FreeBSD/src 1ad466cusr.bin/netstat inet.c

netstat: fix a segfault with --libxo

Fix a segfault when printing the "protocol" field.  The field-format and
encoding-format were expecting different numbers of arguments.

Also, fix the width of the tcp-state field in encoded output.

PR:             292228
Fixes:          c2b08c13c20 netstat: add support for UDP-Lite endpoints
Sponsored by:   ConnectWise
Reviewed by:    tuexen, js, des
Differential Revision: https://reviews.freebsd.org/D54567

(cherry picked from commit 3b6615ec0332f901fcc9e9307f78717424f09c1e)
DeltaFile
+5-6usr.bin/netstat/inet.c
+5-61 files

FreeBSD/src b6533f6tests/sys/fs/fusefs mockfs.cc

fusefs: Fix further intermittency in the BadServer.ShortWrite test case

After being unmounted, the mockfs server would occasionally read from
/dev/fuse again, if the main function didn't exit fast enough, getting
an ENODEV error.  Handle that appropriately.

Reported by:    Siva Mahadevan <me at svmhdvn.name>
Fixes:          d86025c1d49c84c4dc8c3635c83c078ad56e5a53
Reviewed by:    Siva Mahadevan <me at svmhdvn.name>
Differential Revision: https://reviews.freebsd.org/D54331

(cherry picked from commit f51e9d0e0988df58c94db586ab5c8b5fd091c004)
DeltaFile
+5-1tests/sys/fs/fusefs/mockfs.cc
+5-11 files

FreeBSD/src 46a760esbin/geom/core geom.c

gpart: "gpart --libxo:JP list" duplicates attribute keys

Add leaf-list modifier to attrib as it's possible to have multiple
attributes on a gpart provider.

I purposely made it so that the normal output still says "attrib:" just
so we don't break any scripts people may be using to parse the output,
but the libxo output now says "attribute" just like `gpart show` will do
once https://reviews.freebsd.org/D53950 is merged.

PR:             291377
Reviewed by:    asomers
Sponsored by:   ConnectWise
Differential Revision: https://reviews.freebsd.org/D54080

(cherry picked from commit a0347b0f3a6088872c29eddb85154478d543dffb)
DeltaFile
+6-2sbin/geom/core/geom.c
+6-21 files

FreeBSD/ports 05881e7emulators/wine-devel Makefile

emulators/wine-devel: Streamline things a bit

Set BINARY_ALIAS and EXTRA_PATCHES using plain assignment (=) instead
of := since we do not have child ports any longer.

This forward ports most of commit 0535ec4919 for emulators/wine.
DeltaFile
+2-2emulators/wine-devel/Makefile
+2-21 files

FreeBSD/ports b54d81fx11/polybar Makefile, x11/polybar/files patch-cmake_libpoly.cmake

x11/polybar: Unbreak on FreeBSD 15+

Don't utilize libinotify module in upsteam's build framework on 15+

Approved by:    blanket (just fix it)
DeltaFile
+9-0x11/polybar/files/patch-cmake_libpoly.cmake
+8-1x11/polybar/Makefile
+17-12 files

FreeBSD/ports 8f0c591science/afni distinfo Makefile

science/afni: Update to 26.0.03
DeltaFile
+3-3science/afni/distinfo
+1-1science/afni/Makefile
+4-42 files

FreeBSD/ports f05d251astro/osmium-tool Makefile distinfo

astro/osmium-tool: Upgrade to v1.19.0

ChangeLog: https://github.com/osmcode/osmium-tool/blob/master/CHANGELOG.md

Added

 * Add integration tests for show command output formats.

Changed

 * Switch to C++17 as minimum requirement.
 * Use std::back_inserter instead of boost::function_output_iterator removing
   one dependency on Boost.
 * Various small fixes and code cleanups.

