FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F13.5 2023-08-23T17:43:33Z 2023-08-23T17:43:33Z Warner Losh imp@FreeBSD.org 2023-08-22T01:32:18Z urn:sha1:350f9ac5b362558a39f447dea99d102b831ee0c8 Remove /^\s*\$FreeBSD\$$\n/ Similar commit in main: (cherry picked from commit 05248206f720) 2023-08-23T17:43:30Z Warner Losh imp@FreeBSD.org 2023-08-22T01:32:01Z urn:sha1:023fc80ee38a117fa65b2ccb2abf8bdc7dbd6fd9 Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ Similar commit in main: (cherry picked from commit d0b2dbfa0ecf) 2023-08-23T17:43:26Z Warner Losh imp@FreeBSD.org 2023-08-22T01:31:41Z urn:sha1:3d497e17ebd33fe0f58d773e35ab994d750258d6 Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/ Similar commit in main: (cherry picked from commit 1d386b48a555) 2023-08-23T17:43:22Z Warner Losh imp@FreeBSD.org 2023-08-22T01:31:13Z urn:sha1:34041aac835a0bce462bccb7e0239c0ba092f872 Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/ Similar commit in main: (cherry picked from commit 42b388439bd3) 2023-08-23T17:43:21Z Warner Losh imp@FreeBSD.org 2023-08-22T01:31:07Z urn:sha1:17da660ad5b3b9cd90e164dd4dbb9beaa7203054 Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/ Similar commit in main: (cherry picked from commit b3e7694832e8) 2023-04-16T02:50:10Z Simon J. Gerraty sjg@FreeBSD.org 2022-04-18T21:47:09Z urn:sha1:c1ca6b7ba3de3a9a50f1c53cba79e321fab37990 Main change is a callback for checking validity period of certificates. Merge commit 'f6acb9b9f81c96ae7c9592bee1bb89c4357cc3e5' Add -DHAVE_BR_X509_TIME_CHECK to libsecureboot/Makefile.inc (cherry picked from commit cc9e6590773dba57440750c124173ed531349a06) 2023-04-14T07:26:10Z Elyes HAOUAS ehaouas@noos.fr 2021-03-22T17:16:06Z urn:sha1:fbdf463375fa3fd57a76caa036efe7ec6a77a7c5 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Pull Request: https://github.com/freebsd/freebsd-src/pull/544 (cherry picked from commit cb25444c05071463d7f690590ed6288b015ec0fb) 2023-04-14T07:25:45Z Simon J. Gerraty sjg@FreeBSD.org 2022-07-19T15:59:53Z urn:sha1:32d22bbf32b86033f5f51196d7c6e7b0deda0f72 During software installation, use veriexec -S to strictly enforce certificate validity checks (notBefore, notAfter). Otherwise ignore certificate validity period. It is generally unacceptible for the Internet to stop working just because someone did not upgrade their infrastructure for a decade. Sponsored by: Juniper Networks, Inc. Reviewed by: sebastien.bini_stormshield.eu Differential Revision: https://reviews.freebsd.org/D35758 (cherry picked from commit ab4f0a15188087e407426aac2a720035fd2a3b0a) 2023-04-14T07:25:05Z Wojciech Macek wma@FreeBSD.org 2022-06-29T08:50:23Z urn:sha1:9c95cd930378cf5014b0abdafd3cc6645bfabbc8 If Trust Anchors are provided by UEFI and not compiled into libsecureboot the segmentation fault occurs due to empty or NULL string usage. Obtained from: Semihalf Reviewed by: sjg Differential revision: https://reviews.freebsd.org/D35120 (cherry picked from commit e6ef5042e485f74e7233a9974010b16a7316167e) 2023-04-14T05:19:33Z Simon J. Gerraty sjg@FreeBSD.org 2022-04-18T19:53:53Z urn:sha1:103a7c734a6732bc78af30da3cfb5d613888be78 Preparation for updating bearssl, pull in updates to libsecureboot. o fix handling of some out-of-memory cases o allow more control over reporting of Verified/Unverified files. this helps boot time when console output is slow o recheck verbose/debug level after reading any unverified file o more debug support for vectx o hash_string to support fake stat for tftp o tests/tvo add -v to simply verify signatures o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify verification in loader o report date when certificate fails validity period checks Reviewed by: stevek Sponsored by: Juniper Networks, Inc. (cherry picked from commit 666554111a7e6b4c1a9a6ff2e73f12cd582573bb)