diff options
39 files changed, 2347 insertions, 72 deletions
diff --git a/documentation/content/en/articles/committers-guide/_index.adoc b/documentation/content/en/articles/committers-guide/_index.adoc index d52aab2ee5..1adfc46e2b 100644 --- a/documentation/content/en/articles/committers-guide/_index.adoc +++ b/documentation/content/en/articles/committers-guide/_index.adoc @@ -199,7 +199,6 @@ The Kerberos password also serves as the LDAP web password, since LDAP is proxyi Some of the services which require this include: * https://bugs.freebsd.org/bugzilla[Bugzilla] -* https://ci.freebsd.org[Jenkins] To create a new Kerberos account in the FreeBSD cluster, or to reset a Kerberos password for an existing account using a random password generator: diff --git a/documentation/content/nl/articles/_index.po b/documentation/content/nl/articles/_index.po index 50b3c66dda..2a3fb5fa6a 100644 --- a/documentation/content/nl/articles/_index.po +++ b/documentation/content/nl/articles/_index.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: FreeBSD Documentation VERSION\n" "POT-Creation-Date: 2022-01-08 11:34-0300\n" -"PO-Revision-Date: 2025-06-24 20:10+0000\n" +"PO-Revision-Date: 2025-06-26 04:45+0000\n" "Last-Translator: René Ladan <rene0@freedom.nl>\n" "Language-Team: Dutch <https://translate-dev.freebsd.org/projects/" "documentation/articles_index/nl_NL/>\n" @@ -27,4 +27,4 @@ msgstr "Artikelen" #. type: Plain text #: documentation/content/en/articles/_index.adoc:8 msgid "{{< list-articles-directories >}}" -msgstr "{{< list-articles-directories >}" +msgstr "{{< list-articles-directories >}}" diff --git a/documentation/content/nl/books/handbook/_index.adoc b/documentation/content/nl/books/handbook/_index.adoc index f90c71e3e9..2788668a0d 100644 --- a/documentation/content/nl/books/handbook/_index.adoc +++ b/documentation/content/nl/books/handbook/_index.adoc @@ -1,17 +1,22 @@ --- -title: FreeBSD handboek +add_single_page_link: 'true' authors: - - author: The FreeBSD Dutch Documentation Project -copyright: 1995-2020 The FreeBSD Dutch Documentation Project -trademarks: ["freebsd", "ibm", "ieee", "redhat", "3com", "adobe", "apple", "intel", "linux", "microsoft", "opengroup", "sun", "realnetworks", "oracle", "3ware", "arm", "adaptec", "heidelberger", "intuit", "lsilogic", "themathworks", "thomson", "vmware", "wolframresearch", "xiph", "xfree86", "general"] + - + author: 'The FreeBSD Documentation Project' +bookOrder: 1 +copyright: '1995-2025 The FreeBSD Documentation Project' +description: 'Een uitgebreide, zich voortdurend ontwikkelende bron voor FreeBSD-gebruikers' next: books/handbook/preface -showBookMenu: true -weight: 0 params: - path: "/books/handbook/" + path: /books/handbook/ +showBookMenu: 'true' +tags: ["FreeBSD Handbook", "Handbook"] +title: 'FreeBSD Handboek' +trademarks: ["freebsd", "ibm", "ieee", "redhat", "3com", "adobe", "apple", "intel", "linux", "microsoft", "opengroup", "sun", "realnetworks", "oracle", "3ware", "arm", "adaptec", "google", "heidelberger", "intuit", "lsilogic", "themathworks", "thomson", "vmware", "wolframresearch", "xiph", "xfree86", "general"] +weight: 0 --- -= FreeBSD handboek += FreeBSD Handboek :doctype: book :toc: macro :toclevels: 1 @@ -32,19 +37,19 @@ include::shared/attributes/attributes-{{% lang %}}.adoc[] include::shared/{{% lang %}}/teams.adoc[] include::shared/{{% lang %}}/mailing-lists.adoc[] include::shared/{{% lang %}}/urls.adoc[] +:chapters-path: content/{{% lang %}}/books/handbook/ endif::[] ifdef::backend-pdf,backend-epub3[] +:chapters-path: include::../../../../../shared/asciidoctor.adoc[] endif::[] endif::[] ifndef::env-beastie[] +:chapters-path: include::../../../../../shared/asciidoctor.adoc[] endif::[] -[.abstract-title] -Samenvatting - -Welkom bij FreeBSD! Dit handboek behandelt de installatie en het dagelijks gebruik van _FreeBSD {rel112-current}-RELEASE_ en _FreeBSD {rel120-current}-RELEASE_. Aan deze handleiding wordt nog gewerkt, en is het resultaat van het werk van veel mensen. Veel hoofdstukken of paragrafen bestaan nog niet en wat bestaat dient soms nog bijgewerkt te worden. Als de lezer mee wil helpen aan dit project kan een mail gestuurd worden naar de {freebsd-doc}. De meest recente versie van dit document is te vinden op de http://www.FreeBSD.org/[FreeBSD website]. Eerdere versies van dit handboek zijn te vinden op http://docs.FreeBSD.org/doc/[http://docs.FreeBSD.org/doc/]. Het kan ook gedownload worden in veel verschillende formaten en compressiewijzen van de link:ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/[FreeBSD FTP server] of een van de vele <<mirrors-ftp,mirrorsites>>. Een gedrukt exemplaar van het handboek is te koop bij de http://www.freebsdmall.com/[FreeBSD Mall] (Engels). Het handboek kan ook link:https://www.FreeBSD.org/search/[doorzocht worden]. +include::{chapters-path}introduction.adoc[] ''' diff --git a/documentation/content/nl/books/handbook/_index.po b/documentation/content/nl/books/handbook/_index.po new file mode 100644 index 0000000000..36a95807bf --- /dev/null +++ b/documentation/content/nl/books/handbook/_index.po @@ -0,0 +1,38 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR The FreeBSD Project +# This file is distributed under the same license as the FreeBSD Documentation package. +# René Ladan <rene0@freedom.nl>, 2025. +# Tammo-Jan Kamminga <tammo-jan@freezzz.eu>, 2025. +msgid "" +msgstr "" +"Project-Id-Version: FreeBSD Documentation VERSION\n" +"POT-Creation-Date: 2025-05-01 19:56-0300\n" +"PO-Revision-Date: 2025-07-02 04:45+0000\n" +"Last-Translator: Tammo-Jan Kamminga <tammo-jan@freezzz.eu>\n" +"Language-Team: Dutch <https://translate-dev.freebsd.org/projects/" +"documentation/bookshandbook_index/nl_NL/>\n" +"Language: nl_NL\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.17\n" + +#. type: YAML Front Matter: description +#: documentation/content/en/books/handbook/_index.adoc:1 +#, no-wrap +msgid "A constantly evolving, comprehensive resource for FreeBSD users" +msgstr "" +"Een uitgebreide, zich voortdurend ontwikkelende bron voor FreeBSD-gebruikers" + +#. type: Title = +#: documentation/content/en/books/handbook/_index.adoc:1 +#: documentation/content/en/books/handbook/_index.adoc:18 +#, no-wrap +msgid "FreeBSD Handbook" +msgstr "FreeBSD Handboek" + +#. type: Plain text +#: documentation/content/en/books/handbook/_index.adoc:54 +msgid "'''" +msgstr "'''" diff --git a/documentation/content/nl/books/handbook/book.adoc b/documentation/content/nl/books/handbook/book.adoc index 52920c607a..27ec8a7433 100644 --- a/documentation/content/nl/books/handbook/book.adoc +++ b/documentation/content/nl/books/handbook/book.adoc @@ -1,12 +1,16 @@ --- -title: FreeBSD handboek +add_split_page_link: 'true' authors: - - author: The FreeBSD Dutch Documentation Project -copyright: 1995-2020 The FreeBSD Dutch Documentation Project -trademarks: ["freebsd", "ibm", "ieee", "redhat", "3com", "adobe", "apple", "intel", "linux", "microsoft", "opengroup", "sun", "realnetworks", "oracle", "3ware", "arm", "adaptec", "heidelberger", "intuit", "lsilogic", "themathworks", "thomson", "vmware", "wolframresearch", "xiph", "xfree86", "general"] + - + author: 'The FreeBSD Documentation Project' +copyright: '1995-2025 The FreeBSD Documentation Project' +description: 'Een uitgebreide, zich voortdurend ontwikkelende bron voor FreeBSD-gebruikers' +tags: ["FreeBSD Handbook", "Handbook"] +title: 'FreeBSD Handboek' +trademarks: ["freebsd", "ibm", "ieee", "redhat", "3com", "adobe", "apple", "intel", "linux", "microsoft", "opengroup", "sun", "realnetworks", "oracle", "3ware", "arm", "adaptec", "google", "heidelberger", "intuit", "lsilogic", "themathworks", "thomson", "vmware", "wolframresearch", "xiph", "xfree86", "general"] --- -= FreeBSD handboek += FreeBSD Handboek :doctype: book :toc: macro :toclevels: 2 @@ -42,11 +46,7 @@ ifndef::env-beastie[] include::../../../../../shared/asciidoctor.adoc[] endif::[] -[.abstract-title] -[abstract] -Samenvatting - -Welkom bij FreeBSD! Dit handboek behandelt de installatie en het dagelijks gebruik van _FreeBSD {rel112-current}-RELEASE_ en _FreeBSD {rel120-current}-RELEASE_. Aan deze handleiding wordt nog gewerkt, en is het resultaat van het werk van veel mensen. Veel hoofdstukken of paragrafen bestaan nog niet en wat bestaat dient soms nog bijgewerkt te worden. Als de lezer mee wil helpen aan dit project kan een mail gestuurd worden naar de {freebsd-doc}. De meest recente versie van dit document is te vinden op de http://www.FreeBSD.org/[FreeBSD website]. Eerdere versies van dit handboek zijn te vinden op http://docs.FreeBSD.org/doc/[http://docs.FreeBSD.org/doc/]. Het kan ook gedownload worden in veel verschillende formaten en compressiewijzen van de link:ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/[FreeBSD FTP server] of een van de vele <<mirrors-ftp,mirrorsites>>. Een gedrukt exemplaar van het handboek is te koop bij de http://www.freebsdmall.com/[FreeBSD Mall] (Engels). Het handboek kan ook link:https://www.FreeBSD.org/search/[ doorzocht worden]. +include::{chapters-path}introduction.adoc[] ''' @@ -63,8 +63,6 @@ include::{chapters-path}parti.adoc[] include::{chapters-path}introduction/_index.adoc[leveloffset=+1] -include::{chapters-path}install/_index.adoc[leveloffset=+1] - include::{chapters-path}bsdinstall/_index.adoc[leveloffset=+1] include::{chapters-path}basics/_index.adoc[leveloffset=+1] @@ -73,6 +71,10 @@ include::{chapters-path}ports/_index.adoc[leveloffset=+1] include::{chapters-path}x11/_index.adoc[leveloffset=+1] +include::{chapters-path}wayland/_index.adoc[leveloffset=+1] + +include::{chapters-path}network/_index.adoc[leveloffset=+1] + // Section two include::{chapters-path}partii.adoc[] @@ -86,6 +88,8 @@ include::{chapters-path}printing/_index.adoc[leveloffset=+1] include::{chapters-path}linuxemu/_index.adoc[leveloffset=+1] +include::{chapters-path}wine/_index.adoc[leveloffset=+1] + // Section three include::{chapters-path}partiii.adoc[] @@ -93,8 +97,6 @@ include::{chapters-path}config/_index.adoc[leveloffset=+1] include::{chapters-path}boot/_index.adoc[leveloffset=+1] -include::{chapters-path}users/_index.adoc[leveloffset=+1] - include::{chapters-path}security/_index.adoc[leveloffset=+1] include::{chapters-path}jails/_index.adoc[leveloffset=+1] @@ -107,6 +109,8 @@ include::{chapters-path}disks/_index.adoc[leveloffset=+1] include::{chapters-path}geom/_index.adoc[leveloffset=+1] +include::{chapters-path}zfs/_index.adoc[leveloffset=+1] + include::{chapters-path}filesystems/_index.adoc[leveloffset=+1] include::{chapters-path}virtualization/_index.adoc[leveloffset=+1] @@ -117,6 +121,8 @@ include::{chapters-path}cutting-edge/_index.adoc[leveloffset=+1] include::{chapters-path}dtrace/_index.adoc[leveloffset=+1] +include::{chapters-path}usb-device-mode/_index.adoc[leveloffset=+1] + // Section four include::{chapters-path}partiv.adoc[] @@ -145,4 +151,8 @@ include::{chapters-path}eresources/_index.adoc[leveloffset=+1] include::{chapters-path}pgpkeys/_index.adoc[leveloffset=+1] +include::{chapters-path}glossary.adoc[leveloffset=+1] + +include::{chapters-path}colophon.adoc[leveloffset=+1] + :sectnums: diff --git a/documentation/content/nl/books/handbook/book.po b/documentation/content/nl/books/handbook/book.po new file mode 100644 index 0000000000..5b860587a4 --- /dev/null +++ b/documentation/content/nl/books/handbook/book.po @@ -0,0 +1,38 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR The FreeBSD Project +# This file is distributed under the same license as the FreeBSD Documentation package. +# René Ladan <rene0@freedom.nl>, 2025. +# Tammo-Jan Kamminga <tammo-jan@freezzz.eu>, 2025. +msgid "" +msgstr "" +"Project-Id-Version: FreeBSD Documentation VERSION\n" +"POT-Creation-Date: 2022-07-07 23:22-0300\n" +"PO-Revision-Date: 2025-07-02 04:45+0000\n" +"Last-Translator: Tammo-Jan Kamminga <tammo-jan@freezzz.eu>\n" +"Language-Team: Dutch <https://translate-dev.freebsd.org/projects/" +"documentation/bookshandbookbook/nl_NL/>\n" +"Language: nl_NL\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.17\n" + +#. type: YAML Front Matter: description +#: documentation/content/en/books/handbook/book.adoc:1 +#, no-wrap +msgid "A constantly evolving, comprehensive resource for FreeBSD users" +msgstr "" +"Een uitgebreide, zich voortdurend ontwikkelende bron voor FreeBSD-gebruikers" + +#. type: Title = +#: documentation/content/en/books/handbook/book.adoc:1 +#: documentation/content/en/books/handbook/book.adoc:12 +#, no-wrap +msgid "FreeBSD Handbook" +msgstr "FreeBSD Handboek" + +#. type: Plain text +#: documentation/content/en/books/handbook/book.adoc:51 +msgid "'''" +msgstr "'''" diff --git a/documentation/content/nl/books/handbook/colophon.adoc b/documentation/content/nl/books/handbook/colophon.adoc new file mode 100644 index 0000000000..08420981f6 --- /dev/null +++ b/documentation/content/nl/books/handbook/colophon.adoc @@ -0,0 +1,48 @@ +--- +description: 'FreeBSD Handboek Colofon' +params: + path: /books/handbook/colophon/ +prev: books/handbook/glossary +showBookMenu: 'true' +title: Colofon +weight: 46 +--- + +[colophon] +[[colophon]] += Colofon +:doctype: book +:toc: macro +:toclevels: 1 +:icons: font +:!sectnums: +:partnums: +:source-highlighter: rouge +:experimental: +:images-path: books/handbook/colophon/ + +ifdef::env-beastie[] +ifdef::backend-html5[] +:imagesdir: ../../../../images/{images-path} +endif::[] +ifndef::book[] +include::shared/authors.adoc[] +include::shared/mirrors.adoc[] +include::shared/releases.adoc[] +include::shared/attributes/attributes-{{% lang %}}.adoc[] +include::shared/{{% lang %}}/teams.adoc[] +include::shared/{{% lang %}}/mailing-lists.adoc[] +include::shared/{{% lang %}}/urls.adoc[] +toc::[] +endif::[] +ifdef::backend-pdf,backend-epub3[] +include::../../../../../shared/asciidoctor.adoc[] +endif::[] +endif::[] + +ifndef::env-beastie[] +toc::[] +include::../../../../../shared/asciidoctor.adoc[] +endif::[] + +Dit boek is het gezamenlijke werk van honderden vrijwilligers aan het "FreeBSD Documentatie Project". De tekst is opgesteld in AsciiDoc. diff --git a/documentation/content/nl/books/handbook/colophon.po b/documentation/content/nl/books/handbook/colophon.po new file mode 100644 index 0000000000..13e6ea72dc --- /dev/null +++ b/documentation/content/nl/books/handbook/colophon.po @@ -0,0 +1,40 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR The FreeBSD Project +# This file is distributed under