ticket #1672:
sys/dev/pci/ichsmb.c 1.83-1.84
- Add support Intel 700 series chipset and Alder Lake-N devices.
- Use device_printf() instead of aprint_error_dev() in
ichsmb_i2c_exec().
sys/arch/xen/xen/xen_clock.c: revision 1.10
sys/arch/xen/xen/xen_clock.c: revision 1.12
(applied to sys/arch/xen/xen/clock.c)
Unmask event after VCPUOP_stop_periodic_timer and
initializing ci->ci_xen_hardclock_systime_ns, to avoid a possible race with
xen_timer_handler()
Unmask event after arming the one-shot timer in clock initialisation,
to avoid a possible race with xen_timer_handler() updating
ci_xen_hardclock_systime_ns while we're reading it.
Pointed out by Taylor R Campbell
sys/arch/x86/x86/errata.c: revision 1.32
fix the cpuids for the zen2 client CPUs.
i'm not exactly how i came up with the values i had, though one
of them was still valid and matched my test systems.
sys/dev/nvmm/x86/nvmm_x86_svm.c: revision 1.85
nvmm: Filter CR4 bits on x86 SVM (AMD).
In particular, prohibit PKE, Protection Key Enable, which requires
some additional management of CPU state by nvmm.
sys/arch/x86/x86/fpu.c: revision 1.86
x86/fpu: Align savefpu to 64 bytes in fpuinit_mxcsr_mask.
16 bytes is not enough.
(Is this why it never worked on Xen some years back? Got lucky and
accidentally had 64-byte alignment on native x86, but not in the call
stack in Xen?)
sys/arch/x86/include/specialreg.h: revision 1.207
sys/arch/x86/x86/errata.c: revision 1.31
x86: turn off zenbleed chicken bit on Zen2 cpus.
this is based upon Taylor's original work. i just made the list
of CPUs to run on correct as i could determine. (also, add some
Zen3 and Zen4 cpuids not yet used by any errata.)
(might be nice to have a better way to expression revision ranges
rather than specific cpuid matches, eg, 0x30-0x4f models in a cpu
family, etc.)
tested on ryzen 3600, and a ported zenbleed PoC that no longer
shows any obtained text. (a similar module-version of it stopped
the PoC on a ryzen 3950x without having to reboot.)
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.htmlhttps://lock.cmpxchg8b.com/zenbleed.html
external/bsd/dhcpcd/examples/Makefile: revision 1.2
distrib/sets/lists/misc/mi: revision 1.225
external/bsd/dhcpcd/examples/conf/Makefile: revision 1.1
Install a copy of dhcpcd.conf under /usr/share/examples
Addresses PR bin/57487 from Taylor R Campbell.
sys/arch/i386/stand/bootxx/boot1.c: revision 1.22
Primary bootstrap is now able to read a GPT inside RAIDframe.
Previously, primary bootstrap was able to boot on RAID-1 RAIDframe set
with the limitation that the FFS filesystem had to start at bloc 0 in the
RAID. That allowed inner RAID partitionning with a disklabel, but not with
a GPT.
When booting on a RAID-1 RAIDframe, primary bootstrap now first try a
filesystem at bloc 0 of the RAID as before. On failure, it tries to
read a GPT and load secondary bootstrap from, by priority;
1) the first partition with the bootme attribute set
2) the first partition of type FFS, LFS, CCD or CGD
3) the first partition present in the GPT
sys/dev/pci/if_wm.c 1.768-1.782 via patch
sys/dev/pci/if_wmreg.h 1.129-1.130
sys/dev/pci/if_wmvar.h 1.49
wm(4):
- Rework for event counters:
- Fix calculation of GORC, GOTC, TOR and TOT counters correctly.
- Rearrange the order of the registers so that they are roughly
in ascending order.
- Reorder evcnt_attach_dynamic(), WM_EVCNT_ADD() and evcnt_detach()
to match.
- IC{TX,RX}*C registers are for older than 82575.
- Fix a bug that the transmit underrun counter is incorrectly
counted.
- Don't add "Count" for event counter's description.
