2.af)) + pf_change_icmp(pd2.dst, NULL, NULL, + &nk->addr[pd2.didx], 0, NULL, + pd2.ip_sum, icmpsum, pd->ip_sum, 0, + AF_INET); m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp); m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2); @@ -6909,13 +7112,25 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, return (PF_DROP); } - key.af = pd2.af; - key.proto = IPPROTO_ICMPV6; - PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af); - PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af); - key.port[0] = key.port[1] = iih.icmp6_id; - - STATE_LOOKUP(kif, &key, *state, pd); + pf_icmp_mapping(&pd2, iih.icmp6_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); + ret = pf_icmp_state_lookup(&key, &pd2, state, m, + pd->dir, kif, virtual_id, virtual_type, + icmp_dir, &iidx, PF_ICMP_MULTI_NONE); + if (ret >= 0) { + if (ret == PF_DROP && pd->af == AF_INET6 && + icmp_dir == PF_OUT) { + if (*state != NULL) + PF_STATE_UNLOCK((*state)); + ret = pf_icmp_state_lookup(&key, pd, + state, m, pd->dir, kif, + virtual_id, virtual_type, + icmp_dir, &iidx, multi); + if (ret >= 0) + return (ret); + } else + return (ret); + } /* translate source/destination address, if necessary */ if ((*state)->key[PF_SK_WIRE] != @@ -6925,19 +7140,21 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - nk->port[pd2.sidx] != iih.icmp6_id) - pf_change_icmp(pd2.src, &iih.icmp6_id, + ((virtual_type == ICMP6_ECHO_REQUEST) && + nk->port[pd2.sidx] != iih.icmp6_id)) + pf_change_icmp(pd2.src, + (virtual_type == ICMP6_ECHO_REQUEST) + ? &iih.icmp6_id : NULL, daddr, &nk->addr[pd2.sidx], - nk->port[pd2.sidx], NULL, + (virtual_type == ICMP6_ECHO_REQUEST) + ? nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); if (PF_ANEQ(pd2.dst, - &nk->addr[pd2.didx], pd2.af) || - nk->port[pd2.didx] != iih.icmp6_id) - pf_change_icmp(pd2.dst, &iih.icmp6_id, - saddr, &nk->addr[pd2.didx], - nk->port[pd2.didx], NULL, + &nk->addr[pd2.didx], pd2.af)) + pf_change_icmp(pd2.dst, NULL, NULL, + &nk->addr[pd2.didx], 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c index eb3d087e3df6..4fcad7e578a8 100644 --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -225,6 +225,23 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, if (pf_map_addr(af, r, saddr, naddr, NULL, &init_addr, sn)) return (1); + if (proto == IPPROTO_ICMP) { + if (*nport == htons(ICMP_ECHO)) { + low = 1; + high = 65535; + } else + return (0); /* Don't try to modify non-echo ICMP */ + } +#ifdef INET6 + if (proto == IPPROTO_ICMPV6) { + if (*nport == htons(ICMP6_ECHO_REQUEST)) { + low = 1; + high = 65535; + } else + return (0); /* Don't try to modify non-echo ICMP */ + } +#endif /* INET6 */ + bzero(&key, sizeof(key)); key.af = af; key.proto = proto; @@ -633,7 +650,7 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, switch (r->action) { case PF_NAT: if (pd->proto == IPPROTO_ICMP) { - low = 1; + low = 1; high = 65535; } else { low = r->rpool.proxy_port[0]; From nobody Wed Aug 7 13:44:23 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHC6sWbz5S9Lp; Wed, 07 Aug 2024 13:44:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHC4zBFz4hjG; Wed, 7 Aug 2024 13:44:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4Hj/Mz6Gf4oOw9OPqEtJhV/sjTGThYOjpADtP976GI0=; b=vyvVwdl2t5fS2j+bdtMorKaGDpZgVgsCM3on1c37LJyYWCXg8Nz0EilIhNHrspiR0jUm/x xmIjt03+49d5nnXiph4YfhqUS2uvy+EzOWZFx3ak9EkngIZj7HWcBT7DQXiQo9cHOhrI2W q/jpev1XAJBFGBbjB2nZj3OmG0dFrdGemDwKs6hyj0podwKRNaYWcvv3r33N3eeqEoomt/ RoZIqJ3Zh14Uw6LE7NK3FBkJUyvsAbnlgkY0OsuwQP2d5/ngZ0yN8NWhn5sHvbekQZrSjo BhyeWzOeZJ1yR35llGwn2l9hcPCOYOpzDLF5BpeaHhD0WXXT1YxoALfPdD2S6A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038263; a=rsa-sha256; cv=none; b=vuXDuHDSzUUN+95KIT5psIfiD8PwvoP9+xKZJIvHM+Cu/zTI84WpIRSRTWc0rAwGyYBK3B Q+QiFmADB5jqs3/UhW/5LRDmEjGY0JMz6talHFUxawNLSUUOpC7j/8wsw+3+4Qq2sdica+ JfgOAkgSCpXtmOJyYuncdGBOfMDdJzFPLM09Yj6+ZvhmndyBPPWL1a56Kxjiwo1K7sAdcy 9x1oNJnn7BWM9PK7cFeCUdhAzKEMR4fPkDHtFHWcvSCFuqhfsP1HAEbdI48Pax0+gaGbVF sM8f2ItxtmmM5Ae+tO20fZTtNdfYAVEXA09dSMn6DPgCcX+6kj5+1jZ0KDFAyA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4Hj/Mz6Gf4oOw9OPqEtJhV/sjTGThYOjpADtP976GI0=; b=SsiDNwvoXHKL0YT3GnSbf7URtdvDbt9lBmxhDi32gv14zrqsMFKk0iGMezF3omgirkN9KX jFGaQsThs2FDP0hmtZE+4gcIchd3IKkOBix2WrE0tl3w1eWrDNshUMp9iTV3cy38PyXxfb Sj3htKA0i/SGwgPyLPKyjwE4VfLql4W0uzLMxR3aWwk3LeICq0wbrQFZWpj8zPjAqdYMzd vEnMTz6g4cMOb7QS60YUt132CcgPgtWMSGpttCtPUu8NvXWe/I8YfNoMFGvpZlIMExuN6X tEF/KJMZbcSQIWu3iVyX4Z0mudasahcltlq8ugsUp9kTxSpdKKJPgghj+p80HA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHC4NClzsmM; Wed, 7 Aug 2024 13:44:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiNq7033477; Wed, 7 Aug 2024 13:44:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiNMS033474; Wed, 7 Aug 2024 13:44:23 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:23 GMT Message-Id: <202408071344.477DiNMS033474@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: c95f99c0abb3 - releng/14.1 - pf: some ICMP types that also have icmp_id, pointed out by markus@ List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: c95f99c0abb31b4d68f9672aa85a8e248a159f6f Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=c95f99c0abb31b4d68f9672aa85a8e248a159f6f commit c95f99c0abb31b4d68f9672aa85a8e248a159f6f Author: Kristof Provost AuthorDate: 2024-07-10 11:32:03 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:32:00 +0000 pf: some ICMP types that also have icmp_id, pointed out by markus@ ok henning markus Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, mcbride 8c0632cd274b Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit e296b0de9e467b8c5eb853f6cf4c6ea28d4119a2) (cherry picked from commit c5081b8d3918564c1aba5a5e3f0a5219568e3435) --- sys/netpfil/pf/pf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 3212a1443f63..b4c310796cf4 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1766,21 +1766,21 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, *icmp_dir = PF_IN; case ICMP_TSTAMPREPLY: *icmptype = ICMP_TSTAMP; - *icmpid = 0; /* Time is not a secret. */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_IREQ: *icmp_dir = PF_IN; case ICMP_IREQREPLY: *icmptype = ICMP_IREQ; - *icmpid = 0; /* Nothing sane to match on! */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_MASKREQ: *icmp_dir = PF_IN; case ICMP_MASKREPLY: *icmptype = ICMP_MASKREQ; - *icmpid = 0; /* Nothing sane to match on! */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_IPV6_WHEREAREYOU: From nobody Wed Aug 7 13:44:24 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHF0l5pz5S94g; Wed, 07 Aug 2024 13:44:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHD5yfJz4hlh; Wed, 7 Aug 2024 13:44:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038264; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kIdNlB+FDyp881eO+osRCZusZm8p41naOOVeu5Frd/M=; b=n5A0EHDM0uB2+kceiXJ5ieWyVPD7LA+39vtyKGEBqm+7DFVfp+vCLVevMZuTPwaf3tnGRp QtJjgYLybkGST1amAdLwNhscC12HS6kveTXi9Ssyt7KLgyUKSaPIC7YlqmmFTaDefcWpnL mNZxpnXYSpiWxJpdYCNOZD2dCoVLEhIXRqhOijGR5cnFQYUCYVxfHS6pqvvpx59cqYAtGr vMe2ZPMbVrQZNvePb5AzogrHjnPfTROkfbwpKty3RdOcl/OrRrgmS4PNgj4MOf5LURfET0 E3uTyCFAHXu2L9f5n87niXORSaxQ48LKZoxGVOcXXhqZfUexYuW06Pq96I6zXQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038264; a=rsa-sha256; cv=none; b=GddZEckuSdmEFjJysgIl8jvNOTqvmcfqFVwlYuLZZIHnuTcDaon9PLTLU3TMcaPK61gQ6x bVtipFX6I0q2wKM4qRj9okT5Za1EbjLF/X5MXeKz+y5E3vZqilnlV7rjv/XLBFZurRkKlU hJma9bjFvKZhXN40vsnjXzKybHj8wka1wImY6fU7FTU5XJNmrmHWVZ0ePkJAcylVyFsONG uu2lLs5lMZabAIRnHqOHMZyR459nv1FaihC+65eBMNnPwv+WEwQyXJHmV2u2fX0hfy++M5 Cxbbd+sV7NAUD3Q6X0DivTC6g1x00CWb7a2iM6VvsqyQDfpM3WoGcJLgn8EU4w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038264; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kIdNlB+FDyp881eO+osRCZusZm8p41naOOVeu5Frd/M=; b=EryOw9CoQTltqH1i4Tg5Cu9Uunr5yFr0SxCQQqUs784Yqcg+xwWq7eU6GHjQGylfzBhTru lihSUX8cOeaYjFXlqIAaD7W5rS1LU8Jmvsk5NmAz+5b1vrhZHpGqQ9tEg8U2l/4oVlZ2FL Y+BwlzujTOxDAQs6CtQ+GCuAiWcrC/qRs/Br3l6iHzLk5q96JbY3Djw3sren5lCSJfHa9p zJns5jGloqTQ9lQPzluBFdJjL2W4DHnraQZ19wRLWqmqmDTDYZBD+lLdtTM3H9sDErpeLX JEfCzNRs2T0OotWC5MCy4oWSZ+tKD92m8WbGL2YSq74vYYNLuYUCYG3DpyLDDQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHD5LTfzsV7; Wed, 7 Aug 2024 13:44:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiOEj033527; Wed, 7 Aug 2024 13:44:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiOC4033524; Wed, 7 Aug 2024 13:44:24 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:24 GMT Message-Id: <202408071344.477DiOC4033524@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 6979b4db10b8 - releng/14.1 - pf: split ICMP/ICMPv6 number space in pf_icmp_mapping() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: 6979b4db10b8c438e0afdf8b05069e6d3057102a Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=6979b4db10b8c438e0afdf8b05069e6d3057102a commit 6979b4db10b8c438e0afdf8b05069e6d3057102a Author: Kristof Provost AuthorDate: 2024-07-10 12:10:50 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:32:12 +0000 pf: split ICMP/ICMPv6 number space in pf_icmp_mapping() In pf_icmp_mapping() the ICMP and ICMPv6 types shared the same number space. In fact they are independent and must be handled separately. Fix traceroute via pf by splitting pf_icmp_mapping() into IPv4 and IPv6 sections. ok henning@ mcbride@; tested mcbride@; sure deraadt@ Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, bluhm ef4bccd7509e Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 46755f52247bd34a7f013d6844ed0c673ac0defc) (cherry picked from commit 7f77305a5ba421f901cf3ac59a6449a70645fda4) --- sys/netpfil/pf/pf.c | 247 ++++++++++++++++++++++++++++------------------------ 1 file changed, 135 insertions(+), 112 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index b4c310796cf4..275c29d20fd5 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1744,7 +1744,7 @@ pf_isforlocal(struct mbuf *m, int af) int pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, - int *icmp_dir, int *multi, u_int16_t *icmpid, u_int16_t *icmptype) + int *icmp_dir, int *multi, u_int16_t *virtual_id, u_int16_t *virtual_type) { /* * ICMP types marked with PF_OUT are typically responses to @@ -1754,128 +1754,151 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, *icmp_dir = PF_OUT; *multi = PF_ICMP_MULTI_LINK; /* Queries (and responses) */ - switch (type) { - case ICMP_ECHO: - *icmp_dir = PF_IN; - case ICMP_ECHOREPLY: - *icmptype = ICMP_ECHO; - *icmpid = pd->hdr.icmp.icmp_id; - break; + switch (pd->af) { +#ifdef INET + case AF_INET: + switch (type) { + case ICMP_ECHO: + *icmp_dir = PF_IN; + case ICMP_ECHOREPLY: + *virtual_type = ICMP_ECHO; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_TSTAMP: - *icmp_dir = PF_IN; - case ICMP_TSTAMPREPLY: - *icmptype = ICMP_TSTAMP; - *icmpid = pd->hdr.icmp.icmp_id; - break; + case ICMP_TSTAMP: + *icmp_dir = PF_IN; + case ICMP_TSTAMPREPLY: + *virtual_type = ICMP_TSTAMP; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_IREQ: - *icmp_dir = PF_IN; - case ICMP_IREQREPLY: - *icmptype = ICMP_IREQ; - *icmpid = pd->hdr.icmp.icmp_id; - break; + case ICMP_IREQ: + *icmp_dir = PF_IN; + case ICMP_IREQREPLY: + *virtual_type = ICMP_IREQ; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_MASKREQ: - *icmp_dir = PF_IN; - case ICMP_MASKREPLY: - *icmptype = ICMP_MASKREQ; - *icmpid = pd->hdr.icmp.icmp_id; - break; + case ICMP_MASKREQ: + *icmp_dir = PF_IN; + case ICMP_MASKREPLY: + *virtual_type = ICMP_MASKREQ; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_IPV6_WHEREAREYOU: - *icmp_dir = PF_IN; - case ICMP_IPV6_IAMHERE: - *icmptype = ICMP_IPV6_WHEREAREYOU; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ICMP_IPV6_WHEREAREYOU: + *icmp_dir = PF_IN; + case ICMP_IPV6_IAMHERE: + *virtual_type = ICMP_IPV6_WHEREAREYOU; + *virtual_id = 0; /* Nothing sane to match on! */ + break; - case ICMP_MOBILE_REGREQUEST: - *icmp_dir = PF_IN; - case ICMP_MOBILE_REGREPLY: - *icmptype = ICMP_MOBILE_REGREQUEST; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ICMP_MOBILE_REGREQUEST: + *icmp_dir = PF_IN; + case ICMP_MOBILE_REGREPLY: + *virtual_type = ICMP_MOBILE_REGREQUEST; + *virtual_id = 0; /* Nothing sane to match on! */ + break; - case ICMP_ROUTERSOLICIT: - *icmp_dir = PF_IN; - case ICMP_ROUTERADVERT: - *icmptype = ICMP_ROUTERSOLICIT; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ICMP_ROUTERSOLICIT: + *icmp_dir = PF_IN; + case ICMP_ROUTERADVERT: + *virtual_type = ICMP_ROUTERSOLICIT; + *virtual_id = 0; /* Nothing sane to match on! */ + break; -#ifdef INET6 - case ICMP6_ECHO_REQUEST: - *icmp_dir = PF_IN; - case ICMP6_ECHO_REPLY: - *icmptype = ICMP6_ECHO_REQUEST; - *icmpid = pd->hdr.icmp6.icmp6_id; - break; + /* These ICMP types map to other connections */ + case ICMP_UNREACH: + case ICMP_SOURCEQUENCH: + case ICMP_REDIRECT: + case ICMP_TIMXCEED: + case ICMP_PARAMPROB: + /* These will not be used, but set them anyway */ + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + HTONS(*virtual_type); + return (1); /* These types match to another state */ - case MLD_LISTENER_QUERY: - *icmp_dir = PF_IN; - case MLD_LISTENER_REPORT: { - *icmptype = MLD_LISTENER_QUERY; - *icmpid = 0; + /* + * All remaining ICMP types get their own states, + * and will only match in one direction. + */ + default: + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + break; + } break; - } +#endif /* INET */ +#ifdef INET6 + case AF_INET6: + switch (type) { + case ICMP6_ECHO_REQUEST: + *icmp_dir = PF_IN; + case ICMP6_ECHO_REPLY: + *virtual_type = ICMP6_ECHO_REQUEST; + *virtual_id = pd->hdr.icmp6.icmp6_id; + break; - /* ICMP6_FQDN and ICMP6_NI query/reply are the same type as ICMP6_WRU */ - case ICMP6_WRUREQUEST: - *icmp_dir = PF_IN; - case ICMP6_WRUREPLY: - *icmptype = ICMP6_WRUREQUEST; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case MLD_LISTENER_QUERY: + *icmp_dir = PF_IN; + case MLD_LISTENER_REPORT: { + *virtual_type = MLD_LISTENER_QUERY; + *virtual_id = 0; + break; + } + case MLD_MTRACE: + *icmp_dir = PF_IN; + case MLD_MTRACE_RESP: + *virtual_type = MLD_MTRACE; + *virtual_id = 0; /* Nothing sane to match on! */ + break; - case MLD_MTRACE: - *icmp_dir = PF_IN; - case MLD_MTRACE_RESP: - *icmptype = MLD_MTRACE; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ND_NEIGHBOR_SOLICIT: + *icmp_dir = PF_IN; + case ND_NEIGHBOR_ADVERT: { + *virtual_type = ND_NEIGHBOR_SOLICIT; + *virtual_id = 0; + break; + } - case ND_NEIGHBOR_SOLICIT: - *icmp_dir = PF_IN; - case ND_NEIGHBOR_ADVERT: { - *icmptype = ND_NEIGHBOR_SOLICIT; - *multi = PF_ICMP_MULTI_SOLICITED; - *icmpid = 0; + /* + * These ICMP types map to other connections. + * ND_REDIRECT can't be in this list because the triggering + * packet header is optional. + */ + case ICMP6_DST_UNREACH: + case ICMP6_PACKET_TOO_BIG: + case ICMP6_TIME_EXCEEDED: + case ICMP6_PARAM_PROB: + /* These will not be used, but set them anyway */ + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + HTONS(*virtual_type); + return (1); /* These types match to another state */ + /* + * All remaining ICMP6 types get their own states, + * and will only match in one direction. + */ + default: + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + break; + } break; - } - #endif /* INET6 */ - /* These ICMP types map to other connections */ - case ICMP_UNREACH: - case ICMP_SOURCEQUENCH: - case ICMP_REDIRECT: - case ICMP_TIMXCEED: - case ICMP_PARAMPROB: -#ifdef INET6 - /* - * ICMP6_TIME_EXCEEDED is the same type as ICMP_UNREACH - * ND_REDIRECT can't be in this list because the triggering packet - * header is optional. - */ - case ICMP6_PACKET_TOO_BIG: -#endif /* INET6 */ - /* These will not be used, but set them anyways */ - *icmp_dir = PF_IN; - *icmptype = htons(type); - *icmpid = 0; - return (1); /* These types are matched to other state */ - /* - * All remaining ICMP types get their own states, - * and will only match in one direction. - */ default: *icmp_dir = PF_IN; - *icmptype = type; - *icmpid = 0; + *virtual_type = type; + *virtual_id = 0; break; } - HTONS(*icmptype); - return (0); + HTONS(*virtual_type); + return (0); /* These types match to their own state */ } void @@ -4708,7 +4731,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, pf_change_a(&daddr->v4.s_addr, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); - if (virtual_type == ICMP_ECHO && + if (virtual_type == htons(ICMP_ECHO) && nk->port[pd->sidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( pd->hdr.icmp.icmp_cksum, sport, @@ -7074,13 +7097,13 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - (virtual_type == ICMP_ECHO && + (virtual_type == htons(ICMP_ECHO) && nk->port[iidx] != iih.icmp_id)) pf_change_icmp(pd2.src, - (virtual_type == ICMP_ECHO) ? + (virtual_type == htons(ICMP_ECHO)) ? &iih.icmp_id : NULL, daddr, &nk->addr[pd2.sidx], - (virtual_type == ICMP_ECHO) ? + (virtual_type == htons(ICMP_ECHO)) ? nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET); @@ -7140,13 +7163,13 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - ((virtual_type == ICMP6_ECHO_REQUEST) && + ((virtual_type == htons(ICMP6_ECHO_REQUEST)) && nk->port[pd2.sidx] != iih.icmp6_id)) pf_change_icmp(pd2.src, - (virtual_type == ICMP6_ECHO_REQUEST) + (virtual_type == htons(ICMP6_ECHO_REQUEST)) ? &iih.icmp6_id : NULL, daddr, &nk->addr[pd2.sidx], - (virtual_type == ICMP6_ECHO_REQUEST) + (virtual_type == htons(ICMP6_ECHO_REQUEST)) ? nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); From nobody Wed Aug 7 13:44:25 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHG0h9Pz5S99L; Wed, 07 Aug 2024 13:44:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHF6bmjz4hpN; Wed, 7 Aug 2024 13:44:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038265; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hUsbUhBHNMVDoFafG2JK366kk0uN+9VCNkihdJGuZU4=; b=bnsXlTUOSjonsjYiP4X4ef+5PjAO/atKgHB2PwnRGNNHvfmZj9W7dOe+d7/ESQJhdO+boI u/T2hBjYcJiKmTDfDkSjOpS67oASL8MlExo/lbceyi4uGhpM/LkJP3d2n0mKF/xZWQmUyi /ECO8WIVz4o1ZknIosbq/Uybx3RNEVZWgt2XViGmos0F52v2LV49aN92pPAV5jz0AwzHBq F0bhEAMoqHDb5PWRumULDB9tfUFG3Gfqk9NCnr28VVEAHMN9LAjqODAz/NWYt6XUOR3RDg DFDdGecJslzJ6vw1vLFqKAKvufm/YJR4nH+fY+oB3fkoIe+h0yXhaym4I/AR2Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038265; a=rsa-sha256; cv=none; b=jvJngcToqIARIY9YLE32ma0x6BHzu7sncW1En5WPOf2OoQXLBt+R/cenj3Ou3oVLcFN0/S ZB1c+OfLZfQxYa5ofi6GOFy1N1o7FBat2nY2ROGvzKvVtmP3ms+do+QSdQe4mc7fce67q2 I/hnmN8FHsrR6gUzFJ7si5Q0K1nFfiChDymqWfXyehDxRKz0UjiecyX1sYZhzguzkxBpy1 5i4lhFvsP/8es2Y7bXvmwg9NLHA6bCUvxLFRSZelWkckT0QmYyu95htKeKXzqv4f6aLT2o 75OPVHNF9nj0XQ6GFLHha1b3lIG9yCh8W97I/BwQFWgHn9+JVl7RfbcQPRLhcA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038265; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hUsbUhBHNMVDoFafG2JK366kk0uN+9VCNkihdJGuZU4=; b=pRUqNTw0xFIh2nKsrXvt80M5IonKb6Pbi9wiN4UUolXmr0ewgD6NOv8EvowP6t5bXxBtZo XXWxRw3oa8WlAuTtmI4M+Aoczkw2YqYSqTCr7vCTGHOjIbxIpNN5PrmehbZPEl1qxg+Xzi QdeBOmOAIyrmvScexZWVsDOJtkuybSVEjlAigtCx0HwxnML/9lrTsSO+0uzwVI5nMXEA4i FteTdqnnamvTFa2C5bRhx7kJ0l/4/NSCUxcv6otmVmDWBgMUfMXWsqyvWv1WETHEk6FGRU jdC0Hvx2GOoNDw1nB1i/ddwWUwqHqUhA8WawlsdGdFefyuaQCw0ag/wXxutd2Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHF6676zsV8; Wed, 7 Aug 2024 13:44:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiPvt033581; Wed, 7 Aug 2024 13:44:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiPiY033578; Wed, 7 Aug 2024 13:44:25 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:25 GMT Message-Id: <202408071344.477DiPiY033578@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: a66d33fcf334 - releng/14.1 - pf: allow MLD LR to be sent without state List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: a66d33fcf334ec0b8f5a13575f9788b269f4a3fa Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=a66d33fcf334ec0b8f5a13575f9788b269f4a3fa commit a66d33fcf334ec0b8f5a13575f9788b269f4a3fa Author: Kristof Provost AuthorDate: 2024-07-10 12:36:18 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:32:20 +0000 pf: allow MLD LR to be sent without state Change PF behavior to allow MLD Listener Report packets to be sent without needing a previously created state by MLD Listener Query. It wasn't working because: (1) you might not have a previous MLD Listener Query and (2) the addresses of the Query and Report don't match. ok mikeb@, sashan@ Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, rzalamena , 5c526dbdb0f2 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 1afe4da75d1d2acd33b25eea942af28aa41c82c2) (cherry picked from commit 3382c691dc6a0d4e1f39ff67b5507f6542972498) --- sys/netpfil/pf/pf.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 275c29d20fd5..1cc85edfe3dc 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1843,8 +1843,15 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, break; case MLD_LISTENER_QUERY: - *icmp_dir = PF_IN; case MLD_LISTENER_REPORT: { + /* + * Listener Report can be sent by clients + * without an associated Listener Query. + * In addition to that, when Report is sent as a + * reply to a Query its source and destination + * address are different. + */ + *icmp_dir = PF_IN; *virtual_type = MLD_LISTENER_QUERY; *virtual_id = 0; break; From nobody Wed Aug 7 13:44:26 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHH27p3z5S97V; Wed, 07 Aug 2024 13:44:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHH0hlLz4hm4; Wed, 7 Aug 2024 13:44:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OOKkTYTddnrAE/+9BpzUQI2C2LheFb36kZCwEvrw8Ho=; b=FcAbwgZg0WbUVvyg0B6lN0FcFU86eTbO5ci2Z+NsIT+Fkt3x3xiKOToj74Ybq0WquaeDuA 6cb03TsnWruKfUmnUOWMj/z4D38pmNtWL7xTbY/NY2f29P8erAE89bUi2Qg0/MQTvP/V/T D5TGJ+uAZBKxssGzpRV6TBGW2GiLXar5HFUn2El1yID0JiqYZTFlgYsTge5MjibNCOyHjY 4erOYGs783pdgRI3p1kSMQjn6q4NsgFXsQsGUK1M1xiPycdXhR5s+1sEBUM5SovU97+u2S awz8EH0cFh7Hndlh99naGPWM3xH0IyEKDUlkHumYVGSLqGFr2x5SSX7ZDHwFsg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038267; a=rsa-sha256; cv=none; b=ALg3A9nL297kXYVewqyb7onwCuZoII1cpMFxujZnlCqqN0wNY201wToOXuMGEMu8pAzgDS gujW1K8ooxtCSBqawUm2uR0AbVmilEFIlbqkgZwdjUx2yxR1zqAa1HNm7KDRf0UPhK171P LnOIqnXEOOWNVNpnuqAHT6ns0YTPD3F+CQKBnrX7z5Sb3ELMAbBOdRm1EjI7O/eIVH9Yry 9gBXJ0gVP3qzOGhwT0wTtjZq9LqC1fw+aYamUA1JM98t7s7tHWBtkRNou9WumRbAUwSDJi PH19RsISXXViVJPW2XDCAl2c8cA0NB4TIOL6F1m8WTG5hfLJR+4yZOGwwEBoqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OOKkTYTddnrAE/+9BpzUQI2C2LheFb36kZCwEvrw8Ho=; b=OJ1t2O85snELnDcb/BlMDeoPZnUORK978FfNTrNXXpLuabh4n3Rek1mLOOnEfAWoXSv8/v bfk/fUcSX+A5PqdalwnTMYBhkRZQVkdXgVxktJUQuUunLlnh+2uVxAQsjYUwGID2Z8o/hv 57qjXMuqyEKEBn1UvalzilA5oPmvkeXHMXbgLYCRHGjr7grY/GNyZoP6aXJjMCzJjf6Fp5 RMwghkxdZb1IrKDLpLjVt3FPncVW/nC4V84OeZtIwS81AoKg0eBABzX3kKhr4g4gfE1y8T WGzEOho+JI7qG24OK1QP8dQzfBtnmHib1BAy42Zbure5OZOg7z1F+TsclevpdA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHH0K17zsgf; Wed, 7 Aug 2024 13:44:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiQqN033626; Wed, 7 Aug 2024 13:44:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiQIA033623; Wed, 7 Aug 2024 13:44:26 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:26 GMT Message-Id: <202408071344.477DiQIA033623@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 450425089212 - releng/14.1 - sshd: remove blacklist call from grace_alarm_timer List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: 4504250892124d6282ca931dd5f612afb8b799f6 Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=4504250892124d6282ca931dd5f612afb8b799f6 commit 4504250892124d6282ca931dd5f612afb8b799f6 Author: Ed Maste AuthorDate: 2024-08-01 00:04:46 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:32:25 +0000 sshd: remove blacklist call from grace_alarm_timer Under certain circumstances it may call log(3), which is not async- signal-safe. For now just remove the blacklist integration from this path, which means that blacklistd will not detect and firewall hosts that establish a connection but do nothing further. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46203 (cherry picked from commit 2739a6845031e69be7c03461a9335d8bbb9f59bd) (cherry picked from commit 3d3bae9b95388169d396adc8007585699c5a23e0) Approved by: so Security: FreeBSD-SA-24:08.openssh Security: CVE-2024-7589 (cherry picked from commit 73466449a9bf1888147c53d622236cebc0aa591b) --- crypto/openssh/sshd.c | 2 -- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 0c83e0ea468e..889f2056bc75 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -377,8 +377,6 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } - BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, "ssh"); - /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", ssh_remote_ipaddr(the_active_state), diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index a06f8fcc13d1..7f559775e3b3 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240318 +#VersionAddendum FreeBSD-20240806 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 0715b1f9d581..4de510ac8795 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1944,7 +1944,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240318 . +.Qq FreeBSD-20240806 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 836b5650b247..82be0be8498f 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240701" +#define SSH_VERSION_FREEBSD "FreeBSD-20240806" From nobody Wed Aug 7 13:44:28 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHJ3HM3z5S9L4; Wed, 07 Aug 2024 13:44:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHJ1bH6z4hyv; Wed, 7 Aug 2024 13:44:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038268; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rb+M5nWNd3cr3MVEa2z6uLURyPWk4yMVVaXqdwnQ2Yg=; b=KkzmTNnSGhcRhJ0irC7ef6FMTZKipfeictUMTMfXkrvhA68HHHjAxd/bFRMO4QQkOcNvWJ +WYrkOHZI4kI14nZokHG5ovqXN/exp3FOH8kPxytTktPgXU2qgdRs4O/HnxH8DXw+7GCDB TmXX9aHJYvaBVAqnX93RGBlR9xgltK0m5JyS0MuiARV9uchcdLfm7RBcYM2Ht/qiOhO9i4 Aksfizo3SvrZA89X0RU9rmYEnPx9l1plqZnIYfqhdMP6HoVGDem+clZmijXC7vkwbZjN/S BHszF+RijcOZ0nY3wt8rd02SB04jQPndOzCCOYIvQzZn9OG82I6tU6CKjRkZyA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038268; a=rsa-sha256; cv=none; b=oTyFBumbldCvyo29p0cdqKulzWLyu+DYW3XFmcJ0be6qSj+symSnlVskdUnY+8HDvasDpN PRzu1zu8o8GBvahjUwnf83ccv0kLpyM1zg9T/QexbppIti9i0hRNsZ3B4x2sw3J/gueUMT ijvQdEJE2ck24df+5OPGlEz32MUvFZmG6hWgGuebBt2RSpfOOJpeSa0CG89Uet+RRNM1Sp fXxgqhcIou/oaXb6q3SxsJtkxHmCQJqkuG4/vbSGbfGe/ylDQqHGC7MoxTP3ifp7NJ4ySA wBTMW5vA58is6e4MUYZSW3PL7ooXfdFj4pn+ppe5NSJf+UVdc5I0wZ47ywnz5A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038268; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rb+M5nWNd3cr3MVEa2z6uLURyPWk4yMVVaXqdwnQ2Yg=; b=AZujMzNLBBedsABVH0H1ub7E8BevUbt/LTpTRzY5K9Xso8chB9WHh5VZ+Bs3MqlycoamIE zgGbgz33UwScCNnPxI+H/kOMENtzubDUUS+tCtva6N9iUrUK4Y/HBmVaTI3/zqqpLXNyhl b89of6ey8i/SIszk3GztSEsMsmagQy/qyJX+Xgy85WmWr9FDUpAeW0ijB0011U2yJpyxlZ hkNoA3tOZqQNLc/jx3h8kr1qc8i2K5/4EUx+NtrjAPedHN4t9UpaYRTySQ8DwPrNd+26mW fkXbltD9CzssdiTj13B0IkcaT5EGXdnJUts2CnEKIkd+bqecDJJ9qWY+hYzn0Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHJ0hzkzsmN; Wed, 7 Aug 2024 13:44:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiSDF033672; Wed, 7 Aug 2024 13:44:28 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiSlx033669; Wed, 7 Aug 2024 13:44:28 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:28 GMT Message-Id: <202408071344.477DiSlx033669@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: b9115dba07e8 - releng/14.1 - ifconfig: Fix default netmask calculation List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: b9115dba07e8e7035cb54a7eb319e7166c59c7a4 Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b9115dba07e8e7035cb54a7eb319e7166c59c7a4 commit b9115dba07e8e7035cb54a7eb319e7166c59c7a4 Author: Michael Gmelin AuthorDate: 2024-06-12 16:11:52 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:32:56 +0000 ifconfig: Fix default netmask calculation Approved by: so Security: FreeBSD-EN-24:14.ifconfig Reported by: phk Reviewed by: emaste, kp MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D45570 (cherry picked from commit 8a9f0fa42b1c6cffd45459bb552e138083b00369) (cherry picked from commit 048ad7a9ef9fe15368ff287db5c705c8163f4e1c) --- sbin/ifconfig/af_inet.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sbin/ifconfig/af_inet.c b/sbin/ifconfig/af_inet.c index 5e3084165b33..e21956cfc4fd 100644 --- a/sbin/ifconfig/af_inet.c +++ b/sbin/ifconfig/af_inet.c @@ -440,7 +440,7 @@ in_exec_nl(if_ctx *ctx, unsigned long action, void *data) static void in_setdefaultmask_nl(void) { - struct in_px *px = sintab_nl[ADDR]; + struct in_px *px = sintab_nl[ADDR]; in_addr_t i = ntohl(px->addr.s_addr); @@ -451,11 +451,11 @@ in_setdefaultmask_nl(void) * we should return an error rather than warning. */ if (IN_CLASSA(i)) - px->plen = IN_CLASSA_NSHIFT; + px->plen = 32 - IN_CLASSA_NSHIFT; else if (IN_CLASSB(i)) - px->plen = IN_CLASSB_NSHIFT; + px->plen = 32 - IN_CLASSB_NSHIFT; else - px->plen = IN_CLASSC_NSHIFT; + px->plen = 32 - IN_CLASSC_NSHIFT; px->maskset = true; } #endif From nobody Wed Aug 7 13:44:29 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHK4NFvz5S8rD; Wed, 07 Aug 2024 13:44:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHK2NkYz4j7P; Wed, 7 Aug 2024 13:44:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038269; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Xzh6jFuZZRZSLSQ9oX32EHeZNPMm+nWDIkaQfQl7L5s=; b=CLxTu7H0f5RrjwL1n59gbiQw6pkQUOTOApG9KJX/mN+MN3ajS6RKfmwy4cHGn8WDaaUff5 fHYFobCvQs9Rd0dznDhtW1oCGhAMBJQMHs5NBmRtQ2FwPU/Vuf8Eld85dybZ4PXByP7yrV h++1db07U0SesXUokR8JBACC8n/rWXCTIDGgmQSqNAAJgcjPl3y1ltqVCh6Rdk0/io063A RKHmv9I4tZgCulDNFdh8SImVpxSxTGK6mjH//Er5ITpbyT/lz8ygu8qOWPXAsDG+wognOm 798BAL77rtq9IMMATiKd4dwCPEXqZwdgUDnpJmz1TRK1WRp5Yg300f5LqRTZLg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038269; a=rsa-sha256; cv=none; b=rgb0rl0n84ReR5Yhz9t0fWr5jJAgsL3oyciPbPs5Z7mw3y3zVNagU+3vs7PGvdP5chTrSo 4b324v43/kIGKM8CD0MlbCOhRK5cSGB2P/D43DNiNyilsnymraF7I2vFQ8m3rix+x8nCO4 vgaehzW16szqCX4DTPblxNIxwA0C43zJDfoBiUw6g9anky1rKXzEZPvMHMI/XDkpAFNt7U pRbjszlOvSNRyhq3l+VL1lA7iJiImarqiRguhZm8KrneHYC8zuttUWvEIXK9gfmVT90clZ +6XRnrcP7xv+PjIur/w6ERLaqr/QPBZTp5KslytiYMa3H4r9qhof3Y0C1rTvLA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038269; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Xzh6jFuZZRZSLSQ9oX32EHeZNPMm+nWDIkaQfQl7L5s=; b=UB2aPmuTLf2O5bArgoKZBU8kfYg+XaPpazDEPE46E33ygKlI25N2OuhHfU8js+7dPM/RV2 VZ9CPW+vMF5tC3JmgSFfgL8CKg6tdBCTmP+kYqRdK+wLyCC/ypZ1EUSfTtrKhfVVtNesdE yQAbQ1ubwH13Cg8JdP2Vb9CS/r0yIoQkhFDKKi+pOeaaGixeXD8ruC4Kk5YUtPdbN3hSrX fwoFGIKnlaALHSnGWJdizA3XXoQm8Ft4yDJ7js6AgSRmUO31Occim08Hjn7DJvau7Erzmp oRgFGclGJcVWjXbAxPy9eaIrCyfp14IlvzhEgU6fm18Gtv3NvWBjCf25gql1gA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHK1xbVzsjQ; Wed, 7 Aug 2024 13:44:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiTMf033720; Wed, 7 Aug 2024 13:44:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiT9U033717; Wed, 7 Aug 2024 13:44:29 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:29 GMT Message-Id: <202408071344.477DiT9U033717@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 22d04990cee5 - releng/14.1 - ktrace: Fix an inverted privilege check List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: 22d04990cee5af5455490391ec386e8af3d368e5 Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=22d04990cee5af5455490391ec386e8af3d368e5 commit 22d04990cee5af5455490391ec386e8af3d368e5 Author: Mark Johnston AuthorDate: 2024-08-07 13:38:54 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:43:27 +0000 ktrace: Fix an inverted privilege check Approved by: so Security: FreeBSD-SA-24:06.ktrace Security: CVE-2024-6760 Fixes: 1762f674ccb5 ("ktrace: pack all ktrace parameters into allocated structure ktr_io_params") (cherry picked from commit 166b7573b5220aadf8b02a85933c9651b909b309) (cherry picked from commit 8b400c8488f0b9e67ae269f6d8e5022a3bc7d854) --- sys/kern/kern_ktrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 4c1936edc301..c7ba8896506d 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -593,7 +593,7 @@ ktrprocexec(struct proc *p) PROC_LOCK_ASSERT(p, MA_OWNED); kiop = p->p_ktrioparms; - if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED)) + if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED) == 0) return (NULL); mtx_lock(&ktrace_mtx); From nobody Wed Aug 7 13:44:30 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHM0rhfz5S8tm; Wed, 07 Aug 2024 13:44:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHL39B7z4j5F; Wed, 7 Aug 2024 13:44:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038270; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lxNpP3mlOYhsGNp+2mfsFg43RK43doC+buvYO8zUYSI=; b=bXk4+mxcJQnC8cL6zGjbmVOe71nQBbv2ICHGP1hJUQjBGHM+nsjutxptj/WgRS4BPdq+Tg 7m59o1GJsB9vew5mbrGow4clYvMoNNH+taNufVpsHGqZffLRkNMb9NkLj/wPxQI1IjZRgY pZV1ymAuJCMh85Gkn6V1qR2HZqPzIy1kW8t8kNNpoR8wJjHGTLlxV2cssmM1CsE0WLcR0k 5eJwS9bu9Ne4rRoErTA070BofoNXMFeTlYEz9+w/3Q0ktZjMDlQfc/3VCXsSfUsv1qBsx1 IGI/PGCFrsCZR7PYmMMOThWcsKC1OM4X+AaWAfCLfOmO+/UHNOyEdN7Y5Ov1PA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038270; a=rsa-sha256; cv=none; b=dNVfcHU+Hzhma15+b7nskgpPYZb5Ra2uMJxFS6G9pw1bySa212WkI3fo7rJoBIBxRcj8Pz XDUb/uaR4VhsHbX/JBcUmflWqfCA+/tll+undF6fg8A4e6yD7rnDUZq5YxrhkEUPJGn3va 5tKlh+jD6cbj28ISLKiFvxh2rJQg78E+sTgZJJjJONP/ujnwyBRM7owIwG/oA4HtATjjGQ bE/q6Lbc55MwbQdVGsUnqyKvGtCAe1PyvMOyCVvzczc7cYAjMMGF166jgKhYuboszzcy6i S1kGhmuTBZDrGKcGwLAvf4L0RMIyDopx6szY17isjuORsZvnU3hJXO7XwXGBAw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038270; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lxNpP3mlOYhsGNp+2mfsFg43RK43doC+buvYO8zUYSI=; b=nadChJ7aKaA8fGbXZK2rHcdqrexitfstIeJVhWpdc6L46tYxy9WaM/sJIT9Uw0yWJT2DCk /jGS6DjPcfaZDWYjzv9Jh3o/5NKPTgRjH9cUGVU2gKrvMkVwwL1fuTDViPfrK/z38GAWND 5lXfWuEXXdN06GiWeTWAN1EAClkO3S+KZjf4xsagORKIOTH0QkYBHNG2WOi2gjqXSWatcR dBgskcqOk1ozQP2cqpbaNaO+e7oaKYogVHqu6CBi7H3+pZ5gfPnZA8dYitYbNCCGpDmfjV h/aNzAosNQi748+KXYW1GAF26lrEr0MalVW3Y8cs+aMf6gRHJSdCUi+sZ6jKKw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHL2n2szsjR; Wed, 7 Aug 2024 13:44:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiUnu033771; Wed, 7 Aug 2024 13:44:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiUBG033768; Wed, 7 Aug 2024 13:44:30 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:30 GMT Message-Id: <202408071344.477DiUBG033768@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 1a207e5cdf99 - releng/14.1 - Add UPDATING entries and bump the branch version List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: 1a207e5cdf997bd5a04e020d26039844a0c1294f Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=1a207e5cdf997bd5a04e020d26039844a0c1294f commit 1a207e5cdf997bd5a04e020d26039844a0c1294f Author: Mark Johnston AuthorDate: 2024-08-06 22:39:32 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:43:30 +0000 Add UPDATING entries and bump the branch version Approved by: so --- UPDATING | 17 +++++++++++++++++ sys/conf/newvers.sh | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 34b099e2fe73..abdee5182989 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,23 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20240807: + 14.1-RELEASE-p3 EN-24:14.ifconfig + SA-24:05.pf + SA-24:06.ktrace + SA-24:07.nfsclient + SA-24:08.openssh + + Incorrect ifconfig netmask assignment [EN-24:14.ifconfig] + + pf incorrectly matches different ICMPv6 states in the state table [SA-24:05.pf] + + ktrace(2) fails to detach when executing a setuid binary [SA-24:06.ktrace] + + NFS client accepts file names containing path separators [SA-24:07.nfsclient] + + OpenSSH pre-authentication async signal safety issue [SA-24:08.openssh] + 20240701: 14.1-RELEASE-p2 SA-24:04.openssh diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index ba482a7931d2..ce03fb4fb9fa 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="14.1" -BRANCH="RELEASE-p2" +BRANCH="RELEASE-p3" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Wed Aug 7 13:44:39 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHX19TLz5S99d; Wed, 07 Aug 2024 13:44:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHW6HlTz4jQY; Wed, 7 Aug 2024 13:44:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038279; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bvsv/o9mhKwWa9RMV8W7LHE+DILHbD58Sk+w373GdkM=; b=X0M0mqPYhT7DjC/y5iuM6TnqYNNVrNCInNLRyFkSzA5YkZDSDqZRglgR0BP+9DwOjUducm wUR8zP44e69eVw45Nw+9DaRflMMZipPxwGaWBAQptU3ZZD0L8Wa9hVWYcYJurLvzhfSlqV lwBlKnTIeBFXKQfoPP9PE9m0WIy/vhOk/k+Vin8OTlXh3nb5oBd0z3Qp0KU/Pbv6J77pw6 KbKBnmtDEGajyFj7oJM2Kx6rzcdESBLgATZK0k8Pu2IY8K/GqZ4k7U5UOsdbTShewkU5DK PD+W1ilK7PtAiKOg8rq+hmRn11UDTgUCL/75DBGzkSFNYutI9D/mFSctN5grOw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038279; a=rsa-sha256; cv=none; b=BmHtyOYffrF9YaT2+wDJdp2o6ZZoeEiNZwSIhN3m0asBjR/VcxKUl31z158aX5bkE3jtis 0zuvsXPPF+0v1zEx4P1FfMSTmSSC6iDqm4eGPFCcq2XWYrspmJzfA8RWvenXF++p8qOB/d bPTVUFfvMnU2TdNv9D+2Sd9lkvplcvNtp9ghKYFwcdca7T5yArQYlV1bzmq+IgeC5Taip0 s9wR81ObnwqMp1bRzcsZvhauwHVwL3cMuW67FsTnP+Kg2TBaVVUpmJYwjdaFpRSqesj/z8 7KT6jSOA90ObeSwSf4QEDoqvXc2ryBrf7UZVo6XSPRDXyAD4rr+JOsZQkShvKg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038279; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bvsv/o9mhKwWa9RMV8W7LHE+DILHbD58Sk+w373GdkM=; b=bK/0LdO8pNh30RrYLgZeYMAEyWjTH6sO/r85c8cdyIDW9s2p4ZMygF5XwPDYhKCKeEZNdw +z+wveG4SvEk1oMonmB9bKCnHClKHhOQqh9vRIH6uU9unXhvjT3b7W65mNcFKySc4bDN9/ 8pFUPXltKvFEDAl9K8ENnYKh+PhCsYYk9t7K0c/RzDuM+GBNbi1Eyuoi8ExtwI3q3HHkKs IptKSONw/YmhvcV2aC5Cyrcu0k4OWMvi9X6JNpk0BbrvpPqbDLybTnyfismLgtcHkwXHl/ BXzjM6muag223u3ysYaYpWiEYXyAvsk0nIizbc2Dh6xy26zsKAaTPR9s69tN8w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHW5vR6zsrY; Wed, 7 Aug 2024 13:44:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DidpQ034007; Wed, 7 Aug 2024 13:44:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Did6b034004; Wed, 7 Aug 2024 13:44:39 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:39 GMT Message-Id: <202408071344.477Did6b034004@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 4e7bf17e9db8 - releng/14.0 - nfscl: Scan readdir reply filenames for invalid characters List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: 4e7bf17e9db892ab47ede6c12aa0d2902c5ff795 Auto-Submitted: auto-generated The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=4e7bf17e9db892ab47ede6c12aa0d2902c5ff795 commit 4e7bf17e9db892ab47ede6c12aa0d2902c5ff795 Author: Rick Macklem AuthorDate: 2024-07-21 22:56:16 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:25:36 +0000 nfscl: Scan readdir reply filenames for invalid characters The NFS RFCs are pretty loose with respect to what characters can be in a filename returned by a Readdir. However, FreeBSD, as a POSIX system will not handle imbedded '/' or nul characters in file names. Also, for NFSv4, the file names "." and ".." are handcrafted on the client and should not be returned by a NFSv4 server. This patch scans for the above in filenames returned by Readdir and ignores any entry returned by Readdir which has them in it. Because an imbedded nul would be a string terminator, it was not possible to code this check efficiently using string(3) functions. Approved by: so Security: FreeBSD-SA-24:07.nfsclient Security: CVE-2024-6759 Reported by: Apple Security Engineering and Architecture (SEAR) (cherry picked from commit 026cdaa3b3a92574d9ac3155216e5cc0b0bd4c51) (cherry picked from commit 9328ded386d570c8455b9021e047520ef72e0e79) --- sys/fs/nfsclient/nfs_clrpcops.c | 137 ++++++++++++++++++++++++++++++++-------- 1 file changed, 110 insertions(+), 27 deletions(-) diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index 7f886ad286e7..c63bff726c87 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -142,6 +142,7 @@ static int nfsrpc_createv4(vnode_t , char *, int, struct vattr *, nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *, int *, int *); +static bool nfscl_invalidfname(bool, char *, int); static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *, struct nfscllockowner *, u_int64_t, u_int64_t, u_int32_t, struct ucred *, NFSPROC_T *, int); @@ -3224,6 +3225,31 @@ nfsrpc_rmdir(vnode_t dvp, char *name, int namelen, struct ucred *cred, return (error); } +/* + * Check to make sure the file name in a Readdir reply is valid. + */ +static bool +nfscl_invalidfname(bool is_v4, char *name, int len) +{ + int i; + char *cp; + + if (is_v4 && ((len == 1 && name[0] == '.') || + (len == 2 && name[0] == '.' && name[1] == '.'))) { + printf("Readdir NFSv4 reply has dot or dotdot in it\n"); + return (true); + } + cp = name; + for (i = 0; i < len; i++, cp++) { + if (*cp == '/' || *cp == '\0') { + printf("Readdir reply file name had imbedded / or nul" + " byte\n"); + return (true); + } + } + return (false); +} + /* * Readdir rpc. * Always returns with either uio_resid unchanged, if you are at the @@ -3276,6 +3302,8 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, KASSERT(uiop->uio_iovcnt == 1 && (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0, ("nfs readdirrpc bad uio")); + KASSERT(uiop->uio_segflg == UIO_SYSSPACE, + ("nfsrpc_readdir: uio userspace")); ncookie.lval[0] = ncookie.lval[1] = 0; /* * There is no point in reading a lot more than uio_resid, however @@ -3533,6 +3561,17 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, uiop->uio_resid) bigenough = 0; if (bigenough) { + struct iovec saviov; + off_t savoff; + ssize_t savresid; + int savblksiz; + + saviov.iov_base = uiop->uio_iov->iov_base; + saviov.iov_len = uiop->uio_iov->iov_len; + savoff = uiop->uio_offset; + savresid = uiop->uio_resid; + savblksiz = blksiz; + dp = (struct dirent *)uiop->uio_iov->iov_base; dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; @@ -3548,20 +3587,35 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base + DIRHDSIZ; uiop->uio_iov->iov_len -= DIRHDSIZ; + cp = uiop->uio_iov->iov_base; error = nfsm_mbufuio(nd, uiop, len); if (error) goto nfsmout; - cp = uiop->uio_iov->iov_base; - tlen -= len; - NFSBZERO(cp, tlen); - cp += tlen; /* points to cookie storage */ - tl2 = (u_int32_t *)cp; - uiop->uio_iov->iov_base = - (char *)uiop->uio_iov->iov_base + tlen + - NFSX_HYPER; - uiop->uio_iov->iov_len -= tlen + NFSX_HYPER; - uiop->uio_resid -= tlen + NFSX_HYPER; - uiop->uio_offset += (tlen + NFSX_HYPER); + /* Check for an invalid file name. */ + if (nfscl_invalidfname( + (nd->nd_flag & ND_NFSV4) != 0, cp, len)) { + /* Skip over this entry. */ + uiop->uio_iov->iov_base = + saviov.iov_base; + uiop->uio_iov->iov_len = + saviov.iov_len; + uiop->uio_offset = savoff; + uiop->uio_resid = savresid; + blksiz = savblksiz; + } else { + cp = uiop->uio_iov->iov_base; + tlen -= len; + NFSBZERO(cp, tlen); + cp += tlen; /* points to cookie store */ + tl2 = (u_int32_t *)cp; + uiop->uio_iov->iov_base = + (char *)uiop->uio_iov->iov_base + + tlen + NFSX_HYPER; + uiop->uio_iov->iov_len -= tlen + + NFSX_HYPER; + uiop->uio_resid -= tlen + NFSX_HYPER; + uiop->uio_offset += (tlen + NFSX_HYPER); + } } else { error = nfsm_advance(nd, NFSM_RNDUP(len), -1); if (error) @@ -3727,6 +3781,8 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, KASSERT(uiop->uio_iovcnt == 1 && (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0, ("nfs readdirplusrpc bad uio")); + KASSERT(uiop->uio_segflg == UIO_SYSSPACE, + ("nfsrpc_readdirplus: uio userspace")); ncookie.lval[0] = ncookie.lval[1] = 0; timespecclear(&dctime); *attrflagp = 0; @@ -3962,6 +4018,17 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, uiop->uio_resid) bigenough = 0; if (bigenough) { + struct iovec saviov; + off_t savoff; + ssize_t savresid; + int savblksiz; + + saviov.iov_base = uiop->uio_iov->iov_base; + saviov.iov_len = uiop->uio_iov->iov_len; + savoff = uiop->uio_offset; + savresid = uiop->uio_resid; + savblksiz = blksiz; + dp = (struct dirent *)uiop->uio_iov->iov_base; dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; @@ -3980,25 +4047,41 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, cnp->cn_nameptr = uiop->uio_iov->iov_base; cnp->cn_namelen = len; NFSCNHASHZERO(cnp); + cp = uiop->uio_iov->iov_base; error = nfsm_mbufuio(nd, uiop, len); if (error) goto nfsmout; - cp = uiop->uio_iov->iov_base; - tlen -= len; - NFSBZERO(cp, tlen); - cp += tlen; /* points to cookie storage */ - tl2 = (u_int32_t *)cp; - if (len == 2 && cnp->cn_nameptr[0] == '.' && - cnp->cn_nameptr[1] == '.') - isdotdot = 1; - else - isdotdot = 0; - uiop->uio_iov->iov_base = - (char *)uiop->uio_iov->iov_base + tlen + - NFSX_HYPER; - uiop->uio_iov->iov_len -= tlen + NFSX_HYPER; - uiop->uio_resid -= tlen + NFSX_HYPER; - uiop->uio_offset += (tlen + NFSX_HYPER); + /* Check for an invalid file name. */ + if (nfscl_invalidfname( + (nd->nd_flag & ND_NFSV4) != 0, cp, len)) { + /* Skip over this entry. */ + uiop->uio_iov->iov_base = + saviov.iov_base; + uiop->uio_iov->iov_len = + saviov.iov_len; + uiop->uio_offset = savoff; + uiop->uio_resid = savresid; + blksiz = savblksiz; + } else { + cp = uiop->uio_iov->iov_base; + tlen -= len; + NFSBZERO(cp, tlen); + cp += tlen; /* points to cookie store */ + tl2 = (u_int32_t *)cp; + if (len == 2 && + cnp->cn_nameptr[0] == '.' && + cnp->cn_nameptr[1] == '.') + isdotdot = 1; + else + isdotdot = 0; + uiop->uio_iov->iov_base = + (char *)uiop->uio_iov->iov_base + + tlen + NFSX_HYPER; + uiop->uio_iov->iov_len -= tlen + + NFSX_HYPER; + uiop->uio_resid -= tlen + NFSX_HYPER; + uiop->uio_offset += (tlen + NFSX_HYPER); + } } else { error = nfsm_advance(nd, NFSM_RNDUP(len), -1); if (error) From nobody Wed Aug 7 13:44:40 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHY15NBz5S9L7; Wed, 07 Aug 2024 13:44:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHX6yw1z4jNB; Wed, 7 Aug 2024 13:44:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038281; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QNkqo+rlQiIscrkEtDheFl7zQvuyD+2BrXWoNiqIelo=; b=oCA2OKjSR5ahnK5fknNyzSCgwSc2yooGTSbCOCmbVELbV9lTYB6efsq2/UyApS8Mtee5mY lLUOoG+6ld9tyPIicoeRXgoHC+6Kv/jK0o3dvB7+fyJjU8gaVtKdxbspkH9460TraRx2Q2 ILpsVEWbkVciBcBwsap7v0BpIeKrX7uby5S5P0g6JNthEIZOBZcPNkwIvZ3dSlEzm8vUMb U7qiKM2fIn3mTBDW9MQw4RiaaiJZW683lkxHw04LQiPf7tKWyty2AVTu3zMmUwOokVv8hM 0s6KgRNsTu02GRjoR7HsCGAK5Xo8uJijTFi9Wp59QAcwrndgYQvmCT9gbJyK7w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038281; a=rsa-sha256; cv=none; b=oXdA8SrlMeo7/ok2xaCVdxwyeu8c5UhbRdQQKrgh6TaDq450dhNikq3vOdUe32VfWAaqey ydyPCgJaSPetRpiAfXfvSBgjBZs6i4DvApRdSXZ6NCajsUeSf22Ol5iJhQPWgTEDhgX9gV zU68j6yzwuNHxOTDlpmsEl4cBXKveWpfdRloJlTOqgt/VUfPHm3jQlwtuZ5vzvGOC2Kl+o CTS/OZY/WhwJMSDozBw1QiDDaD8ZLsoOmwGT32YOHu9LgvIGk9158L+apuGsHF1tWg89RM NA9X7YI32TxDUOD+BrpgaC7kwXe4SjEQtcOz4f6xvNCs9rzpZAVGyewwcsOAVA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038281; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QNkqo+rlQiIscrkEtDheFl7zQvuyD+2BrXWoNiqIelo=; b=WIaSKxWtB2fHWd1Uc2FXBHZD3NPdkB2hsn90nS/0oISTEpiRTwsEK8kz2sLcWOdJ3l21SE naXj+J9XSvgbONpZOtnshsYoVYvkLrawNlF1NLROMQSbemawPFPq0ErZyAiMbVQFWyffcv wqvXhT3dG6Zr4Qd0tBSakOcHrG4ZTk5qWUkYiqOauCoUyB8Aff7VEpVb8uZUjztfOwElt3 te2+b/ptBLCPfC7aFID6ISeJdw2ifmh5IrE9hZaWg6LkUcHLWw0Tw2eDeNzJJvC5cVj1ov MZPk6bgwICwoK4k1MQzS1pE869Z7oUEH4RCRElZ2m7phlE+LANi4qIL1ZIi5eQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHX6ZzmzsrZ; Wed, 7 Aug 2024 13:44:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DieKO034063; Wed, 7 Aug 2024 13:44:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiesM034060; Wed, 7 Aug 2024 13:44:40 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:40 GMT Message-Id: <202408071344.477DiesM034060@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: c4ade13d5498 - releng/14.0 - sshd: remove blacklist call from grace_alarm_timer List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: c4ade13d5498870de2cae09f5468aca0d73c126f Auto-Submitted: auto-generated The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=c4ade13d5498870de2cae09f5468aca0d73c126f commit c4ade13d5498870de2cae09f5468aca0d73c126f Author: Ed Maste AuthorDate: 2024-08-01 00:04:46 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:25:50 +0000 sshd: remove blacklist call from grace_alarm_timer Under certain circumstances it may call log(3), which is not async- signal-safe. For now just remove the blacklist integration from this path, which means that blacklistd will not detect and firewall hosts that establish a connection but do nothing further. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46203 (cherry picked from commit 2739a6845031e69be7c03461a9335d8bbb9f59bd) (cherry picked from commit 3d3bae9b95388169d396adc8007585699c5a23e0) Approved by: so Security: FreeBSD-SA-24:08.openssh Security: CVE-2024-7589 (cherry picked from commit 73466449a9bf1888147c53d622236cebc0aa591b) --- crypto/openssh/sshd.c | 2 -- crypto/openssh/version.h | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index cfdd61ec5747..79ec505fcfe7 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -377,8 +377,6 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } - BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, "ssh"); - /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", ssh_remote_ipaddr(the_active_state), diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 56d02fbe9c86..3dcb560362d3 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240701" +#define SSH_VERSION_FREEBSD "FreeBSD-20240806" From nobody Wed Aug 7 13:44:41 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHZ2kNwz5S9MB; Wed, 07 Aug 2024 13:44:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHZ0sqZz4jLP; Wed, 7 Aug 2024 13:44:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038282; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rn8slkN2SKVqeC3HSg+M5ZIl3DcsPWCixE/dgA7DQ/I=; b=C/dc3GZChkgulWvQRjVFPIVhz3drmohHmnlXbg2Zxa8uWSWZzYSgzWjxcRek0uj1R2XeK8 veESA9E25ynam0gPgrHYa9MyctuR6PQJMhf/xMftSxatitMKyC630grLcOF/hy/jWBhW8r DkniDmleRk5KMP7yoSEgHC76Vk4JYa8ZENQBDjg7lU9OOkckm86gINu30J2Wi4ZoQqCjkI YpQvPx+/sLY2k0nwGk6N9cOb/Z+D9rYpIKit9RaJ9Axu2Se0ipeYjBi7/ErtgcGkOItWAN WbMvDnvaH/0iQ1AlpTfSfQOV1WDSefORHYRsVcj9l1EiZeCq//wQf8rN5GLrUw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038282; a=rsa-sha256; cv=none; b=Q8KEkwLV7DERUoaF8RPDGq/8It9EX5edZFLHkX29xhn+uj6QURGKwWQbr6QZEsQUfD3xcU GGJXnZdwt52IC1xvWwjisBqXMcjtjGrxOeHoBqgIePL4FD2ej0NYBbp8vFLfF9LSBdIVVI eYEo1tKesYcH6lZdR2t/Fb+0oYaLtpJ0JZ6Ghyvgqh1rYtLE6xiZDK3dzpJjv1iVZb750q hao8BNnKmQ4VGRzArWSOKVQHfUPr3rJ+vMwLQRDzaODy0INVe5LW/7dlhBtQJGDQOnJ/KH 8ap1FhqZZJryMoa5TA/oCGtJTpvaewXTP2htvr7sXP2v5kBWLzZ/gLDossSSCg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038282; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rn8slkN2SKVqeC3HSg+M5ZIl3DcsPWCixE/dgA7DQ/I=; b=CZYTDyyiNeWnxnljW7Y/JjERd0wgvlSTzf0eq5gs5LIiBaA3kUdA9/nqFgZOzY2ebtb3mE LUuTbe74kGpU98/FpqGUkU2u09f1qfm3V4OJCXzB3Iyd9jmUZu3INmCXIWs8f0yKVG+3Vr wBIxRtQ+P1NJKC+SvuKNPm6PE1D6CiokHdT9ZiK/s/KVMUDUQPr1DSoSGIR+HGZcjDBPk3 pIyh3NWPXy1WtyotdmPDQiQtByA9AXOO6ajd9TMQGFOzh03/5M1J9xBmXWPr3Uad6MIVQH G3VaQUMOWaKexfF7hX1itrL+K9qQlTq7+Wkg0qASHVAYVD1eCPwTOrEaAeLECw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHZ0Rf3zsV9; Wed, 7 Aug 2024 13:44:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477Difpv034107; Wed, 7 Aug 2024 13:44:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DifVo034104; Wed, 7 Aug 2024 13:44:41 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:41 GMT Message-Id: <202408071344.477DifVo034104@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 01792dd7f27b - releng/14.0 - ifconfig: Fix default netmask calculation List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: 01792dd7f27b3415e721f43f2d6e98df2346fd1f Auto-Submitted: auto-generated The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=01792dd7f27b3415e721f43f2d6e98df2346fd1f commit 01792dd7f27b3415e721f43f2d6e98df2346fd1f Author: Michael Gmelin AuthorDate: 2024-06-12 16:11:52 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:31:10 +0000 ifconfig: Fix default netmask calculation Approved by: so Security: FreeBSD-EN-24:14.ifconfig Reported by: phk Reviewed by: emaste, kp MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D45570 (cherry picked from commit 8a9f0fa42b1c6cffd45459bb552e138083b00369) (cherry picked from commit 048ad7a9ef9fe15368ff287db5c705c8163f4e1c) --- sbin/ifconfig/af_inet.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sbin/ifconfig/af_inet.c b/sbin/ifconfig/af_inet.c index 83b605e8c4cb..8032c7035c95 100644 --- a/sbin/ifconfig/af_inet.c +++ b/sbin/ifconfig/af_inet.c @@ -445,7 +445,7 @@ in_exec_nl(if_ctx *ctx, unsigned long action, void *data) static void in_setdefaultmask_nl(void) { - struct in_px *px = sintab_nl[ADDR]; + struct in_px *px = sintab_nl[ADDR]; in_addr_t i = ntohl(px->addr.s_addr); @@ -456,11 +456,11 @@ in_setdefaultmask_nl(void) * we should return an error rather than warning. */ if (IN_CLASSA(i)) - px->plen = IN_CLASSA_NSHIFT; + px->plen = 32 - IN_CLASSA_NSHIFT; else if (IN_CLASSB(i)) - px->plen = IN_CLASSB_NSHIFT; + px->plen = 32 - IN_CLASSB_NSHIFT; else - px->plen = IN_CLASSC_NSHIFT; + px->plen = 32 - IN_CLASSC_NSHIFT; px->maskset = true; } #endif From nobody Wed Aug 7 13:44:43 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHb3BcQz5S8tw; Wed, 07 Aug 2024 13:44:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHb1f6dz4jNk; Wed, 7 Aug 2024 13:44:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038283; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0VpDsVw9sNq/cvQpokIcKpHvYDS6SDwYCRArYfboxfk=; b=pytDIp9Y9tm8Cx/Yb3O2TAe8p0loXLvHAktkByHyQ4XpSq6RAhP4M7/cdkvTI6a58Slxux m3hsPnKgmqUXN+i1IYoRRiRMkDJl/wuN7hDGGnI7LdH5b3+n+tLeB5Gp/4gIDSx6lvhLyn eo49bBKj2t50p1o9T1KA1B/PO79IEKituPQrRzkZgDevbw/PUPIGh+3dpmOCJssiK6LWJ/ nTCJzyhpqixCN0ICIOku1jfQXrjyYvcIznp7iY8X8wrxizyJBZQTK0lZ3UcOZw4Jsj1jE1 h323yRJAdHt5I1jbB1NA68lJgnprQV6x4iSDatYdP+OhDgQD6hklzncLxgf2Cg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038283; a=rsa-sha256; cv=none; b=Ddt6t3eUkeGCPXcumMyT7x6P187+YCAmqBwMCOudPCB4mJFjQD019MLZsLSJQNU1IDzE4m icpW11I6HqGRMy3ZC6iKOzOfYTIn9/nwGBTHHMb7xLAtlaXtI61gHSreesj2E/Zs9juPZX Mks0QepOXapJpqVcG3Y3AMI4whlFrDB6P3ZSfWJ33FZK3rrH9HjRhx4vd4R6zVDiZBcyyw i+Fuwvp8LXJpJPsTk+gGOyzYzO3zoPnjmJaNL3oOUFduSHhDq4eWwIpXp1pVZvMClnfNBK F7r8JHEaOwN9LG06BPCsUXMapN/AVHBL1QBiLASIt9gR7p5afCYP+jO13qVq5Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038283; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0VpDsVw9sNq/cvQpokIcKpHvYDS6SDwYCRArYfboxfk=; b=wxZhTRa39DCOLJ3qyUYQHNzLcU7uYyj3qWz2XH8Rrd5brA41hFSQcpjha9cR8/fmPYLoBi GXr+U5qXMjjWF1fsW9XjJyyx1/wdfv3ai8wz799q6GNhNCnoZghPcTU+qA6HN+BIPB2LM4 FUWKbjZY9kJYRY+F4pfI8/BecZUikOsn3HwKmEKpFnFgwNyET28hyMgClCEWCCUyi+80dV H9XWzniio29j1tnEYqCf4Bns5jEM6D0xbfBpMHop/427DRTnZTeZAtLhEqoSA16Lci6iov PvC/xNcpkuyDEuNilzGqLsYXQgs0sYBt2Xl7VOirOnzQuzybEC7+s7b21FT/9A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHb1G9rzspK; Wed, 7 Aug 2024 13:44:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DihEA034161; Wed, 7 Aug 2024 13:44:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Dih1k034158; Wed, 7 Aug 2024 13:44:43 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:43 GMT Message-Id: <202408071344.477Dih1k034158@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: aac676988d91 - releng/14.0 - pf: stricter state checking for ICMP and ICMPv6 packets List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: aac676988d91aeb89b91fd00d4a5f4e23445fce6 Auto-Submitted: auto-generated The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=aac676988d91aeb89b91fd00d4a5f4e23445fce6 commit aac676988d91aeb89b91fd00d4a5f4e23445fce6 Author: Kristof Provost AuthorDate: 2024-07-09 13:59:33 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:31:25 +0000 pf: stricter state checking for ICMP and ICMPv6 packets Include the ICMP type in one port of the state key, using the type to determine which side should be the id, and which should be the type. Also: - Handle ICMP6 messages which are typically sent to multicast addresses but recieve unicast replies, by doing fallthrough lookups against the correct multicast address. - Clear up some mistaken assumptions in the PF code: - Not all ICMP packets have an icmp_id, so simulate one based on other data if we can, otherwise set it to 0. - Don't modify the icmp id field in NAT unless it's echo - Use the full range of possible id's when NATing icmp6 echoy ok henning marco testing matthieu todd Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, mcbride 70bf7555ef4c Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 534ee17e61ee094ec175703bc50e88ff6587703e) (cherry picked from commit 2f6b4611b5b847aee1ff8d5017a0f8a657f4101d) --- sys/netpfil/pf/pf.c | 381 ++++++++++++++++++++++++++++++++++++++----------- sys/netpfil/pf/pf_lb.c | 19 ++- 2 files changed, 317 insertions(+), 83 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index eab79387e867..0491cd7369f5 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -260,6 +260,8 @@ static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *, u_int16_t, u_int8_t, sa_family_t); static int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *, struct tcphdr *, struct pf_state_peer *); +int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *, + int *, u_int16_t *, u_int16_t *); static void pf_change_icmp(struct pf_addr *, u_int16_t *, struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t *, u_int16_t *, u_int16_t *, @@ -304,6 +306,10 @@ static int pf_test_state_tcp(struct pf_kstate **, static int pf_test_state_udp(struct pf_kstate **, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *); +int pf_icmp_state_lookup(struct pf_state_key_cmp *, + struct pf_pdesc *, struct pf_kstate **, struct mbuf *, + int, struct pfi_kkif *, u_int16_t, u_int16_t, + int, int *, int); static int pf_test_state_icmp(struct pf_kstate **, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); @@ -353,6 +359,8 @@ extern struct proc *pf_purge_proc; VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); +enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK }; + #define PACKET_UNDO_NAT(_m, _pd, _off, _s) \ do { \ struct pf_state_key *nk; \ @@ -1695,6 +1703,142 @@ pf_isforlocal(struct mbuf *m, int af) return (false); } +int +pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, + int *icmp_dir, int *multi, u_int16_t *icmpid, u_int16_t *icmptype) +{ + /* + * ICMP types marked with PF_OUT are typically responses to + * PF_IN, and will match states in the opposite direction. + * PF_IN ICMP types need to match a state with that type. + */ + *icmp_dir = PF_OUT; + *multi = PF_ICMP_MULTI_LINK; + /* Queries (and responses) */ + switch (type) { + case ICMP_ECHO: + *icmp_dir = PF_IN; + case ICMP_ECHOREPLY: + *icmptype = ICMP_ECHO; + *icmpid = pd->hdr.icmp.icmp_id; + break; + + case ICMP_TSTAMP: + *icmp_dir = PF_IN; + case ICMP_TSTAMPREPLY: + *icmptype = ICMP_TSTAMP; + *icmpid = 0; /* Time is not a secret. */ + break; + + case ICMP_IREQ: + *icmp_dir = PF_IN; + case ICMP_IREQREPLY: + *icmptype = ICMP_IREQ; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_MASKREQ: + *icmp_dir = PF_IN; + case ICMP_MASKREPLY: + *icmptype = ICMP_MASKREQ; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_IPV6_WHEREAREYOU: + *icmp_dir = PF_IN; + case ICMP_IPV6_IAMHERE: + *icmptype = ICMP_IPV6_WHEREAREYOU; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_MOBILE_REGREQUEST: + *icmp_dir = PF_IN; + case ICMP_MOBILE_REGREPLY: + *icmptype = ICMP_MOBILE_REGREQUEST; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_ROUTERSOLICIT: + *icmp_dir = PF_IN; + case ICMP_ROUTERADVERT: + *icmptype = ICMP_ROUTERSOLICIT; + *icmpid = 0; /* Nothing sane to match on! */ + break; + +#ifdef INET6 + case ICMP6_ECHO_REQUEST: + *icmp_dir = PF_IN; + case ICMP6_ECHO_REPLY: + *icmptype = ICMP6_ECHO_REQUEST; + *icmpid = pd->hdr.icmp6.icmp6_id; + break; + + case MLD_LISTENER_QUERY: + *icmp_dir = PF_IN; + case MLD_LISTENER_REPORT: { + *icmptype = MLD_LISTENER_QUERY; + *icmpid = 0; + break; + } + + /* ICMP6_FQDN and ICMP6_NI query/reply are the same type as ICMP6_WRU */ + case ICMP6_WRUREQUEST: + *icmp_dir = PF_IN; + case ICMP6_WRUREPLY: + *icmptype = ICMP6_WRUREQUEST; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case MLD_MTRACE: + *icmp_dir = PF_IN; + case MLD_MTRACE_RESP: + *icmptype = MLD_MTRACE; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ND_NEIGHBOR_SOLICIT: + *icmp_dir = PF_IN; + case ND_NEIGHBOR_ADVERT: { + *icmptype = ND_NEIGHBOR_SOLICIT; + *multi = PF_ICMP_MULTI_SOLICITED; + *icmpid = 0; + break; + } + +#endif /* INET6 */ + /* These ICMP types map to other connections */ + case ICMP_UNREACH: + case ICMP_SOURCEQUENCH: + case ICMP_REDIRECT: + case ICMP_TIMXCEED: + case ICMP_PARAMPROB: +#ifdef INET6 + /* + * ICMP6_TIME_EXCEEDED is the same type as ICMP_UNREACH + * ND_REDIRECT can't be in this list because the triggering packet + * header is optional. + */ + case ICMP6_PACKET_TOO_BIG: +#endif /* INET6 */ + /* These will not be used, but set them anyways */ + *icmp_dir = PF_IN; + *icmptype = htons(type); + *icmpid = 0; + return (1); /* These types are matched to other state */ + /* + * All remaining ICMP types get their own states, + * and will only match in one direction. + */ + default: + *icmp_dir = PF_IN; + *icmptype = type; + *icmpid = 0; + break; + } + HTONS(*icmptype); + return (0); +} + void pf_intr(void *v) { @@ -4353,8 +4497,8 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, int tag = -1; int asd = 0; int match = 0; - int state_icmp = 0; - u_int16_t sport = 0, dport = 0; + int state_icmp = 0, icmp_dir, multi; + u_int16_t sport = 0, dport = 0, virtual_type, virtual_id; u_int16_t bproto_sum = 0, bip_sum = 0; u_int8_t icmptype = 0, icmpcode = 0; struct pf_kanchor_stackframe anchor_stack[PF_ANCHOR_STACKSIZE]; @@ -4388,33 +4532,37 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, case IPPROTO_ICMP: if (pd->af != AF_INET) break; - sport = dport = pd->hdr.icmp.icmp_id; hdrlen = sizeof(pd->hdr.icmp); icmptype = pd->hdr.icmp.icmp_type; icmpcode = pd->hdr.icmp.icmp_code; - - if (icmptype == ICMP_UNREACH || - icmptype == ICMP_SOURCEQUENCH || - icmptype == ICMP_REDIRECT || - icmptype == ICMP_TIMXCEED || - icmptype == ICMP_PARAMPROB) - state_icmp++; + state_icmp = pf_icmp_mapping(pd, icmptype, + &icmp_dir, &multi, &virtual_id, &virtual_type); + if (icmp_dir == PF_IN) { + sport = virtual_id; + dport = virtual_type; + } else { + sport = virtual_type; + dport = virtual_id; + } break; #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: if (af != AF_INET6) break; - sport = dport = pd->hdr.icmp6.icmp6_id; hdrlen = sizeof(pd->hdr.icmp6); icmptype = pd->hdr.icmp6.icmp6_type; icmpcode = pd->hdr.icmp6.icmp6_code; + state_icmp = pf_icmp_mapping(pd, icmptype, + &icmp_dir, &multi, &virtual_id, &virtual_type); + if (icmp_dir == PF_IN) { + sport = virtual_id; + dport = virtual_type; + } else { + sport = virtual_type; + dport = virtual_id; + } - if (icmptype == ICMP6_DST_UNREACH || - icmptype == ICMP6_PACKET_TOO_BIG || - icmptype == ICMP6_TIME_EXCEEDED || - icmptype == ICMP6_PARAM_PROB) - state_icmp++; break; #endif /* INET6 */ default: @@ -4508,7 +4656,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, } #ifdef INET case IPPROTO_ICMP: - nk->port[0] = nk->port[1]; if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET)) pf_change_a(&saddr->v4.s_addr, pd->ip_sum, nk->addr[pd->sidx].v4.s_addr, 0); @@ -4517,11 +4664,12 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, pf_change_a(&daddr->v4.s_addr, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); - if (nk->port[1] != pd->hdr.icmp.icmp_id) { + if (virtual_type == ICMP_ECHO && + nk->port[pd->sidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( pd->hdr.icmp.icmp_cksum, sport, - nk->port[1], 0); - pd->hdr.icmp.icmp_id = nk->port[1]; + nk->port[pd->sidx], 0); + pd->hdr.icmp.icmp_id = nk->port[pd->sidx]; pd->sport = &pd->hdr.icmp.icmp_id; } m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp); @@ -4529,7 +4677,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: - nk->port[0] = nk->port[1]; if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET6)) pf_change_a6(saddr, &pd->hdr.icmp6.icmp6_cksum, &nk->addr[pd->sidx], 0); @@ -5911,15 +6058,73 @@ pf_test_state_sctp(struct pf_kstate **state, struct pfi_kkif *kif, return (PF_PASS); } +int +pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd, + struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif, + u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi) +{ + key->af = pd->af; + key->proto = pd->proto; + if (icmp_dir == PF_IN) { + *iidx = pd->sidx; + key->port[pd->sidx] = icmpid; + key->port[pd->didx] = type; + } else { + *iidx = pd->didx; + key->port[pd->sidx] = type; + key->port[pd->didx] = icmpid; + } + if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) { + switch (multi) { + case PF_ICMP_MULTI_SOLICITED: + key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; + key->addr[pd->sidx].addr32[1] = 0; + key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE; + key->addr[pd->sidx].addr32[3] = pd->src->addr32[3]; + key->addr[pd->sidx].addr8[12] = 0xff; + break; + case PF_ICMP_MULTI_LINK: + key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; + key->addr[pd->sidx].addr32[1] = 0; + key->addr[pd->sidx].addr32[2] = 0; + key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE; + break; + } + } else + PF_ACPY(&key->addr[pd->sidx], pd->src, key->af); + PF_ACPY(&key->addr[pd->didx], pd->dst, key->af); + + STATE_LOOKUP(kif, key, *state, pd); + + /* Is this ICMP message flowing in right direction? */ + if ((*state)->rule.ptr->type && + (((*state)->direction == direction) ? + PF_IN : PF_OUT) != icmp_dir) { + if (V_pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: icmp type %d in wrong direction (%d): ", + icmp_dir, pd->dir); + pf_print_state(*state); + printf("\n"); + } + return (PF_DROP); + } + return (-1); +} + static int pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason) { struct pf_addr *saddr = pd->src, *daddr = pd->dst; - u_int16_t icmpid = 0, *icmpsum; + u_int16_t *icmpsum, virtual_id, virtual_type; u_int8_t icmptype, icmpcode; - int state_icmp = 0; + int icmp_dir, iidx, ret, multi; struct pf_state_key_cmp key; +#ifdef INET + u_int16_t icmpid; +#endif + + MPASS(*state == NULL); bzero(&key, sizeof(key)); switch (pd->proto) { @@ -5929,49 +6134,43 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, icmpcode = pd->hdr.icmp.icmp_code; icmpid = pd->hdr.icmp.icmp_id; icmpsum = &pd->hdr.icmp.icmp_cksum; - - if (icmptype == ICMP_UNREACH || - icmptype == ICMP_SOURCEQUENCH || - icmptype == ICMP_REDIRECT || - icmptype == ICMP_TIMXCEED || - icmptype == ICMP_PARAMPROB) - state_icmp++; break; #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: icmptype = pd->hdr.icmp6.icmp6_type; icmpcode = pd->hdr.icmp6.icmp6_code; +#ifdef INET icmpid = pd->hdr.icmp6.icmp6_id; +#endif icmpsum = &pd->hdr.icmp6.icmp6_cksum; - - if (icmptype == ICMP6_DST_UNREACH || - icmptype == ICMP6_PACKET_TOO_BIG || - icmptype == ICMP6_TIME_EXCEEDED || - icmptype == ICMP6_PARAM_PROB) - state_icmp++; break; #endif /* INET6 */ } - if (!state_icmp) { + if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi, + &virtual_id, &virtual_type) == 0) { /* * ICMP query/reply message not related to a TCP/UDP packet. * Search for an ICMP state. */ - key.af = pd->af; - key.proto = pd->proto; - key.port[0] = key.port[1] = icmpid; - if (pd->dir == PF_IN) { /* wire side, straight */ - PF_ACPY(&key.addr[0], pd->src, key.af); - PF_ACPY(&key.addr[1], pd->dst, key.af); - } else { /* stack side, reverse */ - PF_ACPY(&key.addr[1], pd->src, key.af); - PF_ACPY(&key.addr[0], pd->dst, key.af); + ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir, + kif, virtual_id, virtual_type, icmp_dir, &iidx, + PF_ICMP_MULTI_NONE); + if (ret >= 0) { + if (ret == PF_DROP && pd->af == AF_INET6 && + icmp_dir == PF_OUT) { + if (*state != NULL) + PF_STATE_UNLOCK((*state)); + ret = pf_icmp_state_lookup(&key, pd, state, m, + pd->dir, kif, virtual_id, virtual_type, + icmp_dir, &iidx, multi); + if (ret >= 0) + return (ret); + } else + return (ret); } - STATE_LOOKUP(kif, &key, *state, pd); - (*state)->expire = time_uptime; (*state)->timeout = PFTM_ICMP_ERROR_REPLY; @@ -5994,14 +6193,14 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); - if (nk->port[0] != + if (nk->port[iidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( pd->hdr.icmp.icmp_cksum, icmpid, - nk->port[pd->sidx], 0); + nk->port[iidx], 0); pd->hdr.icmp.icmp_id = - nk->port[pd->sidx]; + nk->port[iidx]; } m_copyback(m, off, ICMP_MINLEN, @@ -6366,13 +6565,15 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, return (PF_DROP); } - key.af = pd2.af; - key.proto = IPPROTO_ICMP; - PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af); - PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af); - key.port[0] = key.port[1] = iih.icmp_id; + icmpid = iih.icmp_id; + pf_icmp_mapping(&pd2, iih.icmp_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); - STATE_LOOKUP(kif, &key, *state, pd); + ret = pf_icmp_state_lookup(&key, &pd2, state, m, + pd->dir, kif, virtual_id, virtual_type, + icmp_dir, &iidx, PF_ICMP_MULTI_NONE); + if (ret >= 0) + return (ret); /* translate source/destination address, if necessary */ if ((*state)->key[PF_SK_WIRE] != @@ -6382,21 +6583,23 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - nk->port[pd2.sidx] != iih.icmp_id) - pf_change_icmp(pd2.src, &iih.icmp_id, + (virtual_type == ICMP_ECHO && + nk->port[iidx] != iih.icmp_id)) + pf_change_icmp(pd2.src, + (virtual_type == ICMP_ECHO) ? + &iih.icmp_id : NULL, daddr, &nk->addr[pd2.sidx], - nk->port[pd2.sidx], NULL, + (virtual_type == ICMP_ECHO) ? + nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET); if (PF_ANEQ(pd2.dst, - &nk->addr[pd2.didx], pd2.af) || - nk->port[pd2.didx] != iih.icmp_id) - pf_change_icmp(pd2.dst, &iih.icmp_id, - saddr, &nk->addr[pd2.didx], - nk->port[pd2.didx], NULL, - pd2.ip_sum, icmpsum, - pd->ip_sum, 0, AF_INET); + &nk->addr[pd2.didx], pd2.af)) + pf_change_icmp(pd2.dst, NULL, NULL, + &nk->addr[pd2.didx], 0, NULL, + pd2.ip_sum, icmpsum, pd->ip_sum, 0, + AF_INET); m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp); m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2); @@ -6418,13 +6621,25 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, return (PF_DROP); } - key.af = pd2.af; - key.proto = IPPROTO_ICMPV6; - PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af); - PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af); - key.port[0] = key.port[1] = iih.icmp6_id; - - STATE_LOOKUP(kif, &key, *state, pd); + pf_icmp_mapping(&pd2, iih.icmp6_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); + ret = pf_icmp_state_lookup(&key, &pd2, state, m, + pd->dir, kif, virtual_id, virtual_type, + icmp_dir, &iidx, PF_ICMP_MULTI_NONE); + if (ret >= 0) { + if (ret == PF_DROP && pd->af == AF_INET6 && + icmp_dir == PF_OUT) { + if (*state != NULL) + PF_STATE_UNLOCK((*state)); + ret = pf_icmp_state_lookup(&key, pd, + state, m, pd->dir, kif, + virtual_id, virtual_type, + icmp_dir, &iidx, multi); + if (ret >= 0) + return (ret); + } else + return (ret); + } /* translate source/destination address, if necessary */ if ((*state)->key[PF_SK_WIRE] != @@ -6434,19 +6649,21 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - nk->port[pd2.sidx] != iih.icmp6_id) - pf_change_icmp(pd2.src, &iih.icmp6_id, + ((virtual_type == ICMP6_ECHO_REQUEST) && + nk->port[pd2.sidx] != iih.icmp6_id)) + pf_change_icmp(pd2.src, + (virtual_type == ICMP6_ECHO_REQUEST) + ? &iih.icmp6_id : NULL, daddr, &nk->addr[pd2.sidx], - nk->port[pd2.sidx], NULL, + (virtual_type == ICMP6_ECHO_REQUEST) + ? nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); if (PF_ANEQ(pd2.dst, - &nk->addr[pd2.didx], pd2.af) || - nk->port[pd2.didx] != iih.icmp6_id) - pf_change_icmp(pd2.dst, &iih.icmp6_id, - saddr, &nk->addr[pd2.didx], - nk->port[pd2.didx], NULL, + &nk->addr[pd2.didx], pd2.af)) + pf_change_icmp(pd2.dst, NULL, NULL, + &nk->addr[pd2.didx], 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c index eb3d087e3df6..4fcad7e578a8 100644 --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -225,6 +225,23 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, if (pf_map_addr(af, r, saddr, naddr, NULL, &init_addr, sn)) return (1); + if (proto == IPPROTO_ICMP) { + if (*nport == htons(ICMP_ECHO)) { + low = 1; + high = 65535; + } else + return (0); /* Don't try to modify non-echo ICMP */ + } +#ifdef INET6 + if (proto == IPPROTO_ICMPV6) { + if (*nport == htons(ICMP6_ECHO_REQUEST)) { + low = 1; + high = 65535; + } else + return (0); /* Don't try to modify non-echo ICMP */ + } +#endif /* INET6 */ + bzero(&key, sizeof(key)); key.af = af; key.proto = proto; @@ -633,7 +650,7 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, switch (r->action) { case PF_NAT: if (pd->proto == IPPROTO_ICMP) { - low = 1; + low = 1; high = 65535; } else { low = r->rpool.proxy_port[0]; From nobody Wed Aug 7 13:44:44 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHc4bWPz5S97m; Wed, 07 Aug 2024 13:44:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHc2YCGz4jX9; Wed, 7 Aug 2024 13:44:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4lL2bGG+L2yqxUWFBvlg5JsF4q29JFzA20CW8M1a0LM=; b=gnm11WgzUndFJJ07CDFshI9fzGr5wgVqaHtVnJZjoYZWdMJZFQPjjKHpldqGF4/OZ2h/sI Y589kChuts+mFRMnZXKIPEua0WvKnZXhUpAJ/zmxEly50z3Bznz+5xgzBB6my3bNsKWIzE I72bVgR1PALVZFbjY+hgNodEOjUcIHZCzl06fW+dAg7oEPom2zxQukrbxA0AHwchxJMKJa 0GYl4oUoNzeSrJ34TjwIcaK1Il/GfKgnB0HZax+TVLvTW0po7IXr5WmjYH2SflEVcRIR4V UnMDTFTJVmMaW9/WGHwuh3944wZ2IiwNAgYVghEeT7YGjIAdI+Ie7jose2tYJA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038284; a=rsa-sha256; cv=none; b=x5x4RoNle1oq178hH3xL2YPBMA/8c9rhBv7ixOKs8Wor6l78LpDFm4iqGWRxZJMppvjOW/ vOCvWvLpjatQAeqXT6aZnPLc6+ibjTK/8qqVwGz+VP5V16F4qe0FFwIvYEGXdfH03+DbA6 awt6CbIfLiU2oIUU3+OYftTTf7/gxZGA6XBZiOa7lkqueK53iMAPrGqKIKqX0Z3ybm3fAk +iRmyKtpTZOHkbfLJTRM0iF837Si2r2/uTbD/celWmtrA7Q4n7PPv5ugVZTgyzszx5jlb2 y6//87nvrFGyZYb2JINyxoMPKJ8oDNQ31evIoZfZLg+vL8gqYBxYd4L8WVCYJQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4lL2bGG+L2yqxUWFBvlg5JsF4q29JFzA20CW8M1a0LM=; b=YNc6aiaBVgV4paJFRUNIwi/9TF9kvNNtNOn7Hfv+tdMPL8nHyQ9ijhRpEh8eo35QLH86VC IoyBztG++4lvbApglEgtQGL0bM2OTCXxvnBouzZcjlsGKnNv4MBkSDrfoJvL7TsL5j0QGW 8JH0jOPTlQSP1fLVXM5G525pAQhG1Pp9HMoSZ5+T96e6dtSrb2XcchF7YG/p8Jn/DmoNvl +iqje+Cp+KVEDZsOmOhaok4mNE6eDRFYTrWfPjCtfvyMlQeakG8DFd8dpxG4ZwZVHA0DNm jREWlu+NFgziFsAtPMY6v8pljlpAN8hq2lB0DOJiwpsrPj/VohZOa+EY5Wn74A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHc24KSzspL; Wed, 7 Aug 2024 13:44:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiiQc034224; Wed, 7 Aug 2024 13:44:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiiZL034221; Wed, 7 Aug 2024 13:44:44 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:44 GMT Message-Id: <202408071344.477DiiZL034221@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 3151802d0316 - releng/14.0 - pf: some ICMP types that also have icmp_id, pointed out by markus@ List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: 3151802d03162e8d287eaaaa41e1d187f5acbc67 Auto-Submitted: auto-generated The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=3151802d03162e8d287eaaaa41e1d187f5acbc67 commit 3151802d03162e8d287eaaaa41e1d187f5acbc67 Author: Kristof Provost AuthorDate: 2024-07-10 11:32:03 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:31:30 +0000 pf: some ICMP types that also have icmp_id, pointed out by markus@ ok henning markus Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, mcbride 8c0632cd274b Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit e296b0de9e467b8c5eb853f6cf4c6ea28d4119a2) (cherry picked from commit c5081b8d3918564c1aba5a5e3f0a5219568e3435) --- sys/netpfil/pf/pf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 0491cd7369f5..71611acde2c7 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1727,21 +1727,21 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, *icmp_dir = PF_IN; case ICMP_TSTAMPREPLY: *icmptype = ICMP_TSTAMP; - *icmpid = 0; /* Time is not a secret. */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_IREQ: *icmp_dir = PF_IN; case ICMP_IREQREPLY: *icmptype = ICMP_IREQ; - *icmpid = 0; /* Nothing sane to match on! */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_MASKREQ: *icmp_dir = PF_IN; case ICMP_MASKREPLY: *icmptype = ICMP_MASKREQ; - *icmpid = 0; /* Nothing sane to match on! */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_IPV6_WHEREAREYOU: From nobody Wed Aug 7 13:44:45 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHd5GzPz5S9MG; Wed, 07 Aug 2024 13:44:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHd3Frpz4jRw; Wed, 7 Aug 2024 13:44:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038285; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FlxyrXYDtYH1MLdw6wSH10ycWcPQUYkUfjBG8HQd3l4=; b=N0+KcR34UtKSJdf3dsw7LZLsyi4sFcHrbAbalTYhCZ/Mr3Q2Sa6D2lbojjWwqL20cB7RLi I/cpfEPGUexgn5WPEb1/crImIFBo+VuZJD0XghnbsOczuSUyJBDplaybdIpq7Zm6b7A/6T LcPhX0eQjKZDfUz1E0y+I4JvtZARdxLjQEuCv+8NGFaG45wi7TRnvFv5Mhpi1chEkhOtGj ppOtYKZx6fV8Ve3Cj837KisWq862TGXmUGZuVp7CtUP9Kq5+/0eNVQZkJt1hp85KXti6Lb zb9O9pnVmE4BbfP+HZv+goWL69sZKtPFGO+hZcUx99JswAkqjiwnqaukAIlj7w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038285; a=rsa-sha256; cv=none; b=RSV61dkXlMRv7R2JKm5Y0XZI7B0oklUJ8citHphqMiEi57NVTHiEbdYQcZfZnsPl2F7H5t 6VKPIoOR08ca3kAtnOwl91BLnD0gymgDGVtYguJLceEqtNh6R3RJrVE4LN8zCx2qb+udzf 9pL6ei5SeTpIMiSsPYM2q9Ilq7yjkSV2RCHM4rFcQz2RkdUDxLqtu2YOSOyC9ymLlIkptL LQAn5gohVH90gdVNJclu8EB+0Ux3WS+TRSto/yem/bI0NktsU0TSGwABTECOr/z24j+ONO 77sTqJ/+MoBEXB6z0CVzOYLS1od25gczKgOjSC6ZC3RYwWrzRxK1dGpfzTPIyA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038285; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FlxyrXYDtYH1MLdw6wSH10ycWcPQUYkUfjBG8HQd3l4=; b=cipqLAK2zjYFSN5pvpbwE/dEe2pavgaXazLxdnh7Ok+uIKF+7RtnWd8XH9oe9JM96PpZrV 8mskeHPijngeARzL0jqjgQGG06cN7TxlQDHEPcOiNLIZ26wbgXnsH1+O0OD1CfuuVhvqR5 YhadWTroSrgOOdwlWBiOJtQ4INz0xEhYyaA5SeACiAy+ecrCLdxIP1doZgBqbtKBGfkSbh 2taVjke8wpXzZCfunKpsiLtRjmarQY6bYblajt/OOnPHvDAXLyYl6yxFG5HsofCX0dMQAg 4COLuLo8MKaMTut+if4HWohVxEP5/4/ZTNujohkWbmFJqan4679T15yztb+qAg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHd2t82zsmP; Wed, 7 Aug 2024 13:44:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DijSS034276; Wed, 7 Aug 2024 13:44:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DijpO034272; Wed, 7 Aug 2024 13:44:45 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:45 GMT Message-Id: <202408071344.477DijpO034272@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 110142ab3846 - releng/14.0 - pf: split ICMP/ICMPv6 number space in pf_icmp_mapping() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: 110142ab3846fdf2fad18acc06e3d041bf3df0f3 Auto-Submitted: auto-generated The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=110142ab3846fdf2fad18acc06e3d041bf3df0f3 commit 110142ab3846fdf2fad18acc06e3d041bf3df0f3 Author: Kristof Provost AuthorDate: 2024-07-10 12:10:50 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:31:30 +0000 pf: split ICMP/ICMPv6 number space in pf_icmp_mapping() In pf_icmp_mapping() the ICMP and ICMPv6 types shared the same number space. In fact they are independent and must be handled separately. Fix traceroute via pf by splitting pf_icmp_mapping() into IPv4 and IPv6 sections. ok henning@ mcbride@; tested mcbride@; sure deraadt@ Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, bluhm ef4bccd7509e Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 46755f52247bd34a7f013d6844ed0c673ac0defc) (cherry picked from commit 7f77305a5ba421f901cf3ac59a6449a70645fda4) --- sys/netpfil/pf/pf.c | 247 ++++++++++++++++++++++++++++------------------------ 1 file changed, 135 insertions(+), 112 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 71611acde2c7..72814861f35f 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1705,7 +1705,7 @@ pf_isforlocal(struct mbuf *m, int af) int pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, - int *icmp_dir, int *multi, u_int16_t *icmpid, u_int16_t *icmptype) + int *icmp_dir, int *multi, u_int16_t *virtual_id, u_int16_t *virtual_type) { /* * ICMP types marked with PF_OUT are typically responses to @@ -1715,128 +1715,151 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, *icmp_dir = PF_OUT; *multi = PF_ICMP_MULTI_LINK; /* Queries (and responses) */ - switch (type) { - case ICMP_ECHO: - *icmp_dir = PF_IN; - case ICMP_ECHOREPLY: - *icmptype = ICMP_ECHO; - *icmpid = pd->hdr.icmp.icmp_id; - break; + switch (pd->af) { +#ifdef INET + case AF_INET: + switch (type) { + case ICMP_ECHO: + *icmp_dir = PF_IN; + case ICMP_ECHOREPLY: + *virtual_type = ICMP_ECHO; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_TSTAMP: - *icmp_dir = PF_IN; - case ICMP_TSTAMPREPLY: - *icmptype = ICMP_TSTAMP; - *icmpid = pd->hdr.icmp.icmp_id; - break; + case ICMP_TSTAMP: + *icmp_dir = PF_IN; + case ICMP_TSTAMPREPLY: + *virtual_type = ICMP_TSTAMP; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_IREQ: - *icmp_dir = PF_IN; - case ICMP_IREQREPLY: - *icmptype = ICMP_IREQ; - *icmpid = pd->hdr.icmp.icmp_id; - break; + case ICMP_IREQ: + *icmp_dir = PF_IN; + case ICMP_IREQREPLY: + *virtual_type = ICMP_IREQ; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_MASKREQ: - *icmp_dir = PF_IN; - case ICMP_MASKREPLY: - *icmptype = ICMP_MASKREQ; - *icmpid = pd->hdr.icmp.icmp_id; - break; + case ICMP_MASKREQ: + *icmp_dir = PF_IN; + case ICMP_MASKREPLY: + *virtual_type = ICMP_MASKREQ; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_IPV6_WHEREAREYOU: - *icmp_dir = PF_IN; - case ICMP_IPV6_IAMHERE: - *icmptype = ICMP_IPV6_WHEREAREYOU; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ICMP_IPV6_WHEREAREYOU: + *icmp_dir = PF_IN; + case ICMP_IPV6_IAMHERE: + *virtual_type = ICMP_IPV6_WHEREAREYOU; + *virtual_id = 0; /* Nothing sane to match on! */ + break; - case ICMP_MOBILE_REGREQUEST: - *icmp_dir = PF_IN; - case ICMP_MOBILE_REGREPLY: - *icmptype = ICMP_MOBILE_REGREQUEST; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ICMP_MOBILE_REGREQUEST: + *icmp_dir = PF_IN; + case ICMP_MOBILE_REGREPLY: + *virtual_type = ICMP_MOBILE_REGREQUEST; + *virtual_id = 0; /* Nothing sane to match on! */ + break; - case ICMP_ROUTERSOLICIT: - *icmp_dir = PF_IN; - case ICMP_ROUTERADVERT: - *icmptype = ICMP_ROUTERSOLICIT; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ICMP_ROUTERSOLICIT: + *icmp_dir = PF_IN; + case ICMP_ROUTERADVERT: + *virtual_type = ICMP_ROUTERSOLICIT; + *virtual_id = 0; /* Nothing sane to match on! */ + break; -#ifdef INET6 - case ICMP6_ECHO_REQUEST: - *icmp_dir = PF_IN; - case ICMP6_ECHO_REPLY: - *icmptype = ICMP6_ECHO_REQUEST; - *icmpid = pd->hdr.icmp6.icmp6_id; - break; + /* These ICMP types map to other connections */ + case ICMP_UNREACH: + case ICMP_SOURCEQUENCH: + case ICMP_REDIRECT: + case ICMP_TIMXCEED: + case ICMP_PARAMPROB: + /* These will not be used, but set them anyway */ + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + HTONS(*virtual_type); + return (1); /* These types match to another state */ - case MLD_LISTENER_QUERY: - *icmp_dir = PF_IN; - case MLD_LISTENER_REPORT: { - *icmptype = MLD_LISTENER_QUERY; - *icmpid = 0; + /* + * All remaining ICMP types get their own states, + * and will only match in one direction. + */ + default: + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + break; + } break; - } +#endif /* INET */ +#ifdef INET6 + case AF_INET6: + switch (type) { + case ICMP6_ECHO_REQUEST: + *icmp_dir = PF_IN; + case ICMP6_ECHO_REPLY: + *virtual_type = ICMP6_ECHO_REQUEST; + *virtual_id = pd->hdr.icmp6.icmp6_id; + break; - /* ICMP6_FQDN and ICMP6_NI query/reply are the same type as ICMP6_WRU */ - case ICMP6_WRUREQUEST: - *icmp_dir = PF_IN; - case ICMP6_WRUREPLY: - *icmptype = ICMP6_WRUREQUEST; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case MLD_LISTENER_QUERY: + *icmp_dir = PF_IN; + case MLD_LISTENER_REPORT: { + *virtual_type = MLD_LISTENER_QUERY; + *virtual_id = 0; + break; + } + case MLD_MTRACE: + *icmp_dir = PF_IN; + case MLD_MTRACE_RESP: + *virtual_type = MLD_MTRACE; + *virtual_id = 0; /* Nothing sane to match on! */ + break; - case MLD_MTRACE: - *icmp_dir = PF_IN; - case MLD_MTRACE_RESP: - *icmptype = MLD_MTRACE; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ND_NEIGHBOR_SOLICIT: + *icmp_dir = PF_IN; + case ND_NEIGHBOR_ADVERT: { + *virtual_type = ND_NEIGHBOR_SOLICIT; + *virtual_id = 0; + break; + } - case ND_NEIGHBOR_SOLICIT: - *icmp_dir = PF_IN; - case ND_NEIGHBOR_ADVERT: { - *icmptype = ND_NEIGHBOR_SOLICIT; - *multi = PF_ICMP_MULTI_SOLICITED; - *icmpid = 0; + /* + * These ICMP types map to other connections. + * ND_REDIRECT can't be in this list because the triggering + * packet header is optional. + */ + case ICMP6_DST_UNREACH: + case ICMP6_PACKET_TOO_BIG: + case ICMP6_TIME_EXCEEDED: + case ICMP6_PARAM_PROB: + /* These will not be used, but set them anyway */ + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + HTONS(*virtual_type); + return (1); /* These types match to another state */ + /* + * All remaining ICMP6 types get their own states, + * and will only match in one direction. + */ + default: + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + break; + } break; - } - #endif /* INET6 */ - /* These ICMP types map to other connections */ - case ICMP_UNREACH: - case ICMP_SOURCEQUENCH: - case ICMP_REDIRECT: - case ICMP_TIMXCEED: - case ICMP_PARAMPROB: -#ifdef INET6 - /* - * ICMP6_TIME_EXCEEDED is the same type as ICMP_UNREACH - * ND_REDIRECT can't be in this list because the triggering packet - * header is optional. - */ - case ICMP6_PACKET_TOO_BIG: -#endif /* INET6 */ - /* These will not be used, but set them anyways */ - *icmp_dir = PF_IN; - *icmptype = htons(type); - *icmpid = 0; - return (1); /* These types are matched to other state */ - /* - * All remaining ICMP types get their own states, - * and will only match in one direction. - */ default: *icmp_dir = PF_IN; - *icmptype = type; - *icmpid = 0; + *virtual_type = type; + *virtual_id = 0; break; } - HTONS(*icmptype); - return (0); + HTONS(*virtual_type); + return (0); /* These types match to their own state */ } void @@ -4664,7 +4687,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, pf_change_a(&daddr->v4.s_addr, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); - if (virtual_type == ICMP_ECHO && + if (virtual_type == htons(ICMP_ECHO) && nk->port[pd->sidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( pd->hdr.icmp.icmp_cksum, sport, @@ -6583,13 +6606,13 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - (virtual_type == ICMP_ECHO && + (virtual_type == htons(ICMP_ECHO) && nk->port[iidx] != iih.icmp_id)) pf_change_icmp(pd2.src, - (virtual_type == ICMP_ECHO) ? + (virtual_type == htons(ICMP_ECHO)) ? &iih.icmp_id : NULL, daddr, &nk->addr[pd2.sidx], - (virtual_type == ICMP_ECHO) ? + (virtual_type == htons(ICMP_ECHO)) ? nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET); @@ -6649,13 +6672,13 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - ((virtual_type == ICMP6_ECHO_REQUEST) && + ((virtual_type == htons(ICMP6_ECHO_REQUEST)) && nk->port[pd2.sidx] != iih.icmp6_id)) pf_change_icmp(pd2.src, - (virtual_type == ICMP6_ECHO_REQUEST) + (virtual_type == htons(ICMP6_ECHO_REQUEST)) ? &iih.icmp6_id : NULL, daddr, &nk->addr[pd2.sidx], - (virtual_type == ICMP6_ECHO_REQUEST) + (virtual_type == htons(ICMP6_ECHO_REQUEST)) ? nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); From nobody Wed Aug 7 13:44:46 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHg1Xh0z5S9LC; Wed, 07 Aug 2024 13:44:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHf4GJHz4jS6; Wed, 7 Aug 2024 13:44:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038286; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N7RiAqDapYaI216MLrDJDcCVxFmne3BZf1/8Z7bt8s0=; b=bwwVK+1C6hKn9/jJ9sl388g8qh304ZAbuskCDcockbbRt2G3SX2mA9YLCDrZrvcU4dKyZ6 hzacI85fdt/6SHqssD6w9sFlelxhb3I0KVrT6EHmFTPNKovZc3hcUhRnsCOCdUdQTvY2Yf OfB7DmGFLpmYMchFD3lkYgPiBLiO5oLTwQZRRUDFJS8233L98d4U72aaL0zhpHadLB9Q53 dczRvadKYjiO5hgqcCempj7Rki26J/XsYgama3uT3ElVKUgtxL68CgMvpKn8+qcMTI6YlP jY4O+dYwJvk7gWvO0WyWSmEb2R66xiswpeF6DffcoXT5rvPoCh0naoKjWlFbMQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038286; a=rsa-sha256; cv=none; b=pYB4HD/AkMzCrVHNRo8uION8l9KNxswteL2GhgVcxCfjTuhZuBWkzNWFXzGSbmk72fVrvD K9HFj4sV5m3XyiBAKM+X7Sd/sqvuNKJHmKWAANqdChsygukWHU0HyddKYMP+TlHm8lSn6b vvRNnsRgTNJLq5j98xHACPbi3EfXVu+FbLP8WHBFbz7LFOo0GNjEoh8YS4Z36bNoZk3uTT qQUr9G2/aFD7h2ljXjL55FUfwIMLb4HKLiS6x8Tik4TwDJ5CoU9FrEWp33/8NNqG8gIMQ8 2soDOU5WXMAHqWzB5kqeHBZixo7xGHupecIvGvniVRrr2esp/I3AKfxCbfJWlA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038286; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N7RiAqDapYaI216MLrDJDcCVxFmne3BZf1/8Z7bt8s0=; b=MCnx4PqcfGNYpGCXQnyK191b1lpXUD3lkFdaJdxGCV8b7UyYmY4BnKNLC5frStmx6pSOhc Z90ITXCg1bs87/qZzoA+G3dymk888iUDMLtUTyJc3V7CfjoVFCDXDQ2uqhJXiyUv9fPjIS V6zZPCnM08DhaG9tODxOGV57a+mOghj8meqx3ejZB2J8c+UBca0qa6aaZ2jbmb41M8dhUA Rei3rscUD/9kmbD1Q9AU4Z6MY6ub05epEdve7kb188nPsUCIXp4PLkSXSWv5C1wN3msL4a Q+sUe1R3g1cIs+XPzY1okZcYjmAQ2DvckzvFDbgwzF/WEdRBZxJ9BJEsuPP7wA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHf3tmBzsgg; Wed, 7 Aug 2024 13:44:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477Dikm8034334; Wed, 7 Aug 2024 13:44:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Dikbx034331; Wed, 7 Aug 2024 13:44:46 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:46 GMT Message-Id: <202408071344.477Dikbx034331@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: ca9580967e74 - releng/14.0 - pf: allow MLD LR to be sent without state List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: ca9580967e7406bb23aa482f94a3c6a02ecbe6a1 Auto-Submitted: auto-generated The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=ca9580967e7406bb23aa482f94a3c6a02ecbe6a1 commit ca9580967e7406bb23aa482f94a3c6a02ecbe6a1 Author: Kristof Provost AuthorDate: 2024-07-10 12:36:18 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:31:30 +0000 pf: allow MLD LR to be sent without state Change PF behavior to allow MLD Listener Report packets to be sent without needing a previously created state by MLD Listener Query. It wasn't working because: (1) you might not have a previous MLD Listener Query and (2) the addresses of the Query and Report don't match. ok mikeb@, sashan@ Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, rzalamena , 5c526dbdb0f2 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 1afe4da75d1d2acd33b25eea942af28aa41c82c2) (cherry picked from commit 3382c691dc6a0d4e1f39ff67b5507f6542972498) --- sys/netpfil/pf/pf.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 72814861f35f..cf1c83aceff7 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1804,8 +1804,15 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, break; case MLD_LISTENER_QUERY: - *icmp_dir = PF_IN; case MLD_LISTENER_REPORT: { + /* + * Listener Report can be sent by clients + * without an associated Listener Query. + * In addition to that, when Report is sent as a + * reply to a Query its source and destination + * address are different. + */ + *icmp_dir = PF_IN; *virtual_type = MLD_LISTENER_QUERY; *virtual_id = 0; break; From nobody Wed Aug 7 13:44:47 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHg6Bf8z5S93N; Wed, 07 Aug 2024 13:44:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHg4kh2z4jcS; Wed, 7 Aug 2024 13:44:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oFmBx1+itiSfFrHkZ2tkzuIgIOOpj3D1rSKY07HiF9I=; b=kfAjlML7EoTZd6nTvL50UJJ1g5h9AxdUOlPqqvC8D1DUWH4eGUWOzCk7PwQzzUkjTJumUs /Z6tL6xGXLkdx8ipGS1Idfqk8dvXbM1ruIEaqdLr13PQFF7j/ib/il27llbmhQ6+GnUaQG 1sVl58EDsqmACzCUaKHhJfvBkVITqjD0kGfBZ0w1oB9PAtW/pDsyKdGNi0wWdt8gq1uPsF HpO9BMbh2bbozck8m7TBwtXyL38dPJZY0JnQLWjhTKuQta58iqcc8RT06AbBC4sR9hPgYN 0RSWtWFIwD4C6NuUPoPqve0EPNpGuGrlau/iY8bJwfcSaiDLHtG5m+Y/HA6Zyg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038287; a=rsa-sha256; cv=none; b=n/HgVYamnPf3jdGYhcHQJucUZcehHuWszHPl6mph4/Oude6AL4wZzkc5+/ZYJTXfngroQE aAbvRjjC8PA8RPdiqEyq/sCWDCOlKoNBcjLLV6VI251H6V22gyu8jxvLfqyn5j1ZH3/Mbm wjQ2gxVrTEuTCy+ESgnZt2AwKAe2ogiXRH8EJpA36e+5izXpexSc4aziFgyjzUzpFh0+Dy C/IK6kK+h/RxMdwMbg5E7+T78ATQ41IeFOilgjdhB6r3DPj+REehksz1lwALghG1v26n84 Qq/WJ+1uPIc/iDXgt2MfOeinmB7WyFwVdVJtPINqIM8l+2l+Gi31XM35VeBedQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oFmBx1+itiSfFrHkZ2tkzuIgIOOpj3D1rSKY07HiF9I=; b=JdtXlgGhSfPQt3J2hMZHMjrhXw2buv58fVUei3FbDljNnVDity3N/Tn4Un1v/B6dzx+LUg ECzXom+h92xHyeDC3cBSJFijnvw0BRlQuqTpzacITqPknMm7ZOWglWPkBrPpMzW3Wsrpd5 uvTrJjbjKd2+pQcx1B4uiBSrrd5OqYu83H6oM83pXmFgBjM6DC4yf8qHvpsX3NO+DrRCUU ZOzTCRvjnQhgST7Ueeuupm5pv4XSQGRwUA5iawMK2u8nvfdZcWkK3jK9AHpYZ+fPczpOXV 3qpHWgJ8loUwhv2YxWFzKBBF4hpJ+eWierx4m9xYIY+gMJ+SDay2P9cAWSaeFQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHg4DXfzt3x; Wed, 7 Aug 2024 13:44:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DilDx034379; Wed, 7 Aug 2024 13:44:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiloC034376; Wed, 7 Aug 2024 13:44:47 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:47 GMT Message-Id: <202408071344.477DiloC034376@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: c39fb98e4740 - releng/14.0 - ktrace: Fix an inverted privilege check List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: c39fb98e47400b0808a49628d0c57489e8a5a8ee Auto-Submitted: auto-generated The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=c39fb98e47400b0808a49628d0c57489e8a5a8ee commit c39fb98e47400b0808a49628d0c57489e8a5a8ee Author: Mark Johnston AuthorDate: 2024-08-07 13:38:54 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:43:35 +0000 ktrace: Fix an inverted privilege check Approved by: so Security: FreeBSD-SA-24:06.ktrace Security: CVE-2024-6760 Fixes: 1762f674ccb5 ("ktrace: pack all ktrace parameters into allocated structure ktr_io_params") (cherry picked from commit 166b7573b5220aadf8b02a85933c9651b909b309) (cherry picked from commit 8b400c8488f0b9e67ae269f6d8e5022a3bc7d854) --- sys/kern/kern_ktrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 01158c2c238f..196450af2c84 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -593,7 +593,7 @@ ktrprocexec(struct proc *p) PROC_LOCK_ASSERT(p, MA_OWNED); kiop = p->p_ktrioparms; - if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED)) + if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED) == 0) return (NULL); mtx_lock(&ktrace_mtx); From nobody Wed Aug 7 13:44:48 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHj22Gjz5S99l; Wed, 07 Aug 2024 13:44:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHh5w6vz4jcf; Wed, 7 Aug 2024 13:44:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YKAMAW70giEoU1tDR84ojPYmqnNMl9jFqKtfZiOYxXs=; b=wdBBmn0ffI3H28gppY4hxi8nmHPw6qmVKgYZXKPUaeQ4W4H7bvjxzjxYZ5KzjmhqEurdNd k475fuPOMpYC1pFB+dxjUfGFSvS8lXtcuYApUVNsHPMsUEPiCA2gHdcdI+jMrYn/miZmYt OLUJ4dzG63uBcw4Wz6WQYNk+Uw0M/JZGFqTdB9EcKziZX6IgMaG3BJs4itztyfZaJgqPA9 P4hIgJzu7cZIFmycI8dxXU7gDHSiJs1Gzvm9c7M7eyhr6OS4iWKUTyljmsW6tWWOf6Npcc E5CThTa3aCrTW8RxLqS/l3SUb1jLyan0a+OrYMWiqduYEj/D0y8TyA7d8D1NyQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038288; a=rsa-sha256; cv=none; b=Gebt8IHM9lx5E4a2s4KLb/Q8f6Xk8WdRP3UPKDa8QZTxJrFdEnPvxyMnjaJnU+2v944bMv QghNQQ69b4ytaff4OZvVE+JTLgAnnNHsyewdT0eCz54j/LB6hlZKRqMoSFtzNIkWWwed1S z//274ah/vz+Mvk6UbqaNgFlLfkVZEoBbcxRo2j4WGW9Mxo3OT+f90Juj+fZNugWH8z8Js 1S/S9GbV9mMv4U9KItd1SB3UTW4agw43qYChBoK+l9nwJOq9RTFMjrDyWxXeLJ64bHmtBR uYReSvBxpt8Amd3z+sG2lJ4fz6vie+G0PmuRNLMcyMtZPTFXCzKzKJqv/ehOnw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YKAMAW70giEoU1tDR84ojPYmqnNMl9jFqKtfZiOYxXs=; b=VT9odTZMAa2IY7Aq3DCQNth4eIa4bubxxqT0187+UiukH7Mbz2DwWg9+WJhP1YHMhI+XOn xU/Hls2WzlidNs/BI1heemotN9q9Gosr7zB/BPwcOefQj4B6iSNHBXU8NUAmgJUyaGTebY S51pDKwgqe9Gnbpn0Sl0r6w7ml9mZjVZfBho3jx35YvSj0CwcD9PPXSfOGw5UgPvaanuLG o7oK3mCbbou7ZogzkDFMGkpsSoZCnPOtVQCOgpQHKU9iJu8XqVtGau6Lqgmz66aUIbHUhp Hc6khNhxYYIjFIMNHI8GSXWyf1qvQMO2vy8gKoZgZKU7d8Ti2hb6xBbUpNs1gw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHh5WsJzspM; Wed, 7 Aug 2024 13:44:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DimKE034430; Wed, 7 Aug 2024 13:44:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Dimrn034427; Wed, 7 Aug 2024 13:44:48 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:48 GMT Message-Id: <202408071344.477Dimrn034427@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 9020582c32ed - releng/14.0 - Add UPDATING entries and bump the branch version List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: 9020582c32ed0901385ef706fd96db0ad8f629b0 Auto-Submitted: auto-generated The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=9020582c32ed0901385ef706fd96db0ad8f629b0 commit 9020582c32ed0901385ef706fd96db0ad8f629b0 Author: Mark Johnston AuthorDate: 2024-08-06 23:08:58 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:43:38 +0000 Add UPDATING entries and bump the branch version Approved by: so --- UPDATING | 17 +++++++++++++++++ sys/conf/newvers.sh | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index c786fe74c829..dda09f1d5226 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,23 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20240807: + 14.0-RELEASE-p9 EN-24:14.ifconfig + SA-24:05.pf + SA-24:06.ktrace + SA-24:07.nfsclient + SA-24:08.openssh + + Incorrect ifconfig netmask assignment [EN-24:14.ifconfig] + + pf incorrectly matches different ICMPv6 states in the state table [SA-24:05.pf] + + ktrace(2) fails to detach when executing a setuid binary [SA-24:06.ktrace] + + NFS client accepts file names containing path separators [SA-24:07.nfsclient] + + OpenSSH pre-authentication async signal safety issue [SA-24:08.openssh] + 20240701: 14.0-RELEASE-p8 SA-24:04.openssh diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index d566b1b8f6c5..b13f7b741ea6 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="14.0" -BRANCH="RELEASE-p8" +BRANCH="RELEASE-p9" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Wed Aug 7 13:44:52 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHn11qbz5S9LM; Wed, 07 Aug 2024 13:44:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHm5sjxz4jdF; Wed, 7 Aug 2024 13:44:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038292; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6ssOh0VlVGLt2Znpe/kY4Z+7jOBABBe/mZnESWordA0=; b=BWWj0oU3n/Xz+U+gYLopcywH9XWjzOWioFCfd1x2rHGRCjogH+bafOV9KYVBEFWygCTMR3 PyK1atf6e0IFF0amwNapZO8UFPoaz3pSO/fv5Ah4Br95NWXKfnbVxnsP9Nyh1ZO4rn35pl qskjz8ZJrpqHw8JruwO/mxX02sBPZ1Wb12f/j1pFM/6IZ/hzNxkpzcs//uIbwNniKAmxCg d5uCa5G9+6VTrhDQUgs+vGY0VQKbbuvHy6pOORoqUNAMpn9G/bhwwrgezRWzyq6Px+NZmx CT8N8evAA11na4fTzn917QATAoQEPGwCSQyqM0jjZoNcWjte+PJcNYsyKOB2zA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038292; a=rsa-sha256; cv=none; b=LWqyNBFSQ87kAc3x9KWxPJTlVdd1eZdmkOViF3VXxeTvXzhF5p/kuRS7qZHoJpAvz44gmO QT80GmPL9v67HawiFLGe+mtW40E/wHOJ+Z+fu3ex/UkK3gRPoa4dUlo+5xi1xCqmfJBV9a FNJPwYas4L0LGRE4Wz7UCnqSSKhxW5Az3nprkCLAXeZYSJUJDz4pLJFbtvSIZl6hMb+TMl z2IW7GuK09HV1YO8uHI+U0SGW+FoqaV9fDJ5Rw3Ikl4mAvlDp4qOzgnbmPCn7vKh0/qh6j Zt6q+YG0rqGdFCy3pZ4UYlOetvm9Ukelgl46GhjJq4d3R/9+QGA20Ks4PnolqQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038292; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6ssOh0VlVGLt2Znpe/kY4Z+7jOBABBe/mZnESWordA0=; b=ahz5q2w/0iF9z6VXe6G2zSlDk5/FDL9ZvSxGRYZ59lmH7l2AzwIxmzs1jpv+BuIAP4oCEp MhDqDvXpYE1pcGWDL6XtypVEbIXVdmhBHv5OCWtEKbVOeshduPeYUOtp8iu58OoSy0pgIj IYHrMDovHmraV/RKOACpGqlJodIGB1645KzF6zNASwUlJfCi6K7kFe5PSjQbTZMV2O5G2e Aa8eiv+zxa3sJ74g6Lg/G0D6x6djXh4JmJCQPr5UkUqPW/NAZKaPPLNxiSdeN+/AMOj/7f /16cR6Ly/9/GmHs13wf7Wn7YtbjgmENY07xDu2ooGJf79wOW96VzQjgnBMw1WA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHm5TsYzt3y; Wed, 7 Aug 2024 13:44:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477Diq8X034647; Wed, 7 Aug 2024 13:44:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiquT034644; Wed, 7 Aug 2024 13:44:52 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:52 GMT Message-Id: <202408071344.477DiquT034644@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 3d5cb2b9a97c - releng/13.3 - nfscl: Scan readdir reply filenames for invalid characters List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.3 X-Git-Reftype: branch X-Git-Commit: 3d5cb2b9a97c54ae013568a358f24e8eca51c75f Auto-Submitted: auto-generated The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=3d5cb2b9a97c54ae013568a358f24e8eca51c75f commit 3d5cb2b9a97c54ae013568a358f24e8eca51c75f Author: Rick Macklem AuthorDate: 2024-07-21 22:56:16 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:37:00 +0000 nfscl: Scan readdir reply filenames for invalid characters The NFS RFCs are pretty loose with respect to what characters can be in a filename returned by a Readdir. However, FreeBSD, as a POSIX system will not handle imbedded '/' or nul characters in file names. Also, for NFSv4, the file names "." and ".." are handcrafted on the client and should not be returned by a NFSv4 server. This patch scans for the above in filenames returned by Readdir and ignores any entry returned by Readdir which has them in it. Because an imbedded nul would be a string terminator, it was not possible to code this check efficiently using string(3) functions. Approved by: so Security: FreeBSD-SA-24:07.nfsclient Security: CVE-2024-6759 Reported by: Apple Security Engineering and Architecture (SEAR) (cherry picked from commit 026cdaa3b3a92574d9ac3155216e5cc0b0bd4c51) (cherry picked from commit 0172b5145ad9435569978ed4d268b9f65ac59526) --- sys/fs/nfsclient/nfs_clrpcops.c | 137 ++++++++++++++++++++++++++++++++-------- 1 file changed, 110 insertions(+), 27 deletions(-) diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index 899d81efcf7c..c49f19fb0450 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -140,6 +140,7 @@ static int nfsrpc_createv4(vnode_t , char *, int, struct vattr *, nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *, int *, void *, int *); +static bool nfscl_invalidfname(bool, char *, int); static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *, struct nfscllockowner *, u_int64_t, u_int64_t, u_int32_t, struct ucred *, NFSPROC_T *, int); @@ -2997,6 +2998,31 @@ nfsrpc_rmdir(vnode_t dvp, char *name, int namelen, struct ucred *cred, return (error); } +/* + * Check to make sure the file name in a Readdir reply is valid. + */ +static bool +nfscl_invalidfname(bool is_v4, char *name, int len) +{ + int i; + char *cp; + + if (is_v4 && ((len == 1 && name[0] == '.') || + (len == 2 && name[0] == '.' && name[1] == '.'))) { + printf("Readdir NFSv4 reply has dot or dotdot in it\n"); + return (true); + } + cp = name; + for (i = 0; i < len; i++, cp++) { + if (*cp == '/' || *cp == '\0') { + printf("Readdir reply file name had imbedded / or nul" + " byte\n"); + return (true); + } + } + return (false); +} + /* * Readdir rpc. * Always returns with either uio_resid unchanged, if you are at the @@ -3049,6 +3075,8 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, KASSERT(uiop->uio_iovcnt == 1 && (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0, ("nfs readdirrpc bad uio")); + KASSERT(uiop->uio_segflg == UIO_SYSSPACE, + ("nfsrpc_readdir: uio userspace")); ncookie.lval[0] = ncookie.lval[1] = 0; /* * There is no point in reading a lot more than uio_resid, however @@ -3307,6 +3335,17 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, uiop->uio_resid) bigenough = 0; if (bigenough) { + struct iovec saviov; + off_t savoff; + ssize_t savresid; + int savblksiz; + + saviov.iov_base = uiop->uio_iov->iov_base; + saviov.iov_len = uiop->uio_iov->iov_len; + savoff = uiop->uio_offset; + savresid = uiop->uio_resid; + savblksiz = blksiz; + dp = (struct dirent *)uiop->uio_iov->iov_base; dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; @@ -3322,20 +3361,35 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base + DIRHDSIZ; uiop->uio_iov->iov_len -= DIRHDSIZ; + cp = uiop->uio_iov->iov_base; error = nfsm_mbufuio(nd, uiop, len); if (error) goto nfsmout; - cp = uiop->uio_iov->iov_base; - tlen -= len; - NFSBZERO(cp, tlen); - cp += tlen; /* points to cookie storage */ - tl2 = (u_int32_t *)cp; - uiop->uio_iov->iov_base = - (char *)uiop->uio_iov->iov_base + tlen + - NFSX_HYPER; - uiop->uio_iov->iov_len -= tlen + NFSX_HYPER; - uiop->uio_resid -= tlen + NFSX_HYPER; - uiop->uio_offset += (tlen + NFSX_HYPER); + /* Check for an invalid file name. */ + if (nfscl_invalidfname( + (nd->nd_flag & ND_NFSV4) != 0, cp, len)) { + /* Skip over this entry. */ + uiop->uio_iov->iov_base = + saviov.iov_base; + uiop->uio_iov->iov_len = + saviov.iov_len; + uiop->uio_offset = savoff; + uiop->uio_resid = savresid; + blksiz = savblksiz; + } else { + cp = uiop->uio_iov->iov_base; + tlen -= len; + NFSBZERO(cp, tlen); + cp += tlen; /* points to cookie store */ + tl2 = (u_int32_t *)cp; + uiop->uio_iov->iov_base = + (char *)uiop->uio_iov->iov_base + + tlen + NFSX_HYPER; + uiop->uio_iov->iov_len -= tlen + + NFSX_HYPER; + uiop->uio_resid -= tlen + NFSX_HYPER; + uiop->uio_offset += (tlen + NFSX_HYPER); + } } else { error = nfsm_advance(nd, NFSM_RNDUP(len), -1); if (error) @@ -3503,6 +3557,8 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, KASSERT(uiop->uio_iovcnt == 1 && (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0, ("nfs readdirplusrpc bad uio")); + KASSERT(uiop->uio_segflg == UIO_SYSSPACE, + ("nfsrpc_readdirplus: uio userspace")); ncookie.lval[0] = ncookie.lval[1] = 0; timespecclear(&dctime); *attrflagp = 0; @@ -3738,6 +3794,17 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, uiop->uio_resid) bigenough = 0; if (bigenough) { + struct iovec saviov; + off_t savoff; + ssize_t savresid; + int savblksiz; + + saviov.iov_base = uiop->uio_iov->iov_base; + saviov.iov_len = uiop->uio_iov->iov_len; + savoff = uiop->uio_offset; + savresid = uiop->uio_resid; + savblksiz = blksiz; + dp = (struct dirent *)uiop->uio_iov->iov_base; dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; @@ -3756,25 +3823,41 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep, cnp->cn_nameptr = uiop->uio_iov->iov_base; cnp->cn_namelen = len; NFSCNHASHZERO(cnp); + cp = uiop->uio_iov->iov_base; error = nfsm_mbufuio(nd, uiop, len); if (error) goto nfsmout; - cp = uiop->uio_iov->iov_base; - tlen -= len; - NFSBZERO(cp, tlen); - cp += tlen; /* points to cookie storage */ - tl2 = (u_int32_t *)cp; - if (len == 2 && cnp->cn_nameptr[0] == '.' && - cnp->cn_nameptr[1] == '.') - isdotdot = 1; - else - isdotdot = 0; - uiop->uio_iov->iov_base = - (char *)uiop->uio_iov->iov_base + tlen + - NFSX_HYPER; - uiop->uio_iov->iov_len -= tlen + NFSX_HYPER; - uiop->uio_resid -= tlen + NFSX_HYPER; - uiop->uio_offset += (tlen + NFSX_HYPER); + /* Check for an invalid file name. */ + if (nfscl_invalidfname( + (nd->nd_flag & ND_NFSV4) != 0, cp, len)) { + /* Skip over this entry. */ + uiop->uio_iov->iov_base = + saviov.iov_base; + uiop->uio_iov->iov_len = + saviov.iov_len; + uiop->uio_offset = savoff; + uiop->uio_resid = savresid; + blksiz = savblksiz; + } else { + cp = uiop->uio_iov->iov_base; + tlen -= len; + NFSBZERO(cp, tlen); + cp += tlen; /* points to cookie store */ + tl2 = (u_int32_t *)cp; + if (len == 2 && + cnp->cn_nameptr[0] == '.' && + cnp->cn_nameptr[1] == '.') + isdotdot = 1; + else + isdotdot = 0; + uiop->uio_iov->iov_base = + (char *)uiop->uio_iov->iov_base + + tlen + NFSX_HYPER; + uiop->uio_iov->iov_len -= tlen + + NFSX_HYPER; + uiop->uio_resid -= tlen + NFSX_HYPER; + uiop->uio_offset += (tlen + NFSX_HYPER); + } } else { error = nfsm_advance(nd, NFSM_RNDUP(len), -1); if (error) From nobody Wed Aug 7 13:44:53 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHp1wbWz5S99w; Wed, 07 Aug 2024 13:44:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHn6JwKz4jq4; Wed, 7 Aug 2024 13:44:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=12jHmcDb9XXIdgXgVVh/JqG5CUU0rkOd+C7CeNb9qAQ=; b=fW3KWwETrErIlgyeqbkdh3nJ/USJks50j5L5hKIxQcE1WbLSj+vDSgHJYEeS8n7WAQQJ7h R+NAs5dtnSQt2H8HKEmd4HEudKUFAxxB7JCYmMZidOZ+jpLAqXd5FUu1QazKXRPQ5VpLuo huN9v3G0NF5cc+1lMozLt9hy5n5eQAJD6Q/tWXgZ9yirJIUTn7mN1UrZCOYbqc+s7K4fbK lHQOcYMG4RHfgMe6be2Y5M/3L5SRB80n+/DYJSOn1wPeahmzrM3HfxjgE3ppLXCpSrGOrD W8l4PNcqEQVUIqjfplrmqR8uJGUIcQ7u6+kAOgfnEmEgSd56SYkVHqpkqg1y7w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038293; a=rsa-sha256; cv=none; b=ie/WCJNcbml1EHJWRGWOsyTsIDZIyMAIAsw9VTmP3OoSX3GcxHgZe6BwPZjCozi/+1WjNn ERrjF6wB9jGUe4nVRlshIee9zZY8BZtW8NEoP7loSvUcrs97RxHF1MqyuKCWy04gx1n87B mWdmYvsZf/LkfnXQkUEOY6gSL5or7iRNMcxj9/apjCjd7a+uXQLEUjsRFCZJYlO6+Wj3Ve vcAnnPKI1ak7uGMFqJKuvB7HduWhvDh7dkmtcZdYzD5xkNxdY860O8mLPmmPxy0S33GIt7 8ondJK6/VXSYXpNMWr+haBAcwObonpDrH2zg+ecP3J3zrM4GqEkSr3C1/JJejQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=12jHmcDb9XXIdgXgVVh/JqG5CUU0rkOd+C7CeNb9qAQ=; b=ifh0wdrCQUi3BTOkB/GB4wRw8GjnaVfVZa9LhhGLg4m9TCgfXo3SvishBawr+o9ifYCP+I XX4TOUVNQA3hTJn0tYqo7FSRSmKRLHixA4V89bVMYFwtXx/4D84dlMXBI0am+W8P/+wGZl /tgillRWa6MjS55+DnI+qPFFank8ebXYovf9ZqJskfKDK/+HXa/dKBRd65VhmKd/QFvUxR UyRFgKt4435LC9Xr1z5ryDkGWrg4dTeWMBX1HVrWxIwYTq4SBrsTgtJP4jNE7SzHT8nN3W oyGFpVvvfaB6HHucwWyi/JdUuvYp29TKOs/3608Veu3LJz5igRyDBItyPIc47g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHn5wW9zsVB; Wed, 7 Aug 2024 13:44:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DirYT034701; Wed, 7 Aug 2024 13:44:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Dir9T034698; Wed, 7 Aug 2024 13:44:53 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:53 GMT Message-Id: <202408071344.477Dir9T034698@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: e576536cbae1 - releng/13.3 - pf: stricter state checking for ICMP and ICMPv6 packets List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.3 X-Git-Reftype: branch X-Git-Commit: e576536cbae157692116df6639e7c7cc643accad Auto-Submitted: auto-generated The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=e576536cbae157692116df6639e7c7cc643accad commit e576536cbae157692116df6639e7c7cc643accad Author: Kristof Provost AuthorDate: 2024-07-09 13:59:33 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:37:13 +0000 pf: stricter state checking for ICMP and ICMPv6 packets Include the ICMP type in one port of the state key, using the type to determine which side should be the id, and which should be the type. Also: - Handle ICMP6 messages which are typically sent to multicast addresses but recieve unicast replies, by doing fallthrough lookups against the correct multicast address. - Clear up some mistaken assumptions in the PF code: - Not all ICMP packets have an icmp_id, so simulate one based on other data if we can, otherwise set it to 0. - Don't modify the icmp id field in NAT unless it's echo - Use the full range of possible id's when NATing icmp6 echoy ok henning marco testing matthieu todd Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, mcbride 70bf7555ef4c Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 534ee17e61ee094ec175703bc50e88ff6587703e) --- sys/netpfil/pf/pf.c | 380 ++++++++++++++++++++++++++++++++++++++----------- sys/netpfil/pf/pf_lb.c | 19 ++- 2 files changed, 316 insertions(+), 83 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index e03fcbbe37a9..1bdc695f698c 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -276,6 +276,8 @@ static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *, u_int16_t, u_int8_t, sa_family_t); static int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *, struct tcphdr *, struct pf_state_peer *); +int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *, + int *, u_int16_t *, u_int16_t *); static void pf_change_icmp(struct pf_addr *, u_int16_t *, struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t *, u_int16_t *, u_int16_t *, @@ -316,6 +318,10 @@ static int pf_test_state_tcp(struct pf_kstate **, int, static int pf_test_state_udp(struct pf_kstate **, int, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *); +int pf_icmp_state_lookup(struct pf_state_key_cmp *, + struct pf_pdesc *, struct pf_kstate **, struct mbuf *, + int, struct pfi_kkif *, u_int16_t, u_int16_t, + int, int *, int); static int pf_test_state_icmp(struct pf_kstate **, int, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); @@ -369,6 +375,7 @@ extern int pf_end_threads; extern struct proc *pf_purge_proc; VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); +enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK }; #define PACKET_UNDO_NAT(_m, _pd, _off, _s, _dir) \ do { \ @@ -1689,6 +1696,142 @@ pf_isforlocal(struct mbuf *m, int af) return (false); } +int +pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, + int *icmp_dir, int *multi, u_int16_t *icmpid, u_int16_t *icmptype) +{ + /* + * ICMP types marked with PF_OUT are typically responses to + * PF_IN, and will match states in the opposite direction. + * PF_IN ICMP types need to match a state with that type. + */ + *icmp_dir = PF_OUT; + *multi = PF_ICMP_MULTI_LINK; + /* Queries (and responses) */ + switch (type) { + case ICMP_ECHO: + *icmp_dir = PF_IN; + case ICMP_ECHOREPLY: + *icmptype = ICMP_ECHO; + *icmpid = pd->hdr.icmp.icmp_id; + break; + + case ICMP_TSTAMP: + *icmp_dir = PF_IN; + case ICMP_TSTAMPREPLY: + *icmptype = ICMP_TSTAMP; + *icmpid = 0; /* Time is not a secret. */ + break; + + case ICMP_IREQ: + *icmp_dir = PF_IN; + case ICMP_IREQREPLY: + *icmptype = ICMP_IREQ; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_MASKREQ: + *icmp_dir = PF_IN; + case ICMP_MASKREPLY: + *icmptype = ICMP_MASKREQ; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_IPV6_WHEREAREYOU: + *icmp_dir = PF_IN; + case ICMP_IPV6_IAMHERE: + *icmptype = ICMP_IPV6_WHEREAREYOU; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_MOBILE_REGREQUEST: + *icmp_dir = PF_IN; + case ICMP_MOBILE_REGREPLY: + *icmptype = ICMP_MOBILE_REGREQUEST; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ICMP_ROUTERSOLICIT: + *icmp_dir = PF_IN; + case ICMP_ROUTERADVERT: + *icmptype = ICMP_ROUTERSOLICIT; + *icmpid = 0; /* Nothing sane to match on! */ + break; + +#ifdef INET6 + case ICMP6_ECHO_REQUEST: + *icmp_dir = PF_IN; + case ICMP6_ECHO_REPLY: + *icmptype = ICMP6_ECHO_REQUEST; + *icmpid = pd->hdr.icmp6.icmp6_id; + break; + + case MLD_LISTENER_QUERY: + *icmp_dir = PF_IN; + case MLD_LISTENER_REPORT: { + *icmptype = MLD_LISTENER_QUERY; + *icmpid = 0; + break; + } + + /* ICMP6_FQDN and ICMP6_NI query/reply are the same type as ICMP6_WRU */ + case ICMP6_WRUREQUEST: + *icmp_dir = PF_IN; + case ICMP6_WRUREPLY: + *icmptype = ICMP6_WRUREQUEST; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case MLD_MTRACE: + *icmp_dir = PF_IN; + case MLD_MTRACE_RESP: + *icmptype = MLD_MTRACE; + *icmpid = 0; /* Nothing sane to match on! */ + break; + + case ND_NEIGHBOR_SOLICIT: + *icmp_dir = PF_IN; + case ND_NEIGHBOR_ADVERT: { + *icmptype = ND_NEIGHBOR_SOLICIT; + *multi = PF_ICMP_MULTI_SOLICITED; + *icmpid = 0; + break; + } + +#endif /* INET6 */ + /* These ICMP types map to other connections */ + case ICMP_UNREACH: + case ICMP_SOURCEQUENCH: + case ICMP_REDIRECT: + case ICMP_TIMXCEED: + case ICMP_PARAMPROB: +#ifdef INET6 + /* + * ICMP6_TIME_EXCEEDED is the same type as ICMP_UNREACH + * ND_REDIRECT can't be in this list because the triggering packet + * header is optional. + */ + case ICMP6_PACKET_TOO_BIG: +#endif /* INET6 */ + /* These will not be used, but set them anyways */ + *icmp_dir = PF_IN; + *icmptype = htons(type); + *icmpid = 0; + return (1); /* These types are matched to other state */ + /* + * All remaining ICMP types get their own states, + * and will only match in one direction. + */ + default: + *icmp_dir = PF_IN; + *icmptype = type; + *icmpid = 0; + break; + } + HTONS(*icmptype); + return (0); +} + void pf_intr(void *v) { @@ -3851,8 +3994,8 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction, int tag = -1, rtableid = -1; int asd = 0; int match = 0; - int state_icmp = 0; - u_int16_t sport = 0, dport = 0; + int state_icmp = 0, icmp_dir, multi; + u_int16_t sport = 0, dport = 0, virtual_type, virtual_id; u_int16_t bproto_sum = 0, bip_sum = 0; u_int8_t icmptype = 0, icmpcode = 0; struct pf_kanchor_stackframe anchor_stack[PF_ANCHOR_STACKSIZE]; @@ -3886,33 +4029,37 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction, case IPPROTO_ICMP: if (pd->af != AF_INET) break; - sport = dport = pd->hdr.icmp.icmp_id; hdrlen = sizeof(pd->hdr.icmp); icmptype = pd->hdr.icmp.icmp_type; icmpcode = pd->hdr.icmp.icmp_code; - - if (icmptype == ICMP_UNREACH || - icmptype == ICMP_SOURCEQUENCH || - icmptype == ICMP_REDIRECT || - icmptype == ICMP_TIMXCEED || - icmptype == ICMP_PARAMPROB) - state_icmp++; + state_icmp = pf_icmp_mapping(pd, icmptype, + &icmp_dir, &multi, &virtual_id, &virtual_type); + if (icmp_dir == PF_IN) { + sport = virtual_id; + dport = virtual_type; + } else { + sport = virtual_type; + dport = virtual_id; + } break; #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: if (af != AF_INET6) break; - sport = dport = pd->hdr.icmp6.icmp6_id; hdrlen = sizeof(pd->hdr.icmp6); icmptype = pd->hdr.icmp6.icmp6_type; icmpcode = pd->hdr.icmp6.icmp6_code; + state_icmp = pf_icmp_mapping(pd, icmptype, + &icmp_dir, &multi, &virtual_id, &virtual_type); + if (icmp_dir == PF_IN) { + sport = virtual_id; + dport = virtual_type; + } else { + sport = virtual_type; + dport = virtual_id; + } - if (icmptype == ICMP6_DST_UNREACH || - icmptype == ICMP6_PACKET_TOO_BIG || - icmptype == ICMP6_TIME_EXCEEDED || - icmptype == ICMP6_PARAM_PROB) - state_icmp++; break; #endif /* INET6 */ default: @@ -4001,7 +4148,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction, } #ifdef INET case IPPROTO_ICMP: - nk->port[0] = nk->port[1]; if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET)) pf_change_a(&saddr->v4.s_addr, pd->ip_sum, nk->addr[pd->sidx].v4.s_addr, 0); @@ -4010,11 +4156,12 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction, pf_change_a(&daddr->v4.s_addr, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); - if (nk->port[1] != pd->hdr.icmp.icmp_id) { + if (virtual_type == ICMP_ECHO && + nk->port[pd->sidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( pd->hdr.icmp.icmp_cksum, sport, - nk->port[1], 0); - pd->hdr.icmp.icmp_id = nk->port[1]; + nk->port[pd->sidx], 0); + pd->hdr.icmp.icmp_id = nk->port[pd->sidx]; pd->sport = &pd->hdr.icmp.icmp_id; } m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp); @@ -4022,7 +4169,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction, #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: - nk->port[0] = nk->port[1]; if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET6)) pf_change_a6(saddr, &pd->hdr.icmp6.icmp6_cksum, &nk->addr[pd->sidx], 0); @@ -5812,15 +5958,73 @@ pf_multihome_scan_asconf(struct mbuf *m, int start, int len, return (pf_multihome_scan(m, start, len, pd, kif, SCTP_ADD_IP_ADDRESS)); } +int +pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd, + struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif, + u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi) +{ + key->af = pd->af; + key->proto = pd->proto; + if (icmp_dir == PF_IN) { + *iidx = pd->sidx; + key->port[pd->sidx] = icmpid; + key->port[pd->didx] = type; + } else { + *iidx = pd->didx; + key->port[pd->sidx] = type; + key->port[pd->didx] = icmpid; + } + if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) { + switch (multi) { + case PF_ICMP_MULTI_SOLICITED: + key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; + key->addr[pd->sidx].addr32[1] = 0; + key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE; + key->addr[pd->sidx].addr32[3] = pd->src->addr32[3]; + key->addr[pd->sidx].addr8[12] = 0xff; + break; + case PF_ICMP_MULTI_LINK: + key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; + key->addr[pd->sidx].addr32[1] = 0; + key->addr[pd->sidx].addr32[2] = 0; + key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE; + break; + } + } else + PF_ACPY(&key->addr[pd->sidx], pd->src, key->af); + PF_ACPY(&key->addr[pd->didx], pd->dst, key->af); + + STATE_LOOKUP(kif, key, direction, *state, pd); + + /* Is this ICMP message flowing in right direction? */ + if ((*state)->rule.ptr->type && + (((*state)->direction == direction) ? + PF_IN : PF_OUT) != icmp_dir) { + if (V_pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: icmp type %d in wrong direction (%d): ", + icmp_dir, pd->dir); + pf_print_state(*state); + printf("\n"); + } + return (PF_DROP); + } + return (-1); +} + static int pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason) { struct pf_addr *saddr = pd->src, *daddr = pd->dst; - u_int16_t icmpid = 0, *icmpsum; + u_int16_t *icmpsum, virtual_id, virtual_type; u_int8_t icmptype, icmpcode; - int state_icmp = 0; + int icmp_dir, iidx, ret, multi; struct pf_state_key_cmp key; +#ifdef INET + u_int16_t icmpid; +#endif + + MPASS(*state == NULL); bzero(&key, sizeof(key)); switch (pd->proto) { @@ -5830,49 +6034,43 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif icmpcode = pd->hdr.icmp.icmp_code; icmpid = pd->hdr.icmp.icmp_id; icmpsum = &pd->hdr.icmp.icmp_cksum; - - if (icmptype == ICMP_UNREACH || - icmptype == ICMP_SOURCEQUENCH || - icmptype == ICMP_REDIRECT || - icmptype == ICMP_TIMXCEED || - icmptype == ICMP_PARAMPROB) - state_icmp++; break; #endif /* INET */ #ifdef INET6 case IPPROTO_ICMPV6: icmptype = pd->hdr.icmp6.icmp6_type; icmpcode = pd->hdr.icmp6.icmp6_code; +#ifdef INET icmpid = pd->hdr.icmp6.icmp6_id; +#endif icmpsum = &pd->hdr.icmp6.icmp6_cksum; - - if (icmptype == ICMP6_DST_UNREACH || - icmptype == ICMP6_PACKET_TOO_BIG || - icmptype == ICMP6_TIME_EXCEEDED || - icmptype == ICMP6_PARAM_PROB) - state_icmp++; break; #endif /* INET6 */ } - if (!state_icmp) { + if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi, + &virtual_id, &virtual_type) == 0) { /* * ICMP query/reply message not related to a TCP/UDP packet. * Search for an ICMP state. */ - key.af = pd->af; - key.proto = pd->proto; - key.port[0] = key.port[1] = icmpid; - if (direction == PF_IN) { /* wire side, straight */ - PF_ACPY(&key.addr[0], pd->src, key.af); - PF_ACPY(&key.addr[1], pd->dst, key.af); - } else { /* stack side, reverse */ - PF_ACPY(&key.addr[1], pd->src, key.af); - PF_ACPY(&key.addr[0], pd->dst, key.af); + ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir, + kif, virtual_id, virtual_type, icmp_dir, &iidx, + PF_ICMP_MULTI_NONE); + if (ret >= 0) { + if (ret == PF_DROP && pd->af == AF_INET6 && + icmp_dir == PF_OUT) { + if (*state != NULL) + PF_STATE_UNLOCK((*state)); + ret = pf_icmp_state_lookup(&key, pd, state, m, + pd->dir, kif, virtual_id, virtual_type, + icmp_dir, &iidx, multi); + if (ret >= 0) + return (ret); + } else + return (ret); } - STATE_LOOKUP(kif, &key, direction, *state, pd); - (*state)->expire = time_uptime; (*state)->timeout = PFTM_ICMP_ERROR_REPLY; @@ -5895,14 +6093,14 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); - if (nk->port[0] != + if (nk->port[iidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( pd->hdr.icmp.icmp_cksum, icmpid, - nk->port[pd->sidx], 0); + nk->port[iidx], 0); pd->hdr.icmp.icmp_id = - nk->port[pd->sidx]; + nk->port[iidx]; } m_copyback(m, off, ICMP_MINLEN, @@ -6267,13 +6465,15 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif return (PF_DROP); } - key.af = pd2.af; - key.proto = IPPROTO_ICMP; - PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af); - PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af); - key.port[0] = key.port[1] = iih.icmp_id; + icmpid = iih.icmp_id; + pf_icmp_mapping(&pd2, iih.icmp_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); - STATE_LOOKUP(kif, &key, direction, *state, pd); + ret = pf_icmp_state_lookup(&key, &pd2, state, m, + pd->dir, kif, virtual_id, virtual_type, + icmp_dir, &iidx, PF_ICMP_MULTI_NONE); + if (ret >= 0) + return (ret); /* translate source/destination address, if necessary */ if ((*state)->key[PF_SK_WIRE] != @@ -6283,21 +6483,23 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - nk->port[pd2.sidx] != iih.icmp_id) - pf_change_icmp(pd2.src, &iih.icmp_id, + (virtual_type == ICMP_ECHO && + nk->port[iidx] != iih.icmp_id)) + pf_change_icmp(pd2.src, + (virtual_type == ICMP_ECHO) ? + &iih.icmp_id : NULL, daddr, &nk->addr[pd2.sidx], - nk->port[pd2.sidx], NULL, + (virtual_type == ICMP_ECHO) ? + nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET); if (PF_ANEQ(pd2.dst, - &nk->addr[pd2.didx], pd2.af) || - nk->port[pd2.didx] != iih.icmp_id) - pf_change_icmp(pd2.dst, &iih.icmp_id, - saddr, &nk->addr[pd2.didx], - nk->port[pd2.didx], NULL, - pd2.ip_sum, icmpsum, - pd->ip_sum, 0, AF_INET); + &nk->addr[pd2.didx], pd2.af)) + pf_change_icmp(pd2.dst, NULL, NULL, + &nk->addr[pd2.didx], 0, NULL, + pd2.ip_sum, icmpsum, pd->ip_sum, 0, + AF_INET); m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp); m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2); @@ -6319,13 +6521,25 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif return (PF_DROP); } - key.af = pd2.af; - key.proto = IPPROTO_ICMPV6; - PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af); - PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af); - key.port[0] = key.port[1] = iih.icmp6_id; - - STATE_LOOKUP(kif, &key, direction, *state, pd); + pf_icmp_mapping(&pd2, iih.icmp6_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); + ret = pf_icmp_state_lookup(&key, &pd2, state, m, + pd->dir, kif, virtual_id, virtual_type, + icmp_dir, &iidx, PF_ICMP_MULTI_NONE); + if (ret >= 0) { + if (ret == PF_DROP && pd->af == AF_INET6 && + icmp_dir == PF_OUT) { + if (*state != NULL) + PF_STATE_UNLOCK((*state)); + ret = pf_icmp_state_lookup(&key, pd, + state, m, pd->dir, kif, + virtual_id, virtual_type, + icmp_dir, &iidx, multi); + if (ret >= 0) + return (ret); + } else + return (ret); + } /* translate source/destination address, if necessary */ if ((*state)->key[PF_SK_WIRE] != @@ -6335,19 +6549,21 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - nk->port[pd2.sidx] != iih.icmp6_id) - pf_change_icmp(pd2.src, &iih.icmp6_id, + ((virtual_type == ICMP6_ECHO_REQUEST) && + nk->port[pd2.sidx] != iih.icmp6_id)) + pf_change_icmp(pd2.src, + (virtual_type == ICMP6_ECHO_REQUEST) + ? &iih.icmp6_id : NULL, daddr, &nk->addr[pd2.sidx], - nk->port[pd2.sidx], NULL, + (virtual_type == ICMP6_ECHO_REQUEST) + ? nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); if (PF_ANEQ(pd2.dst, - &nk->addr[pd2.didx], pd2.af) || - nk->port[pd2.didx] != iih.icmp6_id) - pf_change_icmp(pd2.dst, &iih.icmp6_id, - saddr, &nk->addr[pd2.didx], - nk->port[pd2.didx], NULL, + &nk->addr[pd2.didx], pd2.af)) + pf_change_icmp(pd2.dst, NULL, NULL, + &nk->addr[pd2.didx], 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c index 30013ab0d8d0..46d3ea8f508d 100644 --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -222,6 +222,23 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn)) return (1); + if (proto == IPPROTO_ICMP) { + if (*nport == htons(ICMP_ECHO)) { + low = 1; + high = 65535; + } else + return (0); /* Don't try to modify non-echo ICMP */ + } +#ifdef INET6 + if (proto == IPPROTO_ICMPV6) { + if (*nport == htons(ICMP6_ECHO_REQUEST)) { + low = 1; + high = 65535; + } else + return (0); /* Don't try to modify non-echo ICMP */ + } +#endif /* INET6 */ + bzero(&key, sizeof(key)); key.af = af; key.proto = proto; @@ -606,7 +623,7 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction, switch (r->action) { case PF_NAT: if (pd->proto == IPPROTO_ICMP) { - low = 1; + low = 1; high = 65535; } else { low = r->rpool.proxy_port[0]; From nobody Wed Aug 7 13:44:54 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHq2KM9z5S9PP; Wed, 07 Aug 2024 13:44:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHq0H9Fz4jqH; Wed, 7 Aug 2024 13:44:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038295; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H/R9FXYTz/ciFCFBpaouxYr0+voY3o/itVtR5PqxcM8=; b=mI9hbgBgVx7t5Qv44l4g0/a8jWx9xHuMAb3TaymX+r3WWEFHY9h/mSG2yXXZG4QL8kn/cl /DnRgwFftKce5ZTMXLdk79012Mjrt/VFPAXfv977fAyrVMm70SEN6Umb1UkNZWoLCHl0V6 iTiI2nwebFEYnlg2Vq0ld0ldhj/x9ZnE5v5iV1nqGqRRjnJIAzzM/E/kArERCUVuzlrnNU pyncufm5Dz7IMss9rrGPVgT1J7a+dyrHuS1PFioFWj09woTz0AcKrEyjzTSOa4GkQmB8bf km+LtVc8proZtbF5FE43VoYo5qHysIYV9gBYsiFA8gCCh06ocp+yDqaZ4lN2Yw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038295; a=rsa-sha256; cv=none; b=aNWYgiZ9mPhMLld5uuF+pl9WaLhFjXM1ULamQ2zVt4pVxKrpmxKzSzHknXEWhn6a9Rqean omO6OWqCmCzKzD5HnMlfFcv5lYRwM366KuKxe4oKmMPdkz4gMkN4PBfNk6QAvh1k5Afe7e NKR3VFA5/tzlQrT4AJuKyPSUEvO9zXW1klImKbCelOW0EhuVw+/mgu6AU5UeHKs4dniq8h J8BZzBr8O1bxamC37nTpVDRbzx12uPzTE+bakYF+4Rb9mv62HoF/vSQQta/ZnSwnAOy8/S XvgIb46vUJoh0cdsaBPDUHZe5lC/hMxR6WBN0aS34+uZVZURyE798VXNoypziw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038295; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H/R9FXYTz/ciFCFBpaouxYr0+voY3o/itVtR5PqxcM8=; b=x39164fuaBw4MXpkUP6EX2bvxNt/ScRn3xol6mDgZ4JAvWzfeGf3w2QngM1NXPhm9mGVsc E5shbtuVscKlc4PM4kBimdQ5ScCCEW2qiwa6uIhbH9IZeY9ixf4KpfD2OoP6CB1jLzkXOD Vn4vph9VhV97jg8C6y7orZD73qw2lNJ7vuZSlTQsCQQOcT5NGMwbjxuW42GNiN5kpYxo0+ c31hpcUErkTdauzaKe++UQ0NungFEC4ofWanHHPtMBVH/GclVIzLkllhD1MDxf9BskAqyD KR7AAEP9X3kIoouxwQHd/K3595LcjQi2o/vznx5ZOQO3D6lOyRr7AbaHud5t+A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHp70MBzsjS; Wed, 7 Aug 2024 13:44:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477Dis59034764; Wed, 7 Aug 2024 13:44:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477DiscO034761; Wed, 7 Aug 2024 13:44:54 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:54 GMT Message-Id: <202408071344.477DiscO034761@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: b778bbead38a - releng/13.3 - pf: some ICMP types that also have icmp_id, pointed out by markus@ List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.3 X-Git-Reftype: branch X-Git-Commit: b778bbead38ae9efa366a3542441c451e8fb1660 Auto-Submitted: auto-generated The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b778bbead38ae9efa366a3542441c451e8fb1660 commit b778bbead38ae9efa366a3542441c451e8fb1660 Author: Kristof Provost AuthorDate: 2024-07-10 11:32:03 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:37:24 +0000 pf: some ICMP types that also have icmp_id, pointed out by markus@ ok henning markus Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, mcbride 8c0632cd274b Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit e296b0de9e467b8c5eb853f6cf4c6ea28d4119a2) --- sys/netpfil/pf/pf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 1bdc695f698c..b0ef27b2e462 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1720,21 +1720,21 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, *icmp_dir = PF_IN; case ICMP_TSTAMPREPLY: *icmptype = ICMP_TSTAMP; - *icmpid = 0; /* Time is not a secret. */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_IREQ: *icmp_dir = PF_IN; case ICMP_IREQREPLY: *icmptype = ICMP_IREQ; - *icmpid = 0; /* Nothing sane to match on! */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_MASKREQ: *icmp_dir = PF_IN; case ICMP_MASKREPLY: *icmptype = ICMP_MASKREQ; - *icmpid = 0; /* Nothing sane to match on! */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_IPV6_WHEREAREYOU: From nobody Wed Aug 7 13:44:55 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHr35H6z5S99x; Wed, 07 Aug 2024 13:44:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHr0zrFz4jmf; Wed, 7 Aug 2024 13:44:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038296; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=INPyKKyVFv3dz3DQu3+VKTxNdZuvaLJzKxehY1XZzs4=; b=Ugh3nZHFU0gk4B0xLX5XqX3+pR6GEvUQAqT0/OOmcZlUmMJ21+Gd5H+mYiLbbK344s2Ol8 EW1npeN+wkkFuqK6XzPFSnfO0Clyd0R9RQlXhfWLImjEJsHmNDvPKOVLqadqepq1O6nu+r yh4YC+ZXv9PEUwU28jK5Sn1DZe3XeO+oXXYZkjK5GZDTYGw84zTocf5zw1p0bwrgVQwA1L DB08Lao2N9H1KBjJYpk2cqXlk+Lax+4NpD8uOjOXIYgJi2qUamKURfC8SANzc2LOFN5Vol FdO8GPlENUOIHps6+M9VDzz6PThXTr8Zq6CQ6PyQc3AJfyYbia0IVaesbYNniw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038296; a=rsa-sha256; cv=none; b=eoFiiGdwpVkMp55Xcv2UrOqYT5f5GW9O0oUlyqZD0Bo06eWaejBLFf6T2A7WGpPwVGPcnw C8YiX02d/GpKR9mfUh+4wyDDpT4ss1ZiWINOp123q5jzy1HzjUVrdoO713CLAMthmTv4Hd DHU1nXCX64SnFmGAZCzBHO6GcJrTHmNHWt24Aiwp1h5/cwWW06eIrha9Tmoa1u6Kx6hbnr kH3jZ3a1fP6tlL6+7tfIFrX8deT4+avyOnoHoexsEnDsvFVNK+UtudboxmDVxpAIhUbAxK tHSkuaa7MBc6wyQfD15ugP8ge2ld7dCe46yS8l/MFByoYl3x15hySDFs2iKJjg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038296; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=INPyKKyVFv3dz3DQu3+VKTxNdZuvaLJzKxehY1XZzs4=; b=tt+sSVBPE8nbCt0MyD49JJZ4gh6cGitPJt8pKEEOLoR0HvQZr6tP99dt+d6XafhwoMXpKJ TnqSKxiunNBhvpvlFKH9/HneO4BGjNvZEUH1WRexfuWibAYWIZX0KlI12gASz0AYQfy4ox rxn6uryAtVVzwToWZkSOvr3DccjoN7fZEqqxT0Nn6/X4VZ0g0m/i2DmPdbb5GF7DuTR7gL izmBcKDZAYdrca5OG1HIPj6H9si944wkj4bt7cLrFaneSNH6XD0ai2xbWXcx1w28Ypoby+ AO0JP6m1d03+z6ks8ukUacLqmFcqIB4YlGI7f5MDtaXxL+mCrk7R5W2ve86JXQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHr0ZdTzspN; Wed, 7 Aug 2024 13:44:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DitZ8034815; Wed, 7 Aug 2024 13:44:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Dit82034812; Wed, 7 Aug 2024 13:44:55 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:55 GMT Message-Id: <202408071344.477Dit82034812@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: dcc05aee1495 - releng/13.3 - pf: split ICMP/ICMPv6 number space in pf_icmp_mapping() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.3 X-Git-Reftype: branch X-Git-Commit: dcc05aee14951f35e5d66082d82a58298bc79d5b Auto-Submitted: auto-generated The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=dcc05aee14951f35e5d66082d82a58298bc79d5b commit dcc05aee14951f35e5d66082d82a58298bc79d5b Author: Kristof Provost AuthorDate: 2024-07-10 12:10:50 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:37:28 +0000 pf: split ICMP/ICMPv6 number space in pf_icmp_mapping() In pf_icmp_mapping() the ICMP and ICMPv6 types shared the same number space. In fact they are independent and must be handled separately. Fix traceroute via pf by splitting pf_icmp_mapping() into IPv4 and IPv6 sections. ok henning@ mcbride@; tested mcbride@; sure deraadt@ Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, bluhm ef4bccd7509e Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 46755f52247bd34a7f013d6844ed0c673ac0defc) --- sys/netpfil/pf/pf.c | 247 ++++++++++++++++++++++++++++------------------------ 1 file changed, 135 insertions(+), 112 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index b0ef27b2e462..388d632e8d50 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1698,7 +1698,7 @@ pf_isforlocal(struct mbuf *m, int af) int pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, - int *icmp_dir, int *multi, u_int16_t *icmpid, u_int16_t *icmptype) + int *icmp_dir, int *multi, u_int16_t *virtual_id, u_int16_t *virtual_type) { /* * ICMP types marked with PF_OUT are typically responses to @@ -1708,128 +1708,151 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, *icmp_dir = PF_OUT; *multi = PF_ICMP_MULTI_LINK; /* Queries (and responses) */ - switch (type) { - case ICMP_ECHO: - *icmp_dir = PF_IN; - case ICMP_ECHOREPLY: - *icmptype = ICMP_ECHO; - *icmpid = pd->hdr.icmp.icmp_id; - break; + switch (pd->af) { +#ifdef INET + case AF_INET: + switch (type) { + case ICMP_ECHO: + *icmp_dir = PF_IN; + case ICMP_ECHOREPLY: + *virtual_type = ICMP_ECHO; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_TSTAMP: - *icmp_dir = PF_IN; - case ICMP_TSTAMPREPLY: - *icmptype = ICMP_TSTAMP; - *icmpid = pd->hdr.icmp.icmp_id; - break; + case ICMP_TSTAMP: + *icmp_dir = PF_IN; + case ICMP_TSTAMPREPLY: + *virtual_type = ICMP_TSTAMP; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_IREQ: - *icmp_dir = PF_IN; - case ICMP_IREQREPLY: - *icmptype = ICMP_IREQ; - *icmpid = pd->hdr.icmp.icmp_id; - break; + case ICMP_IREQ: + *icmp_dir = PF_IN; + case ICMP_IREQREPLY: + *virtual_type = ICMP_IREQ; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_MASKREQ: - *icmp_dir = PF_IN; - case ICMP_MASKREPLY: - *icmptype = ICMP_MASKREQ; - *icmpid = pd->hdr.icmp.icmp_id; - break; + case ICMP_MASKREQ: + *icmp_dir = PF_IN; + case ICMP_MASKREPLY: + *virtual_type = ICMP_MASKREQ; + *virtual_id = pd->hdr.icmp.icmp_id; + break; - case ICMP_IPV6_WHEREAREYOU: - *icmp_dir = PF_IN; - case ICMP_IPV6_IAMHERE: - *icmptype = ICMP_IPV6_WHEREAREYOU; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ICMP_IPV6_WHEREAREYOU: + *icmp_dir = PF_IN; + case ICMP_IPV6_IAMHERE: + *virtual_type = ICMP_IPV6_WHEREAREYOU; + *virtual_id = 0; /* Nothing sane to match on! */ + break; - case ICMP_MOBILE_REGREQUEST: - *icmp_dir = PF_IN; - case ICMP_MOBILE_REGREPLY: - *icmptype = ICMP_MOBILE_REGREQUEST; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ICMP_MOBILE_REGREQUEST: + *icmp_dir = PF_IN; + case ICMP_MOBILE_REGREPLY: + *virtual_type = ICMP_MOBILE_REGREQUEST; + *virtual_id = 0; /* Nothing sane to match on! */ + break; - case ICMP_ROUTERSOLICIT: - *icmp_dir = PF_IN; - case ICMP_ROUTERADVERT: - *icmptype = ICMP_ROUTERSOLICIT; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ICMP_ROUTERSOLICIT: + *icmp_dir = PF_IN; + case ICMP_ROUTERADVERT: + *virtual_type = ICMP_ROUTERSOLICIT; + *virtual_id = 0; /* Nothing sane to match on! */ + break; -#ifdef INET6 - case ICMP6_ECHO_REQUEST: - *icmp_dir = PF_IN; - case ICMP6_ECHO_REPLY: - *icmptype = ICMP6_ECHO_REQUEST; - *icmpid = pd->hdr.icmp6.icmp6_id; - break; + /* These ICMP types map to other connections */ + case ICMP_UNREACH: + case ICMP_SOURCEQUENCH: + case ICMP_REDIRECT: + case ICMP_TIMXCEED: + case ICMP_PARAMPROB: + /* These will not be used, but set them anyway */ + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + HTONS(*virtual_type); + return (1); /* These types match to another state */ - case MLD_LISTENER_QUERY: - *icmp_dir = PF_IN; - case MLD_LISTENER_REPORT: { - *icmptype = MLD_LISTENER_QUERY; - *icmpid = 0; + /* + * All remaining ICMP types get their own states, + * and will only match in one direction. + */ + default: + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + break; + } break; - } +#endif /* INET */ +#ifdef INET6 + case AF_INET6: + switch (type) { + case ICMP6_ECHO_REQUEST: + *icmp_dir = PF_IN; + case ICMP6_ECHO_REPLY: + *virtual_type = ICMP6_ECHO_REQUEST; + *virtual_id = pd->hdr.icmp6.icmp6_id; + break; - /* ICMP6_FQDN and ICMP6_NI query/reply are the same type as ICMP6_WRU */ - case ICMP6_WRUREQUEST: - *icmp_dir = PF_IN; - case ICMP6_WRUREPLY: - *icmptype = ICMP6_WRUREQUEST; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case MLD_LISTENER_QUERY: + *icmp_dir = PF_IN; + case MLD_LISTENER_REPORT: { + *virtual_type = MLD_LISTENER_QUERY; + *virtual_id = 0; + break; + } + case MLD_MTRACE: + *icmp_dir = PF_IN; + case MLD_MTRACE_RESP: + *virtual_type = MLD_MTRACE; + *virtual_id = 0; /* Nothing sane to match on! */ + break; - case MLD_MTRACE: - *icmp_dir = PF_IN; - case MLD_MTRACE_RESP: - *icmptype = MLD_MTRACE; - *icmpid = 0; /* Nothing sane to match on! */ - break; + case ND_NEIGHBOR_SOLICIT: + *icmp_dir = PF_IN; + case ND_NEIGHBOR_ADVERT: { + *virtual_type = ND_NEIGHBOR_SOLICIT; + *virtual_id = 0; + break; + } - case ND_NEIGHBOR_SOLICIT: - *icmp_dir = PF_IN; - case ND_NEIGHBOR_ADVERT: { - *icmptype = ND_NEIGHBOR_SOLICIT; - *multi = PF_ICMP_MULTI_SOLICITED; - *icmpid = 0; + /* + * These ICMP types map to other connections. + * ND_REDIRECT can't be in this list because the triggering + * packet header is optional. + */ + case ICMP6_DST_UNREACH: + case ICMP6_PACKET_TOO_BIG: + case ICMP6_TIME_EXCEEDED: + case ICMP6_PARAM_PROB: + /* These will not be used, but set them anyway */ + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + HTONS(*virtual_type); + return (1); /* These types match to another state */ + /* + * All remaining ICMP6 types get their own states, + * and will only match in one direction. + */ + default: + *icmp_dir = PF_IN; + *virtual_type = type; + *virtual_id = 0; + break; + } break; - } - #endif /* INET6 */ - /* These ICMP types map to other connections */ - case ICMP_UNREACH: - case ICMP_SOURCEQUENCH: - case ICMP_REDIRECT: - case ICMP_TIMXCEED: - case ICMP_PARAMPROB: -#ifdef INET6 - /* - * ICMP6_TIME_EXCEEDED is the same type as ICMP_UNREACH - * ND_REDIRECT can't be in this list because the triggering packet - * header is optional. - */ - case ICMP6_PACKET_TOO_BIG: -#endif /* INET6 */ - /* These will not be used, but set them anyways */ - *icmp_dir = PF_IN; - *icmptype = htons(type); - *icmpid = 0; - return (1); /* These types are matched to other state */ - /* - * All remaining ICMP types get their own states, - * and will only match in one direction. - */ default: *icmp_dir = PF_IN; - *icmptype = type; - *icmpid = 0; + *virtual_type = type; + *virtual_id = 0; break; } - HTONS(*icmptype); - return (0); + HTONS(*virtual_type); + return (0); /* These types match to their own state */ } void @@ -4156,7 +4179,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction, pf_change_a(&daddr->v4.s_addr, pd->ip_sum, nk->addr[pd->didx].v4.s_addr, 0); - if (virtual_type == ICMP_ECHO && + if (virtual_type == htons(ICMP_ECHO) && nk->port[pd->sidx] != pd->hdr.icmp.icmp_id) { pd->hdr.icmp.icmp_cksum = pf_cksum_fixup( pd->hdr.icmp.icmp_cksum, sport, @@ -6483,13 +6506,13 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - (virtual_type == ICMP_ECHO && + (virtual_type == htons(ICMP_ECHO) && nk->port[iidx] != iih.icmp_id)) pf_change_icmp(pd2.src, - (virtual_type == ICMP_ECHO) ? + (virtual_type == htons(ICMP_ECHO)) ? &iih.icmp_id : NULL, daddr, &nk->addr[pd2.sidx], - (virtual_type == ICMP_ECHO) ? + (virtual_type == htons(ICMP_ECHO)) ? nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET); @@ -6549,13 +6572,13 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || - ((virtual_type == ICMP6_ECHO_REQUEST) && + ((virtual_type == htons(ICMP6_ECHO_REQUEST)) && nk->port[pd2.sidx] != iih.icmp6_id)) pf_change_icmp(pd2.src, - (virtual_type == ICMP6_ECHO_REQUEST) + (virtual_type == htons(ICMP6_ECHO_REQUEST)) ? &iih.icmp6_id : NULL, daddr, &nk->addr[pd2.sidx], - (virtual_type == ICMP6_ECHO_REQUEST) + (virtual_type == htons(ICMP6_ECHO_REQUEST)) ? nk->port[iidx] : 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); From nobody Wed Aug 7 13:44:57 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHs3Xlmz5S95V; Wed, 07 Aug 2024 13:44:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHs23KGz4jdw; Wed, 7 Aug 2024 13:44:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038297; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aMaySwb7vq2CuPoJwEa57L1urMSzK2x8zZFr1g5wCLI=; b=TSZWISSxkZyb0BjYk+O06aUwWXZ+A4+pCZEoUQpyOkLtwiFyyR3EHfE493pIYYlyt1YByD UcBWWVw4R6OmDQzs9ovjc6/fxc6WwGjGm+tZRux6+LjBSTIuJniXTZyPNguFpr0U1CqAVk AHSq1XzMA1F7LSOMasW1rTLQsjQTagteb9guTUW1ABpfiln7KbvBT2THyRjf2CZmqrV3Q9 eGIM/nXVi/VKcKP8tjaPTeFVJUn1tV4ba9N+fU2meaF+2QToe0ud29kohSofMKrngs0baL U8tIn0x+r3R8EYtEl+lWJh4g7h5tinz2BSO7Qm/u8Wi3GsLyKfRT+mFNY+qT9Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038297; a=rsa-sha256; cv=none; b=FATnPAxikj5HkOnBzoJ92pDgpXpvU12JkR5HMHSSY8Ksk2NxE/IV87Wot4DS4AgfTc/shN p0WdB+YlEB/dB6G7HXIJFw8MUpL5z6vmQaP3zSHgFE5vmJNFPi/kmzCUPrnLEksyfuSqBf Z+K7+ycu+pBZ58f6rSgvZCrYFHRqU75U9GvBW0lCqj4tSTyiAEOSGEeBQ8w7j3fILn4JyO vD4qq4PnKihi8Aa3aX2LgzrxoBBYlqpc5RbvqeN3KLRbaaxcq5OXLBQCr7UQLP17QzZv48 AUkpaokS1CQ0KB9uuYEowz5kqk53pvAM/qAu+vxiitSPTzGRP5lmDrEgq8YUjg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038297; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aMaySwb7vq2CuPoJwEa57L1urMSzK2x8zZFr1g5wCLI=; b=IRTr7s7HyZnRu++yrpQ5CO+/AYD2hytWHaAk0f0Nn/pyPdcF4+iBd1zghsL7vt+p3JzN2/ aSkynWTu7Yhkx6XIYHZL5SJzQaBCz0Baj6JutQg19aUozgS8OKGoKua20b7ciD3A1rVF78 8AyaZCEm2jueavJTgaYPbarXm2eHScdjLin/CTjF9xqzQ7zCHh66Ib/JjJYlVOMWZAtwCm uebZ9ATgOp13W3OyGlHWtJj3d6ozBN70LZ0Z4XcIELDOdX9Ylf+vEi+J4d4rVYY4iCG2HU bY6rXrSIgWGPdJyE9dEY2b3QeruI2ZsYJogWGvoYkpNoo1Sb3dY8Ll/SMenD5A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHs1ghszsrb; Wed, 7 Aug 2024 13:44:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DivCH034875; Wed, 7 Aug 2024 13:44:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Dives034872; Wed, 7 Aug 2024 13:44:57 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:57 GMT Message-Id: <202408071344.477Dives034872@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 5eb30c313cb0 - releng/13.3 - pf: allow MLD LR to be sent without state List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.3 X-Git-Reftype: branch X-Git-Commit: 5eb30c313cb051385d654f7bba36143ccb7dbf94 Auto-Submitted: auto-generated The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=5eb30c313cb051385d654f7bba36143ccb7dbf94 commit 5eb30c313cb051385d654f7bba36143ccb7dbf94 Author: Kristof Provost AuthorDate: 2024-07-10 12:36:18 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:37:32 +0000 pf: allow MLD LR to be sent without state Change PF behavior to allow MLD Listener Report packets to be sent without needing a previously created state by MLD Listener Query. It wasn't working because: (1) you might not have a previous MLD Listener Query and (2) the addresses of the Query and Report don't match. ok mikeb@, sashan@ Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, rzalamena , 5c526dbdb0f2 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 1afe4da75d1d2acd33b25eea942af28aa41c82c2) --- sys/netpfil/pf/pf.