Remove bug compatibility for implementations that don't support
rekeying. AFAIK this is only an ancient Sun SSH version.
If such an implementation tries to interoperate with OpenSSH, it
will eventually fail when the transport needs rekeying.
This is probably long enough to use it to download a modern SSH
implementation that lacks this problem :)
ok markus@ deraadt@
Enforce maximum packet/block limit during pre-authentication phase
OpenSSH doesn't support rekeying before authentication completes to
minimise pre-auth attack surface.
Given LoginGraceTime, MaxAuthTries and strict KEX, it would be
difficult to send enough data or packets before authentication
completes to reach a point where rekeying is required, but we'd
prefer it to be completely impossible.
So this applies the default volume/packet rekeying limits to the
pre-auth phase. If these limits are exceeded the connection will
simply be closed.
ok dtucker markus
Remove __deprecated definition from OpenZFS compiler.h
Since it is now provided by <sys/cdefs.h>.
Direct commit to stable/13, since OpenZFS compiler.h has been
substantially changed in newer branches.
cdefs: Add __deprecated
Add __deprecated decorator. This is for a deprecated interface. copystr
is tagged with this today in copy(9), but don't actually provide it or
use it. copystr is a #define so adding it will have to wait.
LinuxKPI was defining this away completely in compiler.h. Since this is
shared between Linux KPI consumers and OpenZFS, if it's already defined,
use the FreeBSD sys/cdefs.h version, otherwise define it away. For
OpenZFS this will retain it, while for Linux KPI it will tend to drop it
(I think always, but I didn't look at everything).
Sponsored by: Netflix
Reviewed by: jhb, emaste
Differential Revision: https://reviews.freebsd.org/D46137
(cherry picked from commit 16672453f12586703f1c51d909bd1900691bf884)
cdefs: Add __deprecated1 which accepts a message as an argument
This message will be included in any warning issued by the compiler
for use of the deprecated function.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D47701
(cherry picked from commit 6da04bcff9efedeae7d4046553002b9e3b2bc24f)
sys/cdefs.h: add __noexcept and __noexcept_if
These macros provide the C++11 noexcept and noexcept(...) keywords if
we're compiling in a C++11 environment. Otherwise, they expand to an
empty string.
This will be used to add the required noexcept specifier to several libc
functions as required in C++11.
MFC after: 2 weeks
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1085
(cherry picked from commit 02b0d4b688cc4deb14cb6e7534a2a4958e48b753)
Serialize concurrent access to command queues with a mutex. Fixes
corruption visible on the Orion O6 with multiple devices and after
the secondary cores spun up. Command queue handling/synchronization
can probably the improved further.
We reserve regions in the IOVA map to ensure that we don't accidentally
hand out addresses to the device that terminate in other places, e.g PCI
BARs. The IOVA address space, and thus its extent, can be smaller than
real physical address space, in which those PCI BARs are. As the extent
susbsystem greets us with a panic if we attempt to allocate outside its
coverage, ensure that we skip or clamp those. This was visible on mpi@'s
Ampere Altra with SMMUv3 turned on.
chat/matrix-synapse: Update to 1.144.0
* Unstable mutual rooms endpoint is now behind an experimental feature flag
Admins using the unstable MSC2666 endpoint
(/_matrix/client/unstable/uk.half-shot.msc2666/user/mutual_rooms),
please check the relevant section in the upgrade notes as this
release contains changes that disable that endpoint by default.
* Features
Add experimental implementation of MSC4380 (invite blocking). (#19203)
Allow restarting delayed event timeouts on workers. (#19207)
Purge the ifq if the link is down. This aligns the behaviour with other
drivers, like em(4). This fixes an issue where dwqe(4), e.g. on a veb(4),
doesn't recover when the link is done but packets are bridged, filling up
the ifq.
ok dlg@
sysutils/usermin: Fix interactive prompts during install
Replace read statements with auto-answers in setup.sh patch to prevent
the installer from blocking on stdin for config_dir, var_dir, and perl
path inputs.
[NFC][OpenMP][Offload] Add tests for `use_device_ptr(fb_preserve/nullify)`.
The fallback modifiers are currently part of OpenMP 6.1. The tests
mostly fail for now. The associated libomptarget and clang parsing/sema
changes are in #169438, #169603 and #170578, with clang codegen to
follow.