- Some statistics registers were replaced with new counters on newer
chips. Treat 0x403c(CEXTERR->HTDPMC), 0x40fc(TSCTFC->CBRMPC),
0x4124(ICRXOC->HTCBDPC) and from 0x4104 to 0x4124.
- Add some new counters:
- Circuit Breaker TX Manageability Packet
- Circuit Breaker RX Dropped Packet
- Host Good Octets RX
- Host Good Octets TX
- Length Errors
- SerDes/SGMII Code Violation Packet
- Header Redirection Missed Packet
- EEE TX LPI
- EEE RX LPI
- Fix prc511's comment and description.
- Add SOICZIFDATA (ifconfig -z) support for evcnt(9).
- Use WM_IS_ICHPCH(). No functional change.
- Fix typo. s/ictxact/ictxatc/. No functional change.
- Add comment.
usr.bin/vacation/vacation.c: revision 1.38
usr.bin/vacation/vacation.1: revision 1.33
Make vacation(1) check 'Auto-Submitted:' (RFC 3834) in addition to
'Precedence:' (RFC 2076), and set 'Precedence:' in addition to
'Auto-Submitted:'.
Update the man page accordingly.
sys/dev/pci/pcidevs: revision 1.1478
sys/dev/pci/pcidevs: revision 1.1479
sys/dev/pci/pcidevs: revision 1.1480
Add Samsung SM990.
Add devices from PPR for AMD Family 19h Model 61h Revision B1 processors.
The SATA device ID for Apollo Lake is not 0x5ae0 but 0x5ae3.
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.htmlhttps://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
etc/pam.d/ftpd: revision 1.8
etc/pam.d/su: revision 1.9
etc/pam.d/system: revision 1.9
etc/pam.d/display_manager: revision 1.6
etc/pam.d/sshd: revision 1.10
pam: Disable pam_krb5, pam_ksu by default.
These are not useful unless you also set up /etc/krb5.conf and a
keytab for the host from the Kerberos KDC. But having them enabled
by default means that creating /etc/krb5.conf just to enable use of
Kerberos for _client-side_ single sign-on creates usability issues.
As proposed on tech-security:
https://mail-index.netbsd.org/tech-security/2023/06/16/msg001160.html
sys/compat/sunos32/sunos32_misc.c: revision 1.86
sys/compat/ossaudio/ossaudio.c: revision 1.85
sys/compat/linux32/arch/amd64/linux32_machdep.c: revision 1.48
compat_sunos32: Memset zero before copyout.
Unclear if this can leak anything but let's be on the safe side.
compat_ossaudio: Zero-initialize idat before copyout.
Unclear if there are any paths to the copyout without initialization,
but let's play it safe to keep the auditing effort low.
linux32_rt_sendsig: Memset zero before copyout.
Not sure if there's any padding here, but it's a pretty big
structure, fairly likely, so let's be rather safe than sorry.
sys/dev/pci/ixgbe/ixgbe.c 1.325-1.326 via patch
sys/dev/pci/ixgbe/ixgbe_common.c 1.44
sys/dev/pci/ixgbe/ixgbe_type.h 1.56
- PCI device ID 0x15c8 also uses X557-AT PHY, so create the thermal
sensor sysctl for it, too.
- Count the number of link down events in the MAC using with
LINK_DN_CNT register.
sys/arch/vax/vax/pmap.c: revision 1.196
sys/arch/vax/include/trap.h: revision 1.25
Change CASMAGIC to 0xFEDABABE so that it cannot accidentally end up in
valid kernel memory. Due to the VARM accesses above S0 should always
give a ptelen trap.
Bug found by Kalvis Duckmanton.
Ensure that the kernel do not try to allocate a S0 segment larger than 1G,
since the hardware prohibits that.
etc/rc.d/sshd: revision 1.30
etc/rc.d/sshd: revision 1.33
etc/rc.d/sshd: revision 1.34
etc/rc.d/sshd: revision 1.35
simplify more (from rudolf)
/etc/rc.d/sshd: New check cmd and reload precmd.
