if_fwsubr: remove ARP target hardware address trimming
Per RFC 2734 section 5, the 1394 ARP packet is a fixed 32-octet structure
with no target hardware address field.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D57617
firewire: NULL check on malloc in fw_busreset()
fw_busreset() allocates newrom with M_NOWAIT from interrupt context.
If the allocation fails, crom_load() dereferences a NULL pointer.
Skip the config ROM comparison on allocation failure so the next bus
reset will retry.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D57728
[AtomicExpand] Add bitcasts when expanding store atomic vector (#197862)
AtomicExpand fails for aligned `store atomic <n x T>` because it
does not find a compatible library call. This change adds appropriate
ptrtoint + bitcast so that the call can be lowered, mirroring the
load-side handling.
Store-side counterpart to #148900. Stacked on top of
https://github.com/llvm/llvm-project/pull/201566.
18163 Fix low-hanging 17694-discovered test bugs
Reviewed by: Gordon Ross <gordon.w.ross at gmail.com>
Reviewed by: Toomas Soome <tsoome at me.com>
Reviewed by: Peter Tribble <peter.tribble at gmail.com>
Reviewed by: Bill Sommerfeld <sommerfeld at hamachi.org>
Approved by: Robert Mustacchi <rm at fingolfin.org>
multimedia/vapoursynth: Limit port to tier 1 (64-bit) platforms and fix some style issues
Upstream only targets 64-bit platforms
(see release notes for R74 and meson.build) and they're the only plugins
are only optimized and/or runs reasonably fast on aarch64 and amd64.
This is also true for most other related software you normally use with
Vapoursynth. While at fix a few style issues
change iommu_map_sgtable() return type from size_t to ssize_t
Should be signed as error paths return -ENOMEM. Linux made the same
change a few years ago.
[orc-rt] Add InProcessControllerAccess class. (#204976)
Adds a Session::ControllerAccess implementation for in-process JIT
setups, where the controller (LLVM-side) and the executor (orc-rt) live
in the same address space.
The two sides communicate through a refcounted C-ABI struct (Connection)
of function pointers. The C-only interface avoids assuming a common C++
ABI between the two sides and supports symmetric, graceful disconnect:
when either side calls Connection::Disconnect, in-flight cross-calls are
drained and pending continuations are surfaced as out-of-band errors,
after which further cross-calls fail cleanly.
This is intended to be paired with a new ExecutorProcessControl
implementation (llvm::orc::InProcessEPC) on the LLVM side, landing in a
follow-up commit. Unit tests are included covering construction without
connect, attach via Session, OnConnect-failure detach, successful and
out-of-band-error call cases, and the disconnect-drains-pending
behavior.
[libc][math] Extend iscanonical macro to _Float16 and float128
iscanonical is a C23 type-generic macro, so the f16/f128 variants are
surfaced through it rather than as functions in the generated math.h.
float128 is only listed when distinct from long double (LDBL_MANT_DIG !=
113) to avoid two _Generic associations with compatible types.
[libc][math] Fix aarch64 Darwin fenv implementation for full builds
A full build replaces the system (Apple) <fenv.h> with libc's headers, so
fenv_darwin_impl.h no longer found an 8-byte fenv_t, FE_FLUSHTOZERO, or the
__fpcr_* masks it relied on. Size FPState to the fenv_t in scope, alias
FE_FLUSHTOZERO to FE_DENORM, and define the FPCR trap masks locally.
gss_impl.c: Fix a nfsd hang when the kgssapi.ko is loaded, but no gssd
After the conversion to using netlink, the kgssapi had
no way of knowing if the gssd daemon was running.
As such, a boot where the kgssapi is loaded, but the
gssd is not enabled would hang the nfsd for a very
long time. (Many timeouts at 300sec each.)
This patch adds a Null RPC upcall with a 200msec
timeout to check to see if the gssd is running.
If the gssd is not running, the nfsd starts up
(without Kerberos support) with only a 200msec
delay.)
Also, move the svc_svc_nl_create() and svc_reg() calls in gssd.c
to before the daemon() call, so they are guaranteed to have
been done before the nfsd(8) daemon is started by
the rc scripts.
