BSD Commit Log Search

   Take maintainership

   Add Tk 9.

   Use string comparisons because (9 == 9.0) but ("9" != "9.0").
   Hardcode some version numbers for simplicity.


   ok gkoehler@

   +9

   Initial revision

   Add Tcl 9.

   Use string comparisons because (9 == 9.0) but ("9" != "9.0").
   Hardcode some version numbers for simplicity.


   ok gkoehler@

   +9

   Import Tcl 9.0.3.


   Tcl 9 arrives with 64-bit sizes, improved Unicode, ZIP filesystems,
   and too many other additions and improvements to list here.

   The Tcl 9 port is essentially the same as the Tcl 8.* ports, except:
   The port and some installed files and directories are simply "9", not "9.0".
   Future versions will also be "9", not separate "9.1", "9.2", etc.

   Many script extensions and programs will continue to work with 9.
   Binary extensions compiled against 8.* cannot be loaded into 9.


   https://sourceforge.net/projects/tcl/files/Tcl/9.0.0/tcl-release-notes-9.0.0.md
   https://sourceforge.net/projects/tcl/files/Tcl/9.0.1/tcl-release-notes-9.0.1.md
   https://sourceforge.net/projects/tcl/files/Tcl/9.0.2/tcl-release-notes-9.0.2.md
   https://sourceforge.net/projects/tcl/files/Tcl/9.0.3/tcl-release-notes-9.0.3.md


    [2 lines not shown]

   sysutils/docker-compose: update to 5.0.1

   Upstream rationalize 2.40.x -> 5.0.0 jump in version as:

   > We decided to skip 3.0.0 for next major release after docker Compose v2 to
   > prevent (more) confusion with the obsolete docker-compose file versions
   > 2.x and 3.x inherited from Docker Compose v1. We also skipped 4.0.0 to
   > have a clear separation with this legacy.

   Introduce pmap_start_tlb_shoot() from amd64 to make the tlb shootdown
   code more similar because a fix is coming and we'd rather place it in
   that inline function than replicate it numerous times.
   ok kettenis

   On Intel CPUs writes to the x2APIC MSRs are non-serializing.  This means
   that writes done before sending an IPI may not be visible to other CPUs
   because of out-of-order execution of the MSR write that triggers the IPI.
   Add a "mfence; lfence" barrier like Linux has to prevent this unexpected
   trap.

   ok deraadt@, mlarkin@, mpi@

   Run with jdk 11+. ok op@

   remove unused Xsyscall32 extern, var removed in locore.S rev 1.146

   + bgp-perf

   import bgp-perf, the OpenBGPD performance test suite

   ok claudio rsadowski sthen

   The OpenBGPD performance test suite contains two applications for
   performance measurements.

   The bgp-blaster tool can load mrtdump files into a table and emulate
   many peers using that table.

   The bgp-canary tool sends special UPDATE messages to the system under
   test and measures the latency through the system. The statistics for
   these measurements are available as an openmetric file.

   Update to stellarium-25.4.

   Update to exoscale-cli-1.89.0.

   Update to py3-git2-1.19.1.

   Print CCR hashes in the same way in filemode as elsewhere

   OK tb@

   Update lua-language-server 3.16.1 -> 3.16.4
   Changelog: https://github.com/LuaLS/lua-language-server/blob/master/changelog.md

   x11/xfce4/libxfce4windowing: update to 4.20.5.

   see https://gitlab.xfce.org/xfce/libxfce4windowing/-/tags/libxfce4windowing-4.20.5

   x11/xfce4/xfce4-panel: update to 4.20.6.

   see https://gitlab.xfce.org/xfce/xfce4-panel/-/tags/xfce4-panel-4.20.6

   x11/xfce4/xfce4-settings: update to 4.20.3.

   see https://gitlab.xfce.org/xfce/xfce4-settings/-/tags/xfce4-settings-4.20.3

   test the right thing, doofus

   avoid possible NULL deref if ssh_packet_check_rekey_blocklimit()
   called before the encrypted transport is brought up.

   make rdpkru() return unsigned, PKRU is all access/write disable bits
   no change in behaviour for existing callers
   ok deraadt@ mlarkin@

   Remove bug compatibility for implementations that don't support
   rekeying. AFAIK this is only an ancient Sun SSH version.

   If such an implementation tries to interoperate with OpenSSH, it
   will eventually fail when the transport needs rekeying.

   This is probably long enough to use it to download a modern SSH
   implementation that lacks this problem :)

   ok markus@ deraadt@

   Enforce maximum packet/block limit during pre-authentication phase

   OpenSSH doesn't support rekeying before authentication completes to
   minimise pre-auth attack surface.

   Given LoginGraceTime, MaxAuthTries and strict KEX, it would be
   difficult to send enough data or packets before authentication
   completes to reach a point where rekeying is required, but we'd
   prefer it to be completely impossible.

   So this applies the default volume/packet rekeying limits to the
   pre-auth phase. If these limits are exceeded the connection will
   simply be closed.

   ok dtucker markus

   unit tests for sshbuf_consume_upto_child()

   Add sshbuf_consume_upto_child(), to similify particular parsing
   patterns using parent/child buffer; ok markus@

   Serialize concurrent access to command queues with a mutex.  Fixes
   corruption visible on the Orion O6 with multiple devices and after
   the secondary cores spun up.  Command queue handling/synchronization
   can probably the improved further.