FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F13.5.0-p6 2025-10-22T15:53:22Z 2025-10-22T15:53:22Z Mark Johnston markj@FreeBSD.org 2025-10-22T15:52:29Z urn:sha1:c4530d6e5f368592b6048a0c63892626c05f433f Approved by: so 2025-10-22T15:53:11Z Mark Johnston markj@FreeBSD.org 2025-10-22T15:04:35Z urn:sha1:8a7adde307a4379a06f49c241d68f4314515836b Approved by: so (cherry picked from commit 1dd66c6ac2c146f540b2ff825fbee442354aeee5) (cherry picked from commit 8e999e63c356839fa60cf964e33e0054b63c7c87) 2025-10-22T15:52:57Z Mark Johnston markj@FreeBSD.org 2025-10-22T14:49:25Z urn:sha1:90e14aa082d3f90c8a805dc0394e1db851859835 While TCP disallows connect()ing a socket with SO_REUSEPORT_LB, UDP does not. As a result, a connected UDP socket can be placed in the lbgroup hash and thus receive datagrams from sources other than the connected host. Reported by: Amit Klein <amit.klein@mail.huji.ac.il> Reported by: Omer Ben Simhon <omer.bensimhon@mail.huji.ac.il> Reviewed by: glebius Approved by: so Security: FreeBSD-SA-25:09.netinet Security: CVE-2025-24934 (cherry picked from commit 320ad3dec5ff1b37f6907a47961c18b9d77e6a53) (cherry picked from commit df888c8f41f633be3aacecdd357ebaad62aa11bd) 2025-09-30T15:36:55Z Gordon Tetlow gordon@FreeBSD.org 2025-09-30T15:36:55Z urn:sha1:c106ed3325076a75e8aabaa78c60c6c5d0e69c65 Approved by: so 2025-09-30T15:32:35Z Gordon Tetlow gordon@FreeBSD.org 2025-09-30T15:28:59Z urn:sha1:ae7c74cfa5315e590cf7ef6fe8fe5e72330597e9 Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) Obtained from: OpenSSL Approved by: so Security: FreeBSD-SA-25:08.openssl Security: CVE-2025-9230 (cherry picked from commit c0dbaf2b5dbd16c113a6346ee748fd474fe192e5) 2025-09-30T04:58:26Z Colin Percival cperciva@FreeBSD.org 2025-09-23T06:55:08Z urn:sha1:ab91dd76ff72707d992cc54d2ebe1e424689d9cb Upgrading from 14.x to 15.x with freebsd-update broke because libc depends on the new libsys library; freebsd-update installed the new libc before creating libsys, and every step after that failed because all the tools (including gunzip and install) are dynamically linked and need a working libc. Enforce ordering when installing shared objects: First libsys, then libc, then libthr, and then all the rest of the shared object files. This is a candidate for an Errata Notice since the issue this fixes breaks upgrades. PR: 289769 Reported by: Graham Perrin Reviewed by: kib MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D52688 Approved by: so Security: FreeBSD-EN-25:18.freebsd-update (cherry picked from commit 7ece602e00e85195fc426a2401c49921cd39735e) (cherry picked from commit 87eb52f1b061989a948d3eb08953c81a4e1281f0) 2025-09-16T16:28:16Z Gordon Tetlow gordon@FreeBSD.org 2025-09-16T16:28:16Z urn:sha1:e8acfa0be301a840585d0ab42af9ce5e334a59cc Approved by: so 2025-09-14T00:22:42Z John-Mark Gurney jmg@FreeBSD.org 2025-08-18T20:25:37Z urn:sha1:751971e5545451114df20d809ead68bfe1d00915 if the syscall muxes are used, up to two additional arguments may be required. This means that the 8 required for mmap increases up to 10 (for __syscall). Sponsored by: Juniper Networks, Inc. Approved by: so Security: FreeBSD-EN-25:15.arm64 (cherry picked from commit 740b879c6ade531adebeba7cd2f261bbe650797f) (cherry picked from commit 98ac13c4baf5deb84010d632cb3b96dacd8c4eb6) 2025-08-08T00:23:24Z Gordon Tetlow gordon@FreeBSD.org 2025-08-08T00:23:24Z urn:sha1:23bc592b8fe46bbfa37f41ecc66fd30033df1463 Approved by: so 2025-08-07T23:50:06Z Martin Matuska mm@FreeBSD.org 2025-06-01T20:16:26Z urn:sha1:798b7b161a71282aff73d532ffe381b65dd04251 libarchive 3.8.1 New features: #2088 7-zip reader: improve self-extracting archive detection #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support #2403 zip writer: added LZMA + RISCV BCJ filter #2601 bsdtar: support --mtime and --clamp-mtime #2602 libarchive: mbedtls 3.x compatibility Security fixes: #2422 tar reader: Handle truncation in the middle of a GNU long linkname (CVE-2024-57970) #2532 tar reader: fix unchecked return value in list_item_verbose() (CVE-2025-25724) #2532 unzip: fix null pointer dereference (CVE-2025-1632) #2568 warc: prevent signed integer overflow (CVE-2025-5916) #2584 rar: do not skip past EOF while reading (CVE-2025-5918) #2588 tar: fix overflow in build_ustar_entry (CVE-2025-5917) #2598 rar: fix double free with over 4 billion nodes (CVE-2025-5914) #2599 rar: fix heap-buffer-overflow (CVE-2025-5915) Important bugfixes: #2399 7-zip reader: add SPARC filter support for non-LZMA compressors #2405 tar reader: ignore ustar size when pax size is present #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter #2539 libarchive: add missing seeker function to archive_read_open_FILE() #2544 gzip: allow setting the original filename for gzip compressed files #2564 libarchive: improve lseek handling #2582 rar: support large headers on 32 bit systems #2587 bsdtar: don't hardlink negative inode files together #2596 rar: support large headers on 32 bit systems #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings #2634 tar: Support negative time values with pax #2637 tar: Keep block alignment after pax error #2642 libarchive: fix FILE_skip regression #2643 tar: Handle extra bytes after sparse entries #2649 compress: Prevent call stack overflow #2651 iso9660: always check archive_string_ensure return value CVE: CVE-2024-57970, CVE-2025-1632, CVE-2025-25724, CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918 PR: 286944 (exp-run on main, libarchive 3.8.0) Approved by: so Security: FreeBSD-SA-25:07.libarchive (cherry picked from commit 2e113ef82465598b8c26e0ca415fbe90677fbd47) (cherry picked from commit f47afeb2ce1eb04a787a4b8c1a6d7752940268da)