the same license as the FreeBSD Documentation package. +# Tammo-Jan Kamminga <tammo-jan@freezzz.eu>, 2025. +msgid "" +msgstr "" +"Project-Id-Version: FreeBSD Documentation VERSION\n" +"POT-Creation-Date: 2025-05-01 19:56-0300\n" +"PO-Revision-Date: 2025-07-05 04:45+0000\n" +"Last-Translator: Tammo-Jan Kamminga <tammo-jan@freezzz.eu>\n" +"Language-Team: Dutch <https://translate-dev.freebsd.org/projects/" +"documentation/bookshandbookcolophon/nl_NL/>\n" +"Language: nl_NL\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.17\n" + +#. type: YAML Front Matter: description +#: documentation/content/en/books/handbook/colophon.adoc:1 +#, no-wrap +msgid "FreeBSD Handbook Colophon" +msgstr "FreeBSD Handboek Colofon" + +#. type: Title = +#: documentation/content/en/books/handbook/colophon.adoc:1 +#: documentation/content/en/books/handbook/colophon.adoc:13 +#, no-wrap +msgid "Colophon" +msgstr "Colofon" + +#. type: Plain text +#: documentation/content/en/books/handbook/colophon.adoc:49 +msgid "" +"This book is the combined work of hundreds of contributors to \"The FreeBSD " +"Documentation Project\". The text is authored in AsciiDoc." +msgstr "" +"Dit boek is het gezamenlijke werk van honderden vrijwilligers aan het " +"\"FreeBSD Documentatie Project\". De tekst is opgesteld in AsciiDoc." diff --git a/documentation/content/nl/books/handbook/partiv.adoc b/documentation/content/nl/books/handbook/partiv.adoc index faf8c5f1c6..a15b0d2d74 100644 --- a/documentation/content/nl/books/handbook/partiv.adoc +++ b/documentation/content/nl/books/handbook/partiv.adoc @@ -1,23 +1,23 @@ --- -title: Deel IV. Netwerkcommunicatie -prev: books/handbook/usb-device-mode next: books/handbook/serialcomms -showBookMenu: true -weight: 30 params: - path: "/books/handbook/partiv/" + path: /books/handbook/partiv/ +prev: books/handbook/usb-device-mode +showBookMenu: 'true' +title: 'Deel IV. Netwerkcommunicatie' +weight: 33 --- [[network-communication]] = Netwerkcommunicatie -Als het om servers gaat die hoge prestaties moeten leveren, wordt wereldwijd vaak FreeBSD toegepast. De hoofdstukken in dit deel behandelen: +FreeBSD is een van de meest gebruikte besturingssystemen voor hoogwaardige, snelle netwerkservers. De hoofdstukken in dit deel behandelen: -* Seriëe communicatie; -* PPP en PPP over Ethernet; -* E-mail; -* Netwerkdiensten; -* Firewalls; -* Overig gevorderd netwerken. +* Seriële communicatie +* PPP en PPP over Ethernet +* E-mail +* Netwerkdiensten +* Firewalls +* Andere geavanceerde netwerkonderwerpen -Deze hoofdstukken zijn geschreven om gelezen te worden als de informatie nodig is. Ze hoeven niet allemaal in een bepaalde volgorde gelezen te worden. Ze hoeven ook niet allemaal gelezen te worden om FreeBSD in een netwerkomgeving in te zetten. +Deze hoofdstukken kunnen worden gelezen als naslagwerk. Ze kunnen in willekeurige volgorde worden gelezen en niet alle hoofdstukken hoeven gelezen te worden om FreeBSD te kunnen gaan gebruiken in een netwerkomgeving. diff --git a/documentation/content/nl/books/handbook/partiv.po b/documentation/content/nl/books/handbook/partiv.po new file mode 100644 index 0000000000..b563e41840 --- /dev/null +++ b/documentation/content/nl/books/handbook/partiv.po @@ -0,0 +1,80 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR The FreeBSD Project +# This file is distributed under the same license as the FreeBSD Documentation package. +# Tammo-Jan Kamminga <tammo-jan@freezzz.eu>, 2025. +msgid "" +msgstr "" +"Project-Id-Version: FreeBSD Documentation VERSION\n" +"POT-Creation-Date: 2025-05-01 19:56-0300\n" +"PO-Revision-Date: 2025-07-03 04:45+0000\n" +"Last-Translator: Tammo-Jan Kamminga <tammo-jan@freezzz.eu>\n" +"Language-Team: Dutch <https://translate-dev.freebsd.org/projects/" +"documentation/bookshandbookpartiv/nl_NL/>\n" +"Language: nl_NL\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.17\n" + +#. type: YAML Front Matter: title +#: documentation/content/en/books/handbook/partiv.adoc:1 +#, no-wrap +msgid "Part IV. Network Communication" +msgstr "Deel IV. Netwerkcommunicatie" + +#. type: Title = +#: documentation/content/en/books/handbook/partiv.adoc:12 +#, no-wrap +msgid "Network Communication" +msgstr "Netwerkcommunicatie" + +#. type: Plain text +#: documentation/content/en/books/handbook/partiv.adoc:16 +msgid "" +"FreeBSD is one of the most widely deployed operating systems for high " +"performance network servers. The chapters in this part cover:" +msgstr "" +"FreeBSD is een van de meest gebruikte besturingssystemen voor hoogwaardige, " +"snelle netwerkservers. De hoofdstukken in dit deel behandelen:" + +#. type: Plain text +#: documentation/content/en/books/handbook/partiv.adoc:18 +msgid "Serial communication" +msgstr "Seriële communicatie" + +#. type: Plain text +#: documentation/content/en/books/handbook/partiv.adoc:19 +msgid "`PPP` and `PPP` over Ethernet" +msgstr "PPP en PPP over Ethernet" + +#. type: Plain text +#: documentation/content/en/books/handbook/partiv.adoc:20 +msgid "Electronic Mail" +msgstr "E-mail" + +#. type: Plain text +#: documentation/content/en/books/handbook/partiv.adoc:21 +msgid "Running Network Servers" +msgstr "Netwerkdiensten" + +#. type: Plain text +#: documentation/content/en/books/handbook/partiv.adoc:22 +msgid "Firewalls" +msgstr "Firewalls" + +#. type: Plain text +#: documentation/content/en/books/handbook/partiv.adoc:23 +msgid "Other Advanced Networking Topics" +msgstr "Andere geavanceerde netwerkonderwerpen" + +#. type: Plain text +#: documentation/content/en/books/handbook/partiv.adoc:25 +msgid "" +"These chapters are designed to be read when the information is needed. They " +"do not need to be read in any particular order, nor is it necessary to read " +"all of them before using FreeBSD in a network environment." +msgstr "" +"Deze hoofdstukken kunnen worden gelezen als naslagwerk. Ze kunnen in " +"willekeurige volgorde worden gelezen en niet alle hoofdstukken hoeven " +"gelezen te worden om FreeBSD te kunnen gaan gebruiken in een netwerkomgeving." diff --git a/documentation/content/nl/books/handbook/partv.adoc b/documentation/content/nl/books/handbook/partv.adoc index 1d00966fe0..f40da603dc 100644 --- a/documentation/content/nl/books/handbook/partv.adoc +++ b/documentation/content/nl/books/handbook/partv.adoc @@ -1,12 +1,12 @@ --- -title: Deel V. Appendix -prev: books/handbook/advanced-networking next: books/handbook/mirrors -showBookMenu: true -weight: 37 params: - path: "/books/handbook/partv/" + path: /books/handbook/partv/ +prev: books/handbook/advanced-networking +showBookMenu: 'true' +title: 'Deel V. Bijlagen' +weight: 40 --- [[appendices]] -= Appendix += Bijlagen diff --git a/documentation/content/nl/books/handbook/partv.po b/documentation/content/nl/books/handbook/partv.po new file mode 100644 index 0000000000..bc17ef7376 --- /dev/null +++ b/documentation/content/nl/books/handbook/partv.po @@ -0,0 +1,30 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR The FreeBSD Project +# This file is distributed under the same license as the FreeBSD Documentation package. +# Tammo-Jan Kamminga <tammo-jan@freezzz.eu>, 2025. +msgid "" +msgstr "" +"Project-Id-Version: FreeBSD Documentation VERSION\n" +"POT-Creation-Date: 2025-05-01 19:56-0300\n" +"PO-Revision-Date: 2025-07-02 04:45+0000\n" +"Last-Translator: Tammo-Jan Kamminga <tammo-jan@freezzz.eu>\n" +"Language-Team: Dutch <https://translate-dev.freebsd.org/projects/" +"documentation/bookshandbookpartv/nl_NL/>\n" +"Language: nl_NL\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.17\n" + +#. type: YAML Front Matter: title +#: documentation/content/en/books/handbook/partv.adoc:1 +#, no-wrap +msgid "Part V. Appendices" +msgstr "Deel V. Bijlagen" + +#. type: Title = +#: documentation/content/en/books/handbook/partv.adoc:12 +#, no-wrap +msgid "Appendices " +msgstr "Bijlagen " diff --git a/shared/authors.adoc b/shared/authors.adoc index 0e60711fa2..5745dee38d 100644 --- a/shared/authors.adoc +++ b/shared/authors.adoc @@ -3777,7 +3777,7 @@ :core-secretary-email: core-secretary@FreeBSD.org // FreeBSD Doc Engineering Team -:doceng-members: {blackend}, {fernape}, {hrs}, {ebrandi} (lurker) +:doceng-members: {blackend}, {hrs}, {ebrandi} :doceng-secretary-email: <doceng-secretary@FreeBSD.org> // FreeBSD Donations Liaison diff --git a/shared/contrib-committers.adoc b/shared/contrib-committers.adoc index 157ee526a1..457b596954 100644 --- a/shared/contrib-committers.adoc +++ b/shared/contrib-committers.adoc @@ -11,7 +11,6 @@ * {jwb} * {badger} * {dbaio} -* {timur} * {jhb} * {lbartoletti} * {jbeich} @@ -114,7 +113,6 @@ * {gibbs} * {girgen} * {grembo} -* {trociny} * {danilo} * {sg} * {grehan} @@ -214,7 +212,6 @@ * {dwmalone} * {nobutaka} * {amdmi3} -* {kwm} * {emaste} * {mm} * {slavash} diff --git a/shared/contrib-develalumni.adoc b/shared/contrib-develalumni.adoc index 4b98dcb6f0..03aff32e0a 100644 --- a/shared/contrib-develalumni.adoc +++ b/shared/contrib-develalumni.adoc @@ -1,3 +1,6 @@ +* {timur} (2007 - 2025) +* {trociny} (2013 - 2025) +* {kwm} (2004 - 2025) * {dmgk} (2019 - 2024) * {karels} (2016 - 2024) * {hselasky} (2010 - 2024) diff --git a/website/content/en/administration.adoc b/website/content/en/administration.adoc index 3932199be4..c09e13f9ba 100644 --- a/website/content/en/administration.adoc +++ b/website/content/en/administration.adoc @@ -75,9 +75,8 @@ The FreeBSD Documentation Engineering Team is responsible for defining and follo The https://www.freebsd.org/internal/doceng/[doceng team charter] describes the duties and responsibilities of the Documentation Engineering Team in greater detail. * {blackend} -* {fernape} (Secretary) * {hrs} -* {ebrandi} (lurker) +* {ebrandi} [[t-portmgr]] == FreeBSD Ports Management Team <portmgr@FreeBSD.org> diff --git a/website/content/en/releases/13.5R/errata.adoc b/website/content/en/releases/13.5R/errata.adoc index 98591adeee..65a8414fb5 100644 --- a/website/content/en/releases/13.5R/errata.adoc +++ b/website/content/en/releases/13.5R/errata.adoc @@ -41,9 +41,7 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ [width="100%",cols="40%,30%,30%",options="header",] |=== |Advisory |Date |Topic - -|No advisories.|| - +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:06.xz.asc[FreeBSD-SA-25:06.xz] |2 July 2025 |Use-after-free in multi-threaded xz decoder |=== [[errata]] @@ -55,6 +53,9 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:04.tzdata.asc[FreeBSD-EN-25:04.tzdata] |10 April 2025 |Timezone database information update |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:05.expat.asc[FreeBSD-EN-25:05.expat] |10 April 2025 |Update expat to 2.7.1 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:08.caroot.asc[FreeBSD-EN-25:08.caroot] |10 April 2025 |Root certificate bundle update +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:09.libc.asc[FreeBSD-EN-25:09.libc] |2 July 2025 |Dynamically-loaded C++ libraries crashing at exit +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:10.zfs.asc[FreeBSD-EN-25:10.zfs] |2 July 2025 |Corruption in ZFS replication streams from encrypted datasets +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:11.ena.asc[FreeBSD-EN-25:11.ena] |2 July 2025 |ena resets and kernel panic on Nitro v4 or newer instances |=== [[open-issues]] diff --git a/website/content/en/releases/14.2R/errata.adoc b/website/content/en/releases/14.2R/errata.adoc index 91bf5a1efd..7336a110f7 100644 --- a/website/content/en/releases/14.2R/errata.adoc +++ b/website/content/en/releases/14.2R/errata.adoc @@ -48,6 +48,7 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc[FreeBSD-SA-25:03.etcupdate] |29 January 2025 |Unprivileged access to system files |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:04.ktrace.asc[FreeBSD-SA-25:04.ktrace] |29 January 2025 |Uninitialized kernel memory disclosure via ktrace(2) |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:05.openssh.asc[FreeBSD-SA-25:05.openssh] |21 February 2025 |Multiple vulnerabilities in OpenSSH +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:06.xz.asc[FreeBSD-SA-25:06.xz] |2 July 2025 |Use-after-free in multi-threaded xz decoder |=== [[errata]] @@ -63,6 +64,9 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:06.daemon.asc[FreeBSD-EN-25:06.daemon] |10 April 2025 |daemon(8) missing signals |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:07.openssl.asc[FreeBSD-EN-25:07.openssl] |10 April 2025 |Update OpenSSL to 3.0.16 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:08.caroot.asc[FreeBSD-EN-25:08.caroot] |10 April 2025 |Root certificate bundle update +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:09.libc.asc[FreeBSD-EN-25:09.libc] |2 July 2025 |Dynamically-loaded C++ libraries crashing at exit +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:10.zfs.asc[FreeBSD-EN-25:10.zfs] |2 July 2025 |Corruption in ZFS replication streams from encrypted datasets +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:11.ena.asc[FreeBSD-EN-25:11.ena] |2 July 2025 |ena resets and kernel panic on Nitro v4 or newer instances |=== [[open-issues]] diff --git a/website/content/en/releases/14.3R/errata.adoc b/website/content/en/releases/14.3R/errata.adoc index 7fed20d3cb..7d1d562d66 100644 --- a/website/content/en/releases/14.3R/errata.adoc +++ b/website/content/en/releases/14.3R/errata.adoc @@ -55,9 +55,7 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ [width="100%",cols="40%,30%,30%",options="header",] |=== |Errata |Date |Topic - -|No errata notices.