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 388d632e8d50..96d67d906a4e 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1797,8 +1797,15 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, break; case MLD_LISTENER_QUERY: - *icmp_dir = PF_IN; case MLD_LISTENER_REPORT: { + /* + * Listener Report can be sent by clients + * without an associated Listener Query. + * In addition to that, when Report is sent as a + * reply to a Query its source and destination + * address are different. + */ + *icmp_dir = PF_IN; *virtual_type = MLD_LISTENER_QUERY; *virtual_id = 0; break; From nobody Wed Aug 7 13:44:58 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHv0P18z5S9Rs; Wed, 07 Aug 2024 13:44:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHt34SPz4jr5; Wed, 7 Aug 2024 13:44:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038298; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iVyfme+LHkQnaTblNv46WId0o8ziTHyql/IW2oIrzl4=; b=kFVU0x19aCcT1tPmTFm9pAZKmrXGo+QBSLHjPFc9Unx86Isqc1MjR992g2PwIIaW1Uyi0a H+TQ9gbKc8PUUHj+8TSdi6AaQsq3WoooVk8MGXBdbZbT3eYW3/o1CGfHsRYO8i5DbT4GxZ gY61pumVArotMS5/JBPQMkPAaizDS2G05iDuXHzUsdZufm68HNQdl5wGICi4ZuPjpCiW+4 gMd4WZ4utGPwml8pLJG4Ph970BWAUkK4T7c1439kr/Rqjlq87mT7Ix7/5Y2yU02HaoZzz2 QsI3G1UXCH1Wbsu3zXZvQBiDtAElP4CBSGE22182NmoZWU1F4QwW9jTtZMQocQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038298; a=rsa-sha256; cv=none; b=VMpZYfknGtwp4WQwJoXaNiYvTWp9MjYPoL6YQFmSdOH+9o15DsbJMCBEVUqiZAtLUsjlIE fQwAtPdVwgPlaGqhR6r+t8W/Siz5wI4VuHwKSnDneoxXWr/whsUQ2rPyo4DrrRw5I0x9X2 IjcRcRf/zElfS7PapKteLMdiixT9d2FZMUGBtL+Qm1q6vjpC+9DB/6wp9NnCowDtm/cn/l 18l4YJZ5BLH6oyTGPVNF21qoF1VD9d1qJAtAitLn5y56LoNc9u3WnTaCkG7hCCz4rrQrn1 8vJFQX65zfutg4p+Ile//7pMm/K8zVswucxKodMgH7p3K2Uh9K4gm4ZOE8/29Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038298; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iVyfme+LHkQnaTblNv46WId0o8ziTHyql/IW2oIrzl4=; b=LS8ZXzDkpiBUtt0ooiLUbbaClsIxUbcAEQrSHwrpXKiYC/UhqUttVaGkDw6yOF0CvLeqlD DRuc0DTiWMEURp1XR6t8idY9bi3BjpihmpANYQA9dk06SPrAabztiOjLrM4JobfVdg7AFx f4oYVn8JGqew7keN3FKIMqOCJT2y6INMV8wVDnDi8oGLCfx6aCtedwH818W+0odTNtKZZ5 f3fe1sGIdL4Zm8wjoxyEbkj0r5+GYOKlorzU6EPlxls68pezXtmZAlkqRV7vKd+35EPXcF fs5nEskGfZSy9sAlTmZUTU08vOWBhPsPz+klfwhsX/vucMNU/cmb2EOtqPPAxQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHt2fPKzsmQ; Wed, 7 Aug 2024 13:44:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477DiwRN034921; Wed, 7 Aug 2024 13:44:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Diw1v034918; Wed, 7 Aug 2024 13:44:58 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:58 GMT Message-Id: <202408071344.477Diw1v034918@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: f41c11d7f209 - releng/13.3 - sshd: remove blacklist call from grace_alarm_timer List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.3 X-Git-Reftype: branch X-Git-Commit: f41c11d7f2090e2628296602f46a0d5926c4b6fb Auto-Submitted: auto-generated The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=f41c11d7f2090e2628296602f46a0d5926c4b6fb commit f41c11d7f2090e2628296602f46a0d5926c4b6fb Author: Ed Maste AuthorDate: 2024-08-01 00:04:46 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:37:37 +0000 sshd: remove blacklist call from grace_alarm_timer Under certain circumstances it may call log(3), which is not async- signal-safe. For now just remove the blacklist integration from this path, which means that blacklistd will not detect and firewall hosts that establish a connection but do nothing further. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46203 (cherry picked from commit 2739a6845031e69be7c03461a9335d8bbb9f59bd) (cherry picked from commit 3d3bae9b95388169d396adc8007585699c5a23e0) (cherry picked from commit 73466449a9bf1888147c53d622236cebc0aa591b) Approved by: so Security: FreeBSD-SA-24:08.openssh Security: CVE-2024-7589 (cherry picked from commit d5f16ef6463d73270e4380f3498410c8ad91f495) --- crypto/openssh/sshd.c | 2 -- crypto/openssh/version.h | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 6bb0b6c129bb..1ce62ec86e35 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -377,8 +377,6 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } - BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, "ssh"); - /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", ssh_remote_ipaddr(the_active_state), diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 3e99bca450b1..d6108d00de09 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240701" +#define SSH_VERSION_FREEBSD "FreeBSD-20240806" From nobody Wed Aug 7 13:44:59 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHv5Dngz5S9MV; Wed, 07 Aug 2024 13:44:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHv3j6Lz4jtV; Wed, 7 Aug 2024 13:44:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038299; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eTlLAgViTIhXlqSuTBT8dANAVQ229Piddl/3g03oVec=; b=EoCBDPVTcaifNAqBhWjfBnODjM9E9bfWjrQGZm50HKWQpnc4EyYvBqtcqmZCdCnbc/bzHU QGh/zgdobUYb/gNmTgNLoBykqaZmCfugohnivusXcjWLllzmI50Q5s5OjzZ48sqDU2bUUh Yh5/rPgsGNBjWPK9N1wEk3DY8kXBwt9v3cue+Tc2Cct0n+RlfoHEIBGMBies1+GK9Ne0ov Wp3Vh17JQgtiahXSklEroeL/asGQ0MLxWZZ6fP2spzBMBcOM8ggpEbjnFWCRl2bf1JBerG 9/baqyz9po5Sds0T722kuMvegqZ9Zrauf4eQDrXnmbKSSFB5bzhJyD/wTB+weQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038299; a=rsa-sha256; cv=none; b=YMdHGCBp8QWT6zqidt+amEgOomaqgjogzk4qb78UyQyIG91ErIeTG3iWeJIVuXYEPX/sEz PKBdF7Jj8cC7u32+M33ny5NWBLHFPuKm9K1zx59XEee7g2HGefWQ6k9Mfm0/NcYqgE/nU/ 8e8HPoewL+CKbijIC7P3JKdlp/lKei5dSYZR9HQlBGfL4hwGeM3kcKGYXjz0ou3CbS7r8l CmTIPqgwAXvlL7a/XLpE7eFaF9XDYzaHkGy7RfNI0Wb6Tl/KJM4BTFsmmrgN0KHZGyxKjz XDt8RKkafYGRrS2IV/Ez05uhoRKkD6+bGuK/7coWxYTxeH834I36kHO1nAE4/Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038299; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eTlLAgViTIhXlqSuTBT8dANAVQ229Piddl/3g03oVec=; b=U0MfXqufRiqqhoNOi+udjQNiLElVoHlbB3SIhHYQ0p4/mcgEHa4pet0eP3QCCRC7QQnAgr FFHkeYIbf+0wydkC1bvDKmE2X9ui7FRTk2+6JVBduQHH/7nb+MAZE/QvCa17ei/YeVusdZ vqt28AFWAmXYEvRlQkkegP1zaOS2pouI8AYWZYfolYuD+kTelGqaqPV1viULfYfnIMJg/Q uGN8lUpfkmhfq/SMjzB4fkvYXPyZOw4qiLMJvZTrjUtRFI19pmuNgJVdDel8uEEeT/5B3I qFUN4hSWeV77ut1tGjYEdU/Q5rUPGlATSeUadrhkYmSQAlUjjAzlFHy37QDLYQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHv3JVLzsgh; Wed, 7 Aug 2024 13:44:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477Dixah034967; Wed, 7 Aug 2024 13:44:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Dixbd034964; Wed, 7 Aug 2024 13:44:59 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:44:59 GMT Message-Id: <202408071344.477Dixbd034964@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 769536bcb5c3 - releng/13.3 - ktrace: Fix an inverted privilege check List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.3 X-Git-Reftype: branch X-Git-Commit: 769536bcb5c334ca551b4dc88cf7486bd960e192 Auto-Submitted: auto-generated The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=769536bcb5c334ca551b4dc88cf7486bd960e192 commit 769536bcb5c334ca551b4dc88cf7486bd960e192 Author: Mark Johnston AuthorDate: 2024-08-07 13:38:54 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:43:45 +0000 ktrace: Fix an inverted privilege check Approved by: so Security: FreeBSD-SA-24:06.ktrace Security: CVE-2024-6760 Fixes: 1762f674ccb5 ("ktrace: pack all ktrace parameters into allocated structure ktr_io_params") (cherry picked from commit 166b7573b5220aadf8b02a85933c9651b909b309) (cherry picked from commit f702110bc4bcc593b38674ec6e4fadf6c4626432) --- sys/kern/kern_ktrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 2729d0880b31..cc51dbae46f7 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -585,7 +585,7 @@ ktrprocexec(struct proc *p) PROC_LOCK_ASSERT(p, MA_OWNED); kiop = p->p_ktrioparms; - if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED)) + if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED) == 0) return (NULL); mtx_lock(&ktrace_mtx); From nobody Wed Aug 7 13:45:00 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfBHx1Jh1z5S9PS; Wed, 07 Aug 2024 13:45:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfBHw52tFz4jx1; Wed, 7 Aug 2024 13:45:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038300; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9B/S2y3w05Ma/ybRKcA+uRwdMK4l3XpCPMy4rWhdoQw=; b=oxgOzVRzIXxxMeQotU5LJWjffJJFz6PWFbMpPbrH4oI3PXcARyKuR7sb+/2sdCIM/eSszA p55jCMEyrModAU9otonNdzI03Huc4imSuwOkw4Dc1SmBKY3k9YG4BHrRhPJnzbY74O55xV fkg33iN/fusLVgSA11tfUR9ZWdbQOV1nmsm76KhKVs7DZ2kC+vxdLLw5XlzE378qASmRpz nHszllgNDk8GkQOM1xx2DUI4lDZIjfrCxXOSmiz4tLFaqVAnuxBn/JIIp3CaOghsOhXz8X /H0nPmoA2B2rFH/Z1adH5kBhJovy2As+pk93JJWwBTMPCVXrrUFydhHhx0cmew== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723038300; a=rsa-sha256; cv=none; b=rMOOuVypLlDphjSGGV5t8Z/0zxFRzblN2yq+d3qyN2ysVTHRN1dErdGzFtNFiea0um5iQd tr7evJW41Bw2s4ztrbi0wYyos+JEtUNre6tyXpy4OhSmeOj3m90pNDtiMxItFg0sE7cwSO O5WOR+gYvJK6EgnqOuuS8Vp2YJcYM1YcFpxaWYYCjFO8OopsqmSXb5BUnVGU6O9uOQjJl+ DuftnZvDycLkcRbQOwisTfel6oC4UpSF1odC55Dzymg/RJQ0dOXnRp8oLOeVLBk+kiQ1L6 poqLoDxODgswtCEshW42vtc3FqzQaFAgllSY9peTKJIcDb1EZn+l1YJkp6lJ/Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723038300; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9B/S2y3w05Ma/ybRKcA+uRwdMK4l3XpCPMy4rWhdoQw=; b=W+IhjsTUL0E9cJ6gGX5tVBDbGsvF3ZwJOoBN07UkXCUrQo2rho2JHSYO3ozpF76Aw5h/XU 7SxyB1NsOQvaN/LZ5H+KliAT+eTur0neSBC6kzUXgNGRFVlkoKETip6XOldtkRWjfge2kq XkKRO/SIenBNeIlGoRIUeAq6PFmLB1iQTJ/VsQt9osndKa2PkoEVZRwJ5McSDkyTR1fwfT 5H2SpXF+zKNsusgdb4iu6d/NQACRyD+vu3fEVP9sHXhKRvKYCx1Z6khKlDXkqAzyZnlOcs UlzK32QgIdvoY5MahZF0nBTK5jsf9wFjNsBqsC7LksYDGOdN0lAM25QNDfKbTg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfBHw4dBTzt40; Wed, 7 Aug 2024 13:45:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477Dj0JD035037; Wed, 7 Aug 2024 13:45:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Dj07V035034; Wed, 7 Aug 2024 13:45:00 GMT (envelope-from git) Date: Wed, 7 Aug 2024 13:45:00 GMT Message-Id: <202408071345.477Dj07V035034@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: f5a50714b4c9 - releng/13.3 - Add UPDATING entries and bump the branch version List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.3 X-Git-Reftype: branch X-Git-Commit: f5a50714b4c982c9e122abf5a9e12585addb9584 Auto-Submitted: auto-generated The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=f5a50714b4c982c9e122abf5a9e12585addb9584 commit f5a50714b4c982c9e122abf5a9e12585addb9584 Author: Mark Johnston AuthorDate: 2024-08-06 22:29:36 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 13:43:48 +0000 Add UPDATING entries and bump the branch version Approved by: so --- UPDATING | 14 ++++++++++++++ sys/conf/newvers.sh | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index cfeb99794e88..8ec49065a2e0 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,20 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20240806: + 13.3-RELEASE-p5 SA-24:05.pf + SA-24:06.ktrace + SA-24:07.nfsclient + SA-24:08.openssh + + pf incorrectly matches different ICMPv6 states in the state table [SA-24:05.pf] + + ktrace(2) fails to detach when executing a setuid binary [SA-24:06.ktrace] + + NFS client accepts file names containing path separators [SA-24:07.nfsclient] + + OpenSSH pre-authentication async signal safety issue [SA-24:08.openssh] + 20240701: 13.3-RELEASE-p4 SA-24:04.openssh diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index a98b62ded09e..a1f0f7b0d08e 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="13.3" -BRANCH="RELEASE-p4" +BRANCH="RELEASE-p5" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Wed Aug 7 14:18:58 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfC370D3Xz5SD3r; Wed, 07 Aug 2024 14:18:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfC366nDBz4tJZ; Wed, 7 Aug 2024 14:18:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723040338; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jOPrFanYjzc21IpoOM5bNo4pFRln7XwP+erPiobmJXI=; b=mBRjkizjy/tBOdNCd0sXBPDVinYk1SaiEEeYuiEYjavlk6RKvWeriYM+AT5LN9d5L2KbGy s06tiPtc+eQCEp+zKYiNt7WGkTmbGM4WQaCPgVNjYEMlkc45KRCpKNBHmqH4kkQd6/SK4B /WEMXQRj1c7wlrzXz8lfnXBDx5sNcHCwhsu6i2rf+OguKHq/WKyILwxbI4ADLpsW10Gu0L vDQQlK99zMmbYjszzPRmYPikmXijrfUWGasBWMgNNt6pvNlLn06nCXyfYjshIV4WBBs7h0 vsp+itdBWJopBKgLftz1tW6S/SX67u/aOltPq6msWSIFxa8Oh0u3d2Vts/HNRQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723040339; a=rsa-sha256; cv=none; b=TbDgeRICwDYKLPM0FXaQDUOCsXu8T6NBrSACZzbSe7gXdG5rceS5dqXZmGrAlQeR3r/rLY 6m398bsTLeEnM8OG1rU+E7T1EySi5JvdoWt5vbjpLISsmFOSxHFvfn8Y8QUpkiYHpNVddb kTk7+tDHUc49FmmyEZVu+hrJ01G2a/3LM1Vhwbe9Z+mR/0FfAbLyLNnuwy6aDpMzC8qT8t 8DlebMrU0F44mdK+Ce+27kgar+/53ny+jK4HqEH2yyXqqPdWGvqSuGj0jES3BG5TzC6m1m 8SEDrQ7g6Pg5DA2xjR5vvmijbQR6MfQiR/V3X+JujP3O5GBEmbKlpmQraSzmRw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723040338; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jOPrFanYjzc21IpoOM5bNo4pFRln7XwP+erPiobmJXI=; b=SY/72yiIlvsFkxTyTO3vYqSuEz1/4l3kRZrNLZ+RBpFOWLODmIrxqQc0GfiLE/pijUsOWV 5XuNaABu98Mp8XfMpzmE2Ubn/EJZCZ0M5rOoBBMDU3yN7D/jRZeSQSdY3Xg5l8YmjLuyTE WTY3zEopuZLrRJlGA32P3poEfICcvqSDYW7onSDiEKKopwEOHt+8E9Ug2kLSqnMghpDtxB Ohtr/t8Q3FRTYsIgxN40OqFI3FlX8DrY7xBJUYd2ZSK2pB/VmHZcNgj3Rq9LkuLcHK84/N SitBAsiX3X3ajo9tgUrNZkUOmP/rVtZmmZtdhYVE659+FRG7G3zUpta0TaKFyA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfC366NFQztY2; Wed, 7 Aug 2024 14:18:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477EIwRt087287; Wed, 7 Aug 2024 14:18:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477EIwFr087284; Wed, 7 Aug 2024 14:18:58 GMT (envelope-from git) Date: Wed, 7 Aug 2024 14:18:58 GMT Message-Id: <202408071418.477EIwFr087284@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Robert Clausecker Subject: git: 644d81447118 - stable/14 - lib/libc/amd64/string: fix overread condition in memccpy List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fuz X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 644d81447118692ced65bc63829998150a646bec Auto-Submitted: auto-generated The branch stable/14 has been updated by fuz: URL: https://cgit.FreeBSD.org/src/commit/?id=644d81447118692ced65bc63829998150a646bec commit 644d81447118692ced65bc63829998150a646bec Author: Robert Clausecker AuthorDate: 2024-07-20 19:53:04 +0000 Commit: Robert Clausecker CommitDate: 2024-08-07 14:18:40 +0000 lib/libc/amd64/string: fix overread condition in memccpy An overread condition in memccpy(dst, src, c, len) would occur if src does not cross a 16 byte boundary and there is no instance of c between *src and the next 16 byte boundary. This could cause a read fault if src is just before the end of a page and the next page is unmapped or unreadable. The bug is a consequence of basing memccpy() on the strlcpy() code: whereas strlcpy() assumes that src is a nul-terminated string and hence a terminator is always present, c may not be present at all in the source string. It was not caught earlier due to insufficient unit test design. As a part of the fix, the function is refactored such that the runt case (buffer length from last alignment boundary between 1 and 32 B) is handled separately. This reduces the number of conditional branches on all code paths and simplifies the handling of early matches in the non-runt case. Performance is improved slightly. os: FreeBSD arch: amd64 cpu: 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz │ memccpy.unfixed.out │ memccpy.fixed.out │ │ sec/op │ sec/op vs base │ Short 66.76µ ± 0% 62.45µ ± 1% -6.44% (p=0.000 n=20) Mid 7.938µ ± 0% 7.967µ ± 0% +0.36% (p=0.001 n=20) Long 3.577µ ± 0% 3.577µ ± 0% ~ (p=0.429 n=20) geomean 12.38µ 12.12µ -2.08% │ memccpy.unfixed.out │ memccpy.fixed.out │ │ B/s │ B/s vs base │ Short 1.744Gi ± 0% 1.864Gi ± 1% +6.89% (p=0.000 n=20) Mid 14.67Gi ± 0% 14.61Gi ± 0% -0.36% (p=0.001 n=20) Long 32.55Gi ± 0% 32.55Gi ± 0% ~ (p=0.429 n=20) geomean 9.407Gi 9.606Gi +2.12% Reported by: getz Reviewed by: getz Approved by: mjg (blanket, via IRC) See also: D46051 MFC: stable/14 Event: GSoC 2024 Differential Revision: https://reviews.freebsd.org/D46052 --- lib/libc/amd64/string/memccpy.S | 113 ++++++++++++++++++++-------------------- 1 file changed, 57 insertions(+), 56 deletions(-) diff --git a/lib/libc/amd64/string/memccpy.S b/lib/libc/amd64/string/memccpy.S index a2d9e33b3d36..69b650fffc33 100644 --- a/lib/libc/amd64/string/memccpy.S +++ b/lib/libc/amd64/string/memccpy.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 The FreeBSD Foundation + * Copyright (c) 2023, 2024 The FreeBSD Foundation * * This software was developed by Robert Clausecker * under sponsorship from the FreeBSD Foundation. @@ -83,34 +83,47 @@ ARCHENTRY(__memccpy, baseline) pshufd $0, %xmm4, %xmm4 # cccc -> cccccccccccccccc and $~0xf, %rsi movdqa %xmm4, %xmm1 - pcmpeqb (%rsi), %xmm1 # NUL found in head? - mov $-1, %r8d + pcmpeqb (%rsi), %xmm1 # c found in head? and $0xf, %ecx - shl %cl, %r8d # mask of bytes in the string - pmovmskb %xmm1, %eax + mov $-1, %eax + pmovmskb %xmm1, %r8d + lea -32(%rcx), %r11 + shl %cl, %eax # mask of bytes in the string + add %rdx, %r11 # distance from alignment boundary - 32 + jnc .Lrunt # jump if buffer length is 32 or less + and %r8d, %eax - jnz .Lhead_nul + jz 0f # match (or induced match) found? + + /* match in first chunk */ + tzcnt %eax, %edx # where is c? + sub %ecx, %edx # ... from the beginning of the string? + lea 1(%rdi, %rdx, 1), %rax # return value + jmp .L0116 - movdqa 16(%rsi), %xmm3 # load second string chunk +0: movdqa 16(%rsi), %xmm3 # load second string chunk movdqu (%r9), %xmm2 # load unaligned string head - mov $32, %r8d - sub %ecx, %r8d # head length + length of second chunk movdqa %xmm4, %xmm1 - pcmpeqb %xmm3, %xmm1 # NUL found in second chunk? - - sub %r8, %rdx # enough space left for the second chunk? - jb .Lhead_buf_end + pcmpeqb %xmm3, %xmm1 # c found in second chunk? /* process second chunk */ pmovmskb %xmm1, %eax test %eax, %eax - jnz .Lsecond_nul + jz 0f + + /* match in second chunk */ + tzcnt %eax, %edx # where is c? + sub $16, %ecx + sub %ecx, %edx # adjust for alignment offset + lea 1(%rdi, %rdx, 1), %rax # return value + jmp .L0132 - /* string didn't end in second chunk and neither did buffer -- not a runt! */ - movdqa 32(%rsi), %xmm0 # load next string chunk + /* c not found in second chunk: prepare for main loop */ +0: movdqa 32(%rsi), %xmm0 # load next string chunk movdqa %xmm4, %xmm1 movdqu %xmm2, (%rdi) # deposit head into buffer sub %rcx, %rdi # adjust RDI to correspond to RSI + mov %r11, %rdx movdqu %xmm3, 16(%rdi) # deposit second chunk sub %rsi, %rdi # express RDI as distance from RSI add $32, %rsi # advance RSI past first two chunks @@ -119,7 +132,7 @@ ARCHENTRY(__memccpy, baseline) /* main loop unrolled twice */ ALIGN_TEXT -0: pcmpeqb %xmm0, %xmm1 # NUL byte encountered? +0: pcmpeqb %xmm0, %xmm1 # c encountered? pmovmskb %xmm1, %eax test %eax, %eax jnz 3f @@ -131,7 +144,7 @@ ARCHENTRY(__memccpy, baseline) jb 2f add $32, %rsi # advance pointers to next chunk - pcmpeqb %xmm0, %xmm1 # NUL byte encountered? + pcmpeqb %xmm0, %xmm1 # c encountered? pmovmskb %xmm1, %eax test %eax, %eax jnz 4f @@ -146,11 +159,10 @@ ARCHENTRY(__memccpy, baseline) add $16, %edx /* 1--16 bytes left in the buffer but string has not ended yet */ -2: pcmpeqb %xmm1, %xmm0 # NUL byte encountered? +2: pcmpeqb %xmm1, %xmm0 # c encountered? pmovmskb %xmm0, %r8d mov %r8d, %ecx bts %edx, %r8d # treat end of buffer as end of string - or $0x10000, %eax # ensure TZCNT finds a set bit tzcnt %r8d, %r8d # find tail length add %rsi, %rdi # restore RDI movdqu 1(%rsi, %r8, 1), %xmm0 # load string tail @@ -162,42 +174,39 @@ ARCHENTRY(__memccpy, baseline) ret 4: sub $16, %rsi # undo second advancement - add $16, %rdx # restore number of remaining bytes - /* string has ended but buffer has not */ + /* terminator found and buffer has not ended yet */ 3: tzcnt %eax, %eax # find length of string tail - movdqu -15(%rsi, %rax, 1), %xmm0 # load string tail (incl. NUL) + movdqu -15(%rsi, %rax, 1), %xmm0 # load string tail (incl. c) add %rsi, %rdi # restore destination pointer - movdqu %xmm0, -15(%rdi, %rax, 1) # store string tail (incl. NUL) + movdqu %xmm0, -15(%rdi, %rax, 1) # store string tail (incl. c) lea 1(%rdi, %rax, 1), %rax # compute return value ret -.Lhead_buf_end: - pmovmskb %xmm1, %r8d - add $32, %edx # restore edx to (len-1) + ecx - shl $16, %r8d # place 2nd chunk NUL mask into bits 16--31 - mov %r8d, %r10d - bts %rdx, %r8 # treat end of buffer as if terminator present - xor %eax, %eax # return value if terminator not found - tzcnt %r8, %rdx # find string/buffer len from alignment boundary + /* buffer is 1--32 bytes in size */ + ALIGN_TEXT +.Lrunt: add $32, %r11d # undo earlier decrement + mov %r8d, %r10d # keep a copy of the original match mask + bts %r11d, %r8d # induce match at buffer end + and %ax, %r8w # is there a match in the first 16 bytes? + jnz 0f # if yes, skip looking at second chunk + + pcmpeqb 16(%rsi), %xmm4 # check for match in second chunk + pmovmskb %xmm4, %r8d + shl $16, %r8d # place second chunk matches in bits 16--31 + mov %r8d, %r10d # keep a copy of the original match mask + bts %r11d, %r8d # induce a match at buffer end + +0: xor %eax, %eax # return value if terminator not found + tzcnt %r8d, %edx # find string/buffer length from alignment boundary lea 1(%rdi, %rdx, 1), %r8 # return value if terminator found + rcx - sub %rcx, %r8 # subtract rcx - bt %rdx, %r10 # was the terminator present? + sub %rcx, %r8 + bt %edx, %r10d # was the terminator present? cmovc %r8, %rax # if yes, return pointer, else NULL - sub %ecx, %edx # find actual string/buffer len - jmp .L0132 + sub %ecx, %edx # find actual string/buffer length -.Lsecond_nul: - add %r8, %rdx # restore buffer length - tzcnt %eax, %r8d # where is the NUL byte? - lea -16(%rcx), %eax - sub %eax, %r8d # string length - lea 1(%rdi, %r8, 1), %rax # return value if NUL before end of buffer - xor %ecx, %ecx # return value if not - cmp %r8, %rdx # is the string shorter than the buffer? - cmova %r8, %rdx # copy only min(buflen, srclen) bytes - cmovb %rcx, %rax # return NUL if buffer ended before string -.L0132: cmp $16, %rdx # at least 17 bytes to copy (not incl NUL)? + ALIGN_TEXT +.L0132: cmp $16, %rdx # at least 17 bytes to copy? jb .L0116 /* copy 17--32 bytes */ @@ -207,16 +216,8 @@ ARCHENTRY(__memccpy, baseline) movdqu %xmm1, -15(%rdi, %rdx, 1) ret -.Lhead_nul: - tzcnt %eax, %r8d # where is the NUL byte? - sub %ecx, %r8d # ... from the beginning of the string? - lea 1(%rdi, %r8, 1), %rax # return value if NUL before end of buffer - xor %ecx, %ecx # return value if not - cmp %r8, %rdx # is the string shorter than the buffer? - cmova %r8, %rdx # copy only min(buflen, srclen) bytes - cmovb %rcx, %rax # return NUL if buffer ended before string - /* process strings of 1--16 bytes (rdx: min(buflen, srclen), rax: srclen) */ + ALIGN_TEXT .L0116: cmp $8, %rdx # at least 9 bytes to copy? jae .L0916 From nobody Wed Aug 7 15:39:38 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfDrB71BYz5STfl; Wed, 07 Aug 2024 15:39:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfDrB1gBMz4qQ9; Wed, 7 Aug 2024 15:39:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723045178; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hufMV83xBn++6ddYo+vRcVKc98QLGmSdhvLl1THLPI4=; b=PiR3twuh7pOkh+T7K1GxNI5IsrlBuEaQqjQPnNqKvrfjvL9euQbDBFrJRcpyY3XWlbEwg6 TnNTbc6qOIchP/V80hcxzag4Ejw1osW4Oib3lkf4Fe9b+ITVZT+15/X5uDV/uNqxeQLutU xt1FV69e8ys1IRxv8hwfjJOEG08FKPP72ZXrHcBo08CR7DI3uYRn6LRDWLi3YwNJ4jlcns r7pVmuVu1CoF9yoxwC/jhLA3zO5wXV/PIVuSZfNNgp1YiklZnjYMfoSwx149pTS7aCdVie DlfEvym/lH/511hiTX93R67FcA5NxjJY2MmPg+7LB9diEqc8/YX1QmDfUxQlYQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723045178; a=rsa-sha256; cv=none; b=OypQ6Vwb6tbQXmDSLz1Zmi3Nt+0rTRQ8cCM/nNVD7AW5RczbaTcJjvgsJdPtA74kSS0/XO sAxYGrh/xtfrF7l/EP2XYX5gJyy4WPZYmMZh4uOOD1QkSn1J1UeTRBdjRC/8kag98OX4ds TM4mSSIbKfDTvBAY5DHcA2Da2XA/RYcbFkYaGrDhTJOUK8FifH/7ZnCoFqn5G2+ccKBMDv sATo58gAyje502+iI3+dvsAa4AI/f2xY9IVOgr+PawqjETSqwPg+99x0sD/HUcFrQcMmHY 5wawZ2k4T4IiXDzaZuZT9Xs6Tk/VMktpzl+3jcKzpAbGmMgSDbQR+Y7AxKj6Pw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723045178; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hufMV83xBn++6ddYo+vRcVKc98QLGmSdhvLl1THLPI4=; b=ou8Df/FngfOHi96PVfQaX86MIWMEha2qZP5xzJcJ4w23ucyDorNhZcaHPJp6mdP8xDYGYL RYsqOvRLV5tn+NY8X1nu40xF2vgSvFA+uwZ5HCYSch7z5eW5L9j51gPgYzqPR9SNHtWGG8 3ndIGKCm3rg4rr8xefziaIVV89XlfDsvV/qW4tE5IU1/MeJiUPj0VvAVCZLHdjV4fam8Tg jtsCSetJLs0TuN5kmiQ58GV1Omc6cDF4adCipjV+d/MxjhkwQ0Leq0ZfigyJrdjrxgqm6R GTm+MYlXIN/7ElYBIaZB+789Hb2M/QdGkItQg3xCZax6sgSwsznRP6DNLy3aOA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfDrB1GYHzwlC; Wed, 7 Aug 2024 15:39:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477FdcK2023624; Wed, 7 Aug 2024 15:39:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477FdctO023621; Wed, 7 Aug 2024 15:39:38 GMT (envelope-from git) Date: Wed, 7 Aug 2024 15:39:38 GMT Message-Id: <202408071539.477FdctO023621@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: bd3aa40e0a55 - releng/13.4 - sshd: remove blacklist call from grace_alarm_timer List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: bd3aa40e0a55f801abbb880c617f6c5695796d16 Auto-Submitted: auto-generated The branch releng/13.4 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=bd3aa40e0a55f801abbb880c617f6c5695796d16 commit bd3aa40e0a55f801abbb880c617f6c5695796d16 Author: Ed Maste AuthorDate: 2024-08-01 00:04:46 +0000 Commit: Ed Maste CommitDate: 2024-08-07 15:39:06 +0000 sshd: remove blacklist call from grace_alarm_timer Under certain circumstances it may call log(3), which is not async- signal-safe. For now just remove the blacklist integration from this path, which means that blacklistd will not detect and firewall hosts that establish a connection but do nothing further. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46203 (cherry picked from commit 2739a6845031e69be7c03461a9335d8bbb9f59bd) (cherry picked from commit 3d3bae9b95388169d396adc8007585699c5a23e0) (cherry picked from commit 73466449a9bf1888147c53d622236cebc0aa591b) (cherry picked from commit d5f16ef6463d73270e4380f3498410c8ad91f495) Approved by: re (cperciva) --- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 2 +- crypto/openssh/sshd.c | 2 -- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 6 files changed, 5 insertions(+), 7 deletions(-) diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 36c6c7785fd2..a047ce2deb93 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -44,4 +44,4 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # UserKnownHostsFile ~/.ssh/known_hosts.d/%k -# VersionAddendum FreeBSD-20240318 +# VersionAddendum FreeBSD-20240806 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 020d254f7f0d..de1903ba43a2 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -2137,7 +2137,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20240318 . +.Dq FreeBSD-20240806 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 0c83e0ea468e..889f2056bc75 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -377,8 +377,6 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } - BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, "ssh"); - /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", ssh_remote_ipaddr(the_active_state), diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 54a1d9d486d0..866e905d9515 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240318 +#VersionAddendum FreeBSD-20240806 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 1c3de78d1cf0..a354c1ef2b0a 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1947,7 +1947,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240318 . +.Qq FreeBSD-20240806 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 836b5650b247..82be0be8498f 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240701" +#define SSH_VERSION_FREEBSD "FreeBSD-20240806" From nobody Wed Aug 7 15:43:51 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfDx40Jp3z5SVHP; Wed, 07 Aug 2024 15:43:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfDx36g9sz4rBY; Wed, 7 Aug 2024 15:43:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723045431; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rfGoycXEElD9wT94lZtFgQlY5i+frQhwMx2TvJpq4hQ=; b=VsW4+YiQRdi4uudaOhJOxBQtk2PIPIpghLtf0e3k+oHdPfyt0CzvHA5MqHwyZ50lrVlOc7 RIfLjU7XDJLVuMskg++Yt4vVXmJ1zmYemcH1v0ySgm4SG13aq45Bo11iKeSFSGsMcjfnB3 7sGGEfL9PP1NHAJl2e5WgGgSVwCuDAC+Z2LN3OlOi7MHcymxs9iiAJxuOlyR9uBO7fVKsK ONPrhwObWgbdfFkC3JzToHijysshpFRkJ3cU6Zj/ub84qmlYq4jS4I1PrgtFoizORVDmvT yW4w3+I/B+KUFmdP8QtSVTzee0ki9PMjJay+UerL6QTfU4Ata/6AWiXQ2aCz6A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723045431; a=rsa-sha256; cv=none; b=JULueL+AC0E0JdzN8qCGoPg1XSzOFRI5nhFiKZX5T4yAJhkxwjw4QAxFeXOc4YAtiuBCsQ 1DtAVz7jf+BQI5sASVgFOpCjGjRqoPLZMZK4zcT8MORBMo2PU+rywI2/MuKjUwYJZ2IWvd bT1Tx3oa1g0UcUel6kehxymLufTPjqCZI/ScT0eqBxpAZ0i2XxpWzIx+1hVx9Y5eUwJbBv eZrbSMpzbqM7FmK+tp6f3I9PFfFlT805pxM8O+SYAgQ6WrzEjfysxjNajdGoefOGq5aQwZ k7GY00iExr621Cex+Bxw2WXHDbVp7IDIkfd0VHM2NE5VDAKaEjGJMr1S2mm6bg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723045431; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rfGoycXEElD9wT94lZtFgQlY5i+frQhwMx2TvJpq4hQ=; b=gpQKxxAE3UUVbvDz/S0gXyN1rnY3CUOA23wOZRAzWISYrMtPHebOj9OofQahMyeHIP63WT wLZ2VCLaEGPWk6wb6JYzpyDSCHR41hi5gxFKg0eQyz1hSMTSRHUhfCJLx71DAiosN0uMZ/ iUuzK/ZYn6QmAggoEWeYHo63Lyc/TjSRuCf0NbLMeidNphiW2dz44n7ouIkaTYiLQCqjj+ cT/nE2xo3oSD/afQN4gABhVeZdZOcAV6y+9dseAoneb79AW40agRefEa5UqetOvKX2UH9k k3IPEiNr49LjN47yCPzg3QANoSF3kWc6pgvH0WFtIUPraYbwcP2cP1bdhgDL/Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfDx36GcRzwxQ; Wed, 7 Aug 2024 15:43:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 477FhpL6039508; Wed, 7 Aug 2024 15:43:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 477Fhpsw039505; Wed, 7 Aug 2024 15:43:51 GMT (envelope-from git) Date: Wed, 7 Aug 2024 15:43:51 GMT Message-Id: <202408071543.477Fhpsw039505@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: a87a5973132b - releng/13.4 - ktrace: Fix an inverted privilege check List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: a87a5973132ba396c870068083395761e794ce47 Auto-Submitted: auto-generated The branch releng/13.4 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=a87a5973132ba396c870068083395761e794ce47 commit a87a5973132ba396c870068083395761e794ce47 Author: Mark Johnston AuthorDate: 2024-08-07 13:38:54 +0000 Commit: Mark Johnston CommitDate: 2024-08-07 15:43:39 +0000 ktrace: Fix an inverted privilege check Approved by: so Approved by: re (cperciva) Security: FreeBSD-SA-24:06.ktrace Security: CVE-2024-6760 Fixes: 1762f674ccb5 ("ktrace: pack all ktrace parameters into allocated structure ktr_io_params") (cherry picked from commit 166b7573b5220aadf8b02a85933c9651b909b309) (cherry picked from commit f702110bc4bcc593b38674ec6e4fadf6c4626432) --- sys/kern/kern_ktrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 2729d0880b31..cc51dbae46f7 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -585,7 +585,7 @@ ktrprocexec(struct proc *p) PROC_LOCK_ASSERT(p, MA_OWNED); kiop = p->p_ktrioparms; - if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED)) + if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED) == 0) return (NULL); mtx_lock(&ktrace_mtx); From nobody Thu Aug 8 04:35:38 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfZ402trtz5SMJM; Thu, 08 Aug 2024 04:36:00 +0000 (UTC) (envelope-from scf@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfZ4029bdz4SC3; Thu, 8 Aug 2024 04:36:00 +0000 (UTC) (envelope-from scf@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723091760; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8QLDeuuOC3PrYdKUw1ap6B4UvleW2X8JGxRxcZHwO5Y=; b=KS3KI/QvPLG7kNnFpjf6AOqWtUUNkj/vtXM8B1Lvw8UppGcaqINZb77GfmH68XbAsZZ1AX BMxXJDY+4NlvP10w0v2+yceT73wUbdclyJykjS4mPEC8aHTMhNN8/3TCKQroxUnVA7Kzmc jaKqWgm52KKmmY7mPgbekt3wK040r3/AvUeqGcs1vv969vOTEZHVrUbx4gCjvIvyrAmv4U TFKZIUs3VTsRw5YngQhKQWlO+8+REQNfQ1AMKA3DMqSeeKBlWhv7GZ623Q/XZsYYrXWBC0 2aQkHHfxx/NQnEZax3h5lcy8ZuCS/6szorQwgsV1eOxZBBlgqtW0vzvn6OKmBA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723091760; a=rsa-sha256; cv=none; b=wRdbZzWd9VzYxoHH6KWhdExDiYxvfi/aBiRu+N6MveTpvcL/eoMaB6tQpGy2+mE/oQNOqa