HardenedBSD/src 21ebe1flib/libhbsdcontrol aslr.c

HBSD: Support unapplying (resetting) ASLR feature state

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+20-4lib/libhbsdcontrol/aslr.c
+20-41 files

HardenedBSD/src 8d13f83crypto/openssh ChangeLog servconf.c, sys/dev/uart uart_cpu_acpi.c

Merge remote-tracking branch 'internal/freebsd/current/main' into hardened/current/master
DeltaFile
+569-1,774crypto/openssh/ChangeLog
+111-57crypto/openssh/servconf.c
+101-65crypto/openssh/readconf.c
+83-65sys/dev/uart/uart_cpu_acpi.c
+0-101sys/kern/uipc_socket.c
+59-20crypto/openssh/channels.c
+923-2,082111 files not shown
+1,945-2,671117 files

HardenedBSD/src ba43ccflib/libhbsdcontrol aslr.c

HBSD: Support applying ASLR state

Set the filesystem extended attributes for the file for the ASLR
feature.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+43-5lib/libhbsdcontrol/aslr.c
+43-51 files

HardenedBSD/ports 74d9c07devel/fbthrift pkg-plist, devel/rubygem-with_advisory_lock Makefile

Merge remote-tracking branch 'internal/freebsd/main' into hardenedbsd/main
DeltaFile
+64-5sysutils/mate-power-manager/pkg-plist
+30-0security/vuxml/vuln/2024.xml
+21-0devel/rubygem-with_advisory_lock61/Makefile
+0-20devel/rubygem-with_advisory_lock/Makefile
+15-0devel/fbthrift/pkg-plist
+7-7security/git-credential-gopass/distinfo
+137-3255 files not shown
+248-13261 files

HardenedBSD/src d3a52b8lib/libhbsdcontrol libhbsdcontrol.c libhbsdcontrol.h

HBSD: Provide a feature state flag of persisted

The persisted flag denotes that the state has been persisted to storage.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+65-0lib/libhbsdcontrol/libhbsdcontrol.c
+14-0lib/libhbsdcontrol/libhbsdcontrol.h
+2-0lib/libhbsdcontrol/aslr.c
+81-03 files

HardenedBSD/src b50a4bdlib/libhbsdcontrol aslr.c

HBSD: Remove unneeded code

There's no need to keep a file's feature state in the feature object
itself.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+5-53lib/libhbsdcontrol/aslr.c
+5-531 files

HardenedBSD/src 485df84lib/libhbsdcontrol aslr.c libhbsdcontrol.c, share/mk src.libnames.mk

HBSD: Add more APIs and ABIs for libhbsdcontrol

A given file's feature state might be one of:

1. Enabled
2. Disabled
3. System default
4. Unknown
5. Invalid

The vast majority of times, getting the state should return system
default. A state is unknown when a system error occurs (perhaps
filesystem extended attributes aren't available for the underlying
filesystem.) A state of error occurs when an invalid combination of
settings occurs. For example, attempting to set both the enabled and
disabled filesystem extended attributes for a given file.

This also starts the ASLR feature toggle. Provide the implementation for
getting the feature state of a given file.

    [2 lines not shown]
DeltaFile
+245-0lib/libhbsdcontrol/aslr.c
+130-1lib/libhbsdcontrol/libhbsdcontrol.c
+38-2lib/libhbsdcontrol/libhbsdcontrol.h
+2-6share/mk/src.libnames.mk
+4-1lib/libhbsdcontrol/Makefile
+419-105 files

HardenedBSD/ports 5618eb4math/py-slepc4py distinfo Makefile

math/py-slepc4py: update 3.20.1 → 3.20.2

Reported by:    portscout
DeltaFile
+3-3math/py-slepc4py/distinfo
+1-1math/py-slepc4py/Makefile
+4-42 files

HardenedBSD/ports 0d4e388math/slepc distinfo pkg-plist

math/slepc: update 3.20.1 → 3.20.2

Reported by:    portscout
DeltaFile
+3-3math/slepc/distinfo
+2-2math/slepc/pkg-plist
+2-2math/slepc/Makefile
+7-73 files

HardenedBSD/src a8eb3b3stand/forth loader.4th

loader.4th dictthreshold too small

The dictthreshold in stand/forth/loader.4th is too small
resulting in full dictionary.

