This is a display of mostly-automatically-classified git commits from 2026-05-11 to 2026-05-17.
Table of contents and commits per category:
| (2) | Highlighted commits (these are copies, not in stats) | |
| 2 | 1.4% | Userland programs |
| 10 | 6.8% | Documentation |
| 55 | 37.4% | Hardware support |
| 8 | 5.4% | Networking |
| 9 | 6.1% | System administration |
| 3 | 2.0% | Libraries |
| 3 | 2.0% | Filesystems |
| 25 | 17.0% | Kernel |
| 6 | 4.1% | Build system |
| 1 | 0.7% | Internal organizational stuff |
| 3 | 2.0% | Testing |
| 6 | 4.1% | Style, typos, and comments |
| 14 | 9.5% | Contrib code |
| 2 | 1.4% | Reverted commits |
| 0 | 0.0% | Unclassified commits |
| 147 | 100% | total |
| Technical notes about this page |
For extra visibility, these are copies of commits found in
other sections. Most (if not all) come from the commit message
containing "Relnotes:", or commits modifying
UPDATING.
"bsdinstall script" will now do a pkgbase installation by default. The system components to install can be specified in the COMPONENTS variable, and have the same names as those used in the interactive installer. bsdinstall will still do a legacy distset installation if DISTRIBUTIONS is defined in the installerconfig file. MFC: 1 week PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290375 Sponsored by: ConnectWise Reviewed by: ziaee, ivy, jduran Differential Revision: https://reviews.freebsd.org/D56717
The EC2 "base" flavour installs the devel/py-awscli package at boot time by default; we don't do this in the "small" flavour, so the default behaviour was to update the FreeBSD-ports repository and then do nothing with it. Turn off firstboot_pkgs by default; if someone is using the "small" flavour of AMIs and wants to install packages at instance launch time, they simply need to add 'firstboot_pkgs_enable="YES"' to /etc/rc.conf (which they must already be editing via user-data, in order to provide the list of packages they want installed). Sponsored by: Amazon MFC after: 3 days MFC to: stable/15 Relnotes: EC2 "small" images now have firstboot_pkgs_enable="NO".
Commits about commands found in man section 1 (other than networking).
The uses of PAGE_SIZE and roundup2() require param.h. MFC after: 1 week
MFC after: 1 week
Man pages, release notes, etc.
- speaker(4) was recently modernized to lock the driver per-playback instead of per-open. Update the man page to explain this change. - added a reference to MML and SMX in the historical context to make it easier for users to find additional documentation online. Signed-off-by: Raphael Poss <knz@thaumogen.net> Reviewed by: ziaee Closes: https://github.com/freebsd/freebsd-src/pull/2183
See also: D53951, https://wiki.freebsd.org/C23 MFC after: 1 week
We now have .St -isoC-2023, so the STANDARDS section can go live. Fixes: https://cgit.freebsd.org/src/commit/?id=9b5d724cad10087e34165199e55f15f2df744ed5 MFC after: 1 week
"w" is a command modifier, not an argument. Use Cm. Fixes: https://cgit.freebsd.org/src/commit/?id=2cdff9918e79 byhve: add option to specify IP address for gdb MFC after: 3 days
MFC after: 3 days
MFC after: 3 days
For all: - harmonize Copyright/license section according to style.9 and used SPDX only. - mention that the current generation of the driver is based on Linux version 7.0. - make linuxkpi.4 and linuxkpi_wlan.4 .Xr as the man pages do exist these days. iwlwifi: update the card/chipset names supported (while we still can) iwlwififw: leave a comment only that we can no longer update the man page and it will be removed in the future. rtw88: update supported chipsets and add note to BUGS sections rtw89: update supported chipsets and add note to BUGS sections Sponsored by: The FreeBSD Foundation MFC after: 3 days Reviewed by: ziaee Differential Revision: https://reviews.freebsd.org/D57019
Describe `-weight` argument in the route manual. Reviewed by: glebius, ziaee Differential Revision: https://reviews.freebsd.org/D56246
Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 3 days Differential revision: https://reviews.freebsd.org/D57012
Hardware drivers and architecture-specific code.
This and the E3000 are both handled by the r8169 driver in Linux, and reportedly this is infact just a straight re-brand of the RTL8126. Tested by: "Sinetek" on Discord Reviewed by: adrian Differential Revision: https://reviews.freebsd.org/D56917
Reviewed by: fuz, jrm Relnotes: yes Differential Revision: https://reviews.freebsd.org/D56638
riscv: IOMMU support Support for RISC-V IOMMU spec v1.0.1 (ratified) https://github.com/riscv-non-isa/riscv-iommu Supports translation for PCI devices only. Supports 1 or 2-level device-directory-table (DDT). Supports SV39 and SV48 virtual memory system (on per-device basis). Supports both "standard" and "extended" device-context (DC) structure. Supports "bypass" mode to disable translation for a particular device. Supports WSI (Wire-Signalled Interrupts) only. This includes both PCI-bus and FDT attachment drivers. Note in case of PCI-bus attachment, interrupts are not available. In this case no error report is provided in case of translation fault. Otherwise interrupts are not needed. Differential Revision: https://reviews.freebsd.org/D55922
riscv: Add IOMMU to NOTES Reported by: bz, ivy Fixes: https://cgit.freebsd.org/src/commit/?id=bcecad2c24aa ("riscv: IOMMU support")
u-boot/opensbi determines the ethernet MAC address from ROM and passes it to the OS in the device tree. This change sets the correct MAC address from this source. This prevents the eqos class driver from generating random MAC addresses at each boot. Tested on Starfive VisionFive 2, riscv64 SBC. Reviewed by: mhorne MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56782
g_part,mkimg: Add additional GPT partition types Add the hifive-fsbl, hifive-bbl, and xbootldr aliases to mkimg(1). Add the xbootldr alias to geom(4), and thus gpart(8). The "hifive" partition types are defined and used by various RISC-V SBCs for locating firmware. "xbootldr", or the Extended Boot Loader Partition is defined here: https://uapi-group.org/specifications/specs/boot_loader_specification/ Reviewed by: emaste, markj, mhorne MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56784