Fixed

 * Fix ID comparison in osmium merge to match osmium sort behavior.
 * Extract in "simple" mode: Check all nodes in a way for overlap with the

    [3 lines not shown]
DeltaFile
+5-6astro/osmium-tool/Makefile
+3-3astro/osmium-tool/distinfo
+8-92 files

FreeBSD/ports 2603e0adevel/nextpnr Makefile

devel/nextpnr: Update GUI from Qt5 to Qt6
DeltaFile
+3-3devel/nextpnr/Makefile
+3-31 files

FreeBSD/ports 85263a5textproc/py-jq distinfo Makefile

textproc/py-jq: update to 1.11.0

Changelog: https://github.com/mwilliamson/jq.py/compare/1.10.2...1.11.0
DeltaFile
+5-5textproc/py-jq/distinfo
+1-1textproc/py-jq/Makefile
+6-62 files

FreeBSD/ports 113a37bmisc/dotenv-linter Makefile

misc/dotenv-linter: unbreak on powerpc64*
DeltaFile
+0-3misc/dotenv-linter/Makefile
+0-31 files

FreeBSD/ports 355f49fgames/openclonk Makefile

games/openclank: unbreak on powerpc64

Also remove unnecessary powerpc64le fix.
DeltaFile
+0-3games/openclonk/Makefile
+0-31 files

FreeBSD/ports 90f8979devel/spr Makefile

devel/spr: unbreak on powerpc64le
DeltaFile
+0-2devel/spr/Makefile
+0-21 files

FreeBSD/ports 811f998sysutils/go-ntfy distinfo Makefile

sysutils/go-ntfy: Update to 2.16.0

ChangeLog: https://github.com/binwiederhier/ntfy/releases/tag/v2.16.0
DeltaFile
+7-7sysutils/go-ntfy/distinfo
+2-3sysutils/go-ntfy/Makefile
+9-102 files

FreeBSD/doc 689b33bwebsite/content/en/cgi ports.cgi

ports.cgi: less perl warnings
DeltaFile
+4-6website/content/en/cgi/ports.cgi
+4-61 files

FreeBSD/ports b8f1706devel/cdk distinfo Makefile

devel/cdk: Update to 5.0-20260119

ChangeLog: https://invisible-island.net/cdk/CHANGES.html
DeltaFile
+3-3devel/cdk/distinfo
+1-1devel/cdk/Makefile
+4-42 files

FreeBSD/src 6bb3f20sys/kern kern_ktrace.c

ktrace: do not enqueue request if the process' ktrioparams are freed

The p_ktrioparms are freed on termination of tracing.  Any ktr requests
added to the queue after that would hang there and leak on the struct
proc recycling, or trigger an assert in the process destructor for debug
builds.

Reported and tested by: pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54804
DeltaFile
+8-2sys/kern/kern_ktrace.c
+8-21 files

FreeBSD/src b19f74ccrypto/openssh includes.h

openssh: Include <fcntl.h> explicitly in includes.h

This was previously included due to nested includes in Heimdal's
headers.  Without this, the build fails with an error due to redefining
AT_FDCWD.

clang:

In file included from crypto/openssh/sshd-session.c:46:
/usr/obj/.../tmp/usr/include/fcntl.h:232:9: error: 'AT_FDCWD' macro redefined [-Werror,-Wmacro-redefined]
  232 | #define AT_FDCWD                -100
      |         ^
crypto/openssh/openbsd-compat/bsd-misc.h:69:10: note: previous definition is here
   69 | # define AT_FDCWD (-2)
      |          ^

GCC (can't be disabled):

In file included from crypto/openssh/sshd-session.c:46:

    [14 lines not shown]
DeltaFile
+3-0crypto/openssh/includes.h
+3-01 files

FreeBSD/src 7904194crypto/openssh ssh_namespace.h, crypto/openssh/openbsd-compat libressl-api-compat.c

openssh: Don't include an unused EVP_CIPHER_CTX_get_iv() stub

This stub isn't actually used on modern versions of OpenSSL for which
OpenSSH uses EVP_CIPHER_CTX_get_updated_iv instead via a wrapper macro.

