OPNSense/src 2850267sys/dev/re if_re.c

re: compile on arm
DeltaFile
+4-0sys/dev/re/if_re.c
+4-01 files

OPNSense/src 7e56b64sys/dev/re if_re.c

re: compile on arm
DeltaFile
+4-0sys/dev/re/if_re.c
+4-01 files

OPNSense/src 3644549usr.sbin Makefile

Revert "pmcstat: that doesn't make any sense..."

This reverts commit 7913071e4c5a9e09fab097d50af7c695377b4136.

Revert "uathload: same as previous"

This reverts commit 9c051fee57a1e1c13b9a9bae7555d1c548eda9b8.

Revert "nghook: disable compilation, armv6 issue and usused"

This reverts commit 2160e45071f999387fef62f79b5a46483450ae5a.
DeltaFile
+0-6usr.sbin/Makefile
+0-61 files

OPNSense/src 7913071usr.sbin Makefile

pmcstat: that doesn't make any sense...
DeltaFile
+2-0usr.sbin/Makefile
+2-01 files

OPNSense/src 9c051feusr.sbin Makefile

uathload: same as previous
DeltaFile
+5-2usr.sbin/Makefile
+5-21 files

OPNSense/src 2160e45usr.sbin Makefile

nghook: disable compilation, armv6 issue and usused

PR: https://github.com/opnsense/tools/issues/113
DeltaFile
+2-1usr.sbin/Makefile
+2-11 files

OPNSense/src 428416b. UPDATING, sys/conf newvers.sh

UPDATING and newvers entries for 11.2-p9

Approved by:    so
Security:       FreeBSD-SA-19:01.syscall

OPNSense/src 2bfe52esys/amd64/amd64 exception.S

amd64: clear callee-preserved registers on syscall exit

Submitted by:   kib
Approved by:    so
Security:       CVE-2019-5595
Security:       FreeBSD-SA-19:01.syscall

OPNSense/src 10d5d42sys/amd64/amd64 exception.S

amd64: clear callee-preserved registers on syscall exit

Submitted by:   kib
Approved by:    so
Security:       CVE-2019-5595
Security:       FreeBSD-SA-19:01.syscall

OPNSense/src cde60ca. UPDATING, sys/conf newvers.sh

UPDATING and newvers entries for 11.2-p9

Approved by:    so
Security:       FreeBSD-SA-19:01.syscall

OPNSense/src 31af16dsys/dev/mmc mmc.c

MMC, HS200/HS400 support seems to break mmc legacy support, clock probing seems to have 
issues.

Original source 
https://github.com/freebsd/freebsd/commit/398d5fc6afb7ce20f0cf9ecc4fe286e72afdbf29

This commit resets mmc_calculate_clock() to it's original behaviour.
DeltaFile
+29-118sys/dev/mmc/mmc.c
+29-1181 files

OPNSense/src c4ec367sys/dev/mmc mmc.c

MMC, HS200/HS400 support seems to break mmc legacy support, clock probing seems to have 
issues.

Original source 
https://github.com/freebsd/freebsd/commit/398d5fc6afb7ce20f0cf9ecc4fe286e72afdbf29

This commit resets mmc_calculate_clock() to it's original behaviour.
DeltaFile
+29-118sys/dev/mmc/mmc.c
+29-1181 files

OPNSense/src 2a379b1. UPDATING, sys/conf newvers.sh

UPDATING and newvers entries for 11.2-p8

Approved by:    so
Security:       FreeBSD-EN-19:03.sqlite
Security:       FreeBSD-EN-19:04.tzdata
Security:       FreeBSD-EN-19:05.kqueue
DeltaFile
+11-0UPDATING
+1-1sys/conf/newvers.sh
+12-12 files

OPNSense/src 354c524sys/kern kern_event.c

MFS11 r340904: Avoid unsynchronized updates to kn_status.

Approved by:    so
Security:       FreeBSD-EN-19:05.kqueue
DeltaFile
+13-8sys/kern/kern_event.c
+13-81 files

OPNSense/src e26db71contrib/tzdata asia australasia

MFS11 r342668: Import tzdata 2018h, 2018i

Approved by:    so
Security:       FreeBSD-EN-19:04.tzdata

OPNSense/src 5cd0cd1contrib/sqlite3 sqlite3.c shell.c, contrib/sqlite3/tea/generic tclsqlite3.c

MFS11 r342292: MFC r333352 & r342183:

r333352: Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1
r342183: Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000)

PR:            234113
Approved by:    so
Security:       FreeBSD-EN-19:03.sqlite

OPNSense/src 2a5391acontrib/sqlite3 sqlite3.c shell.c, contrib/sqlite3/tea/generic tclsqlite3.c

MFS11 r342292: MFC r333352 & r342183:

r333352: Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1
r342183: Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000)

PR:            234113
Approved by:    so
Security:       FreeBSD-EN-19:03.sqlite

OPNSense/src b652cc9sys/kern kern_event.c

MFS11 r340904: Avoid unsynchronized updates to kn_status.