gpart.8: add entry for xbootldr partition type Reviewed by: emaste, markj Sponsored by: The FreeBSD Foundation Fixes: https://cgit.freebsd.org/src/commit/?id=dab8138e13de ("g_part,mkimg: Add additional GPT partition types") Differential Revision: https://reviews.freebsd.org/D56969
* cut-paste buffer stays unchanged PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260069 Reported by: emaste Reviewed by: imp Approved by: imp (mentor) Differential Revision: https://reviews.freebsd.org/D56922
arm64: Add RSI detection for CCA Detect the presence of the Realm Services Interface (RSI). This detection is performed early in bootup; PSCI initialisation has been moved to initarm() to faciliate this. Reviewed by: andrew Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D56598
arm64: Fix the includes for rsi.c This depended on header pollution only present when FDT is defined. As FDT isn't check for in this file we can remove opt_platform.h and include the correct set of vm header files. Reported by: ivy Fixes: https://cgit.freebsd.org/src/commit/?id=76a2904c352b ("arm64: Add RSI detection for CCA") Sponsored by: Arm Ltd
When EARLY_PRINTK is used in a realm environment, the UART physical address must be in the unprotected address space. The resulting physical address will not generally fit in an immediate, so use a literal instead. Reviewed by: andrew Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D56600
The patch in the PR failed to apply, so I manually applied the same changes. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295231 Submitted by: Mike Tancsa <mike@sentex.net> Reviewed by: emaste
acpi_spmc(4): Fix comments on constraints storage The fields themselves are not unused, we actually fill them, but once filled we indeed do not use their values (yet). See the '#ifdef notyet' section in acpi_spmc_check_constraints(). No functional change. Reviewed by: emaste, obiwac, imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56798
acpi_spmc(4): Remove XXX from a comment about retrieving constraints There is really nothing we can do about a DSM function that works on first call but fails on subsequent calls, except calling it only once, which we already do. While here, soften the comment message, as failure was observed with some specific machines only. No functional change. Reviewed by: emaste, obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56799
acpi_spmc(4): Constraints: Rename the Intel-format parser ...from acpi_spmc_get_constraints_spec() to acpi_spmc_get_constraints_intel(), as really there is no ACPI specification proper and parsing the constraints is done according to some *Intel* specification (even if it is true that, by contrast, AMD has none). No functional change (intended). Reviewed by: obiwac, imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56800
acpi_spmc(4): Factor out code to test for a DSM's presence ...through a new function has_dsm(), which slightly simplifies reading. No functional change (intended). Reviewed by: obiwac, imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56801
acpi_spmc(4): Clear confusion between DSMs and their functions Stick to the ACPI specification's terminology where DSM means "device specific method", but is in fact a set of multiple functions (actually, there is one set of functions per DSM revision, with the set for some revision in theory including those of the previous revisions), by renaming some of the fields of 'struct acpi_spmc_softc' and local variables accordingly. To this end, rename appropriate structures, fields, parameters and variables, mechanically. No functional change (intended). Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56802
acpi_spmc(4): Introduce supports_function() For better readability and because this stance will be used in many more places in a subsequent commit. No functional change (intended). Reviewed by: imp (older version), obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56803
acpi_spmc(4): softc: Remove unused 'obj' No functional change (intended). Reviewed by: imp (older version), obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56804
acpi_spmc(4): Factor out printing DSM call error, delineate function Introduce failed_to_call_dsm(), which prepends "function" before the function index for better clarity. For now, it prints the function number, as before, but will soon print a human-readable name. Reviewed by: imp (older version), obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56805
acpi_spmc(4): Human-readably print supported DSMs and their functions
To this end, revamp how DSMs and their functions are represented.
Replace enumerations, which only bring minimal advantages, with plain
macros, allowing to get rid of 'union dsm_index' and in passing the associated bug
that an underlying type smaller than 'int' is aliased to an 'int', which
assumes little-endian architectures. Associate to each function
a printable name, in the form of a per-DSM array that maps a function
index into a string. Make sure that every used array and their number
of items are sized at compile-time and are declared constant, and that
as little code as possible depends on the particular set of present DSMs
and associated functions.
Since the set of DSMs and sets of per-DSM functions are represented as
bitsets, introduce print_bit_field() to print such sets. This new
function is akin to printf("%b", ...) but with more flexibility. It
takes a function associating a name to some bit index and an opaque
pointer, allowing to leverage existing structures containing names
instead of imposing the use of a separate string containing all names to
be printed. It also provides a default name to bits without an explicit
name, composed of a common prefix and the bit index as a suffix.
Reviewed by: imp (older version), obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56756
acpi_spmc(4): Rename functions parsing constraints
Rename acpi_spmc_get_constraints_intel() and
acpi_spmc_get_constraints_amd() ("get" => "parse") to reflect that they
are actually just parsing the constraints passed by
acpi_spmc_get_constraints().
No functional change (intended).
