[Midnightbsd-cvs] [MidnightBSD/src] be55cc: ipfilter: Correctly type ipf_pullup()
Kevin Bowling
noreply at github.com
Tue Jun 27 11:04:05 EDT 2023
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: be55cc0808484138a45e989d350818a842efe022
https://github.com/MidnightBSD/src/commit/be55cc0808484138a45e989d350818a842efe022
Author: Cy Schubert <cy at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/netpfil/ipfilter/netinet/ip_fil.h
M sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
Log Message:
-----------
ipfilter: Correctly type ipf_pullup()
ipf_pullup() outputs a pointer to ip_t. Though returning a pointer to
void does work, it is imprecise and not completely correct.
(cherry picked from commit c941e8c65d9df878136dc5d51d70256d33f7769f)
Commit: 7e2f09317a80fdb4f32f3e0a8ce040939d4927ef
https://github.com/MidnightBSD/src/commit/7e2f09317a80fdb4f32f3e0a8ce040939d4927ef
Author: Cy Schubert <cy at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/netpfil/ipfilter/netinet/fil.c
Log Message:
-----------
ipfilter: Fix use after free on packet with broken lengths
Under the scenario with a packet with length of 67 bytes, a header length
using the default of 20 bytes and a TCP data offset (th_off) of 48 will
cause m_pullup() to fail to make sure bytes are arragned contiguously.
m_pullup() will free the mbuf chain and return a null. ipfilter stores
the resultant mbuf address (or the resulting NULL) in its fr_info_t
structure. Unfortuntely the eroneous packet is not flagged for drop.
This results in a kernel page fault at line 410 of sys/netinet/ip_fastfwd.c
as it tries to use a now previously freed, by m_pullup(), mbuf.
PR: 266442
Reported by: Robert Morris <rtm at lcs.mit.edu>
(cherry picked from commit 79f7745c098a766d34a4e072cdd1a06e6d0829d5)
Commit: 91eaf8dc9737cab3d0ad3b6d99933dc264880e17
https://github.com/MidnightBSD/src/commit/91eaf8dc9737cab3d0ad3b6d99933dc264880e17
Author: Sebastian Huber <sebastian.huber at embedded-brains.de>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/crypto/sha2/sha512c.c
Log Message:
-----------
sha512_224: Fix SHA512_224_Final() on little-endian machines.
PR: 266863
MFC after: 1 week
Reviewed by: allanjude, cperciva, des
Differential Revision: https://reviews.freebsd.org/D38372
(cherry picked from commit 6680cfe8e0eec4427716ab50d73ab8231dd9ab28)
Commit: f684d61e56b7c275269be756f6487e302c4a2884
https://github.com/MidnightBSD/src/commit/f684d61e56b7c275269be756f6487e302c4a2884
Author: John Grafton <john.grafton at runbox.com>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M rescue/rescue/Makefile
Log Message:
-----------
rescue: Add fetch(1) to the rescue tool.
After a failed upgrade, having fetch(1) on a system that is
physically unnreachable would be very useful to download files
required to get the OS back up and functional.
On my system this adds 589,824 bytes (3.8%) to the binary size.
PR: 266224
Reported by: Dan Mahoney
Differential Revision: https://reviews.freebsd.org/D38193
(cherry picked from commit ea34aa4780e5a581732520ea579342af94684882)
rescue: Fix link order of SSL libraries and fetch.
ld.bfd requires libraries to be linked in order. libssl requires
libcrypto. libfetch requires libssl. To fix the latter, move fetch
up above tar rather than listing the ssl libraries twice.
Reviewed by: delphij
Fixes: ea34aa4780e5 rescue: Add fetch(1) to the rescue tool.
Differential Revision: https://reviews.freebsd.org/D38304
(cherry picked from commit 0f031350f32b8760e0843a6476d67aa21116103b)
Commit: 630d5b30f546e55245e172eb95e6c65b0dbb7240
https://github.com/MidnightBSD/src/commit/630d5b30f546e55245e172eb95e6c65b0dbb7240
Author: Tijl Coosemans <tijl at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M usr.sbin/unbound/setup/local-unbound-setup.sh
Log Message:
-----------
local-unbound-setup: Use default root certificates
Don't force /etc/ssl/cert.pem. It does not exist by default, only if
security/ca_root_nss is installed. Just use the default OpenSSL search
locations which are /etc/ssl/cert.pem and /etc/ssl/certs/.
The tls-system-cert option was added in Unbound 1.16.0.
