[lld] Remove unused argument of DataExtractor constructor (NFC) (#196361)
`AddressSize` parameter is not used by `DataExtractor` and will be
removed in the future. See #190519 for more context.
[AArch64] Guard against vector invalidation in EmitAArch64CpuSupports. (#196909)
This prevents the Vector from being invalidated whilst iterator over it.
As far as I can tell we were adding elements twice.
Fixes #196789
Do not expect JSON output from TNC delete calls
This commit fixes a case where TNC's `DELETE /v1/systems/:id` endpoint returns 200 with an empty/non-JSON body, causing `unset_registration_details` to crash with `aiohttp.ContentTypeError` while attempting to decode the response as JSON. Passing `get_response=False` skips the body decode since the response payload is not used.
Synchronize timezone state across HA controllers
This commit fixes an issue where on HA systems, a timezone change on
the active controller did not fully propagate to the standby, leaving
its systemd-timedated cache stale until the next reboot.
The fix applies the timezone on both nodes from a shared helper, and
re-applies it on become-master so a promotion still converges when the
standby was down or disconnected during the update.
nuageinit: fix command injection and related issues
- Add shell_escape() helper to safely escape shell arguments
- Apply shell_escape to all user-controlled values in shell commands:
adduser (usershow, useradd, lock, primary_group, groups)
addgroup (groupshow, groupadd, members)
exec_change_password (usermod)
settimezone (tzsetup root and timezone)
install_package (pkg package names)
- Escape double quotes in hostname when writing rc.conf.d/hostname
- Add missing 'local' declaration for resolvconf_command in nameservers()
- Escape interface name in resolvconf -a command
- Change open_resolvconf_conf() from 'w' to 'a' mode to prevent
data loss when nameservers() is called multiple times
- Clean up stale resolvconf.conf at the start of each boot
(skip on postnet to preserve config written by first call)
MFC After: 1 day
Captive Portal: adjust redirection for modern portal support (#10290)
This facilitates redirection in captivity, but not when authenticated. Separate documentation will take of this.
ipfw: fix IPv6 flow label matching
* do not require just only ip6 proto for flow-id opcode in ipfw(8).
ipv6-icmp, tcp, udp should be fine too.
* fix off-by-one bug leading to out-of-bounds read.
* apply IPV6_FLOWLABEL_MASK before comparison in flow6id_match(),
so flow-id opcode will match a specified flow label. No need to
take protocol version and traffic class into account.
* add the test to verify that opcode is working correctly.
Reviewed by: pouria
Obtained from: Yandex LLC
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56869