Reviewed by: imp, obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56806
acpi_spmc(4): Constraints: Simplify some assertions While here, capitalize their messages. Reviewed by: imp, obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56807
acpi_spmc(4): Constraints: Clearer message on handle retrieve error Currently, the "failed to get handle for ..." log messages on attach are a bit alarming and no context is provided. Print out that these are retrieved when trying to match constraints and that such failures are ignored, which should make administrators worry less. While here, remove duplicated handle retrieving code in acpi_spmc_check_constraints() because: 1. As is, it is dead code: We 'continue' if the handle is NULL, i.e., not already resolved, before trying to resolve it again. 2. This code is called after device suspension, which might make some objects disappear from the ACPI namespace. In any case, it seems unlikely that, suddenly, new objects would appear. Reviewed by: imp, obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56808
acpi_spmc(4): Stop pretending that all constraints are verified We do not check these constraints (yet), so stop printing that they are verified. While here, make the (not compiled in at the moment) "constraint violated" message more terse, and move the warning it contains to outside of the loop (no need to print it repeatedly if multiple constraints are violated). While here, bail out early if there are no constraints to avoid printing (in the future) that constraints are respected even when there are none. Reviewed by: imp (older version), obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56809
acpi_spmc(4): Check DSMs only on attach, do not return 0 on probe Once we have recognized a device by PNP ID, declare support unconditionally on probe, and only check for DSMs in attach. We do this for these reasons: 1. PNP0D80 is de-facto a device supposed to hold DSMs related to suspend-to-idle, so we assume it cannot be used for other purposes. And if that changes, we need another architecture anyway (e.g., have a new driver claiming those devices and behaving like a bus, to which this driver would be a sub-driver). 2. If there are no DSMs that we support on such a device, then a new DSM was added that the driver does not know about and which "replaces" (in terms of functionality) the known ones, or the firmware is buggy. In both cases, failing the attach instead of the probe is reasonable, as that leads to printing some error which we (and probably users too) would like to know about. 3. This is a step to enable multiple instances of this driver (just to be a good citizen, and also to be future proof against weird firmwares that would, e.g., implement the Microsoft DSM on another device than the Intel one). Reviewed by: imp (older version), obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56810
acpi_spmc(4): Print supported functions after DSMs This makes things more top-down, as expected when probing devices. Reviewed by: imp, obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56811
acpi_spmc(4): INVARIANTS: Do not panic on getting constraints failure Just continue without constraints checking in this case. To this end, remove the 'constraints_populated' field from 'struct acpi_spmc_softc' and any reference to it. However, we introduce another boolean, 'sc->get_constraints_succeeded', in order to check (under INVARIANTS) that acpi_spmc_get_constraints() is called only once on success. Calling that function another time after a success would leak memory. It would be easy to change that function to support multiple calls (e.g., by adding a call to acpi_spmc_free_constraints() near its start), however trying to retrieve the constraints again simply looks like wasted time as the same results are expected to be returned on each call. Reviewed by: imp, obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56812
acpi_spmc(4): Gracefully support a standalone Microsoft DSM In acpi_spmc_get_constraints(), stop assuming that if there is no AMD DSM, then the Intel one is present. Although this is likely to be the overwhelming majority of cases on amd64, there is no technical reason nor constraint in our code that really needs assuming that. On (so far hypothetical) machines with only the Microsoft DSM, this assumption would cause a cryptic and irrelevant error message (and, prior to the previous commit, a panic on INVARIANTS). Warn the user if both the Intel and AMD DSMs are present, and use the constraints reported by the Intel one (see the comment for why). Reviewed by: imp (older version), obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56813
acpi_spmc(4): In-kernel strdup() cannot fail, remove dead code No functional change (intended). Reviewed by: imp, obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56814
acpi_spmc(4): Constraint parsing: Clearer error messages Reviewed by: imp, obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56815
acpi_spmc(4): Global message on constraints parsing failure ...in order to indicate to users that power state constraints will not be checked at all. Reviewed by: imp, obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56816
acpi_spmc(4): Enable multiple instances Support the (so far hypothetical) case of a machine with multiple instances of the PNP0D80 device (e.g., if multiple DSMs are not implemented on the same device), by allowing multiple instances of the device to co-exist. This is achieved by moving 'supported_functions' from 'struct dsm' into the softc, so each instance has its own view of which functions are supported. Consequently, the check on the instance unit on probe can be removed. Reviewed by: imp (older version), obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56817
acpi_spmc(4): acpi_spmc_probe_dsm(): Remove passing superfluous handle The handle is already held by the softc, which is also passed. No functional change (intended). Reviewed by: imp, obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56818
acpi_spmc(4): Add a sysctl knob to request verbosity The driver will be more verbose on this knob being non-zero or 'bootverbose' being set. The corresponding variable is typed as an integer to leave room for expansion. To be used in subsequent commits. Reviewed by: obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56875
acpi_spmc(4): Be less verbose by default Do not print by default details of failures that are unlikely to help a normal user and to have a crucial influence on whether suspension works correctly. Do so only on a verbose boot or if requested explicitly by the user via 'debug.acpi.spmc.verbose'. In particular: - On an Intel Framework laptop, the Microsoft DSM only reports the SLEEP_ENTRY and SLEEP_EXIT functions. That makes some sense since, according to its specification, all functions of a Microsoft DSM except these two are in fact redundant with Intel DSM's ones (also, that of AMD DSM's ones). Those functions being missing are only a potential problem if there is no other DSM than Microsoft's (yet to be observed in the field). - The details of malformed/unapplicable constraints or ones with a newer format the driver does not know about are not readily actionable pieces of information, but rather debug/developer-oriented ones. When verbosity is not requested, only print the details of the first such failure to encourage reporting and at the same time avoid cluttering the output. - Detecting and printing unknown DSM functions is not directly actionable either, and the driver not using these functions may not prevent suspending (but might, e.g., prevent reaching deeper sleep states). Reviewed by: obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56876
acpi_spmc(4): acpi_spmc_run_dsm(): Rename, rename parameters, constify This function actually runs a function of a given DSM. Remove the '_dsm' suffix to remove the inaccuracy and make things simpler. Reviewed by: obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56877
acpi_spmc(4): Factor out testing for present DSMs/functions Since we are now keeping in the softc the information about which DSM functions are available (in supported_functions[]), the 'dsms' field there is somewhat redundant. Make it completely redundant by keeping the bit representing the enumeration function itself in each element of supported_functions[], and then remove the field. As a result, convert has_dsm() to rely on supports_function(). Adapt acpi_spmc_dsm_check_functions() so that it does not take into account the enumeration function bit. While here, use the self-explanatory stance IDX_TO_BIT(DSM_ENUM_FUNCTIONS) instead of a hardcoded 1. Reviewed by: obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56878
acpi_spmc(4): Only run DSM functions reported present
Examination of the DSDT in a Framework laptop generally hints at
firmware designers sometimes providing ACPI methods for convenience
(e.g., same firmware for multiple models) but not using them (or not
expecting them to be used) depending on tweaks or the actual hardware
platform.