Reviewed by: zlei
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38243
(cherry picked from commit 8932f7ce1783a10e9ba79c61d54077aa7693552e)
Commit: 404c4022237fc4266e4c06bcf03a98abb2be5cc9
https://github.com/MidnightBSD/src/commit/404c4022237fc4266e4c06bcf03a98abb2be5cc9
Author: Cy Schubert <cy at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M crypto/heimdal/lib/kadm5/create_s.c
Log Message:
-----------
heimdal: Resolve hdb_free_entry() SIGSEGV/SIGILL
When the client sends kadmind a create principal (kadm_create) request
kadm_s_create_principal() returns an error before zeroing out ent (an
hdb entry structure wrapper -- hdb_entry_ex), resulting in a NULL
reference.
Fix obtained from upstream commit 35ea4955a.
PR: 268059
Reported by: Robert Morris <rtm at lcs.mit.edu>
Obtained from: Heimdal commit 35ea4955a
(cherry picked from commit 6a70e0b4cdc606931555cdc59dc6c8d4a3ab4e3e)
Commit: 6353ad2e885102e4f53c0a2339b33db6eceb663f
https://github.com/MidnightBSD/src/commit/6353ad2e885102e4f53c0a2339b33db6eceb663f
Author: Kyle Evans <kevans at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sbin/md5/md5.c
M sbin/md5/tests/Makefile
A sbin/md5/tests/md5_test.sh
A sbin/md5/tests/sum_a.in
A sbin/md5/tests/sum_b.in
A sbin/md5/tests/sum_c.in
A sbin/md5/tests/sum_sums.digest
Log Message:
-----------
md5: fix *sum -c with missing files
If we fail to open one of the files in the file listing, we still need
to advance `rec` along with `argv` so that the checksum we're checking
against lines up with the file we're hashing.
Tests added both for the -c flag, as well as the -b and -t modes of
the *sum programs.
PR: 267722
Reviewed by: emaste (earlier version)
(cherry picked from commit 8d78a0d331ec2c168efe6cb85bbc2da86e9a6124)
Commit: 56a465ebc011bd43f2d8b897f1aa1d404113f1be
https://github.com/MidnightBSD/src/commit/56a465ebc011bd43f2d8b897f1aa1d404113f1be
Author: Kyle Evans <kevans at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M usr.bin/top/machine.c
Log Message:
-----------
top: fix sorting by pid (-o pid)
The 'pid' order was added, but the equivalent comparator was not back in
8b800d3af2d8c ("Add the PID column to the list of sort keys.").
`ordernames` indices need to match `compares` indices in order for this
to work.
A future commit will restructure all of this to make it less error prone
going forward (see D37083).
MFC after: 3 days
Reviewed by: pstef (D37083)
(cherry picked from commit deb63adf945d446ed91a9d84124c71f15ae571d1)
Commit: a23c5e53809b9757777aa0ac9f0137cc7b371ae9
https://github.com/MidnightBSD/src/commit/a23c5e53809b9757777aa0ac9f0137cc7b371ae9
Author: Elliott Mitchell <ehem_freebsd_m5p.com>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/sys/ck.h
Log Message:
-----------
Add ck.h userspace shims for CK_SLIST_
Differential Revision: https://reviews.freebsd.org/D38471
(cherry picked from commit cd3193f640e26991d94d87a45ee9b6a953c56fb5)
Commit: ae8b8d79bd17dd029983ddb7e800a1c43a4892c0
https://github.com/MidnightBSD/src/commit/ae8b8d79bd17dd029983ddb7e800a1c43a4892c0
Author: Kristof Provost <kp at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/netpfil/pf/if_pfsync.c
Log Message:
-----------
pfsync: add missing bucket lock
pfsync_q_ins() expects us to hold the bucket lock, but when we enter it
from pfsync_state_import() we don't.
MFC after: 2 weeks
(cherry picked from commit 0ed5f66c5ad23a6fe02d60765acf5e5e00957542)
Commit: 4fb4c8e376cb82d5824b57bc6dc5860eb805a857
https://github.com/MidnightBSD/src/commit/4fb4c8e376cb82d5824b57bc6dc5860eb805a857
Author: Kristof Provost <kp at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M tests/sys/netpfil/pf/pfsync.sh
Log Message:
-----------
pf tests: improve pfsync:basic_defer test
Create state on output only, to ensure we trigger the defer code.
MFC after: 2 weeks
(cherry picked from commit afa77b6996513df98fd27f91ae4c9fe57f7ac4b2)
Commit: 29956280b1cac3c65ee3b4cb96239a7e5044b66c
https://github.com/MidnightBSD/src/commit/29956280b1cac3c65ee3b4cb96239a7e5044b66c
Author: Zhenlei Huang <zlei at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/dev/usb/net/if_mosreg.h
Log Message:
-----------
usb: Remove unused member in struct mos_softc
Spotted by jhibbits in D37812.