Approved by:    so
Security:       FreeBSD-EN-19:05.kqueue
DeltaFile
+13-8sys/kern/kern_event.c
+13-81 files

OPNSense/src f44a7c3. UPDATING, sys/conf newvers.sh

UPDATING and newvers entries for 11.2-p8

Approved by:    so
Security:       FreeBSD-EN-19:03.sqlite
Security:       FreeBSD-EN-19:04.tzdata
Security:       FreeBSD-EN-19:05.kqueue
DeltaFile
+11-0UPDATING
+1-1sys/conf/newvers.sh
+12-12 files

OPNSense/src 97ea9c0contrib/tzdata asia australasia

MFS11 r342668: Import tzdata 2018h, 2018i

Approved by:    so
Security:       FreeBSD-EN-19:04.tzdata

OPNSense/src 85f6989sys/dev/netmap netmap.c

netmap: disable this notice again

If it's full it's full.  No use telling dmesg on every other packet.

OPNSense/src 0ac3343sys/dev/netmap netmap.c

MFC r342368, r342369

netmap: fix bug in netmap_poll() optimization

The bug was introduced by r339639, although it is present in the upstream
netmap code since 2015. It is due to resetting the want_rx variable to
POLLIN, rather than resetting it to POLLIN|POLLRDNORM.
It only affects select(), which uses POLLRDNORM. poll() is not affected,
because it uses POLLIN.
Also, it only affects FreeBSD, because Linux skips the optimization
implemented by the piece of code where the bug occurs.
To check if txsync can be skipped, it is necessary to look for
unseen TX space. However, this means comparing ring->cur
against ring->tail, rather than ring->head against ring->tail
(like nm_ring_empty() does).

Sponsored by:   Sunny Valley Networks
DeltaFile
+22-12sys/dev/netmap/netmap.c
+22-121 files

OPNSense/src 63bafd8sys/dev/netmap netmap.c netmap_kern.h

MFC r342300

netmap: move buf_size validation code to its own function

This code validates the netmap buf_size against the interface MTU
and maximum descriptor size, to make sure the values are consistent.
Moving this functionality to its own function is needed because this
function is also called by Linux-specific code.

OPNSense/src b3e0b7bsys/dev/netmap netmap_pipe.c

MFC r342299

netmap: pipes: make sure both ends use the same number of slots

OPNSense/src ba193f3sys/dev/netmap netmap_kloop.c

MFC r341992

netmap: fix warning in netmap_kloop.c

Reported by:    markj

OPNSense/src 72fc511sys/dev/netmap netmap.c

MFC r341624

netmap: netmap_transmit should honor bpf packet tap hook

This allows tcpdump to capture outbound kernel packets while
in netmap mode

Submitted by:   Marc de la Gueronniere <mdelagueronniere at verisign.com>
Reviewed by:    vmaffione
MFC after:      1 week
Sponsored by:   Verisign, Inc.
Differential Revision:  https://reviews.freebsd.org/D17896

OPNSense/src f7502f7sys/dev/netmap netmap_kloop.c netmap.c, sys/net netmap_virt.h

MFC r341516, r341589

netmap: align codebase to the current upstream (760279cfb2730a585)

Changelist:
  - Replace netmap passthrough host support with a more general
    mechanism to call TXSYNC/RXSYNC from an in-kernel event-loop.
    No kernel threads are used to use this feature: the application
    is required to spawn a thread (or a process) and issue a
    SYNC_KLOOP_START (NIOCCTRL) command in the thread body. The
    kernel loop is executed by the ioctl implementation, which returns
    to userspace only when a different thread calls SYNC_KLOOP_STOP
    or the netmap file descriptor is closed.
  - Update the if_ptnet driver to cope with the new data structures,
    and prune all the obsolete ptnetmap code.
  - Add support for "null" netmap ports, useful to allocate netmap_if,
    netmap_ring and netmap buffers to be used by specialized applications
    (e.g. hypervisors). TXSYNC/RXSYNC on these ports have no effect.
  - Various fixes and code refactoring.

