pf: support source-hash and random with tables and dynifs, not just pools
This finally allows to use source-hash for dynamic loadbalancing, eg.
"rdr-to <hosts> source-hash", instead of just round-robin and least-states.
An older pre-siphash version of this diff was tested by many people.
OK tedu@ benno@
Obtained from: OpenBSD, reyk <reyk at openbsd.org>, 252a05523f
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: use siphash for pf_lb
for ipv6, we stretch it out a bit, but good enough.
ok reyk
Obtained from: OpenBSD, tedu <tedu at openbsd.org>, a558d13e2f
Sponsored by: Rubicon Communications, LLC ("Netgate")
vtfontcvt: Improve error message for unsupported DWIDTH
vtfontcvt requires that all glyphs are 1x or 2x a common width,
reporting for example "bitmap with unsupported DWIDTH 27 0 on line xxx"
if the font is expected to be 32 pixels wide.
Add the expected / permitted values to the error message to make the
issue more clear - for the same example,
"bitmap with unsupported DWIDTH 27 0 (not 32 or 64)".
Reviewed by: ziaee
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 3433daae0d20d55503084c4d17b8a3e685657ad2)
(cherry picked from commit 036ce9b76e0ac5bb3a611a4b259a39e3158c25d4)
libssh: Remove progressmeter
It is used only by scp and sftp, and already included directly in their
Makefiles. It does not belong in libssh.
Fixes: d8b043c8d497 ("Update for 3.6.1p1; also remove Kerberos IV shims.")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48871
(cherry picked from commit c0af32952564099fe30a34aeb335f95a6dc811ba)
nfscl: Return appropriate reply status for NFSv4.1 callbacks
Certain NFSv4.1 callbacks are not currently supported/used
by the FreeBSD client. Without this patch, NFS4ERR_NOTSUPP
is replied for the callbacks. Since NFSv4.1 does not specify
all of these callbacks as optional, I think it is preferable
to reply NFS_OK or NFS4ERR_REJECT_DELEG instead of NFS4ERR_NOTSUPP.
This patch changes the reply status for these unsupported
callbacks, which the client has no use for.
I am not aware of any NFSv4.1 servers that will perform
any of these callbacks against the FreeBSD client at this time.
MFC after: 2 weeks
linuxkpi: Add `shrinker_alloc()` and `shrinker_free()`
They are used by the DRM drivers in Linux 6.7.
Bump `FreeBSD_version` because external drivers that use `struct
shrinker` will have to be recompiled.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48747
linuxkpi: Print "TODO" if a driver call `pci_wake_from_d3()`
This helps developers working with linuxkpi find out a function is
already defined but is just a stub.
Reported by: bz
Reviewed by: bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48862
linuxkpi: Define `PCI_IRQ_LEGACY` for Linux < 6.10
Commit 03e39d3d42e70482cd6f65ecaa5cf8ff9674d27c decreased the Linux
version that exposes this constant to be Linux 6.7. It happens that the
constant is older.
However, it is removed in Linux 6.10. Let's change the version condition
to say that it is defined for any version before 6.10.
Reported by: bz
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48861
linuxkpi: Defaults to `get_file_rcu()` version from Linux 6.7
To use the old version, one has to explicitly set `LINUXKPI_VERSION` to
the expected version of Linux KPI.
Reported by: bz
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48860
libsys: Don't create or expose __realpathat
Previously, __realpathat was in libc and libsys (as is currently
standard), but not exported from libc which meant the stub in libc was
not filtered and thus libc's copy of the syscall was used. This broke
an upcoming change to CheriBSD limiting syscalls to libsys.
The realpath(3) implementation now uses __sys___realpathat so there are no
consumers of __realpathat. Switch it to PSEUDO (only _foo and __sys_foo
symbols) and remove __realpathat from Symbol.map.
This is a corrected version of 58d43a3cd72a4a85ab8489313672c7eab367495e.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D49049
upgt: Deprecate ancient 802.11b/g driver
Recently-reported bugs in this driver should be fixed, but also the
hardware it supports is obsolete so mark it for deprecation.