Reviewed by: #network, glebius
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38581
(cherry picked from commit 3bafe73affe37de3e94d91d4c1310f1272375970)
(cherry picked from commit 1ab8695033149213e49af0897e2e305649c52817)
Commit: df2ac5aeeee1a30c07aa2cec29068f036946530e
https://github.com/MidnightBSD/src/commit/df2ac5aeeee1a30c07aa2cec29068f036946530e
Author: Xin LI <delphij at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M libexec/rc/rc.d/cleanvar
Log Message:
-----------
cleanvar: Be more careful when cleaning up /var.
The cleanvar script uses find -delete to remove stale files under /var,
which could lead to unwanted removal of files in some unusual scenarios.
For example, when a mounted fdescfs(5) is present under /var/run/samba/fd,
find(1) could descend into a directory that is out of /var/run and remove
files that should not be removed.
To mitigate this, modify the script to use find -x, which restricts the
find scope to one file system only instead of descending into mounted
file systems.
PR: 269213
(cherry picked from commit 39e8c2a29a860bdb69ffcfbc06de4d4ad103b458)
Commit: 78d9a4ad2f131d29a41dd52310a5304d7fe9c099
https://github.com/MidnightBSD/src/commit/78d9a4ad2f131d29a41dd52310a5304d7fe9c099
Author: Kevin Bowling <kbowling at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/dev/e1000/if_em.c
Log Message:
-----------
e1000: fix I219 hang on reset
Clear the rings before reset to avoid a HW hang.
Inspired by em-7.7.8 and DPDK (1fc9701238edcf0541289b9ae15565b6d9d7ab30)
Reviewed by: erj
Sponsored by: BBOX.io
Pull Request: https://github.com/freebsd/freebsd-src/pull/540
(cherry picked from commit ae1dca798e0f826de46f4ec11914ba4c91928d7a)
Commit: 9226a4b02a0bc986c94ce0cbe86ca04223773e10
https://github.com/MidnightBSD/src/commit/9226a4b02a0bc986c94ce0cbe86ca04223773e10
Author: Kevin Bowling <kbowling at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/dev/e1000/if_em.c
Log Message:
-----------
e1000: bump driver version
Incrementing these to avoid confusion in users; we are on par with these
out of tree versions.
Reviewed by: erj
Sponsored by: BBOX.io
Pull Request: https://github.com/freebsd/freebsd-src/pull/540
(cherry picked from commit 647f2d2bc0cb9357ac083bf2aae4b669167dd66b)
Commit: 69ea773aecbcbd01b7c946030e5f7c9240c146a9
https://github.com/MidnightBSD/src/commit/69ea773aecbcbd01b7c946030e5f7c9240c146a9
Author: Kevin Bowling <kbowling at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/dev/e1000/e1000_ich8lan.c
M sys/dev/e1000/if_em.c
Log Message:
-----------
e1000: Remove redundant disable_ulp for ich8lan
This call only makes sense for ich8lan, and the shared code does it in
e1000_setup_init_funcs() above this deletion.
Obtained from: DPDK
Sponsored by: BBOX.io
Pull Request: https://github.com/freebsd/freebsd-src/pull/539
(cherry picked from commit d36fbdb08ff567393a698aaf16f726275901ec96)
Commit: c775711e99ac2d30bcc70df1fe47f77a8ef905f0
https://github.com/MidnightBSD/src/commit/c775711e99ac2d30bcc70df1fe47f77a8ef905f0
Author: Kevin Bowling <kbowling at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/dev/e1000/e1000_api.c
M sys/dev/e1000/e1000_hw.h
M sys/dev/e1000/e1000_ich8lan.c
M sys/dev/e1000/if_em.c
Log Message:
-----------
e1000: Add support for future client platforms
Sponsored by: BBOX.io
(cherry picked from commit 905ae5881bdc1b9742e08d660d787204c08d6022)
Commit: 441f732b13eeb465ae762e4f611d33207135608d
https://github.com/MidnightBSD/src/commit/441f732b13eeb465ae762e4f611d33207135608d
Author: Kevin Bowling <kbowling at FreeBSD.org>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
M sys/dev/e1000/e1000_ich8lan.c
Log Message:
-----------
e1000: Fix packet loss on 11th gen and later
Ungate DMA clock on TGP and later to avoid packet loss.
A similar fix appears in Linux 639e298f432fb058a9496ea16863f53b1ce935fe
This may be needed as far back as SPT but no confirmation from intel or
other OS yet.
Obtained from: OpenBSD (if_em_hw.c 1.116)
Sponsored by: BBOX.io
(cherry picked from commit 56365902147791994157c3a8f75784dafd46dbd8)
Compare: https://github.com/MidnightBSD/src/compare/e6d28f10f78a...441f732b13ee
More information about the Midnightbsd-cvs
mailing list