diff --git a/documentation/content/en/articles/building-products/_index.adoc b/documentation/content/en/articles/building-products/_index.adoc index b444b4a41e57..4ace1173e816 100644 --- a/documentation/content/en/articles/building-products/_index.adoc +++ b/documentation/content/en/articles/building-products/_index.adoc @@ -63,7 +63,7 @@ FreeBSD today is well-known as a high-performance server operating system. It is deployed on millions of web servers and internet-facing hosts worldwide. FreeBSD code also forms an integral part of many products, ranging from appliances such as network routers, firewalls, and storage devices, to personal computers. Portions of FreeBSD have also been used in commercial shrink-wrapped software -(see crossref:building-products[freebsd-intro]). +(see crossref:building-products[freebsd-intro, FreeBSD as a set of building blocks]). In this article we look at the link:https://www.FreeBSD.org/[FreeBSD project] as a software engineering resource-as a collection of building blocks and processes which you can use to build products. @@ -96,9 +96,9 @@ After reading this article you should have: The rest of the article is structured as follows: -* crossref:building-products[freebsd-intro] introduces the FreeBSD project, explores its organizational structure, key technologies and release engineering processes. -* crossref:building-products[freebsd-collaboration] describes ways to collaborate with the FreeBSD project. It examines common pitfalls encountered by corporates working with voluntary projects like FreeBSD. -* crossref:building-products[conclusion] concludes. +* crossref:building-products[freebsd-intro, FreeBSD as a set of building blocks] introduces the FreeBSD project, explores its organizational structure, key technologies and release engineering processes. +* crossref:building-products[freebsd-collaboration, Collaborating with FreeBSD] describes ways to collaborate with the FreeBSD project. It examines common pitfalls encountered by corporates working with voluntary projects like FreeBSD. +* crossref:building-products[conclusion, Conclusion] concludes. [[freebsd-intro]] == FreeBSD as a set of building blocks @@ -106,14 +106,14 @@ The rest of the article is structured as follows: FreeBSD makes an excellent foundation on which to build products: * FreeBSD source code is distributed under a liberal BSD license facilitating - its adoption in commercial products crossref:building-products[Mon2005] with minimum hassle. + its adoption in commercial products crossref:building-products[Mon2005,"Why you should use a BSD style license for your Open Source Project"] with minimum hassle. * The FreeBSD project has excellent engineering practices that can be leveraged. * The project offers exceptional transparency into its workings, allowing organizations using its code to plan effectively for the future. * The culture of the FreeBSD project, carried over from the Computer Science Research Group at The University of California, Berkeley - crossref:building-products[McKu1999-1], fosters high-quality work. Some features in FreeBSD define the state of the art. + crossref:building-products[McKu1999-1,"Twenty Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable"], fosters high-quality work. Some features in FreeBSD define the state of the art. -crossref:building-products[GoldGab2005] examines the business reasons for using open-source in greater detail. +crossref:building-products[GoldGab2005,"Innovation Happens Elsewhere: Open Source as Business Strategy"] examines the business reasons for using open-source in greater detail. For organizations, the benefits of using FreeBSD components in their products include a shorter time to market, lower development costs and lower development risks. === Building with FreeBSD @@ -163,7 +163,7 @@ FreeBSD's in-kernel Netgraph (man:netgraph[4]) framework allows kernel networkin + FreeBSD supports a number of filesystems, and its native UFS2 filesystem supports soft updates, snapshots and very large filesystem sizes (16TB per - filesystem) crossref:building-products[McKu1999]. + filesystem) crossref:building-products[McKu1999,"Soft Updates: A Technique for Eliminating Most Synchronous Writes in the Fast Filesystem"]. + FreeBSD's in-kernel GEOM (man:geom[4]) framework allows kernel storage modules to be composed in flexible ways. * Over {numports} ported applications, both commercial and open-source, managed via the FreeBSD ports collection. @@ -186,10 +186,10 @@ Conflict resolution is performed by a nine member "Core Team" that is elected fr FreeBSD does not have "corporate" committers. Individual committers are required to take responsibility for the changes they introduce to the code. The extref:{committers-guide}[FreeBSD Committer's guide] -crossref:building-products[ComGuide] documents the rules and responsibilities for committers. +crossref:building-products[ComGuide,"Committer's Guide"] documents the rules and responsibilities for committers. FreeBSD's project model is examined in detail in -crossref:building-products[Nik2005]. +crossref:building-products[Nik2005,"A project model for the FreeBSD Project"]. === FreeBSD Release Engineering Processes @@ -214,7 +214,7 @@ The release engineering team publishes a link:https://www.FreeBSD.org/releng/[ro The dates laid down in the road map are not deadlines; FreeBSD is released when its code and documentation are ready. FreeBSD's release engineering processes are described in -crossref:building-products[RelEngDoc]. +crossref:building-products[RelEngDoc,"FreeBSD Release Engineering"]. [[freebsd-collaboration]] == Collaborating with FreeBSD @@ -227,7 +227,8 @@ Using open-source code is best viewed not as a one-off activity, but as an __ong The best projects to collaborate with are the ones that are __live__; i.e., with an active community, clear goals and a transparent working style. * FreeBSD has an active developer community around it. At the time of writing there are many thousands of contributors from every populated continent in the world and over 300 individuals with write access to the project's source repositories. -* The goals of the FreeBSD project are crossref:building-products[Hub1994]: +* The goals of the FreeBSD project are + crossref:building-products[Hub1994,"Contributing to the FreeBSD Project"]: ** To develop a high-quality operating system for popular computer hardware, and, ** To make our work available to all under a liberal license. @@ -246,11 +247,11 @@ A common mistake that companies make when venturing into the open-source world i monetary rewards entering the picture. The factors that motivate individuals are complex, ranging from altruism, to an interest in solving the kinds of problems that FreeBSD attempts to solve. In this environment, "elegance is never -optional"crossref:building-products[Nor1993]. +optional"crossref:building-products[Nor1993,"Tutorial on Good Lisp Programming Style"]. *The Long Term View.* FreeBSD traces its roots back nearly twenty years to the work of the Computer Science Research Group at the University of California Berkeley.footnote:[FreeBSD's source repository contains a history of the project since its inception, and there are CDROMs available that contain earlier code from the CSRG.] A number of the original CSRG developers remain associated with the project. -The project values long-term perspectives crossref:building-products[Nor2001]. A frequent acronym encountered in the project is DTRT, which stands for "Do The Right Thing". +The project values long-term perspectives crossref:building-products[Nor2001,"Teach Yourself Programming in Ten Years"]. A frequent acronym encountered in the project is DTRT, which stands for "Do The Right Thing". *Development Processes.* Computer programs are tools for communication: at one level programmers communicate their intentions using a precise notation to a tool (a compiler) that translates their instructions to executable code. At another level, the same notation is used for communication of intent between two programmers. @@ -259,7 +260,7 @@ Formal specifications and design documents are seldom used in the project. Clear and well-written code and well-written change logs (crossref:building-products[fig-change-log, A sample change log entry]) are used in their place. FreeBSD development happens by "rough consensus and running -code"crossref:building-products[Carp1996]. +code"crossref:building-products[Carp1996,"The Architectural Principles of the Internet"]. [.programlisting] .... @@ -297,10 +298,8 @@ For example: + *Track FreeBSD source code.* The project makes it easy to mirror its SVN repository using extref:{committers-guide}[svnsync, svn-advanced-use-setting-up-svnsync]. Having the complete history of the source is useful when debugging complex problems and offers valuable insight into the intentions of the original developers. Use a capable source control system that allows you to easily merge changes between the upstream FreeBSD code base and your own in-house code. + -crossref:building-products[fig-svn-blame, An annotated source listing generated -using `svn blame`] shows a portion of an annotated listing of the file -referenced by the change log in crossref:building-products[fig-change-log, A -sample change log entry]. +crossref:building-products[fig-svn-blame, An annotated source listing generated using `svn blame`] shows a portion of an annotated listing of the file +referenced by the change log in crossref:building-products[fig-change-log, A sample change log entry]. The ancestry of each line of the source is clearly visible. Annotated listings showing the history of every file that is part of FreeBSD are https://svnweb.freebsd.org/[available on the web]. + @@ -345,7 +344,7 @@ The http://www.bsdcertification.org/[BSD Certification Group] offers certificati + For less critical needs, you can ask for help on the link:https://lists.freebsd.org/[project mailing lists]. A useful guide to follow when asking for help is given in -crossref:building-products[Ray2004]. +crossref:building-products[Ray2004,"How to ask questions the smart way"]. Publicize your involvement:: You are not required to publicize your use of FreeBSD, but doing so helps both your effort as well as that of the project. + diff --git a/documentation/content/en/articles/committers-guide/_index.adoc b/documentation/content/en/articles/committers-guide/_index.adoc index 921a823a7d31..0c3e116589a2 100644 --- a/documentation/content/en/articles/committers-guide/_index.adoc +++ b/documentation/content/en/articles/committers-guide/_index.adoc @@ -49,7 +49,7 @@ All new committers should read this document before they start, and existing com Almost all FreeBSD developers have commit rights to one or more repositories. However, a few developers do not, and some of the information here applies to them as well. (For instance, some people only have rights to work with the Problem Report database.) -Please see crossref:committers-guide[non-committers] for more information. +Please see crossref:committers-guide[non-committers, Issues Specific to Developers Who Are Not Committers] for more information. This document may also be of interest to members of the FreeBSD community who want to learn more about how the project works. @@ -74,7 +74,7 @@ toc::[] |`ref*.FreeBSD.org`, `universe*.freeBSD.org` (see also link:https://www.FreeBSD.org/internal/machines/[FreeBSD Project Hosts]) |_SMTP Host_ -|`smtp.FreeBSD.org:587` (see also crossref:committers-guide[smtp-setup]). +|`smtp.FreeBSD.org:587` (see also crossref:committers-guide[smtp-setup, SMTP Access Setup]). |`_src/_` Git Repository |`ssh://git@gitrepo.FreeBSD.org/src.git` @@ -99,7 +99,7 @@ toc::[] |=== man:ssh[1] is required to connect to the project hosts. For more information, - see crossref:committers-guide[ssh.guide]. + see crossref:committers-guide[ssh.guide, SSH Quick-Start Guide]. Useful links: @@ -112,7 +112,7 @@ Useful links: Cryptographic keys conforming to the OpenPGP (__Pretty Good Privacy__) standard are used by the FreeBSD project to authenticate committers. Messages carrying important information like public SSH keys can be signed with the OpenPGP key to prove that they are really from the committer. -See https://nostarch.com/releases/pgp_release.pdf[PGP & GPG: Email for the Practical Paranoid by Michael Lucas] and http://en.wikipedia.org/wiki/Pretty_Good_Privacy[] for more information. +See https://nostarch.com/releases/pgp_release.pdf[PGP & GPG: Email for the Practical Paranoid by Michael Lucas] and https://en.wikipedia.org/wiki/Pretty_Good_Privacy[] for more information. [[pgpkeys-creating]] === Creating a Key @@ -1518,7 +1518,7 @@ Note: merging vendor branch commits will not work with this technique. ===== Finding the Subversion Revision -You'll need to make sure that you've fetched the notes (see the crossref:committers-guide[git-mini-daily-use]for details). +You'll need to make sure that you've fetched the notes (see the crossref:committers-guide[git-mini-daily-use, Daily use]for details). Once you have these, notes will show up in the git log command like so: [source,shell] @@ -2179,7 +2179,7 @@ It is very important to have a current PGP/GnuPG key in the repository. The key Add an entry for each additional mentor/mentee relationship in the bottom section. . Generate a Kerberos Password + -See crossref:committers-guide[kerberos-ldap] to generate or set a Kerberos account for use with other FreeBSD services like the link:https://bugs.freebsd.org/bugzilla/[bug-tracking database] (you get a bug-tracking account as part of that step). +See crossref:committers-guide[kerberos-ldap, Kerberos and LDAP web Password for FreeBSD Cluster] to generate or set a Kerberos account for use with other FreeBSD services like the link:https://bugs.freebsd.org/bugzilla/[bug-tracking database] (you get a bug-tracking account as part of that step). . Optional: Enable Wiki Account + link:https://wiki.freebsd.org[FreeBSD Wiki] Account - A wiki account allows sharing projects and ideas. @@ -2229,7 +2229,7 @@ For those willing to send e-mail messages through the FreeBSD.org infrastructure . Enable STARTTLS. . Ensure your `From:` address is set to `_yourusername_@FreeBSD.org`. . For authentication, you can use your FreeBSD Kerberos username and password - (see crossref:committers-guide[kerberos-ldap]). The `_yourusername_/mail` principal is preferred, as it is only valid for authenticating to mail resources. + (see crossref:committers-guide[kerberos-ldap, Kerberos and LDAP web Password for FreeBSD Cluster]). The `_yourusername_/mail` principal is preferred, as it is only valid for authenticating to mail resources. + [NOTE] ====== @@ -2380,7 +2380,7 @@ Document that approval with an `Approved by:` line in the commit message. When the mentor decides that a mentee has learned the ropes and is ready to commit on their own, the mentor announces it with a commit to [.filename]#mentors#. This file is in the [.filename]#admin# orphan branch of each repository. Detailed information on how to access these branches can be found in -crossref:committers-guide[admin-branch]. +crossref:committers-guide[admin-branch, "admin" branch]. [[pre-commit-review]] == Pre-Commit Review @@ -2931,7 +2931,7 @@ Committers with non-``FreeBSD.org`` Bugzilla accounts can have the old account m . Log in using your old account. . Open new bug. Choose `Services` as the Product, and `Bug Tracker` as the Component. In bug description list accounts you wish to be merged. . Log in using `FreeBSD.org` account and post comment to newly opened bug to - confirm ownership. See crossref:committers-guide[kerberos-ldap] for more details on how to generate or set a password for your `FreeBSD.org` account. + confirm ownership. See crossref:committers-guide[kerberos-ldap, Kerberos and LDAP web Password for FreeBSD Cluster] for more details on how to generate or set a password for your `FreeBSD.org` account. . If there are more than two accounts to merge, post comments from each of them. ==== @@ -2952,7 +2952,7 @@ Committers with non-``FreeBSD.org`` Phabricator accounts can have the old accoun ==== . Change your Phabricator account email to your `FreeBSD.org` email. . Open new bug on our bug tracker using your `FreeBSD.org` account, see - crossref:committers-guide[bugzilla] for more information. Choose `Services` as the Product, and `Code Review` as the Component. In bug description request that your Phabricator account be renamed, and provide a link to your Phabricator user. For example, `https://reviews.freebsd.org/p/bob_example.com/` + crossref:committers-guide[bugzilla, Bugzilla] for more information. Choose `Services` as the Product, and `Code Review` as the Component. In bug description request that your Phabricator account be renamed, and provide a link to your Phabricator user. For example, `https://reviews.freebsd.org/p/bob_example.com/` ==== [IMPORTANT] @@ -3578,7 +3578,7 @@ During that time, build problems were fixed, and the release packages were built This practice is no longer used, as the packages for the releases are built from the current stable, quarterly branch. For more information on how to merge commits to the quarterly branch, see -crossref:committers-guide[ports-qa-misc-request-mfh]. +crossref:committers-guide[ports-qa-misc-request-mfh, What is the procedure to request authorization for merging a commit to the quarterly branch?]. [[ports-qa-quarterly]] === Quarterly Branches @@ -3727,16 +3727,16 @@ A few people who have access to the FreeBSD machines do not have commit bits. Almost all of this document will apply to these developers as well (except things specific to commits and the mailing list memberships that go with them). In particular, we recommend that you read: -* crossref:committers-guide[admin] -* crossref:committers-guide[conventions-everyone] +* crossref:committers-guide[admin, Administrative Details] +* crossref:committers-guide[conventions-everyone, For Everyone] + [NOTE] ==== Get your mentor to add you to the "Additional Contributors" ([.filename]#doc/shared/contrib-additional.adoc#), if you are not already listed there. ==== -* crossref:committers-guide[developer.relations] -* crossref:committers-guide[ssh.guide] -* crossref:committers-guide[rules] +* crossref:committers-guide[developer.relations, Developer Relations] +* crossref:committers-guide[ssh.guide, SSH Quick-Start Guide] +* crossref:committers-guide[rules, The FreeBSD Committers' Big List of Rules] [[google-analytics]] == Information About Google Analytics diff --git a/documentation/content/en/articles/committers-guide/_index.po b/documentation/content/en/articles/committers-guide/_index.po index 57e15ce4af90..2ec51995ed75 100644 --- a/documentation/content/en/articles/committers-guide/_index.po +++ b/documentation/content/en/articles/committers-guide/_index.po @@ -246,7 +246,7 @@ msgid "" "Messages carrying important information like public SSH keys can be signed " "with the OpenPGP key to prove that they are really from the committer. See " "https://nostarch.com/releases/pgp_release.pdf[PGP & GPG: Email for the " -"Practical Paranoid by Michael Lucas] and http://en.wikipedia.org/wiki/" +"Practical Paranoid by Michael Lucas] and https://en.wikipedia.org/wiki/" "Pretty_Good_Privacy[] for more information." msgstr "" diff --git a/documentation/content/en/articles/contributing/_index.adoc b/documentation/content/en/articles/contributing/_index.adoc index 10bdcf03e5bd..a5b872383a68 100644 --- a/documentation/content/en/articles/contributing/_index.adoc +++ b/documentation/content/en/articles/contributing/_index.adoc @@ -150,9 +150,9 @@ There are a number of easy ways you can contribute to keeping the ports tree up * Find some cool or useful software and extref:{porters-handbook}[create a port] for it. * There are a large number of ports that have no maintainer. -Become a maintainer and crossref:contributing[adopt-port]. -* If you have created or adopted a port, be aware of crossref:contributing[maintain-port]. -* When you are looking for a quick challenge you could crossref:contributing[fix-broken]. +Become a maintainer and crossref:contributing[adopt-port, Adopting an unmaintained port]. +* If you have created or adopted a port, be aware of crossref:contributing[maintain-port, The challenge for port maintainers]. +* When you are looking for a quick challenge you could crossref:contributing[fix-broken, Finding and fixing a broken port]. === Pick one of the items from the Ideas page @@ -197,7 +197,7 @@ Misdirected patches may be redirected to a more appropriate forum for the patch Pull requests submitted to the ports repository may or may not see action, based on the whims of developers. For now, you will have a better experience if you follow the ports submission -process crossref:contributing[ports-contributing]. +process crossref:contributing[ports-contributing, Contributing to ports]. The docs team also accepts pull requests via GitHub, but has not established any policy for them yet. @@ -333,7 +333,7 @@ We expect you to be able to recognize such ports by looking through other ports' ==== How to adopt the port -First make sure you understand your crossref:contributing[maintain-port]. +First make sure you understand your crossref:contributing[maintain-port, The challenge for port maintainers]. Also read the extref:{porters-handbook}[Porter's Handbook]. _Please do not commit yourself to more than you feel you can comfortably handle._ @@ -415,11 +415,11 @@ Thoroughly review and test your changes: It is common for a port to work on one branch or platform and fail on another. ** Make sure your port's dependencies are complete. The recommended way of doing this is by installing your own ports tinderbox. -See crossref:contributing[resources] for more information. +See crossref:contributing[resources, Resources for ports maintainers and contributors] for more information. ** Check that the packing list is up to date. This involves adding in any new files and directories and removing unused entries. ** Verify your port using man:portlint[1] as a guide. -See crossref:contributing[resources] for important information about using portlint. +See crossref:contributing[resources, Resources for ports maintainers and contributors] for important information about using portlint. ** Consider whether changes to your port might cause any other ports to break. If this is the case, coordinate the changes with the maintainers of those ports. This is especially important if your update changes the shared library version; in this case, at the very least, the dependent ports will need to get a `PORTREVISION` bump so that they will automatically be upgraded by automated tools such as package:ports-mgmt/poudriere[]. diff --git a/documentation/content/en/articles/freebsd-releng/_index.adoc b/documentation/content/en/articles/freebsd-releng/_index.adoc index 27c467b1a000..60460d3c925d 100644 --- a/documentation/content/en/articles/freebsd-releng/_index.adoc +++ b/documentation/content/en/articles/freebsd-releng/_index.adoc @@ -88,28 +88,28 @@ This article will highlight the workflow and responsibilities of the {teamRe} fo The following sections of this article describe: -crossref:freebsd-releng[releng-prep]:: +crossref:freebsd-releng[releng-prep, General Information and Preparation]:: General information and preparation before starting the release cycle. -crossref:freebsd-releng[releng-website]:: +crossref:freebsd-releng[releng-website, Website Changes During the Release Cycle]:: Website Changes During the Release Cycle -crossref:freebsd-releng[releng-terms]:: +crossref:freebsd-releng[releng-terms, Release Engineering Terminology]:: Terminology and general information, such as the "code slush" and "code freeze", used throughout this document. -crossref:freebsd-releng[releng-head]:: +crossref:freebsd-releng[releng-head, Release from {branchHead}]:: The Release Engineering process for a "dot-zero" release. -crossref:freebsd-releng[releng-stable]:: +crossref:freebsd-releng[releng-stable, Release from {branchStable}]:: The Release Engineering process for a "point" release. -crossref:freebsd-releng[releng-building]:: +crossref:freebsd-releng[releng-building, Building FreeBSD Installation Media]:: Information related to the specific procedures to build installation medium. -crossref:freebsd-releng[releng-mirrors]:: +crossref:freebsd-releng[releng-mirrors, Publishing FreeBSD Installation Media to Project Mirrors]:: Procedures to publish installation medium. -crossref:freebsd-releng[releng-wrapup]:: +crossref:freebsd-releng[releng-wrapup, Wrapping up the Release Cycle]:: Wrapping up the release cycle. [[releng-prep]] @@ -361,7 +361,7 @@ FreeBSD `ALPHA` snapshots should be built approximately once a week. For the first `ALPHA` build, the `BRANCH` value in [.filename]#sys/conf/newvers.sh# needs to be changed from `CURRENT` to `ALPHA1`. For subsequent `ALPHA` builds, increment each `ALPHA__N__` value by one. -See crossref:freebsd-releng[releng-building] for information on building the `ALPHA` images. +See crossref:freebsd-releng[releng-building, Building FreeBSD Installation Media] for information on building the `ALPHA` images. [[releng-head-branching]] === Creating the {branchStablex} Branch @@ -742,7 +742,7 @@ The completed Errata Notice template should be emailed together with either a pa For Errata Notice requests immediately following the release, the request should be emailed to both the {teamRe} and the {teamSecteam}. Once the {branchReleng} branch has been handed over to the {teamSecteam} as -described in crossref:freebsd-releng[releng-wrapup-handoff], Errata Notice requests should be sent to the {teamSecteam}. +described in crossref:freebsd-releng[releng-wrapup-handoff, Handoff to the {teamSecteam}], Errata Notice requests should be sent to the {teamSecteam}. [[releng-wrapup-handoff]] === Handoff to the {teamSecteam} diff --git a/documentation/content/en/articles/gjournal-desktop/_index.adoc b/documentation/content/en/articles/gjournal-desktop/_index.adoc index 774bcf29f33c..1f8c15f84377 100644 --- a/documentation/content/en/articles/gjournal-desktop/_index.adoc +++ b/documentation/content/en/articles/gjournal-desktop/_index.adoc @@ -385,7 +385,7 @@ The following section covers frequently asked questions regarding problems relat The journal probably fills up before it has a chance to get committed (flushed) to disk. Keep in mind the size of the journal depends on the usage load, and not the size of the data provider. If your disk activity is high, you need a larger partition for the journal. -See the note in the crossref:gjournal-desktop[understanding-journaling] section. +See the note in the crossref:gjournal-desktop[understanding-journaling, Understanding Journaling in FreeBSD] section. === I made some mistake during configuration, and I cannot boot normally now. Can this be fixed some way? diff --git a/documentation/content/en/articles/hubs/_index.adoc b/documentation/content/en/articles/hubs/_index.adoc index 3269322e7aea..1ddbe3065a3d 100644 --- a/documentation/content/en/articles/hubs/_index.adoc +++ b/documentation/content/en/articles/hubs/_index.adoc @@ -191,7 +191,7 @@ All of course for various FreeBSD versions, and various architectures. The best way to mirror the FTP area is rsync. You can install the port package:net/rsync[] and then use rsync to sync with your upstream host. -rsync is already mentioned in crossref:hubs[mirror-serv-rsync]. +rsync is already mentioned in crossref:hubs[mirror-serv-rsync, Rsync (optional for FTP Fileset)]. Since rsync access is not required, your preferred upstream site may not allow it. You may need to hunt around a little bit to find a site that allows rsync access. @@ -310,7 +310,7 @@ The master sites are not referred to but can be described as __Tier-0__. Mirrors that mirror from these sites can be considered __Tier-1__, mirrors of __Tier-1__-mirrors, are __Tier-2__, etc. Official sites are encouraged to be of a low __tier__, but the lower the tier the higher the requirements in terms as described in -crossref:hubs[mirror-requirements]. +crossref:hubs[mirror-requirements, Requirements for FreeBSD Mirrors]. Also access to low-tier-mirrors may be restricted, and access to master sites is definitely restricted. The __tier__-hierarchy is not reflected by DNS and generally not documented anywhere except for the master sites. However, official mirrors with low numbers like 1-4, are usually _Tier-1_ (this is just a rough hint, and there is no rule). @@ -325,7 +325,7 @@ The short answer is: from the site that is closest to you in Internet terms, or ==== I Just Want to Mirror from Somewhere! If you have no special intentions or requirements, the statement in -crossref:hubs[mirror-where-where] applies. +crossref:hubs[mirror-where-where, Ok, but Where Should I get the Stuff Now?] applies. This means: [.procedure] @@ -338,10 +338,10 @@ This means: [[mirror-where-official]] ==== I am an Official Mirror, What is the Right Site for Me? -In general the description in crossref:hubs[mirror-where-simple] still applies. +In general the description in crossref:hubs[mirror-where-simple, I Just Want to Mirror from Somewhere!] still applies. Of course you may want to put some weight on the fact that your upstream should be of a low tier. There are some other considerations about _official_ mirrors that are described -in crossref:hubs[mirror-official]. +in crossref:hubs[mirror-official, Official Mirrors]. [[mirror-where-master]] ==== I Want to Access the Master Sites! @@ -363,7 +363,7 @@ There is one master site for the FTP fileset. This is the master site for the FTP fileset. `ftp-master.FreeBSD.org` provides rsync access, in addition to FTP. -Refer to crossref:hubs[mirror-ftp-rsync]. +Refer to crossref:hubs[mirror-ftp-rsync, Mirroring the FTP Site]. Mirrors are also encouraged to allow rsync access for the FTP contents, since they are __Tier-1__-mirrors. diff --git a/documentation/content/en/articles/ipsec-must/_index.adoc b/documentation/content/en/articles/ipsec-must/_index.adoc index 025d16ca7f80..dbca759c6ea2 100644 --- a/documentation/content/en/articles/ipsec-must/_index.adoc +++ b/documentation/content/en/articles/ipsec-must/_index.adoc @@ -52,8 +52,8 @@ toc::[] [[problem]] == The Problem -First, lets assume you have crossref::ipsec-must[ipsec-install]. -How do you know it is crossref::ipsec-must[caveat]? Sure, your connection will not work if it is misconfigured, and it will work when you finally get it right. +First, lets assume you have crossref::ipsec-must[ipsec-install, Installing IPsec]. +How do you know it is crossref::ipsec-must[caveat, Caveat]? Sure, your connection will not work if it is misconfigured, and it will work when you finally get it right. man:netstat[1] will list it. But can you independently confirm it? [[solution]] @@ -73,14 +73,14 @@ This would be true even if some of the data in "encrypted mode" was not encrypte Ueli Maurer's "Universal Statistical Test for Random Bit Generators"(https://web.archive.org/web/20011115002319/http://www.geocities.com/SiliconValley/Code/4704/universal.pdf[MUST]) quickly measures the entropy of a sample. It uses a compression-like algorithm. -crossref::ipsec-must[code] for a variant which measures successive (~quarter megabyte) chunks of a file. +crossref::ipsec-must[code, Maurer's Universal Statistical Test (for block size8 bits)] for a variant which measures successive (~quarter megabyte) chunks of a file. [[tcpdump]] === Tcpdump We also need a way to capture the raw network data. A program called man:tcpdump[1] lets you do this, if you have enabled the -_Berkeley Packet Filter_ interface in your crossref::ipsec-must[kernel]. +_Berkeley Packet Filter_ interface in your crossref::ipsec-must[kernel,src/sys/i386/conf/KERNELNAME]. The command: @@ -100,9 +100,9 @@ Here is the experiment: [.procedure] ==== . Open a window to an IPsec host and another window to an insecure host. -. Now start crossref::ipsec-must[tcpdump]. +. Now start crossref::ipsec-must[tcpdump, Tcpdump]. . In the "secure" window, run the UNIX(R) command man:yes[1], which will stream the `y` character. After a while, stop this. Switch to the insecure window, and repeat. After a while, stop. -. Now run crossref::ipsec-must[code] on the captured packets. You should see something like the following. The important thing to note is that the secure connection has 93% (6.7) of the expected value (7.18), and the "normal" connection has 29% (2.1) of the expected value. +. Now run crossref::ipsec-must[code, Maurer's Universal Statistical Test (for block size8 bits)] on the captured packets. You should see something like the following. The important thing to note is that the secure connection has 93% (6.7) of the expected value (7.18), and the "normal" connection has 29% (2.1) of the expected value. + [source,shell] .... diff --git a/documentation/content/en/articles/ldap-auth/_index.adoc b/documentation/content/en/articles/ldap-auth/_index.adoc index 37e46cb73165..7fc7543484a0 100644 --- a/documentation/content/en/articles/ldap-auth/_index.adoc +++ b/documentation/content/en/articles/ldap-auth/_index.adoc @@ -188,7 +188,7 @@ Getting Private key This will create a self-signed certificate that can be used for the directives in [.filename]#slapd.conf#, where [.filename]#cert.crt# and [.filename]#cacert.crt# are the same file. If you are going to use many OpenLDAP servers (for replication via `slurpd`) you -will want to see crossref:ldap-auth[ssl-ca] to generate a CA key and use it to sign individual server certificates. +will want to see crossref:ldap-auth[ssl-ca, OpenSSL Certificates for LDAP] to generate a CA key and use it to sign individual server certificates. Once this is done, put the following in [.filename]#/etc/rc.conf#: @@ -319,7 +319,7 @@ If it does, your database is properly configured to be used as an LDAP authentic == Client Configuration The client should already have OpenLDAP libraries from -crossref:ldap-auth[ldap-connect-client], but if you are installing several client machines you will need to install package:net/openldap26-client[] on each of them. +crossref:ldap-auth[ldap-connect-client,Configuring the Client], but if you are installing several client machines you will need to install package:net/openldap26-client[] on each of them. FreeBSD requires two ports to be installed to authenticate against an LDAP server, package:security/pam_ldap[] and package:net/nss_ldap[]. @@ -494,7 +494,7 @@ Unfortunately, as of the time this was written FreeBSD did not support changing As a result of this, most administrators are left to implement a solution themselves. I provide some examples here. Note that if you write your own password change script, there are some security -issues you should be made aware of; see crossref:ldap-auth[security-passwd] +issues you should be made aware of; see crossref:ldap-auth[security-passwd, Password Storage] [[chpw-shell]] .Shell Script for Changing Passwords diff --git a/documentation/content/en/articles/pam/_index.adoc b/documentation/content/en/articles/pam/_index.adoc index 23dbb861c421..7f6ffe249b77 100644 --- a/documentation/content/en/articles/pam/_index.adoc +++ b/documentation/content/en/articles/pam/_index.adoc @@ -411,7 +411,7 @@ It is essential to understand that PAM's configuration system is centered on cha [[pam-config-breakdown]] === Breakdown of a Configuration Line -As explained in crossref:pam[pam-config-file], each line in [.filename]#/etc/pam.conf# consists of four or more fields: the service name, the facility name, the control flag, the module name, and zero or more module arguments. +As explained in crossref:pam[pam-config-file, PAM Policy Files], each line in [.filename]#/etc/pam.conf# consists of four or more fields: the service name, the facility name, the control flag, the module name, and zero or more module arguments. The service name is generally (though not always) the name of the application the statement applies to. If you are unsure, refer to the individual application's documentation to determine what service name it uses. @@ -419,10 +419,10 @@ If you are unsure, refer to the individual application's documentation to determ Note that if you use [.filename]#/etc/pam.d/# instead of [.filename]#/etc/pam.conf#, the service name is specified by the name of the policy file, and omitted from the actual configuration lines, which then start with the facility name. The facility is one of the four facility keywords described in -crossref:pam[pam-facilities-primitives]. +crossref:pam[pam-facilities-primitives, Facilities and Primitives]. Likewise, the control flag is one of the four keywords described in - crossref:pam[pam-chains-policies], describing how to interpret the return code from the module. + crossref:pam[pam-chains-policies, Chains and Policies], describing how to interpret the return code from the module. Linux-PAM supports an alternate syntax that lets you specify the action to associate with each possible return code, but this should be avoided as it is non-standard and closely tied in with the way Linux-PAM dispatches service calls (which differs greatly from the way Solaris(TM) and OpenPAM do it.) Unsurprisingly, OpenPAM does not support this syntax. @@ -624,7 +624,7 @@ The following is a minimal implementation of man:su[1] using PAM. Note that it uses the OpenPAM-specific man:openpam_ttyconv[3] conversation function, which is prototyped in [.filename]#security/openpam.h#. If you wish build this application on a system with a different PAM library, you will have to provide your own conversation function. A robust conversation function is surprisingly difficult to implement; -the one presented in crossref:pam[pam-sample-conv] is a good starting point, but should not be used in real-world applications. +the one presented in crossref:pam[pam-sample-conv, Sample PAM Conversation Function] is a good starting point, but should not be used in real-world applications. [.programlisting] .... diff --git a/documentation/content/en/articles/pr-guidelines/_index.adoc b/documentation/content/en/articles/pr-guidelines/_index.adoc index 85f3ab4546bd..b6729150cde1 100644 --- a/documentation/content/en/articles/pr-guidelines/_index.adoc +++ b/documentation/content/en/articles/pr-guidelines/_index.adoc @@ -121,11 +121,11 @@ The "patched" state is directly related to feedback, so you may go directly to " While handling problem reports, either as a developer who has direct access to the Problem Reports database or as a contributor who browses the database and submits followups with patches, comments, suggestions or change requests, you will come across several different types of PRs. -* crossref:pr-guidelines[pr-unassigned] -* crossref:pr-guidelines[pr-assigned] -* crossref:pr-guidelines[pr-dups] -* crossref:pr-guidelines[pr-stale] -* crossref:pr-guidelines[pr-misfiled-notpr] +* crossref:pr-guidelines[pr-unassigned, Unassigned PRs] +* crossref:pr-guidelines[pr-assigned, Assigned PRs] +* crossref:pr-guidelines[pr-dups, Duplicate PRs] +* crossref:pr-guidelines[pr-stale, Stale PRs] +* crossref:pr-guidelines[pr-misfiled-notpr, Non-Bug PRs] The following sections describe what each different type of PRs is used for, when a PR belongs to one of these types, and what treatment each different type receives. diff --git a/documentation/content/en/articles/releng/_index.adoc b/documentation/content/en/articles/releng/_index.adoc index b54952577cca..f19ccb2bddbb 100644 --- a/documentation/content/en/articles/releng/_index.adoc +++ b/documentation/content/en/articles/releng/_index.adoc @@ -105,19 +105,19 @@ In addition to source updates via Subversion, binary patchkits are available to The following sections of this article describe: -crossref:releng[release-proc]:: +crossref:releng[release-proc, Release Process]:: The different phases of the release engineering process leading up to the actual system build. -crossref:releng[release-build]:: +crossref:releng[release-build, Release Building]:: The actual build process. -crossref:releng[extensibility]:: +crossref:releng[extensibility, Extensibility]:: How the base release may be extended by third parties. -crossref:releng[lessons-learned]:: +crossref:releng[lessons-learned, Lessons Learned from FreeBSD 4.4]:: Some of the lessons learned through the release of FreeBSD 4.4. -crossref:releng[future]:: +crossref:releng[future, Future Directions]:: Future directions of development. [[release-proc]] diff --git a/documentation/content/en/articles/remote-install/_index.adoc b/documentation/content/en/articles/remote-install/_index.adoc index 388361512182..ba9bf4825691 100644 --- a/documentation/content/en/articles/remote-install/_index.adoc +++ b/documentation/content/en/articles/remote-install/_index.adoc @@ -70,7 +70,7 @@ The instructions included in this article will benefit those using services prov [.procedure] ==== -. As we have mentioned in the crossref:remote-install[background] section, many of the reputable server hosting companies provide some kind of rescue system, which is booted from their LAN and accessible over SSH. They usually provide this support to help their customers fix broken operating systems. As this article will explain, it is possible to install FreeBSD with the help of these rescue systems. +. As we have mentioned in the crossref:remote-install[background, Background] section, many of the reputable server hosting companies provide some kind of rescue system, which is booted from their LAN and accessible over SSH. They usually provide this support to help their customers fix broken operating systems. As this article will explain, it is possible to install FreeBSD with the help of these rescue systems. + . The next section of this article will describe how to configure, and build minimalistic FreeBSD on the local machine. That version will eventually be running on the remote machine from a ramdisk, which will allow us to install a complete FreeBSD operating system from an FTP mirror using the sysinstall utility. . The rest of this article will describe the installation procedure itself, as well as the configuration of the ZFS file system. diff --git a/documentation/content/en/articles/solid-state/_index.adoc b/documentation/content/en/articles/solid-state/_index.adoc index 40088623e322..3ea322463622 100644 --- a/documentation/content/en/articles/solid-state/_index.adoc +++ b/documentation/content/en/articles/solid-state/_index.adoc @@ -108,7 +108,7 @@ varsize=8192 Remember that this value is in sectors by default. The fact that [.filename]#/var# is a read-write filesystem is an important distinction, as the [.filename]#/# partition (and any other partitions you may have on your flash media) should be mounted read-only. -Remember that in crossref:solid-state[intro] we detailed the limitations of flash memory - specifically the limited write capability. +Remember that in crossref:solid-state[intro, Solid State Disk Devices] we detailed the limitations of flash memory - specifically the limited write capability. The importance of not mounting filesystems on flash media read-write, and the importance of not using a swap file, cannot be overstated. A swap file on a busy system can burn through a piece of flash media in less than one year. Heavy logging or temporary file creation and destruction can do the same. @@ -124,7 +124,7 @@ A few applications in the average system will immediately begin to fail as a res For instance, cron will not run properly as a result of missing cron tabs in the [.filename]#/var# created by [.filename]#/etc/rc.d/var#, and syslog and dhcp will encounter problems as well as a result of the read-only filesystem and missing items in the [.filename]#/var# that [.filename]#/etc/rc.d/var# has created. These are only temporary problems though, and are addressed, along with solutions to the execution of other common software packages in -crossref:solid-state[strategies]. +crossref:solid-state[strategies, System Strategies for Small and Read Only Environments]. An important thing to remember is that a filesystem that was mounted read-only with [.filename]#/etc/fstab# can be made read-write at any time by issuing the command: @@ -244,7 +244,7 @@ Assuming that you configured your filesystem correctly when it was built on the [[strategies]] == System Strategies for Small and Read Only Environments -In crossref:solid-state[ro-fs], it was pointed out that the [.filename]#/var# filesystem constructed by [.filename]#/etc/rc.d/var# and the presence of a read-only root filesystem causes problems with many common software packages used with FreeBSD. +In crossref:solid-state[ro-fs, The `rc` Subsystem and Read-Only Filesystems], it was pointed out that the [.filename]#/var# filesystem constructed by [.filename]#/etc/rc.d/var# and the presence of a read-only root filesystem causes problems with many common software packages used with FreeBSD. In this article, suggestions for successfully running cron, syslog, ports installations, and the Apache web server will be provided. === Cron @@ -272,7 +272,7 @@ Therefore, somewhere in [.filename]#/etc/rc.d/var#, after the section that creat Before discussing the changes necessary to successfully use the ports tree, a reminder is necessary regarding the read-only nature