|| - +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:10.zfs.asc[FreeBSD-EN-25:10.zfs] |2 July 2025 |Corruption in ZFS replication streams from encrypted datasets |=== [[open-issues]] diff --git a/website/content/en/releases/15.0R/relnotes.adoc b/website/content/en/releases/15.0R/relnotes.adoc index 0b0aba0e48..d4c6675e05 100644 --- a/website/content/en/releases/15.0R/relnotes.adoc +++ b/website/content/en/releases/15.0R/relnotes.adoc @@ -87,10 +87,113 @@ This section lists the various Security Advisories and Errata Notices since {rel | Date | Topic -|No advisories. -| -| +|https://www.freebsd.org/security/advisories/FreeBSD-SA-23:17.pf.asc[FreeBSD-SA-23:17.pf] +|05 December 2023 +|TCP spoofing vulnerability in man:pf[4] +|https://www.freebsd.org/security/advisories/FreeBSD-SA-23:18.nfsclient.asc[FreeBSD-SA-23:18.nfsclient] +|12 December 2023 +|NFS client data corruption and kernel memory disclosure + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc[FreeBSD-SA-23:19.openssh] +|19 December 2023 +|Prefix Truncation Attack in the SSH protocol + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:01.bhyveload.asc[FreeBSD-SA-24:01.bhyveload] +|14 February 2024 +|man:bhyveload[8] host file access + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:02.tty.asc[FreeBSD-SA-24:02.tty] +|14 February 2024 +|man:jail[2] information leak + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:03.unbound.asc[FreeBSD-SA-24:03.unbound] +|28 March 2024 +|Multiple vulnerabilities in unbound + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc[FreeBSD-SA-24:04.openssh] +|01 July 2024 +|OpenSSH pre-authentication remote code execution + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.asc[FreeBSD-SA-24:05.pf] +|07 August 2024 +|pf incorrectly matches different ICMPv6 states in the state table + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:06.ktrace.asc[FreeBSD-SA-24:06.ktrace] +|07 August 2024 +|man:ktrace[2] fails to detach when executing a setuid binary + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:07.nfsclient.asc[FreeBSD-SA-24:07.nfsclient] +|07 August 2024 +|NFS client accepts file names containing path separators + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc[FreeBSD-SA-24:08.openssh] +|07 August 2024 +|OpenSSH pre-authentication async signal safety issue + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc[FreeBSD-SA-24:09.libnv] +|04 September 2024 +|Multiple vulnerabilities in libnv + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc[FreeBSD-SA-24:10.bhyve] +|04 September 2024 +|man:bhyve[8] privileged guest escape via TPM device passthrough + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl] +|04 September 2024 +|Multiple issues in man:ctl[4] CAM Target Layer + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] +|04 September 2024 +|man:bhyve[8] privileged guest escape via USB controller + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl] +|04 September 2024 +|Possible DoS in X.509 name checks in OpenSSL + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] +|04 September 2024 +|umtx Kernel panic or Use-After-Free + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] +|19 September 2024 +|man:bhyve[8] out-of-bounds read access via XHCI emulation + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] +|19 September 2024 +|Integer overflow in libnv + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:17.bhyve.asc[FreeBSD-SA-24:17.bhyve] +|29 October 2024 +|Multiple issues in the bhyve hypervisor + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:18.ctl.asc[FreeBSD-SA-24:18.ctl] +|29 October 2024 +|Unbounded allocation in man:ctl[4] CAM Target Layer + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:19.fetch.asc[FreeBSD-SA-24:19.fetch] +|29 October 2024 +|Certificate revocation list man:fetch[1] option fails + +| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc[FreeBSD-SA-25:01.openssh] +| 2025-01-29 +| OpenSSH Keystroke Obfuscation Bypass + +| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:02.fs.asc[FreeBSD-SA-25:02.fs] +| 2025-01-29 +| Buffer overflow in some filesystems via NFS + +| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc[FreeBSD-SA-25:03.etcupdate] +| 2025-01-29 +| Unprivileged access to system files + +| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:04.ktrace.asc[FreeBSD-SA-25:04.ktrace] +| 2025-01-29 +| Uninitialized kernel memory disclosure via man:ktrace[2] + +| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:05.openssh.asc[FreeBSD-SA-25:05.openssh] +| 2025-02-21 +| Multiple vulnerabilities in OpenSSH |=== [[errata]] @@ -103,11 +206,137 @@ This section lists the various Security Advisories and Errata Notices since {rel | Date | Topic -|No notices. -| -| +|https://www.freebsd.org/security/advisories/FreeBSD-EN-23:15.sanitizer.asc[FreeBSDS-EN-23:15:sanitizer] +|01 December 2023 +|Clang sanitizer failure with ASLR enabled + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-23:16.openzfs.asc[FreeBSDS-EN-23:16:openzfs] +|01 December 2023 +|OpenZFS data corruption + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-23:17.ossl.asc[FreeBSDS-EN-23:17:ossl] +|05 December 2023 +|man:ossl[4]'s AES-GCM implementation may give incorrect results + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-23:18.openzfs.asc[FreeBSDS-EN-23:18:openzfs] +|05 December 2023 +|High CPU usage by ZFS kernel threads + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-23:19.pkgbase.asc[FreeBSDS-EN-23:19:pkgbase] +|05 December 2023 +|Incorrect pkgbase version number for FreeBSD {releasePrev}. + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-23:20.vm.asc[FreeBSDS-EN-23:20:vm] +|05 December 2023 +|Incorrect results from the kernel physical memory allocator + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-23:21.tty.asc[FreeBSDS-EN-23:21:tty] +|24 November 2023 +|man:tty[4] IUTF8 causes a kernel panic + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-23:22.vfs.asc[FreeBSDS-EN-23:22:vfs] +|05 December 2023 +|ZFS snapshot directories not accessible over NFS + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:01.tzdata.asc[FreeBSDS-EN-24:01:tzdata] +|14 February 2024 +|Timezone database information update + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:02.libutil.asc[FreeBSDS-EN-24:02:libutil] +|14 February 2024 +|Login class resource limits and CPU mask bypass + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:03.kqueue.asc[FreeBSDS-EN-24:03:kqueue] +|14 February 2024 +|man:kqueue_close[2] page fault on exit using man:rfork[2] + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:04.ip.asc[FreeBSDS-EN-24:04:ip] +|14 February 2024 +|Kernel panic triggered by man:bind[2] + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:05.tty.asc[FreeBSDS-EN-24:05:tty] +|28 March 2024 +|TTY Kernel Panic + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:06.wireguard.asc[FreeBSDS-EN-24:06:wireguard] +|28 March 2024 +|Insufficient barriers in WireGuard man:if_wg[4] + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:07.clang.asc[FreeBSDS-EN-24:07:clang] +|28 March 2024 +|Clang crash when certain optimization is enabled + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:08.kerberos.asc[FreeBSDS-EN-24:08:kerberos] +|28 March 2024 +|Kerberos segfaults when using weak crypto + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:09.zfs.asc[FreeBSDS-EN-24:09:zfs] +|24 April 2024 +|High CPU usage by kernel threads related to ZFS + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:10.zfs.asc[FreeBSDS-EN-24:10:zfs] +|19 June 2024 +|Kernel memory leak in ZFS + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSDS-EN-24:11:ldns] +|19 June 2024 +|LDNS uses nameserver commented out in resolv.conf + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:12.killpg.asc[FreeBSDS-EN-24:12:killpg] +|19 June 2024 +|Lock order reversal in killpg causing livelock + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libc++.asc[FreeBSDS-EN-24:13:libc++] +|19 June 2024 +|Incorrect size passed to heap allocated std::string delete + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSDS-EN-24:14:ifconfig] +|07 August 2024 +|Incorrect ifconfig netmask assignment + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSDS-EN-24:15:calendar] +|04 September 2024 +|man:cron[8] / man:periodic[8] session login + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:16.pf.asc[FreeBSDS-EN-24:16:pf] +|19 September 2024 +|Incorrect ICMPv6 state handling in pf + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:17.pam_xdg.asc[FreeBSDS-EN-24:17:pam_xdg] +|20 October 2024 +|XDG runtime directory's file descriptor leak at login + +| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:01.rpc.asc[FreeBSD-EN-25:01.rpc] +| 2025-01-29 +| NULL pointer dereference in the NFSv4 client +| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:02.audit.asc[FreeBSD-EN-25:02.audit] +| 2025-01-29 +| System call auditing disabled by DTrace +| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:03.tzdata.asc[FreeBSD-EN-25:03.tzdata] +| 2025-01-29 +| Timezone database information update + +| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:04.tzdata.asc[FreeBSD-EN-25:04.tzdata] +| 2025-04-10 +| Timezone database information update + +| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:05.expat.asc[FreeBSD-EN-25:05.expat] +| 2025-04-10 +| Update expat to 2.7.1 + +| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:06.daemon.asc[FreeBSD-EN-25:06.daemon] +| 2025-04-10 +| man:daemon[8] missing signals + +| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:07.openssl.asc[FreeBSD-EN-25:07.openssl] +| 2025-04-10 +| Update OpenSSL to 3.0.16 + +| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:08.caroot.asc[FreeBSD-EN-25:08.caroot] +| 2025-04-10 +| Root certificate bundle update |=== [[userland]] @@ -118,18 +347,202 @@ This section covers changes and additions to userland applications, contributed [[userland-config]] === Userland Configuration Changes +A new `kdc_restart` variable is available that manages man:kdc[8] (or `krb5kdc`) under man:daemon[8]. +Set `kdc_restart="YES"` in man:rc.conf[5] to auto restart kdc on abnormal termination. +Set `kdc_restart_delay="N"` to the number of seconds to delay before restarting the kdc. +gitref:abc4b3088941[repository=src] + +By default, changes shown in email by the man:periodic[8] facility from the `daily` scripts show less context than before to reduce the size of the output. +The behavior can be controlled by the `daily_diff_flags` variable in man:periodic.conf[5]. +Similarly, the changes shown by the security scripts show less context than previously, controlled by the `security_status_diff_flags` variable in man:periodic.conf[5]. +gitref:538994626b9f[repository=src], gitref:37dc394170a5[repository=src], gitref:128e78ffb084[repository=src] + [[userland-programs]] === Userland Application Changes +The man:adduser[8] utility, used by man:bsdinstall[8], will now create a ZFS dataset for a new user's home directory if the parent directory resides on a ZFS dataset. +A command-line option is available to disable use of a separate dataset. +ZFS encryption is also available. +gitref:516009ce8d38[repository=src] + +The man:date[1] program now supports nanoseconds. +For example: `date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and `date +%N` prints "415050400". +gitref:eeb04a736cb9[repository=src] + +The man:dtrace[1] utility can now generate machine-readable output in JSON, XML, and HTML using man:libxo[3]. +gitref:aef4504139a4[repository=src] (Sponsored by Innovate UK) + +The man:lastcomm[1] utility now displays timestamps with a precision of seconds. +gitref:692c0a2e80c1[repository=src] (Sponsored by DSS Gmbh) + +The man:ldconfig[8] utility now supports hints files of either byte order. +The default format is the native byte-order of the host. +gitref:fa7b31166ddb[repository=src] + +The man:usbconfig[8] utility now reads the descriptions of usb vendor and products from [.filename]#/usr/share/misc/usb_vendors# when available, similar to what man:pciconf[8] does. +gitref:7b9a772f9f64[repository=src] + +An option has been added to change the directory in man:env[1] which closely resembles the feature in the GNU version of env although it does not support long options. +gitref:08e8554c4a39[repository=src] (Sponsored by Klara, Inc.) + +Fix `-U` flag of man:ps[1] to select processes by real user IDs. +This is what POSIX mandates for option `-U` and arguably the behavior that most users actually need in most cases. +Before, `-U` would select processes by their effective user IDs (which is the behavior mandated by POSIX for option `-u`). +gitref:a2132d91739d[repository=src]. +(Sponsored by The FreeBSD Foundation). + +Make '-O' more versatile and predictable for man:ps[1]. +The man:ps[1] display's list of columns is now first built without taking into account the `-O` options. +In a second step, all columns passed via `-O` are finally inserted after the built-so-far display's first PID column (if it exists, else at start), in their order of appearance as arguments to the `-O` options. +gitref:1fc8cb547cd4[repository=src]. +(Sponsored by The FreeBSD Foundation). + +Remove not-explicitly-requested columns with duplicate data in man:ps[1]. +Before this change, when stacking up more columns in the display through command-line options, if user requested to add some "canned" display (through options `-j`, `-l`, `-u` or `-v`), columns in it that were "duplicates" of already requested ones (meaning that they share the same keyword, regardless of whether their headers have been customized) were in the end omitted. +gitref:7aa2f4826717[repository=src]. +(Sponsored by The FreeBSD Foundation). + +Add flags to filter jail prison and vnet variables in man:sysctl[8] output. +So users do not have to contact the source code to tell whether a variable is a jail prison / vnet one or not. +gitref:615c9ce250ee[repository=src]. + +man:grep[1] no longer follows symbolic links by default for recursive searches. +This matches the documented behavior in the manual page. +gitref:3a2ec5957ea9[repository=src] + [[userland-contrib]] === Contributed Software -[[userland-deprecated-programs]] -=== Deprecated Applications +One True Awk (man:awk[1]) has been updated to 2nd Edition, with new -csv support and UTF-8 support. +gitref:daf917daba9c[repository=src] + +The man:sendmail[8] suite has been upgraded to version 8.18.1, addressing CVE-2023-51765. +gitref:58ae50f31e95[repository=src] + +`bc` has been upgraded to 7.0.2. +gitref:90ea553a0d30[repository=src] + +`libarchive` has been upgraded to 3.7.7. +gitref:2ae238160f20[repository=src] + +`libcbor` has been upgraded to 0.11.0. +gitref:1755b9daa693[repository=src] (Sponsored by The FreeBSD Foundation) + +`libcxxrt` has been upgraded to vendor snapshot 6f2fdfebcd62. +gitref:d0dcee46d971[repository=src] + +`libfido2` has been upgraded to 1.14.0. +gitref:128bace5102e[repository=src] (Sponsored by The FreeBSD Foundation) + +`libpcap` has been upgraded to 1.10.5. +gitref:26f21a6494b4[repository=src] (Sponsored by The FreeBSD Foundation) + +`tcpdump` has been upgraded to 4.99.5. +gitref:ec3da16d8bc1[repository=src] (Sponsored by The FreeBSD Foundation) + +`unbound` has been upgraded to 1.22.0. +gitref:0a096a7b3ae8[repository=src] + +`llvm` has been upgraded