BSD Commit Log Search

news/inn{-current}: Add a dedicated nnrpd rc.d

While inn typically registers port 119 and handles spawning nnrpd for
reader connections, it is customary to run TLS-only nnrpd on port 563:
https://www.eyrie.org/~eagle/software/inn/docs/nnrpd.html#S4

Provide an nnrpd rc.d script for this purpose.  This requires innd for
start but is otherwise decoupled.  The admin should be aware that i.e.
stopping innd will disrupt posting.

Implement saturating fp to int

Implement floating-point comparisons

Implement integer comparisons and `G_SELECT`

Implement `COPY`

ipsec: move swanctl.conf download button to the tab

This aligns with the aliases actions tab.

devel/gumbo: Switch to meson and add TEST option

The autotools support from upstream is deprecated.

PR:             295323
Sponsored by:   UNIS Labs

Reporting: Traffic - add Max on Y axis for traffic graphs, closes https://github.com/opnsense/core/pull/10277

(cherry picked from commit 6d94603bb92dc6fb25ed9038230b53bacad153b8)

bootgrid: replace 'append' with 'replace' for ajax: false grids

Noticed while documenting.

replaceData() is a lot more performant through Tabulator, and since
there are only 3 callers and all of them expect a clear before
updating any data, use a replace instead.

In time these pages should use the default search endpoint anyway,
but this requires an API change.

make sure to keep the append() function for compatibility

(cherry picked from commit d8b07eb02eba635fc253a948b7800cfa40a2be60)

bootgrid: clean up converter compatibility code

Only other consumer is Nginx in plugins, but worst case scenario
these timestamps will render as... timestamps, which in that form
are sortable anyway. It's likely this was throwing an error anyway

The "sorters" weren't actually accounted for in the compat
translation, so this wasn't overridable. Fix this here.

(cherry picked from commit a7ec18550d8cbb4b2a750a5860c3da52bd1d81d7)

ui: clean up useRequestHandlerOnGet usage

This has no use anymore with the current bootgrid code. If a
handler should be overridden, simply defining the function is enough

(cherry picked from commit 4a67e91f0b32f78a2a4de2a792ffba0da4a4e2d2)

Services: Kea DHCPv6: Clean up allocator and pd-allocator terminology (#10330)

(cherry picked from commit 0bd232447b7dfafcd696ec083207188f4848d523)

Services: Kea DHCP: Kea DHCPv4 - add subnet allocator field (#10327)

(cherry picked from commit 6188aa8902429ea7ff690744799df8c32562ac9c)
(cherry picked from commit 153818d94babffcfb9a2c01933673cc109723939)

Services: Kea DHCPv4/6: Add decline_probation_period and set lower default to mitigate faulty client implementations to consume the whole pool (#10294)

* Services: Kea DHCPv4/6: Add decline_probation_period and set lower default to mitigate faulty client implementations to consume the whole pool.

* Use isSet() since 0 is allowed

(cherry picked from commit b80995f2135476b7fbeb2f650d74eebca55ad5b3)

Services: Kea DHCPv4/6: Some cleanup regarding isEmpty) usage when 0 is allowed in IntegerFields, and ensure no IntegerField accepts negative values. (#10295)

(cherry picked from commit 5aa76c203035d41b1b9de10f61367f668ec8be4c)

graphics/cimg: merge the two pre-configure targets

PR:             295438
Reported by:    Trond Endrestøl

mvc: stricten Email address validation and add a test case for it. filter_var(..,FILTER_VALIDATE_EMAIL) might align more with RFC's, but since RFC 5322 accepts almost everything, might not be the best option in reality.

(cherry picked from commit cf7836fe7fe2c9b4b2034b56414adc481dda8d31)
(cherry picked from commit db081565aeac90fc553d2e16f1242d1f72059871)
(cherry picked from commit b5ba8da0f3061b0c19b7dc8ed940072c515e16f1)
(cherry picked from commit 986b01d240fe86ce69c8e5aaca8a04f744e772fc)

system: lowercase this one

[BOLT][RISCV] Add RV32 bare-metal support (#193913)

Enable BOLT to read, analyze, and rewrite 32-bit RISC-V (RV32) ELF
binaries. This lets us use BOLT as the core of our internal binary
analysis tooling for RV32 targets.