of your filesystems on the flash media. Since they are read-only, you will need to temporarily mount them read-write -using the mount syntax shown in crossref:solid-state[ro-fs]. +using the mount syntax shown in crossref:solid-state[ro-fs, The `rc` Subsystem and Read-Only Filesystems]. You should always remount those filesystems read-only when you are done with any maintenance - unnecessary writes to the flash media could considerably shorten its lifespan. To make it possible to enter a ports directory and successfully run `make install`, we must create a packages directory on a non-memory filesystem that will keep track of our packages across reboots. diff --git a/documentation/content/en/books/arch-handbook/mac/_index.adoc b/documentation/content/en/books/arch-handbook/mac/_index.adoc index 73a27cdf0ece..961774e32304 100644 --- a/documentation/content/en/books/arch-handbook/mac/_index.adoc +++ b/documentation/content/en/books/arch-handbook/mac/_index.adoc @@ -1978,7 +1978,7 @@ void mpo_create_root_mount(struct ucred *cred, struct mount *mp, | Description | Locking -3+|See crossref:mac[mac-mpo-create-mount]. +3+|See crossref:mac[mac-mpo-create-mount, `mpo_create_mount`]. |=== Fill out the labels on the mount point being created by the passed subject credential. @@ -4314,7 +4314,7 @@ void mpo_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, | Locking |`cred` -|See crossref:mac[mac-mpo-check-vnode-mmap]. +|See crossref:mac[mac-mpo-check-vnode-mmap, `mpo_check_vnode_mmap`]. | |`vp` diff --git a/documentation/content/en/books/arch-handbook/smp/_index.adoc b/documentation/content/en/books/arch-handbook/smp/_index.adoc index 7d773ca25804..9922f89eb1a5 100644 --- a/documentation/content/en/books/arch-handbook/smp/_index.adoc +++ b/documentation/content/en/books/arch-handbook/smp/_index.adoc @@ -58,7 +58,7 @@ The goal of SMPng is to allow concurrency in the kernel. The kernel is basically one rather large and complex program. To make the kernel multi-threaded we use some of the same tools used to make other programs multi-threaded. These include mutexes, shared/exclusive locks, semaphores, and condition variables. For the -definitions of these and other SMP-related terms, please see the crossref:smp[smp-glossary] section of this article. +definitions of these and other SMP-related terms, please see the crossref:smp[smp-glossary, Glossary] section of this article. [[smp-lock-fundamentals]] == Basic Tools and Locking Fundamentals diff --git a/documentation/content/en/books/design-44bsd/_index.adoc b/documentation/content/en/books/design-44bsd/_index.adoc index af20245ea021..08af1a53e69c 100644 --- a/documentation/content/en/books/design-44bsd/_index.adoc +++ b/documentation/content/en/books/design-44bsd/_index.adoc @@ -172,10 +172,10 @@ The software that is machine dependent includes |HP/UX compatibility |4,683 |2.3 |=== -crossref:design-44bsd[table-mach-indep] summarizes the machine-independent software that constitutes the 4.4BSD kernel for the HP300. +crossref:design-44bsd[table-mach-indep, Machine-independent software in the 4.4BSD kernel] summarizes the machine-independent software that constitutes the 4.4BSD kernel for the HP300. The numbers in column 2 are for lines of C source code, header files, and assembly language. Virtually all the software in the kernel is written in the C programming language; less than 2 percent is written in assembly language. -As the statistics in crossref:design-44bsd[table-mach-dep] show, the machine-dependent software, excluding HP/UX and device support, accounts for a minuscule 6.9 percent of the kernel. +As the statistics in crossref:design-44bsd[table-mach-dep, Machine-dependent software in the 4.4BSD kernel] show, the machine-dependent software, excluding HP/UX and device support, accounts for a minuscule 6.9 percent of the kernel. Only a small part of the kernel is devoted to initializing the system. This code is used when the system is _bootstrapped_ into operation and is responsible for setting up the kernel hardware and software environment (see Chapter 14). @@ -230,7 +230,7 @@ Important components of the kernel state are described in Chapter 4. image:fig1.png[Process lifecycle] The process lifecycle is depicted in -crossref:design-44bsd[fig-process-lifecycle]. +crossref:design-44bsd[fig-process-lifecycle,Process lifecycle]. A process may create a new process that is a copy of the original by using the _fork_ system call. The _fork_ call returns twice: once in the parent process, where the return value is the process identifier of the child, and once in the child process, where the return value is 0. The parent-child relationship induces a hierarchical structure on the set of processes in the system. @@ -567,7 +567,7 @@ A hierarchy of directories and files is thus formed, and is called a _filesystem [[fig-small-fs]] image:fig2.png[A small filesystem] -a small one is shown in crossref:design-44bsd[fig-small-fs]. +a small one is shown in crossref:design-44bsd[fig-small-fs, A small filesystem]. Directories may contain subdirectories, and there is no inherent limitation to the depth with which directory nesting may occur. To protect the consistency of the filesystem, the kernel does not permit processes to write directly into directories. A filesystem may include not only plain files and directories, but also references to other objects, such as devices and sockets. diff --git a/documentation/content/en/books/dev-model/_index.adoc b/documentation/content/en/books/dev-model/_index.adoc index d30dbd7253b0..9ab3a3491f09 100644 --- a/documentation/content/en/books/dev-model/_index.adoc +++ b/documentation/content/en/books/dev-model/_index.adoc @@ -252,9 +252,9 @@ Multiple development efforts in the kernel also require a closer coordination th The core utilities, known as userland, provide the interface that identifies FreeBSD, both user interface, shared libraries and external interfaces to connecting clients. Currently, 162 people are involved in userland development and maintenance, many being maintainers for their own part of the code. -Maintainership will be discussed in the crossref:dev-model[role-maintainer] section. +Maintainership will be discussed in the crossref:dev-model[role-maintainer, Maintainership] section. -Documentation is handled by crossref:dev-model[sub-project-documentation] and includes all documents surrounding the FreeBSD project, including the web pages. +Documentation is handled by crossref:dev-model[sub-project-documentation, The FreeBSD Documentation Project] and includes all documents surrounding the FreeBSD project, including the web pages. There were during 2004 101 people making commits to the FreeBSD Documentation Project. Ports is the collection of meta-data that is needed to make software packages build correctly on FreeBSD. @@ -263,7 +263,7 @@ It contains information about where to fetch the source, what patches to apply a This allows automated tools to fetch, build and install the package. As of this writing, there are more than 12600 ports available. footnote:[Statistics are generated by counting the number of entries in the file fetched by portsdb by April 1st, 2005. portsdb is a part of the port sysutils/portupgrade.] , ranging from web servers to games, programming languages and most of the application types that are in use on modern computers. -Ports will be discussed further in the section crossref:dev-model[sub-project-ports]. +Ports will be discussed further in the section crossref:dev-model[sub-project-ports, The Ports Subproject]. [[methodology-model]] == Methodology model @@ -505,7 +505,7 @@ The following list shows the responsibility lines and gives a description of eac [[role-doc-manager]] ==== Documentation project manager -crossref:dev-model[sub-project-documentation] architect is responsible for defining and following up documentation goals for the committers in the Documentation project, which they supervise. +crossref:dev-model[sub-project-documentation, The FreeBSD Documentation Project] architect is responsible for defining and following up documentation goals for the committers in the Documentation project, which they supervise. Hat held by: The DocEng team mailto:doceng@FreeBSD.org[doceng@FreeBSD.org]. The https://www.freebsd.org/internal/doceng/[ DocEng Charter]. @@ -530,7 +530,7 @@ The responsibilities of the Release Engineering Team are * Coordinating with the Security team so that pending releases are not affected by recently disclosed vulnerabilities. Further information about the development process is available in the -crossref:dev-model[process-release-engineering] section. +crossref:dev-model[process-release-engineering, Release engineering] section. [[role-releng]] Hat held by: the Release Engineering team mailto:re@FreeBSD.org[re@FreeBSD.org]. @@ -557,14 +557,14 @@ The Security Officer is also responsible for taking action when security problem Because of the fear that information about vulnerabilities may leak out to people with malicious intent before a patch is available, only the Security Officer, consisting of an officer, a deputy and two -crossref:dev-model[role-core] members, receive sensitive information about security issues. +crossref:dev-model[role-core, Core Team] members, receive sensitive information about security issues. However, to create or implement a patch, the Security Officer has the Security Officer Team mailto:security-team@FreeBSD.org[security-team@FreeBSD.org] to help do the work. [[role-repo-manager]] ==== Source Repository Manager The Source Repository Manager is the only one who is allowed to directly modify -the repository without using the crossref:dev-model[tool-git] tool. +the repository without using the crossref:dev-model[tool-git, Git] tool. It is their responsibility to ensure that technical problems that arise in the repository are resolved quickly. The source repository manager has the authority to back out commits if this is necessary to resolve a Git technical problem. @@ -574,10 +574,10 @@ Hat held by: the Source Repository Manager mailto:clusteradm@FreeBSD.org[cluster ==== Election Manager The Election Manager is responsible for the -crossref:dev-model[process-core-election] process. +crossref:dev-model[process-core-election, Core election] process. The manager is responsible for running and maintaining the election system, and is the final authority should minor unforeseen events happen in the election process. Major unforeseen events have to be discussed with the -crossref:dev-model[role-core] +crossref:dev-model[role-core, Core Team] Hat held only during elections. @@ -586,14 +586,14 @@ Hat held only during elections. The Web site Management hat is responsible for coordinating the rollout of updated web pages on mirrors around the world, for the overall structure of the primary web site and the system it is running upon. The management needs to coordinate the content with -crossref:dev-model[sub-project-documentation] and acts as maintainer for the "www" tree. +crossref:dev-model[sub-project-documentation, The FreeBSD Documentation Project] and acts as maintainer for the "www" tree. Hat held by: the FreeBSD Webmasters mailto:www@FreeBSD.org[www@FreeBSD.org]. [[role-ports-manager]] ==== Ports Manager -The Ports Manager acts as a liaison between crossref:dev-model[sub-project-ports] and the core project, and all requests from the project should go to the ports manager. +The Ports Manager acts as a liaison between crossref:dev-model[sub-project-ports, The Ports Subproject] and the core project, and all requests from the project should go to the ports manager. Hat held by: the Ports Management Team mailto:portmgr@FreeBSD.org[portmgr@FreeBSD.org]. The https://www.freebsd.org/portmgr/charter/[Portmgr charter]. @@ -690,11 +690,11 @@ When a contributor is given committer status, they are assigned a mentor. The committer who recommended the new committer will, in the general case, take it upon themselves to be the new committers mentor. When a contributor is given their commit bit, a -crossref:dev-model[tool-pgp]-signed email is sent from either -crossref:dev-model[role-core-secretary], crossref:dev-model[role-ports-manager], or nik@freebsd.org to both admins@freebsd.org, the assigned mentor, the new committer, and core confirming the approval of a new account. -The mentor then gathers a password line, crossref:dev-model[tool-ssh2] public +crossref:dev-model[tool-pgp, Pretty Good Privacy]-signed email is sent from either +crossref:dev-model[role-core-secretary, Core Secretary], crossref:dev-model[role-ports-manager, Ports Manager], or nik@freebsd.org to both admins@freebsd.org, the assigned mentor, the new committer, and core confirming the approval of a new account. +The mentor then gathers a password line, crossref:dev-model[tool-ssh2, Secure Shell] public key, and PGP key from the new committer and sends them to -crossref:dev-model[role-admin]. +crossref:dev-model[role-admin, Admin]. When the new account is created, the mentor activates the commit bit and guides the new committer through the rest of the initial process. .Process summary: adding a new committer @@ -724,11 +724,11 @@ In this case, it can also be restored at a later time by core, should the commit Roles in this process: -. crossref:dev-model[role-core] -. crossref:dev-model[role-contributor] -. crossref:dev-model[role-committer] -. crossref:dev-model[role-maintainer] -. crossref:dev-model[role-mentor] +. crossref:dev-model[role-core, Core Team] +. crossref:dev-model[role-contributor, Contributor] +. crossref:dev-model[role-committer, Committer] +. crossref:dev-model[role-maintainer, Maintainership] +. crossref:dev-model[role-mentor, Mentor] [crossref:dev-model[freebsd-bylaws, FreeBSD, 2000A]] [crossref:dev-model[freebsd-expiration-policy, FreeBSD, 2002H]] @@ -749,7 +749,7 @@ This is called "pre-commit test". When contributed code is received, it should be reviewed by the committer and tested the same way. When a change is committed to a part of the source that has been contributed -from an outside crossref:dev-model[role-vendor], the maintainer should ensure that the patch is contributed back to the vendor. +from an outside crossref:dev-model[role-vendor, Vendor], the maintainer should ensure that the patch is contributed back to the vendor. This is in line with the open source philosophy and makes it easier to stay in sync with outside projects as the patches do not have to be reapplied every time a new release is made. After the code has been available for review and no further changes are necessary, the code is committed into the development branch, -CURRENT. @@ -778,10 +778,10 @@ This report is picked up by the maintainer who reviews the code and commits it. Hats included in this process are: -. crossref:dev-model[role-committer] -. crossref:dev-model[role-contributor] -. crossref:dev-model[role-vendor] -. crossref:dev-model[role-reviewer] +. crossref:dev-model[role-committer, Committer] +. crossref:dev-model[role-contributor, Contributor] +. crossref:dev-model[role-vendor, Vendor] +. crossref:dev-model[role-reviewer, Reviewers] [crossref:dev-model[freebsd-committer, FreeBSD, 