to 19.1.7-0-gcd708029e0b2. +gitref:dc3f24ea8a25[repository=src] + + +man:zfs[8]: OpenZFS has been updated to zfs-2.2-release(2.2.7)(gitref:2ec8b6948070[repository=src]). + +man:xz[1] has been updated to 5.8.1(gitref:9679eedea94c[repository=src]). + +man:less[1] has been updated to v668(gitref:0bb4c188d363[repository=src]). + +man:file[1] has been updated to 5.46(gitref:71c92e6b94f0[repository=src]). + +man:expat[3] has been updated to 2.7.1(gitref:6f7ee9ac036e[repository=src]). + +`tzdata` has been updated to 2025b(gitref:475082194ac8[repository=src]). + +OpenSSH has been updated to 9.9p2(gitref:059b786b7db5[repository=src]). +(Sponsored by The FreeBSD Foundation). + +OpenSSL has been updated to 3.0.16(gitref:cb29db243bd0[repository=src]). + +`googletest` has been updated from 1.14.0 to 1.15.2(gitref:1d67cec52542[repository=src]). +One notable change is that GoogleTest 1.15.x now officially requires C++-14 (1.14.x required C++-11). + +`spleen` has been updated to Spleen 2.1.0(gitref:26336203d32c[repository=src]). [[userland-libraries]] === Runtime Libraries and API +The man:setusercontext[3] routine in `libutil` will now set the process priority (nice) from the [.filename]#.login.conf# file from the home directory under appropriate conditions, as well as the system man:login.conf[5]. +The priority can now have the value `inherit`, indicating that the priority should be unchanged from that of the parent process. +Similarly, the umask can have the value `inherit`. +gitref:6f6186e19fe5[repository=src], gitref:a8c273b3c97f[repository=src], gitref:d2d66fedc418[repository=src] (Sponsored by Kumacom SAS) + +Many string and memory operations in the C library now use SIMD (single instruction multiple data) extensions for improved performance when available on amd64 systems; see man:simd[7]. +(Sponsored by The FreeBSD Foundation) + +There is now a much better implementation of the 128-bit `tgammal` function in the math library, man:math[3], on platforms that support it. +gitref:8df6c930c151[repository=src] + +man:fma[3] now returns correctly-signed zero when provided certain small inputs (as observed in the Python test suite). +gitref:dc39004bc670[repository=src] +(Sponsored by The FreeBSD Foundation) + +The `cap_rights_is_empty` function has been added. +It reports whether a `cap_rights_t` has no rights set. +gitref:e77813f7e4a3[repository=src] +(Sponsored by The FreeBSD Foundation) + +`libcxxrt` has been updated to upstream 6f2fdfebcd62(gitref:d9901a23bd2f[repository=src]). + +[[userland-deprecated-programs]] +=== Deprecated Applications + +man:fdisk[8] has been deprecated in favor of man:gpart[8] for a long time but has not been removed, running this application will show a warning to migrate to man:gpart[8]. +gitref:3958be5c29da[repository=src] (Sponsored by The FreeBSD Foundation) + +The accuracy of man:asinf[3] and man:acosf[3] has improved. +gitref:33c82f11c267[repository=src] + +Update deprecation warning to note that man:gvinum[8] is removed in 15.0(gitref:dec497a9fcbf[repository=src]). + +Deprecation notice for man:syscons[4] has been added. +man:syscons[4] is not compatible with UEFI, does not support UTF-8, and is Giant-locked. +There is no specific timeline yet for removing it, but support for the Giant lock is expected to go away in one or two major release cycles. +(gitref:8c922db4f3d9[repository=src]). +(Sponsored by The FreeBSD Foundation). + +OpenSSH plans to remove support for the DSA signature algorithm in early 2025. + +man:publickey[5] stuffs has been deprecated. +This uses DES and it is likely that nobody uses that in 2025. +(gitref:9197c04a251b[repository=src]). + +[[cloud]] +== Cloud Support + +This section covers changes in support for cloud environments. + +{releaseCurrent} supports cloudinit, including the `nuageinit` startup script and support for a `config-drive` partition. +It is compatible with OpenStack and many hosting facilities. +See the https://cloud-init.io[cloud-init] web site and the commit messages, +gitref:16a6da44e28d[repository=src] gitref:227e7a205edf[repository=src]. (Sponsored by OVHCloud) + +The FreeBSD project is now publishing OCI-compatible container images. +gitref:8a688fcc242e[repository=src] + +The FreeBSD project is now publishing Oracle Cloud Infrastructure images. +See the +link:https://cloudmarketplace.oracle.com/marketplace/app/freebsd-release[Oracle Cloud Infrastructure FreeBSD Listing] +for more information. +gitref:77b296a2582b[repository=src] + +The "shutdown" and "reboot" API in the Amazon EC2 cloud now work for arm64 instances. +Older instances upgraded to FreeBSD {releaseCurrent} will need to have `debug.acpi.quirks="8"` set in `/boot/loader.conf`. +gitref:28b881840df7[repository=src] (Sponsored by Amazon) + +The FreeBSD projects now publishes "small" EC2 images; these are the "base" images minus debug symbols, tests, 32-bit libraries, the LLDB debugger, the Amazon SSM Agent, and the AWS CLI. +gitref:953142d6baf3[repository=src] (Sponsored by Amazon) + [[kernel]] == Kernel @@ -138,6 +551,58 @@ This section covers changes to kernel configurations, system tuning, and system [[kernel-general]] === General Kernel Changes +The `fpu_kern_enter` and `fpu_kern_leave` routines have been implemented for powerpc, allowing the use of man:ossl[4] crypto functions in the kernel that use floating point and vector registers. +gitref:91e53779b4fc[repository=src] + +Support legacy PCI hotplug on arm64. +gitref:355f02cddbf0[repository=src]. +(Sponsored by Arm Ltd). + +Define a common 'mac' node for MAC's jail parameters for man:mac[3]. +To be used by man:mac_do[4]. +gitref:66fb52a27279[repository=src]. +(Sponsored by The FreeBSD Foundation). + +New `setcred()` system call and associated MAC hooks. +This new system call allows to set all necessary credentials of a process in one go: Effective, real and saved UIDs, effective, real and saved GIDs, supplementary groups and the MAC label. +Its advantage over standard credential-setting system calls (such as `setuid()`, `seteuid()`, etc.) is that it enables MAC modules, such as man:mac_do[4], to restrict the set of credentials some process may gain in a fine-grained manner. +gitref:c1d7552dddb5[repository=src]. +(Sponsored by The FreeBSD Foundation). + +Support multiple users and groups as single rule's targets in man:mac_do[4]. +Supporting group targets is a requirement for man:mac_do[4] to be able to enforce a limited set of valid new groups passed to `setgroups()`. +Additionally, it must be possible for this set of groups to also depend on the target UID, since users and groups are quite tied in UNIX (users are automatically placed in only the groups specified through '/etc/passwd' (primary group) and '/etc/group' (supplementary ones)). +gitref:83ffc412b2e9[repository=src]. +(Sponsored by The FreeBSD Foundation). + +Teach man:sysctl[8] to attach and run itself in a jail. +This allows the parent jail to retrieve or set kernel state when child does not have man:sysctl[8] installed (for example light weighted OCI containers or slim jails). +This is especially useful when manipulating jail prison or vnet sysctls. +For example, `sysctl -j foo -Ja` or `sysctl -j foo net.fibs=2`. +gitref:8d5d7e2ba3a6[repository=src]. + +Enable vnet man:sysctl[9] variables to be loader tunable. +In gitref:3da1cf1e88f8[repository=src], the meaning of the flag `CTLFLAG_TUN` is extended to automatically check if there is a kernel environment variable which shall initialize the `SYSCTL` during early boot. +It works for all `SYSCTL` types both statically and dynamically created ones, except for the `SYSCTLs` which belong to VNETs. +Note that the implementation has a limitation. +It behaves the same way as that of non-vnet loader tunables. +That is, after the kernel or modules being initialized, any changes (for example via `kenv`) to kernel environment variable will not affect the corresponding vnet variable of subsequently created VNETs. +To overcome it, `TUNABLE_XXX_FETCH` can be used to fetch the kernel environment variable into those vnet variables during vnet constructing. +gitref:894efae09de4[repository=src] + +man:sound[4]: Allocate vchans on-demand. +Refactor `pcm_chnalloc()` and merge with parts of `vchan_setnew()` (now removed) and `dsp_open()`’s channel creation into a `new dsp_chn_alloc()` function. +The function is responsible for either using a free HW channel (if `vchans` are disabled), or allocating a new vchan. +`hw.snd.vchans_enable` (previously `hw.snd.maxautovchans`) and `dev.pcm.X.{play|rec}.vchans` now work as tunables to only enable/disable `vchans`, as opposed to setting their number and/or (de-)allocating vchans. +Since these sysctls do not trigger any (de-)allocations anymore, their effect is instantaneous, whereas before it could have frozen the machine (when trying to allocate new vchans) when setting `dev.pcm.X.{play|rec}.vchans` to a very large value. +gitref:960ee8094913[repository=src]. +(Sponsored by The FreeBSD Foundation). + +LinuxKPI: `linux_alloc_pages()` now honors `__GFP_NORETRY`. +This is to fix slowdowns with drm-kmod that get worse over time as physical memory become more fragmented (and probably also depending on other factors). +gitref:831e6fb0baf6[repository=src] +(Sponsored by The FreeBSD Foundation). + [[drivers]] == Devices and Drivers @@ -146,38 +611,267 @@ This section covers changes and additions to devices and device drivers since {r [[drivers-device]] === Device Drivers +A driver is available for man:ice[4] Ethernet network controllers in the Intel E800 series, which support 100 Gb/s operation. +It was upgraded to version 1.43.2-k. +gitref:38a1655adcb3[repository=src] (Sponsored by Intel Corporation) + +Numerous stability improvements have been in the man:iwlwifi[4] driver for Intel Wi-Fi devices. +(Sponsored by The FreeBSD Foundation) + +Multiple PCI MCFG regions are now supported on amd64 and i386, allowing PCI configuration space access for domains (segments) other than 0. +gitref:4b5f64408804[repository=src] + +The man:smsc[4] Ethernet driver can now fetch the value of `smsc95xx.macaddr` passed by some Raspberry Pi models and use it for the MAC address. +It always uses a stable MAC address even if there is no address in EEPROM. +gitref:028e4c6548e4[repository=src] + +The `snd_clone` framework has been removed from the sound subsystem, including related sysctls, simplifying the system. +The per-channel nodes ([.filename]#/dev/dspX.Y#) are no longer created, just the primary device ([.filename]#/dev/dspX#). +gitref:e6c51f6db8d7[repository=src] (Sponsored by The FreeBSD Foundation) + +Audio now supports asynchronous device detach. +This greatly simplifies hot plugging and unplugging of things such as USB headsets, and eases use of PulseAudio in cases that require operating system sleep and wake (suspend and resume). +gitref:d692c314d29a[repository=src] (Sponsored by The FreeBSD Foundation) + +`ena` has been upgraded to 2.8.0. +gitref:6bf02434bd9a[repository=src] (Sponsored by Amazon, Inc.) + +`ice_ddp` has been upgraded to 1.3.41.0. +gitref:a9d78bb714e3[repository=src] (Sponsored by Intel Corporation) + +Tiger Lake-H support has been added to the man:hda[4] driver. +gitref:dbb6f488df6e[repository=src] + +Meteor Lake support has been added to the man:ichsmb[4] driver. +gitref:14c22e28e4ee[repository=src] +(Sponsored by Framework Computer Inc) +(Sponsored by The FreeBSD Foundation) + +Meteor Lake support has been added to the man:ig4[4] driver. +gitref:56f0fc0011c2[repository=src] + +A new wireless driver supporting some Realtek chipsets is available: man:rtw89[4]. +gitref:a2d1e07f6451[repository=src] (Sponsored by The FreeBSD Foundation) + +Support for Realtek 8156/8156B has been moved from from man:cdce[4] to man:ure[4] for improved performance and reliability. +gitref:630077a84186[repository=src] (Sponsored by The FreeBSD Foundation) + +Support for ACPI GPIO _AEI objects has been added. +gitref:1db6ffb2a482[repository=src] (Sponsored by Amazon) + +man:nvme[4] and man:nvmecontrol[8] have been enabled on all architectures. +gitref:24687a65dd7f[repository=src], gitref:aba2d7f89dcf[repository=src] +(Sponsored by Chelsio Communications and Netflix) + +man:mpi3mr[4] driver version has been updated to 8.14.0.2.0(gitref:e6d4b221ba7c[repository=src]). + +man:mpi3mr[4] MPI Header has been updated to Version 36. +This aligns with the latest MPI specification. +This includes updated structures, field definitions, and constants required for compatibility with updated firmware. +(gitref:60cf1576501d[repository=src]). + +The man:mpi3mr[4] driver is now in GENERIC (gitref:e2b8fb2202c2[repository=src]). + +man:rtw88[4]: Merge Realtek's rtw88 driver based on Linux v6.14 (gitref:8ef442451791[repository=src]). +(Sponsored by The FreeBSD Foundation). + +man:rtw89[4]: Merge Realtek's rtw89 driver based on Linux v6.14 (gitref:b6e8b845aeab[repository=src]). +(Sponsored by The FreeBSD Foundation). + +man:iwmbtfw[4]: Add support for 9260/9560 bluetooth adaptors (gitref:8e62ae9693bd[repository=src]). +Required firmware files are already included in to package:comms/iwmbt-firmware[] port. + +man:ena[4] driver version has been updated to v2.8.1 (gitref:a1685d25601e[repository=src]). +(Sponsored by Amazon, Inc.) + +man:ix[4]: Add support for 1000BASE-BX SFP modules x550(gitref:24491b4acce5[repository=src]). + +man:bnxt[4]: Enable NPAR support on BCM57504 10/25GbE NICs. +(gitref:54f842ed8897[repository=src]). + +man:bnxt[4]: Add 5760X (Thor2) PCI IDs support. +Add Thor2 PCI IDs. +(gitref:45e161020c2d[repository=src]). + +man:bnxt[4]: Add support for 400G speed modules (gitref:32fdad17f060[repository=src]). + +man:ix[4]: Add support for 1000BASE-BX SFP modules. +Add support for 1Gbit BiDi modules. +(gitref:c34817d9aef7[repository=src]). + +man:igc[4]: Fix attach for I226-K and LMVP devices. +The device IDs for these were in the driver's list of PCI ids to attach to, but `igc_set_mac_type()` had never been setup to set the correct mac type for these devices. +Fix this by adding these IDs to the switch block in order for them to be recognized by the driver instead of returning an error. +This fixes the man:igc[4] attach for the I226-K LOM on the ASRock Z790 PG-ITX/TB4 motherboard, allowing it to be recognized and used. +gitref:f034ddd2fa38[repository=src]. + +Remove old itr sysctl handler from man:em[4]. +This implementation had various bugs. The unit conversion/scaling