PR: 284876
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49045
openssh: Update to 9.9p2
This release exists primarily to fix two security bugs. The fixes have
been independently imported into FreeBSD. This import serves to update
the ssh and sshd version number.
A few minor bug fixes are also included; see the upstream release notes
for full details of the 9.9p2 release
(https://www.openssh.com/releasenotes.html).
Sponsored by: The FreeBSD Foundation
ssh: Remove unused prerendered man page
We use the source mdoc man pages (i.e., ssh-sk-helper.8) not the
rendered ones included in the OpenSSH releases.
Fixes: 0fdf8fae8b56 ("openssh: Update to 9.8p1")
Sponsored by: The FreeBSD Foundation
pkg-stage.sh: kde5 -> kde
The "kde5" package no longer exists; KDE goes to 6.
Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end
up being removed from this list in the near future.
With hat: re@
MFC after: 30 seconds
Sponsored by: Amazon
(cherry picked from commit 0d7b98c06c5ec9638020844ee460af075cfc6e54)
pkg-stage.sh: kde5 -> kde
The "kde5" package no longer exists; KDE goes to 6.
Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end
up being removed from this list in the near future.
With hat: re@
MFC after: 30 seconds
Sponsored by: Amazon
openssh: Update to 9.9p1
Highlights from the release notes are reproduced below. Bug fixes and
improvements that were previously merged into FreeBSD have been elided.
See the upstream release notes for full details of the 9.9p1 release
(https://www.openssh.com/releasenotes.html).
---
Future deprecation notice
=========================
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.
Potentially-incompatible changes
--------------------------------
[55 lines not shown]
Revert "libsys: Don't create or expose __realpathat"
This change broke RTLD. Revert while I test a fix.
This reverts commit fdccf0336197afe59be6f8859177fe2ff8f87fa6.
ssh: Remove unintended XAUTH_PATH setting
This crept in while rebasing the OpenSSH 9.8p1 update across
a63701848fe5 ("ssh: Move XAUTH_PATH setting to ssh.mk").
Fixes: 0fdf8fae8b56 ("openssh: Update to 9.8p1")
Sponsored by: The FreeBSD Foundation
openssh: Update to 9.8p1
Highlights from the release notes are reproduced below. Some security
and bug fixes were previously merged into FreeBSD and have been elided.
See the upstream release notes for full details
(https://www.openssh.com/releasenotes.html).
---
Future deprecation notice
=========================
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.
Potentially-incompatible changes
--------------------------------
* sshd(8): the server will now block client addresses that
[56 lines not shown]
libsys: Don't create or expose __realpathat
Previously, __realpathat was in libc and libsys (as is currently
standard), but not exported from libc which meant the stub in libc was
not filtered and thus libc's copy of the syscall was used. This broke
an upcoming change to CheriBSD limiting syscalls to libsys.
The realpath(3) implementation now uses __sys___realpathat so there are no
consumers of __realpathat. Switch it to PSEUDO (only _foo and __sys_foo
symbols) and remove __realpathat from Symbol.map.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D49049
libc: use __sys___realpathat directly in realpath
We don't need to use an interposable symbol for this purpose and it's
simpler to just call the syscall in libsys. This resolves a bug where
we were incorrectly using __realpathat in libc not libsys.
While here, drop support for running on a FreeBSD 12 kernel and simplify
includes.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D49048
ssh_config.5: Remove redundant CheckHostIP default text
In 2000 (commit a95c1225217b) we changed the CheckHostIP default to
"no". We added text to ssh_config(5) documenting FreeBSD's default.
In 2021 OpenSSH made the same change, released with OpenSSH 8.5p1.
When we imported the update the added text remained, resulting in:
If the option is set to no (the default), the check will not be
executed. The default is no.
Remove the now-redundant text.
Fixes: 206be79acbde ("Vendor import of OpenSSH 8.5p1")
Sponsored by: The FreeBSD Foundation
ssh: update FREEBSD-upgrade instructions
Make it clear that the 'freebsd-configure.sh' and 'freebsd-namespace.sh'
scripts are run from the crypto/openssh directory.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 6834ca8a434b1b934f21bbc068c90ae5c7fec7ef)