2001]] [crossref:dev-model[jorgensen2001, Jørgensen, 2001]] @@ -821,9 +821,9 @@ After the vote is over, the election results are announced and the new core team Hats in core elections are: -* crossref:dev-model[role-core] -* crossref:dev-model[role-committer] -* crossref:dev-model[role-election-manager] +* crossref:dev-model[role-core, Core Team] +* crossref:dev-model[role-committer, Committer] +* crossref:dev-model[role-election-manager, Election Manager] [crossref:dev-model[freebsd-bylaws, FreeBSD, 2000A]] [crossref:dev-model[bsd-election2002, FreeBSD, 2002B]] @@ -844,7 +844,7 @@ The wishes that come within the responsibility of a developer are given to that A common way to do this is maintain a TODO-list maintained by the project. Items that do not come within someone's responsibility are collected on TODO-lists unless someone volunteers to take the responsibility. All requests, their distribution and follow-up are handled by the -crossref:dev-model[tool-bugzilla] tool. +crossref:dev-model[tool-bugzilla, Bugzilla] tool. Requirements analysis happens in two ways. The requests that come in are discussed on mailing lists, both within the main project and in the sub-project that the request belongs to or is spawned by the request. @@ -928,14 +928,14 @@ Problems include bug reports, feature requests, feature enhancements and notices Although `send-pr` is available, users and developers are encouraged to submit issues using our https://bugs.freebsd.org/submit/[ problem report form]. Problem reports are sent to an email address where it is inserted into the Problem Reports maintenance database. -A crossref:dev-model[role-bugbuster] classifies the problem and sends it to the correct group or maintainer within the project. +A crossref:dev-model[role-bugbuster, Bugbuster] classifies the problem and sends it to the correct group or maintainer within the project. After someone has taken responsibility for the report, the report is being analysed. This analysis includes verifying the problem and thinking out a solution for the problem. Often feedback is required from the report originator or even from the FreeBSD community. Once a patch for the problem is made, the originator may be asked to try it out. Finally, the working patch is integrated into the project, and documented if applicable. It there goes through the regular maintenance cycle as described in section -crossref:dev-model[model-maintenance]. +crossref:dev-model[model-maintenance, Maintenance]. These are the states a problem report can be in: open, analyzed, feedback, patched, suspended and closed. The suspended state is for when further progress is not possible due to the lack of information or for when the task would require so much work that nobody is working on it at the moment. @@ -949,9 +949,9 @@ This patch is then committed and the problem report is closed. The roles included in this process are: -. crossref:dev-model[role-problem-originator] -. crossref:dev-model[role-maintainer] -. crossref:dev-model[role-bugbuster] +. crossref:dev-model[role-problem-originator, Report originator] +. crossref:dev-model[role-maintainer, Maintainership] +. crossref:dev-model[role-bugbuster, Bugbuster] [crossref:dev-model[freebsd-handle-pr, FreeBSD, 2002C]]. [crossref:dev-model[freebsd-send-pr, FreeBSD, 2002D]] @@ -981,8 +981,8 @@ All penalties come from breaking social etiquette. Hats involved in this process: -* crossref:dev-model[role-core] -* crossref:dev-model[role-committer] +* crossref:dev-model[role-core, Core Team] +* crossref:dev-model[role-committer, Committer] [[process-release-engineering]] === Release engineering @@ -1013,7 +1013,7 @@ Updates are less likely to be allowed during this period, except for important b In this final period, all releases are considered release candidates. At the end of the release process, a release is created with the new version number, including binary distributions on web sites and the creation of CD-ROM images. However, the release is not considered "really released" until a -crossref:dev-model[tool-pgp]-signed message stating exactly that, is sent to the mailing list freebsd-announce; anything labelled as a "release" before that may well be in-process and subject to change before the PGP-signed message is sent. footnote:[Many commercial vendors use these images to create CD-ROMs that are sold in retail outlets.]. +crossref:dev-model[tool-pgp, Pretty Good Privacy]-signed message stating exactly that, is sent to the mailing list freebsd-announce; anything labelled as a "release" before that may well be in-process and subject to change before the PGP-signed message is sent. footnote:[Many commercial vendors use these images to create CD-ROMs that are sold in retail outlets.]. The releases of the -CURRENT-branch (that is, all releases that end with ".0") are very similar, but with twice as long timeframe. It starts 8 weeks prior to the release with announcement of the release time line. @@ -1107,13 +1107,13 @@ The amount of ports has grown at a tremendous rate, as shown by the following fi .Number of ports added between 1995 and 2022 [[fig-ports]] image::portsstatus.svg -crossref:dev-model[fig-ports] shows the number of ports available to FreeBSD in the period 1995 to 2022. +crossref:dev-model[fig-ports,image::portsstatus.svg] shows the number of ports available to FreeBSD in the period 1995 to 2022. It looks like the curve has first grown exponentially, and then from the middle of 2001 to the middle of 2007 grown linearly at a rate of about 2000 ports/year, before its growth rate gets lower. As the external software described by the port often is under continued development, the amount of work required to maintain the ports is already large, and increasing. This has led to the ports part of the FreeBSD project gaining a more empowered structure, and is more and more becoming a sub-project of the FreeBSD project. -Ports has its own core team with the crossref:dev-model[role-ports-manager] as its leader, and this team can appoint committers without FreeBSD Core's approval. +Ports has its own core team with the crossref:dev-model[role-ports-manager, Ports Manager] as its leader, and this team can appoint committers without FreeBSD Core's approval. Unlike in the FreeBSD Project, where a lot of maintenance frequently is rewarded with a commit bit, the ports sub-project contains many active maintainers that are not committers. Unlike the main project, the ports tree is not branched. diff --git a/documentation/content/en/books/developers-handbook/tools/_index.adoc b/documentation/content/en/books/developers-handbook/tools/_index.adoc index 63f40cf66378..bb31426367cb 100644 --- a/documentation/content/en/books/developers-handbook/tools/_index.adoc +++ b/documentation/content/en/books/developers-handbook/tools/_index.adoc @@ -121,14 +121,13 @@ It is very popular in AI (Artificial Intelligence) circles. Lisp is an extremely powerful and sophisticated language, but can be rather large and unwieldy. + Various implementations of Lisp that can run on UNIX(R) systems are available in the Ports Collection for FreeBSD. -GNU Common Lisp can be found as package:lang/gcl[]. CLISP by Bruno Haible and Michael Stoll is available as package:lang/clisp[]. -For CMUCL, which includes a highly-optimizing compiler too, or simpler Lisp implementations like SLisp, which implements most of the Common Lisp constructs in a few hundred lines of C code, package:lang/cmucl[] and package:lang/slisp[] are available respectively. +SLisp, a simpler Lisp implementations, is available as package:lang/slisp[]. Perl:: Very popular with system administrators for writing scripts; also often used on World Wide Web servers for writing CGI scripts. + -Perl is available in the Ports Collection as package:lang/perl5.24[] for all FreeBSD releases. +Perl is available in the Ports Collection as package:lang/perl5.36[] for all FreeBSD releases. Scheme:: A dialect of Lisp that is rather more compact and cleaner than Common Lisp. @@ -138,14 +137,10 @@ while it has a high enough level of abstraction to be used in research work. Scheme is available from the Ports Collection as package:lang/elk[] for the Elk Scheme Interpreter. The MIT Scheme Interpreter can be found in package:lang/mit-scheme[] and the SCM Scheme Interpreter in package:lang/scm[]. -Icon:: -Icon is a high-level language with extensive facilities for processing strings and structures. -The version of Icon for FreeBSD can be found in the Ports Collection as package:lang/icon[]. - Lua:: Lua is a lightweight embeddable scripting language. It is widely portable and relatively simple. -Lua is available in the Ports Collection in package:lang/lua[]. +Lua is available in the Ports Collection in package:lang/lua54[]. It is also included in the base system as [.filename]#/usr/libexec/flua# for use by base system components. Third party software should not depend on [.filename]#flua#. @@ -185,7 +180,7 @@ Moreover, distributing a program written for a compiler is usually more straight As the edit-compile-run-debug cycle is rather tedious when using separate programs, many commercial compiler makers have produced Integrated Development Environments (IDEs for short). FreeBSD does not include an IDE in the base system, but package:devel/kdevelop[] is available in the Ports Collection and many use Emacs for this purpose. -Using Emacs as an IDE is discussed in crossref:tools[emacs]. +Using Emacs as an IDE is discussed in crossref:tools[emacs, Using Emacs as a Development Environment]. [[tools-compiling]] == Compiling with `cc` @@ -372,7 +367,7 @@ Basically, if the program failed under certain conditions, the system would writ ==== Fascinating stuff, but what I am supposed to do now? -Use a debugger to analyze the core (see crossref:tools[debugging]). +Use a debugger to analyze the core (see crossref:tools[debugging, Debugging]). ==== When my program dumped core, it said something about a segmentation fault. What is that? diff --git a/documentation/content/en/books/fdp-primer/asciidoctor-primer/_index.adoc b/documentation/content/en/books/fdp-primer/asciidoctor-primer/_index.adoc index 12b3f4421f2d..967dc54915cf 100644 --- a/documentation/content/en/books/fdp-primer/asciidoctor-primer/_index.adoc +++ b/documentation/content/en/books/fdp-primer/asciidoctor-primer/_index.adoc @@ -252,7 +252,7 @@ Books are structured in different directories to keep a sane layout. To create a link from one subdirectory of a book to another subdirectory of the same book, use the `crossref` macro: .... -crossref:doc-build[documentation-makefile] +crossref:doc-build[documentation-makefile, This link] .... And this would be rendered as @@ -268,12 +268,12 @@ It is designed to render the correct link across the different outputs ==== Use the `crossref` macro for intra-document links too. Although it might be inconvenient to write the name of the current document, -it ensures the correct link is renderedacross the different outputs +it ensures the correct link is rendered across the different outputs ==== [WARNING] ==== -Do not use neither the `xref` macro nor its shortcut `<<` `>>`. +Do not use either the `xref` macro or its shortcut `<<` `>>`. They do not work well in all output formats. ==== diff --git a/documentation/content/en/books/fdp-primer/editor-config/_index.adoc b/documentation/content/en/books/fdp-primer/editor-config/_index.adoc index 43411e6d6d14..d7cf1b516eda 100644 --- a/documentation/content/en/books/fdp-primer/editor-config/_index.adoc +++ b/documentation/content/en/books/fdp-primer/editor-config/_index.adoc @@ -52,7 +52,7 @@ Adjusting your text editor configuration can make working on document files quic [[editor-config-vim]] == Vim -Install from package:editors/vim[], then follow the configuration instructions in crossref:editor-config[editor-config-vim-config]. +Install from package:editors/vim[], then follow the configuration instructions in crossref:editor-config[editor-config-vim-config, Configuration]. More advanced users can use a proper linter like link:https://github.com/dense-analysis/ale[Ale] which can also act as a Vim link:https://langserver.org/[Language Server Protocol] client. [[editor-config-vim-use]] diff --git a/documentation/content/en/books/handbook/advanced-networking/_index.adoc b/documentation/content/en/books/handbook/advanced-networking/_index.adoc index ab431aeab84e..081c6d10b534 100644 --- a/documentation/content/en/books/handbook/advanced-networking/_index.adoc +++ b/documentation/content/en/books/handbook/advanced-networking/_index.adoc @@ -154,7 +154,7 @@ Such routes only show up on the host that supports the alias and all other hosts The final line (destination subnet `224`) deals with multicasting. Various attributes of each route can be seen in the `Flags` column. -crossref:advanced-networking[routeflags] summarizes some of these flags and their meanings: +crossref:advanced-networking[routeflags,Commonly Seen Routing Table Flags] summarizes some of these flags and their meanings: [[routeflags]] .Commonly Seen Routing Table Flags @@ -656,7 +656,7 @@ This can be particularly useful when a FreeBSD machine is acting as a gateway to ==== Basic Settings Before configuring a FreeBSD machine as an AP, the kernel must be configured with the appropriate networking support for the wireless card as well as the security protocols being used. -For more details, see crossref:advanced-networking[network-wireless-basic]. +For more details, see crossref:advanced-networking[network-wireless-ap-basic, Basic Settings]. [NOTE] ==== @@ -757,7 +757,7 @@ The client machine found the AP and can be associated with it: This section focuses on setting up a FreeBSD access point using the WPA2 security protocol. More details regarding WPA and the configuration of WPA-based wireless clients -can be found in crossref:advanced-networking[network-wireless-wpa]. +can be found in crossref:advanced-networking[network-wireless-wpa, WPA with EAP-TLS]. The man:hostapd[8] daemon is used to deal with client authentication and key management on the WPA2-enabled AP. @@ -770,7 +770,7 @@ hostapd_enable="YES" .... Before trying to configure man:hostapd[8], first configure the basic settings -introduced in crossref:advanced-networking[network-wireless-ap-basic]. +introduced in crossref:advanced-networking[network-wireless-ap-basic, Basic Settings]. ===== WPA2-PSK @@ -826,7 +826,7 @@ wlan0: flags=8943 metric 0 mtu 1 .... Once the AP is running, the clients can associate with it. -See crossref:advanced-networking[network-wireless-wpa] for more details. +See crossref:advanced-networking[network-wireless-ap-basic, Basic Settings] for more details. It is possible to see the stations associated with the AP using `ifconfig _wlan0_ list sta`. [[network-usb-tethering]] diff --git a/documentation/content/en/books/handbook/audit/_index.adoc b/documentation/content/en/books/handbook/audit/_index.adoc index 4bf987fe0222..067298148036 100644 --- a/documentation/content/en/books/handbook/audit/_index.adoc +++ b/documentation/content/en/books/handbook/audit/_index.adoc @@ -126,7 +126,7 @@ Selection expressions are used in a number of places in the audit configuration Expressions contain a list of event classes to match. Selection expressions are evaluated from left to right, and two expressions are combined by appending one onto the other. -crossref:audit[event-selection] summarizes the default audit event classes: +crossref:audit[event-selection,Default Audit Event Classes] summarizes the default audit event classes: [[event-selection]] .Default Audit Event Classes @@ -220,7 +220,7 @@ crossref:audit[event-selection] summarizes the default audit event classes: These audit event classes may be customized by modifying the [.filename]#audit_class# and [.filename]#audit_event# configuration files. Each audit event class may be combined with a prefix indicating whether successful/failed operations are matched, and whether the entry is adding or removing matching for the class and type. -crossref:audit[event-prefixes] summarizes the available prefixes: +crossref:audit[event-prefixes,Prefixes for Audit Event Classes] summarizes the available prefixes: [[event-prefixes]] .Prefixes for Audit Event Classes @@ -437,7 +437,7 @@ The change will take effect once [.filename]#/etc/crontab# is saved. Automatic rotation of the audit trail file based on file size is possible using `filesz` in [.filename]#audit_control# as described in -crossref:audit[audit-auditcontrol]. +crossref:audit[audit-auditcontrol, The audit_control File]. As audit trail files can become very large, it is often desirable to compress or otherwise archive trails once they have been closed by the audit daemon. The [.filename]#audit_warn# script can be used to perform customized operations for a variety of audit-related events, including the clean termination of audit trails when they are rotated. diff --git a/documentation/content/en/books/handbook/basics/_index.adoc b/documentation/content/en/books/handbook/basics/_index.adoc index b86f4cbf8ac3..99d927b772b3 100644 --- a/documentation/content/en/books/handbook/basics/_index.adoc +++ b/documentation/content/en/books/handbook/basics/_index.adoc @@ -345,7 +345,7 @@ This software provides activity logging and allows the administrator to configur FreeBSD provides a variety of different commands to manage user accounts. The most common commands are summarized in -crossref:basics[users-modifying-utilities], followed by some examples of their usage. +crossref:basics[users-modifying-utilities,Utilities for Managing User Accounts], followed by some examples of their usage. See the manual page for each utility for more details and usage examples. [[users-modifying-utilities]] @@ -383,7 +383,7 @@ It also creates a home directory for the new user, copies in the default configu This utility must be run as the superuser. The man:adduser[8] utility is interactive and walks through the steps for creating a new user account. -As seen in crossref:basics[users-modifying-adduser], either input the required information or press kbd:[Return] to accept the default value shown in square brackets. +As seen in crossref:basics[users-modifying-adduser, Adding a User on FreeBSD], either input the required information or press kbd:[Return] to accept the default value shown in square brackets. In this example, the user has been invited into the `wheel` group, allowing them to become the superuser with man:su[1]. When finished, the utility will prompt to either create another user or to exit. @@ -494,9 +494,9 @@ When the user exits from the editor, the user database is updated with the new i This utility will prompt for the user's password when exiting the editor, unless the utility is run as the superuser. ==== -In crossref:basics[users-modifying-chpass-su], the superuser has typed `chpass jru` and is now viewing the fields that can be changed for this user. +In crossref:basics[users-modifying-chpass-su,Using `chpass` as Superuser], the superuser has typed `chpass jru` and is now viewing the fields that can be changed for this user. If `jru` runs this command instead, only the last six fields will be displayed and available for editing. -This is shown in crossref:basics[users-modifying-chpass-ru]. +This is shown in crossref:basics[users-modifying-chpass-ru,Using `chpass` as Regular User]. [[users-modifying-chpass-su]] .Using `chpass` as Superuser @@ -1074,12 +1074,12 @@ This directory is the first one mounted at boot time and it contains the base sy The root directory also contains mount points for other file systems that are mounted during the transition to multi-user operation. A mount point is a directory where additional file systems can be grafted onto a parent file system (usually the root file system). -This is further described in crossref:basics[disk-organization]. +This is further described in crossref:basics[disk-organization, Disk Organization]. Standard mount points include `/usr/`, `/var/`, `/tmp/`, `/mnt/`, and `/cdrom/`. These directories are usually referenced to entries in `/etc/fstab`. This file is a table of various file systems and mount points and is read by the system. Most of the file systems in `/etc/fstab` are mounted automatically at boot time from the script man:rc[8] unless their entry includes `noauto`. -Details can be found in crossref:basics[disks-fstab]. +Details can be found in crossref:basics[disks-fstab, The fstab File]. A complete description of the file system hierarchy is available in man:hier[7]. The following table provides a brief overview of the most common directories. @@ -1271,7 +1271,7 @@ If the partition is the last one on a virtual disk, and the disk is expanded, th File systems are contained in _partitions_. Disks are divided into partitions using one of several partitioning schemes; -see crossref:basics[bsdinstall-part-manual]. +see crossref:bsdinstall[bsdinstall-part-manual, Manual Partitioning]. The newer scheme is GPT; older BIOS-based computers use MBR. GPT supports division of a disk into partitions with a size, offset, and type. It supports a large number of partitions and partition types, and is recommended whenever its use is possible. @@ -1321,13 +1321,13 @@ This letter is appended to the device name, so "da0__a__" is the `a` partition o Finally, each disk on the system is identified. A disk name starts with a code that indicates the type of disk, and then a number, indicating which disk it is. Unlike partitions and slices, disk numbering starts at 0. -Common codes are listed in crossref:basics[disks-naming]. +Common codes are listed in crossref:basics[disks-naming,Disk Device Names]. When referring to a partition in a slice, include the disk name, `s`, the slice number, and then the partition letter. -Examples are shown in crossref:basics[basics-disk-slice-part]. +Examples are shown in crossref:basics[basics-disk-slice-part,Sample Disk, Slice, and Partition Names]. GPT partitions include the disk name, `p`, and then the partition number. -crossref:basics[basics-concept-disk-model] shows a conceptual model of a disk layout using MBR slices. +crossref:basics[basics-concept-disk-model,Conceptual Model of a Disk] shows a conceptual model of a disk layout using MBR slices. When installing FreeBSD, configure the disk slices if using MBR, and create partitions within the slice to be used for FreeBSD. If using GPT, configure partitions for each file system. @@ -1423,7 +1423,7 @@ device /mount-point fstype options dumpfreq passno .... `device`:: -An existing device name as explained in crossref:basics[disks-naming]. +An existing device name as explained in crossref:basics[disks-naming,Disk Device Names]. `mount-point`:: An existing directory on which to mount the file system. @@ -1684,7 +1684,7 @@ Typing a `t` and pressing kbd:[Tab] again is enough to let the shell determine w Another feature of the shell is the use of environment variables. Environment variables are a variable/key pair stored in the shell's environment. This environment can be read by any program invoked by the shell, and thus contains a lot of program configuration. -crossref:basics[shell-env-vars] provides a list of common environment variables and their meanings. +crossref:basics[shell-env-vars,Common Environment Variables] provides a list of common environment variables and their meanings. Note that the names of environment variables are always in uppercase. [[shell-env-vars]] @@ -1859,7 +1859,7 @@ Learning a more powerful editor such as vim or Emacs can save more time in the l Many applications which modify files or require typed input will automatically open a text editor. To change the default editor, set the `EDITOR` environment variable as described -in crossref:basics[shells]. +in crossref:basics[shells, Shells]. [[basics-devices]] == Devices and Device Nodes diff --git a/documentation/content/en/books/handbook/boot/_index.adoc b/documentation/content/en/books/handbook/boot/_index.adoc index abe4846b9864..60bf37b486a0 100644 --- a/documentation/content/en/books/handbook/boot/_index.adoc +++ b/documentation/content/en/books/handbook/boot/_index.adoc @@ -217,7 +217,7 @@ The loader will then read [.filename]#/boot/loader.rc#, which by default reads i Finally, by default, loader issues a 10 second wait for key presses, and boots the kernel if it is not interrupted. If interrupted, the user is presented with a prompt which understands the command set, where the user may adjust variables, unload all modules, load modules, and then finally boot or reboot. -crossref:boot[boot-loader-commands] lists the most commonly used loader commands. +crossref:boot[boot-loader-commands,Loader Built-In Commands] lists the most commonly used loader commands. For a complete discussion of all available commands, refer to man:loader[8]. [[boot-loader-commands]] @@ -306,7 +306,7 @@ To load an automated kernel configuration script: === Last Stage Once the kernel is loaded by either loader or by boot2, which bypasses loader, it examines any boot flags and adjusts its behavior as necessary. -crossref:boot[boot-kernel] lists the commonly used boot flags. +crossref:boot[boot-kernel,Kernel Interaction During Boot] lists the commonly used boot flags. Refer to man:boot[8] for more information on the other boot flags. [[boot-kernel]] @@ -398,7 +398,7 @@ This file stores kernel boot information known as variables, sometimes referred These "device hints" are used by device drivers for device configuration. Device hints may also be specified at the Stage 3 boot loader prompt, as -demonstrated in crossref:boot[boot-loader]. +demonstrated in crossref:boot[boot-loader, Stage Three]. Variables can be added using `set`, removed with `unset`, and viewed `show`. Variables set in [.filename]#/boot/device.hints# can also be overridden. Device hints entered at the boot loader are not permanent and will not be applied on the next reboot. diff --git a/documentation/content/en/books/handbook/bsdinstall/_index.adoc b/documentation/content/en/books/handbook/bsdinstall/_index.adoc index 4b9f81109845..9745d4001dd6 100644 --- a/documentation/content/en/books/handbook/bsdinstall/_index.adoc +++ b/documentation/content/en/books/handbook/bsdinstall/_index.adoc @@ -173,11 +173,11 @@ Installation file types: * `*-dvd1.iso*`: This file contains all of the files needed to install FreeBSD, its source, and the Ports Collection. It also contains a set of popular binary packages for installing a window manager and some applications so that a complete system can be installed from media without requiring a connection to the Internet. This file should be burned to optical media. * `*-memstick.img*`: This file contains all of the files needed to install FreeBSD, its source, and the Ports Collection. Write this file to a USB stick - as shown in crossref:bsdinstall[bsdinstall-usb]. + as shown in crossref:bsdinstall[bsdinstall-usb, Writing an Image File to USB]. * `*-mini-memstick.img*`: Like `*-bootonly.iso*`, does not include installation files, but downloads them as needed. A working internet connection is required during installation. It should be written to a USB stick as shown in - crossref:bsdinstall[bsdinstall-usb]. + crossref:bsdinstall[bsdinstall-usb, Writing an Image File to USB]. After downloading the image file, download at least one _checksum_ file from the same directory. There are two _checksum_ files available, named after the release number and the architecture name. @@ -284,7 +284,7 @@ If there is a concern that something is incorrectly configured, just turn the co This section describes how to boot the system from the installation media which was prepared using the instructions in -crossref:bsdinstall[bsdinstall-installation-media]. +crossref:bsdinstall[bsdinstall-installation-media, Prepare the Installation Media]. When using a bootable USB stick, plug in the USB stick before turning on the computer. When booting from CD or DVD, turn on the computer and insert the media at the first opportunity. How to configure the system to boot from the inserted media depends upon the architecture. @@ -310,7 +310,7 @@ The following options are available. * `Cons`: Allow to continue the installation by `video`, `serial`, `Dual (serial primary)` or `Dual (Video primary)` * `Kernel`: Loads a different kernel. * `Boot Options`: Opens the menu shown in, and described under, - crossref:bsdinstall[bsdinstall-boot-options-menu]. + crossref:bsdinstall[bsdinstall-boot-options-menu,FreeBSD Boot Options Menu]. [[bsdinstall-boot-options-menu]] .FreeBSD Boot Options Menu @@ -331,7 +331,7 @@ Several options can be toggled using this menu: After making the needed selections, press kbd:[1] or kbd:[Backspace] to return to the main boot menu, then press kbd:[Enter] to continue booting into FreeBSD. A series of boot messages will appear as FreeBSD carries out its hardware device probes and loads the installation program. Once the boot is complete, the welcome menu shown in -crossref:bsdinstall[bsdinstall-choose-mode] will be displayed. +crossref:bsdinstall[bsdinstall-choose-mode,Welcome Menu] will be displayed. [[bsdinstall-choose-mode]] .Welcome Menu @@ -342,7 +342,7 @@ The rest of this chapter describes how to use this installer. Otherwise, use the right or left arrows or the colorized letter to select the desired menu item. The btn:[Shell] can be used to access a FreeBSD shell in order to use command line utilities to prepare the disks before installation. The btn:[Live CD] option can be used to try out FreeBSD before installing it. -The live version is described in crossref:bsdinstall[using-live-cd]. +The live version is described in crossref:bsdinstall[using-live-cd, Using the Live CD]. [TIP] ==== @@ -362,14 +362,14 @@ When finished, press kbd:[Enter] to save the selection and move onto the next sc === Selecting the Keymap Menu Before starting the process, bsdinstall will load the keymap files as shown in -crossref:bsdinstall[bsdinstall-keymap-loading]. +crossref:bsdinstall[bsdinstall-keymap-loading,Keymap Loading]. [[bsdinstall-keymap-loading]] .Keymap Loading image::bsdinstall-keymap-loading.png[Keymap loading] After