netstat: fix a segfault with --libxo
Fix a segfault when printing the "protocol" field. The field-format and
encoding-format were expecting different numbers of arguments.
Also, fix the width of the tcp-state field in encoded output.
PR: 292228
Fixes: c2b08c13c20 netstat: add support for UDP-Lite endpoints
Sponsored by: ConnectWise
Reviewed by: tuexen, js, des
Differential Revision: https://reviews.freebsd.org/D54567
(cherry picked from commit 3b6615ec0332f901fcc9e9307f78717424f09c1e)
fusefs: Fix further intermittency in the BadServer.ShortWrite test case
After being unmounted, the mockfs server would occasionally read from
/dev/fuse again, if the main function didn't exit fast enough, getting
an ENODEV error. Handle that appropriately.
Reported by: Siva Mahadevan <me at svmhdvn.name>
Fixes: d86025c1d49c84c4dc8c3635c83c078ad56e5a53
Reviewed by: Siva Mahadevan <me at svmhdvn.name>
Differential Revision: https://reviews.freebsd.org/D54331
(cherry picked from commit f51e9d0e0988df58c94db586ab5c8b5fd091c004)
gpart: "gpart --libxo:JP list" duplicates attribute keys
Add leaf-list modifier to attrib as it's possible to have multiple
attributes on a gpart provider.
I purposely made it so that the normal output still says "attrib:" just
so we don't break any scripts people may be using to parse the output,
but the libxo output now says "attribute" just like `gpart show` will do
once https://reviews.freebsd.org/D53950 is merged.
PR: 291377
Reviewed by: asomers
Sponsored by: ConnectWise
Differential Revision: https://reviews.freebsd.org/D54080
(cherry picked from commit a0347b0f3a6088872c29eddb85154478d543dffb)
emulators/wine-devel: Streamline things a bit
Set BINARY_ALIAS and EXTRA_PATCHES using plain assignment (=) instead
of := since we do not have child ports any longer.
This forward ports most of commit 0535ec4919 for emulators/wine.
astro/osmium-tool: Upgrade to v1.19.0
ChangeLog: https://github.com/osmcode/osmium-tool/blob/master/CHANGELOG.md
Added
* Add integration tests for show command output formats.
Changed
* Switch to C++17 as minimum requirement.
* Use std::back_inserter instead of boost::function_output_iterator removing
one dependency on Boost.
* Various small fixes and code cleanups.
Fixed
* Fix ID comparison in osmium merge to match osmium sort behavior.
* Extract in "simple" mode: Check all nodes in a way for overlap with the
[3 lines not shown]
ktrace: do not enqueue request if the process' ktrioparams are freed
The p_ktrioparms are freed on termination of tracing. Any ktr requests
added to the queue after that would hang there and leak on the struct
proc recycling, or trigger an assert in the process destructor for debug
builds.
Reported and tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54804
openssh: Include <fcntl.h> explicitly in includes.h
This was previously included due to nested includes in Heimdal's
headers. Without this, the build fails with an error due to redefining
AT_FDCWD.
clang:
In file included from crypto/openssh/sshd-session.c:46:
/usr/obj/.../tmp/usr/include/fcntl.h:232:9: error: 'AT_FDCWD' macro redefined [-Werror,-Wmacro-redefined]
232 | #define AT_FDCWD -100
| ^
crypto/openssh/openbsd-compat/bsd-misc.h:69:10: note: previous definition is here
69 | # define AT_FDCWD (-2)
| ^
GCC (can't be disabled):
In file included from crypto/openssh/sshd-session.c:46:
[14 lines not shown]
openssh: Don't include an unused EVP_CIPHER_CTX_get_iv() stub
This stub isn't actually used on modern versions of OpenSSL for which
OpenSSH uses EVP_CIPHER_CTX_get_updated_iv instead via a wrapper macro.