EhW0gfSs7CSp7slGiaAxSsj6Na3b6g/6nfGY1EJKGNbnB32Ky+ImGGR8AMlT8cTgp5EPUi iIjBdEMe0XD+kfTYcPZq+40BLgWSoum27SZ8Rdz83NDZ6Ui9RpjMhkdWIPv3H2BV8h3ib7 pFk49Yb/sWbRClrrP5AnB4FKD2O7V8obtH6fXFwE60pO8adgvUuHxUNgluvdsxuPygCkdS r+kj/zlb0QZzW5wMI+Gwf1lBWBNwdtSAgAU9AyS+jw9HXPwj0CmWYH3OBaIiNg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723091760; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8QLDeuuOC3PrYdKUw1ap6B4UvleW2X8JGxRxcZHwO5Y=; b=lx4TkiEpohE09ZoSVtWfyMdDHvDhD8Yhw0OgQOxbdEfByXjowTy0LuA5RH9L3NA3CHnfaP T5HjMwOKSElqpCW77jSr+m0yToYx8+2v8OBbCVSemh+ZrRAknkCkzDb81rbFBG7Z2zYZvI F29c4Bno8zoYXl0qcZglqzK3f5uM0D1VgkrPTyHtZmoEz3IFuZuEhGhuU2eKG6BMyszjOw v/z98Grl0FpjngNIZtm4wJ+liiWUYyfduBoj2Sduq4fG7fQ15gkctxJACrREB80EfOQ8Iv KBNNIbH31aBLEH7t/NvHIGSppeX4ho/zV5i38Ap6Zh4XufMtTRQiE02caWWaVA== Received: from thor.farley.org (1609341-v107.1360-static.crmlinaa.metronetinc.net [104.254.222.35]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: scf/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4WfZ3z73JVz11dp; Thu, 8 Aug 2024 04:35:59 +0000 (UTC) (envelope-from scf@FreeBSD.org) Date: Thu, 8 Aug 2024 00:35:38 -0400 (EDT) From: "Sean C. Farley" To: Ed Maste cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: Re: git: fc43a1b6842a - stable/14 - tzsetup: symlink /etc/localtime instead of copying In-Reply-To: <202408011538.471FcJDS026885@gitrepo.freebsd.org> Message-ID: <784ce21d-a604-bb91-c52e-29c78e2bb6e4@FreeBSD.org> References: <202408011538.471FcJDS026885@gitrepo.freebsd.org> List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII On Thu, 1 Aug 2024, Ed Maste wrote: > The branch stable/14 has been updated by emaste: > > URL: https://cgit.FreeBSD.org/src/commit/?id=fc43a1b6842afa806dfd7ba48de5bece63d04456 > > commit fc43a1b6842afa806dfd7ba48de5bece63d04456 > Author: Ed Maste > AuthorDate: 2022-10-14 16:44:35 +0000 > Commit: Ed Maste > CommitDate: 2024-08-01 15:11:45 +0000 > > tzsetup: symlink /etc/localtime instead of copying > > Using a symlink means that new timezone data (installed by an errata > update, say) will be usable without having to be copied again. > > Reviewed by: bapt, kevans, philip > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D37005 > > (cherry picked from commit 5e16809c953f4cd19fadb1767469dec319de0353) I ran across an issue with this when using "etcupdate -D" to update a jail from the host. "tzsetup -r -C /tmp/chroot", as called by etcupdate, prepends the path of the chroot to the link which breaks things inside the jail. For example, if you run the following: mkdir -p /tmp/chroot/etc mkdir -p /tmp/chroot/usr/share mkdir -p /tmp/chroot/var/db ln -s /usr/share/misc /tmp/chroot/usr/share/misc ln -s /usr/share/zoneinfo /tmp/chroot/usr/share/zoneinfo cp /var/db/zoneinfo /tmp/chroot/var/db/. tzsetup -C /tmp/chroot -r The result will be the following: /tmp/chroot/etc/localtime@ -> /tmp/chroot//usr/share/zoneinfo/America/Indiana/Indianapolis Sean -- scf@FreeBSD.org From nobody Thu Aug 8 13:49:19 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfpLR4N1jz5Sqxf; Thu, 08 Aug 2024 13:49:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfpLR3p7mz45nP; Thu, 8 Aug 2024 13:49:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723124959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N4oI/VtgaU8H2qNB2rZs7sV2C/5C/LAVrCXOw4pBtlY=; b=e3QDy1BjwWfwv3xJLkw5dhsVuLV2nM+W8VhtjQramD4JE7axyQuvOaYMa6WenKjZngDLxh TsJCWxTSGNDxmvffrYMnNJ0ymhlZbjn5cLkAMcO2YLhGIKrnIfOJuyslxTERhu4aAm5KvE 0m6qnCUja7tVjkgovNtRy8X8+5TRr+pV4r5wN4mUWSJ6o+jV9X0QD6Q0h/EQDF9/icvda1 H/LXxpohUutZcc5CIHfyudMgQzLXIEXxq9I+LR6K3yRbRw1xVPX6tUm6qlYh7e8zEJ8dYh ggPPGfB5kTKSFu2ePmQJw8BQMxm+Q68tOrhZT9FGVJ9flRpukA1xCpYjN7Ok+w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723124959; a=rsa-sha256; cv=none; b=fuOSIyn0h119zVR6F3jKqCXw4QxpkPhRNoZxAn1Hm6MoqjO1Qq/HrdwAf9zu6BDwjZRth6 KcCo14zxnSxmPHF+4I3yKxgWdcXKrgff0WslfNlc2iWW9QA5OxepMegtGDBgX6ujSlHqbK EJTqJv0qskRVwloZLjsdjnfJ7O+SRo7leLTv8CbcMtpAtz1D2Kd6b6fnsPm3KMgI44le9z JqHCUD3M7KFfkEx/OPFTNY6DLjncmfpw/W54zwaQyJYLpSX0+olSrTCGQpG5NwyYbh3oal EF7PoxL87F9QobZGNpO5lDPgUmwgWe3J1td3aweNNqfT9gVEG8hVPJ4lEcyDBQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723124959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N4oI/VtgaU8H2qNB2rZs7sV2C/5C/LAVrCXOw4pBtlY=; b=nu+NALkFd8w40gwtE6Wx02oAjz1w073KjpqhDsscsu4M5QEzMZGnSfthujLdXIibKdubEf LQRAAZVzRu0gI8Ywb7k9okseP3nRDKNt6/CCZO3nt/3eYA+FmL/5XvVI9hdXcAx5/VzGAL ByjrGhLjTGUP5o1xH0oZy3xgweCzdTBiTLqkbXrBDtlsNBTpqdwDWCY9t0wsN+GMYVZU49 mMfBy9cQwYdh3qcBocbIBnAzgwORk8ux6nBO+5rHf4rZP1LyErW2zPAFMPXVjzesqfBbBm swZSm70a9u1rKzkvqiFrqWY0/yscQUBDeCdeMGMdezSoZaamlrnQiJ4pY/7V0w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfpLR3Lg6zbjc; Thu, 8 Aug 2024 13:49:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478DnJ0G071963; Thu, 8 Aug 2024 13:49:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478DnJmd071960; Thu, 8 Aug 2024 13:49:19 GMT (envelope-from git) Date: Thu, 8 Aug 2024 13:49:19 GMT Message-Id: <202408081349.478DnJmd071960@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Christos Margiolis Subject: git: db238c7c52b3 - stable/14 - mixer.3: Fix mixer_get_mode() description List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: christos X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: db238c7c52b320e396578eddcabdcf4d515d3896 Auto-Submitted: auto-generated The branch stable/14 has been updated by christos: URL: https://cgit.FreeBSD.org/src/commit/?id=db238c7c52b320e396578eddcabdcf4d515d3896 commit db238c7c52b320e396578eddcabdcf4d515d3896 Author: Christos Margiolis AuthorDate: 2024-08-05 11:13:44 +0000 Commit: Christos Margiolis CommitDate: 2024-08-08 13:49:10 +0000 mixer.3: Fix mixer_get_mode() description Improve wording and also fix the constants' names. Sponsored by: The FreeBSD Foundation MFC after: 2 days Reviewed by: dev_submerge.ch Differential Revision: https://reviews.freebsd.org/D46220 (cherry picked from commit 6e744de1a3dc5dde8d2ee51e97a1224a01bdfb21) --- lib/libmixer/mixer.3 | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/lib/libmixer/mixer.3 b/lib/libmixer/mixer.3 index 4008867ef2fb..04aa3bd1dca7 100644 --- a/lib/libmixer/mixer.3 +++ b/lib/libmixer/mixer.3 @@ -19,7 +19,7 @@ .\" OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN .\" THE SOFTWARE. .\" -.Dd May 22, 2024 +.Dd August 4, 2024 .Dt MIXER 3 .Os .Sh NAME @@ -388,18 +388,15 @@ controls. .Pp The .Fn mixer_get_mode -function returns the playback/recording mode of the audio device the mixer \ -belongs to. -The available values are the following: -.Bl -tag -width "MIX_STATUS_PLAY | MIX_STATUS_REC" -offset indent -.It Dv MIX_STATUS_NONE -Neither playback nor recording. -.It Dv MIX_STATUS_PLAY -Playback. -.It Dv MIX_STATUS_REC -Recording. -.It Dv MIX_STATUS_PLAY | MIX_STATUS_REC -Playback and recording. +function returns the operating mode of the audio device the mixer belongs to. +The following values can be OR'ed in case more than one mode is supported: +.Bl -tag -width "MIX_MODE_MIXER" -offset indent +.It Dv MIX_MODE_MIXER +The audio device has a mixer. +.It Dv MIX_MODE_PLAY +The audio device supports playback. +.It Dv MIX_MODE_REC +The audio device supports recording. .El .Pp The From nobody Thu Aug 8 15:41:05 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfrqQ0H4wz5T5MM; Thu, 08 Aug 2024 15:41:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfrqP6xjjz4HK5; Thu, 8 Aug 2024 15:41:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723131666; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2L2oBDyql3r5YRmVagE3uGbaFKAsTsNzNo4+tkyaB8U=; b=jlyZCuSG6aLIGTRG2YcJkcAkc/VMKYiVXTfluJy0n1L63WoyvS3Oi2LXR+fPmf+a0707T/ R3mY3Fp89tZ6k9LJEhFn8ti4mFG3JCGp1WEwiH6zuwS88vDpYiuN8QnPC0ZGtB5aYmb8yF g0fcoT9aZtCu2LqAokoCfAYtkiwEIiZvhaWDNIpTA/EcBQo8doi8L+H4ctineakWVtHKmh UFn+jMkoUK6GXBaCucK1CVJo8HeFBBHpsvvhEdJKwOH22K27nnQNk7Mm1mMaQ/QgMF/L2h MBkMmChl2g2MSo5HnzsU+2ZT/8516FzHu7GsVY+Jw56GEW272gHzr1YA+EyCIQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723131666; a=rsa-sha256; cv=none; b=RCaXT/hnoRAN4iFNCOGUUNDB8vwQX/c+EcBEAsoz+QGVHUG8hq6trxbRwp6QjclWlgLykB jAadh/6zlBTopVTBTrRbFUY4fFHMbMfONxE+M5PgtdNuxxWXZ60QjbaarrsAUsmYTiWuJD 3qdPnAOcj/6NrF6JZIfTS2799S/ZZ4O0GFWTEFXYPSFkGneDxAbs6Aj3YlfKyW2QxmpIzu 4Li1zhGnAS3h2ZD/Gm0wycwYq5and2NaYm9wnKzKA4kfyCBUsjxqpY14R1D5j8+lBd+RF4 1DyI7IoiyoyGAIdlTUChm2khQ21jGChecxjWuK8XEM1vBCs4WxqVIsC01zIZ5g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723131666; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2L2oBDyql3r5YRmVagE3uGbaFKAsTsNzNo4+tkyaB8U=; b=HqwMuYylZaLtsv/VVBI2Fgjbf19pa3TaI1iQ7HjR9EflJwoSftRPNHwO0RD1HqvxNlkVaK oCu0BOPO87sZEyPI4lbkqCRsFl7CjKYlvEz+om4Db2hHtRVh7GkajbeWmBXwiVu3Yza2vx kb2BUGavD8eNygN3XibEOnzTgJWh+Xh/luaIh4ytvE9ofFZ4LaVhrkRRBH8k2KGbHH9PGs lBVv3cd3fCqfjO6iW83Rqwu9rJ5BF8QxTPXcHoGQ6fG6i/jkqRGm7ggM8iIJDTv0V7iAqg VjIkeLJs4ibRftvGo4kZInOJ54Mv6SpICZPvU8JSGMLg4FxAd+E8d8oSMubWCg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfrqP6YYRzfRG; Thu, 8 Aug 2024 15:41:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478Ff5hB070812; Thu, 8 Aug 2024 15:41:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478Ff5lI070810; Thu, 8 Aug 2024 15:41:05 GMT (envelope-from git) Date: Thu, 8 Aug 2024 15:41:05 GMT Message-Id: <202408081541.478Ff5lI070810@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 053500aa9301 - stable/13 - pfctl: Allow a semicolon (;) as a comment List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 053500aa93017f8d8096a9625491ae1e335a356e Auto-Submitted: auto-generated The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=053500aa93017f8d8096a9625491ae1e335a356e commit 053500aa93017f8d8096a9625491ae1e335a356e Author: Juraj Lutter AuthorDate: 2024-07-25 08:07:50 +0000 Commit: Kristof Provost CommitDate: 2024-08-08 05:42:58 +0000 pfctl: Allow a semicolon (;) as a comment To make parsing of, for example, Spamhaus' drop.txt and similar files that contains semicolons as comments, allow them also in file-based tables. Reviewed by: kp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D46088 (cherry picked from commit a8a95277363be2c92b3c06bd9cd1a32d1c6c6ecd) --- sbin/pfctl/pfctl.8 | 4 +++- sbin/pfctl/pfctl_radix.c | 4 ++-- sbin/pfctl/tests/files/pf1020.in | 3 +++ sbin/pfctl/tests/files/pf1020.include | 4 ++++ sbin/pfctl/tests/files/pf1020.ok | 2 ++ sbin/pfctl/tests/pfctl_test_list.inc | 1 + 6 files changed, 15 insertions(+), 3 deletions(-) diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index 41a8ec8b4340..196ce0f1766f 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 3, 2016 +.Dd July 23, 2024 .Dt PFCTL 8 .Os .Sh NAME @@ -518,6 +518,8 @@ line and/or in an unformatted text file, using the flag. Comments starting with a .Sq # +or +.Sq \; are allowed in the text file. With these commands, the .Fl v diff --git a/sbin/pfctl/pfctl_radix.c b/sbin/pfctl/pfctl_radix.c index d33f091d8b69..1e93a8972d9e 100644 --- a/sbin/pfctl/pfctl_radix.c +++ b/sbin/pfctl/pfctl_radix.c @@ -535,8 +535,8 @@ pfr_next_token(char buf[BUF_SIZE], FILE *fp) /* skip spaces */ while (isspace(next_ch) && !feof(fp)) next_ch = fgetc(fp); - /* remove from '#' until end of line */ - if (next_ch == '#') + /* remove from '#' or ';' until end of line */ + if (next_ch == '#' || next_ch == ';') while (!feof(fp)) { next_ch = fgetc(fp); if (next_ch == '\n') diff --git a/sbin/pfctl/tests/files/pf1020.in b/sbin/pfctl/tests/files/pf1020.in new file mode 100644 index 000000000000..7f98df69bd04 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1020.in @@ -0,0 +1,3 @@ +table file "./pf1020.include" + +block from diff --git a/sbin/pfctl/tests/files/pf1020.include b/sbin/pfctl/tests/files/pf1020.include new file mode 100644 index 000000000000..3fca07f64bfa --- /dev/null +++ b/sbin/pfctl/tests/files/pf1020.include @@ -0,0 +1,4 @@ +; comment1 +# comment2 +1.0.0.1/32 ; comment1 +2.0.0.2/32 # comment2 diff --git a/sbin/pfctl/tests/files/pf1020.ok b/sbin/pfctl/tests/files/pf1020.ok new file mode 100644 index 000000000000..16073b3d6987 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1020.ok @@ -0,0 +1,2 @@ +table file "./pf1020.include" +block drop from to any diff --git a/sbin/pfctl/tests/pfctl_test_list.inc b/sbin/pfctl/tests/pfctl_test_list.inc index b73bcf2522b7..2565a119cc6a 100644 --- a/sbin/pfctl/tests/pfctl_test_list.inc +++ b/sbin/pfctl/tests/pfctl_test_list.inc @@ -117,3 +117,4 @@ PFCTL_TEST(1005, "PR 231323") PFCTL_TEST(1006, "pfctl crashes with certain fairq configurations") PFCTL_TEST(1010, "POM_STICKYADDRESS test") PFCTL_TEST(1018, "Test dynamic address mask") +PFCTL_TEST(1020, "Test hashmark and semicolon comment") From nobody Thu Aug 8 15:41:06 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfrqQ4GdCz5T5Pd; Thu, 08 Aug 2024 15:41:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfrqQ34nxz4HV0; Thu, 8 Aug 2024 15:41:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723131666; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tUVfTXfdPYjJC1acwd0C2GOO46OcX9+/M64b2L30XiI=; b=gDmgN5Qcl48h2ptv99AuD2kQldP2M37VsyobWwcls1yHO0LuV7+6z0SL/Ebx8oEjD683K3 4TJQvbRaZSfgpWtOw6aI3kmjL50hOWZ+TCrCzqMkLqXXatnpXYE4YKGm86Sx0Y4FHqy5CL LQPFFfzHRfr9UcS4pP3l9umLQOnwZY9wEmBJF97YsllQmeEKJUY8LmQZzcQj7DrEm9NYik j6zgS8jSKd+6+/lyVK+XeYWw603Lj6rVi+H0JW82Fc+XnmopWaIEz5yKpriGlk24enqyoD vx4PPXkoBKdNxgbFOZQ00qiQYSEmj3iVrp6dS3nIRMHTaq6VBQq9fLp2nIdzGg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723131666; a=rsa-sha256; cv=none; b=ViqyaIeCdmDdtHJGMdKLhvg7fLXLMwJKKHgAgGZJVIw9o6FFiUxwIVNloR3lNqZ1CtAyqs Y+WOYqhSBP7nvKWBToBaohZyp00fsokyrEdV4HnukFTx6VAwyVZ5G6CwZG17vtx01PVMH4 ps5tENLJKNjgBZ3ogaCA6lb1FDORd7cEiVL5m+s4OVxmA4GbS5e7NIIGO8rCuB1G5oxPCz D7oe+XDLq+FijB5Sj4WitT6kaJKY6hi6wOBW+Sy+/+lGg81r9y77Qr77nH51vQD9kp9wLO CgHasxaB567LcI9Y7Uo1xaZutguzvgLBwxBNyK7l8WC8+rzVDh0igYaZfFO3pg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723131666; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tUVfTXfdPYjJC1acwd0C2GOO46OcX9+/M64b2L30XiI=; b=ACXi6N0buHXhhNC02HOoNg5/jTVVpuzrrtYTl7k5fEKjfCnyNykLP1mCoPXYc9k9ntrRWY ugxpkMbn25EAXU+4niGcY4ILlZO1OjNZd2Cikp+2S7ohnWWhi/dmoXqfNdVe3wt7tq9Ivm Nn/ZJdADcqpz1MgwPewqLgdshGyGAtu0GekmZcjozFc51487P/nMxYVfQUHObkdGTuZXw+ UWntIYSa8ePRN+EYdu+vgSs/egpOUpjNFpRL2/lYeqpeiKbWr4CxSEKyHmyP+EEAUCq+nf c4RB+msqclvVPBTRwdTczz7CK3ypVW+x/9QCetLOYipuVM/gtWhRdhw9MdW2Xg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfrqQ2hLszfkM; Thu, 8 Aug 2024 15:41:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478Ff67N070918; Thu, 8 Aug 2024 15:41:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478Ff6lk070915; Thu, 8 Aug 2024 15:41:06 GMT (envelope-from git) Date: Thu, 8 Aug 2024 15:41:06 GMT Message-Id: <202408081541.478Ff6lk070915@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 36bb714e2592 - stable/14 - pfctl: Allow a semicolon (;) as a comment List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 36bb714e2592f1e424dc74f4f0a44f2e87eee84b Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=36bb714e2592f1e424dc74f4f0a44f2e87eee84b commit 36bb714e2592f1e424dc74f4f0a44f2e87eee84b Author: Juraj Lutter AuthorDate: 2024-07-25 08:07:50 +0000 Commit: Kristof Provost CommitDate: 2024-08-08 15:39:59 +0000 pfctl: Allow a semicolon (;) as a comment To make parsing of, for example, Spamhaus' drop.txt and similar files that contains semicolons as comments, allow them also in file-based tables. Reviewed by: kp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D46088 (cherry picked from commit a8a95277363be2c92b3c06bd9cd1a32d1c6c6ecd) --- sbin/pfctl/pfctl.8 | 4 +++- sbin/pfctl/pfctl_radix.c | 4 ++-- sbin/pfctl/tests/files/pf1020.in | 3 +++ sbin/pfctl/tests/files/pf1020.include | 4 ++++ sbin/pfctl/tests/files/pf1020.ok | 2 ++ sbin/pfctl/tests/pfctl_test_list.inc | 1 + 6 files changed, 15 insertions(+), 3 deletions(-) diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index 41eb2bea9f94..ac0106fb560b 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd February 22, 2021 +.Dd July 23, 2024 .Dt PFCTL 8 .Os .Sh NAME @@ -526,6 +526,8 @@ line and/or in an unformatted text file, using the flag. Comments starting with a .Sq # +or +.Sq \; are allowed in the text file. With these commands, the .Fl v diff --git a/sbin/pfctl/pfctl_radix.c b/sbin/pfctl/pfctl_radix.c index d33f091d8b69..1e93a8972d9e 100644 --- a/sbin/pfctl/pfctl_radix.c +++ b/sbin/pfctl/pfctl_radix.c @@ -535,8 +535,8 @@ pfr_next_token(char buf[BUF_SIZE], FILE *fp) /* skip spaces */ while (isspace(next_ch) && !feof(fp)) next_ch = fgetc(fp); - /* remove from '#' until end of line */ - if (next_ch == '#') + /* remove from '#' or ';' until end of line */ + if (next_ch == '#' || next_ch == ';') while (!feof(fp)) { next_ch = fgetc(fp); if (next_ch == '\n') diff --git a/sbin/pfctl/tests/files/pf1020.in b/sbin/pfctl/tests/files/pf1020.in new file mode 100644 index 000000000000..7f98df69bd04 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1020.in @@ -0,0 +1,3 @@ +table file "./pf1020.include" + +block from diff --git a/sbin/pfctl/tests/files/pf1020.include b/sbin/pfctl/tests/files/pf1020.include new file mode 100644 index 000000000000..3fca07f64bfa --- /dev/null +++ b/sbin/pfctl/tests/files/pf1020.include @@ -0,0 +1,4 @@ +; comment1 +# comment2 +1.0.0.1/32 ; comment1 +2.0.0.2/32 # comment2 diff --git a/sbin/pfctl/tests/files/pf1020.ok b/sbin/pfctl/tests/files/pf1020.ok new file mode 100644 index 000000000000..16073b3d6987 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1020.ok @@ -0,0 +1,2 @@ +table file "./pf1020.include" +block drop from to any diff --git a/sbin/pfctl/tests/pfctl_test_list.inc b/sbin/pfctl/tests/pfctl_test_list.inc index 4a63c0ba48b7..5d5aa0172530 100644 --- a/sbin/pfctl/tests/pfctl_test_list.inc +++ b/sbin/pfctl/tests/pfctl_test_list.inc @@ -127,3 +127,4 @@ PFCTL_TEST(1015, "Ethernet rule with several labels") PFCTL_TEST(1016, "Ethernet rule with ridentifier and one label") PFCTL_TEST(1017, "Ethernet rule with ridentifier and several labels") PFCTL_TEST(1018, "Test dynamic address mask") +PFCTL_TEST(1020, "Test hashmark and semicolon comment") From nobody Thu Aug 8 15:58:02 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfsBz12wNz5T79S; Thu, 08 Aug 2024 15:58:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfsBz0HV7z4Jss; Thu, 8 Aug 2024 15:58:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723132683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vqm4cdICJlk8BOf75lveHQnj/gB9HNBl8p+WC4m4Xk8=; b=srXdTMZxIUT5XmCzyIeMY5IHjbmGSvwsRr8hILsn2hOjMdPvgSnjDQ9XVumxXmykNlSVZ0 HqxcgRIiyNNcTT9Hp2qx1p9Su5JGLExAcbne/CrSJRi+iL88ZSZ7DXkmxFKGnZC3anLrdV 5f6daKmajU9kUGD1zO6zTbYg+q1NhRi/HtvK+NcXQIlEhjwnYxa+rSyBtcFDC10xEBvw9/ IajuWAGeldChjTgcNC4JOUW9O3KxXlYbgL9nXDjricBiX5Z0OTkVe78DyNMflqI1YX7RQ6 7qM/00kK/SpMOr7ueS9FVr4iz6qP1q4R8y1sj7V986+WbIbiuD7MCRw8fTykMw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723132683; a=rsa-sha256; cv=none; b=IYZ+Zb+hkqPlUkDEZ1rKBqeiwobkTK8xXjLG5D5nCi4l+cxjvK6LSNe9sx8rW3slM9bXrA DsFXjN4UtKThckE22uIWXtTclDkI36upJGvTBC1gGKu7tD+YBAlOqbRte9gwqxCrgaiUUT s0/2j2DxT9N5ai6qgad2Ep2llrmMpjJ7mm9JnM9JI1NoNuDT3KFeLK3zqWcGVUstSyXneU RD9R12uZs4R9aq4FnlyGiZJRmMNCzMnAiKHvmg6NiyghLcKwZ9iOC0qLagP+LmfByytpgW 1z6IyXLDQwL++OQ5W6KiJCQR/5n/ZqalnWmhRQBQqo8JSWI+uC2pvMGkbXrzYQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723132683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vqm4cdICJlk8BOf75lveHQnj/gB9HNBl8p+WC4m4Xk8=; b=hX0YaET7y8cT8TaJGHPWQrQImwmGdz3YiS1n+ATEx1ZDvLVDcEu53A8j/BYx4fq5b8+nGU 8FrLUrafFpEtGCgZnXtRM20ME9h2yAwTEpc20IuZE6YoozySV1vrhGEAY5EslG2Eu4SiTs fPB6K1gAYCrFP1Rj5EubytFqBGyCpDS84DeSKv3i5rgmyaOvt9RmpmsOPjGQ7DtohHv07L EnCQZUFqMc8ej04wRDqIFfMOJK1KZIEaj1wngn7vIf43E8d+Z9bfCMD9NI14f8Kbmvtr5E /v5o/S9AIyu3SIafb5ywlCLj5evzJajMmmhRGeUgIhHvTAz911g/DX+Dn+/1rw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfsBy6tM1zflm; Thu, 8 Aug 2024 15:58:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478Fw2ih092457; Thu, 8 Aug 2024 15:58:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478Fw2op092454; Thu, 8 Aug 2024 15:58:02 GMT (envelope-from git) Date: Thu, 8 Aug 2024 15:58:02 GMT Message-Id: <202408081558.478Fw2op092454@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 096cb89033a4 - stable/14 - dtrace: Avoid including dtrace_isa.c directly into dtrace.c List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 096cb89033a4ee78aa891cfef06d3b48a96537b0 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=096cb89033a4ee78aa891cfef06d3b48a96537b0 commit 096cb89033a4ee78aa891cfef06d3b48a96537b0 Author: Mark Johnston AuthorDate: 2024-07-24 20:10:33 +0000 Commit: Mark Johnston CommitDate: 2024-08-08 15:53:50 +0000 dtrace: Avoid including dtrace_isa.c directly into dtrace.c This was done in the original DTrace import, presumably because that made it a bit easier to handle includes. However, this can cause dtrace_getpcstack() to be inlined into dtrace_probe(), resulting in a missing frame in stack traces since dtrace_getpcstack() takes care to bump "aframes" to account for its own stack frame. To avoid this, compile dtrace_isa.c separately on all platforms. Add requisite includes. MFC after: 2 weeks Sponsored by: Innovate UK (cherry picked from commit 82283cad12a417abfb1469d899b2d7cfb1d38f77) --- sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c | 1 - sys/cddl/dev/dtrace/aarch64/dtrace_isa.c | 3 +++ sys/cddl/dev/dtrace/amd64/dtrace_isa.c | 3 ++- sys/cddl/dev/dtrace/arm/dtrace_isa.c | 1 + sys/cddl/dev/dtrace/i386/dtrace_isa.c | 3 ++- sys/cddl/dev/dtrace/powerpc/dtrace_isa.c | 2 ++ sys/cddl/dev/dtrace/riscv/dtrace_isa.c | 1 + sys/cddl/dev/fbt/x86/fbt_isa.c | 2 +- sys/conf/files.arm | 1 + sys/conf/files.riscv | 1 + sys/modules/dtrace/dtrace/Makefile | 1 + 11 files changed, 15 insertions(+), 4 deletions(-) diff --git a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c index ce02676e0dc1..d3e40e96e897 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c +++ b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c @@ -18446,7 +18446,6 @@ static struct cdevsw helper_cdevsw = { #include #include #include -#include SYSINIT(dtrace_load, SI_SUB_DTRACE, SI_ORDER_FIRST, dtrace_load, NULL); SYSUNINIT(dtrace_unload, SI_SUB_DTRACE, SI_ORDER_FIRST, dtrace_unload, NULL); diff --git a/sys/cddl/dev/dtrace/aarch64/dtrace_isa.c b/sys/cddl/dev/dtrace/aarch64/dtrace_isa.c index 72944e8a5ae2..ff0e068006bd 100644 --- a/sys/cddl/dev/dtrace/aarch64/dtrace_isa.c +++ b/sys/cddl/dev/dtrace/aarch64/dtrace_isa.c @@ -27,6 +27,7 @@ #include #include +#include #include #include #include @@ -46,6 +47,8 @@ #include #include +#include + #include "regset.h" #define MAX_USTACK_DEPTH 2048 diff --git a/sys/cddl/dev/dtrace/amd64/dtrace_isa.c b/sys/cddl/dev/dtrace/amd64/dtrace_isa.c index 0b7162998536..9db5a16190db 100644 --- a/sys/cddl/dev/dtrace/amd64/dtrace_isa.c +++ b/sys/cddl/dev/dtrace/amd64/dtrace_isa.c @@ -27,6 +27,7 @@ #include #include +#include #include #include #include @@ -368,7 +369,7 @@ dtrace_getarg(int arg, int aframes) for (i = 1; i <= aframes; i++) { fp = fp->f_frame; - if (P2ROUNDUP(fp->f_retaddr, 16) == + if (roundup2(fp->f_retaddr, 16) == (long)dtrace_invop_callsite) { /* * In the case of amd64, we will use the pointer to the diff --git a/sys/cddl/dev/dtrace/arm/dtrace_isa.c b/sys/cddl/dev/dtrace/arm/dtrace_isa.c index c3783b77c2d4..ed03e5ca0006 100644 --- a/sys/cddl/dev/dtrace/arm/dtrace_isa.c +++ b/sys/cddl/dev/dtrace/arm/dtrace_isa.c @@ -27,6 +27,7 @@ #include #include +#include #include #include #include diff --git a/sys/cddl/dev/dtrace/i386/dtrace_isa.c b/sys/cddl/dev/dtrace/i386/dtrace_isa.c index 64c8de2a8d3a..7a30587120ba 100644 --- a/sys/cddl/dev/dtrace/i386/dtrace_isa.c +++ b/sys/cddl/dev/dtrace/i386/dtrace_isa.c @@ -27,6 +27,7 @@ #include #include +#include #include #include #include @@ -428,7 +429,7 @@ dtrace_getarg(int arg, int aframes) for (i = 1; i <= aframes; i++) { fp = fp->f_frame; - if (P2ROUNDUP(fp->f_retaddr, 4) == + if (roundup2(fp->f_retaddr, 4) == (long)dtrace_invop_callsite) { /* * If we pass through the invalid op handler, we will diff --git a/sys/cddl/dev/dtrace/powerpc/dtrace_isa.c b/sys/cddl/dev/dtrace/powerpc/dtrace_isa.c index 7185a01c125d..acde4f0aeab2 100644 --- a/sys/cddl/dev/dtrace/powerpc/dtrace_isa.c +++ b/sys/cddl/dev/dtrace/powerpc/dtrace_isa.c @@ -29,6 +29,7 @@ #include #include +#include #include #include #include @@ -37,6 +38,7 @@ #include #include #include +#include #include #include diff --git a/sys/cddl/dev/dtrace/riscv/dtrace_isa.c b/sys/cddl/dev/dtrace/riscv/dtrace_isa.c index 87f52b809dfa..7a66d93d4ba9 100644 --- a/sys/cddl/dev/dtrace/riscv/dtrace_isa.c +++ b/sys/cddl/dev/dtrace/riscv/dtrace_isa.c @@ -29,6 +29,7 @@ #include #include +#include #include #include #include diff --git a/sys/cddl/dev/fbt/x86/fbt_isa.c b/sys/cddl/dev/fbt/x86/fbt_isa.c index 41e2823a1543..8f8a79ef31ef 100644 --- a/sys/cddl/dev/fbt/x86/fbt_isa.c +++ b/sys/cddl/dev/fbt/x86/fbt_isa.c @@ -55,7 +55,7 @@ #define FBT_PATCHVAL 0xf0 #endif -#define FBT_AFRAMES 2 +#define FBT_AFRAMES 3 int fbt_invop(uintptr_t addr, struct trapframe *frame, uintptr_t scratch __unused) diff --git a/sys/conf/files.arm b/sys/conf/files.arm index fbd294ebdb42..886ffebae28c 100644 --- a/sys/conf/files.arm +++ b/sys/conf/files.arm @@ -77,6 +77,7 @@ arm/arm/unwind.c optional ddb | kdtrace_hooks | stack arm/arm/vm_machdep.c standard arm/arm/vfp.c optional vfp cddl/dev/dtrace/arm/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" +cddl/dev/dtrace/arm/dtrace_isa.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/dtrace/arm/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/fbt/arm/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}" diff --git a/sys/conf/files.riscv b/sys/conf/files.riscv index cf121811ba23..42f1787489ac 100644 --- a/sys/conf/files.riscv +++ b/sys/conf/files.riscv @@ -1,4 +1,5 @@ cddl/dev/dtrace/riscv/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" +cddl/dev/dtrace/riscv/dtrace_isa.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/dtrace/riscv/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/dtrace/riscv/instr_size.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/fbt/riscv/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}" diff --git a/sys/modules/dtrace/dtrace/Makefile b/sys/modules/dtrace/dtrace/Makefile index 53e5f1792ad5..80490952f97e 100644 --- a/sys/modules/dtrace/dtrace/Makefile +++ b/sys/modules/dtrace/dtrace/Makefile @@ -13,6 +13,7 @@ KMOD= dtrace SRCS= dtrace.c \ dtrace_xoroshiro128_plus.c \ dtrace_asm.S \ + dtrace_isa.c \ dtrace_subr.c .if ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386" From nobody Thu Aug 8 15:58:03 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfsC01WMNz5T75G; Thu, 08 Aug 2024 15:58:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfsC00qDQz4KBY; Thu, 8 Aug 2024 15:58:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723132684; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s7QbtDBeHxivsb78PfKwxeOoXOYC7Xc7WSf0gj7oqw4=; b=OGZ5LtxFFZsNea5TgWR48VpnOe9M3oQvE3DfA+rme12XpAAZXsR1TkhlgdabI0bsR/WHTC HwhGbCrzi19tnregj/GIZpBnxnvu5w7N/saBAWKxyayv2kADLfIgkKEO4HeAbOC7C77S2n 8sNnCMZWC9eNM8G6zEXTfO1gfetnHOll1bWc78ZFic20HlYEXcIzYNTAC944mTb68vt041 7YVIFcREYZw3GHmygClMo+4zv6MCUHmsfYJ1AKkAm6uuL5ljDtFXiDeKtO3u8EeiqjYsfo u3S+a2HQpmVVTXOkX49rzyeOsnRIV/Nk5/lUtUiUGyVZX+xjWl5nqVgqej3UrA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723132684; a=rsa-sha256; cv=none; b=RXEjpxjkCSEkbMr6OsixwhO+qdKeWPkPpUK8qIjcwG95zgoad/AmEux4SEAhB7VPdVbA3l V1XxOWY34+sV+kKZ3nbtNwiXqS+vzq5eVs0qXUTK2Z75aZEukxIb8QYSsuqAzL6R/83yUY mwTqtby8EpzgLarJfiXvZ75jLhhRAdEIvLA+WEZyL6V6gUfNri+7TA60AjX0H0iWjyOedb X7YCIZupYu6S9hHzDk/Er2K97qBF4e/uaXomMD9QBnlbmq06JIHb2OkUanfPJG7qH9gLrr TKiFCRx1ZQ7vH0QHS6v4qqaTkDeZ8qjstNFJPHBgDZpItyGYHfcuWBtZxylIrQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723132684; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s7QbtDBeHxivsb78PfKwxeOoXOYC7Xc7WSf0gj7oqw4=; b=vXXH0pfmiV69ZwbbyKl6or2B/CRVRm3/Epa31+zsLoIV/UjEAEEtp/9oXpiC9ylxaxMK4+ B+scLBWwGIAHY4HWOqGhHjReF7WrF2iaPjckPHBZyMzqeD2qEhbzGbWOVIs/L4S3NuOVWM yjr9ctWeNr4bEgJuKNB9S4cJ2nCrJ59QqS32dzLHqKfvCIcdlxyJlBeXaMr2SZcutfBbQf qvMw7yWVOUcUznpHLmo7re7QFnWGx4AhwuosBQkyVgvWk4Mse0Vr0PqQ8tRFYad2MvaWfz o5GXV8L8UgG3j4XPF8azxHw/FFrNibEDeauTPEk7OaCwQ8fqHAjIqjWK5X56Tw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfsC00Qn6zfY6; Thu, 8 Aug 2024 15:58:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478Fw3LE092517; Thu, 8 Aug 2024 15:58:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478Fw3wM092514; Thu, 8 Aug 2024 15:58:03 GMT (envelope-from git) Date: Thu, 8 Aug 2024 15:58:03 GMT Message-Id: <202408081558.478Fw3wM092514@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: aa937aa8c526 - stable/14 - cxgbe: Flush transmitted packets more regularly in netmap mode List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: aa937aa8c52646c37a2e1c98303fb581d858af03 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=aa937aa8c52646c37a2e1c98303fb581d858af03 commit aa937aa8c52646c37a2e1c98303fb581d858af03 Author: Mark Johnston AuthorDate: 2024-05-21 19:18:32 +0000 Commit: Mark Johnston CommitDate: 2024-08-08 15:55:48 +0000 cxgbe: Flush transmitted packets more regularly in netmap mode Previously, when transmitting short runs of packets via cxgbe_nm_tx(), we would wait until a large number of packets were buffered before scheduling a task to clean transmit buffers. Obtained from: np (cherry picked from commit 6af3d59962449c66688361598163dd174cc5fb2a) --- sys/dev/cxgbe/t4_netmap.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/sys/dev/cxgbe/t4_netmap.c b/sys/dev/cxgbe/t4_netmap.c index 0377f65acc3e..e53fb5054316 100644 --- a/sys/dev/cxgbe/t4_netmap.c +++ b/sys/dev/cxgbe/t4_netmap.c @@ -1025,29 +1025,28 @@ cxgbe_nm_tx(struct adapter *sc, struct sge_nm_txq *nm_txq, nm_txq->pidx = 0; } - if (npkt == 0 && npkt_remaining == 0) { + if (npkt + npkt_remaining == 0) { /* All done. */ - if (lazy_tx_credit_flush == 0) { + if (lazy_tx_credit_flush == 0 || + NMIDXDIFF(nm_txq, equiqidx) >= nm_txq->sidx / 2) { wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ | F_FW_WR_EQUIQ); nm_txq->equeqidx = nm_txq->pidx; nm_txq->equiqidx = nm_txq->pidx; + } else if (NMIDXDIFF(nm_txq, equeqidx) >= 64) { + wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ); + nm_txq->equeqidx = nm_txq->pidx; } ring_nm_txq_db(sc, nm_txq); return; } - - if (NMIDXDIFF(nm_txq, equiqidx) >= nm_txq->sidx / 2) { - wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ | - F_FW_WR_EQUIQ); - nm_txq->equeqidx = nm_txq->pidx; - nm_txq->equiqidx = nm_txq->pidx; - } else if (NMIDXDIFF(nm_txq, equeqidx) >= 64) { - wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ); - nm_txq->equeqidx = nm_txq->pidx; - } - if (NMIDXDIFF(nm_txq, dbidx) >= 2 * SGE_MAX_WR_NDESC) + if (NMIDXDIFF(nm_txq, dbidx) >= 2 * SGE_MAX_WR_NDESC) { + if (NMIDXDIFF(nm_txq, equeqidx) >= 64) { + wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ); + nm_txq->equeqidx = nm_txq->pidx; + } ring_nm_txq_db(sc, nm_txq); + } } /* Will get called again. */ From nobody Thu Aug 8 16:00:55 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfsGH6Ppcz5T7Rb; Thu, 08 Aug 2024 16:00:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfsGH5nwtz4Kc9; Thu, 8 Aug 2024 16:00:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723132855; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1Ehhvs4VAoJAYfYxljRLmE3C9cB2f0QUVA4eLFv/QzY=; b=eyXCzopfmb5Z+g6cWOoDxQbIm/EcUmN19EXzFwWD5wEXJ5vij5n9gv4hEqScVmutyRC0F7 +hFX7QDm8BgMrrIF30LC6ARn+lvYkJ8VVLcZPALLP9Ut3iwaWq6Iq7BC5xq2HcaYo7ZgcJ 44h5kWEc9hmgDjxwT5eHH7QsOKyCMFEVuPDDizg9La6bofj7nUP8fh2o0C4cSRVo+1YZFL +As0OKLhtTyUxS77LKGJs5l4jmZfqyGTHNaS9+8nV3D8YnE9pry13TY0rZOrWKEROpW6hx HTrVHMEveql7EY+bfXcN+9dZPcP5yO2ge0uREwqLh7WifeC5U7VaRWdci18eqA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723132855; a=rsa-sha256; cv=none; b=TCrPqEP6avEY7exrBjdgAcLwI3z0PthoDGxq4eJHZ+zHBXGAEI6u1l6suvcHIRtBduyB3F WzJeXD0tRROZxCJhgcmfJk+THm34eE1ey1ueZw3ZVJ4JB68l5MIu869SQer8VX3BSPtDZJ Nb+NzQFFUlEqB9ECj1wNOAJ3fLKJvjcbGPAw6yWaupIxwsrjntWdmvPcLNbhnhNcRRzQVE Nvzdk1wgPV+H/2iDRSDd0gCUj9AKJhr9yhQJ/MeS7lpJxGLM9WhU+ANdhkUvSJNM5V2h3O c/zWQtlNJWakjRDVfYlGBcmdv2kEDpnRERW8qnvIdeW6M4WNVFejdhNCs8+eyw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723132855; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1Ehhvs4VAoJAYfYxljRLmE3C9cB2f0QUVA4eLFv/QzY=; b=HhB63i9ASW37LB8ab/riGoU2JTJ3OxCb/oVUWP3imCHrYVQFb55qUHvFMpZJOg9blr7x9F 3NiLyZvdO/eMds2SVI/xUjPKq2+C8FBo1QTsVcalUmzCDDmnHuRHYHFeURT+QwvBzJWx+Q 2YLcBd95Q83p9QQOiU/HbVy8MB/6kmzZmFoJl0aoI7hf/V/PPOLXZisutnnikJEHX47g15 g1wHp1Wf1NV7tcTCAmCpBOTh7oedVy8fJZNPWIXAazbUQrSR92iDearLsgKjtJNPqElKy2 WyuJr3+OwZi5RgXOKs9+ITg0ZwXP22Q9bUaLNnHtZjmVvQVgpXKGnp7pd03S2w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfsGH5PH3zflt; Thu, 8 Aug 2024 16:00:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478G0tHG005284; Thu, 8 Aug 2024 16:00:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478G0tBA005281; Thu, 8 Aug 2024 16:00:55 GMT (envelope-from git) Date: Thu, 8 Aug 2024 16:00:55 GMT Message-Id: <202408081600.478G0tBA005281@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 59a9c20d7736 - stable/13 - cxgbe: Flush transmitted packets more regularly in netmap mode List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 59a9c20d7736d41be22791ec9a797cc535734ace Auto-Submitted: auto-generated The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=59a9c20d7736d41be22791ec9a797cc535734ace commit 59a9c20d7736d41be22791ec9a797cc535734ace Author: Mark Johnston AuthorDate: 2024-05-21 19:18:32 +0000 Commit: Mark Johnston CommitDate: 2024-08-08 15:58:12 +0000 cxgbe: Flush transmitted packets more regularly in netmap mode Previously, when transmitting short runs of packets via cxgbe_nm_tx(), we would wait until a large number of packets were buffered before scheduling a task to clean transmit buffers. Obtained from: np (cherry picked from commit 6af3d59962449c66688361598163dd174cc5fb2a) --- sys/dev/cxgbe/t4_netmap.