the keymaps have been loaded, bsdinstall displays the menu shown in -crossref:bsdinstall[bsdinstall-keymap-10]. +crossref:bsdinstall[bsdinstall-keymap-10,Keymap Selection Menu]. Use the up and down arrows to select the keymap that most closely represents the mapping of the keyboard attached to the system. Press kbd:[Enter] to save the selection. @@ -385,7 +385,7 @@ If the choice of keymap is not clear, [.guimenuitem]#United States of America IS In addition, when selecting a different keymap, the user can try the keymap and ensure it is correct before proceeding, as shown in -crossref:bsdinstall[bsdinstall-keymap-testing]. +crossref:bsdinstall[bsdinstall-keymap-testing,Keymap Testing Menu]. [[bsdinstall-keymap-testing]] .Keymap Testing Menu @@ -435,10 +435,10 @@ The FreeBSD Ports Collection takes up about {ports-size} of disk space. [[bsdinstall-netinstall]] === Installing from the Network -The menu shown in crossref:bsdinstall[bsdinstall-netinstall-notify] only appears when installing from a `-bootonly.iso` or `-mini-memstick.img`, as this installation media does not hold copies of the installation files. +The menu shown in crossref:bsdinstall[bsdinstall-netinstall-notify,Installing from the Network] only appears when installing from a `-bootonly.iso` or `-mini-memstick.img`, as this installation media does not hold copies of the installation files. Since the installation files must be retrieved over a network connection, this menu indicates that the network interface must be configured first. If this menu is shown in any step of the process, remember to follow the -instructions in crossref:bsdinstall[bsdinstall-config-network-dev]. +instructions in crossref:bsdinstall[bsdinstall-config-network-dev, Configuring Network Interfaces]. [[bsdinstall-netinstall-notify]] .Installing from the Network @@ -536,7 +536,7 @@ The next menu shows a list with the available partition scheme types. GPT is usually the most appropriate choice for amd64 computers. Older computers that are not compatible with GPT should use MBR. The other partition schemes are generally used for uncommon or older computers. -More information is available in crossref:bsdinstall[partition-schemes]. +More information is available in crossref:bsdinstall[partition-schemes,Partitioning Schemes]. [[bsdinstall-ufs-scheme]] .Select Partition Scheme @@ -561,7 +561,7 @@ Otherwise, select btn:[Commit] to start the installation process. image::bsdinstall-final-confirmation.png[Menu indicating to the user that all changes will be written to disk and informing that if he decides to continue the existing data will be permanently deleted.] To continue with the installation process, go to -crossref:bsdinstall[bsdinstall-fetching-distribution]. +crossref:bsdinstall[bsdinstall-fetching-distribution, Fetching Distribution Files]. [[bsdinstall-part-manual]] === Manual Partitioning @@ -625,7 +625,7 @@ Multiple file system partitions can be created. Some people prefer a traditional Note that `/tmp` can be added later as a memory-based file system (man:tmpfs[5]) on systems with sufficient memory. ==== -See crossref:bsdinstall[bsdinstall-part-manual-splitfs] for an example. +See crossref:bsdinstall[bsdinstall-part-manual-splitfs,Creating Traditional Split File System Partitions] for an example. The `Size` may be entered with common abbreviations: _K_ for kilobytes, _M_ for megabytes, or _G_ for gigabytes. @@ -705,7 +705,7 @@ By default, FreeBSD's `gptboot` expects the first UFS partition to be the `/` pa After the custom partitions have been created, select btn:[Finish] to continue with the installation and go to -crossref:bsdinstall[bsdinstall-fetching-distribution]. +crossref:bsdinstall[bsdinstall-fetching-distribution, Fetching Distribution Files]. [[bsdinstall-part-zfs]] === Guided Partitioning Using Root-on-ZFS @@ -724,7 +724,7 @@ Here is a summary of the options in this menu: constitute the pool. The automatic ZFS installer currently only supports the creation of a single top level vdev, except in stripe mode. To create more complex pools, use the instructions in - crossref:bsdinstall[bsdinstall-part-shell] to create the pool. + crossref:bsdinstall[bsdinstall-part-shell, Shell Mode Partitioning] to create the pool. * `Rescan Devices` - Repopulate the list of available disks. * `Disk Info` - This menu can be used to inspect each disk, including its partition table and various other information such as the device model number and serial number, if available. * `Pool Name` - Establish the name of the pool. The default name is _zroot_. @@ -808,7 +808,7 @@ image::bsdinstall-zfs-init-encription.png[Menu showing that the encryption is in The installation then proceeds normally. To continue with the installation, go to -crossref:bsdinstall[bsdinstall-fetching-distribution]. +crossref:bsdinstall[bsdinstall-fetching-distribution, Fetching Distribution Files]. [[bsdinstall-part-shell]] === Shell Mode Partitioning @@ -870,7 +870,7 @@ Select the interface to configure. image::bsdinstall-configure-network-interface.png[Menu showing the different network interfaces to configure.] If an Ethernet interface is selected, the installer will skip ahead to the menu -shown in crossref:bsdinstall[bsdinstall-configure-net-ipv4]. +shown in crossref:bsdinstall[bsdinstall-configure-net-ipv4,Choose IPv4 Networking]. If a wireless network interface is chosen, the system will instead scan for wireless access points: [[bsdinstall-wireless-scan]] @@ -1088,7 +1088,7 @@ Select btn:[Yes] to add new users. image::bsdinstall-adduser1.png[Menu requesting if a user want to be added to the system.] Follow the prompts and input the requested information for the user account. -The example shown in crossref:bsdinstall[bsdinstall-add-user2] creates the `asample` user account. +The example shown in crossref:bsdinstall[bsdinstall-add-user2,Enter User Information] creates the `asample` user account. [[bsdinstall-add-user2]] .Enter User Information @@ -1136,13 +1136,13 @@ image::bsdinstall-finalconfiguration.png[Menu showing different options to perfo Use this menu to make any changes or to do any additional configuration before completing the installation. -* `Add User` - Described in crossref:bsdinstall[bsdinstall-addusers]. -* `Root Password` - Described in crossref:bsdinstall[bsdinstall-post-root]. -* `Hostname` - Described in crossref:bsdinstall[bsdinstall-hostname]. -* `Network` - Described in crossref:bsdinstall[bsdinstall-config-network-dev]. -* `Services` - Described in crossref:bsdinstall[bsdinstall-sysconf]. -* `System Hardening` - Described in crossref:bsdinstall[bsdinstall-hardening]. -* `Time Zone` - Described in crossref:bsdinstall[bsdinstall-timezone]. +* `Add User` - Described in crossref:bsdinstall[bsdinstall-addusers, Add Users]. +* `Root Password` - Described in crossref:bsdinstall[bsdinstall-post-root, Setting the `root` Password]. +* `Hostname` - Described in crossref:bsdinstall[bsdinstall-hostname, Setting the Hostname]. +* `Network` - Described in crossref:bsdinstall[bsdinstall-config-network-dev, Configuring Network Interfaces]. +* `Services` - Described in crossref:bsdinstall[bsdinstall-sysconf, Enabling Services]. +* `System Hardening` - Described in crossref:bsdinstall[bsdinstall-hardening, Enabling Hardening Security Options]. +* `Time Zone` - Described in crossref:bsdinstall[bsdinstall-timezone, Setting the Time Zone]. * `Handbook` - Download and install the FreeBSD Handbook. Once configuration is complete, select btn:[Exit]. @@ -1175,7 +1175,7 @@ When finished, press kbd:[Scroll-Lock] again to unlock the display and return to To review these messages once the system has been up for some time, type `less /var/run/dmesg.boot` from a command prompt. Press kbd:[q] to return to the command line after viewing. -If sshd was enabled in crossref:bsdinstall[bsdinstall-config-serv], the first boot might be a bit slower as the system generates SSH host keys. +If sshd was enabled in crossref:bsdinstall[bsdinstall-config-serv,Selecting Additional Services to Enable], the first boot might be a bit slower as the system generates SSH host keys. Subsequent boots will be faster. The fingerprints of the keys are then displayed as in the following example: @@ -1261,7 +1261,7 @@ More information about the boot loader can be found in crossref:boot[boot-synops == Using the Live CD The welcome menu of bsdinstall, shown in -crossref:bsdinstall[bsdinstall-choose-mode], provides a btn:[Live CD] option. +crossref:bsdinstall[bsdinstall-choose-mode,Welcome Menu], provides a btn:[Live CD] option. This is useful for those who are still wondering whether FreeBSD is the right operating system for them and want to test some of the features before installing. The following points should be noted before using the btn:[Live CD]: diff --git a/documentation/content/en/books/handbook/config/_index.adoc b/documentation/content/en/books/handbook/config/_index.adoc index 828734d3a4f1..ad2439cb13e3 100644 --- a/documentation/content/en/books/handbook/config/_index.adoc +++ b/documentation/content/en/books/handbook/config/_index.adoc @@ -74,7 +74,7 @@ FreeBSD base system configuration is located at the [.filename]#/etc# directory, and the [.filename]#/usr/local/etc# directory contains all the configuration files of the applications installed on the system through the ports collection and packages. The kernel state configuration is located in [.filename]#/etc/sysctl.conf#. -In the section crossref:config[configtuning-sysctl], the operation of man:sysctl[8] will be explained in more detail. +In the section crossref:config[configtuning-sysctl, The sysctl utility], the operation of man:sysctl[8] will be explained in more detail. For more information about the FreeBSD file system structure refer to man:hier[7]. @@ -127,7 +127,7 @@ The [.filename]#/etc# directory contains all of the FreeBSD base system configur |Contains descriptive information about the local host name, configuration details for any potential network interfaces and which services should be started up at system initial boot time. More information in -crossref:bsdinstall[configtuning-core-configuration] +crossref:bsdinstall[configtuning-core-configuration, Managing System-Specific Configuration] |[.filename]#/etc/security# |OpenBSM audit configuration files, see man:audit[8] for more information. @@ -143,7 +143,7 @@ crossref:bsdinstall[configtuning-core-configuration] |[.filename]#/etc/sysctl.conf# |Contains settings for the kernel. More information in -crossref:bsdinstall[configtuning-sysctl] +crossref:bsdinstall[configtuning-sysctl, The sysctl utility] |=== diff --git a/documentation/content/en/books/handbook/cutting-edge/_index.adoc b/documentation/content/en/books/handbook/cutting-edge/_index.adoc index e2e5152f740d..8707118bebb8 100644 --- a/documentation/content/en/books/handbook/cutting-edge/_index.adoc +++ b/documentation/content/en/books/handbook/cutting-edge/_index.adoc @@ -229,7 +229,7 @@ The man:uname[1] command may be used to verify its installation. ==== Always keep a copy of the [.filename]#GENERIC# kernel in [.filename]#/boot/GENERIC#. It will be helpful in diagnosing a variety of problems and in performing version upgrades. -Refer to crossref:cutting-edge[freebsd-update-custom-kernel-9x] for instructions on how to get a copy of the [.filename]#GENERIC# kernel. +Refer to crossref:cutting-edge[freebsd-update-custom-kernel-9x, Custom Kernels with FreeBSD 9.X and Later] for instructions on how to get a copy of the [.filename]#GENERIC# kernel. ==== Unless the default configuration in [.filename]#/etc/freebsd-update.conf# has been changed, @@ -277,7 +277,7 @@ So, with any minor or major OS upgrade, if your package requirements include any [NOTE] ==== If the system is running a custom kernel, make sure that a copy of the [.filename]#GENERIC# kernel exists in [.filename]#/boot/GENERIC# before starting the upgrade. -Refer to crossref:cutting-edge[freebsd-update-custom-kernel-9x] for instructions on how to get a copy of the [.filename]#GENERIC# kernel. +Refer to crossref:cutting-edge[freebsd-update-custom-kernel-9x, Custom Kernels with FreeBSD 9.X and Later] for instructions on how to get a copy of the [.filename]#GENERIC# kernel. ==== Before upgrading to a new version, ensure the existing FreeBSD installation is up to date with respect to security and errata patches: @@ -399,7 +399,7 @@ Depending upon whether any library version numbers were bumped, there may only b The upgrade is now complete. If this was a major version upgrade, reinstall all ports and packages as -described in crossref:cutting-edge[freebsdupdate-portsrebuild]. +described in crossref:cutting-edge[freebsdupdate-portsrebuild, Upgrading Packages After a Major Version Upgrade]. [[freebsd-update-custom-kernel-9x]] ==== Custom Kernels with FreeBSD 9.X and Later @@ -606,7 +606,7 @@ In order to track changes to the whole source tree, not just the changes to Free . Due to the size of the repository, some users choose to only synchronize the sections of source that interest them or which they are contributing patches to. However, users that plan to compile the operating system from source must download _all_ of FreeBSD-CURRENT, not just selected portions. + Before compiling FreeBSD-CURRENT, read [.filename]#/usr/src/Makefile# very -carefully and follow the instructions in crossref:cutting-edge[makeworld]. +carefully and follow the instructions in crossref:cutting-edge[makeworld, Updating FreeBSD from Source]. Read the {freebsd-current} and [.filename]#/usr/src/UPDATING# to stay up-to-date on other bootstrapping procedures that sometimes become necessary on the road to the next release. . Be active! FreeBSD-CURRENT users are encouraged to submit their suggestions for enhancements or bug fixes. Suggestions with accompanying code are always welcome. @@ -642,7 +642,7 @@ To compile or upgrade an existing FreeBSD system to FreeBSD-STABLE, use `git` to Branch names, such as `stable/13`, are listed at link:https://www.FreeBSD.org/releng/[www.freebsd.org/releng]. . Before compiling or upgrading to FreeBSD-STABLE , read [.filename]#/usr/src/Makefile# carefully and follow the instructions in - crossref:cutting-edge[makeworld]. Read the {freebsd-stable} and [.filename]#/usr/src/UPDATING# to keep up-to-date on other bootstrapping procedures that sometimes become necessary on the road to the next release. + crossref:cutting-edge[makeworld, Updating FreeBSD from Source]. Read the {freebsd-stable} and [.filename]#/usr/src/UPDATING# to keep up-to-date on other bootstrapping procedures that sometimes become necessary on the road to the next release. [[translate-n-number]] === The N-number @@ -739,7 +739,7 @@ check /usr/src/UPDATING <.> .... <.> Get the latest version of the source. See -crossref:cutting-edge[updating-src-obtaining-src] for more information on obtaining and updating source. +crossref:cutting-edge[updating-src-obtaining-src, Updating the Source] for more information on obtaining and updating source. <.