Sponsored by:   Sunny Valley Networks
Differential Revision:  https://reviews.freebsd.org/D18015

OPNSense/src e5eae90sys/modules/netmap Makefile

netmap: fix module Makefile

Reported by:    mav

OPNSense/src cef2939sys/dev/netmap netmap_freebsd.c

MFC r341144

netmap: set IFCAP_NETMAP in if_capabilities

Revision r307394 removed (by mistake) the code that sets IFCAP_NETMAP
in if_capabilities on netmap_attach. This patch reverts this change.

Reviewed by:    np
Approved by:    gnn (mentor)
Differential Revision:  https://reviews.freebsd.org/D17987

OPNSense/src 39c0abdsys/dev/netmap if_vtnet_netmap.h, sys/dev/virtio/network if_vtnet.c if_vtnetvar.h

MFC r340436

vtnet: fix netmap support

netmap(4) support for vtnet(4) was incomplete and had multiple bugs.
This commit fixes those bugs to bring netmap on vtnet in a functional state.

Changelist:
  - handle errors returned by virtqueue_enqueue() properly (they were
    previously ignored)
  - make sure netmap XOR rest of the kernel access each virtqueue.
  - compute the number of netmap slots for TX and RX separately, according to
    whether indirect descriptors are used or not for a given virtqueue.
  - make sure sglist are freed according to their type (mbufs or netmap
    buffers)
  - add support for mulitiqueue and netmap host (aka sw) rings.
  - intercept VQ interrupts directly instead of intercepting them in txq_eof
    and rxq_eof. This simplifies the code and makes it easier to make sure
    taskqueues are not running for a VQ while it is in netmap mode.
  - implement vntet_netmap_config() to cope with changes in the number of queues.

Reviewed by:    bryanv
Approved by:    gnn (mentor)
Sponsored by:   Sunny Valley Networks
Differential Revision:  https://reviews.freebsd.org/D17916

OPNSense/src 55c8ba7sys/dev/netmap netmap.c netmap_vale.c

MFC r339639

netmap: align codebase to the current upstream (sha 8374e1a7e6941)

Changelist:
    - Move large parts of VALE code to a new file and header netmap_bdg.[ch].
      This is useful to reuse the code within upcoming projects.
    - Improvements and bug fixes to pipes and monitors.
    - Introduce nm_os_onattach(), nm_os_onenter() and nm_os_onexit() to
      handle differences between FreeBSD and Linux.
    - Introduce some new helper functions to handle more host rings and fake
      rings (netmap_all_rings(), netmap_real_rings(), ...)
    - Added new sysctl to enable/disable hw checksum in emulated netmap mode.
    - nm_inject: add support for NS_MOREFRAG

Approved by:    gnn (mentor)
Differential Revision:  https://reviews.freebsd.org/D17364

OPNSense/src d563cccsys/dev/netmap netmap_mem2.c netmap.c

Revert "netmap: ring size limit not enough for multi-queue em(4)"

This reverts commit cd1c6702244341d46c5609b89298996a4d8ce091.

OPNSense/src 8af5eb6sys/dev/netmap netmap.c

Revert "pull https://reviews.freebsd.org/D17896 to fix netmap tx / bpf packet tap hook, 
closes https://github.com/opnsense/core/issues/1632"

This reverts commit b91790ab56da506be598366de8b9832af12eaa16.

t #

OPNSense/src 4be1444sys/dev/netmap netmap_freebsd.c

MFC r337812,r337814,r337820,r341068:

r337812 also fixed a bug in the netmap kevent code. The inclusion of
that fix was an oversight that I didn't notice until this
MFC. Reference the code review and PR here in the MFC for
completeness.

PR:  206053
Differential Revision:    https://reviews.freebsd.org/D16531
Sponsored by:   Dell EMC Isilon

OPNSense/src f0179c8sys/kern subr_msgbuf.c

kern: we can't add timestamps, breaks dmesg parsing

While agreeing this is useful fixing the silent fallout in third
party programs will probably not be so nice.