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/sys/dev/cxgbe/t4_netmap.c b/sys/dev/cxgbe/t4_netmap.c index 581094735c36..b60c1a88168c 100644 --- a/sys/dev/cxgbe/t4_netmap.c +++ b/sys/dev/cxgbe/t4_netmap.c @@ -1025,29 +1025,28 @@ cxgbe_nm_tx(struct adapter *sc, struct sge_nm_txq *nm_txq, nm_txq->pidx = 0; } - if (npkt == 0 && npkt_remaining == 0) { + if (npkt + npkt_remaining == 0) { /* All done. */ - if (lazy_tx_credit_flush == 0) { + if (lazy_tx_credit_flush == 0 || + NMIDXDIFF(nm_txq, equiqidx) >= nm_txq->sidx / 2) { wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ | F_FW_WR_EQUIQ); nm_txq->equeqidx = nm_txq->pidx; nm_txq->equiqidx = nm_txq->pidx; + } else if (NMIDXDIFF(nm_txq, equeqidx) >= 64) { + wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ); + nm_txq->equeqidx = nm_txq->pidx; } ring_nm_txq_db(sc, nm_txq); return; } - - if (NMIDXDIFF(nm_txq, equiqidx) >= nm_txq->sidx / 2) { - wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ | - F_FW_WR_EQUIQ); - nm_txq->equeqidx = nm_txq->pidx; - nm_txq->equiqidx = nm_txq->pidx; - } else if (NMIDXDIFF(nm_txq, equeqidx) >= 64) { - wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ); - nm_txq->equeqidx = nm_txq->pidx; - } - if (NMIDXDIFF(nm_txq, dbidx) >= 2 * SGE_MAX_WR_NDESC) + if (NMIDXDIFF(nm_txq, dbidx) >= 2 * SGE_MAX_WR_NDESC) { + if (NMIDXDIFF(nm_txq, equeqidx) >= 64) { + wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ); + nm_txq->equeqidx = nm_txq->pidx; + } ring_nm_txq_db(sc, nm_txq); + } } /* Will get called again. */ From nobody Thu Aug 8 17:28:20 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfvC832TPz5THqK; Thu, 08 Aug 2024 17:28:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfvC82WjCz4TC1; Thu, 8 Aug 2024 17:28:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723138100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SRWxQbd38XDH7vyO4DbcToc9jotrH5DCFAM8QtMTJlQ=; b=iDbHJIzXFFsMVM2llEYI186EwgY5wNkgiHEINrOPwX7tZ9BGJbG44rbzfX3o8tfs6/C6dn +UewOVDLjLMpu9RI1e1wnY0wdqHjTemL5DQYLIQuWKExq6Lho6j20dexl7OUM8EVzV9upZ PkgQXH1Qxa/9TYod3spMSSZQ/yngLY2FvMgc6aC1dowHSlj32LHVSGMH3x9rFv7rXDsd6d iPxqMteNmDvrDAMXeiZ3Ls+puEO7T2oBQppBbsn04w93+jxVv7wknaxfwKwWneZY9/b8Ja 9iMobXmtfkljXaQVHJSGNosQwkC9opOaCCUTt4FJGPjtvq40ydbo8NmxgscCAw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723138100; a=rsa-sha256; cv=none; b=ge3sSWTPWfpqhMCOz50udm+Axzza6utRL7gZ8rmg0lNJwR5g6nImSSXJ0s3eKa6huPqLhv 82ttuAoBE73uPkGOyzgjoRTmpUrGL4MLm0sDPSXX8u916n+aTVppqqR4f79KOXBCWLxUHB Gs+oQsPuBp60/cR4b6RZuOspBSlNkDOjbCrAoIXfWV796p1Fd0byN+PVIyJB+aS1rfB6W1 LKec+lwRbfYv2a1xc12PSM0rsw8a51QjbXTHrvZ3odZo42oUBjWrprq7dQ+akAEtMIJYtI 0Ebs1HNH0IebD8U68G5l9fFZp7OS2tKH6oi95N4+5hfd3CjoAKTJfq3WldvKNg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723138100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SRWxQbd38XDH7vyO4DbcToc9jotrH5DCFAM8QtMTJlQ=; b=lELp5lkqvgBUy3aSkAy5NjKvHEhC30/4uO5rGfPG0sHX7cAZWgUeOamRAao18knIKC1wwd 7DwDGq8MHuj8SMUSi6WZajBbQGp0X6Z5jCFiAnDnvKYQQTCPGX9Dbwm4GDm1+xNtd4Dxjw tXwgWUVW6gD1N+JaSaiD8JAbp3EgsrNqg6C2pL5/C0oyGRMwxlocFtrKkcgnAKOESxexF8 nnbNh8LsdwsWzbZR9BE9iID08fOomR0LSnvV7H+tEZRaGxRBMO9ooMPEd9G7VD1BotGWns LW6hbLY76qmAvh9bx/kbfePqiAgs5Vkq4qdQapdqpRLgvmQHeZ7PUipNaEn5HQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfvC8267rzjFw; Thu, 8 Aug 2024 17:28:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478HSK5N046397; Thu, 8 Aug 2024 17:28:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478HSKUJ046395; Thu, 8 Aug 2024 17:28:20 GMT (envelope-from git) Date: Thu, 8 Aug 2024 17:28:20 GMT Message-Id: <202408081728.478HSKUJ046395@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 4bf6ca0e71e2 - releng/13.4 - cxgbe: Flush transmitted packets more regularly in netmap mode List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: 4bf6ca0e71e2c726f6e662ea95b5c37d1fabf071 Auto-Submitted: auto-generated The branch releng/13.4 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=4bf6ca0e71e2c726f6e662ea95b5c37d1fabf071 commit 4bf6ca0e71e2c726f6e662ea95b5c37d1fabf071 Author: Mark Johnston AuthorDate: 2024-05-21 19:18:32 +0000 Commit: Mark Johnston CommitDate: 2024-08-08 17:13:56 +0000 cxgbe: Flush transmitted packets more regularly in netmap mode Previously, when transmitting short runs of packets via cxgbe_nm_tx(), we would wait until a large number of packets were buffered before scheduling a task to clean transmit buffers. Approved by: re (cperciva) Obtained from: np (cherry picked from commit 6af3d59962449c66688361598163dd174cc5fb2a) (cherry picked from commit 59a9c20d7736d41be22791ec9a797cc535734ace) --- sys/dev/cxgbe/t4_netmap.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/sys/dev/cxgbe/t4_netmap.c b/sys/dev/cxgbe/t4_netmap.c index 581094735c36..b60c1a88168c 100644 --- a/sys/dev/cxgbe/t4_netmap.c +++ b/sys/dev/cxgbe/t4_netmap.c @@ -1025,29 +1025,28 @@ cxgbe_nm_tx(struct adapter *sc, struct sge_nm_txq *nm_txq, nm_txq->pidx = 0; } - if (npkt == 0 && npkt_remaining == 0) { + if (npkt + npkt_remaining == 0) { /* All done. */ - if (lazy_tx_credit_flush == 0) { + if (lazy_tx_credit_flush == 0 || + NMIDXDIFF(nm_txq, equiqidx) >= nm_txq->sidx / 2) { wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ | F_FW_WR_EQUIQ); nm_txq->equeqidx = nm_txq->pidx; nm_txq->equiqidx = nm_txq->pidx; + } else if (NMIDXDIFF(nm_txq, equeqidx) >= 64) { + wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ); + nm_txq->equeqidx = nm_txq->pidx; } ring_nm_txq_db(sc, nm_txq); return; } - - if (NMIDXDIFF(nm_txq, equiqidx) >= nm_txq->sidx / 2) { - wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ | - F_FW_WR_EQUIQ); - nm_txq->equeqidx = nm_txq->pidx; - nm_txq->equiqidx = nm_txq->pidx; - } else if (NMIDXDIFF(nm_txq, equeqidx) >= 64) { - wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ); - nm_txq->equeqidx = nm_txq->pidx; - } - if (NMIDXDIFF(nm_txq, dbidx) >= 2 * SGE_MAX_WR_NDESC) + if (NMIDXDIFF(nm_txq, dbidx) >= 2 * SGE_MAX_WR_NDESC) { + if (NMIDXDIFF(nm_txq, equeqidx) >= 64) { + wr->equiq_to_len16 |= htobe32(F_FW_WR_EQUEQ); + nm_txq->equeqidx = nm_txq->pidx; + } ring_nm_txq_db(sc, nm_txq); + } } /* Will get called again. */ From nobody Thu Aug 8 19:11:47 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfxVW3xB5z5S2G8; Thu, 08 Aug 2024 19:11:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfxVW1NsPz4jX1; Thu, 8 Aug 2024 19:11:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723144307; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6o2gWGUij60xvHdv9fNt84e+Yp0ZtJhbIT2Spg8TP20=; b=pdhTFqeLDQodh8MXsTXi1IdTRwNryZy6HEu/llmoiVwO10HzmezYsZNRtnARt+YFIOWko/ B/jRQBtIAOPyObxhaddBT1wU4fp9rSiEJrS99ObTjYyCRFt7hJnt3pTyxdpkTgw1gdFMrd Nm8L19yBcDTLtXHiQmNwBIRNnC9Uj60TiPLuDrGQAsUOUAbTEJvnHf/CbOYJ5GyJXWhjMW fZpSH4XUYq3/dYzDKUT3FNvz8+Zthm7hjBm4QgE2LjUO4mjagLgrXpmGdNaJPcrdKiK4/w bUN/vnvL9MfPBsFuIVswUKkvuBP3J0nGzaF/3ggZdZ2IuL9LXQPbxEBXsEXh5g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723144307; a=rsa-sha256; cv=none; b=fmkNT87wMiWbTgO56RldrkGtsIFu8s3FzKA7fiU8kXJMyEHBJMVhXuupFMmHSdqH1qIWqM z67kG8EPwbSmOqCeNIfhfn8S/E9ftpHLSEi0H9pWZ95DKqUEZF3r3qBxHwGW1ttiORGi8M RtZuhFqry0XtBnPGPwlY7j7nLJxvlsmQMYmndPnsD0EPUJQOhqU5VyEgawoZzqrNHzMH6J HKMwy1TENx4gOdjeWcv1ncTxJY9a1cYDWkorkliIaSQF4PqrSZsQ0BC3Ts7J9nhpVvhS9g 9pzubaSFKXtC43KP/NNERyTZL1lZj1/gAENSvUMzs6Kv10mKGE+12PitgW/jBQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723144307; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6o2gWGUij60xvHdv9fNt84e+Yp0ZtJhbIT2Spg8TP20=; b=tfdYPbFcWh5TVr39oxQkBfnzqI+vPR349H07U81oJK7WEKJwEbobgd3Ng2Yt/4Y3H46zOn 9ywVixIfBRuCVeDNcpBz7nZLrcmgrpnpQFxYfcgFQZ5YTdFflHkkgMPylKCW+lT1eCUi8c +OU23KVBNeFBIjvs9x52422KfNod9LtVyEMz0InMPnjf4lHlMkzw6JD4SrkU8ksR1IYS0N f2cPWklS3hC5LxvvnIkb6ftEnqHf5KlRuTONkVAsHdCw34PTGIGgWCf7snp8VQV9RYADc5 JwiKlbF4Pqb8hPn5kg0fN8hfJepRgxCs39CtOxX1FWQmSuDv7wWHu6xyJqfHXw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfxVW0tx1zm35; Thu, 8 Aug 2024 19:11:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478JBlkJ026779; Thu, 8 Aug 2024 19:11:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478JBlP7026776; Thu, 8 Aug 2024 19:11:47 GMT (envelope-from git) Date: Thu, 8 Aug 2024 19:11:47 GMT Message-Id: <202408081911.478JBlP7026776@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 407ef8669f5a - stable/14 - nd6: Fix the routing table subscription List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 407ef8669f5a30b9269d53d65c82ec881d6f7808 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=407ef8669f5a30b9269d53d65c82ec881d6f7808 commit 407ef8669f5a30b9269d53d65c82ec881d6f7808 Author: Mark Johnston AuthorDate: 2024-07-25 14:26:36 +0000 Commit: Mark Johnston CommitDate: 2024-08-08 19:09:26 +0000 nd6: Fix the routing table subscription The nd6 code listens for RTM_DELETE events so that it can mark the corresponding default router as inactive in the case where the default route is deleted. A subsequent RA from the router may then reinstall the default route. Commit fedeb08b6a58e broke this for non-multipath routes, as rib_decompose_notification() only invokes the callback for multipath routes. Restore the old behaviour. Also ensure that we update the router only for RTM_DELETE notifications, lost in commit 2259a03020fe0. Reviewed by: bz Fixes: fedeb08b6a58 ("Introduce scalable route multipath.") Fixes: 2259a03020fe ("Rework part of routing code to reduce difference to D26449.") MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Bell Tower Integration Differential Revision: https://reviews.freebsd.org/D46020 (cherry picked from commit a48df53e4249499be3e8779dd30888a405aa81ae) --- sys/netinet6/nd6.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index 3eacb05f88d7..e1fd421060df 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -1614,8 +1614,7 @@ check_release_defrouter(const struct rib_cmd_info *rc, void *_cbdata) struct nhop_object *nh; nh = rc->rc_nh_old; - - if ((nh != NULL) && (nh->nh_flags & NHF_DEFAULT)) { + if (rc->rc_cmd == RTM_DELETE && (nh->nh_flags & NHF_DEFAULT) != 0) { dr = defrouter_lookup(&nh->gw6_sa.sin6_addr, nh->nh_ifp); if (dr != NULL) { dr->installed = 0; @@ -1627,9 +1626,10 @@ check_release_defrouter(const struct rib_cmd_info *rc, void *_cbdata) void nd6_subscription_cb(struct rib_head *rnh, struct rib_cmd_info *rc, void *arg) { - #ifdef ROUTE_MPATH rib_decompose_notification(rc, check_release_defrouter, NULL); + if (rc->rc_cmd == RTM_DELETE && !NH_IS_NHGRP(rc->rc_nh_old)) + check_release_defrouter(rc, NULL); #else check_release_defrouter(rc, NULL); #endif From nobody Thu Aug 8 19:11:48 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfxVX6XQ4z5S2B0; Thu, 08 Aug 2024 19:11:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfxVX3RzNz4jrs; Thu, 8 Aug 2024 19:11:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723144308; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nAni+UbHv3VJ5c7iG+IFI9HJD50mSImYLPUNc7kZcbQ=; b=dnGZkoxioe3XHsC+UiIAS5jF8hLyOOYaZSooA3cDKjtfyd1BMnrSTV3uEl/3JLvkk53wyP W5s0dxj0Nxw5P2T1SBJ8rEKvRpuCauge8eKObKSzNhhrJvjd5bYdgWzbThAVPadmbhYE6l NRF1wHMfx7N5S9FUmzXZ/LSB8AF1dG4q0ZipuMuKsMTnZ6GgL5OgEcWxvEz0HBDyjlDQlR ajStY32dyqIfKlT42gMLitEQxFe/L4+0zqmY39ACJsVD96dtw2s48RdVtBZmw5JsnV22Oc IaWtUyfKpooRs9CTqy3ZEYrsSZ7pTMgAmM/d0mz83yIjrWxahHpE6hWibV5aWg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723144308; a=rsa-sha256; cv=none; b=Ks/MC3GUzIz6YafQhphdghIIVRskUfuTlJwVdAyq2HpW0sy+z8jyzcH5aZ3G+w0QtWo/ok TR3g/l8CLBcO41NsGE55EvK1C8MXV3cmwprYlVlI1KcP4ZN9OJw6t7vj7+GnFIOQVmr7Lc TZpI9DmwqPTwybaiULqHr+bsOwg2K2fHS7K85TqCQXbfaSC2R7YMZrSJ/ZCr3Pb7hzknzp SjqYEFPy582ulQSUDGvrNg66RmqF6qcOxJrNrobHwyupC1q0WQpbcEOwWAibFAoK6qgvjU aQs8cGawQmVCQUmNEiP2hMChAaxY6GKALH5x9HIyo6JvKUNFjoENZIy27R+C0g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723144308; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nAni+UbHv3VJ5c7iG+IFI9HJD50mSImYLPUNc7kZcbQ=; b=eTMIw2gfTxSI2eVVbL2WBOEDpUagNYnC/hvpXFsZO2hpN8Ujk+6ngRWp3Q1rThfBJZWVeE DARYru0J6lb5xchvk+qL5WU4POkValny2Oigc6+ZgBsGf+9sz/eyvBLaNOLlArwu5N9kOb ISzfI0yfjg6+NVPHhD71ySawJ4fZm1URIuTBX91clcQVn89tlo9o7jNl8C6rwrIpX4e6MZ wgwkom4Yu1aMMJInRs4TwaUGDtGF89v04dFQd8JT54guj/5+Y3oiEhrxVA5i4037GlMlN1 Kli+cuVsG7Y7VEKGqDbz8nhHuUT72gnrkZTBIrWkVP9Lb/yqsHMDh4fCxvPpWw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfxVX1y38zlWp; Thu, 8 Aug 2024 19:11:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478JBmT0026841; Thu, 8 Aug 2024 19:11:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478JBmKA026838; Thu, 8 Aug 2024 19:11:48 GMT (envelope-from git) Date: Thu, 8 Aug 2024 19:11:48 GMT Message-Id: <202408081911.478JBmKA026838@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: cb2657c9622a - stable/14 - netinet6 tests: Add a regression test for default router handling List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: cb2657c9622abb416ba90239e6f652147e7b62dc Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=cb2657c9622abb416ba90239e6f652147e7b62dc commit cb2657c9622abb416ba90239e6f652147e7b62dc Author: Mark Johnston AuthorDate: 2024-07-25 21:01:11 +0000 Commit: Mark Johnston CommitDate: 2024-08-08 19:11:34 +0000 netinet6 tests: Add a regression test for default router handling This serves as a regression test for commit a48df53e4249. Reviewed by: bz, allanjude MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Bell Tower Integration Differential Revision: https://reviews.freebsd.org/D46136 (cherry picked from commit feda329622bc77ab64ae5f0bf852743f4a037616) --- tests/sys/netinet6/Makefile | 34 +++++++++-------- tests/sys/netinet6/ndp.sh | 92 ++++++++++++++++++++++++++++++++++++++++++--- tests/sys/netinet6/ra.py | 38 +++++++++++++++++++ 3 files changed, 143 insertions(+), 21 deletions(-) diff --git a/tests/sys/netinet6/Makefile b/tests/sys/netinet6/Makefile index 82e84859ecbc..46f6f26115fe 100644 --- a/tests/sys/netinet6/Makefile +++ b/tests/sys/netinet6/Makefile @@ -5,28 +5,30 @@ TESTSDIR= ${TESTSBASE}/sys/netinet6 FILESDIR= ${TESTSDIR} ATF_TESTS_PYTEST= test_ip6_output.py -ATF_TESTS_SH= \ - exthdr \ - mld \ - scapyi386 \ - redirect \ - divert \ - forward6 \ - output6 \ - lpm6 \ - fibs6 \ - ndp \ - proxy_ndp +ATF_TESTS_SH= exthdr \ + mld \ + scapyi386 \ + redirect \ + divert \ + forward6 \ + output6 \ + lpm6 \ + fibs6 \ + ndp \ + proxy_ndp + TEST_METADATA.output6+= required_programs="python" -${PACKAGE}FILES+= exthdr.py -${PACKAGE}FILES+= mld.py -${PACKAGE}FILES+= scapyi386.py -${PACKAGE}FILES+= redirect.py +${PACKAGE}FILES+= exthdr.py \ + mld.py \ + scapyi386.py \ + ra.py \ + redirect.py ${PACKAGE}FILESMODE_exthdr.py= 0555 ${PACKAGE}FILESMODE_mld.py= 0555 ${PACKAGE}FILESMODE_scapyi386.py=0555 +${PACKAGE}FILESMODE_ra.py=0555 ${PACKAGE}FILESMODE_redirect.py=0555 TESTS_SUBDIRS+= frag6 diff --git a/tests/sys/netinet6/ndp.sh b/tests/sys/netinet6/ndp.sh index eddd49112421..038a640f331e 100755 --- a/tests/sys/netinet6/ndp.sh +++ b/tests/sys/netinet6/ndp.sh @@ -25,7 +25,6 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# . $(atf_get_srcdir)/../common/vnet.subr @@ -36,6 +35,7 @@ ndp_add_gu_success_head() { } ndp_add_gu_success_body() { + local epair0 jname vnet_init @@ -74,6 +74,7 @@ ndp_del_gu_success_head() { } ndp_del_gu_success_body() { + local epair0 jname vnet_init @@ -102,13 +103,94 @@ ndp_del_gu_success_cleanup() { vnet_cleanup } +ndp_if_up() +{ + local ifname=$1 + local jname=$2 -atf_init_test_cases() + if [ -n "$jname" ]; then + jname="jexec ${jname}" + fi + atf_check ${jname} ifconfig ${ifname} up + atf_check ${jname} ifconfig ${ifname} inet6 -ifdisabled + while ${jname} ifconfig ${ifname} inet6 | grep tentative; do + sleep 0.1 + done +} + +ndp_if_lladdr() { + local ifname=$1 + local jname=$2 - atf_add_test_case "ndp_add_gu_success" - atf_add_test_case "ndp_del_gu_success" + if [ -n "$jname" ]; then + jname="jexec ${jname}" + fi + ${jname} ifconfig ${ifname} inet6 | \ + awk '/inet6 fe80:/{split($2, addr, "%"); print addr[1]}' } -# end +atf_test_case "ndp_slaac_default_route" "cleanup" +ndp_slaac_default_route_head() { + atf_set descr 'Test default route installation via SLAAC' + atf_set require.user root + atf_set require.progs "python" +} + +ndp_slaac_default_route_body() { + local epair0 jname lladdr + + vnet_init + + jname="v6t-ndp_slaac_default_route" + + epair0=$(vnet_mkepair) + vnet_mkjail ${jname} ${epair0}a + + ndp_if_up ${epair0}a ${jname} + ndp_if_up ${epair0}b + atf_check jexec ${jname} ifconfig ${epair0}a inet6 accept_rtadv + + # Send an RA advertising a prefix. + atf_check -e ignore python $(atf_get_srcdir)/ra.py \ + --sendif ${epair0}b \ + --dst $(ndp_if_lladdr ${epair0}a ${jname}) \ + --src $(ndp_if_lladdr ${epair0}b) \ + --prefix "2001:db8:ffff:1000::" --prefixlen 64 + + # Wait for a default router to appear. + while [ -z "$(jexec ${jname} ndp -r)" ]; do + sleep 0.1 + done + atf_check -o match:"^default[[:space:]]+fe80:" \ + jexec ${jname} netstat -rn -6 + + # Get rid of the default route. + jexec ${jname} route -6 flush + atf_check -o not-match:"^default[[:space:]]+fe80:" \ + jexec ${jname} netstat -rn -6 + + # Send another RA, make sure that the default route is installed again. + atf_check -e ignore python $(atf_get_srcdir)/ra.py \ + --sendif ${epair0}b \ + --dst $(ndp_if_lladdr ${epair0}a ${jname}) \ + --src $(ndp_if_lladdr ${epair0}b) \ + --prefix "2001:db8:ffff:1000::" --prefixlen 64 + while [ -z "$(jexec ${jname} ndp -r)" ]; do + sleep 0.1 + done + atf_check -o match:"^default[[:space:]]+fe80:" \ + jexec ${jname} netstat -rn -6 +} + +ndp_slaac_default_route_cleanup() { + vnet_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case "ndp_add_gu_success" + atf_add_test_case "ndp_del_gu_success" + atf_add_test_case "ndp_slaac_default_route" +} diff --git a/tests/sys/netinet6/ra.py b/tests/sys/netinet6/ra.py new file mode 100644 index 000000000000..44814418da48 --- /dev/null +++ b/tests/sys/netinet6/ra.py @@ -0,0 +1,38 @@ +#- +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2024 Klara, Inc. +# + +import argparse +import scapy.all as sp +import sys + +# +# Emit a router advertisement with the specified prefix. +# +def main(): + parser = argparse.ArgumentParser("ra.py", + description="Emits Router Advertisement packets") + parser.add_argument('--sendif', nargs=1, required=True, + help='The interface through which the packet will be sent') + parser.add_argument('--src', nargs=1, required=True, + help='The source IP address') + parser.add_argument('--dst', nargs=1, required=True, + help='The destination IP address') + parser.add_argument('--prefix', nargs=1, required=True, + help='The prefix to be advertised') + parser.add_argument('--prefixlen', nargs=1, required=True, type=int, + help='The prefix length to be advertised') + + args = parser.parse_args() + pkt = sp.Ether() / \ + sp.IPv6(src=args.src, dst=args.dst) / \ + sp.ICMPv6ND_RA(chlim=64) / \ + sp.ICMPv6NDOptPrefixInfo(prefix=args.prefix, prefixlen=args.prefixlen) + + sp.sendp(pkt, iface=args.sendif[0], verbose=False) + sys.exit(0) + +if __name__ == '__main__': + main() From nobody Thu Aug 8 20:07:02 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfykH1cmZz5S8p7; Thu, 08 Aug 2024 20:07:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfykH0g4Cz4pdk; Thu, 8 Aug 2024 20:07:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723147623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=shqNHeU4i0TcaccDA0Tol7azt5EhwvoZOENpJvqRpzE=; b=Ahu4sTVXIh2wIneUQYwrOgKYF8bZR4EFiBQvtEYECkWHExgr1WpZkKi4N03w/EvQmruDM8 wsbokvwmp6ZoM9r2llJ8XZPqZXM6fhvraMuj/FA23Bo142Zy9UCFfMiU6ZqrzXws6qKgO3 edliEPQomZHNfu2oqIbmGEWi8QrILU9WRmzvRu7LClPjRB6jMZ48Cu8VcFHunbKtAIpzZ8 h0v2g3dpau3LOlZDDk63jXqgAE4wCZC0viJ2OqLl25fanacXpFzzQRXCa/NNUoldAcqerp aIHUgFN5PmeKfE3wIMwZVck2U5pMn/4US5pb1kQJodwTqfjinucDkjGZR0Yrrw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723147623; a=rsa-sha256; cv=none; b=PAysAhK46nCSh5WqvJ6L/BoZwItkVWxoa1K8UeYdrWlJBlL4pEiqwF7e13cKWFuY/TweZd PgDacaMPYqvJ9euevSB/Z54/qsFX9iHJEyZgQvxVx60lBoX0eCFXGs3NjX0UYeOBQIv5um 7dCYRFCsayNI8Fm21VzrW6WDn9UK3TbeNJwrBkD09c68wqDW1fD22rXQ5x8j1Z7OgcYAcf LFNeMMyErzpJGS5A327S5P5pZBDUMqSpeL9l0w85ojHbrF0R9t4EQCQhk/vFgcYFHd1z+y lkx4kBiV4TDi9S8Jp+dBdP/ne2AlNJk5uuR2Cpw/zQNvk00AG5ZrqUzlVX1oqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723147623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=shqNHeU4i0TcaccDA0Tol7azt5EhwvoZOENpJvqRpzE=; b=W8XFOcE0dPKPkwR78pY6ORdssDA2ljE/OLcPJWrSg7uvGfZMoRYsF1H6q1E2y4SI/mwubq KKyAtuLOoo/7//p3ld2I9w9dQD9+t5bllrXtlPh+9fSSXHKROmub081m/zmGzyp58fjTod lDaUyMRqzZAOeF/SIvAPSzKHNVtBC5mzTUC8NFELKIrRsDYcNcUOonTGahqI2pQIx2XIJX lzqaKi/0GlSzsb6WTOdbufjD+5u36b16MifJGOGY3/DJatAxFgbEp89bA+JrSGJX4XZcWq vTvAJA67Gj42LjCT9+a9s1cOdY8FgpVVumBhbWL+/fw7B/hCXn9LiFqv/u38sw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfykH0GGpzn1B; Thu, 8 Aug 2024 20:07:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478K72ix017109; Thu, 8 Aug 2024 20:07:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478K72pb017106; Thu, 8 Aug 2024 20:07:02 GMT (envelope-from git) Date: Thu, 8 Aug 2024 20:07:02 GMT Message-Id: <202408082007.478K72pb017106@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 40c79e979ea8 - stable/14 - route: avoid overlapping strcpy List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 40c79e979ea8dbbf2262297865754910f8d704c0 Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=40c79e979ea8dbbf2262297865754910f8d704c0 commit 40c79e979ea8dbbf2262297865754910f8d704c0 Author: Kyle Evans AuthorDate: 2024-07-23 20:25:46 +0000 Commit: Kyle Evans CommitDate: 2024-08-08 19:59:15 +0000 route: avoid overlapping strcpy Passing overlapping buffers to strcpy yields an undefined result, so let's avoid it. The copy doesn't really need to happen anyways, we can just point to the domain part of the hostname. This was discovered with _FORTIFY_SOURCE. Sponsored by: Klara, Inc. Sponsored by: Stormshield Reviewed by: allanjude, emaste, imp, melifaro (all previous version) (cherry picked from commit 158f319428c10143ce2ffe766416207c75578931) --- sbin/route/route.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/sbin/route/route.c b/sbin/route/route.c index 7cf2bf842559..ad7a906bc142 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -107,8 +107,8 @@ static u_long rtm_inits; static uid_t uid; static int defaultfib; static int numfibs; -static char domain[MAXHOSTNAMELEN + 1]; -static bool domain_initialized; +static char domain_storage[MAXHOSTNAMELEN + 1]; +static const char *domain; static char rt_line[NI_MAXHOST]; static char net_line[MAXHOSTNAMELEN + 1]; @@ -594,14 +594,16 @@ routename(struct sockaddr *sa) const char *cp; int n; - if (!domain_initialized) { - domain_initialized = true; - if (gethostname(domain, MAXHOSTNAMELEN) == 0 && - (cp = strchr(domain, '.'))) { - domain[MAXHOSTNAMELEN] = '\0'; - (void)strcpy(domain, cp + 1); - } else - domain[0] = '\0'; + if (domain == NULL) { + if (gethostname(domain_storage, + sizeof(domain_storage) - 1) == 0 && + (cp = strchr(domain_storage, '.')) != NULL) { + domain_storage[sizeof(domain_storage) - 1] = '\0'; + domain = cp + 1; + } else { + domain_storage[0] = '\0'; + domain = domain_storage; + } } /* If the address is zero-filled, use "default". */ From nobody Thu Aug 8 20:07:04 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfykJ3CS2z5S8tY; Thu, 08 Aug 2024 20:07:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfykJ1Mmrz4pT0; Thu, 8 Aug 2024 20:07:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723147624; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BZxqIXBvETdipGyd0k+oOl8CfWBuT3l5Zv0uhzKXRb8=; b=trGXni4OFCZcffZeWNhkvjrQJr+GjmH/1FlzUWRt5YsA5PONzeKjnRIec14TLFSAnyeVH9 53SIoDcTlHzXF+W9aAWQBISLfaGQd9HcAuwpb6KWUxLSFmi950iet1ZFtA4m6+B5HCXBei X7AC+3IO2GoGfu8q06HpUwuf17fyIL0oOCuUO1Wbv/8f3Ci/corlm9sR+wUcBAtAJ+MWdn E8zH6u3OsSRZCkFGsGtTKGsA/IByBHW/0j6Vh6qkF5m6/tu/1Hy8Kq1j4XIaCUHgmcXE+r S+2TZd+aNuQcVED0plPNS5SiiDBzAl6N4ShUIbdT9ip3swo18HELkTz1h1rARQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723147624; a=rsa-sha256; cv=none; b=iN27ga/MzPSS+XTs+GJRuhGPJjm/6vBWB0cct4D16CtoDCvjVyd2Dm77dWYpoXAoX17i0R ZP+cfht6TTltvIEwTHtcd62Zd5ncIUDMppxMsG8AYcMhryhRhxJSEKO573firw0GZHCVko wAEBTrdLP3ZC3ox7xH9Q8K/2HGTGLyfdkvoy0qd46Ud+HzlEtepS48fU22O2RsqkDcRijj 3Mm4wpYWOKJ+5l2+pZPmbPc2/GGt3pHJIZ5RFGI+kT/hgYLCsGxF6d3ysJdCRMpotjiNtD r7OHg9n8gJPhI1NFGVDqEvrIkm/fzKDACNYNL9GeaOL8I1LVaajwDFkBcfyMKQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723147624; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BZxqIXBvETdipGyd0k+oOl8CfWBuT3l5Zv0uhzKXRb8=; b=GdfQYR1LjC/NfPKh9O7DMJQmDiNHPw2Sy2W+frZhJU14ALTW1A6wtXUPgLiziDqDCU8G/W 3uKGdMcvCKCuhICZF8rcn4uNxwRfkP/vme4hFmMVBwzSVXoY52syJyXLacdf8MHHt4rQZY QlEVxKFnmfA93goCsdDGc6/WhGJK2gVUywFaj5SwbZxlFB1KOby6yWYC7y/kNclNVHb6ac 2sm6c183TrLuLm3QlmFIPxjq6yYzp+LB5wueJSZw38ciUPfnj3/mq/49Cy5/j0rZrUp/KP v2EHzGsKMoGoy3pSK827sowBSJHoEL3RYjAdtQdpT/sPGy5E3SgkbhDos1ko4A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfykJ0zyTzmyC; Thu, 8 Aug 2024 20:07:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478K74pt017161; Thu, 8 Aug 2024 20:07:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478K74jW017158; Thu, 8 Aug 2024 20:07:04 GMT (envelope-from git) Date: Thu, 8 Aug 2024 20:07:04 GMT Message-Id: <202408082007.478K74jW017158@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 33708452aaab - stable/14 - calendar: don't setlogin(2) in the -a user handlers List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 33708452aaabca205d81eceb83e0813e5882815c Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=33708452aaabca205d81eceb83e0813e5882815c commit 33708452aaabca205d81eceb83e0813e5882815c Author: Kyle Evans AuthorDate: 2024-08-05 18:43:56 +0000 Commit: Kyle Evans CommitDate: 2024-08-08 19:59:21 +0000 calendar: don't setlogin(2) in the -a user handlers As of e67975d331 ("Fix 'calendar -a' in several ways."), `calendar -a` will now fork off a new process for each user and do all of its own processing in the user's own context. As a side-effect, calendar(1) started calling setlogin(2) in each of the forked processes and inadvertently hijacked the login name for the session it was running under, which was typically not a fresh session but rather that of whatever cron/periodic run spawned it. Thus, daily and security e-mails started coming from completely arbitrary user. We could create a new session, but it appears that nothing calendar(1) does really needs the login name to be clobbered; opt to just avoid the setlogin(2) call entirely rather than incur the overhead of a new session for each process. PR: 280418 Reviewed by: des, olce Fixes: e67975d331 ("Fix 'calendar -a' in several ways.") (cherry picked from commit 6cb8b61efe8899ee9194563108d0ae90c1eb89e3) --- usr.bin/calendar/calendar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.bin/calendar/calendar.c b/usr.bin/calendar/calendar.c index 476c0495d218..2e3baee7d57f 100644 --- a/usr.bin/calendar/calendar.c +++ b/usr.bin/calendar/calendar.c @@ -224,7 +224,7 @@ main(int argc, char *argv[]) lc = login_getpwclass(pw); if (setusercontext(lc, pw, pw->pw_uid, - LOGIN_SETALL) != 0) + LOGIN_SETALL & ~LOGIN_SETLOGIN) != 0) errx(1, "setusercontext"); setenv("HOME", pw->pw_dir, 1); cal(); From nobody Thu Aug 8 20:07:06 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfykL5pKtz5S94p; Thu, 08 Aug 2024 20:07:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfykL4rtpz4pmf; Thu, 8 Aug 2024 20:07:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723147626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/Fyb6QDu9yfB0wI8Izj1gfP5F7rs20ERw4iufsbn8gA=; b=sYC5fiz74nkC+fV8YNETHuVnJJTJLNEAscqCPQGPLqR/w3LYJnAQFawU5CfMIGWU2b9BOs 1WQBpJakKDebY8Itl3Fcbb07fLwYoWgqLv5AGtBRGKRS6HZQ5aOG5ZtFDhBV2CD5/5SLwA vkyunKMX2NQtm2C1aOoWCWc5abIMpH9tQFi7eCTYt2lktJRVUNZd/mSEfYFyiC7MxjerIK 5NU7e7nGC86JOhPvyCq6el//hDkJlNX2edFhodEkcU+2oilTZ5YKzkYCUdngsyTQX6nW7s 2wmhgbqVWsZVjBXUBLRmsObwS0bE7qmWmx1397mzuNVd6COR4magBH1z4177eQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723147626; a=rsa-sha256; cv=none; b=B522ZpJdXx9aom9Fv2U5oEDtP8laLcQ9YVWz0ZoGRgnI8e450fG9iuzTKEuftndjossT8U 5FhjAAICSQE6myQxufT/rPL/DACl/WQukgmfA19H171Jkvu/Vu3Z+NSeJOtpny1dIpwEY3 WE2Qfvsf2Ocj5URC6UzTXe49NYEPncfwquudsqP9VY4VC5ywbqKhdn+OwFKw17M6yWjIKA HQ7PhhPt6Jxe5W7EpHBuS40dmmXbTfhF0/RLgA8P8MV373nMPKS4WYvjzTHyGkmUqJI3aZ 6mQK54LuLcEObSLExqAcaGZvFA0aGshDEoT5ttOJUOllL14gA/wBW6OXderRow== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723147626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/Fyb6QDu9yfB0wI8Izj1gfP5F7rs20ERw4iufsbn8gA=; b=yqbNbAgzVqDKuIrYxF+qf7U95CaGBcUaiJT3Qk7a5YbwwvxTRj6lV5PxoFNnuAHGIN46FY ID5OOEw/RqzRhZ0HEtDLYe3I9zy9c3YdIeUGNTdVzrCTBPC2S+CYMhY6FKA0NBmKa3cCgA mFyXLHnE+VPZjRKKGJ4VYGV42Jd+5/lFcyMc08jDczZwBO15u6Dkd+LXizB5bRcwbrGjII aHadYbAMfZvWFzWl7vHu21rXL46lbwDM9JsZqVpaUDEe8eTYomqtIRfSP6+yACb3DgCD5h hD7hq8c/9fko+2B8APHt9esVKfY58fUkE+c+Tkpznqfbw/uXpNV0SLnfAejfXw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfykL3yd6zn7V; Thu, 8 Aug 2024 20:07:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478K767I017317; Thu, 8 Aug 2024 20:07:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478K76DW017314; Thu, 8 Aug 2024 20:07:06 GMT (envelope-from git) Date: Thu, 8 Aug 2024 20:07:06 GMT Message-Id: <202408082007.478K76DW017314@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 781bc1a69fab - stable/13 - route: avoid overlapping strcpy List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 781bc1a69fab3ccb93deab611d19be18d093ca26 Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=781bc1a69fab3ccb93deab611d19be18d093ca26 commit 781bc1a69fab3ccb93deab611d19be18d093ca26 Author: Kyle Evans AuthorDate: 2024-07-23 20:25:46 +0000 Commit: Kyle Evans CommitDate: 2024-08-08 20:00:37 +0000 route: avoid overlapping strcpy Passing overlapping buffers to strcpy yields an undefined result, so let's avoid it. The copy doesn't really need to happen anyways, we can just point to the domain part of the hostname. This was discovered with _FORTIFY_SOURCE. Sponsored by: Klara, Inc. Sponsored by: Stormshield Reviewed by: allanjude, emaste, imp, melifaro (all previous version) (cherry picked from commit 158f319428c10143ce2ffe766416207c75578931) --- sbin/route/route.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/sbin/route/route.c b/sbin/route/route.c index c48a39b490dd..d82ab2c054ae 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -108,8 +108,8 @@ static u_long rtm_inits; static uid_t uid; static int defaultfib; static int numfibs; -static char domain[MAXHOSTNAMELEN + 1]; -static bool domain_initialized; +static char domain_storage[MAXHOSTNAMELEN + 1]; +static const char *domain; static int rtm_seq; static char rt_line[NI_MAXHOST]; static char net_line[MAXHOSTNAMELEN + 1]; @@ -563,14 +563,16 @@ routename(struct sockaddr *sa) const char *cp; int n; - if (!domain_initialized) { - domain_initialized = true; - if (gethostname(domain, MAXHOSTNAMELEN) == 0 && - (cp = strchr(domain, '.'))) { - domain[MAXHOSTNAMELEN] = '\0'; - (void)strcpy(domain, cp + 1); - } else - domain[0] = '\0'; + if (domain == NULL) { + if (gethostname(domain_storage, + sizeof(domain_storage) - 1) == 0 && + (cp = strchr(domain_storage, '.')) != NULL) { + domain_storage[sizeof(domain_storage) - 1] = '\0'; + domain = cp + 1; + } else { + domain_storage[0] = '\0'; + domain = domain_storage; + } } /* If the address is zero-filled, use "default". */ From nobody Thu Aug 8 20:07:07 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WfykN0Pt6z5S94q; Thu, 08 Aug 2024 20:07:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WfykM5R3nz4pKw; Thu, 8 Aug 2024 20:07:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723147627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xdHX+/fohZbBg2uOie0mmaGi+1eY0YhCSdDT7zW4bcc=; b=pcTmoAQPaxhkQBOH0beWCFHL8bHdvOnT/hGEbt8GEwy0kaQWszcCAt3LCgo440GZRyjt59 MsGTSsAjllFKfwIF8mqz6iGyEuGjoEpUlZrpAKU3u2XcI3afXK0pkTHWVZG/724CIazUpl XSLsiE98lQSdcRvcuRoRH+q698Oa3rSqpqfasmzrNr3dppWnTtYCgUviaqbeAlazkcTMrw nQBzCzQLYI5rzSUalhhOWHpmASd2QZepurFSHqzSYYYv35L3f7pAGWD7rH7I+3euYQ0gtD lV0HrXsQVB/mCnVL9IHc/+lQ6VvzZYtx2i4NeUJ7rjBMLd4aDn6YEKwbuvAnUA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723147627; a=rsa-sha256; cv=none; b=pDnkalbeCfX/UIo+4A/sPJVAVcBCn5qpNEO1UsBUUrBErvOVpCF8wgXIh0nxNWF4ODdxZb w7fXbtLkmOAHqQHop8jou9gNyfeQ9bZwJjcHW+XcqXLJ5SO3iv7ydIUvgHminQvc+BAy2c Iien+FoaQQkKxS/KOgUtz83rKGFMNPTl4vrwjKh/vkJrIbr+ERoGE5K7XZoq/Hd2Wzio4n kAy3rbct2ougfK9KxUx1usNWWd2XAtVTAQTGkZI+dCnrpqMwl7O9g8a9WaBD2v5WhFm2l5 o8VowjOCN/rq63QQKERaSBQC+Bjc0efEOjlldqElzOZvkmTPtCeafeTTV5Zx1g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723147627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xdHX+/fohZbBg2uOie0mmaGi+1eY0YhCSdDT7zW4bcc=; b=gDn1K9JS7jBYoDiW452m/SKoOO2RAECHai4KwN7RgZcIpMgJpQcaEjntYKtq3fTEhQ9Cau Yaq9WMBQ0EsF8qsjxZ7sVlMDWR4DNEJ3OIQ0oQLri6Le73wvr7/iZo+KeQeDW+OvBuPB1r toABHu4LSGxwmG0mcM/9i7C4mVWpv9hf986zrArB+nUWFbc3j/rvcaoDtnmdf3YBeLXZzW 4ujQJZ9UVb0CZArhvRiQoZ9mVI660ppYm6BksXb8sjlXdzzjFDEIvGNslHyYsYZLT0W50Y 6w/0MACrxO/+xoH4hO7n1LKb28uGMIERKgmmLnSKN1BMeav9yTs/CRwPaGsQvQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WfykM50NZzn7W; Thu, 8 Aug 2024 20:07:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478K77uL017369; Thu, 8 Aug 2024 20:07:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478K77ls017366; Thu, 8 Aug 2024 20:07:07 GMT (envelope-from git) Date: Thu, 8 Aug 2024 20:07:07 GMT Message-Id: <202408082007.478K77ls017366@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 3a9010c98b3d - stable/13 - calendar: don't setlogin(2) in the -a user handlers List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 3a9010c98b3d9676307fac20d42cdd3cfd4bc46d Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=3a9010c98b3d9676307fac20d42cdd3cfd4bc46d commit 3a9010c98b3d9676307fac20d42cdd3cfd4bc46d Author: Kyle Evans AuthorDate: 2024-08-05 18:43:56 +0000 Commit: Kyle Evans CommitDate: 2024-08-08 20:00:40 +0000 calendar: don't setlogin(2) in the -a user handlers As of e67975d331 ("Fix 'calendar -a' in several ways."), `calendar -a` will now fork off a new process for each user and do all of its own processing in the user's own context. As a side-effect, calendar(1) started calling setlogin(2) in each of the forked processes and inadvertently hijacked the login name for the session it was running under, which was typically not a fresh session but rather that of whatever cron/periodic run spawned it. Thus, daily and security e-mails started coming from completely arbitrary user. We could create a new session, but it appears that nothing calendar(1) does really needs the login name to be clobbered; opt to just avoid the setlogin(2) call entirely rather than incur the overhead of a new session for each process. PR: 280418 Reviewed by: des, olce Fixes: e67975d331 ("Fix 'calendar -a' in several ways.") (cherry picked from commit 6cb8b61efe8899ee9194563108d0ae90c1eb89e3) --- usr.bin/calendar/calendar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.bin/calendar/calendar.c b/usr.bin/calendar/calendar.c index 476c0495d218..2e3baee7d57f 100644 --- a/usr.bin/calendar/calendar.c +++ b/usr.bin/calendar/calendar.c @@ -224,7 +224,7 @@ main(int argc, char *argv[]) lc = login_getpwclass(pw); if (setusercontext(lc, pw, pw->pw_uid, - LOGIN_SETALL) != 0) + LOGIN_SETALL & ~LOGIN_SETLOGIN) != 0) errx(1, "setusercontext"); setenv("HOME", pw->pw_dir, 1); cal(); From nobody Thu Aug 8 22:41:45 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wg28n4lyPz5SSgJ; Thu, 08 Aug 2024 22:41:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wg28n39pWz45VB; Thu, 8 Aug 2024 22:41:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723156905; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y109/xOqN4Bb4p/b40CMxtwNLE8d5xUf7KR52lWWywk=; b=h+VFcoEWgmLJfq58x6aUfPEd5CaqybDbHLtQmb2tRsX9Lag2MFoiqOP0bZdHhDm/gZKj1v ava0bOnGp/TJfDkmiTuZ9sKjDoQ3de84mAr0q+U63d3wOz/ot+RB+E/OmlbSQ050fuZEA2 k7CcF0+347EqzbVPeRhUinHdXW/OCQnz9Q8RHPh2iwhnKD0FoDtkUehUvrDtOU9VPPmfvq 1nHzG6AOh9zYkIq5ujRvLoSsjqnr4gNod8QyQX+rI5rP9hJGlh7xALBbzyR9vkA577/HFU pwF57aTun9OkYvxdFLau4EJ1yBKHZIeCdrJvDrqCN54QBL9QyMMZgmjA0lgI0A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723156905; a=rsa-sha256; cv=none; b=HaX0aRHojZTgxcmoFGP7uLkGrU4yStUGNHdLEc54+Vh/KqwtaQu48fqdZ2AHsmsvrbE6Tr SBC5FLuk8/PgiseTucuAAELHTsPDkYQVF8b/fBFVa8nVN7ucPXVwiEfo+B9hcGiALXN+7x w9nY5N+qtMZ+H3TqSYQ82xYeYvbB7HK8Qgkx+FL7vG8THNyHCS20LZnAMi9/oLnVtERH5a nvESvO0rG9mBxjoHQ1fBwQszhCMc52u1gwzgxwmEQRrONtrON6R9+HXjx1uY2HcbvqxqO7 L1rhgvTHrI74xfiGKznxz/nwgPikgpjDU8NVurWWijHZ3Pt935rpoZdma4e1ww== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723156905; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y109/xOqN4Bb4p/b40CMxtwNLE8d5xUf7KR52lWWywk=; b=cDbeo4T8ACm02b5UlKYPHuaIutzf3Ar1o1AO8WMRm1imW3uR5JKZRAYlP9sh/QNRyS7vEf u/zmGmMqVM4JYo1l1R+id/VJSSIyoOm9cx0LvAwLuaVh5z3ny06xNG7lRgOvDwOuq4X71L BfLLd/VlsR00vLa6dVswAJ6Q3VJ2LpI8CNRJ4lDlYSf8a1aev2PCKjMf5rpi8gQj/Dp9Vc zuKy5uW9XAICm24mtLOg3TLdaq6JMusg+DEgoL2dSZJYxoMV5Z6aFtWRkBgKgMdCbltEoA OEyJPaLUirHc0xmV7QBxn3ncpaJNDs7ipUmWAlrbDemJd8mERRjlnOM/WBeFvw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wg28n2ndMzs0Q; Thu, 8 Aug 2024 22:41:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 478Mfjta085384; Thu, 8 Aug 2024 22:41:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 478Mfjvo085381; Thu, 8 Aug 2024 22:41:45 GMT (envelope-from git) Date: Thu, 8 Aug 2024 22:41:45 GMT Message-Id: <202408082241.478Mfjvo085381@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 751c889691cc - releng/13.4 - nd6: Fix the routing table subscription List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: 751c889691cc93087251a5af45b6da796d5d2e85 Auto-Submitted: auto-generated The branch releng/13.4 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=751c889691cc93087251a5af45b6da796d5d2e85 commit 751c889691cc93087251a5af45b6da796d5d2e85 Author: Mark Johnston AuthorDate: 2024-07-25 14:26:36 +0000 Commit: Mark Johnston CommitDate: 2024-08-08 22:41:29 +0000 nd6: Fix the routing table subscription The nd6 code listens for RTM_DELETE events so that it can mark the corresponding default router as inactive in the case where the default route is deleted. A subsequent RA from the router may then reinstall the default route. Commit fedeb08b6a58e broke this for non-multipath routes, as rib_decompose_notification() only invokes the callback for multipath routes. Restore the old behaviour. Also ensure that we update the router only for RTM_DELETE notifications, lost in commit 2259a03020fe0. Approved by: re (cperciva) Reviewed by: bz Fixes: fedeb08b6a58 ("Introduce scalable route multipath.") Fixes: 2259a03020fe ("Rework part of routing code to reduce difference to D26449.") MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Bell Tower Integration Differential Revision: https://reviews.freebsd.org/D46020 (cherry picked from commit a48df53e4249499be3e8779dd30888a405aa81ae) (cherry picked from commit c611f050d0dc01bf1f738300365895da84aa5fef) --- sys/netinet6/nd6.