libc: Fix getentropy POSIX 2024 conformance issues
GETENTROPY_MAX should be defined in limits.h. EINVAL is the return
value for buflen > GETENTROPY_MAX.
PR: 282783
Reviewed by: markj, asomers, jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47689
ssh_config.5: Remove redundant CheckHostIP default text
In 2000 (commit a95c1225217b) we changed the CheckHostIP default to
"no". We added text to ssh_config(5) documenting FreeBSD's default.
In 2021 OpenSSH made the same change, released with OpenSSH 8.5p1.
When we imported the update the added text remained, resulting in:
If the option is set to no (the default), the check will not be
executed. The default is no.
Remove the now-redundant text.
Fixes: 206be79acbde ("Vendor import of OpenSSH 8.5p1")
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 06016adaccca1958cdde4edf845f5b972be7ffc0)
(cherry picked from commit 2c97e333166d4f6f6b84da60b96a82982bb19649)
ssh_config.5: Remove redundant CheckHostIP default text
In 2000 (commit a95c1225217b) we changed the CheckHostIP default to
"no". We added text to ssh_config(5) documenting FreeBSD's default.
In 2021 OpenSSH made the same change, released with OpenSSH 8.5p1.
When we imported the update the added text remained, resulting in:
If the option is set to no (the default), the check will not be
executed. The default is no.
Remove the now-redundant text.
Fixes: 206be79acbde ("Vendor import of OpenSSH 8.5p1")
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 06016adaccca1958cdde4edf845f5b972be7ffc0)
pf: support source-hash and random with tables and dynifs, not just pools
This finally allows to use source-hash for dynamic loadbalancing, eg.
"rdr-to <hosts> source-hash", instead of just round-robin and least-states.
An older pre-siphash version of this diff was tested by many people.
OK tedu@ benno@
Obtained from: OpenBSD, reyk <reyk at openbsd.org>, 252a05523f
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: use siphash for pf_lb
for ipv6, we stretch it out a bit, but good enough.
ok reyk
Obtained from: OpenBSD, tedu <tedu at openbsd.org>, a558d13e2f
Sponsored by: Rubicon Communications, LLC ("Netgate")
vtfontcvt: Improve error message for unsupported DWIDTH
vtfontcvt requires that all glyphs are 1x or 2x a common width,
reporting for example "bitmap with unsupported DWIDTH 27 0 on line xxx"
if the font is expected to be 32 pixels wide.
Add the expected / permitted values to the error message to make the
issue more clear - for the same example,
"bitmap with unsupported DWIDTH 27 0 (not 32 or 64)".
Reviewed by: ziaee
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 3433daae0d20d55503084c4d17b8a3e685657ad2)
(cherry picked from commit 036ce9b76e0ac5bb3a611a4b259a39e3158c25d4)
libssh: Remove progressmeter
It is used only by scp and sftp, and already included directly in their
Makefiles. It does not belong in libssh.
Fixes: d8b043c8d497 ("Update for 3.6.1p1; also remove Kerberos IV shims.")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48871
(cherry picked from commit c0af32952564099fe30a34aeb335f95a6dc811ba)
nfscl: Return appropriate reply status for NFSv4.1 callbacks
Certain NFSv4.1 callbacks are not currently supported/used
by the FreeBSD client. Without this patch, NFS4ERR_NOTSUPP
is replied for the callbacks. Since NFSv4.1 does not specify
all of these callbacks as optional, I think it is preferable
to reply NFS_OK or NFS4ERR_REJECT_DELEG instead of NFS4ERR_NOTSUPP.
This patch changes the reply status for these unsupported
callbacks, which the client has no use for.
I am not aware of any NFSv4.1 servers that will perform
any of these callbacks against the FreeBSD client at this time.
MFC after: 2 weeks
linuxkpi: Add `shrinker_alloc()` and `shrinker_free()`
They are used by the DRM drivers in Linux 6.7.
Bump `FreeBSD_version` because external drivers that use `struct
shrinker` will have to be recompiled.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48747
linuxkpi: Print "TODO" if a driver call `pci_wake_from_d3()`
This helps developers working with linuxkpi find out a function is
already defined but is just a stub.
Reported by: bz
Reviewed by: bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48862
linuxkpi: Define `PCI_IRQ_LEGACY` for Linux < 6.10
Commit 03e39d3d42e70482cd6f65ecaa5cf8ff9674d27c decreased the Linux
version that exposes this constant to be Linux 6.7. It happens that the
constant is older.
However, it is removed in Linux 6.10. Let's change the version condition
to say that it is defined for any version before 6.10.
Reported by: bz
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48861
linuxkpi: Defaults to `get_file_rcu()` version from Linux 6.7
To use the old version, one has to explicitly set `LINUXKPI_VERSION` to
the expected version of Linux KPI.
Reported by: bz
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48860
libsys: Don't create or expose __realpathat
Previously, __realpathat was in libc and libsys (as is currently
standard), but not exported from libc which meant the stub in libc was
not filtered and thus libc's copy of the syscall was used. This broke
an upcoming change to CheriBSD limiting syscalls to libsys.
The realpath(3) implementation now uses __sys___realpathat so there are no
consumers of __realpathat. Switch it to PSEUDO (only _foo and __sys_foo
symbols) and remove __realpathat from Symbol.map.
This is a corrected version of 58d43a3cd72a4a85ab8489313672c7eab367495e.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D49049
upgt: Deprecate ancient 802.11b/g driver
Recently-reported bugs in this driver should be fixed, but also the
hardware it supports is obsolete so mark it for deprecation.
PR: 284876
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49045
openssh: Update to 9.9p2
This release exists primarily to fix two security bugs. The fixes have
been independently imported into FreeBSD. This import serves to update
the ssh and sshd version number.
A few minor bug fixes are also included; see the upstream release notes
for full details of the 9.9p2 release
(https://www.openssh.com/releasenotes.html).
Sponsored by: The FreeBSD Foundation
ssh: Remove unused prerendered man page
We use the source mdoc man pages (i.e., ssh-sk-helper.8) not the
rendered ones included in the OpenSSH releases.
Fixes: 0fdf8fae8b56 ("openssh: Update to 9.8p1")
Sponsored by: The FreeBSD Foundation
pkg-stage.sh: kde5 -> kde
The "kde5" package no longer exists; KDE goes to 6.
Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end
up being removed from this list in the near future.
With hat: re@
MFC after: 30 seconds
Sponsored by: Amazon
(cherry picked from commit 0d7b98c06c5ec9638020844ee460af075cfc6e54)
pkg-stage.sh: kde5 -> kde
The "kde5" package no longer exists; KDE goes to 6.
Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end
up being removed from this list in the near future.
With hat: re@
MFC after: 30 seconds
Sponsored by: Amazon
openssh: Update to 9.9p1
Highlights from the release notes are reproduced below. Bug fixes and
improvements that were previously merged into FreeBSD have been elided.
See the upstream release notes for full details of the 9.9p1 release
(https://www.openssh.com/releasenotes.html).
---
Future deprecation notice
=========================
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.
Potentially-incompatible changes
--------------------------------
[55 lines not shown]
