FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F12.3 2023-02-08T18:09:41Z 2023-02-08T18:09:41Z Mariusz Zaborski oshogbo@FreeBSD.org 2023-02-08T16:41:06Z urn:sha1:5e1ad8bebd36392eeaa898fe2fc5348bd5e5c863 GELI allows to read a user key from a standard input. However if user initialize multiple providers at once, the standard input will be empty for the second and next providers. This caused GELI to encrypt a master key with an empty key file. This commits initialize the HMAC with the key file, and then reuse the finalized structure to generate different encryption keys for different providers. Reported by: Nathan Dorfman Tested by: philip Approved by: so Security: FreeBSD-SA-23:01.geli Security: CVE-2023-0751 (cherry picked from commit 5fff09660e06a66bed6482da9c70df328e16bbb6) (cherry picked from commit a5afaf4e9abd8d5e6cce5d6c433d2276bf9b8721) 2021-12-02T00:08:38Z Glen Barber gjb@FreeBSD.org 2021-12-02T00:08:38Z urn:sha1:70cb68e7a00ac0310a2d0ca428c1d5018e6d39e1 - Switch releng/12.3 from RC2 to RELEASE. - Add the anticipated 12.3-RELEASE date to UPDATING. - Set a static __FreeBSD_version. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC ("Netgate") 2021-10-15T13:16:00Z Felix Johnson felix.the.red@gmail.com 2021-10-06T20:47:02Z urn:sha1:75bb69738e427fd34fe2695d71b5381c2cc35066 login.conf.5 listed passwordtime in RESERVED CAPABILITIES, which is a section for capabilities not implemented in the base system. However, passwordtime has been implemented in the base for several years now. PR: 246099 Reported by: avg Reviewed by: 0mp MFC after: 3 days (cherry picked from commit e7f8f3b95e1ff76765f1d2f4412b95f6ff5abe25) 2021-10-12T16:01:26Z Adam Fenn adam@fenn.io 2021-08-07T20:11:29Z urn:sha1:2a16b0f333d47430c9d932aafa7d2af46f475fd4 Add support for 'VDSO_TH_ALGO_X86_PVCLK'; add vDSO-based timekeeping for devices that support the KVM/XEN paravirtual clock API. Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D31418 (cherry picked from commit a3d932dfef5edc9d1c947b02fb93a64d63a291cb) 2021-10-08T00:46:21Z Konstantin Belousov kib@FreeBSD.org 2021-10-01T01:17:02Z urn:sha1:d90db5033848d11f5f8a8542acbbaef663e6eabb (cherry picked from commit f5b9747075a9b489226e2a911f8a1597f4b9d072) 2021-10-07T00:07:19Z Glen Barber gjb@FreeBSD.org 2021-10-07T00:07:19Z urn:sha1:7ac2ccc068e0f8b92691b71ce5a695d10284bd25 Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC ("Netgate") 2021-10-06T08:46:58Z Kristof Provost kp@FreeBSD.org 2021-08-13T11:42:59Z urn:sha1:7d6def07e03e9e94f5c1f42f173e12c9c5effb2a Hook up the userspace bits to configure syncookies in adaptive mode. MFC after: 1 week Sponsored by: Modirum MDPay Differential Revision: https://reviews.freebsd.org/D32136 (cherry picked from commit 5062afff9de7e67da96e3f0dcb9d8bbd5a4e1c5b) 2021-10-06T07:16:02Z Kyle Evans kevans@FreeBSD.org 2021-09-29T21:48:20Z urn:sha1:90a75a07ed465acc7135125eeff3a06ebb2b281e This is consistent with, e.g., NetBSD's implementation, which declares these as noreturn in ssp/ssp.h. (cherry picked from commit 5487294d79f9ebe72a847d0855adb4df85e0d66e) 2021-10-06T07:07:16Z Kyle Evans kevans@FreeBSD.org 2021-09-30T18:19:05Z urn:sha1:0646c56e244ea51006c252cb91c2577290dba74e (cherry picked from commit 4b5554cebb66020f59dc869b835aebbd66e4bb8c) 2021-09-17T01:39:21Z Alexander Motin mav@FreeBSD.org 2021-08-18T21:11:03Z urn:sha1:3c1c3728f32cc71a3694f13be0610db5ff88519c Just validate the old metadata and exit. Originally the check was added to not thash the only copy of metadata, but we can achieve the same just by skipping the writing/trashing. The metadata validation should protect user from wrongly specifying new size instead of old. MFC after: 1 month Sponsored by: iXsystems, Inc. (cherry picked from commit c7cf100aafb4cb881e05a5153de152907f6c07f3)