OPNSense/src 4b57161. UPDATING, sys/conf newvers.sh

11.1-RELEASE-p18 UPDATING

Security:       FreeBSD-SA-18:15.bootpd
Security:       FreeBSD-EN-18:17.vm
Security:       FreeBSD-EN-18:18.zfs
DeltaFile
+10-0UPDATING
+1-1sys/conf/newvers.sh
+11-12 files

OPNSense/src 37e7f43libexec/bootpd bootpd.c

MFS11 r342229: bootpd: validate hardware type

Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.

admbugs:        850
Reported by:    Reno Robert
Reviewed by:    markj
Approved by:    so
Security:       FreeBSD-SA-18:15.bootpd
Sponsored by:   The FreeBSD Foundation

OPNSense/src 3085979sys/cddl/contrib/opensolaris/uts/common/fs/zfs zfs_znode.c

MFS11 r341828: Resolve a hang in ZFS during vnode reclaimation

  This is caused by a deadlock between zil_commit() and zfs_zget()
  Add a way for zfs_zget() to break out of the retry loop in the common case

PR:            229614, 231117
Submitted by:   allanjude
Approved by:    so
Security:       FreeBSD-EN-18:18.zfs
Sponsored by:   Klara Systems, The FreeBSD Foundation

OPNSense/src 04f9d3bsys/vm vm_page.c

MFS11 r341401: Update the free page count when blacklisting pages.

PR:            231296
Submitted by:   markj
Approved by:    so
Security:       FreeBSD-EN-18:17.vm
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-1sys/vm/vm_page.c
+3-11 files

OPNSense/src 91cee16. UPDATING, sys/conf newvers.sh

11.2-RELEASE-p7 UPDATING

Approved by:    so
Security:       FreeBSD-SA-18:15.bootpd
Security:       FreeBSD-EN-18:16.ptrace
Security:       FreeBSD-EN-18:17.vm
Security:       FreeBSD-EN-18:18.zfs
DeltaFile
+14-0UPDATING
+1-1sys/conf/newvers.sh
+15-12 files

OPNSense/src a6f0685libexec/bootpd bootpd.c

MFS11 r342229: bootpd: validate hardware type

Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.

admbugs:        850
Reported by:    Reno Robert
Reviewed by:    markj
Approved by:    so
Security:       FreeBSD-SA-18:15.bootpd
Sponsored by:   The FreeBSD Foundation

OPNSense/src a9a2c64sys/cddl/contrib/opensolaris/uts/common/fs/zfs zfs_znode.c

MFS11 r341828: Resolve a hang in ZFS during vnode reclaimation

  This is caused by a deadlock between zil_commit() and zfs_zget()
  Add a way for zfs_zget() to break out of the retry loop in the common case

PR:            229614, 231117
Submitted by:   allanjude
Approved by:    so
Security:       FreeBSD-EN-18:18.zfs
Sponsored by:   Klara Systems, The FreeBSD Foundation

OPNSense/src b616da8sys/vm vm_page.c

MFS11 r341401: Update the free page count when blacklisting pages.

PR:            231296
Submitted by:   markj
Approved by:    so
Security:       FreeBSD-EN-18:17.vm
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-1sys/vm/vm_page.c
+3-11 files

OPNSense/src 6cd05ccsys/kern sys_process.c

MFS11 r340290: Only clear a pending thread event if one is pending.

This fixes a panic when attaching to an already-stopped process.

Also do some other clean ups for control flow of sendsig section.

Submitted by:   markj
Approved by:    so
Security:       FreeBSD-EN-18:16.ptrace
Sponsored by:   The FreeBSD Foundation
DeltaFile
+53-49sys/kern/sys_process.c
+53-491 files

OPNSense/src b91790asys/dev/netmap netmap.c

pull https://reviews.freebsd.org/D17896 to fix netmap tx / bpf packet tap hook, closes 
https://github.com/opnsense/core/issues/1632

tested locally with intel igb driver, seems to be working fine, lets give this some time 
in our dev version.

OPNSense/src bf74bfa. UPDATING, sys/conf newvers.sh

Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]

Submitted by:   jhb
Reported by:    Reno Robert
Approved by:    so
Security:       FreeBSD-SA-18:14.bhyve
Security:       CVE-2018-17160

OPNSense/src 5d1a9ca. UPDATING, sys/conf newvers.sh

Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]

Submitted by:   jhb
Reported by:    Reno Robert
Approved by:    so
Security:       FreeBSD-SA-18:14.bhyve
Security:       CVE-2018-17160

OPNSense/src 2660c8bsys/boot/forth check-password.4th

Fix deferred kernel loading breaks loader password. [EN-18:15.loader]

Submitted by:   dteske
Approved by:    so
Security:       FreeBSD-EN-18:15.loader

OPNSense/src b70461acontrib/tzdata NEWS Makefile

Timezone database information update. [EN-18:14.tzdata]

Approved by:    so
Security:       FreeBSD-EN-18:14.tzdata

OPNSense/src f8c42b0sys/netinet ip_icmp.c

Fix ICMP buffer underwrite. [EN-18:13.icmp]

Approved by:    so
Security:       FreeBSD-EN-18:13.icmp
Security:       CVE-2018-17156