release/tools: use same pkg settings in containers as in /etc/pkg/FreeBSD.conf
Instructions in /etc/pkg/FreeBSD.conf and elsewhere recommend putting
changes in /usr/local/etc/pkg/repos/FreeBSD.conf so bring OCI containers
into line as well.
Reviewed by: dfr, ivy
Differential Revision: https://reviews.freebsd.org/D54090
MFC after: 5 days
Sponsored by: SkunkWerks, GmbH
(cherry picked from commit c73ae67348998a0056145e88debbea9ff6860c4f)
Mirrors: Remove CD and DVD distributors
The last few years, there is only one distributor of FreeBSD discs,
and they only update their website if I send them an email, so I think
they are not actually selling any and nobody wants this.
Discussed with: cperciva
OpenSSH: Update to 10.2p1
Full release notes are available at
https://www.openssh.com/txt/release-10.2
Selected highlights from the release notes:
Bugfixes
--------
* ssh(1): fix mishandling of terminal connections when
ControlPersist was active that rendered the session unusable.
bz3872
Sponsored by: The FreeBSD Foundation
security/crowdsec: Security update 1.7.7 => 1.7.8
This release contains fixes for two vulnerabilities
that are scheduled for public disclosure shortly.
Changelog:
* Use Go 1.26 explicitly.
https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.8
PR: 295238
Reported by: Manuel Sabban <manuel at crowdsec.net> (maintainer)
Approved by: osa, vvd (Mentors, implicit)
MFH: 2026Q2
(cherry picked from commit 75aaf55344f17a9aa78807152a07020e23aa9dc5)
security/crowdsec: Security update 1.7.7 => 1.7.8
This release contains fixes for two vulnerabilities
that are scheduled for public disclosure shortly.
Changelog:
* Use Go 1.26 explicitly.
https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.8
PR: 295238
Reported by: Manuel Sabban <manuel at crowdsec.net> (maintainer)
Approved by: osa, vvd (Mentors, implicit)
MFH: 2026Q2
OpenSSH: Update to 10.1p1
Full release notes are available at
https://www.openssh.com/txt/release-10.1
Selected highlights from the release notes:
Potentially-incompatible changes
* ssh(1): add a warning when the connection negotiates a non-post
quantum key agreement algorithm.
* ssh(1), sshd(8): major changes to handling of DSCP marking/IPQoS
* ssh(1), sshd(8): deprecate support for IPv4 type-of-service (ToS)
keywords in the IPQoS configuration directive.
* ssh-add(1): when adding certificates to an agent, set the expiry
to the certificate expiry time plus a short (5 min) grace period.
[17 lines not shown]
igmp: Avoid leaving dangling pointers in the state-change queue
When igmp_v3_merge_state_changes() is iterating over state-change
packets, there is a case where it'll free a queued packet but will fail
to remove it from the queue. Fix that.
Reported by: Yuxiang Yang, Yizhou Zhao, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM5.1 from Z.ai
Reviewed by: pouria, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56947
fsck_ffs: Avoid relying on param.h pollution from libufs.h
- gjournal.c needs param.h to get a definition of isclr().
- fsck.h needs signal.h for sig_atomic_t.
Sort includes while here.
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56858
if_vxlan: Update *m0 after a pullup
vxlan_input()'s caller is supposed to free *m0 if it is non-NULL after
the function returns. vxlan_input() failed to update *m0 after the
pullup however, so if it hits an error case after the pullup, we'll free
the mbuf twice. Currently this can happen only if the interface is
brought down or due to a packet loop.
Reported by: Yuxiang Yang, Yizhou Zhao, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM5.1 from Z.ai
Reviewed by: pouria, zlei
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56944
cpuset: Move userspace declarations out of _cpuset.h
The _*.h headers are for structure definitions and should avoid
dependencies on other headers. This convention is violated by using
__BEGIN_DECLS/__END_DECLS.
Move the declarations to cpuset.h, I see no reason they can't be there.
Reviewed by: olce, brooks, kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56856
libufs: Avoid using param.h constants in libufs.h
MAXBSIZE is defined in param.h, which defines many other things. To
avoid forcing all consumers of libufs.h to include param.h, let's
instead redefine it and verify the definition in inode.c.
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56859
tests/ip_mroute: Remove test timeouts
The configured timeout of 30s is a bit too low for a couple of tests
which create 4+ VNET jails when running tests in parallel and with
kernel sanitizers enabled. There's no reason to have custom timeouts,
just use the default.
MFC after: 1 week