On an Intel Framework laptop, we specifically observe the presence of
a Microsoft DSM that just reports availability of the SLEEP_ENTRY and
SLEEP_EXIT (7 and 8) functions although the Microsoft specification
requires other functions, whose purpose is similar to corresponding
Intel DSM's ones (such as DISPLAY_OFF). However, we currently always
call the latter even on the Microsoft DSM. On that laptop, fortunately,
the way the code is structured in the _DSM method leads to nothing being
executed on this call.
Given the similarity of intent between most functions from the Microsoft
DSM on one side and those of ADM and Intel on the other, it is
imaginable that other firmware developers could use a strategy where
functions are in fact aliased, in which case insisting on calling the
Microsoft's DSM function even if not enumerated would cause the action
to be performed twice (because we also call the corresponding function
on the Intel/AMD DSM), which may or may not cause other problems and in
any case seems a waste.
So, by default, do not try to run any function that is not enumerated,
as that looks like the safest approach. Add a debug sysctl(8) knob to
revert to the previous behavior, just in case
('debug.acpi.spmc.force_call_expected_functions').
acpi_spmc_run() now checks if a DSM/function combination has been
enumerated, and skips the actual call if it does not. This allows to
remove all checks from the acpi_spmc_*_notif() functions, making the
code much more compact.
acpi_spmc_get_constraints() now checks whether
DSM_GET_DEVICE_CONSTRAINTS is supported in order to determine which DSM
to use and whether to call the function at all.
Reviewed by: obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56879
acpi_spmc(4): softc: Move supported functions into a DSM info structure This is in preparation to adding the revision as a probed information. Reviewed by: obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56880
acpi_spmc(4): Trivial simplification in detach function Reviewed by: obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56881
acpi_spmc(4): Auto-detect DSM revisions by default
Which revisions to use for the Intel and AMD DSMs is unclear. For the
Intel one, the written specification indicates only 0, but Linux uses
1 (possibly an oversight). For the AMD one, for which there is no
specification, Linux uses 0, but at least on the Framework 13 AMD 7040
series, the "enumerate functions" function only returns a mask that
covers all the functions we expect when called with revision 2.
Introduce an auto-detection strategy where each revision starting from
0 is tried in turn up to some limit (included; default: 15). As soon as
a revision implements all expected functions, we stop the loop and use
that one, in effect selecting the minimum revision that implements all
we need, which should avoid potential backwards-compatibility problems.
If no revision implements all expected functions, the highest available
revision in the checked range is selected, but higher revisions that do
not bring new functions are discarded (see the explanatory comment in
acpi_spmc_probe_dsm()).
The revision policy is still tunable using the same existing sysctl(8)
knobs 'debug.acpi.spmc.intel_dsm_revision' and
'debug.acpi.spmc.amd_dsm_revision'. They have been extended so that
a negative value indicates to use the auto-detection mechanism up to
a revision of minus the value. As before, a 0 or positive value
requests a specific revision. A new knob is introduced for the
Microsoft DSM just in case ('debug.acpi.spmc.ms_dsm_revision').
Since now the revision can be auto-detected, and thus depends on
a particular device instance, move it into 'struct dsm_info' on the
softc. This also enables finishing the split between static and
dynamic/tunable information, allowing to constify all the DSM
descriptors.
Print the revision eventually used along with the supported functions.
Tested on an Intel Framework laptop.
Reviewed by: obiwac
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56882
acpi_spmc(4): If verbose, print called functions ...as a debugging aid, in order to be able to check that some functions are effectively called and to identify them quickly if they cause a hang. Reviewed by: obiwac Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56883
acpi_spmc(4): Update copyright Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks Sponsored by: Chelsio Communications
Exception entry does not include an implicit, architectural data barrier. Reported by: Ben Simner <ben.simner@cl.cam.ac.uk> Reviewed by: andrew Fixes: https://cgit.freebsd.org/src/commit/?id=5577bb2f67ff ("arm64/vmm: Support tlbi from VHE") Differential Revision: https://reviews.freebsd.org/D56855
This device is not yet supported. Unfortunately some recently purchased UB400 dongles also contain this Realtek IC. Sponsored by: The FreeBSD Foundation
chn_poll() may hold both rdch and wrch channel locks while calling
chn_trigger(rdch). chn_trigger() switches the lock order from
"channel -> dsp dev" to "dsp dev -> channel" by temporarily dropping
the channel lock before acquiring the dsp lock.
However, only rdch was unlocked during the transition while wrch
remained locked. Since wrch is also a channel lock and witness had
already established the lock order requirement:
dsp dev -> channel
witness reports a lock order reversal when pcm_lock() is acquired while
wrch is still held.
Avoid holding rdch and wrch simultaneously during chn_trigger()
lock-order switching by only keeping the channel locks when needed.
The issue can be reliably reproduced by starting pipewire,
pipewire-pulse, and pavucontrol.