was wrong, and it also did not handle 82574L or man:igb[4] devices correctly. +With the new AIM code, it is expected most users will not need to manually tune this. +gitref:edf50670e215[repository=src] +(Sponsored by BBOX.io). + +Added support for Brainboxes USB-to-Serial adapters in man:uftdi[4]. +(gitref:47db906375b5[repository=src]) + [[drivers-removals]] === Deprecated and Removed Drivers +man:agp[4] has been planned for removal in FreeBSD 15.0, and the man page now states that it is deprecated. +gitref:92af7c97e197[repository=src] + +man:syscons[4] has been planned for removal in future releases, and has been noted as deprecated in the man pages to notify users to migrate to man:vt[4]. +gitref:2bc5b1d60512[repository=src] (Sponsored by The FreeBSD Foundation) + [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. +[[storage-nfs]] +=== NFS + +The man:mountd[8] server has been modified to use man:strunvis[3] to decode directory names in man:exports[5] file(s). +This allows special characters, such as blanks, to be embedded in the directory name. +`vis -M` may be used to encode such directory names; see man:vis[1]. +gitref:2c83f1ada435[repository=src] + +New man:sysctl[8] variables have been added under `kern.rpc.unenc` and `kern.rpc.tls`, which allow an NFS server administrator to determine how much NFS-over-TLS is being used. +A large number of failed handshakes might indicate an NFS configuration problem. +gitref:b8e137d8d32d[repository=src] + +[[storage-ufs]] +=== UFS + +Soft updates are now enabled by default when creating a new UFS file system with man:newfs[8]. +gitref:6b2af2d88ffd[repository=src] + +[[storage-zfs]] +=== ZFS + [[storage-general]] === General Storage -[[boot]] -== Boot Loader Changes +Define a new `-a` command line option man:mountd[8]. +When a file system was exported with the `-alldirs` flag, the export succeeded even if the directory path was not a server file system mount point. +gitref:ead3cd3ef628[repository=src] -This section covers the boot loader, boot menu, and other boot-related changes. +Document recent file handle layout changes. +gitref:ca22082c01a7[repository=src] + +Allow to pass `{NGROUPS_MAX} + 1` groups in man:mountd[8]. +`NGROUPS_MAX` is just the minimum maximum of the number of allowed supplementary groups. +The actual runtime value may be greater. +Allow more groups to be specified accordingly (now that, a few commits ago, man:nmount[2] has been changed similarly). +gitref:ca9614d8f64a[repository=src] +(Sponsored by The FreeBSD Foundation). [[boot-loader]] -=== Boot Loader Changes +== Boot Loader Changes + +This section covers the boot loader, boot menu, and other boot-related changes. +The man:loader[8] now reads local configuration files listed in the variable `local_loader_conf_files` after other configuration files, defaulting to [.filename]#/boot/loader.conf.local#. +gitref:a25531db0fc2[repository=src] + +The man:loader[8] can now be configured to read specific configuration files based on the planar maker, planar product, system product and uboot m_product variables from the SMBIOS. +For the moment, the best documentation is the git commit message, +gitref:3eb3a802a31b[repository=src]. + +Console detection in man:loader[8] has been improved on EFI systems. +If there is no ConOut variable, ConIn is checked. +If multiple devices are found, serial is preferred. +gitref:20a6f4779ac6[repository=src] (Sponsored by Netflix) + +Frame buffer support in man:loader[8] can now use a text-only video driver, resulting in space savings. +gitref:57ca2848c0aa[repository=src] (Sponsored by Netflix) + +The detection of ACPI is now done earlier in man:loader.efi[8] on arm64 systems. +The copy of [.filename]#loader.efi# on the EFI partition should be updated on arm64 systems using ACPI. +gitref:05cf4dda599a[repository=src] gitref:16c09de80135[repository=src] + +The LinuxBoot loader can be used to boot FreeBSD from Linux on aarch64 systems as well as amd64. +gitref:46010641267[repository=src] (Sponsored by Netflix) + +The BIOS boot loader added back support for gzip and bzip2, but removed support for graphics mode (by default) to address size problems. +(The EFI boot loader is unchanged with support for all of those.) +gitref:4d3b05a8530e[repository=src] (Sponsored by Netflix) + +man:loader.efi[8]: Favor the v3 (64-bit) entry point in man:smbios[4]. +Be consistent with what is done with non-EFI boot (but with the difference that EFI runs in 64-bit mode on 64-bit platforms, so there is no restriction that the v3 entry point should be below 4GB). +gitref:807d51be8040[repository=src]. +(Sponsored by The FreeBSD Foundation). + +man:libsa[3]: Favor the v3 (64-bit) entry point on non-EFI boot in man:smbios[4]. +When both the 32-bit and 64-bit entry points are present, the SMBIOS specification says that the 64-bit entry point always has at least all the structures the 32-bit entry point refers. +In other words, the 32-bit entry point is provided for compatibility, so it is assumed the 64-bit one has more chances to be filled with adequate values. +gitref:93af0db0d529[repository=src] +(Sponsored by The FreeBSD Foundation). + +man:libsa[3]: Use 64-bit entry point if table below 4GB on non-EFI boot in man:smbios[4]. +On amd64, boot blocks and the non-EFI loader are 32-bit compiled as clients of BTX, so cannot access addresses beyond 4GB. +However, the 64-bit entry point may refer to a structure table below 4GB, which can be used if the BIOS does not provide a 32-bit entry point. +The situation is similar for powerpc64. +gitref:7b0350b376c0[repository=src]. +(Sponsored by The FreeBSD Foundation). + +Search for v3 (64-bit) entry point first on BIOS boot in man:smbios[4]. +When booted from BIOS (i.e., not EFI), also search for a 64-bit version of the SMBIOS Entry Point. +This allows to detect and report the proper SMBIOS version with BIOSes that only provide the v3 table, as happens on Hetzner virtual machines. +For machines that provide both, leverage the v3 table in priority consistently with the EFI case. +gitref:145ef4af15f0[repository=src]. +(Sponsored by The FreeBSD Foundation). [[network]] == Networking This section describes changes that affect networking in FreeBSD. +[[network-protocols]] +=== Network Protocols + +Lots of improvements to the network stack, including performance improvements and bug fixes for the man:sctp[4] stack. + +Descriptors returned by man:sctp_peeloff[2] now inherit capabilities from the parent socket. +gitref:ae3d7e27abc9[repository=src] +(Sponsored by The FreeBSD Foundation) + [[network-general]] === General Network +ARP (man:arp[4]) support for 802-standard networks has been restored; it had been accidentally removed with FDDI support. +(This is different than the Ethernet standard encapsulation.) +gitref:d776dd5fbd48[repository=src] + +It is possible to build a kernel with IPv6 support (INET6) without IPv4 (INET). +gitref:6df9fa1c6b83[repository=src] and others + +The netgraph man:ng_ipfw[4] module no longer truncates cookies to 16 bits, allowing a full 32 bits. +gitref:dadf64c5586e[repository=src] + +AIM(Adaptive Interrupt Moderation) support has been added to the man:igc[4] driver. +gitref:472a0ccf847a[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate") and BBOX.io) + +This feature has also been added to the man:lem[4], man:em[4] and man:igb[4] drivers. A major regression in UDP performance introduced in FreeBSD 12.0, including NFS over UDP, is believed to be fixed with this change. +gitref:49f12d5b38f6[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate") and BBOX.io) + +Teach man:ip6addrctl[8] to attach and run itself in a jail. +This will make it easier to manage address selection policies of vnet jails, especially for those light weighted OCI containers or slim jails. +gitref:b709f7b38cc4[repository=src] + +Convert `PF_DEFAULT_TO_DROP` into a vnet loader tunable 'net.pf.default_to_drop' for man:pf[4]. +gitref:7f7ef494f11d[repository=src] introduced a compile time option `PF_DEFAULT_TO_DROP` to make the man:pf[4] default rule to drop. +While this change exposes a vnet loader tunable 'net.pf.default_to_drop' so that users can change the default rule without re-compiling the man:pf[4] module. +gitref:3965be101c43[repository=src] + [[wireless-networking]] === Wireless Networking The LinuxKPI 802.11 comapt layer man:linuxkpi_wlan[4] gained support for the Galois/Counter Mode Protocol (GCMP) from man:wlan_gcmp[4]. (Sponsored by The FreeBSD Foundation) +The man:rtw88[4] driver was made to work (associate) again and a memory leak got resolved. (Sponsored by The FreeBSD Foundation) + +Following other drivers man:iwlwififw[4] firmware was removed from the base system in favor of the ports based solution and man:fwget[8] support. (Sponsored by The FreeBSD Foundation) + [[hardware]] == Hardware Support @@ -188,6 +882,32 @@ Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list o [[hardware-virtualization]] === Virtualization Support +The NVMM hypervisor is now detected. +gitref:34f40baca641[repository=src] + +The VNC server in man:bhyve[8] will now show the correct colors when using the package:www/novnc[] client. +gitref:f9e09dc5b1d5[repository=src] + +Under Hyper-V, TLB flushes are now performed using hypercalls rather than IPIs, providing up to a 40% improvement in TLB performance. +gitref:7ece5993b787[repository=src] (Sponsored by Microsoft) + +Several bug fixes and configuration changes collectively allow device hotplug on both x86 and arm64 ("Graviton") EC2 instances. +Users upgrading EC2 instances from earlier FreeBSD releases should set `hw.pci.intx_reroute=0` and `debug.acpi.quirks="56"` in `/boot/loader.conf`. + +[[linuxulator]] +=== Linux Binary Compatibility + +The `AT_NO_AUTOMOUNT` flag is now ignored for all Linuxulator stat() variants (as the behavior specified by the flag already matches FreeBSD's), improving Linux application compatibility. +gitref:99d3ce80ba07[repository=src] +(Sponsored by The FreeBSD Foundation) + +[[multimedia]] +== Multimedia + +Many improvements to the audio stack including support for hot-swapping in man:mixer[8], and the addition of man:mididump[1]. +gitref:cf9d2fb18433[repository=src] (Sponsored by The FreeBSD Foundation) +gitref:7224e9f2d4af[repository=src] (Sponsored by The FreeBSD Foundation) + [[documentation]] == Documentation @@ -196,13 +916,76 @@ This section covers changes to manual (man:man[1]) pages and other documentation [[man-pages]] === Man Pages +A new man:networking[7] manual page provides a quickstart guide to connecting the system to networks including Wi-Fi, and links to other manual pages and the handbook. +gitref:39f92a4c4c49[repository=src] + +Refer to man:graid[8] and man:zfs[8] instead of man:gvinum[8] in man:ccdconfig[8]). +(gitref:55cb3a33d920[repository=src]). + +man:ps[1]: Document change in behavior for `-a`/`-A`. +Document the practical consequence of change gitref:93a94ce731a8[repository=src] that specifying `-a`/`-A` leads to printing all processes regardless of the presence of other process selection options (except for `-x`/`-X`, which command a filter). +gitref:eed005b57895[repository=src]. +(Sponsored by The FreeBSD Foundation). + +man:ps[1]: Change in behavior for option `-U`. +gitref:4e4739dd0745[repository=src] +(Sponsored by The FreeBSD Foundation). + +man:ps[1]: Change of how current user's processes are matched. +gitref:7219648f60d1[repository=src]. +(Sponsored by The FreeBSD Foundation). + +man:ps[1]: Match current user's processes using effective UID. +This puts man:ps[1] of FreeBSD in conformance with POSIX. +gitref:1e8dc267ca91[repository=src]. +(Sponsored by The FreeBSD Foundation). + +man:mac_do[4]: Change of rules syntax; Provide hints and pointers. +gitref:0c3357dfa18f[repository=src]. +(Sponsored by The FreeBSD Foundation). + +man:firewire[4]: Add deprecation notice. +This was originally discussed as part of FreeBSD 15 planning, but did not happen in time. +Add the deprecation notice now, with an expectation that it will be removed before FreeBSD 16. +gitref:fc889167c319[repository=src]. +(Sponsored by The FreeBSD Foundation). + +The ethernet switch controllers, man:mtkswitch[4], man:ip17x[4], man:ar40xx[4], and man:e6000sw[4] have gained initial manual pages. + +man:mount[8] has gained an example for remounting all filesystems read/write in single-user mode. + +Manual pages for the lua man:loader[8] modules have had their desctiptions reworded to optimize man:apropos[1] results. + +The manual pages style guide, man:style.mdoc[5], has gained a section for listing supported hardware. +When listed this way, the supported hardware will be listed in link:https://www.freebsd.org/releases/{localRel}R/hardware[the supported hardware notes]. +Many manuals have had this section added or reworded in this release. + +Much work has gone into adding man:sysctl[8]s and environment variables to the manual. +Try searching for them with `apropos Va=here.is.the.sysctl` or `apropos Ev=here_is_the_environment_variable`. + +The man:intro[5] to the File Formats manual has been revised, incorporating improvements from OpenBSD. + [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. + +A new `FreeBSD-kmods` repository is included in the default `/etc/pkg/FreeBSD.conf` man:pkg[8] configuration file. +This repository contains kernel modules compiled specifically for {releaseCurrent} rather than for the {releaseBranch} branch. +Installing kernel modules from this repository allows drivers with unstable kernel interfaces, in particular graphics drivers, to work even when the main {releaseBranch} repository has packages build on a previous release. (gitref:a47542f71511[repository=src]). + +[[Installer]] +=== Installer + +The FreeBSD installer, man:bsdinstall[8], now supports downloading and installing firmware packages after the FreeBSD base system installation is complete. +gitref:03c07bdc8b31[repository=src] (Sponsored by The FreeBSD Foundation) + [[ports-packages]] === Packaging Changes +The package:net/wifi-firmware-kmod@release[] package has been added to the DVD package set in order to provide necessary firmware for wifi drivers. +gitref:8c6df7ead19c[repository=src] (Sponsored by The FreeBSD Foundation) + [[future-releases]] == General Notes Regarding Future FreeBSD Releases diff --git a/website/content/en/status/report-2025-04-2025-06/drm-drivers.adoc b/website/content/en/status/report-2025-04-2025-06/drm-drivers.adoc