spa: make ccw_retry_interval tunable on Linux (#18681)
zfs_ccw_retry_interval sets the time interval after which a retry of a
failed write of the configuration cache file is attempted. It was only
exposed on FreeBSD. Make it Linux tunable with ZFS_MODULE_PARAM and
document it in zfs.4.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Richard Yao <richard at ryao.dev>
net-p2p/amule: Switch to security/cryptopp-modern dependency
- Add upstream patch to fix cryptopp-modern version detection
- Remove segmentation fault fix used with security/cryptopp dependency
- Pet portclippy
security/cryptopp-modern: New port: C++ class library of cryptographic algorithms and schemes
- Add CONFLICTS_INSTALL to security/cryptopp
Actively maintained fork of Crypto++ library which features multiple
algorithms and schemes such as:
ChaCha20-Poly1305, AES, Camellia, Blowfish, Threefish, Triple-DES, block
mode chipers, BLAKE2s, BLAKE3, GMAC, HMAC, SHA*, RSA, DSA, DH, ed25519,
x25519, Argon2, ML-KEM ML-DSA to name a few.
It acts as a drop-in API/ABI compatible replacement for the original
Crypto++ library
WWW: https://github.com/cryptopp-modern/cryptopp-modern
Reviewed by: diizzy
[VPlan] Narrow interleave groups with distinct live-in operands. (#203778)
Extend narrowInterleaveGroups so bundles with live-ins can be narrowed
by using BuildVector for the operands.
This only applies to fixed VFs: for scalable VFs the number of original
iterations processed by the narrowed plan depends on vscale, so a fixed
per-field vector cannot be built.
Another missing piece for
https://github.com/llvm/llvm-project/issues/128062
On a large IR corpus based on C/C++ workloads (32k modules), this
triggers in ~38 modules.
PR: https://github.com/llvm/llvm-project/pull/203778
graphics/mesa-{dri,libs}: Fix building with iris and anv off
Move the pkgconfig related CONFIGURE_ENV knob to a common place instead of
activating it depending on options.
PR: 296094
Reported by: Oleh Hushchenkov <o.hushchenkov at gmail.com>
graphics/mesa-dri: Make glslang an unconditional build dependency
Strictly speaking, glslang is only needed for Vulkan drivers, but this isn't
a heavy dependency.
PR: 296094
Reported by: Oleh Hushchenkov <o.hushchenkov at gmail.com>
[analyzer] Bring unix.cstring.UninitializedRead checker out of alpha (#196292)
There have been recent improvements (#186802) and fixes (#191061)
related to this checker. The reports are no longer noisy, as evaluated
on 14 OS projects.
---------
Co-authored-by: Donát Nagy <donat.nagy at ericsson.com>
[RISCV][P-ext] Fold (PSRL/PSRA (concat (trunc (PSRL X, C1)), (trunc (PSRL Y, C1))), C2). (#204659)
into (concat (trunc (PSRL/PSRA X, C1+C2)), (trunc (PSRL/PSRA Y,
C1+C2))). If C1 is equal to the number of bits discarded by the truncate.
We recently added this for for a single truncate. This expands it to
concatenated truncates.
Assisted-by: Claude
Add SCRAM-PLUS channel binding support
Wire up the server side of SCRAM-PLUS (RFC 5929 tls-server-end-point)
channel binding for API-key auth, using the primitives added in
truenas-scram 0.2.0.
- pam_keyring publishes the active UI cert's tls-server-end-point value
as the TRUENAS_SCRAM_PLUS_SERVER_BINDING 'user' key in the uid=0
persistent keyring for pam_truenas to verify against. Idempotent and
best-effort; rotates in place and is cleared when no UI cert is set.
- truenas-api-key.mako passes channel_binding=negotiate, so binding is
honored when offered but never required.
- Regenerate pam on UI-cert redeploy and on a UI-cert switch to keep
the published binding in sync with the served cert.
- ScramPamAuthenticator rejects a client demanding binding (gs2 'p=')
over a non-TLS transport: TLS terminates at nginx, so the binding is
only a hash of the public cert that a cleartext client could replay.
- Bump python3-truenas-scram to >= 0.2.0 and document the behavior in
the AuthSCRAM model.
[4 lines not shown]
Prevent a DoS attack by stuffing the server with too many fragments that
can lead to resource exhaustion and memory corruption. Reported by Andrew
Griffiths