Reviewed by: christos
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57009
- Reject PROT_EXEC in all cases when Linux support is not compiled in. - Define sysctl only when Linux support is compiled in. - Document better. Sponsored by: The FreeBSD Foundation MFC after: 1 week Reviewed by: emaste Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/29
Eventually this hack will be removed, so start by disabling it by default. Sponsored by: The FreeBSD Foundation MFC after: 12 months Reviewed by: emaste Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/29
Adjust the rssi and nf arguments to typed int8_t and adjust the maths for rssi to be consistant with what net80211 expects. Sponsored by: The FreeBSD Foundation MFC after: 3 days Reviewed by: lwhsu, adrian Differential Revision: https://reviews.freebsd.org/D57020
This change modifies code paths and uses `__diagused` to address `-Wunused` issues that occur when `THUNDERBOLT_DEBUG` == `0`. MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D55575
Reported by: bz
The header is not needed, and causes some issues with build because it requires vnode_if.h generated due to transient dependency from vnode.h. While there, remove unneeded explicit sys/cdefs.h and sys/param.h usage. Reported and tested by: thierry Fixes: https://cgit.freebsd.org/src/commit/?id=1d5e4020e36e ("vnode: add VIRF_KNOTE flag") Sponsored by: The FreeBSD Foundation MFC after: 1 week
Reviewed by: Minsoo Choo <minsoo@minsoo.io> Differential Revision: https://reviews.freebsd.org/D56919
Network-related commands, library, and kernel.
These are two single-pair Ethernet (SPE) variants that run at 10 Mbps. 10BASE-T1S has automotive origins and supports multiple nodes on up to 25m of cable. 10BASE-T1L is intended for building and industrial automation and supports long-distance point to point links of over 1km. Reviewed by: kbowling Differential Revision: https://reviews.freebsd.org/D56952
* do not require just only ip6 proto for flow-id opcode in ipfw(8). ipv6-icmp, tcp, udp should be fine too. * fix off-by-one bug leading to out-of-bounds read. * apply IPV6_FLOWLABEL_MASK before comparison in flow6id_match(), so flow-id opcode will match a specified flow label. No need to take protocol version and traffic class into account. * add the test to verify that opcode is working correctly. Reviewed by: pouria Obtained from: Yandex LLC MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56869
When we have multiple aggregators, the link state should reflect the state of the active aggregator. This change was prompted by a script pruning 10GbE interfaces from an lacp bundle with 100GbE interfaces. Mixing speeds like this creates multiple aggregators. When the last 10GbE interface was removed, lagg0 would loose link because the current aggregator's port count would drop to 0, even though the 100GbE aggregator had active ports. This left the system in a hard to diagnose state where lagg0 reported "active", but all outgoing IP traffic was dropped, due to the RT_LINK_IS_UP() check noticing lagg0's if_link_state was marked as down. Reviewed by: zlei Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D56579
Address leaks that I missed in commit f7bf9fd6199c
("tests/tcp_hpts_test: Fix resource leaks").
Reviewed by: Nick Banks <nickbanks@netflix.com>, tuexen
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56943
vxlan_input()'s caller is supposed to free *m0 if it is non-NULL after the function returns. vxlan_input() failed to update *m0 after the pullup however, so if it hits an error case after the pullup, we'll free the mbuf twice. Currently this can happen only if the interface is brought down or due to a packet loop. Reported by: Yuxiang Yang, Yizhou Zhao, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM5.1 from Z.ai Reviewed by: pouria, zlei MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56944
Check for alloction failure on `npt_alloc()` for RTA_MULTIPATH attributes in `nlattr_get_multipath()`. Also, add tests for maximum number of rtnexthop in rtnetlink. Reported by: Joshua Rogers of AISLE Research Team Reviewed by: markj MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D56954
Fix length validation of RTA_MULTIPATH attributes in nlattr_get_multipath() by making sure the user request is align. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295102 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: markj Fixes: https://cgit.freebsd.org/src/commit/?id=7e5bf68495cc ("netlink: add netlink support") MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D56963
A bug fix was committed locally and submitted upstream. Document it in our upgrade instructions, as these sometimes take a long time before getting merged. Sponsored by: The FreeBSD Foundation
Stuff in man section 8 (other than networking).
- Add shell_escape() helper to safely escape shell arguments - Apply shell_escape to all user-controlled values in shell commands: adduser (usershow, useradd, lock, primary_group, groups) addgroup (groupshow, groupadd, members) exec_change_password (usermod) settimezone (tzsetup root and timezone) install_package (pkg package names) - Escape double quotes in hostname when writing rc.conf.d/hostname - Add missing 'local' declaration for resolvconf_command in nameservers() - Escape interface name in resolvconf -a command - Change open_resolvconf_conf() from 'w' to 'a' mode to prevent data loss when nameservers() is called multiple times - Clean up stale resolvconf.conf at the start of each boot (skip on postnet to preserve config written by first call) MFC After: 1 day
"bsdinstall script" will now do a pkgbase installation by default. The system components to install can be specified in the COMPONENTS variable, and have the same names as those used in the interactive installer. bsdinstall will still do a legacy distset installation if DISTRIBUTIONS is defined in the installerconfig file. MFC: 1 week PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290375 Sponsored by: ConnectWise Reviewed by: ziaee, ivy, jduran Differential Revision: https://reviews.freebsd.org/D56717
This is needed at least for MAX() and PATH_MAX. MFC after: 1 week
Required for MAXPATHLEN and MAXLOGNAME. MFC after: 1 week
MFC after: 1 week
- gjournal.c needs param.h to get a definition of isclr(). - fsck.h needs signal.h for sig_atomic_t. Sort includes while here. Reviewed by: kib MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56858
Make the behaviour similar for both IPv4 and IPv6. Also add the corresponding tests. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294733 MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56618
Teach limits(1), sh(1), and setclassresources(3) about RLIMIT_VMM. Fixes: https://cgit.freebsd.org/src/commit/?id=1092ec8b3375 ("kern: Introduce RLIMIT_VMM") Reviewed by: bnovkov Differential Revision: https://reviews.freebsd.org/D57031
For Realtek we only add new entries. For Intel the old way of extracting IDs from the driver no longer works. The new list is shortened as we drop more specific entries which were already covered by wildcard entries. The new lists are also sorted within the groups. There are 4 entries the new driver no longer carries but are still present in older versions, so we keep them manually. Sponsored by: The FreeBSD Foundation MFC after: 3 days
Required for MAXPATHLEN. MFC after: 1 week
MAXBSIZE is defined in param.h, which defines many other things. To avoid forcing all consumers of libufs.h to include param.h, let's instead redefine it and verify the definition in inode.c. Reviewed by: kib MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56859
Fixes: https://cgit.freebsd.org/src/commit/?id=b60053fde172 ("libcasper: Fix inconsistent error codes of cap_get{addr,name}info()")
ufs: support unmapped bufs for indirect blocks in bmap Use unmapped bufs for indirect block buffers in bmap, and use sf_bufs for transient mapping them when we need to read the specific pointer. [kib note: I changed the original patch to use sf_buf instead of explicit DMAP utilization, making the change MI]. Tested by: pho Reviewed by: kib MFC after: 1 week Differential revision: https://reviews.freebsd.org/D53424
ufs: ufs_bmap_seekdata() needs mapped buffer for scan PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295348 Reported and tested by: Alastair Hogge <agh@riseup.net> Reviewed by: mckusick Fixes: https://cgit.freebsd.org/src/commit/?id=bab04ddf1fd4 ("ufs: support unmapped bufs for indirect blocks in bmap") MFC after: 1 week Differential revision: https://reviews.freebsd.org/D57036
This causes recursion in VFS that is not worth handling. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275570 Reported by: Alex S <iwtcex@gmail.com> Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D57043
Kernel stuff (other than networking, filesystems, and drivers).