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index 39c4b498e938..70fb468176a5 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -1595,8 +1595,7 @@ check_release_defrouter(const struct rib_cmd_info *rc, void *_cbdata) struct nhop_object *nh; nh = rc->rc_nh_old; - - if ((nh != NULL) && (nh->nh_flags & NHF_DEFAULT)) { + if (rc->rc_cmd == RTM_DELETE && (nh->nh_flags & NHF_DEFAULT) != 0) { dr = defrouter_lookup(&nh->gw6_sa.sin6_addr, nh->nh_ifp); if (dr != NULL) { dr->installed = 0; @@ -1608,9 +1607,10 @@ check_release_defrouter(const struct rib_cmd_info *rc, void *_cbdata) void nd6_subscription_cb(struct rib_head *rnh, struct rib_cmd_info *rc, void *arg) { - #ifdef ROUTE_MPATH rib_decompose_notification(rc, check_release_defrouter, NULL); + if (rc->rc_cmd == RTM_DELETE && !NH_IS_NHGRP(rc->rc_nh_old)) + check_release_defrouter(rc, NULL); #else check_release_defrouter(rc, NULL); #endif From nobody Fri Aug 9 00:11:51 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wg48l2qRtz5Sf0L; Fri, 09 Aug 2024 00:11:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wg48l23J7z4FkK; Fri, 9 Aug 2024 00:11:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723162311; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CQdk4HKxVYh+4gmc31uC7MpsnHUkr0LodOZ0AiW5+Ns=; b=fdvMlFaQg6uBXP4V7RU58QLQzwM3wZvUwCp+RTElCLJFfqWPT8a4VfQy3NcwZ/pwPtb0xk BlSB3rPmxf8N4rrlbt8rd/7aIV4bS1GU0gwncocHx2T5yb9hHIhickPlV9YVNHrvLGLI2w Yh/jGSA6bfh028wjmXQ4N7I64jKMPOJoTTgkOjFC/8G6KIXRHNsyLGHAhRTD8nvKnd5+lB zko/hOByP3JSaKY6VyJ78ACoY5Acv1vNdH4dKyi8EnUnC5OMWmkcMW6MyH6f6Tm4d+M5jO ZAG4VM/SUaMcBRFyYj4nhPbPLdMnUC976lvMs/VtlclubDn5yH8LDP6hProxqQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723162311; a=rsa-sha256; cv=none; b=WT8jbe/3c8/5rzkFwlV71p3CyKb9w+52nTXhqlidY2nkRFvynWRnmw/IiMTb0hk8lPaMqO hZ5Zfpwnoycd1zCifD9JRV0lYCV6WCfg4oOu5J9MI+ZD5ct2G2C1GpsQdOeLDT+vE0OERW UWN5hFOhDNL1C0w+nXtRaulAFd7t4/ft9JEmggIHKHPJeiN2GOf8h11esV2668WO0MYNpc Hfg1bqMg2woL3wE319n5p3vS51M3tPLAbuitv1k0g65bzrZ63uwwgE01INuvHIGSerBOMB 3v6EDVzQgKMvJ5DpnkimFHyZ0Wx+Fwky/9saLXvtmVknbjuCKfigJJH5w1JQgw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723162311; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CQdk4HKxVYh+4gmc31uC7MpsnHUkr0LodOZ0AiW5+Ns=; b=CpHUgRAZyqZwgPcgtMi/4q04BvHnCCVkSutoQAn1mjAr6oTeJwQOKo4ow8UezxCbzLhjk8 WOBGUH2owRIYlBFh5dtD9RBlrGsdDAZ1fniO1hr8DMwFgSOh/UA/AQiXtCH8tvbUOLh7vA wSnLPW1mqnAETADFe6VTgugvpa38CLR9v+RIx0On78ZS8TLtaLSZRCqkzQxqUn5AZXjSw1 TUAnpFKKTaovKqFEBeQySd9dSxNMU+vzKuXDRpzoBoLqlV2mbyl6MOnYWfASwUrOXqJi0h DhzqVEh0rO91opAzZFiNm0t+kDO5nbTobZ0uqtq+Qjy+uzGgzY/cfJuMRLCP6A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wg48l1fHcztT9; Fri, 9 Aug 2024 00:11:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4790Bp5l037653; Fri, 9 Aug 2024 00:11:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4790BpYK037650; Fri, 9 Aug 2024 00:11:51 GMT (envelope-from git) Date: Fri, 9 Aug 2024 00:11:51 GMT Message-Id: <202408090011.4790BpYK037650@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 30b27afe3bc5 - releng/13.4 - 13.4: update to BETA2 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: 30b27afe3bc5263fc45eb5cc0389684e8c58f41f Auto-Submitted: auto-generated The branch releng/13.4 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=30b27afe3bc5263fc45eb5cc0389684e8c58f41f commit 30b27afe3bc5263fc45eb5cc0389684e8c58f41f Author: Colin Percival AuthorDate: 2024-08-09 00:11:33 +0000 Commit: Colin Percival CommitDate: 2024-08-09 00:11:33 +0000 13.4: update to BETA2 Approved by: re (implicit) Sponsored by: Amazon --- sys/conf/newvers.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 5a0f6c2f3498..b145530cc66a 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="13.4" -BRANCH="BETA1" +BRANCH="BETA2" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Fri Aug 9 15:10:52 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WgS672r7Jz5SCbN; Fri, 09 Aug 2024 15:10:55 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WgS672P7Vz4lf7; Fri, 9 Aug 2024 15:10:55 +0000 (UTC) (envelope-from jhb@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723216255; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E1DnS4Ey2SGef2vZ7mAaXHwJmjwfuDORyUQpsuaqDRM=; b=RZW9SaRSrWusgUiUC4K1iUd4TCNJtS0WtgMZ7h5O6Q1qqVdgxJm1PxV8CZ7FqIJk0WqHpX oCrzT3l8UV/DLYG6IugzlsS1MtPD1e9RjFPmkfeRiUoycKoZSIbgqg2R4gNXuMYAGTWChH cbXmGl5ovcKbCNEAooSTDolTU08OiOEc4jeAunXRK2dJIULJAYtsTbzPYBwH2FMPeTt1+4 cIXp79ye+o1IsJ/baiyhCJkRw6VeJbDt3j5HLX3UMNyBz4Gqx0RnmGBhMiA3hZ8lozgSYO 1QWiz+WSM3Etd8u3O7WBt9reZy+YmuAqzEREDM4HsQfcBssMik0eCNOXeKyIeQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723216255; a=rsa-sha256; cv=none; b=maHdk2Gk0nwV3PfyHDw+xrfcHVFrivwfP+h63JLA1P4Zya3XOEjxnGAP57hLzjnPjHGVGn AgMljLVViYZy7VfuXG/oN7NLklRC/11BiD7SIXiAQH9Au8QWGS/vjZ1xzx942/zvqZ9xnu hpavBZ1nq47gDcc6R2bpM4+lUMQoe94PacCPI6bb3lpRnZ7Xgnm82+cMBzG7gX0eU3ggYL rtbAdaO1noxgxuUanEzu/Rt+GtJYBoLS8xpZkP/b4C3U5C0TXaLzxu7htiM7hRdYFE8E7G /V1HVxcaihVdApmrzd7P4Ez55keB7yq9IG6z7sHtlA+6+rRHsJdrby8m3n9SWQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723216255; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E1DnS4Ey2SGef2vZ7mAaXHwJmjwfuDORyUQpsuaqDRM=; b=LRVBDG/g9/ADWU5Lp+hZ5IrLmL1pfZWhXh9DqrA6PZR2eXU+HL5VU5uAr5LO5JDO5Hcd3t xKrZozse6RTTTjKnjJC+HNbBk8i3aUq0NF+7x5RiZSWWjspt7nVGQ+foUVlVpZl51m9pn3 N7cc6AJMZ5tCfLKNEz6bQL1uBv8tA998PwcDyxaNQAxfIywNU4rKVL+oukU2Tex1Rlko0E 7AciYFS2dCFA4tNaNQWdE7Mz4oaKltbXt58JreSm4nGR/pXJBCFswACYJpNGpURdJKQHJQ Eebm2i0x+LvrUUk7bH+aB15ISnScEcD5qM3PsZxwlZosnN9QZfPnCRlNqEGlTQ== Received: from [IPV6:2601:5c0:4200:b830:6c9f:1ef9:c118:3e3c] (unknown [IPv6:2601:5c0:4200:b830:6c9f:1ef9:c118:3e3c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 4WgS670QrpzVQt; Fri, 9 Aug 2024 15:10:55 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Message-ID: <5779dd3b-7134-4e72-bc8d-efa64cebddf0@FreeBSD.org> Date: Fri, 9 Aug 2024 11:10:52 -0400 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: git: fc43a1b6842a - stable/14 - tzsetup: symlink /etc/localtime instead of copying Content-Language: en-US To: "Sean C. Farley" , Ed Maste Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org References: <202408011538.471FcJDS026885@gitrepo.freebsd.org> <784ce21d-a604-bb91-c52e-29c78e2bb6e4@FreeBSD.org> From: John Baldwin In-Reply-To: <784ce21d-a604-bb91-c52e-29c78e2bb6e4@FreeBSD.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 8/8/24 00:35, Sean C. Farley wrote: > On Thu, 1 Aug 2024, Ed Maste wrote: > >> The branch stable/14 has been updated by emaste: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=fc43a1b6842afa806dfd7ba48de5bece63d04456 >> >> commit fc43a1b6842afa806dfd7ba48de5bece63d04456 >> Author: Ed Maste >> AuthorDate: 2022-10-14 16:44:35 +0000 >> Commit: Ed Maste >> CommitDate: 2024-08-01 15:11:45 +0000 >> >> tzsetup: symlink /etc/localtime instead of copying >> >> Using a symlink means that new timezone data (installed by an errata >> update, say) will be usable without having to be copied again. >> >> Reviewed by: bapt, kevans, philip >> Sponsored by: The FreeBSD Foundation >> Differential Revision: https://reviews.freebsd.org/D37005 >> >> (cherry picked from commit 5e16809c953f4cd19fadb1767469dec319de0353) > > I ran across an issue with this when using "etcupdate -D" to update a > jail from the host. "tzsetup -r -C /tmp/chroot", as called by > etcupdate, prepends the path of the chroot to the link which breaks > things inside the jail. > > For example, if you run the following: > mkdir -p /tmp/chroot/etc > mkdir -p /tmp/chroot/usr/share > mkdir -p /tmp/chroot/var/db > ln -s /usr/share/misc /tmp/chroot/usr/share/misc > ln -s /usr/share/zoneinfo /tmp/chroot/usr/share/zoneinfo > cp /var/db/zoneinfo /tmp/chroot/var/db/. > tzsetup -C /tmp/chroot -r > > The result will be the following: > /tmp/chroot/etc/localtime@ -> /tmp/chroot//usr/share/zoneinfo/America/Indiana/Indianapolis Hmm, we also intentionally moved away from symlinks to copying many years ago. We added /var/db/zoneinfo so that tzsetup -r would know which file to copy into /etc after we moved away from the symlink I thought? It looks like tzsetup switched to copying by default longer ago than I remembered though in 1996 (commit c78cc02b89f6f5e562e5cf93d54faaa1bd79dfef), though that replaced an older change that switched from copying to symbolic links (2d71a1f121460406695c914b4f35e2e365010855). Presumably though -r shouldn't do anything if /etc/localtime is a symlink? I thought the only reason it was added was due to using copies: commit ada5f18a1b161e4fd99966444f85ca51d5a3fd8a Author: Edwin Groothuis Date: Tue Oct 20 06:54:31 2009 +0000 Instead of having to know which timezone was picked last time, you now can run "tzsetup -r" which will reinstall the last choice. This data is recorded in /var/db/zoneinfo. MFC after: 1 week Notes: svn path=/head/; revision=198267 -- John Baldwin From nobody Sat Aug 10 10:21:27 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wgxdg4rMqz5SWJm; Sat, 10 Aug 2024 10:21:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wgxdg47gbz4q2Q; Sat, 10 Aug 2024 10:21:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723285287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ikpZcMguvqjl0sntgJKvZUW1DE2oFpNOAqOtPLOGc4c=; b=RLdVBbn2wq6PbC36o/UTGSaqFecv1TI9khoJV4I9qLcUyrgfGjcozicqLopLSNUEuPHLEb tl8uZqMhRyXj0aUfqGQuQMA94yt1aBSrvZ0Dril+9JzzaJ09c2PiIpzmuZb7eNUGYNJemn ohovc0lepbkHT682m3ZdJSrw+aSS+Xj+4t2WHntDhQufff6bj07f+tCBbLckWtoJ1VyEgT b6uCs/PHkBl4GHq5ggw/f61WRsIkzPzudTABHoDGD/p2kuf9a9nqmfoDXidmKk2/aStO3F 7F9sYPO12+6cbRAkeOEOVvLsQPG8nw2uyg1+zdHIlUJB9mI6be7O2aTc2l0o0g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723285287; a=rsa-sha256; cv=none; b=qqTNlHPEL1nDGqTdp0NFHe+FMrlfGcuazBEUyw29A84XoKw6wykCALkyJY9QKblmNRzZ9c z3ybgKCWEmW8SNEJ9qtvm2nTaQiS4MJ2LmeniIlcbz5MjByCqWxjObgjdgRLRmTvPZl5RN UP2bKoWPDEgjje1wrPA/nVcnbgEEv880AItML4XH+Aj7pR08Ae56kqXoLYrK0RF910CvK3 xvwURR2UKNg40UnspyOjXneKQKzHjpRZHRE1cQMJcSiM6r7cLEtmTgZCQf+dQ1bnMh0OaU H/QdVsuBRf03ERUnlw9gt8QJV9EW5j7dmK2ILe1WTQXBHmb7sH/DopJCirFi/w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723285287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ikpZcMguvqjl0sntgJKvZUW1DE2oFpNOAqOtPLOGc4c=; b=FCG/XPhgcAbTlwbWPpnfuS+MSjk4jSj7rK7L/csov1cj8uI/c3SBlt8FFnNqpMcFFGxATJ KDM8SqQLCUNpVCGA2xTHwCQ1aPkSQ2Btt5ewy4aMTCVzQ3B2pq1ee3R9uyuzcVQ3BEeu1G mvjyJKUZjuH9dLLyoXFznJLE+76eGcntPnOBvwk4/i8jz9Uv4bSWENqQYaam4wSm3w5pf5 AGaIvBBPw6jhs041scDJnTCYxm01WiXU4AUaO7sp5HIRMHlPWt2O4I3s7ECfBuwhbCXu76 S/X0wxSzwI0eurf6hrqqbKdSXIrh55EXgWUm89fyFA/MzxrPaZ/AXmo0myGdAQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wgxdg3hYxzwnH; Sat, 10 Aug 2024 10:21:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47AALRYk009489; Sat, 10 Aug 2024 10:21:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47AALRUg009486; Sat, 10 Aug 2024 10:21:27 GMT (envelope-from git) Date: Sat, 10 Aug 2024 10:21:27 GMT Message-Id: <202408101021.47AALRUg009486@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: c23c718ed637 - stable/14 - tcpsso: add example to man page List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: c23c718ed63763aabad0b5bef828fcd374d2c4d0 Auto-Submitted: auto-generated The branch stable/14 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=c23c718ed63763aabad0b5bef828fcd374d2c4d0 commit c23c718ed63763aabad0b5bef828fcd374d2c4d0 Author: Michael Tuexen AuthorDate: 2024-08-03 17:59:06 +0000 Commit: Michael Tuexen CommitDate: 2024-08-10 10:21:08 +0000 tcpsso: add example to man page Describe how to switch the TCP stack on all endpoints in the LISTEN state. Reviewed by: concussious.bugzilla_runbox.com Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D46218 (cherry picked from commit 5c44e69d2f3d2404f39c552448173a9bd62bd651) --- usr.sbin/tcpsso/tcpsso.8 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/usr.sbin/tcpsso/tcpsso.8 b/usr.sbin/tcpsso/tcpsso.8 index 37968c8afa54..9bff621fc516 100644 --- a/usr.sbin/tcpsso/tcpsso.8 +++ b/usr.sbin/tcpsso/tcpsso.8 @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd January 14, 2024 +.Dd August 3, 2024 .Dt TCPSSO 8 .Os .Sh NAME @@ -229,11 +229,17 @@ Then, use the following command to enable Black Box Logging on it: # tcpsso -i 435 TCP_LOG 4 .Ed .Pp -To switch all TCP endpoints from using the freebsd stack to the rack stack use: +To switch all TCP endpoints from using the freebsd stack to the RACK stack use: .Bd -literal -offset indent # tcpsso -S freebsd TCP_FUNCTION_BLK rack .Ed .Pp +All TCP endpoints in the LISTEN state can be switched to the RACK stack by +using: +.Bd -literal -offset indent +# tcpsso -s LISTEN TCP_FUNCTION_BLK rack +.Ed +.Pp The following command will set the congestion control module of all TCP endpoints currently using cubic as its congestion control algorithm to the congestion control algorithm newreno: From nobody Sat Aug 10 10:22:01 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WgxfL5LP6z5SWfb; Sat, 10 Aug 2024 10:22:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WgxfL07dQz4qHr; Sat, 10 Aug 2024 10:22:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723285322; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=syaRUSwYMu8Jls8ZS8WuHFxb7gdHqHcru/m3vZ86N7c=; b=En0yDcqQq1nTOqvoZFjQH6r83JyOR5wDEtTU7eQHnPm18CFlM3QKwuxj/R2dNQn9jdhtlF kTh1/jZ9+SGM1JmeQ/7CMW3bzLBNtL9wKMHlHcoBkbG2gN18qljMAwjoYLdmoTu7dpiZSQ 2UNfotr4bUFJIh4qDhO79D+Kh3I3BZCipX0o+/ej6PbF+T2H3Ptqcx5AhZA25J3kncgF1s biTFBRb2Jnd+e7j3SMbzUzXHP5DpDeGvfxvOjlPte9LGwTLcsBQ4ggQxkvykSJoxCT7Wd6 MBDajgv5/nHB58UgTRVK1pkvCY7xaprzEBPxdY4mYqGhbI/F6q9HEBOGiV3Deg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723285322; a=rsa-sha256; cv=none; b=t+qcsQreDmKhxX0j569+/kqRhF7/x3aKvHpB4ol8L8ehnBGcZo/p6+MkjYGdlzcgsBqgqJ QvCQs0HurDvn4C3tRbOfhKSWsRBdU+sNMrjPQHSHGtJliSnW1IYW+4b0Zx5xNFESehl4ef 24SJfiNDxh8FPyxJHWgz5jVP925ru3GFXlrXWqShqfKsL9vr/Bs+40//LXL/yU7sqfYg0K cFJL8N9mBTkzwH3AECZ4wMsPcrPCVQ3EEmL0051azVoZMtcdYzOf3n6Mv1oaMPi9bE54Db 6/RuoBqjqc0APnjIn7VeRhympWIFEJR3Wh11GLtVTqn/rXoNYMst1nWo0WeBNg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723285322; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=syaRUSwYMu8Jls8ZS8WuHFxb7gdHqHcru/m3vZ86N7c=; b=qW9u9jxcueogkFwu1nD04DdzN1kfiDzKj7swlqXAMj3pG/GlMy3EbqbOtmltu0Snjrcmn/ NCNeXqXwp26j4Kf2lfwBD13RjTASC8IisghntlKaw6wPjc19x2eFpmnbFUBEehbqiaGNEb XkooN3hj3rOcK4STdl0dpX0AS2T0iIB3yd2i2fDKyK0MKGctRDZVNwMTZJEi3+EsZnF8Sy 17rs40QyGlKv3+nc7TqF5eIFKxRSbnGjrCyG4S/nAIpoV238VBEdlZqG3j1ANAOzFbuQro vJqujjPgFcynoTzwf2HHhBJMoqGn2E73d4kBskvFIkWCfqU0EF7oNl853BTwvw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WgxfK6sQWzwYv; Sat, 10 Aug 2024 10:22:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47AAM1Pw011607; Sat, 10 Aug 2024 10:22:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47AAM1s0011604; Sat, 10 Aug 2024 10:22:01 GMT (envelope-from git) Date: Sat, 10 Aug 2024 10:22:01 GMT Message-Id: <202408101022.47AAM1s0011604@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: 5c4fd0b523f7 - stable/14 - tcpsso: improve man page List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5c4fd0b523f7c75b0d331025378ed7df12f0fc87 Auto-Submitted: auto-generated The branch stable/14 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=5c4fd0b523f7c75b0d331025378ed7df12f0fc87 commit 5c4fd0b523f7c75b0d331025378ed7df12f0fc87 Author: Michael Tuexen AuthorDate: 2024-08-03 18:30:10 +0000 Commit: Michael Tuexen CommitDate: 2024-08-10 10:21:51 +0000 tcpsso: improve man page Address comment provided by bcr. Sponsored by: Netflix, Inc. (cherry picked from commit 2edac5a60a57a2a6ef80c61079d427c4ee31b7a9) --- usr.sbin/tcpsso/tcpsso.8 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/usr.sbin/tcpsso/tcpsso.8 b/usr.sbin/tcpsso/tcpsso.8 index 9bff621fc516..5bbcd0eb873f 100644 --- a/usr.sbin/tcpsso/tcpsso.8 +++ b/usr.sbin/tcpsso/tcpsso.8 @@ -234,8 +234,7 @@ To switch all TCP endpoints from using the freebsd stack to the RACK stack use: # tcpsso -S freebsd TCP_FUNCTION_BLK rack .Ed .Pp -All TCP endpoints in the LISTEN state can be switched to the RACK stack by -using: +Switch all TCP endpoints in the LISTEN state to the RACK stack by using: .Bd -literal -offset indent # tcpsso -s LISTEN TCP_FUNCTION_BLK rack .Ed From nobody Sat Aug 10 10:28:42 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wgxp31yF0z5SWMV; Sat, 10 Aug 2024 10:28:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wgxp319R5z4qmX; Sat, 10 Aug 2024 10:28:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723285723; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MzkOW4uYiv9MS5s8+Qc0n5eIcnQenVqzM8vBwWDuvGg=; b=qKhkvwS96djLO7Oc5dz+P4UM/+VJeyw0FSoZs/IEwjwfcsZH8uVgcyhK9r0qyqeae0a6d0 qS+yDlZx19O184i8vmbn6dhUV6L7en22/4Esa5cAl8roVqoXSHTX+qsjA0CVGwI1nplq5T N3oV6iDGlpWu4kIF++YHQqAa3HV3hOD0aExF+LqThZUWT0s98CmzzeJ9hSOWQcASqsFE3i LM0u3WGdIAP6LaFRuqqVgKWc6c5A2JY4ueSDyeDX+mhhfDc84RGP0JQv4VtgMigUZowVTV tiXKnXdvk+xIDyBpXpj207PSEjLCE5q8dd5atQ1M5O9XF9yF8HDPhHBSeO1RwA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723285723; a=rsa-sha256; cv=none; b=uB1BMwQ6sBTTcVZXk2wkNJL6g/cw1oPbT6Az2+mBouF02hPjZrv/iGmMGwZhaUJa5v+6RC AFX4DKkbUbntenEOQG90MY66YwPJIn2psRvTjInuVgwQoTjsPZTZlGafkzdJfcr+z4gXUr 1vjZLhNclNnG52dj/6o3vuuh2Vc3NV53iQTwryUB2SjBPAFr+KvZ2QdTMo7ju83IRVVQ76 ii6Wua3Rg44P2ERy4zwCgCPUS6infSCTN3IBCBLGBGzcrvfpQDy3uqJHo72xEB3vY4lzoH 7mCJvw9Equwjp7TXVr7B37W/0i9HpxmqNKemZ8hKb/1UE3Qp/QheEqFVXndRXg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723285723; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MzkOW4uYiv9MS5s8+Qc0n5eIcnQenVqzM8vBwWDuvGg=; b=X/mY2+pZN2dRgebYpH3TQozVg0lYdIAQA6CuYAToBoitzi7P5f55UAjHEt/InWWLiae1Hv 9jAU6/WHkFD3w15RQ9OfgYE1iXB6tQhPtQB/YCq6dxh/d8TykNUZ7L3ERJ7OgyazMEMPPQ NKRMUxqdvZkWt1CrF3BuMSLDW+IhAhTvWSf917gjtfOA5dEiqeUMFms5cuUl1PoMdEd132 djHr2BneeZTbxAEaDCQtAxbSrT8vpK4tf9208w2SUlMTtdAko/FDicgEW8CpsUYTLJNGHd IbKRi0bFPzXxr+7oy30v/8j4+uEiNONUeBVWQxVmJ0F82CqMwMFbTdr9iMM1bQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wgxp30MCyzwRx; Sat, 10 Aug 2024 10:28:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47AASg0T013524; Sat, 10 Aug 2024 10:28:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47AASgYu013521; Sat, 10 Aug 2024 10:28:42 GMT (envelope-from git) Date: Sat, 10 Aug 2024 10:28:42 GMT Message-Id: <202408101028.47AASgYu013521@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: f7425802933f - stable/14 - tcp: fix t_flags2 collision List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: f7425802933f76c9af62c09a79a87753626281e0 Auto-Submitted: auto-generated The branch stable/14 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=f7425802933f76c9af62c09a79a87753626281e0 commit f7425802933f76c9af62c09a79a87753626281e0 Author: Michael Tuexen AuthorDate: 2024-08-03 19:49:18 +0000 Commit: Michael Tuexen CommitDate: 2024-08-10 10:27:53 +0000 tcp: fix t_flags2 collision Fix the collision of TF2_IPSEC_TSO and TF2_NO_ISS_CHECK Fixes: 646c28ea80cb ("tcp: improve SEG.ACK validation") Sponsored by: Netflix, Inc. (cherry picked from commit 52eacec95d54205962a3d6902e18e41fce8b4e79) --- sys/netinet/tcp_var.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 9ba13b779616..83ea1608abe1 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -864,7 +864,7 @@ tcp_packets_this_ack(struct tcpcb *tp, tcp_seq ack) #define TF2_MBUF_QUEUE_READY 0x00020000 /* Inputs can be queued */ #define TF2_DONT_SACK_QUEUE 0x00040000 /* Don't wake on sack */ #define TF2_CANNOT_DO_ECN 0x00080000 /* The stack does not do ECN */ -#define TF2_NO_ISS_CHECK 0x00200000 /* Don't check SEG.ACK against ISS */ +#define TF2_NO_ISS_CHECK 0x00400000 /* Don't check SEG.ACK against ISS */ /* * Structure to hold TCP options that are only used during segment From nobody Sun Aug 11 10:15:23 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WhYSD1bymz5SPBR; Sun, 11 Aug 2024 10:15:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WhYSC6GLfz4bLM; Sun, 11 Aug 2024 10:15:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723371323; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iIIH22wJSXRRe/bfLFhNn0VtqEbTx9HJQRCQg3EYmfU=; b=M21ClaEfaxGD3cIim/kfNlLc+aW5l91DYecRpPS/US6xu/pbHUCANqDB/67SsYa/wVSXi/ 7/7S77JYcGIz/HoAt8c4k+uIAZyuojs3PU9thx5CArjZIB+cdm4kdURYdNnTaAIf/TEvcy xl+UWVPclLHwNbIm8psk79qrOERV6IIDVEgVhBaDSLGDSgjhxne7MSMShbwECeUVlKhISH WDy6TWvNKGCUz4v+ufmbceW+I5ZWisbeVPyHf4l/4am9COLceM+Zy4+MsKP/sad9Y2kbOO E+Sw2fFqG0lJ3WMC9B4MaOFbuWkVAkNWRFP4N3iyK8kI194hDtjy68SifDJv1Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723371323; a=rsa-sha256; cv=none; b=QDUC9sjDOJSiqOo5DYBJT9q1/HfD/PK+pyfgQCoD7v7P+jbC2Qayb6MGSsKWs5It9O+51E vBJzCDFdbFUFSC9kCSN26EjFVEy38LGKI2H35NNaVMI+K/eldRCQssHr+YArVfm5+NwhXj WDOdS+mu3bVVVd/n8LwrgLlCU6FUH1G5MTAHEtCuInMSF0lnaFRwcwneZ/F+t80DCHKjGL ubbp7X0jBccAM4yrgDjJKyzTubjlLfARn7oSAS/jbnv5nyveMF7MbT7XCSp0PKJhHzBMy/ 296d0jw3U/El7IR8lViF8PbU47fDhlYhQPKZvRN+K2Wxe1hL6MYDtpi1hqpG/A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723371323; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iIIH22wJSXRRe/bfLFhNn0VtqEbTx9HJQRCQg3EYmfU=; b=e20ND+yajGSgvr5hth8xG0fMwAqsk4vK8zQdidiTL7bj9RH1yOf2mThqPeTn/AnGhmj8Oy n1jV13C32m1E/d7zmcdqJCXPaW3dwYr8tP9ZSRFud+eucddQ717iqHwB9VLkpl6Rk0flEO i1JRLNYkg/bP6j1M0D9+Wy8bxUV14wpB9KKJ97pr1BAZczTvy+3OuFhM6umMIZktPD5eQ9 3lpKj7MKNlbtZ4Eh1DAC4A3e11tfVCTnxwWlfeV1Ux1v9WttQk0VotfxZ42ghd8zyBLQLK gyJGC6y28PXFyy7+vE8mGUTlnYO/CEr4R7Xwu0y44t0BTxs4a/qB+qQelmx8Tg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WhYSC5Sg7zfYW; Sun, 11 Aug 2024 10:15:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47BAFNMj031621; Sun, 11 Aug 2024 10:15:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47BAFNZY031618; Sun, 11 Aug 2024 10:15:23 GMT (envelope-from git) Date: Sun, 11 Aug 2024 10:15:23 GMT Message-Id: <202408111015.47BAFNZY031618@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Vladimir Kondratyev Subject: git: 59d36b896992 - stable/14 - LinuxKPI: update linuxkpi_video to Linux 6.6 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: wulf X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 59d36b8969925a68f805338c1fd288d1c14bf7d4 Auto-Submitted: auto-generated The branch stable/14 has been updated by wulf: URL: https://cgit.FreeBSD.org/src/commit/?id=59d36b8969925a68f805338c1fd288d1c14bf7d4 commit 59d36b8969925a68f805338c1fd288d1c14bf7d4 Author: Vladimir Kondratyev AuthorDate: 2024-08-07 20:38:38 +0000 Commit: Vladimir Kondratyev CommitDate: 2024-08-11 10:12:38 +0000 LinuxKPI: update linuxkpi_video to Linux 6.6 disable hdmi_audio_infoframe_pack_for_dp function for now as it depends on not imported yet drm sources and is not used by drm-kmod. Reviewed by: manu Sponsored by: Serenity CyberSecurity, LLC Differential Revision: https://reviews.freebsd.org/D46224 (cherry picked from commit c89d94ad5d95fd15e891b2723caae8a6104ee153) --- .../linuxkpi/common/include/linux/aperture.h | 16 ++-- sys/compat/linuxkpi/common/include/linux/hdmi.h | 9 ++- sys/compat/linuxkpi/common/include/video/cmdline.h | 44 +++++++++++ sys/compat/linuxkpi/common/src/linux_aperture.c | 86 ++++++++++++++-------- sys/compat/linuxkpi/common/src/linux_cmdline.c | 63 ++++++++++++++++ sys/compat/linuxkpi/common/src/linux_hdmi.c | 86 +++++++++++++++++----- sys/modules/linuxkpi_video/Makefile | 1 + 7 files changed, 248 insertions(+), 57 deletions(-) diff --git a/sys/compat/linuxkpi/common/include/linux/aperture.h b/sys/compat/linuxkpi/common/include/linux/aperture.h index e0387ed0225d..7eced3cc3cb1 100644 --- a/sys/compat/linuxkpi/common/include/linux/aperture.h +++ b/sys/compat/linuxkpi/common/include/linux/aperture.h @@ -16,7 +16,9 @@ int devm_aperture_acquire_for_platform_device(struct platform_device *pdev, resource_size_t size); int aperture_remove_conflicting_devices(resource_size_t base, resource_size_t size, - bool primary, const char *name); + const char *name); + +int __aperture_remove_legacy_vga_devices(struct pci_dev *pdev); int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *name); #else @@ -28,7 +30,12 @@ static inline int devm_aperture_acquire_for_platform_device(struct platform_devi } static inline int aperture_remove_conflicting_devices(resource_size_t base, resource_size_t size, - bool primary, const char *name) + const char *name) +{ + return 0; +} + +static inline int __aperture_remove_legacy_vga_devices(struct pci_dev *pdev) { return 0; } @@ -41,7 +48,6 @@ static inline int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, /** * aperture_remove_all_conflicting_devices - remove all existing framebuffers - * @primary: also kick vga16fb if present; only relevant for VGA devices * @name: a descriptive name of the requesting driver * * This function removes all graphics device drivers. Use this function on systems @@ -50,9 +56,9 @@ static inline int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, * Returns: * 0 on success, or a negative errno code otherwise */ -static inline int aperture_remove_all_conflicting_devices(bool primary, const char *name) +static inline int aperture_remove_all_conflicting_devices(const char *name) { - return aperture_remove_conflicting_devices(0, (resource_size_t)-1, primary, name); + return aperture_remove_conflicting_devices(0, (resource_size_t)-1, name); } #endif diff --git a/sys/compat/linuxkpi/common/include/linux/hdmi.h b/sys/compat/linuxkpi/common/include/linux/hdmi.h index c8ec982ff498..2094dbc84e89 100644 --- a/sys/compat/linuxkpi/common/include/linux/hdmi.h +++ b/sys/compat/linuxkpi/common/include/linux/hdmi.h @@ -336,7 +336,14 @@ ssize_t hdmi_audio_infoframe_pack(struct hdmi_audio_infoframe *frame, void *buffer, size_t size); ssize_t hdmi_audio_infoframe_pack_only(const struct hdmi_audio_infoframe *frame, void *buffer, size_t size); -int hdmi_audio_infoframe_check(struct hdmi_audio_infoframe *frame); +int hdmi_audio_infoframe_check(const struct hdmi_audio_infoframe *frame); + +#ifdef __linux__ +struct dp_sdp; +ssize_t +hdmi_audio_infoframe_pack_for_dp(const struct hdmi_audio_infoframe *frame, + struct dp_sdp *sdp, u8 dp_version); +#endif enum hdmi_3d_structure { HDMI_3D_STRUCTURE_INVALID = -1, diff --git a/sys/compat/linuxkpi/common/include/video/cmdline.h b/sys/compat/linuxkpi/common/include/video/cmdline.h new file mode 100644 index 000000000000..eaa9a998fda2 --- /dev/null +++ b/sys/compat/linuxkpi/common/include/video/cmdline.h @@ -0,0 +1,44 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2023 Serenity Cyber Security, LLC. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _VIDEO_CMDLINE_H_ +#define _VIDEO_CMDLINE_H_ + +#include + +#define CONFIG_VIDEO_CMDLINE + +#if defined(CONFIG_VIDEO_CMDLINE) +const char *video_get_options(const char *name); +#else +static inline const char * +video_get_options(const char *name) +{ + return (NULL); +} +#endif +#endif /* _VIDEO_CMDLINE_H_ */ diff --git a/sys/compat/linuxkpi/common/src/linux_aperture.c b/sys/compat/linuxkpi/common/src/linux_aperture.c index 15a56839fa9c..21c7041fc851 100644 --- a/sys/compat/linuxkpi/common/src/linux_aperture.c +++ b/sys/compat/linuxkpi/common/src/linux_aperture.c @@ -20,7 +20,7 @@ * driver can be active at any given time. Many systems load a generic * graphics drivers, such as EFI-GOP or VESA, early during the boot process. * During later boot stages, they replace the generic driver with a dedicated, - * hardware-specific driver. To take over the device the dedicated driver + * hardware-specific driver. To take over the device, the dedicated driver * first has to remove the generic driver. Aperture functions manage * ownership of framebuffer memory and hand-over between drivers. * @@ -43,7 +43,7 @@ * base = mem->start; * size = resource_size(mem); * - * ret = aperture_remove_conflicting_devices(base, size, false, "example"); + * ret = aperture_remove_conflicting_devices(base, size, "example"); * if (ret) * return ret; * @@ -76,7 +76,7 @@ * generic EFI or VESA drivers, have to register themselves as owners of their * framebuffer apertures. Ownership of the framebuffer memory is achieved * by calling devm_aperture_acquire_for_platform_device(). If successful, the - * driveris the owner of the framebuffer range. The function fails if the + * driver is the owner of the framebuffer range. The function fails if the * framebuffer is already owned by another driver. See below for an example. * * .. code-block:: c @@ -126,7 +126,7 @@ * et al for the registered framebuffer range, the aperture helpers call * platform_device_unregister() and the generic driver unloads itself. The * generic driver also has to provide a remove function to make this work. - * Once hot unplugged fro mhardware, it may not access the device's + * Once hot unplugged from hardware, it may not access the device's * registers, framebuffer memory, ROM, etc afterwards. */ @@ -203,7 +203,7 @@ static void aperture_detach_platform_device(struct device *dev) /* * Remove the device from the device hierarchy. This is the right thing - * to do for firmware-based DRM drivers, such as EFI, VESA or VGA. After + * to do for firmware-based fb drivers, such as EFI, VESA or VGA. After * the new driver takes over the hardware, the firmware device's state * will be lost. * @@ -274,7 +274,6 @@ static void aperture_detach_devices(resource_size_t base, resource_size_t size) * aperture_remove_conflicting_devices - remove devices in the given range * @base: the aperture's base address in physical memory * @size: aperture size in bytes - * @primary: also kick vga16fb if present; only relevant for VGA devices * @name: a descriptive name of the requesting driver * * This function removes devices that own apertures within @base and @size. @@ -283,7 +282,7 @@ static void aperture_detach_devices(resource_size_t base, resource_size_t size) * 0 on success, or a negative errno code otherwise */ int aperture_remove_conflicting_devices(resource_size_t base, resource_size_t size, - bool primary, const char *name) + const char *name) { /* * If a driver asked to unregister a platform device registered by @@ -300,18 +299,45 @@ int aperture_remove_conflicting_devices(resource_size_t base, resource_size_t si aperture_detach_devices(base, size); - /* - * If this is the primary adapter, there could be a VGA device - * that consumes the VGA framebuffer I/O range. Remove this device - * as well. - */ - if (primary) - aperture_detach_devices(VGA_FB_PHYS_BASE, VGA_FB_PHYS_SIZE); - return 0; } EXPORT_SYMBOL(aperture_remove_conflicting_devices); +/** + * __aperture_remove_legacy_vga_devices - remove legacy VGA devices of a PCI devices + * @pdev: PCI device + * + * This function removes VGA devices provided by @pdev, such as a VGA + * framebuffer or a console. This is useful if you have a VGA-compatible + * PCI graphics device with framebuffers in non-BAR locations. Drivers + * should acquire ownership of those memory areas and afterwards call + * this helper to release remaining VGA devices. + * + * If your hardware has its framebuffers accessible via PCI BARS, use + * aperture_remove_conflicting_pci_devices() instead. The function will + * release any VGA devices automatically. + * + * WARNING: Apparently we must remove graphics drivers before calling + * this helper. Otherwise the vga fbdev driver falls over if + * we have vgacon configured. + * + * Returns: + * 0 on success, or a negative errno code otherwise + */ +int __aperture_remove_legacy_vga_devices(struct pci_dev *pdev) +{ + /* VGA framebuffer */ + aperture_detach_devices(VGA_FB_PHYS_BASE, VGA_FB_PHYS_SIZE); + + /* VGA textmode console */ +#ifdef __linux__ + return vga_remove_vgacon(pdev); +#elif defined(__FreeBSD__) + return 0; +#endif +} +EXPORT_SYMBOL(__aperture_remove_legacy_vga_devices); + /** * aperture_remove_conflicting_pci_devices - remove existing framebuffers for PCI devices * @pdev: PCI device @@ -328,14 +354,14 @@ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *na { bool primary = false; resource_size_t base, size; - int bar, ret; + int bar, ret = 0; -#ifdef CONFIG_X86 #ifdef __linux__ - primary = pdev->resource[PCI_ROM_RESOURCE].flags & IORESOURCE_ROM_SHADOW; -#elif defined(__FreeBSD__) - primary = NULL; -#endif + if (pdev == vga_default_device()) + primary = true; + + if (primary) + sysfb_disable(); #endif for (bar = 0; bar < PCI_STD_NUM_BARS; ++bar) { @@ -344,22 +370,18 @@ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *na base = pci_resource_start(pdev, bar); size = pci_resource_len(pdev, bar); - ret = aperture_remove_conflicting_devices(base, size, primary, name); - if (ret) - return ret; + aperture_detach_devices(base, size); } /* - * WARNING: Apparently we must kick fbdev drivers before vgacon, - * otherwise the vga fbdev driver falls over. + * If this is the primary adapter, there could be a VGA device + * that consumes the VGA framebuffer I/O range. Remove this + * device as well. */ -#ifdef __linux__ - ret = vga_remove_vgacon(pdev); - if (ret) - return ret; -#endif + if (primary) + ret = __aperture_remove_legacy_vga_devices(pdev); - return 0; + return ret; } EXPORT_SYMBOL(aperture_remove_conflicting_pci_devices); diff --git a/sys/compat/linuxkpi/common/src/linux_cmdline.c b/sys/compat/linuxkpi/common/src/linux_cmdline.c new file mode 100644 index 000000000000..0cfa1d56ee6a --- /dev/null +++ b/sys/compat/linuxkpi/common/src/linux_cmdline.c @@ -0,0 +1,63 @@ +/*- + * Copyright (c) 2022 Beckhoff Automation GmbH & Co. KG + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#include +#include + +#include