However, the wrapper macro conflicted with the existing namespace
macro triggering an error on GCC:

In file included from crypto/openssh/sshd-session.c:65:
crypto/openssh/openbsd-compat/openssl-compat.h:71:11: error: "EVP_CIPHER_CTX_get_iv" redefined [-Werror]
   71 | #  define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
      |           ^~~~~~~~~~~~~~~~~~~~~
In file included from <command-line>:
crypto/openssh/ssh_namespace.h:12:9: note: this is the location of the previous definition
   12 | #define EVP_CIPHER_CTX_get_iv                   Fssh_EVP_CIPHER_CTX_get_iv
      |         ^~~~~~~~~~~~~~~~~~~~~

The error was masked on clang due to MIT krb5 adding a blanket
-Wno-macro-redefined.  Building sshd-session without Kerberos support

    [6 lines not shown]
DeltaFile
+5-3crypto/openssh/openbsd-compat/libressl-api-compat.c
+0-1crypto/openssh/ssh_namespace.h
+5-42 files

FreeBSD/src e5e98c2crypto/openssh monitor.c sshd-session.c

openssh: blocklist: Use NetBSD probes

Use NetBSD probe locations for consistency.  We have submitted all
improved or missing probes, keeping them synchronized with NetBSD (our
blocklist upstream) should simplify upgrades and maintenance, as the
locations of these probes are a moving target, depending on upstream
OpenSSH changes.

Additionally, use BLACKLIST_AUTH_FAIL exclusively for now.  At the time
of this commit BLACKLIST_BAD_USER, is a no-op.  However, it will change
in a future upgrade.

Also, enhance blacklist notification messages for better debugging by
making them more descriptive.

Reviewed by:    emaste
Approved by:    emaste (mentor)
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D52749

    [5 lines not shown]
DeltaFile
+12-2crypto/openssh/monitor.c
+9-4crypto/openssh/sshd-session.c
+4-2crypto/openssh/auth.c
+1-4crypto/openssh/auth2.c
+2-2crypto/openssh/auth-pam.c
+0-2crypto/openssh/packet.c
+28-166 files

FreeBSD/src 7ca599acrypto/openssh ChangeLog sshd-auth.c, crypto/openssh/regress/misc/ssh-verify-attestation ssh-verify-attestation.c

OpenSSH: Update to 10.0p2

Full release notes are available at
https://www.openssh.com/txt/release-10.0

Selected highlights from the release notes:

Potentially-incompatible changes

- This release removes support for the weak DSA signature algorithm.
  [This change was previously merged to FreeBSD main.]

- This release has the version number 10.0 and announces itself as
  "SSH-2.0-OpenSSH_10.0".  Software that naively matches versions using
  patterns like "OpenSSH_1*" may be confused by this.

- sshd(8): this release removes the code responsible for the user
  authentication phase of the protocol from the per-connection
  sshd-session binary to a new sshd-auth binary.

    [17 lines not shown]
DeltaFile
+1,864-1,164crypto/openssh/ChangeLog
+888-0crypto/openssh/sshd-auth.c
+433-411crypto/openssh/moduli
+433-0crypto/openssh/regress/misc/ssh-verify-attestation/ssh-verify-attestation.c
+260-140crypto/openssh/sshd.c
+120-212crypto/openssh/sshd-session.c
+3,998-1,927128 files not shown
+6,483-3,098134 files

FreeBSD/src 2c42d62sys/netpfil/pf pf_norm.c, tests/sys/netpfil/pf nat64.sh

pf: fix min-ttl and set-tos for nat64

If we have both af-to and min-ttl or set-tos on a single rule we didn't
apply the new ttl or tos.

That's because the scrub code still applied the change, but we
subsequently create a new header for the new address family. That's done
based on the ttl/tos saved in the struct pf_pdesc, which are the values
from the incoming packet, before the scrub modification(s).

Also update the struct pf_pdesc values when we update packets.