Mark assembly files as not requiring executable stacks. This still leaves linux32_vdso.so without a .note.GNU-stack section in the gcc build for now. Reviewed by: imp, kib Differential Revision: https://reviews.freebsd.org/D56894
Make sleep type names clearer and more consistent, and allow space for something like "os_hibernate" once that gets added to FreeBSD. Reviewed by: jaeyoon, olce, markj Approved by: jaeyoon, olce, markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56920
Just so it isn't so long. Changing now before the API freezes, after discussion with olce@. While here, improve the wording in the comments for power transitions and sleep types a bit. Reviewed by: olce Approved by: olce Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56953
Unprotected allocations are intended to be accessible outside of the current VM on systems such as Arm CCA. Reviewed by: markj Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D56518
In Arm CCA we need to find all memory to protect it. This needs to find all memory, ignoring any excluded memory to protect it from the host. Add physmem_all that reads all physical memory regions. Co-developed-by: Andrew Turner <andrew@> (writing tests & commit message) Sponsored by: Arm Ltd
When in a realm: - Mappings with mode VM_MEMATTR_DEVICE and VM_MEMATTR_DEVICE_NP are unprotected - Imported busdma buffers in protected memory are always bounced - If EARLY_PRINTK is in use, the UART physical address must be in the unprotected address space Reviewed by: andrew Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D56599
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56976
Add a microsecond conversion helper to complement the existing bintime2ns(). The body mirrors bintime2ns(). This will be used by an upcoming eventlog(9) framework as well as the TCP code in upcoming changes. Approved by: gallatin, tuexen Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D56972
It is required at least for NBBY. MFC after: 1 week
The _*.h headers are for structure definitions and should avoid dependencies on other headers. This convention is violated by using __BEGIN_DECLS/__END_DECLS. Move the declarations to cpuset.h, I see no reason they can't be there. Reviewed by: olce, brooks, kib MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56856
When igmp_v3_merge_state_changes() is iterating over state-change packets, there is a case where it'll free a queued packet but will fail to remove it from the queue. Fix that. Reported by: Yuxiang Yang, Yizhou Zhao, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM5.1 from Z.ai Reviewed by: pouria, glebius MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D56947
Create new /dev/power node with super simple ioctl for initiating sleep state transitions. This is meant as a generic interface to replace the ACPI- and APM-specific interfaces. This allows for non-ACPI states to be entered, such as suspend-to-idle when setting kern.power.suspend=suspend_to_idle. Reviewed by: markj, olce Approved by: markj, olce Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D55508
Reduce bufqueue lock contention by delaying the BUF_UNLOCK to after dropping the bufqueue lock. Still do the early BUF_UNLOCK if we actually have to bd_flush. Reviewed by: kib, markj Sponsored by: Dell Inc. Differential Revision: https://reviews.freebsd.org/D56948
Reviewed by: kib, olce Sponsored by: Dell Inc. Differential Revision: https://reviews.freebsd.org/D56949
Reviewed by: kib, olce Sponsored by: Dell Inc. Differential Revision: https://reviews.freebsd.org/D56951
The flag indicates that the modifying ptrace op was issued, and clearing it after transparent attach is needed to not leak the flag to later operations, since it is cleared on the syscall enter. But clearing it there unconditionally is too strong. The clearing should be only done for attach situation. Reported by: Alex S <iwtcex@gmail.com> Fixes: https://cgit.freebsd.org/src/commit/?id=99976934274de6fa19f049a0b6eac10856710f96 Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D56928
The amdgpu driver in drm-kmod will attempt to update/reserve certain GPU VRAM ranges as write-combining. Depending on the system, this address range may fall outside of FreeBSD's constructed DMAP. We cannot use pmap_change_attr() in this case. When INVARIANTS is enabled, this results in the following: panic: physical address 0x880000000 not covered by the DMAP Add a guard against triggering the KASSERT in PHYS_TO_DMAP(). This limitation in our implementation of arch_io_reserve_memtype_wc() is already known in drm-kmod's amdgpu_bo_init(), and errors are ignored there (see "BSDFIXME"). This change is only to eliminate the preventable assertion failure within this scheme. Tested by: kevans Reviewed by: kib, emaste MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56971
subr_uio.c: Remove a KASSERT() for large NFS server I/O When the NFS server is set to allow an I/O size greater than 1Mbyte (not allowed in FreeBSD's main yet), a KASSERT() in allocuio() can fail when: zfs_freebsd_write()->zfs_write()->zfs_uiocopy() ->cloneuio()->allocuio() is called for a large NFS server write. Since the userland API callers to allocuio() already check that the size does not exceed UIO_MAXIOV, there does not seem to be a need to a KASSERT() here. Removing the KASSERT() allows NFS server writes of greater than 1Mbyte to work, once the NFS code is patched to allow them. Reviewed by: kib MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D57005