Reviewed by:    stevek, imp
Sponsored by:   Juniper Networks, Inc.
Differential Revision:  https://reviews.freebsd.org/D44414
DeltaFile
+2-2stand/forth/loader.4th
+2-21 files

HardenedBSD/src 01f3abbstand/uboot Makefile

uboot/Makefile move BINDIR

Set BINDIR before we include bsd.init.mk
so we can override it via local.init.mk

Reviewed by:    imp
Sponsored by:   Juniper Networks, Inc.
Differential Revision:  https://reviews.freebsd.org/D44413
DeltaFile
+2-1stand/uboot/Makefile
+2-11 files

HardenedBSD/src 8f13abbusr.sbin/nfsd nfsd.8

nfsd.8: Document ways to minimize Copy operation times

For NFSv4.2, a Copy operation can take a long time to complete.
If there is a concurrent ExchangeID or DelegReturn operation
which requires the exclusive lock on all NFSv4 state, this can
result in a stall of the nfsd server.

This patch documents ways to avoid this problem.

This is a content change.

Reviewed by:    karels, wollman, pauamma_gundo.com (manpages)
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D44395
DeltaFile
+23-1usr.sbin/nfsd/nfsd.8
+23-11 files

HardenedBSD/ports b73e44asysutils/mate-power-manager pkg-plist distinfo

sysutils/mate-power-manager: updated to 1.28.1
DeltaFile
+64-5sysutils/mate-power-manager/pkg-plist
+3-3sysutils/mate-power-manager/distinfo
+1-2sysutils/mate-power-manager/Makefile
+68-103 files

HardenedBSD/ports f59ddd5security/git-credential-gopass distinfo Makefile, www/py-httpcore Makefile

security/git-credential-gopass: Update to 1.15.12
DeltaFile
+7-7security/git-credential-gopass/distinfo
+11-0www/py-httpcore/files/patch-pyproject.toml
+2-3security/git-credential-gopass/Makefile
+1-1www/py-httpcore/Makefile
+21-114 files

HardenedBSD/ports abd399dsysutils/mate-polkit distinfo Makefile

sysutils/mate-polkit: updated to 1.28.1
DeltaFile
+3-3sysutils/mate-polkit/distinfo
+1-2sysutils/mate-polkit/Makefile
+1-0sysutils/mate-polkit/pkg-plist
+5-53 files

HardenedBSD/ports f10ec79net/libmateweather distinfo Makefile

net/libmateweather: updated to 1.28.0
DeltaFile
+3-3net/libmateweather/distinfo
+1-2net/libmateweather/Makefile
+4-52 files

HardenedBSD/ports a8fc15fsecurity/vuxml/vuln 2024.xml

security/vuxml: Document www/varnish7 vuln: CVE-2023-43622
DeltaFile
+30-0security/vuxml/vuln/2024.xml
+30-01 files

HardenedBSD/ports 9747ca2www/varnish7 distinfo Makefile

www/varnish7: Update to 7.4.3, fix vulnerability

Release notes:  https://varnish-cache.org/security/VSV00014.html#vsv00014
Security:       05b7180b-e571-11ee-a1c0-0050569f0b83
Approved by:    dbai@ (maintainer)
DeltaFile
+3-3www/varnish7/distinfo
+1-1www/varnish7/Makefile
+4-42 files

HardenedBSD/src d413597usr.bin/calendar/calendars calendar.freebsd

add myself(oh) to the calendar

Reported by: McKusick
Approved by: Manu (mentor)
Differential Revision: https://reviews.freebsd.org/D44408
DeltaFile
+1-0usr.bin/calendar/calendars/calendar.freebsd
+1-01 files

HardenedBSD/ports ac608a0net-mgmt/check_ssl_cert distinfo Makefile

net-mgmt/check_ssl_cert: update to 2.81.0

Release Notes
  https://github.com/matteocorti/check_ssl_cert/releases/tag/v2.81.0
DeltaFile
+3-3net-mgmt/check_ssl_cert/distinfo
+1-1net-mgmt/check_ssl_cert/Makefile
+4-42 files

HardenedBSD/src 60bc961sys/kern kern_vnodedumper.c, sys/sys param.h kerneldump.h

kerneldump: add livedump_start_vnode(9)

livedump_start_vnode(9) is introduced such that the live minidump on the
system could take a vnode. This interface could be used to extend support
for the existing framework in downstream.