new file mode 100644 index 0000000000..7ba18092d6 --- /dev/null +++ b/website/content/en/status/report-2025-04-2025-06/drm-drivers.adoc @@ -0,0 +1,36 @@ +=== DRM drivers + +Links: + +link:https://github.com/freebsd/drm-kmod/pull/361[Update to Linux 6.9 DRM drivers] URL: link:https://github.com/freebsd/drm-kmod/pull/361[] + +Contact: Jean-Sébastien Pédron <dumbbell@FreeBSD.org> + +DRM drivers are **kernel drivers for integrated and discrete GPUs**. +They are maintained in the Linux kernel and we port them to FreeBSD. +As of this report, we take the AMD and Intel DRM drivers only (NVIDIA FreeBSD drivers are proprietary and provided by NVIDIA themselves). + +We port them one Linux version at a time. +This allows us to ship updates more often and it eases porting and debugging because we have a smaller delta compared to a bigger jump skipping several versions. + +This quarter, we finally merged the drivers from Linux 6.7 and 6.8 that were done during the first quarter into *drm-kmod*. +The **porting for DRM drivers from Linux 6.9 was finished** and is now ready for review and testing; +https://github.com/freebsd/drm-kmod/pull/361[see the pull request for instructions] if you want to try them. +The pull request also lists all the patches needed to `linuxkpi`, the Linux drivers compatibility layer in the FreeBSD kernel. +Several patches were already reviewed but there is still work. + +These updates target the FreeBSD 15-CURRENT development branch for now. +Once kernel patches are accepted and the DRM drivers updates merged, we will evaluate if/how we can backport the kernel patches to earlier release branches (namely 14-STABLE). + +While waiting for review, we also started to work on two features which were unsupported on FreeBSD: +* https://github.com/freebsd/drm-kmod/pull/357[`DMA_BUF_IOCTL_EXPORT_SYNC_FILE` and `DMA_BUF_IOCTL_IMPORT_SYNC_FILE` ioctls] +* https://github.com/freebsd/drm-kmod/pull/358[`DRM_IOCTL_SYNCOBJ_EVENTFD` ioctl] + +They are apparently required to allow the use of wlroots-based Wayland compositors with the Vulkan API (see link:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286311[]). +wlroots will need a patch as well because it only expects these features on Linux for now. + +Both pull requests as well as the patches to `linuxkpi` they rely on are ready for review and testing. +The `linuxkpi` patches are linked in the pull requests. + +This work is kindly sponsored by the FreeBSD Foundation as part of the Laptop and Desktop Project. + +Sponsor: The FreeBSD Foundation diff --git a/website/content/en/status/report-2025-04-2025-06/geomman.adoc b/website/content/en/status/report-2025-04-2025-06/geomman.adoc new file mode 100644 index 0000000000..fd6ad08676 --- /dev/null +++ b/website/content/en/status/report-2025-04-2025-06/geomman.adoc @@ -0,0 +1,32 @@ +=== Geomman Development + +Links: + +link:https://wiki.freebsd.org/SummerOfCode2025Projects/FullDiskAdministrationToolForFreeBSD[Geomman GSoC wiki] URL: link:https://wiki.freebsd.org/SummerOfCode2025Projects/FullDiskAdministrationToolForFreeBSD[] + +link:https://gitlab.com/brauliorivas/geomman[geomman Gitlab repository] URL: link:https://gitlab.com/brauliorivas/geomman[] + +link:https://gitlab.com/alfix/bsddialog[bsddialog repository] URL: link:https://gitlab.com/alfix/bsddialog[] + +link:https://man.freebsd.org/cgi/man.cgi?query=sade&manpath=FreeBSD+14.3-RELEASE+and+Ports[sade] URL: link:https://man.freebsd.org/cgi/man.cgi?query=sade&manpath=FreeBSD+14.3-RELEASE+and+Ports[] + +Contact: Braulio Rivas <brauliorivas@FreeBSD.org> + +Geomman is a new partition tool based on man:sade[8] that brings more functionality such as moving, copying, and pasting partitions. +Geomman is part of Google Summer of Code 2025. +Currently, it is available in a Gitlab repository. +But at some future time, it is expected to become a tool in the base system. + +Geomman is a TUI designed to allow to growing, shrinking, moving, copying, and pasting partitions with filesystems other than UFS. +For example, users may be able to create an exFAT partition, as well as to resize an ext4 filesystem. +This would make partition management easier, because there are tools for each individual task (mainly depending on the filesystem), but none that concentrates all cases in a single tool. + +For the moment, geomman only allows copying and pasting partitions. +However, for the next report the tool should be almost finished. + +Currently, I am working on a mechanism to move partitions using man:dd[1]. +Other approaches may be possible, so any help is very welcome. + +The next steps for geomman are: + +* Develop a way of moving partitions. +* Handle duplicate UUIDs between partitions when using dd. +* Add options to create, grow, and shrink more filesystem types. + +Sponsor: Google Summer of Code diff --git a/website/content/en/status/report-2025-04-2025-06/pinephone.adoc b/website/content/en/status/report-2025-04-2025-06/pinephone.adoc new file mode 100644 index 0000000000..72c261cfaa --- /dev/null +++ b/website/content/en/status/report-2025-04-2025-06/pinephone.adoc @@ -0,0 +1,26 @@ +=== Pinephone Pro Support + +Links: + +link:https://codeberg.org/Honeyguide/freebsd-pinephonepro[Repository on Codeberg] URL: link:https://codeberg.org/Honeyguide/freebsd-pinephonepro[] + +Contact: Toby Kurien <toby@tobykurien.com> + +The project to port FreeBSD over to the Pinephone Pro is progressing. +The aim of this project is to step by step support components of the Pinephone Pro in FreeBSD so that the device one day might be usable as a highly mobile FreeBSD device. + +In this quarter, a new development release has been made available for flashing and testing on a PinePhone Pro. +It includes a newly added touch driver, and a minimal desktop environment with an on-screen keyboard. +You can simply flash this build to an SD card and boot it up, provided you have the correct version of U-boot bootloader installed (details at the repository). +The image also contains the kernel and drivers source code, along with package:editors/vim[] editor and build tools, allowing for development of drivers on-device. + +To facilitate testing and driver development, network access has been enabled via the headphone jack (using the headphone-to-USB-serial adapter). +It works by using Point-to-Point Protocol (PPP) to access the network via your PC. +Details of setting this up are in the repository README file. + +Work is now under way to develop USB and WiFi drivers. +As always, contributions in the form of testing, feedback, upstreaming, driver development, or just words of encouragement are welcome. + +See the post on the FreeBSD Forum for more: +link:https://forums.freebsd.org/threads/porting-freebsd-to-pinephone-pro-help-needed.95948/[] + +Sponsor: Honeyguide Group diff --git a/website/content/en/status/report-2025-04-2025-06/qemu_l4b.adoc b/website/content/en/status/report-2025-04-2025-06/qemu_l4b.adoc new file mode 100644 index 0000000000..76522615e3 --- /dev/null +++ b/website/content/en/status/report-2025-04-2025-06/qemu_l4b.adoc @@ -0,0 +1,44 @@ +=== BSD-USER 4 LINUX + +Contact: Maksym Sobolyev <sobomax@FreeBSD.org> + +Links: +link:https://github.com/sobomax/qemu-bsd-user-l4b[Project Page] URL: link:https://github.com/sobomax/qemu-bsd-user-l4b[] + +link:https://github.com/sobomax/qemu_l4b[Tooling] URL: link:https://github.com/sobomax/qemu_l4b[] + +The `bsd-user-4-linux` project ports BSD user-mode emulation for QEMU to Linux. +The primary goal is to enable unmodified FreeBSD binaries to run on modern Linux systems. +Additionally, the project aims to provide multi-platform container images with a functional FreeBSD environment and ready-to-use GitHub Actions templates. + +News: + +* Two new pull requests have been received since the initial project announcement: + ** Diagnostic output cleanup; + ** kqueue() support using libkqueue library on Linux. +* The latest set of changes has been pulled from the Warner's qemu-bsd-user project bringing Qemu version to 9.2.0 along with some fixes and improvements. + +Current Status: + +* The initial port successfully runs `make -jN buildworld`. +* Most command-line tools are working as expected (man:sh[1], man:bash[1], man:find[1], man:grep[1], man:git[1], man:clang[1], etc). +* A link:https://github.com/sobomax/qemu-bsd-user-l4b/actions[GitHub Actions pipeline] builds x86_64 emulation images for: + ** linux/386 + ** linux/amd64 + ** linux/arm/v5 + ** linux/arm64/v8 +* A pre-built Docker container with FreeBSD 14.1 binary world is created and pushed to the GitHub Container Registry. + ** link:https://ghcr.io/sobomax/qemu-bsd-user-l4b:latest-ubuntu-latest-freebsd141[FreeBSD Image @ GHCR] +* Special pre-built "admin" container with Linux user-mode qemu binary for the FreeBSD/amd64 emulation is also published at the GHCR. + ** link:https://ghcr.io/sobomax/qemu-bsd-user-l4b:latest-ubuntu-latest[FreeBSD binfmt Image @ GHCR] + +Next Steps: +* Bump FreeBSD version to 14.3; +* Rebase onto Qemu 10.0.x. + +How You Can Help: + +* Test with your preferred toolchain, report issues, or contribute fixes. +* Identify and implement missing system calls. +* Support us on link:https://patreon.com/sippylabs[Patreon]. + +Sponsor: Sippy Software, Inc. diff --git a/website/data/en/press/press.toml b/website/data/en/press/press.toml index 8fb47091b2..36a892a306 100644 --- a/website/data/en/press/press.toml +++ b/website/data/en/press/press.toml @@ -1,5 +1,50 @@ # Sort the entries by date [[press]] +name = "FreeBSD Foundation Welcomes New Board Member: John Baldwin" +url = "https://freebsdfoundation.org/blog/freebsd-foundation-welcomes-new-board-member-john-baldwin/" +siteName = "FreeBSD Foundation Blog" +siteUrl = "https://freebsdfoundation.org/blog/" +date = "2025-06-27" +author = "FreeBSD Foundation" +description = "Long-time FreeBSD community member, John Baldwin, was elected to the FreeBSD Foundation Board during the Annual Meeting" + +[[press]] +name = "Software Bill of Materials (SBOM) for FreeBSD Project" +url = "https://freebsdfoundation.org/blog/software-bill-of-materials-sbom-for-freebsd-project/" +siteName = "FreeBSD Foundation Blog" +siteUrl = "https://freebsdfoundation.org/blog/" +date = "2025-06-26" +author = "FreeBSD Foundation" +description = "Commissioned by the Sovereign Tech Agency, work began in April 2025 on a new project to enable SBOMs for FreeBSD" + +[[press]] +name = "FreeBSD Ports and Packages Security Project" +url = "https://freebsdfoundation.org/blog/freebsd-ports-and-packages-security-project/" +siteName = "FreeBSD Foundation Blog" +siteUrl = "https://freebsdfoundation.org/blog/" +date = "2025-06-26" +author = "FreeBSD Foundation" +description = "Commissioned by the Sovereign Tech Agency, work began in April 2025 on a new project to further Ports and Package Security" + +[[press]] +name = "Three Ways to Try FreeBSD in Under Five Minutes" +url = "https://freebsdfoundation.org/blog/three-ways-to-try-freebsd-in-under-five-minutes/" +siteName = "FreeBSD Foundation Blog" +siteUrl = "https://freebsdfoundation.org/blog/" +date = "2025-06-06" +author = "FreeBSD Foundation" +description = "Let’s take a quick look at getting started with the latest production release of FreeBSD via three different platforms" + +[[press]] +name = "The Road to Better Wi-Fi on FreeBSD" +url = "https://freebsdfoundation.org/blog/the-road-to-better-wi-fi-on-freebsd/" +siteName = "FreeBSD Foundation Blog" +siteUrl = "https://freebsdfoundation.org/blog/" +date = "2025-06-05" +author = "FreeBSD Foundation" +description = "To understand how far we’ve come, it helps to look back at the road that led to today, starting with the earliest wireless work in FreeBSD" + +[[press]] name = "ZFS automatic snapshots with Sanoid on FreeBSD" url = "https://freebsdfoundation.org/blog/zfs-automatic-snapshots-with-sanoid-on-freebsd/" siteName = "FreeBSD Foundation Blog" diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml index fb54b5d5e6..103be4c068 100644 --- a/website/data/security/advisories.toml +++ b/website/data/security/advisories.toml @@ -2,6 +2,10 @@ # $FreeBSD$ [[advisories]] +name = "FreeBSD-SA-25:06.xz" +date = "2025-07-02" + +[[advisories]] name = "FreeBSD-SA-25:05.openssh" date = "2025-02-21" diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index bd86e232cc..c58cf02825 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -2,6 +2,18 @@ # $FreeBSD$ [[notices]] +name = "FreeBSD-EN-25:11.ena" +date = "2025-07-02" + +[[notices]] +name = "FreeBSD-EN-25:10.zfs" +date = "2025-07-02" + +[[notices]] +name = "FreeBSD-EN-25:09.libc" +date = "2025-07-02" + +[[notices]] name = "FreeBSD-EN-25:08.caroot" date = "2025-04-10" diff --git a/website/static/security/advisories/FreeBSD-EN-25:09.libc.asc b/website/static/security/advisories/FreeBSD-EN-25:09.libc.asc new file mode 100644 index 0000000000..5153f41871 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:09.libc.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:09.libc Errata Notice + The FreeBSD Project + +Topic: Dynamically-loaded C++ libraries crashing at exit + +Category: core +Module: libc +Announced: 2025-07-02 +Affects: FreeBSD 13.5 and FreeBSD 14.2 +Corrected: 2025-04-17 01:01:36 UTC (stable/14, 14.2-STABLE) + 2025-07-02 18:28:08 UTC (releng/14.2, 14.2-RELEASE-p4) + 2025-04-17 01:02:12 UTC (stable/13, 13.5-STABLE) + 2025-07-02 18:28:28 UTC (releng/13.5, 13.5-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +In C++, global objects' destructors are called at unload or exit time. +Global objects may be created either as objects in a global scope, or as +objects in a function scope declared with the `static` keyword. + +II. Problem Description + +Object destructors can create further global objects through the second +mechanism described above, function-scoped objects with the `static` keyword. + +Creation of these objects adds more destructors that should be called at +unload or exit time while the application is already in the middle of +processing those destructors in reverse order from when they're added. As a +result, these newly added destructors are not called at unload time when the +C++ library has been loaded dynamically via dlopen() and subsequently +unloaded with dlclose(). + +III. Impact + +The destructors that are not called at unload time are later attempted to be +called when the program exits, which may result in a crash as the library's +code has already been unmapped from the program's address space. + +IV. Workaround + +No workaround is available. C++ libraries that do not create more objects in +destructors are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and restart any affected +services, or reboot the system. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:09/libc.patch +# fetch https://security.FreeBSD.org/patches/EN-25:09/libc.patch.asc +# gpg --verify libc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ c43ae65b4b89 stable/14-n271080 +releng/14.2/ 89a2823e17e5 releng/14.2-n269525 +stable/13/ 04f7496f89e2 stable/13-n259249 +releng/13.5/ f936833911d7 releng/13.5-n259167 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285870> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:09.libc.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmhlfSIACgkQbljekB8A +Gu8InA/6A0/ctlk0xDhDe7kMcu3NzV8lFmBz2d1577WU8E+A8F9KAEEGEHS1wPeK +qZL4YtcVQ4hGDKot5yg9Cvdmvqsvuv0sP7RmG2xyQKnx6THHezlzxXcKC+UYRgtg +9mDWB8/1zC/L8XYcBdJtog0HZnRRjQ8fVVJKVySItCz9rGCmc0XKX1PhKqR4ZQDL +ErfrUlymDCB8CW0NCeRUO5sPniT+dCf8Bv/OJdB3NFvuVYA6XqIlo397dDPGkltV +K4bDEbjuRi4ELuTlybEtzMDWrDb+YOAuFF8cWCzyJpkRiSZQAarIwBhxoqVdw6+p +9JN6i2p5RIis1DNCXomyip8JrgH8iDzUbGgehwEjhMbDi4YY6FK9ZQ5nTve5X/oX +o4q+oMIoCItAl4x1GqUNlZ/TP6Zk1fk9pObNb9IuM9W9kQJIWI/DQ3XMlYN57cTC +oS47PlJR+h09N6jA0Zfmek7ciFLGmhRpdc1MVfgTHNkT532HLpzHztckECWD0l7C +ni92CH7JW2rBI0AKDYGEA/s9fhhlkdyrQjASdSJwDFfpVQyuUWLja7NaFAmtPCEF +PjY+ZQsAQlZiusvHXDGNxlUE27LxFR44AdR4UhVGvkPfbjuQNPuxV+vsxZa743zt +GsVUwI4FmwaUf1IygAd9akFikRcS0s57wOHqcWh/B+iv/OW+MA4= +=VsbO +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-25:10.zfs.asc b/website/static/security/advisories/FreeBSD-EN-25:10.zfs.asc new file mode 100644 index 0000000000..61bd74761c --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:10.zfs.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:10.zfs Errata Notice + The FreeBSD Project + +Topic: Corruption in ZFS replication streams from encrypted datasets + +Category: contrib +Module: zfs +Announced: 2025-07-02 +Credits: Klara, Inc. +Affects: All supported versions of FreeBSD. +Corrected: 2025-06-21 22:05:40 UTC (stable/14, 14.3-STABLE) + 2025-07-02 18:27:44 UTC (releng/14.3, 14.3-RELEASE-p1) + 2025-07-02 18:28:09 UTC (releng/14.2, 14.2-RELEASE-p4) + 2025-06-27 20:07:48 UTC (stable/13, 13.5-STABLE) + 2025-07-02 18:28:29 UTC (releng/13.5, 13.5-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is an advanced and scalable file system originally developed by Sun +Microsystems for its Solaris operating system. ZFS was integrated as part of +the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent +and preferred choice for storage management. + +II. Problem Description + +ZFS has built-in replication and backup functionality, which serializes a +filesystem for transport to another system, known as "ZFS send". ZFS send +also supports incremental updates between a pair of snapshots. When sending +an encrypted dataset, the dataset can either be left encrypted for +transit/receipt (raw mode), or decrypted. During a decrypting (normal) send, +a bug in the code caused some metadata (key mappings) in the snapshots to be +decrypted in memory, but not properly released. As a result, the key mappings +used for decryption were not freed from the in-memory table. + +III. Impact + +The leaked mappings can cause two problems. The first is that they can result +in spurious checksum errors when they are incorrectly used to access data +later. In the second case, in order to export a pool, ZFS requires that all +the mappings be freed. These leaked mappings were never cleaned up, resulting +in any attempt to export the pool causing the command to hang. + +IV. Workaround + +No workaround is available. Systems not using ZFS, or not using ZFS native +encryption are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. A reboot is required following the +upgrade. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# reboot + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:10/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-25:10/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 6abe6a8a0d54 stable/14-n271756 +releng/14.3/ cb24a62cd75b releng/14.3-n271433 +releng/14.2/ c5feebf38389 releng/14.2-n269526 +stable/13/ eae830109571 stable/13-n259318 +releng/13.5/ 4d9c4ecf6a48 releng/13.5-n259168 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://github.com/openzfs/zfs/pull/17340> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:10.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmhlfSMACgkQbljekB8A +Gu8z2hAAzcl0BfP5P3suB3ywY8dbh8LZ/MbKrN+VOgdrP00plRFhVMpL8W+v7MjX +t3fDU3wEg+1PNEJ3j20vTCH4qdwuRQiuWo/MRz/7/kF21PufMx34pLGQd7ghG6q/ +1PGqxgs4C4snSJsgixzgxyedTZsO5D4ZKL3o8s5DPfvHR7bnSI7MdHFg7DynvpU6 +pcYZ7bZL1WhzTG4lL32oDFZqmLGac5iwiJPekVzJwlkSmoYlc8ScMV43FpDdGCfD +5jbalhD0T/r4+Uzc+dTPulHjR8Q4YQ5XTZJvo5am9JV4HoQztASDsGw2Av9SpMKz +TAehn5A48J+E3hcKncKivoRlSAA3EF/LTfCH/9ZLLEaEl3qbmp/iSPwuC9KWH8u/ +4E44tlTWDXfnr1UTnqqYwrq+SoY/UDQ0DWOXPEanS2BTSxzu3I/MI9OWzR0eZaow +KDw7P4NFTnGLZ1ZWeGj2vrqrDDjb5SHqj8y0T1oyCqASph/t5e5AAsRzNp2Zr+YL +nKAJAr5TEFIpYEjAsTj8WY+fu+KUOgh4sQpXe9xrD++aIRR64VbIJE6XSNo1TOtu +TzXS7ysRZmZygoJOqCldsti7jUdlX5Pn31x4IRCaJAcQzfngZYyIQDLwkxg4b6LQ +VLgtP7hmulByj7XBkCpekGb6kYoudIDqPP+vR+LSWgbzEyZ1LIo= +=rdcw +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-25:11.ena.asc b/website/static/security/advisories/FreeBSD-EN-25:11.ena.asc new file mode 100644 index 0000000000..5ff789182e --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:11.ena.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:11.ena Errata Notice + The FreeBSD Project + +Topic: ena resets and kernel panic on Nitro v4 or newer instances + +Category: core +Module: ena +Announced: 2025-07-02 +Credits: Arthur Kiyanovski +Affects: FreeBSD 13.5 and FreeBSD 14.2 +Corrected: 2025-05-01 17:56:11 UTC (stable/14, 14.3-STABLE) + 2025-07-02 18:28:12 UTC (releng/14.2, 14.2-RELEASE-p4) + 2025-05-01 18:15:18 UTC (stable/13, 13.5-STABLE) + 2025-07-02 18:28:31 UTC (releng/13.5, 13.5-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The ena(4) driver is used to access the Elastic Network Adapter network +interface on recent Amazon Elastic Compute Cloud (EC2) instances. It is +designed to make full use of the EC2 cloud architecture for optimal network +performance. + +ENA Express is a feature that allows increased bandwidth and reduced latency +in the AWS cloud. For optimal performance of the ENA Express feature, it is +necessary to reduce LLQ width to 128. + +AWS instances that use Nitro card v4 or newer have a maximum tx burst size +when sending tx packets. The driver is responsible to adhere to this maximum +burst size by sending a doorbell to the device with no more than this burst +size packets. If the burst size is exceeded a device reset happens. + +Since driver 2.8.0 it is possible to change the width of the tx queue LLQ +(Low Latency Queues) entries. There are 2 possible widths: 128 and 256 bytes. +The default is 256, however in some cases, i.e. when using the ENA Express +feature, it is recommended to use a width of 128. + +II. Problem Description + +When running on instances that have a max tx burst size and the ENA device +supports 256-byte wide LLQ entries, if 128-byte wide entries are selected, +either by setting hw.ena.force_large_llq_header = 0 via sysctl or by turning +on ENA Express for the interface, the ena(4) driver does not initialize a +stack variable which is later used to setup the maximum tx burst size. + +III. Impact + +Due to the uninitialized stack variable, the ena(4) driver will exceed the +maximum tx burst size, leading to device resets, making the device unusable. + +Additionally, the calculation of the tx burst size includes division by the +uninitialized stack variable. If the stack variable is 0, this will cause +division by 0 in the kernel, leading to a kernel panic. + +IV. Workaround + +It is possible to force the LLQ width to 256 by setting +hw.ena.force_large_llq_header=1 via sysctl, however this causes peformance +degredation when using the ENA Express feature. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:11/ena.patch +# fetch https://security.FreeBSD.org/patches/EN-25:11/ena.patch.asc +# gpg --verify ena.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 3f4a674a8ee4 stable/14-n271320 +releng/14.2/ ca1f7650a80d releng/14.2-n269528 +stable/13/ 162b5bbb4048 stable/13-n259268 +releng/13.5/ 575644144d5c releng/13.5-n259170 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ena-express.html> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:11.ena.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmhlfSUACgkQbljekB8A +Gu9/qBAAsP6QA+6kpRo94XBr7mRIvrsxK76sGMDcoTX+7WhQpVOQ3NP7VteNfTJc +L0NF/PPhxxjJsYzz+o5SmW7RMgLlqL/Ofi4/VWqwwW8KTAjc4nAzKn5QNWb0fdWM +gBYHGWrxYb8jt8twzIZ5HCOL47mN7obbEhi/y+WN+TehjJso2GiyM7gD+haaPlBa +uAjSHYh+gf2tO7o9uSvIWYHP/qqjOphShJAwyX73ePZ9DLdra4FknWzryOU4Y3LP +H4ToBZHkYJV/1P/GHSGYr5hqDuqxmxoCrzr+57IyfQiKPRiRvYsRMhAzlsrMp3aJ +TQucgS5wN/TbHcSIXWLkO/DZ3poKjx73pBdayR2sS1ue3zz6FktNxMSub786jtPw +icqPc24nsQt3PZI6wKViZAWJgDn4U/WfJhzWTR3mix3s8oal+Y8xYviYa9GQbo9p +bzld/8Of6HVcbEhg+Ayq1WI3Cez3ahvek74/KnJc9EHX+20lI3OEpIzKWw/Q6wNy +L+C1s4vG6dMY8Hr7OSUVJADiVCcvX+/7WGMppqua07jbuBpGSpZyAKBUlEoiGyyu +aFob0xHlcYb/ongNzyDkmGufAGl+TpqJYcajvy/jDVXQpG3zlmAqizP2IfDlzcF5 +ojgxw7B9KaccauMDdASM7nGDR/Q1s8O1MMWGnwptjcmpEuC2D7s= +=nJXg +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-25:06.xz.asc b/website/static/security/advisories/FreeBSD-SA-25:06.xz.asc new file mode 100644 index 0000000000..d7a8a32d1d --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-25:06.xz.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-25:06.xz Security Advisory + The FreeBSD Project + +Topic: Use-after-free in multi-threaded xz decoder + +Category: contrib +Module: xz +Announced: 2025-07-02 +Affects: FreeBSD 13.5 and FreeBSD 14.2 +Corrected: 2025-05-07 21:26:00 UTC (stable/14, 14.2-STABLE) + 2025-07-02 18:28:13 UTC (releng/14.2, 14.2-RELEASE-p4) + 2025-05-07 21:25:59 UTC (stable/13, 13.4-STABLE) + 2025-07-02 18:28:32 UTC (releng/13.5, 13.5-RELEASE-p2) +CVE Name: CVE-2025-31115 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +XZ Utils is a set of free software command-line lossless data compressors, +including the programs lzma and xz. + +II. Problem Description + +A worker thread could free its input buffer after decoding, while the +main thread might still be writing to it. This leads to an use-after-free +condition on heap memory. + +III. Impact + +An attacker may use specifically crafted .xz file to cause multi-threaded +xz decoder to crash, or potentially run arbitrary code under the credential +the decoder was executed. + +IV. Workaround + +No workaround is available, but systems where xz decoding was not used in +multi-threaded mode are not affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. +Unless the decoder is running as a daemon, no reboot is required. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-25:06/xz.patch +# fetch https://security.FreeBSD.org/patches/SA-25:06/xz.patch.asc +# gpg --verify xz.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the liblzma library, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 5cf27a49a2de stable/14-n271423 +releng/14.2/ 49b07b94662b releng/14.2-n269529 +stable/13/ 346bb5d3fe19 stable/13-n259281 +releng/13.5/ 95e9c54b3961 releng/13.5-n259171 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115> + +<URL:https://tukaani.org/xz/threaded-decoder-early-free.html> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:06.xz.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmhlfTUACgkQbljekB8A +Gu/LnA//WD66vLyMS5V+GcwJO3+Txq502F7U/HRoq0TRNJoEkSL5u+tpJD/hZUn4 +tkBayhSdJKs6d6UURZdhlEsCF4V7bjMzmudOwUnEwFZNXoUZHe0DHPMzFpGvVrD/ +zlN2QZptcP5IU0mPlSFbhQzrUwLnKhjN0NqDZSdaM+7jWDN2zdQFTwijHLFZV66a +FYK8Gr+x4OJHn2CtxBz2ST2S4Aaju38D02IdwX/MQFTtVpLHvt2w/j84Ks2c/MXp +BJxHKcyohEZRd0jO2XKaX1gBANoLNSRcJbeamJ8zYXSygakbqTkgfW8QHi09WSJH +cLqp/NNi4D5v83j11vKlMHAujLgvgTupF7KTG5FXVYF0KZ0URXGEprC9mCWPbIOo +5AD1pbDW1G/OO/cmBn63nILu0U5YLqjcIh2UkJxROs8BBCWouh3k6ZEx2mxQZ9Jy +U2aDrC8TwYf1Sqwr063L+WNo38SUSILNaP17xWpeDToDMYHqnrdMOtj/OFDV1g1U +ra0CYfp2yWpMZ9UibS6GV+mvtiPe/exxqMNFmkpZ/+uTBbH3vPX/rVbJIJkIsOsA +Re9OUfhOYTsPV/bK+NRPAqaLTrmifEECYlskmAgvGoVdMldeL47nGt0EyZLKZ75y +xY4qPHPJEv7TXA8ZOpQ85M491TfwoETZ6CytmwjeXQmOEY8KRtQ= +=TZId +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-25:09/libc.patch b/website/static/security/patches/EN-25:09/libc.patch new file mode 100644 index 0000000000..2a5687affd --- /dev/null +++ b/website/static/security/patches/EN-25:09/libc.patch @@ -0,0 +1,93 @@ +--- lib/libc/stdlib/atexit.c.orig ++++ lib/libc/stdlib/atexit.c +@@ -38,6 +38,7 @@ + #include "namespace.h" + #include <errno.h> + #include <link.h> ++#include <stdbool.h> + #include <stddef.h> + #include <stdlib.h> + #include <unistd.h> +@@ -59,6 +60,8 @@ + #define ATEXIT_FN_CXA 2 + + static pthread_mutex_t atexit_mutex = PTHREAD_MUTEX_INITIALIZER; ++static void *current_finalize_dso = NULL; ++static bool call_finalize_again = false; + + #define _MUTEX_LOCK(x) if (__isthreaded) _pthread_mutex_lock(x) + #define _MUTEX_UNLOCK(x) if (__isthreaded) _pthread_mutex_unlock(x) +@@ -118,6 +121,9 @@ + __atexit = p; + } + p->fns[p->ind++] = *fptr; ++ if (current_finalize_dso != NULL && ++ current_finalize_dso == fptr->fn_dso) ++ call_finalize_again = true; + _MUTEX_UNLOCK(&atexit_mutex); + return 0; + } +@@ -211,33 +217,38 @@ + } + + _MUTEX_LOCK(&atexit_mutex); +- for (p = __atexit; p; p = p->next) { +- for (n = p->ind; --n >= 0;) { +- if (p->fns[n].fn_type == ATEXIT_FN_EMPTY) +- continue; /* already been called */ +- fn = p->fns[n]; +- if (dso != NULL && dso != fn.fn_dso) { +- /* wrong DSO ? */ +- if (!has_phdr || global_exit || +- !__elf_phdr_match_addr(&phdr_info, +- fn.fn_ptr.cxa_func)) +- continue; ++ current_finalize_dso = dso; ++ do { ++ call_finalize_again = false; ++ for (p = __atexit; p; p = p->next) { ++ for (n = p->ind; --n >= 0;) { ++ if (p->fns[n].fn_type == ATEXIT_FN_EMPTY) ++ continue; /* already been called */ ++ fn = p->fns[n]; ++ if (dso != NULL && dso != fn.fn_dso) { ++ /* wrong DSO ? */ ++ if (!has_phdr || global_exit || ++ !