src/sbin, branch releng/14.3

dhclient: Improve server and filename validation

2026-04-30T21:21:27Z

* Don't iterate over each string three times; once is enough. * Reject control characters (anything below space) in addition to the double quote and backslash. * If an unsafe character is encountered, discard the string instead of rejecting the entire lease. * If backslashes are encountered in the file name option, convert them to forward slashes instead of rejecting the option. * Tweak the warning messages a bit. Looking through the rest of the code, it seems to me that notes generally end with a period while warnings generally don't. Approved by: so Security: FreeBSD-EN-26:11.dhclient Fixes: 8008e4b88daf ("dhclient: Check for unexpected characters in some DHCP server options") PR: 294886 MFC after: 1 week Reviewed by: brooks, markj Differential Revision: https://reviews.freebsd.org/D56740 (cherry picked from commit 873a195ba63575e46686cfd6ea9670a0ca340fa0) (cherry picked from commit 2f9478ad42c442c49a7eff60227148bf2b90b48c)

dhclient: Fix reallocation of dhclient script environments

2026-04-28T20:33:04Z

When the number of DHCP options exceeds a threshold, script_set_env() will reallocate the environment, stored as an array of pointers. The calculation of the array size failed to multiply by the pointer size, resulting in a smaller than expected buffer which admits out-of-bounds writes. Approved by: so Security: FreeBSD-SA-26:15.dhclient Security: CVE-2026-42511 Reported by: Joshua Rogers of AISLE Research Team (https://aisle.com/)

dhclient: Check for unexpected characters in some DHCP server options

2026-04-28T20:33:04Z

Some options are written directly to the lease file, which may be parsed by subsequent dhclient invocations. We must make sure that a malicious server can't control the "medium" field of a lease definition, otherwise they can achieve RCE by injecting one into the lease file, whereupon it will be passed to dhclient-script, which passes it through eval. Approved by: so Security: FreeBSD-SA-26:12.dhclient Security: CVE-2026-42511 Reported by: Joshua Rogers of AISLE Research Team (https://aisle.com/)

pfctl: always warn if a duplicate rule was detected

2026-03-25T16:13:37Z

Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 66d66dd0f6f83926980fc1d68dd366c0057350c5) (cherry picked from commit e79818ec36efafc994d8c5a912dcb94986c038c5)

route: fix `route -n monitor` when its output is redirected

2025-08-07T23:22:27Z

This is a small oversight in the transition to netlink; the non-netlink implementation would explicitly flush its stdout as necessary to avoid apparent long stalls in output when we end up fully-buffered. Adjust the netlink implementation to do the same. This was noticed while trying to triage failures in the wg-quick script. Commit message by kevans, patch by author. PR: 278265 Fixes: 091fec1188929 ("route: switch transport protocol [...]") Approved by: so Security: FreeBSD-EN-25:14.route (cherry picked from commit 97b61b22edba74c62adba1d022fb73541aa5ff93) (cherry picked from commit dd695839efd80fe81143cd6c7a552c30df8448f6)

mount.8: Add a single example for single user mode

2025-04-28T06:01:12Z

The zfs command to do this is a bit longer and harder to remember. In the last few releases mount(8) learned how to do this, so lets show it in the manual. MFC after: 3 days Reported by: Jan Bramkamp Discussed with: cperciva, emaste Reviewed by: mhorne Approved by: mhorne (mentor) Differential Revision: https://reviews.freebsd.org/D49988 (cherry picked from commit c3e06b23b4174c726d7d0ba131869e4aeee8067d)

dhclient: Keep two clocks

2025-04-23T04:50:31Z

Until July 2024, dhclient kept track of time as seconds-since-epoch as a time_t. This was a problem because (a) we wanted sub-second timeouts and (b) timeouts didn't always do the right thing if the system clock changed. Switching to using CLOCK_MONOTONIC and struct timespec fixed those issues but introduced a new problem: CLOCK_MONOTONIC values were being intepreted as seconds-since-epoch and written to the dhclient.leases file, causing confusion with DHCP leases expiring in early 1970. Attempt to compromise between these by keeping track of both times; any type within dhclient which is a time_t now refers to seconds past the epoch, while any struct timespec value is a CLOCK_MONOTONIC time. PR: 283256 Reviewed by: dch Fixes: f0a38976b01e ("dhclient: Use clock_gettime() instead of time()") Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D49720 (cherry picked from commit 43d19e6a4c42ade0f276ceca18a09e2e3829fce4)

pfctl: also remove incorrect counter print for rule anchors

2025-04-21T20:25:46Z

Just as for nat anchors we can't print counters for rule anchors. Remove the incorrect print call. MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 0fc3c29fb3dd6ab6436a78c502544ebf2cf63ee2)

pfctl: fix crash on "pfctl -a '*' -vvsr"

2025-04-21T20:25:46Z

When printing a nat anchor we don't have rule information, or rule counters. Do not attempt to print them. The information is nonsensical anyway, and this can cause a crash converting the timestamp to a string, as years in the very distant future use more digits, and we exceed the 30 byte buffer allocated for this. MFC after: 2 weeks Sponsored by: Orange Business Services (cherry picked from commit 168d873ae41fd8bd40555322a79c9f215cb4cb9c)

msdosfs manuals: Improve visibility and linking

2025-04-20T00:44:27Z

+ add `(FAT)` to all descriptions to enable `apropos fat` + xref all msdosfs(4) utilities in base to msdosfs(4) + xref msdosfs(4) to all msdosfs(4) utilities + remove unrelated fsck_ffs(8) from fsck_msdos(8) MFC after: 3 days Reviewed by: mhorne Approved by: mhorne (mentor) Pull Request: https://github.com/freebsd/freebsd-src/pull/1557 (cherry picked from commit 93f4377caba08e4a47fb9f1878bf609bd4181564)