security/syft: fix fetch
The port tries to fetch google.golang.org/genproto and its submodules
in different versions for some reason. This confuses our framework to
the point where it cannot fetch the port.
Fix the build by fetching the same (newer) version for both parent and
child. The versions are ~2 months apart, which should pose no problem.
Also mark as only for aarch64, amd64 due to use of modernc.org/sqlite
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
(cherry picked from commit c86a02ab3b84ac1e4a972e1217412a401d5692de)
security/syft: fix fetch
The port tries to fetch google.golang.org/genproto and its submodules
in different versions for some reason. This confuses our framework to
the point where it cannot fetch the port.
Fix the build by fetching the same (newer) version for both parent and
child. The versions are ~2 months apart, which should pose no problem.
Also mark as only for aarch64, amd64 due to use of modernc.org/sqlite
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
converters/simdutf: man pages only present if TOOLS options selected
This fixes the packaging if built with -TOOLS.
PR: 294895
Reported by: smyru
Reported by: Alessandro Sagratini <ale_sagra at hotmail.com>
sx: Add `sx_has_waiters()` macro
This macro will return non-zero if there are threads waiting for this
lock; otherwise, it will return zero.
The function assumes (but does not assert) that the caller already holds
the lock and that it is interested in other threads waiting for it to
release the lock.
The motivation to add this is the implementation of
`rwsem_is_contended()` in linuxkpi.
This Linux function indicates the same thing to the caller: if other
threads are waiting for this semaphore.
The amdgpu DRM driver started to use `rwsem_is_contended()` in Linux
6.12.
Reviewed by: bz, olce
[2 lines not shown]
linuxkpi: Define `VFM_*()` macros in <asm/cpu_device_id.h>
They use another set of constants and macros in <asm/intel-family.h>.
All these macros are defined regardless of the architecture, even though
they are specific to x86. Perhaps we should restrict them using #ifdefs.
The amdgpu DRM driver started to used `VFM_MODEL()` and the
`INTEL_*LAKE*` constants in Linux 6.12.x.
Reviewed by: bz, olce
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56585
devel/py-patch: Deprecate/Set to expire
* The project is no longer maintained by upstream, and an alternative,
py-patch-ng, has been available in the ports tree for some time now.
There are no consumers left in the tree as well.
www/py-django-configurations: Deprecate/Set to expire
* The project is no longer maintained by upstream, and an alternative,
py-django-configurator, has been available for some time now.
There are no consumers left in the ports tree as well.
* Set CONFLICTS_INSTALL while I'm here, because py-django-configurator
was recently added to the ports tree.
PR: 291707
With hat: python
www/py-django-configurator: New port
django-configurator eases Django project configuration by relying on
the composability of Python classes. It extends the notion of Django’s
module based settings loading with well established object oriented
programming patterns.
This is a port of the django-configurations project which is no longer
supported.
etcupdate: fix arguments order of diff command
Due to misplacement of the second -L argument of diff command, it is
treated by getopt_long as an error.
Also add -l option for a diff command that alters the way it shows
differences. Instead of printing full diff, it reports changed file
the same way as added/removed files are reported.
Reviewed by: imp
Obtained from: Yandex LLC
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56708
ifnet: if_detach(): Fix races with vmove operations
The rationality is that the driver private data holds a strong reference
to the interface, and the detach operation shall never fail. Given the
vmove operation, if_vmove_loan(), if_vmove_reclaim() or vnet_if_return()
is not atomic and spans multiple steps, acquire ifnet_detach_sxlock only
for if_detach_internal() and if_vmove() is not sufficient. It is possible
that the thread running if_detach() sees stale vnet, or the vmoving is
in progress, then if_unlink_ifnet() will fail.
Fix that by extending coverage of ifnet_detach_sxlock a bit to also
cover if_unlink_ifnet(), so that the entire detach and vmove operation
is serialized.
Given it is an error when the if_unlink_ifnet() fails, and if_detach()
is a public KPI, prefer panic() over assertion on failure, to indicate
explicitly that bad thing happens. That shall also prevent potential
corrupted status of the interface, which is a bit hard to diagnose.
[6 lines not shown]
tests/net/if_clone_test: Add a test for races between if_detach() and if_vmove_reclaim()
Ideally we shall have tests for all possible races. It is races between
if_detach(), if_vmove_loan(), if_vmove_reclaim() and vnet_if_return().
Well that requires too many tests and it appears to be less valuable to
have them all. So focus on potential in future regressions related to
recent fixes [1] and [2] only.
[1] ee9456ce3753 ifnet: Fix races in if_vmove_reclaim()
[2] ba7f47d47dc1 ifnet: if_detach(): Fix races with vmove operations
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D56606
(cherry picked from commit f4be16983dea4904f85ac20e921ad2a8c18a0f79)
if_clone: Make ifnet_detach_sxlock opaque to consumers
The change e133271fc1b5e introduced ifnet_detach_sxlock, and change
6d2a10d96fb5 widened its coverage, but there are still consumers,
net80211 and tuntap e.g., want it. Instead of sprinkling it everywhere,
make it opaque to consumers.
Out of tree drivers shall also benefit from this change.
Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D56298
(cherry picked from commit e9fc0c538264355bd3fd9120c650078281c2a290)
ifnet: vnet_if_return(): Avoid unnecessary recursive acquisition of ifnet_detach_sxlock
vnet_if_return() will be invocked by vnet_sysuninit() on vnet destructing,
while the lock ifnet_detach_sxlock has been acquired in vnet_destroy()
already.
With this change the order of locking is more clear. There should be no
functional change.
Reviewed by: pouria
Fixes: 868bf82153e8 if: avoid interface destroy race
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56288
(cherry picked from commit f1fae67afbb13a41d488d0e0ec66b1805925019c)
ifnet: Move SIOCSIFVNET from ifhwioctl() to ifioctl()
SIOCSIFVNET is not a hardware ioctl. Move it to where it belongs.
Where here, rewrite the logic of checking whether we are moving the
interface from and to the same vnet or not, since it is obviously not
stable to access the interface's vnet, given the current thread may
race with other threads those running if_vmove().
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55880
(cherry picked from commit 38bd7ef62f318f791e232e217855307a9d75efa0)
ifnet: Fix races in if_vmove_reclaim()
The thread running if_vmove_reclaim() may race with other threads those
running if_detach(), if_vmove_loan() or if_vmove_reclaim(). In case the
current thread loses race, two issues arise,
1. It is unstable and unsafe to access ifp->if_vnet,
2. The interface is removed from "active" list, hence if_unlink_ifnet()
can fail.
For the first case, check against source prison's vnet instead, given
the interface is obtained from that vnet.
For the second one, return ENODEV to indicate the interface was on the
list but the current thread loses race, to distinguish from ENXIO, which
means the interface or child prison is not found. This is the same with
if_vmove_loan().
Reviewed by: kp, pouria
[5 lines not shown]
ifnet: Remove unreachable code
The ioctls SIOCSIFVNET and SIOCSIFRVNET are for userland only. For
SIOCSIFVNET, if_vmove_loan(), the interface is obtained from current
VNET. For SIOCSIFRVNET, if_vmove_reclaim(), a valid child prison is
held before getting the interface. In both cases the VNET of the
obtained interfaces is stable, so there's no need to check it.
No functional change intended.
Reviewed by: glebius, jamie (for #jails)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55828
(cherry picked from commit e0731059af912a27d0f842959218946b1daaa7d1)