__elf_phdr_match_addr(&phdr_info, ++ fn.fn_ptr.cxa_func)) ++ continue; ++ } ++ /* ++ Mark entry to indicate that this particular ++ handler has already been called. ++ */ ++ p->fns[n].fn_type = ATEXIT_FN_EMPTY; ++ _MUTEX_UNLOCK(&atexit_mutex); ++ ++ /* Call the function of correct type. */ ++ if (fn.fn_type == ATEXIT_FN_CXA) ++ fn.fn_ptr.cxa_func(fn.fn_arg); ++ else if (fn.fn_type == ATEXIT_FN_STD) ++ fn.fn_ptr.std_func(); ++ _MUTEX_LOCK(&atexit_mutex); + } +- /* +- Mark entry to indicate that this particular handler +- has already been called. +- */ +- p->fns[n].fn_type = ATEXIT_FN_EMPTY; +- _MUTEX_UNLOCK(&atexit_mutex); +- +- /* Call the function of correct type. */ +- if (fn.fn_type == ATEXIT_FN_CXA) +- fn.fn_ptr.cxa_func(fn.fn_arg); +- else if (fn.fn_type == ATEXIT_FN_STD) +- fn.fn_ptr.std_func(); +- _MUTEX_LOCK(&atexit_mutex); + } +- } ++ } while (call_finalize_again); ++ current_finalize_dso = NULL; + _MUTEX_UNLOCK(&atexit_mutex); + if (dso == NULL) + _MUTEX_DESTROY(&atexit_mutex); diff --git a/website/static/security/patches/EN-25:09/libc.patch.asc b/website/static/security/patches/EN-25:09/libc.patch.asc new file mode 100644 index 0000000000..e4ccc67b7f --- /dev/null +++ b/website/static/security/patches/EN-25:09/libc.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmhlfSIACgkQbljekB8A +Gu+2Mg//VC3nCmbD+MCiqR5fsFXO++U0MfMQ5w/jVkB9DKqZm0xkQoZ74EHhnXAW +N2u17xLR4vq65YLe4KDhnfCE2JuWmVuMtIqSZ7966co6cddmotxGxPh5rSG/nmfW +zWdJG6DWdRGK4UHL35wbFPfOlkMj/1JAAvFxGm80LrjvCqzCJo3owOViqzOkmzGa +tNWZRh+fKhBgx3rLUURCmvuhgWsFDN5kVOilxM51U+iNRMFYsVA5E5wThuFDJUHu +8uVMte8QlI/r/lWhzr87ROJ/OvpCXmSyNqJCPKlCOl4Y0zCOddJwptD6amAxbiks +gOWBt2CKgt5W2ZwHe2S5lAr5mbR6C8SFIqy5BRObgmpRAW854IoMeos/1RNk0U4K +6JLcpAqvUYA5RzZtVBhMVOKrsp1eJj1ZufSkAqWjgNzAY/iyD2GehO/n5AxF5EYe +NLufX60czw3/qtW7XtS1dxMlmpbPyfyGyPAd5FivVx9akrGlX6nK0EHgQUfhFbga +CLaQALRFAqZq8BugYb9WbapmvPDOGfpu5WeGHcoWqFYsUApuIeE4oNVcNowtfWwA +vvpdRGljXoca5tn3FgTr2glJAqFgln2pbAEPiRx4yOjaJddaxteCfT7pTGvX1MVG +B00sBJW0h5GfYFbJn9cseVgs7Qj5kF3ym/Z3i3MID6O5SGED9Zg= +=ktxu +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-25:10/zfs.patch b/website/static/security/patches/EN-25:10/zfs.patch new file mode 100644 index 0000000000..1125c937b9 --- /dev/null +++ b/website/static/security/patches/EN-25:10/zfs.patch @@ -0,0 +1,22 @@ +--- sys/contrib/openzfs/module/zfs/dmu_send.c.orig ++++ sys/contrib/openzfs/module/zfs/dmu_send.c +@@ -2676,8 +2676,8 @@ + } + + if (fromsnap != 0) { +- err = dsl_dataset_hold_obj_flags(dspp.dp, fromsnap, dsflags, +- FTAG, &fromds); ++ err = dsl_dataset_hold_obj(dspp.dp, fromsnap, FTAG, &fromds); ++ + if (err != 0) { + dsl_dataset_rele_flags(dspp.to_ds, dsflags, FTAG); + dsl_pool_rele(dspp.dp, FTAG); +@@ -2729,7 +2729,7 @@ + kmem_free(dspp.fromredactsnaps, + dspp.numfromredactsnaps * sizeof (uint64_t)); + +- dsl_dataset_rele(dspp.to_ds, FTAG); ++ dsl_dataset_rele_flags(dspp.to_ds, dsflags, FTAG); + return (err); + } + diff --git a/website/static/security/patches/EN-25:10/zfs.patch.asc b/website/static/security/patches/EN-25:10/zfs.patch.asc new file mode 100644 index 0000000000..76df7de385 --- /dev/null +++ b/website/static/security/patches/EN-25:10/zfs.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmhlfSQACgkQbljekB8A +Gu/6Gg/+MnOh5EePCKIEHRjqbpOq+q+tLPuH+Mm66rs2bEnInVRRSeDi6jBX8sld +mMgLTprKQnDw4UK4JsTJGYNnr09U3dPF/laiXxr//vw6HYZdv2e1pOtLKOq8xLZr +Vuk6tQX0IprR7DQTVh88jKSeiYjU34tiS9mUT523dZP5Zcwd1vOdmOAnib8x3XE8 +d2e0zKOuMLYHDHokqP5Mh7unyuapjPuRptF6mcdOLxvQ4xGTmwCvalTViDMCzY0X +DBDD32QDNeDcDf4SgZRHA0+MI3bqp5bcFjpR63Ox/TwUO9sscB3cfA6MCMEVx1nU +mk3dQEVGBTPjhHixfXq/PBjA4Jim9CboLNJdxiZfDStGaB8HkD24/Ran/FK1eASc +TjaBvNuRJcaIPKijkzCDP07290iWdWUgBNpxd94lHmoCpHEzJOuh4MTgRLX7xlD8 +uYv9hXX9MPA+AekDs0msCUQHz55jnzG7NExkAiFnMuNe0HyHyEhYr0HMYwK/sBxO +kbUZ9nL75mYrnxsAl31GmKHbURwWUkLOVk6aJE00qC+CNk/XpIq0gN/235E/6qAu +C3d8YXuj50bHRZZH8db2sGfGz25KqK//0gbQdU/zSt27XVSd7mZSFEu9aSRHst+s +LKiP67gRX60FaoP+VTgBUFYl8/TAr7gpyV/qMA90c3iOlzhq4M0= +=xDJw +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-25:11/ena.patch b/website/static/security/patches/EN-25:11/ena.patch new file mode 100644 index 0000000000..818b244777 --- /dev/null +++ b/website/static/security/patches/EN-25:11/ena.patch @@ -0,0 +1,66 @@ +--- sys/dev/ena/ena.c.orig ++++ sys/dev/ena/ena.c +@@ -2759,22 +2759,41 @@ + ena_set_llq_configurations(struct ena_llq_configurations *llq_config, + struct ena_admin_feature_llq_desc *llq, struct ena_adapter *adapter) + { ++ bool use_large_llq; ++ + llq_config->llq_header_location = ENA_ADMIN_INLINE_HEADER; + llq_config->llq_stride_ctrl = ENA_ADMIN_MULTIPLE_DESCS_PER_ENTRY; + llq_config->llq_num_decs_before_header = + ENA_ADMIN_LLQ_NUM_DESCS_BEFORE_HEADER_2; +- if ((llq->entry_size_ctrl_supported & ENA_ADMIN_LIST_ENTRY_SIZE_256B) != 0) { +- if ((ena_force_large_llq_header == ENA_LLQ_HEADER_SIZE_POLICY_LARGE) || +- (ena_force_large_llq_header == ENA_LLQ_HEADER_SIZE_POLICY_DEFAULT && +- llq->entry_size_recommended == ENA_ADMIN_LIST_ENTRY_SIZE_256B)) { +- llq_config->llq_ring_entry_size = +- ENA_ADMIN_LIST_ENTRY_SIZE_256B; +- llq_config->llq_ring_entry_size_value = 256; +- adapter->llq_policy = ENA_ADMIN_LIST_ENTRY_SIZE_256B; +- } ++ ++ switch (ena_force_large_llq_header) ++ { ++ case ENA_LLQ_HEADER_SIZE_POLICY_REGULAR: ++ use_large_llq = false; ++ break; ++ case ENA_LLQ_HEADER_SIZE_POLICY_LARGE: ++ use_large_llq = true; ++ break; ++ case ENA_LLQ_HEADER_SIZE_POLICY_DEFAULT: ++ use_large_llq = ++ (llq->entry_size_recommended == ENA_ADMIN_LIST_ENTRY_SIZE_256B); ++ break; ++ default: ++ use_large_llq = false; ++ ena_log(adapter->pdev, WARN, ++ "force_large_llq_header should have values [0-2]\n"); ++ break; ++ } ++ ++ if (!(llq->entry_size_ctrl_supported & ENA_ADMIN_LIST_ENTRY_SIZE_256B)) ++ use_large_llq = false; ++ ++ if (use_large_llq) { ++ llq_config->llq_ring_entry_size = ENA_ADMIN_LIST_ENTRY_SIZE_256B; ++ llq_config->llq_ring_entry_size_value = 256; ++ adapter->llq_policy = ENA_ADMIN_LIST_ENTRY_SIZE_256B; + } else { +- llq_config->llq_ring_entry_size = +- ENA_ADMIN_LIST_ENTRY_SIZE_128B; ++ llq_config->llq_ring_entry_size = ENA_ADMIN_LIST_ENTRY_SIZE_128B; + llq_config->llq_ring_entry_size_value = 128; + adapter->llq_policy = ENA_ADMIN_LIST_ENTRY_SIZE_128B; + } +--- sys/dev/ena/ena.h.orig ++++ sys/dev/ena/ena.h +@@ -39,7 +39,7 @@ + + #define ENA_DRV_MODULE_VER_MAJOR 2 + #define ENA_DRV_MODULE_VER_MINOR 8 +-#define ENA_DRV_MODULE_VER_SUBMINOR 0 ++#define ENA_DRV_MODULE_VER_SUBMINOR 1 + + #define ENA_DRV_MODULE_NAME "ena" + diff --git a/website/static/security/patches/EN-25:11/ena.patch.asc b/website/static/security/patches/EN-25:11/ena.patch.asc new file mode 100644 index 0000000000..765b9038aa --- /dev/null +++ b/website/static/security/patches/EN-25:11/ena.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmhlfSYACgkQbljekB8A +Gu+ynA/+LPSLPlJ/k5I41mYxPaS8nuUqvvxOEGWmwsMrRlJRAvLJSP+daZa7QLyb +QpEUq6Ln+svzIa2EhA44DRg+zP8xPDoHCtvzemXNxo5slWTs2wikpl6DvMuLuQgS +0N/JLUWw/NX3XdeN9YMpOBy05GM8H7Zkgx6O6WRBHC8G7eeTEq3l6a6Tq4RdrIR8 +9z7xbKzzJ40ZHmzjX7oJo6zRzLH4GRsTszc3eht+IPGEor1YCwmu98hKt4oddWhK +RaY87zoMXvDF2/T2PN4pH8UzC9Bv3zDmFJKfRvjpvH/3FZupRhNzJqqiIaMM2aMH +7YapfYmDgoWdfu4Y7IDtBLx758poGNPlocbrdAGCbl6pZ7tSdLemzHrJYHiNlaY/ +q0VyTDyUaZc7JemoYTrMcqfAm32u7mo1V9Yh6lk7NZH5V55cEeBvWoUEG649z78Q +/VHNeVeiKR1GcWagbLqZ+8NgZxpwze79eodUulPR4P1YZ+QpokPon5cbdGF88xTL +ORIufqEzczmWZElwRaK7+gEnFli/lKEHd07sh2gztY36D3RQGW/xD/O/F/ovpmsr +1rHKT/NinOPWaN+/O24RCu97ySBuDyQH7IRScJ8Pjk18Mtuhqn+2ip/il7992dDE +NChDoZmh1GSSdFmO6AfChLYNKtEgKD5Ipi69d6b8fHQev8N8trQ= +=MVMj +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/SA-25:06/xz.patch b/website/static/security/patches/SA-25:06/xz.patch new file mode 100644 index 0000000000..9cad7b0f76 --- /dev/null +++ b/website/static/security/patches/SA-25:06/xz.patch @@ -0,0 +1,182 @@ +--- contrib/xz/src/liblzma/common/stream_decoder_mt.c.orig ++++ contrib/xz/src/liblzma/common/stream_decoder_mt.c +@@ -23,15 +23,10 @@ + THR_IDLE, + + /// Decoding is in progress. +- /// Main thread may change this to THR_STOP or THR_EXIT. ++ /// Main thread may change this to THR_IDLE or THR_EXIT. + /// The worker thread may change this to THR_IDLE. + THR_RUN, + +- /// The main thread wants the thread to stop whatever it was doing +- /// but not exit. Main thread may change this to THR_EXIT. +- /// The worker thread may change this to THR_IDLE. +- THR_STOP, +- + /// The main thread wants the thread to exit. + THR_EXIT, + +@@ -346,27 +341,6 @@ + } + + +-/// Things do to at THR_STOP or when finishing a Block. +-/// This is called with thr->mutex locked. +-static void +-worker_stop(struct worker_thread *thr) +-{ +- // Update memory usage counters. +- thr->coder->mem_in_use -= thr->in_size; +- thr->in_size = 0; // thr->in was freed above. +- +- thr->coder->mem_in_use -= thr->mem_filters; +- thr->coder->mem_cached += thr->mem_filters; +- +- // Put this thread to the stack of free threads. +- thr->next = thr->coder->threads_free; +- thr->coder->threads_free = thr; +- +- mythread_cond_signal(&thr->coder->cond); +- return; +-} +- +- + static MYTHREAD_RET_TYPE + worker_decoder(void *thr_ptr) + { +@@ -397,17 +371,6 @@ + return MYTHREAD_RET_VALUE; + } + +- if (thr->state == THR_STOP) { +- thr->state = THR_IDLE; +- mythread_mutex_unlock(&thr->mutex); +- +- mythread_sync(thr->coder->mutex) { +- worker_stop(thr); +- } +- +- goto next_loop_lock; +- } +- + assert(thr->state == THR_RUN); + + // Update progress info for get_progress(). +@@ -472,8 +435,7 @@ + } + + // Either we finished successfully (LZMA_STREAM_END) or an error +- // occurred. Both cases are handled almost identically. The error +- // case requires updating thr->coder->thread_error. ++ // occurred. + // + // The sizes are in the Block Header and the Block decoder + // checks that they match, thus we know these: +@@ -481,16 +443,30 @@ + assert(ret != LZMA_STREAM_END + || thr->out_pos == thr->block_options.uncompressed_size); + +- // Free the input buffer. Don't update in_size as we need +- // it later to update thr->coder->mem_in_use. +- lzma_free(thr->in, thr->allocator); +- thr->in = NULL; +- + mythread_sync(thr->mutex) { ++ // Block decoder ensures this, but do a sanity check anyway ++ // because thr->in_filled < thr->in_size means that the main ++ // thread is still writing to thr->in. ++ if (ret == LZMA_STREAM_END && thr->in_filled != thr->in_size) { ++ assert(0); ++ ret = LZMA_PROG_ERROR; ++ } ++ + if (thr->state != THR_EXIT) + thr->state = THR_IDLE; + } + ++ // Free the input buffer. Don't update in_size as we need ++ // it later to update thr->coder->mem_in_use. ++ // ++ // This step is skipped if an error occurred because the main thread ++ // might still be writing to thr->in. The memory will be freed after ++ // threads_end() sets thr->state = THR_EXIT. ++ if (ret == LZMA_STREAM_END) { ++ lzma_free(thr->in, thr->allocator); ++ thr->in = NULL; ++ } ++ + mythread_sync(thr->coder->mutex) { + // Move our progress info to the main thread. + thr->coder->progress_in += thr->in_pos; +@@ -510,7 +486,20 @@ + && thr->coder->thread_error == LZMA_OK) + thr->coder->thread_error = ret; + +- worker_stop(thr); ++ // Return the worker thread to the stack of available ++ // threads only if no errors occurred. ++ if (ret == LZMA_STREAM_END) { ++ // Update memory usage counters. ++ thr->coder->mem_in_use -= thr->in_size; ++ thr->coder->mem_in_use -= thr->mem_filters; ++ thr->coder->mem_cached += thr->mem_filters; ++ ++ // Put this thread to the stack of free threads. ++ thr->next = thr->coder->threads_free; ++ thr->coder->threads_free = thr; ++ } ++ ++ mythread_cond_signal(&thr->coder->cond); + } + + goto next_loop_lock; +@@ -544,17 +533,22 @@ + } + + ++/// Tell worker threads to stop without doing any cleaning up. ++/// The clean up will be done when threads_exit() is called; ++/// it's not possible to reuse the threads after threads_stop(). ++/// ++/// This is called before returning an unrecoverable error code ++/// to the application. It would be waste of processor time ++/// to keep the threads running in such a situation. + static void + threads_stop(struct lzma_stream_coder *coder) + { + for (uint32_t i = 0; i < coder->threads_initialized; ++i) { ++ // The threads that are in the THR_RUN state will stop ++ // when they check the state the next time. There's no ++ // need to signal coder->threads[i].cond. + mythread_sync(coder->threads[i].mutex) { +- // The state must be changed conditionally because +- // THR_IDLE -> THR_STOP is not a valid state change. +- if (coder->threads[i].state != THR_IDLE) { +- coder->threads[i].state = THR_STOP; +- mythread_cond_signal(&coder->threads[i].cond); +- } ++ coder->threads[i].state = THR_IDLE; + } + } + +@@ -1561,6 +1555,10 @@ + } + + // Return if the input didn't contain the whole Block. ++ // ++ // NOTE: When we updated coder->thr->in_filled a few lines ++ // above, the worker thread might by now have finished its ++ // work and returned itself back to the stack of free threads. + if (coder->thr->in_filled < coder->thr->in_size) { + assert(*in_pos == in_size); + return LZMA_OK; +@@ -1948,7 +1946,7 @@ + // accounting from scratch, too. Changes in filter and block sizes may + // affect number of threads. + // +- // FIXME? Reusing should be easy but unlike the single-threaded ++ // Reusing threads doesn't seem worth it. Unlike the single-threaded + // decoder, with some types of input file combinations reusing + // could leave quite a lot of memory allocated but unused (first + // file could allocate a lot, the next files could use fewer diff --git a/website/static/security/patches/SA-25:06/xz.patch.asc b/website/static/security/patches/SA-25:06/xz.patch.asc new file mode 100644 index 0000000000..effe893efb --- /dev/null +++ b/website/static/security/patches/SA-25:06/xz.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmhlfTYACgkQbljekB8A +Gu9pKRAAnMQ+uzzV6MABz3ohymuHegDQrM2cM0K9JBSFiaja4OTvR3lqcrojCydj +MpE+iaTfMuDrqZUwjRWAe1zBecRvNWI1RExVupmaEcWCPDx1soHH/NPtgomlf2z6 +osmsA0Vz/4H2Rz0vkAZ7CEQhewI5j3sMYGz4z43g6X4H90Cgy2Pjxfmjwjmcdlun +1nYD34YFuCqKNeIMKw++ChdmTK+K5ky0u4ZUugH1XOKP999fa7My9fe/g18LApjn +ZptTKTMBCxiIwmJ/NllLVBvQxp7H16JB2WVzTeveRwphNswbyMKIM04Y4yyuF2MD +lI8IEpy3Np3erjms7DoZ+AE01UnFHCEI9J9oetxLps2P+MzL8q6o0BqBtCZtxJ+R +48XXz2gqXPkG67I6eeYHeDWcLlbclYB/sfFEQek62RDB10cm+fyJlVZ3LkztHp/6 +E8TDouzt/vx2XtZNM0Lsp21Za+7oJaSXtwpVxF0cezv/1CvCKdqwugpDbmGU5a7p +9b3kaTYMPPHJvrs1lf0Evc5OcFhmJsnTurMsNpySPBmg0IussM5B4oW8A0BgwOYi +yUOE40KjRIu6mIPx/9XSpnGhAa6ZYpng6FxecLLgd8F/S8wZZQvwlTeTJ0uZqA5A +eEqp2B2zHrmlKONPqsc5rxKfqNEjX0PtDyYHdRL6WWNTpxBPmf0= +=5HgZ +-----END PGP SIGNATURE----- |