security/(modsecurity3|modsecurity-nginx) : switch to PCRE2 and fix NGINX version
Change PCRE to PCRE2.
Update NGINX version to 1.28.2.
PR: 293279
Sponsored by: Netzkommune GmbH
mlx5: report IPSEC offload capabilities whenever IPSEC_OFFLOAD is configured
Do it always for bootverbose if offload was enabled in the kernel
config, not only if the device actually supports all required
capabilities to do the offload. Otherwise, having the code to print the
caps is pointless.
Reviewed by: slavash
Tested by: Wafa Hamzah <wafah at nvidia.com>
Sponsored by: NVidia networking
MFC after: 1 week
netipsec/ipsec_offload.c: handle failures to install SA nicely
If driver refused to install SA, record rejected handle for SA on the
interface always, not only for EOPNOTSUPP case. The
ipsec_accel_output() function did the right thing if there is no
rejection handle, but not having the handle allows further attempts to
install the SA on the interface.
If driver installed the SA, but ipsec_accel_handle_sav() returned error,
uninstall the SA from the interface. Hardware must not be set up to
process packets for which kernel expects no processing is done.
In both cases, free the drv_spi if a handle was not installed. But keep
drv_spi allocated if the deinstall returned an error from the driver.
Reviewed by: slavash
Tested by: Wafa Hamzah <wafah at nvidia.com>
Sponsored by: NVidia networking
MFC after: 1 week
lang/jpm: Update to 1.2.0 and enable testing
Approved By: Christopher Hall <bsd.hsw at gmail.com> (maintainer)
Differential Revision: https://reviews.freebsd.org/D55396
net/asterisk20: Add MP3 Decoder Code for Format_MP3 support
Format_MP3, used to play MP3 encoded voicemail and music on hold, relies
on decoder library files that are not included in the main Asterisk
distribution.
PR: 292715
Tested by: Marek Zarychta <zarychtam at plan-b.pwste.edu.pl>
Approved by: Oleksandr Kryvulia <o.kryvulia at flex-it.com.ua>
Co-authored-by: Justin T. Gibbs <gibbs at FreeBSD.org>
nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp()
nullfs_unlink_lowervp() is called with the lower vnode locked, so the
nullfs vnode is locked too. The following can occur:
1. the vunref() call decrements the usecount 2->1,
2. a different thread calls vrele() on the vnode, decrements the
usecount 0->1, then blocks on the vnode lock,
3. the first thread tests vp->v_usecount == 0 and observes that it is
true,
4. the first thread incorrectly unlocks the lower vnode.
Fix this by testing VN_IS_DOOMED directly. Since
nullfs_unlink_lowervp() holds the vnode lock, the value of the
VIRF_DOOMED flag is stable.
Thanks to leres@ for patiently helping to track this down.
PR: 288345
MFC after: 1 week
[2 lines not shown]