- check cmd: run `sshd -t' to check sshd_config file
- reload precmd: run check cmd before reloading so we don't nuke sshd
if there's an error in the sshd_config file
(It is still possible to effectively nuke sshd by changing the
configuration tosomething that won't work on your network, but at
least we avoid making sshd just exit on reload when you make a typo
in a config option.)
/etc/rc.d/sshd: Stop generating DSA host keys by default.
If you want them you can generate them yourself, but in this day and
age (Monday and 2023, specifically) there's no reason to be using DSA
except for compatibility with ancient legacy software.
/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.
The default is NIST P-256, which:
(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
even the advantage of the Mersenne prime structure of P-521 can't
compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
more widespread.
sys/net/route.c: revision 1.237
route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE
Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel
with other LWPs running in the network stack, which eventually results
in say use-after-free of a deleted route.
external/apache2/mDNSResponder/dist/mDNSShared/PlatformCommon.c: revision 1.7
external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c: revision 1.16
mdnsd(8): restore fixes for PR bin/46758, lost on resolving merge conflicts.
Original commit message from Roy Marples:
"Derive our primary interface and address by trying to connect to an
address in the TEST-NET-2 network as noted in RFC5737 instead of using
the 1.1.1.1 address. Also, use port 7 (echo) for better style.
Fixes PR bin/46758 thanks to Lloyd Parkes."
bin/date/Makefile up to 1.16
bin/date/date.1 up to 1.54
bin/date/date.c up to 1.65
Add -R option for displaying time in RFC 5322 format, similar to GNU date.
Add -f option to set the time. From FreeBSD.
sys/dev/ipmi.c: revision 1.10
Ignore non-recoverable and critical limits smaller than the warning limits.
These are usually invalid.
Name the limit flags to make code more readable.
sys/arch/amiga/stand/loadbsd/loadbsd.c: revision 1.38
distrib/amiga/stand/loadbsd.uue: revision 1.4
sys/arch/amiga/stand/loadbsd/startit.s: revision 1.1
sys/arch/amiga/stand/loadbsd/Makefile: revision 1.5
sys/arch/amiga/stand/loadbsd/vmakefile: revision 1.1
sys/arch/amiga/stand/loadbsd/README: revision 1.6
Update loadbsd source and distribution binary to version 3.3.
- Loading the kernel to the highest priority memory segment is default now.
- New option -l to revert the to the previous behaviour of largest segment.
- New option -M to define a minimum size for the memory segment.
- Fixed some warnings and typos.
- Put assembler inline source into its own source text startit.s.
- Can be built with Bebbo's gcc6 Amiga port or with vbcc.
sys/lib/libsa/subr_prf.c: revision 1.30
libsa/printf: Do not fetch long va_arg as long long.
This does real harm iff all of the following conditions are satisfied:
(1) On ILP32 architectures.
(2) Both LIBSA_PRINTF_LONGLONG_SUPPORT and LIBSA_PRINTF_WIDTH_SUPPORT
compile-time options are enabled.
(3) Width field is used with 'l' modifier.
This is an implicit-fallthrough bug, but unfortunately, GCC 10.4 cannot
find this out somehow...
external/gpl3/gcc/usr.bin/libdecnumber/Makefile: revision 1.9
external/gpl3/gcc/usr.bin/common/Makefile: revision 1.12
external/gpl3/gcc/usr.bin/backend/Makefile: revision 1.67
external/gpl3/gcc/usr.bin/common-target/Makefile: revision 1.12
external/gpl3/gcc/usr.bin/frontend/Makefile: revision 1.15
external/gpl3/gcc/usr.bin/libcpp/Makefile: revision 1.10
gcc: fix build with clang++ HOST_CXX
Define HOSTPROG_CXX before .include anything that brings in bsd.own.mk.
This ensures that HOST_DBG (etc) gets assigned before HOST_CFLAGS
and HOST_CXXFLAGS is created.
backend: .include <bsd.init.mk> much earlier, as per the other directories.
Fixes backend build when using clang++ as the host compiler (e.g., macOS),
because backend host tools are now built with -O.
Inspired by https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255760
Fixes PR toolchain/57014
martin