[4 lines not shown]
powerpc/booke: Save watchdog context to "critical" save area
Watchdog interrupt is a "critical" interrupt, so save the correct
registers (CSSRn, into critical save area).
textproc/svndumptool: fix and enable tests
Enabling the tests will make it easier to confirm that a conversion from
Python 2 to Python 3 works as expected.
Update textproc/gemtext2html to 1.1
* Includes encoding in <meta> tag.
* Includes xmlns in <html> tag for XHTML compatibility.
* Allows specifying a prefix for local links.
* Makes e-mail address links a separate link class.
* Adds SVG to default list of image formats.
powerpc/pmap: Use variable-sized TID
e6500 core supports 14-bit TIDs (16384), while all earlier cores support
only 8 bit TIDs. Dynamically allocate the tidbusy array at bootstrap
time so that it stays in the TLB1, but is sized appropriately for the
core. With MAXCPU of 32, a e6500 tidbusy would be (8 * 32 * 16384), or
4MB for this array, while e5500 would use (8 * 32 * 256), or 64kB.
powerpc/booke: Extend TID register bits to the max
Some Book-E cores (at least e6500) can have much larger PID fields, up
to 14 bits. Extend the PID mask space to the full space, and future
changes may take advantage of this extended space.
ham/hamlib: Update to 4.7.2
Upstream NEWS, less bugfixes and minor improvements:
Version 4.7.2
* 2026-06-21
* rigctld: Fix send_raw stack out-of-bounds write and uninitialized memory;
CVE-2026-54634/GitHub GHSA-gpcq-c37x-pr4. (TNX George Baltz)
* rigctld: Fix stack/heap overflow primitive in read_string_generic +
auth bypass in rigctld + weak password handling; GitHub GHSA-f72v-7gmh-m9mj.
(TNX George Baltz)
Update committed in freeze, because:
- micro update
- good upstream history of micro being micro
- 6 dependencies (<25)
- carries CVE and would be pulled up anyway
and
- 5 deps build, and freedv is broken by a codec2 update
Do `ip_shuffle' initialization at boot time. ip_randomid() called in the
hot path so we want to keep it lockless, but avoid access to uninitialized
data.
ok deraadt
Tolerate malformed JSON in audit databases
## Problem
The audit databases store `event_data`/`service_data` as JSON in TEXT columns that SQLite does not validate on insert, so a corrupted or otherwise non-JSON value can persist in a row (e.g. after a storage/IO incident). Audit queries that filter or select on a JSON path compile to `json_extract()`, and SQLite aborts the entire statement with `OperationalError: malformed JSON` the moment it evaluates that over a bad row. This bubbles up uncaught from the SMB alert sources as recurring CRITICAL `AlertSourceRunFailed` alerts, and breaks `audit.query`/`audit.export` and the UI audit page.
## Solution
Guard every JSON-path `json_extract` so a non-JSON row is skipped instead of aborting the query, and surface the corruption rather than dropping it silently.
- **WHERE side** (`datastore/filter.py`): an opt-in `guard_malformed_json` flag wraps the comparison in `CASE WHEN json_valid(col) THEN ... ELSE false`. CASE guarantees `json_valid()` runs before `json_extract()`, so a malformed row is excluded. The flag is forwarded through the `OR` recursion and defaults off, leaving datastore queries byte-for-byte unchanged.
- **SELECT side** (`audit/backend.py`): the audit backend opts in for filters and applies the same guard to `SELECT AS` json-path projections (`ELSE NULL`).
- **Decode hardening**: `decode_audit_json()` also catches `EJSONDecodeError`, so a syntactically valid document with a bad `$date`/`$time`/`$type` payload falls back to the raw string instead of failing the query.
- **Observability**: a daily scan counts rows whose JSON columns are unparseable and raises a per-service `AuditDatabaseCorrupted` alert (cleared once the rows are gone), since the guards otherwise drop corrupt rows quietly.
Covered by unit tests for the WHERE/SELECT guards, the decode helper, the malformed-row count, and the alert clear-key contract, plus an api2 test that seeds a corrupt row end to end.