Scope is limited to statically linked, non-PIE programs. PLT, GOT,
dynamic relocations, TLS, and the instrumentation runtime are out of
scope for this change yet, and we plan to support those stuff in future
changes.

interfaces: account for multiple UUIDs in VIP deletion

PR: https://github.com/opnsense/core/issues/10269

(cherry picked from commit afa7434044419f84513012d915aa0496bc3542e5)
(cherry picked from commit 91eb9f904f2acaed2cfe752f6ed258990a374511)
(cherry picked from commit 28ac053aaf4a5079841d7484a0775dc1c99867c0)

[DebugInfo][test] Replace Intel-proprietary intrinsics in fortran-basic.ll [NFC] (#198697)

The test was originally captured from Intel's Fortran compiler and
references two intrinsics that have never existed in upstream LLVM:

- @llvm.intel.subscript.p0.i64.i64.p0.i64 was only declared and never
called, so it can simply be dropped.
- @llvm.for.cpystr.i64.i64.i64 lowers to a string copy; rewrite the one
call site using @llvm.memcpy.p0.p0.i64. The test only checks the emitted
CodeView debug info, so the precise lowering of the string copy does not
matter.

[AMDGPU] Enable support for Wave64 on gfx13 (#198629)

This is a temporary workaround needed to unblock ongoing GFX13-related
changes. This will be removed by
https://github.com/llvm/llvm-project/pull/197991

   properly support RI_FULLCLEAR

Firewall: Rules [new] - fix unintended change in filtering logic caused by https://github.com/opnsense/core/commit/c4aefc08f41167b921595cd3f606aadc72b46730

When inspect mode is not selected, only full matches are expected when filtering specific interfaces.
This also means when selecting the inverse of an interface, it automatically belongs to the "floating" group for not being a direct match.

To explain the options a bit better, comments are inserted in the filtereing block.

(cherry picked from commit 9b8ee2a92f14092f6971a96c86ca2fe138cd7b89)
(cherry picked from commit 49b54ef032124e36eed2ad6fb19a9cc518f576a1)

Firewall: Aliases - regression in https://github.com/opnsense/core/commit/c0569f86d5538b4312dd7fd8f8613664db8dbed7, closes https://github.com/opnsense/core/issues/10291

(cherry picked from commit ae68650455acd6c35d464e35eb7d6a0e1f032f11)

system: tighten landing page redirect (#10239)

PR: https://github.com/opnsense/core/issues/10238
(cherry picked from commit dd63dd1a8e506658c0d4742c7b3790e28ee601e3)

firewall: use safe config iteration in interface registration

Some more style updates while here.

plugins: use safe config iteration in interface registration code

make: add a `wiff' target for fun and profit

(cherry picked from commit ff8481265d5e10a1fdf82ae1226d62c41c292b46)

[AMDGPU][test] Replace invalid intrinsic calls in two tests [NFC] (#198696)

These tests reference intrinsics that do not exist:

- sched.barrier.inverted.mask.ll calls @llvm.amdcn.s.nop, a typo of
@llvm.amdgcn.s.nop that has been in the test since it was added in
f1156fb622a7.
- si-split-load-store-alias-info.ll calls
@llvm.amdgcn.wmma.f32.16x16x16.f32, which has never existed (only the
.f16/.bf16/.fp8/.bf8 input variants are defined). The intrinsic was only
used to keep the loaded value alive between the load and the store; an
fadd serves the same purpose while exercising the same alias-info
propagation path being tested.

The dyn_cast<IntrinsicInst> we rely on in passes such as
ReplaceWithVeclib only checks the "llvm." prefix and does not validate
the intrinsic name, so these calls have silently become IntrinsicInst
with Intrinsic::not_intrinsic. Fix the tests so that strengthening the
check does not turn into a spurious regression.

Assisted-by: Opus 4.7