graphics/py-visvis: Add backends and switch to Qt6
The PySide-Qt6 backend has been added, so users can now choose to use
PyQt and/or PySide, or neither.
PR: 296093
kern_exec.c: explicitly include sys/limits.h for UINT_MAX
While there, remove unneeded manual inclusion of sys/cdefs.h.
Fixes: e1a84b7708c2 ("execve_block(): a mechanism for mutual exclusion with execve() on the process")
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Avoid netlock dance in cad(4) ioctl.
While interface ioctl(8) is moving towards better parallel access,
drivers assuming exclusive netlock and unlocking explicitly cause
trouble. Use the drivers own configuration lock for protection.
Do not wait for task barriers while potentially holding the netlock.
Panic reported by Mark McBride and Thomas Pries.
Tested by dlg@; OK dlg@ mvs@
Convert support plugin to typesafe pattern
The support plugin was an old-style dict-based `ConfigService`. This converts it to the typesafe pattern: a lean `GenericConfigService[SupportEntry]` service class delegating to a `ConfigServicePart`, with `generic = True`, `check_annotations=True` on every public method, and typed `call2` for same-process calls.
- **Package split**: `plugins/support.py` becomes `plugins/support/` with `__init__.py` (lean service), `config.py` (`SupportModel` + `SupportConfigServicePart` holding `do_update`/`validate`), and `execute.py` (the `post` helper plus the `similar_issues`/`new_ticket`/`attach_ticket` logic as `ServiceContext`-typed functions).
- **API models**: decoupled `SupportAttachTicketArgs` from `@single_argument_args` into an explicit `SupportAttachTicket` inner model plus a plain wrapper (wire shape unchanged) so the method param can be annotated and field-accessed under `check_annotations`; exported every directly-imported model in `__all__`.
- **Registration**: registered the service in `main.py`'s `ServiceContainer` and added the plugin dir to `mypy.yml`.
- **Internal consumers**: `alert/source/proactive_support.py`, `alert/runtime.py`, and `truenas/tn.py` now use attribute access on the returned `SupportEntry` and typed `call2`/`context.call2` (constructing `SupportNewTicketEnterprise`) instead of dict access and string `middleware.call`.
The public wire shape is unchanged; live verification on the test VM confirmed read-only outputs, the update round-trip, the required-field validation path, and the ProactiveSupport alert consumer all behave identically to before.
[Xtensa] Call isUInt<8> in range-check asserts (#204731)
`printOffset8m8_AsmOperand` and `getSelect_256OpValue` assert on
`isUInt<8>` without calling it, so the expression takes the function's
address and the range check never runs. This also trips
`-Werror,-Wpointer-bool-conversion` in builds with assertions enabled.
Pass the operand value so the bound is actually checked.
Add scheduled apps backup to another pool
This commit adds changes to let the Docker config drive an automated apps-dataset backup to another pool on a cron schedule, disabled by default and weekly (Sunday) when enabled. The scheduled run reuses docker.backup_to_pool, skips/alerts gracefully when the source or target pool is unavailable, and prunes older source snapshots so the schedule doesn't accumulate them indefinitely.
Hack for PR 60224 or PR 60133:
add a specific message when a compat (base32 or base64) set
or a debug (or compat debug) set is not found.
Point at the CD vs. DVD images.
Still not an ideal UI, but reworking this properly is not going
to happen before 11.0, and this is intended as a stopgap fix that
should be pulled up.
Tolerate malformed JSON in audit databases
## Problem
The audit databases store `event_data`/`service_data` as JSON in TEXT columns that SQLite does not validate on insert, so a corrupted or otherwise non-JSON value can persist in a row (e.g. after a storage/IO incident). Audit queries that filter or select on a JSON path compile to `json_extract()`, and SQLite aborts the entire statement with `OperationalError: malformed JSON` the moment it evaluates that over a bad row. This bubbles up uncaught from the SMB alert sources as recurring CRITICAL `AlertSourceRunFailed` alerts, and breaks `audit.query`/`audit.export` and the UI audit page.
## Solution
Guard every JSON-path `json_extract` so a non-JSON row is skipped instead of aborting the query, and surface the corruption rather than dropping it silently.
- **WHERE side** (`datastore/filter.py`): an opt-in `guard_malformed_json` flag wraps the comparison in `CASE WHEN json_valid(col) THEN ... ELSE false`. CASE guarantees `json_valid()` runs before `json_extract()`, so a malformed row is excluded. The flag is forwarded through the `OR` recursion and defaults off, leaving datastore queries byte-for-byte unchanged.
- **SELECT side** (`audit/backend.py`): the audit backend opts in for filters and applies the same guard to `SELECT AS` json-path projections (`ELSE NULL`).
- **Decode hardening**: `decode_audit_json()` also catches `EJSONDecodeError`, so a syntactically valid document with a bad `$date`/`$time`/`$type` payload falls back to the raw string instead of failing the query.
- **Observability**: a daily scan counts rows whose JSON columns are unparseable and raises a per-service `AuditDatabaseCorrupted` alert (cleared once the rows are gone), since the guards otherwise drop corrupt rows quietly.
Covered by unit tests for the WHERE/SELECT guards, the decode helper, the malformed-row count, and the alert clear-key contract, plus an api2 test that seeds a corrupt row end to end.
webui/authentication flow - add "local_uri" type in SanitizeFilter() and use it in the authgui.inc flow to ease reuse later.
The new filter is a bit more strict than it used to be, but for good reasons, we likely need the same cleansing in a couple of other areas like https://github.com/opnsense/core/issues/10433