Bump __FreeBSD_version for introducing livedump_start_vnode(9).

Sponsored by:   Juniper Networks, Inc.
Reviewed by:    khng
Differential Revision:  https://reviews.freebsd.org/D43471
DeltaFile
+23-9sys/kern/kern_vnodedumper.c
+1-1sys/sys/param.h
+1-0sys/sys/kerneldump.h
+25-103 files

HardenedBSD/src e34ea01sys/netinet tcp_timer.c tcp_subr.c

tcp: clear all TCP timers in tcp_timer_stop() when in callout

When a TCP callout decides to disable self, e.g. tcp_timer_2msl() calling
tcp_close(), we must also clear all other possible timers.  Otherwise,
upon return, the callout would be scheduled again in tcp_timer_enter().

Revert 57e27ff07aff, which was a temporary partial revert of otherwise
correct 62d47d73b7eb, that exposed the problem being fixed now.  Add an
extra assertion in tcp_timer_enter() to check we aren't arming callout for
a closed connection.

Reviewed by:    rscheff
DeltaFile
+4-2sys/netinet/tcp_timer.c
+1-2sys/netinet/tcp_subr.c
+5-42 files

HardenedBSD/ports 8d9daaclang/gnat12 Makefile, lang/gnat13 Makefile

lang/gnat1?: force the usage of gettext

It appears that gettext is required even when NLS is disabled (surely
because the compiler used for bootstrap has been built with NLS).

No bump of PORTREVISION needed.

PR:             277508
Reported by:    bob (at) vesterman.com
DeltaFile
+1-2lang/gnat12/Makefile
+1-2lang/gnat13/Makefile
+2-42 files

HardenedBSD/src 576fbcbusr.bin/calendar/calendars calendar.freebsd

Add myself (rcm) to the calendar.

Reminded by:    mckusick
DeltaFile
+1-0usr.bin/calendar/calendars/calendar.freebsd
+1-01 files

HardenedBSD/src f50322cshare/man/man9 random.9

random(9): bump removal to FreeBSD 15.0

It has not yet been removed, and still has some in-tree consumers.

PR:             277655
Sponsored by:   The FreeBSD Foundation
DeltaFile
+2-2share/man/man9/random.9
+2-21 files

HardenedBSD/ports 167c4e1devel Makefile, devel/rubygem-with_advisory_lock Makefile distinfo

devel/rubygem-with_advisory_lock: rename to rubygem-with_advisory_lock61 to follow naming convention.

Requested by:   mikael
DeltaFile
+21-0devel/rubygem-with_advisory_lock61/Makefile
+0-20devel/rubygem-with_advisory_lock/Makefile
+0-3devel/rubygem-with_advisory_lock/distinfo
+3-0devel/rubygem-with_advisory_lock61/distinfo
+1-1devel/Makefile
+2-0devel/rubygem-with_advisory_lock61/pkg-descr
+27-242 files not shown
+28-268 files

HardenedBSD/ports 8e901dfnet/mvfst distinfo Makefile

net/mvfst: update 2024.03.11.00 → 2024.03.18.00
DeltaFile
+3-3net/mvfst/distinfo
+1-1net/mvfst/Makefile
+4-42 files

HardenedBSD/ports 905a94edevel/fatal distinfo Makefile

devel/fatal: update 2024.03.11.00 → 2024.03.18.00
DeltaFile
+3-3devel/fatal/distinfo
+1-1devel/fatal/Makefile
+4-42 files

HardenedBSD/ports d4ef6canet/fb303 distinfo Makefile

net/fb303: update 2024.03.11.00 → 2024.03.18.00
DeltaFile
+3-3net/fb303/distinfo
+2-3net/fb303/Makefile
+5-62 files

HardenedBSD/ports 47cbda8devel/fbthrift pkg-plist distinfo

devel/fbthrift: update 2024.03.11.00 → 2024.03.18.00
DeltaFile
+15-0devel/fbthrift/pkg-plist
+3-3devel/fbthrift/distinfo
+1-1devel/fbthrift/Makefile
+19-43 files