Reported by:    Marek Zarychta
Sponsored by:   Rubicon Communications, LLC ("Netgate")

(cherry picked from commit cdbc9b76ff4901816b5ebdca5d0b7e9947a015cb)
DeltaFile
+69-0tests/sys/netpfil/pf/nat64.sh
+4-2sys/netpfil/pf/pf_norm.c
+73-22 files

FreeBSD/ports ed0a5cfdevel/oci-cli distinfo Makefile

devel/oci-cli: Update 3.71.4 => 3.72.1

Changelogs:
https://github.com/oracle/oci-cli/releases/tag/v3.72.0
https://github.com/oracle/oci-cli/releases/tag/v3.72.1

PR:     292594
DeltaFile
+3-3devel/oci-cli/distinfo
+2-2devel/oci-cli/Makefile
+5-52 files

FreeBSD/ports 5a1837ddevel/py-oci distinfo Makefile

devel/py-oci: Update 2.164.2 => 2.165.1

Changelogs:
https://github.com/oracle/oci-python-sdk/releases/tag/v2.165.0
https://github.com/oracle/oci-python-sdk/releases/tag/v2.165.1

PR:     292594
DeltaFile
+3-3devel/py-oci/distinfo
+1-1devel/py-oci/Makefile
+4-42 files

FreeBSD/ports 3045e29devel/air-go distinfo Makefile

devel/air-go: Update to 1.64.2
DeltaFile
+5-5devel/air-go/distinfo
+1-1devel/air-go/Makefile
+6-62 files

FreeBSD/src 466bad4share/man/man5 src.conf.5, tools/build/options WITHOUT_SOUND

src.conf.5: Add WITHOUT_SOUND description

Fixes: f74f891581bc ("src.opts: Introduce MK_SOUND")
Sponsored by:   The FreeBSD Foundation
DeltaFile
+6-1share/man/man5/src.conf.5
+4-0tools/build/options/WITHOUT_SOUND
+10-12 files

FreeBSD/src 2d8ec3bkrb5/lib/krb5 version.map

krb5: Fix another GCC build issue

Fixes:          1876de606eb8
X-MFC with:     1876de606eb8
MFC after:      2 weeks
DeltaFile
+0-4krb5/lib/krb5/version.map
+0-41 files

FreeBSD/ports 4ea6dc7devel/jenkins distinfo Makefile

devel/jenkins: Update to 2.547

Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3devel/jenkins/distinfo
+1-1devel/jenkins/Makefile
+4-42 files

FreeBSD/src c592d54sys/compat/linuxkpi/common/src linux_80211.c

LinuxKPI: 802.11: fix build for non-debug kernels

lkpi_nl80211_band_name() is only available under LINUXKPI_DEBUG_80211.
IMPROVE in theory should be as well or defined to nothing but we cannot
do that in cfg80211.h mac80211.h where we possibly (re-)define this.

Put an #ifdef around the IMPROVE call for now (untested).

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
Fixes:          768332d61948
Reported by:    CI
DeltaFile
+2-0sys/compat/linuxkpi/common/src/linux_80211.c
+2-01 files

FreeBSD/src b3647e2usr.bin/netstat inet.c

netstat: fix a segfault with --libxo

Fix a segfault when printing the "protocol" field.  The field-format and
encoding-format were expecting different numbers of arguments.

Also, fix the width of the tcp-state field in encoded output.

PR:             292228
Fixes:          c2b08c13c20 netstat: add support for UDP-Lite endpoints
Sponsored by:   ConnectWise
Reviewed by:    tuexen, js, des
Differential Revision: https://reviews.freebsd.org/D54567

(cherry picked from commit 3b6615ec0332f901fcc9e9307f78717424f09c1e)
DeltaFile
+5-6usr.bin/netstat/inet.c
+5-61 files

FreeBSD/src 3b5c296tests/sys/fs/fusefs mockfs.cc

fusefs: Fix further intermittency in the BadServer.ShortWrite test case

After being unmounted, the mockfs server would occasionally read from
/dev/fuse again, if the main function didn't exit fast enough, getting
an ENODEV error.  Handle that appropriately.

Reported by:    Siva Mahadevan <me at svmhdvn.name>
Fixes:          d86025c1d49c84c4dc8c3635c83c078ad56e5a53
Reviewed by:    Siva Mahadevan <me at svmhdvn.name>
Differential Revision: https://reviews.freebsd.org/D54331

(cherry picked from commit f51e9d0e0988df58c94db586ab5c8b5fd091c004)
DeltaFile
+5-1tests/sys/fs/fusefs/mockfs.cc
+5-11 files