nfsd: Allow vfs.nfsd.srvmaxio to be up to 4Mbytes Without this patch, the maximum setting for vfs.nfsd.srvmaxio was 1Mbyte. This patch increases that to 4Mbytes. The same as for any setting above 128Kbytes, settings up to 4Mbytes require that kern.ipc.maxsockbuf be increased. (A message generated after setting vfs.nfsd.srvmaxio via the /etc/rc.conf variable nfs_server_maxio will indicate the minimum setting, which will be somewhat greater than four times the setting of vfs.nfsd.srvmaxio.) Requested by: Cedric Blancher <cedric.blancher@gmail.com> MFC after: 2 weeks Fixes: https://cgit.freebsd.org/src/commit/?id=13d3bd165e22 ("subr_uio.c: Remove a KASSERT() for large NFS server I/O")
- Avoid including sys/proc.h in linux_vdso_gtod.c. It's not needed, but the implicit inclusion of sys/param.h via sys/ucred.h->bsm/audit.h was bringing in some required definitions. - Include a couple of required headers: sys/time.h (for struct bintime), and limits.h (for INT_MAX). - Move some helpers from linux.h, which depend on sys/param.h for NODEV, to the one CU where they're actually used. No functional change intended. Reviewed by: imp, kib, emaste MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D56982
No functional change intended. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D57014
Due to net80211 keeping values in 0.5dBm relative to the noise floor an int8_t is not good enough to prevent a double wrap around, which means the reported rssi values can be wrong (see D50928 or likely a commit in the future for more information). In order to address the problem and not break the userspace API, start by defining a type within the kernel and use that. In a next step we will then update the int8_t to int16_t to avoid the problem up to the ioctl code. This will then allow us to work on the the user space API indepedently (see PR 293016 for possible impact outside the base system). No functional changes intended. Sponsored by: The FreeBSD Foundation MFC after: 3 days Reviewed by: adrian Differential Revision: https://reviews.freebsd.org/D57021
Mark assembly files as not requiring executable stacks. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D56946
ZFS needs to take internal sleepable lock in its implementation of VOP_GETATTR(). Due to this, kq must be unlocked around calls to the vfs filter methods. Fixes: https://cgit.freebsd.org/src/commit/?id=1d5e4020e36e ("vnode: add VIRF_KNOTE flag") Reported and tested by: des Sponsored by: The FreeBSD Foundation MFC after: 1 week
For Linux binaries, sopt->sopt_td may be null. And there's also no need to check it, since struct l_ucred has the same layout on 32-bit systems as on 64-bit ones. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295333 Reported by: Miguel Gomes <miguel.dias.gomes@protonmail.com> Fixes: https://cgit.freebsd.org/src/commit/?id=1d24638d3e8 ("Fix LOCAL_PEERCRED in 32-bit compat mode") MFC after: 3 days Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D57032
MFC after: 1 week Discussed with: christos, markj, ziaee Differential Revision: https://reviews.freebsd.org/D51396
Cirrus-CI is shutting down at the end of the month, but we can still finish with an up-to-date working build with an LLVM version matching the in-tree toolchain. Sponsored by: The FreeBSD Foundation
WITH_CTF enables building userland components with CTF, and not the ctf* tools as one might expect. The tools are actually included with the DTRACE knob. Add a comment where the dependency is handled, as this has caused confusion. Reported by: ivy Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56977
Cloud releases: Switch to firstboot_pkg_upgrade Cloud images are deployed with base system packages. Introduce a firstboot package auto updater to patch the base system on first boot. MFC after: 1 hour MFC to: stable/15 Reviewed by: cperciva Sponsored by: Google Cloud Differential Revision: https://reviews.freebsd.org/D56890
Cloud releases: More firstboot_pkg_upgrade Update a couple more cloudware images which I forgot about earlier. Reviewed by: ziaee Fixes: https://cgit.freebsd.org/src/commit/?id=464a351267dc ("Cloud releases: Switch to firstboot_pkg_upgrade") Differential Revision: https://reviews.freebsd.org/D57006
The EC2 "base" flavour installs the devel/py-awscli package at boot time by default; we don't do this in the "small" flavour, so the default behaviour was to update the FreeBSD-ports repository and then do nothing with it. Turn off firstboot_pkgs by default; if someone is using the "small" flavour of AMIs and wants to install packages at instance launch time, they simply need to add 'firstboot_pkgs_enable="YES"' to /etc/rc.conf (which they must already be editing via user-data, in order to provide the list of packages they want installed). Sponsored by: Amazon MFC after: 3 days MFC to: stable/15 Relnotes: EC2 "small" images now have firstboot_pkgs_enable="NO".
MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=809504f331fd ("man: Kill off MANSUBDIRs") Reviewed by: ziaee Differential Revision: https://reviews.freebsd.org/D57029
The configured timeout of 30s is a bit too low for a couple of tests which create 4+ VNET jails when running tests in parallel and with kernel sanitizers enabled. There's no reason to have custom timeouts, just use the default. MFC after: 1 week
Signed-off-by: Alex S <iwtcex@gmail.com> Reviewed-by: kib Pull-request: https://github.com/freebsd/freebsd-src/pull/2190
PT_TRACE_ME is only useful in combination with exec and there is no exec in this test. Signed-off-by: Alex S <iwtcex@gmail.com> MFC after: 1 week
These could go in other categories, but it's more clear if they're here instead.
Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D56990
MFC after: 3 days Reviewed by: 0mp Differential Revision: https://reviews.freebsd.org/D55299
git-subtree-dir: contrib/smart git-subtree-mainline: 95b4436e989df29f6368f13832cb13d7cbc52eac git-subtree-split: eb3b1302382b1d0cbe37eeebabfcdd546aa2fc4e
Merge commit '69ae37302ee98839857791a261546e19d078cdb8'
Merge commit 'd2d20bb5099dc1c443a4b783d43b8a45338c85d2'
OpenSSH: Update to 10.1p1 Full release notes are available at https://www.openssh.com/txt/release-10.1 Selected highlights from the release notes: Potentially-incompatible changes * ssh(1): add a warning when the connection negotiates a non-post quantum key agreement algorithm. * ssh(1), sshd(8): major changes to handling of DSCP marking/IPQoS * ssh(1), sshd(8): deprecate support for IPv4 type-of-service (ToS) keywords in the IPQoS configuration directive. * ssh-add(1): when adding certificates to an agent, set the expiry to the certificate expiry time plus a short (5 min) grace period. * ssh-agent(1), sshd(8): move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8). Security * ssh(1): disallow control characters in usernames passed via the commandline or expanded using %-sequences from the configuration file, and disallow \0 characters in ssh:// URIs. New features * ssh(1), sshd(8): add SIGINFO handlers to log active channel and session information. Sponsored by: The FreeBSD Foundation
pam_ssh: Fix build - chase OpenSSH function signature change Reported by: dch Fixes: https://cgit.freebsd.org/src/commit/?id=644b4646c7ac ("OpenSSH: Update to 10.1p1") Sponsored by: The FreeBSD Foundation
Full release notes are available at https://www.openssh.com/txt/release-10.2 Selected highlights from the release notes: Bugfixes -------- * ssh(1): fix mishandling of terminal connections when ControlPersist was active that rendered the session unusable. bz3872 Sponsored by: The FreeBSD Foundation
Changes: https://github.com/libexpat/libexpat/blob/R_2_8_1/expat/Changes Security: CVE-2026-45186 MFC after: 1 week
Merge commit 'ef402bba84260816d3e8d6e2439b0bc7eddc9446'
Reviewed by: brooks, emaste Obtained from: CheriBSD Sponsored by: AFRL, DARPA Differential Revision: https://reviews.freebsd.org/D56849
Remove libkse as it has been obsolete for many years and drop 1:1 from description of libthr. Reviewed by: brooks Sponsored by: AFRL, DARPA Differential Revision: https://reviews.freebsd.org/D56850
OpenSSH: Update to 10.3p1 Full release notes are available at https://www.openssh.com/txt/release-10.3 Selected highlights from the release notes: * ssh(1), sshd(8): remove bug compatibility for implementations that don't support rekeying. If such an implementation tries to interoperate with OpenSSH, it will now eventually fail when the transport needs rekeying. * ssh(1), sshd(8): support IANA-assigned codepoints for SSH agent forwarding, as per draft-ietf-sshm-ssh-agent. Support for the new names is advertised via the EXT_INFO message. If a server offers support for the new names, then they are used preferentially. * ssh(1): add a ~I escape option that shows information about the current SSH connection. * sshd(8): add 'invaliduser' penalty to PerSourcePenalties, which is applied to login attempts for usernames that do not match real accounts. Defaults to 5s to match 'authfail' but allows administrators to block such attempts for longer if desired. * Support the ed25519 signature scheme via libcrypto. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D56999
blocklist: Add back probes The banner exchange was moved to the sshd-auth process in upstream commit bb781f02d4efd178e329a62a838962bee16e3e9b. Add it back. Add back fatal exit probe. NetBSD PR: bin/60270 (GNATS) Reviewed by: emaste Fixes: https://cgit.freebsd.org/src/commit/?id=2574974648c6 ("OpenSSH: Update to 10.3p1") Differential Revision: https://reviews.freebsd.org/D57027
The so far so consistent (file)names got an outlier so add the one character longer pattern as well to catch that. Sponsored by: The FreeBSD Foundation MFC after: 3 days
Due to driver changes it is no longer feasible to extract the full PCI ID / firmware / card type information in one go as we used to be able to. We have already changed the way we extract firmware information for ports and marked the iwlwififw.4 man page as obsolete. Reduce the script to simply extarct the fwget(8) information and, compared to the old times, sort each section so diffs will be easier to see in the future. This was particular helpful this time to make sure we do not lose entries with the change of technique. We also keep the script in the best perl spirit to do the job but not to win a price, especially given it seems we have to change matters every (other) year. Given we can no longer extract firmware information for the PCI IDs, we need to "manually" check against the ports that names match. Ideally we will simplify things for everything "mld-only" one day to only have a single firmware package for these (even if size increases slightly). Sponsored by: The FreeBSD Foundation MFC after: 3 days
This reverts commit ce33f96fcf2f2d0d49c406274bcc64df72fe530e. It turns out that doing it this way did indeed prevent backwards movement of timestamps, however it also lead to an ever increasing error, eventually yielding timestamps hundreds or thousands of seconds in the future. Back this out until we can come up with a solution that prevents backards timestamps and also avoids accumulating error. Sponsored by: Netflix
This reverts commit 0a19464bf7afa35ce2aa7649152bc3a7629faa98. It's incorrect for ahci attachments. Reverting to merge to stable/15 to merge to releng/15.1 for the release. Sponsored by: Netflix
Not classified automatically, and waiting for manual attention.
-- no commits in this category this week --
Dates:
cgit.freebsd.org/src. Git accurately records the
order of commits, but not their dates.Automatic grouping:
This reverts commit \\b([0-9a-fA-F]{40})\\b
and the hash was found in this week's commits.
Automatic categories:
Source code:
Generated with commits-periodical 0.20 at 2026-06-02 15:55:46+00:00.
This work is supported by Tarsnap Backup Inc.
Alternate version: 2026-05-11 (debug) (contains info about the classification)