However, the wrapper macro conflicted with the existing namespace
macro triggering an error on GCC:
In file included from crypto/openssh/sshd-session.c:65:
crypto/openssh/openbsd-compat/openssl-compat.h:71:11: error: "EVP_CIPHER_CTX_get_iv" redefined [-Werror]
71 | # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
| ^~~~~~~~~~~~~~~~~~~~~
In file included from <command-line>:
crypto/openssh/ssh_namespace.h:12:9: note: this is the location of the previous definition
12 | #define EVP_CIPHER_CTX_get_iv Fssh_EVP_CIPHER_CTX_get_iv
| ^~~~~~~~~~~~~~~~~~~~~
The error was masked on clang due to MIT krb5 adding a blanket
-Wno-macro-redefined. Building sshd-session without Kerberos support
[6 lines not shown]
openssh: blocklist: Use NetBSD probes
Use NetBSD probe locations for consistency. We have submitted all
improved or missing probes, keeping them synchronized with NetBSD (our
blocklist upstream) should simplify upgrades and maintenance, as the
locations of these probes are a moving target, depending on upstream
OpenSSH changes.
Additionally, use BLACKLIST_AUTH_FAIL exclusively for now. At the time
of this commit BLACKLIST_BAD_USER, is a no-op. However, it will change
in a future upgrade.
Also, enhance blacklist notification messages for better debugging by
making them more descriptive.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52749
[5 lines not shown]
OpenSSH: Update to 10.0p2
Full release notes are available at
https://www.openssh.com/txt/release-10.0
Selected highlights from the release notes:
Potentially-incompatible changes
- This release removes support for the weak DSA signature algorithm.
[This change was previously merged to FreeBSD main.]
- This release has the version number 10.0 and announces itself as
"SSH-2.0-OpenSSH_10.0". Software that naively matches versions using
patterns like "OpenSSH_1*" may be confused by this.
- sshd(8): this release removes the code responsible for the user
authentication phase of the protocol from the per-connection
sshd-session binary to a new sshd-auth binary.
[17 lines not shown]
pf: fix min-ttl and set-tos for nat64
If we have both af-to and min-ttl or set-tos on a single rule we didn't
apply the new ttl or tos.
That's because the scrub code still applied the change, but we
subsequently create a new header for the new address family. That's done
based on the ttl/tos saved in the struct pf_pdesc, which are the values
from the incoming packet, before the scrub modification(s).
Also update the struct pf_pdesc values when we update packets.
Reported by: Marek Zarychta
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit cdbc9b76ff4901816b5ebdca5d0b7e9947a015cb)
LinuxKPI: 802.11: fix build for non-debug kernels
lkpi_nl80211_band_name() is only available under LINUXKPI_DEBUG_80211.
IMPROVE in theory should be as well or defined to nothing but we cannot
do that in cfg80211.h mac80211.h where we possibly (re-)define this.
Put an #ifdef around the IMPROVE call for now (untested).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Fixes: 768332d61948
Reported by: CI
netstat: fix a segfault with --libxo
Fix a segfault when printing the "protocol" field. The field-format and
encoding-format were expecting different numbers of arguments.
Also, fix the width of the tcp-state field in encoded output.
PR: 292228
Fixes: c2b08c13c20 netstat: add support for UDP-Lite endpoints
Sponsored by: ConnectWise
Reviewed by: tuexen, js, des
Differential Revision: https://reviews.freebsd.org/D54567
(cherry picked from commit 3b6615ec0332f901fcc9e9307f78717424f09c1e)
fusefs: Fix further intermittency in the BadServer.ShortWrite test case
After being unmounted, the mockfs server would occasionally read from
/dev/fuse again, if the main function didn't exit fast enough, getting
an ENODEV error. Handle that appropriately.
Reported by: Siva Mahadevan <me at svmhdvn.name>
Fixes: d86025c1d49c84c4dc8c3635c83c078ad56e5a53
Reviewed by: Siva Mahadevan <me at svmhdvn.name>
Differential Revision: https://reviews.freebsd.org/D54331
(cherry picked from commit f51e9d0e0988df58c94db586ab5c8b5fd091c004)
