Convert truecommand plugin to typesafe pattern
This commit adds changes to convert the truecommand plugin to the typesafe pattern, splitting the old compound ConfigService into a lean GenericConfigService that delegates to a ConfigServicePart with Pydantic models, while the portal/wireguard/state logic moves into plain context-first functions and same-process calls use call2. In-process consumers of truecommand.config (truenas and security) switch from dict access to typed attribute access.
sys/cdefs.h: Introduce __maybe_unused attribute
The __maybe_unused attribute should be used for variables which may or
may not be used, such as when their only use is in an assertion. This
attribute is functionally identical to __unused, suppressing compiler
warnings for particular variable if it remains unused.
Reviewed by: Minsoo Choo <minsoo at minsoo.io>, imp
Differential Revision: https://reviews.freebsd.org/D56517
(cherry picked from commit 84a95741805d84f0074a34d61b93ccf86f422cf3)
Restrict TOTP interval to supported values
This commit adds changes to restrict the per-user two-factor TOTP interval to 30 or 60 seconds, since the OATH users file consumed by pam_oath only understands those time-steps and any other value silently breaks 2FA for the user. A migration clears the secret and resets the interval for existing rows holding an unsupported value so affected users re-enroll, and the render-time coercion is dropped now that the input is validated at the API.
[lldb] Survive ptrace(PT_DENY_ATTACH) when attaching (#204688)
A process can opt out of being debugged with ptrace(PT_DENY_ATTACH). The
XNU kernel enforces this by delivering SIGSEGV to the *attaching*
process while it is still inside the ptrace(PT_ATTACHEXC) syscall. This
means debugserver gets killed before it can inspect the result. LLDB
only sees the dropped connection ("error: attach failed: lost
connection").
The condition can't be detected up front: the target's P_LNOATTACH flag
is not exposed to userspace. To work around this, install a temporary
SIGSEGV handler around the ptrace(PT_ATTACHEXC) call in AttachForDebug
and siglongjmp back out if it fires, turning the fatal signal into an
EPERM that propagates to lldb as a clear message:
```
error: attach failed: cannot attach to process N because it has
disabled debugging via ptrace(PT_DENY_ATTACH)
```
[7 lines not shown]
[mlir][ptr] Add constantop convertion (#204846)
Previously, Ptr.ConstantOp was missing the lowering pattern to LLVM IR.
This PR adds the missing conversion logic. See
https://github.com/llvm/llvm-project/pull/190527#issuecomment-4751141164.
---------
Co-authored-by: Fabian Mora <fmora.dev at gmail.com>
[Support] Remove unused parameter of DataExtractor constructor (#204840)
#190519 removed the uses of the parameter, and several follow-up patches
cleaned up call sites. This is the last patch in the series that finally
removes the parameter.
While here, also remove the unused "truncating constructor".
NAS-141350 / 27.0.0-BETA.1 / Reject and normalize non-colon NIC MAC addresses (#19154)
## Problem
A custom NIC MAC entered with dash, no-separator, or mixed separators
(e.g. `10-66-6A-1F-F1-B1`) passed the permissive `mac` pattern but
libvirt's `defineXML` only parses colon-separated MACs, so the
container/VM saved fine and then failed to start with `XML error: unable
to parse mac address`. The colon-only `MACAddr(separator=':')` guard the
VM plugin used through electriceel was dropped when devices moved to the
pydantic models at fangtooth, and containers (26.0+) never had it, so
these values can already be sitting in `vm_device` and
`container_device`.
## Solution
- Tightened the shared `MACAddress` type to colon-only with a clear
message, and switched the v27 VM and Container NIC `mac` fields to use
it (removing the duplicated permissive inline pattern). Frozen API
versions are left as-is.
- Added a migration that normalizes existing NIC MACs in both
[5 lines not shown]
net/bind: update to version 9.18.50.
Pkgsrc changes:
* None (just version + checksums)
Upstream changes:
Notes for BIND 9.18.50
----------------------
Removed Features
~~~~~~~~~~~~~~~~
- Remove ineffective TCP fallback after repeated UDP timeouts.
When an authoritative server failed to respond to two consecutive UDP
queries, :iscman:`named` marked the next retry as TCP but still sent
it over UDP, producing misleading dnstap records. The ineffective
retry path has been removed; a corrected TCP fallback will be restored
[34 lines not shown]
