Skip to content

Updated 14.2 to patch 3 #356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 4, 2025
Merged

Updated 14.2 to patch 3 #356

merged 8 commits into from
May 4, 2025

Conversation

ericbsd
Copy link
Member

@ericbsd ericbsd commented May 3, 2025

No description provided.

ppaeps and others added 8 commits April 10, 2025 22:38
@ppaeps
contrib/tzdata: import tzdata 2025b
2c5831b 
Changes: https://github.com/eggert/tz/blob/2025b/NEWS

Approved by:	so
Security:	FreeBSD-EN-25:04.tzdata

(cherry picked from commit d2cccde)
(cherry picked from commit 475082194ac811a925bf4a8109ef5e4f4f485dad)
@ppaeps
contrib/expat: update libexpat from 2.6.0 to 2.7.1
700e738 
Changes: https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes

Note that libbsdxml(3) is only intended to used by utilities in the
FreeBSD base system.  None of the vulnerabilities addressed by expat
releases 2.6.1 - 2.7.1 is exploitable on FreeBSD as supported by the
security-officer@ team.

Approved by:	so
Security:	FreeBSD-EN-25:05.expat
Security:	CVE-2024-8176
Security:	CVE-2024-50602
Security:	CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
Security:	CVE-2024-28757

(cherry picked from commit ffd294a)
(cherry picked from commit 7fcc9d6)
(cherry picked from commit ba23ab2)
(cherry picked from commit 8c7e4d1)
(cherry picked from commit 908f215)
(cherry picked from commit 78ab4c1)
(cherry picked from commit fe92788)
(cherry picked from commit 6f7ee9ac036ebd210d70cb177eba0c3c5bc930e3)
(cherry picked from commit 03a1992)
(cherry picked from commit 50c58014795c63813c508bce59c97895ae2ca3c7)
(cherry picked from commit 00c8538)
(cherry picked from commit fd4592006b1306e1d63a542612fd66a8374d181f)
@kevans91 @ppaeps
daemon: stop rebuilding the kqueue every restart of the child
4651d40 
We populate the kqueue with all of four kevents: three signal handlers and
one for read of the child pipe.  Every time we start the child, we rebuild
this kqueue from scratch for the child and tear it down before we exit and
check if we need to restart the child.  As a consequence, we effectively
drop any of the signals we're interested in between restarts.

Push the kqueue out into the daemon state to avoid losing any signal events
in the process, and reimplement the restart timer in terms of kqueue timers.
The pipe read event will be automatically deleted upon last close, which
leaves us with only the signal events that really get retained between
restarts of the child.

Approved by:	so
Security:	FreeBSD-EN-25:06.daemon
PR:		277959
Reviewed by:	des, markj

(cherry picked from commit bc1dfc3)
(cherry picked from commit 7ea2874)
@ngie-eign @ppaeps
openssl: Import OpenSSL 3.0.16
862cd6b 
This release incorporates the following bug fixes and mitigations:
- [CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
- [CVE-2024-9143](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143)

Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html

Approved by:	so
Security:	FreeBSD-EN-25:07.openssl
Differential Revision:  https://reviews.freebsd.org/D49296
Differential Revision:	https://reviews.freebsd.org/D49297

(cherry picked from commit 0d0c862)
(cherry picked from commit cb29db243bd09d16604435639ae43ef7af0ea254)
(cherry picked from commit d2a55e6)
(cherry picked from commit 0d61082e3c64a43f52ec5f1bf3d85671d97d9514)
@michael-o @ppaeps
caroot: update the root bundle
23d06bb 
Summary:
- Seven (7) new roots
- Four (4) distrusted roots
- Fifteen (15) removed (expired) roots

Approved by:	so
Security:	FreeBSD-EN-25:08.caroot
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D49294

(cherry picked from commit 0100da4)
(cherry picked from commit 7577dae4d67216c602dc11e2388d190a2c9dc9ff)
@ppaeps
Add UPDATING entries and bump version
1eb03b0 
Approved by:	so
@ericbsd
Merge remote-tracking branch 'freebsd/releng/14.2' into releng/14.2
c097dda
@ericbsd
updated 14.2 to patch 3
cda7fc7
@ericbsd ericbsd requested review from a team as code owners May 3, 2025 13:06
@ghostbsd-bot ghostbsd-bot moved this to In Review in Development Management May 3, 2025
@ericbsd ericbsd changed the base branch from stable/14 to releng/14.2 May 3, 2025 13:07
@ericbsd
Copy link
Member Author

ericbsd commented May 3, 2025

test this

@ericbsd ericbsd merged commit 0d45d18 into releng/14.2 May 4, 2025
4 checks passed
@github-project-automation github-project-automation bot moved this from In Review to Done in Development Management May 4, 2025
@ericbsd ericbsd deleted the 14.2p3 branch May 4, 2025 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
Development Management
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ericbsd @ppaeps @kevans91 @ngie-eign @michael-o