> Check [.filename]#/usr/src/UPDATING# for any manual steps required before or after building from source. @@ -834,7 +834,7 @@ Determine which version of FreeBSD is being used with man:uname[1]: 13.2-RELEASE .... -Based on crossref:cutting-edge[updating-src-obtaining-src-repopath], the source used to update `13.2-RELEASE` has a repository path of `releng/13.2`. +Based on crossref:cutting-edge[updating-src-obtaining-src-repopath,FreeBSD Versions and Repository Branches], the source used to update `13.2-RELEASE` has a repository path of `releng/13.2`. That path is used when checking out the source: [source,shell] @@ -845,7 +845,7 @@ That path is used when checking out the source: <.> Move the old directory out of the way. If there are no local modifications in this directory, it can be deleted. -<.> The path from crossref:cutting-edge[updating-src-obtaining-src-repopath] is added to the repository URL. The third parameter is the destination directory for the source code on the local system. +<.> The path from crossref:cutting-edge[updating-src-obtaining-src-repopath,FreeBSD Versions and Repository Branches] is added to the repository URL. The third parameter is the destination directory for the source code on the local system. [[updating-src-building]] === Building from Source @@ -1115,7 +1115,7 @@ and the build machine should list them all in its `KERNCONF`, listing its own ke The build machine must have the kernel configuration files for each machine in its [.filename]#/usr/src/sys/arch/conf#. On the build machine, build the kernel and world as described in -crossref:cutting-edge[makeworld], +crossref:cutting-edge[makeworld, Updating FreeBSD from Source], but do not install anything on the build machine. Instead, install the built kernel on the test machine. On the test machine, mount [.filename]#/usr/src# and [.filename]#/usr/obj# via NFS. diff --git a/documentation/content/en/books/handbook/disks/_index.adoc b/documentation/content/en/books/handbook/disks/_index.adoc index e18dee28528a..bc03eedbfb04 100644 --- a/documentation/content/en/books/handbook/disks/_index.adoc +++ b/documentation/content/en/books/handbook/disks/_index.adoc @@ -82,7 +82,7 @@ Inspect [.filename]#/var/run/dmesg.boot# to ensure the new disk was found. In this example, the newly added SATA drive will appear as [.filename]#ada1#. For this example, a single large partition will be created on the new disk. -The http://en.wikipedia.org/wiki/GUID_Partition_Table[GPT] partitioning scheme will be used in preference to the older and less versatile MBR scheme. +The https://en.wikipedia.org/wiki/GUID_Partition_Table[GPT] partitioning scheme will be used in preference to the older and less versatile MBR scheme. [NOTE] ==== @@ -166,7 +166,7 @@ List the partitions on the disk to see the current configuration: [NOTE] ==== -If the disk was formatted with the http://en.wikipedia.org/wiki/GUID_Partition_Table[GPT] partitioning scheme, it may show as "corrupted" because the GPT backup partition table is no longer at the end of the drive. +If the disk was formatted with the https://en.wikipedia.org/wiki/GUID_Partition_Table[GPT] partitioning scheme, it may show as "corrupted" because the GPT backup partition table is no longer at the end of the drive. Fix the backup partition table with `gpart`: [source,shell] @@ -353,7 +353,7 @@ Refer to man:usbconfig[8] for more information about this command. ugen0.3: at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (2mA) .... -If the device has not been formatted, refer to crossref:disks[disks-adding] for instructions on how to format and create partitions on the USB drive. +If the device has not been formatted, refer to crossref:disks[disks-adding, Adding Disks] for instructions on how to format and create partitions on the USB drive. If the drive comes with a file system, it can be mounted by `root` using the instructions in crossref:basics[mount-unmount,“Mounting and Unmounting File Systems”]. [WARNING] @@ -703,7 +703,7 @@ To do so, use [.filename]#dd# with the device name as the input file and the nam # dd if=/dev/cd0 of=file.iso bs=2048 .... -The resulting image file can be burned to CD as described in crossref:disks[cdrecord]. +The resulting image file can be burned to CD as described in crossref:disks[cdrecord, Burning a CD]. ==== [[mounting-cd]] @@ -773,9 +773,9 @@ In order to mount a data CD, the data must be written using `mkisofs`. To duplicate an audio CD, extract the audio data from the CD to a series of files, then write these files to a blank CD. -crossref:disks[using-cdrecord] describes how to duplicate and burn an audio CD. +crossref:disks[using-cdrecord, Duplicating an Audio CD] describes how to duplicate and burn an audio CD. If the FreeBSD version is less than 10.0 and the device is ATAPI, the `atapicam` -module must be first loaded using the instructions in crossref:disks[atapicam]. +module must be first loaded using the instructions in crossref:disks[atapicam, Supported Devices]. [[using-cdrecord]] [.procedure] @@ -796,7 +796,7 @@ Refer to the `cdda2wav` manual page for instructions on how to specify a device % cdrecord -v dev=2,0 -dao -useinfo *.wav .... + -Make sure that _2,0_ is set appropriately, as described in crossref:disks[cdrecord]. +Make sure that _2,0_ is set appropriately, as described in crossref:disks[cdrecord, Burning a CD]. [[creating-dvds]] == Creating and Using DVD Media @@ -811,7 +811,7 @@ Five physical recordable formats can be defined for a recordable DVD: * DVD-RAM: This is a rewritable format which can be seen as a removable hard drive. However, this media is not compatible with most DVD-ROM drives and DVD-Video players as only a few DVD writers support the DVD-RAM format. Refer - to crossref:disks[creating-dvd-ram] for more information on DVD-RAM use. + to crossref:disks[creating-dvd-ram, Using a DVD-RAM] for more information on DVD-RAM use. * DVD+RW: This is a rewritable format defined by the https://en.wikipedia.org/wiki/DVD%2BRW_Alliance[DVD+RW Alliance]. A DVD+RW can be rewritten about 1000 times. * DVD+R: This format is the write once variation of the DVD+RW format. @@ -832,7 +832,7 @@ This command is part of the package:sysutils/dvd+rw-tools[] utilities which supp These tools use the SCSI subsystem to access the devices, therefore crossref:disks[atapicam,ATAPI/CAM support] must be loaded or statically compiled into the kernel. This support is not needed if the burner uses the USB interface. -Refer to crossref:disks[usb-disks] for more details on USB device configuration. +Refer to crossref:disks[usb-disks, USB Storage Devices] for more details on USB device configuration. DMA access must also be enabled for ATAPI devices, by adding the following line to [.filename]#/boot/loader.conf#: @@ -1843,7 +1843,7 @@ The following example demonstrates adding a new hard drive to a system that will .Procedure: Encrypting a Partition with gbde . Add the New Hard Drive + -Install the new drive to the system as explained in crossref:disks[disks-adding]. +Install the new drive to the system as explained in crossref:disks[disks-adding, Adding Disks]. For the purposes of this example, a new hard drive partition has been added as [.filename]#/dev/ad4s1c# and [.filename]#/dev/ad0s1*# represents the existing standard FreeBSD partitions. + [source,shell] diff --git a/documentation/content/en/books/handbook/disks/_index.po b/documentation/content/en/books/handbook/disks/_index.po index 243e97ee3eab..653339cc415d 100644 --- a/documentation/content/en/books/handbook/disks/_index.po +++ b/documentation/content/en/books/handbook/disks/_index.po @@ -147,7 +147,7 @@ msgstr "" #: documentation/content/en/books/handbook/disks/_index.adoc:86 msgid "" "For this example, a single large partition will be created on the new disk. " -"The http://en.wikipedia.org/wiki/GUID_Partition_Table[GPT] partitioning " +"The https://en.wikipedia.org/wiki/GUID_Partition_Table[GPT] partitioning " "scheme will be used in preference to the older and less versatile MBR scheme." msgstr "" @@ -290,7 +290,7 @@ msgstr "" #. type: delimited block = 4 #: documentation/content/en/books/handbook/disks/_index.adoc:171 msgid "" -"If the disk was formatted with the http://en.wikipedia.org/wiki/" +"If the disk was formatted with the https://en.wikipedia.org/wiki/" "GUID_Partition_Table[GPT] partitioning scheme, it may show as \"corrupted\" " "because the GPT backup partition table is no longer at the end of the " "drive. Fix the backup partition table with `gpart`:" diff --git a/documentation/content/en/books/handbook/firewalls/_index.adoc b/documentation/content/en/books/handbook/firewalls/_index.adoc index 60e9846bc593..2175a1717bd6 100644 --- a/documentation/content/en/books/handbook/firewalls/_index.adoc +++ b/documentation/content/en/books/handbook/firewalls/_index.adoc @@ -99,7 +99,7 @@ Packets destined for a specific service originate from the source address using All the above parameters can be used as selection criteria to create rules which will pass or block services. To lookup unknown port numbers, refer to [.filename]#/etc/services#. -Alternatively, visit http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers[http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers] and do a port number lookup to find the purpose of a particular port number. +Alternatively, visit https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers[https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers] and do a port number lookup to find the purpose of a particular port number. Check out this link for http://web.archive.org/web/20150803024617/http://www.sans.org/security-resources/idfaq/oddports.php[port numbers used by Trojans]. @@ -245,7 +245,7 @@ The FreeBSD installation includes several sample files located in [.filename]#/u Refer to the http://www.openbsd.org/faq/pf/[PF FAQ] for complete coverage of PF rulesets. To control PF, use `pfctl`. -crossref:firewalls[pfctl] summarizes some useful options to this command. +crossref:firewalls[pfctl,Useful `pfctl` Options] summarizes some useful options to this command. Refer to man:pfctl[8] for a description of all available options: [[pfctl]] .Useful `pfctl` Options @@ -1067,7 +1067,7 @@ This section describes how to enable IPFW, provides an overview of its rule synt IPFW is included in the basic FreeBSD install as a kernel loadable module, meaning that a custom kernel is not needed in order to enable IPFW. For those users who wish to statically compile IPFW support into a custom -kernel, see crossref:firewalls[firewalls-ipfw-kernelconfig]. +kernel, see crossref:firewalls[firewalls-ipfw-kernelconfig, IPFW Kernel Options]. To configure the system to enable IPFW at boot time, add `firewall_enable="YES"` to [.filename]#/etc/rc.conf#: diff --git a/documentation/content/en/books/handbook/firewalls/_index.po b/documentation/content/en/books/handbook/firewalls/_index.po index 14d6b5b4b0c7..b7738a80aa19 100644 --- a/documentation/content/en/books/handbook/firewalls/_index.po +++ b/documentation/content/en/books/handbook/firewalls/_index.po @@ -183,8 +183,8 @@ msgstr "" #: documentation/content/en/books/handbook/firewalls/_index.adoc:103 msgid "" "To lookup unknown port numbers, refer to [.filename]#/etc/services#. " -"Alternatively, visit http://en.wikipedia.org/wiki/" -"List_of_TCP_and_UDP_port_numbers[http://en.wikipedia.org/wiki/" +"Alternatively, visit https://en.wikipedia.org/wiki/" +"List_of_TCP_and_UDP_port_numbers[https://en.wikipedia.org/wiki/" "List_of_TCP_and_UDP_port_numbers] and do a port number lookup to find the " "purpose of a particular port number." msgstr "" diff --git a/documentation/content/en/books/handbook/geom/_index.adoc b/documentation/content/en/books/handbook/geom/_index.adoc index 7d6a0b528c07..f26ed8a874c1 100644 --- a/documentation/content/en/books/handbook/geom/_index.adoc +++ b/documentation/content/en/books/handbook/geom/_index.adoc @@ -338,7 +338,7 @@ Reboot the system to test the new mirror and verify that all data has been copie The BIOS will see the mirror as two individual drives rather than a mirror. Since the drives are identical, it does not matter which is selected to boot. -See crossref:geom[gmirror-troubleshooting] if there are problems booting. +See crossref:geom[gmirror-troubleshooting, Troubleshooting] if there are problems booting. Powering down and disconnecting the original [.filename]#ada0# disk will allow it to be kept as an offline backup. In use, the mirror will behave just like the original single drive. @@ -556,7 +556,7 @@ Each file system dumped with `dump -L` will create a snapshot first, which can t Restart the system, booting from [.filename]#ada1#. If everything is working, the system will boot from [.filename]#mirror/gm0#, which now contains the same data as [.filename]#ada0# had previously. -See crossref:geom[gmirror-troubleshooting] if there are problems booting. +See crossref:geom[gmirror-troubleshooting, Troubleshooting] if there are problems booting. At this point, the mirror still consists of only the single [.filename]#ada1# disk. @@ -683,7 +683,7 @@ The mirror is told to forget drives that are not currently connected: .... Any old metadata should be cleared from the replacement disk using the -instructions in crossref:geom[geom-mirror-metadata]. +instructions in crossref:geom[geom-mirror-metadata, Metadata Issues]. Then the replacement disk, [.filename]#ada4# for this example, is inserted into the mirror: [source,shell] diff --git a/documentation/content/en/books/handbook/introduction.adoc b/documentation/content/en/books/handbook/introduction.adoc index cd38a714a105..1f8d4c4c6684 100644 --- a/documentation/content/en/books/handbook/introduction.adoc +++ b/documentation/content/en/books/handbook/introduction.adoc @@ -1,7 +1,7 @@ [.abstract-title] Abstract -Welcome to FreeBSD! This handbook covers the installation and day to day use of _FreeBSD {rel141-current}-RELEASE_ and _{rel133-current}-RELEASE_. +Welcome to FreeBSD! This handbook covers the installation and day to day use of _FreeBSD {rel141-current}-RELEASE_ and _{rel134-current}-RELEASE_. This book is the result of ongoing work by many individuals. Some sections might be outdated. Those interested in helping to update and expand this document should send email to the {freebsd-doc}. diff --git a/documentation/content/en/books/handbook/jails/_index.adoc b/documentation/content/en/books/handbook/jails/_index.adoc index 585bc7bb0b77..22fee38e5143 100644 --- a/documentation/content/en/books/handbook/jails/_index.adoc +++ b/documentation/content/en/books/handbook/jails/_index.adoc @@ -405,7 +405,7 @@ Execute the following command to start the jail: # service jail start classic .... -More information on how to manage jails can be found in the section crossref:jails[jail-management]. +More information on how to manage jails can be found in the section crossref:jails[jail-management, Jail Management]. [[thin-jail]] == Thin Jails @@ -515,7 +515,7 @@ Execute the following command to start the jail: .... More information on how to manage jails can be found in the section -crossref:jails[jail-management]. +crossref:jails[jail-management, Jail Management]. [[creating-thin-jail-nullfs]] === Creating a Thin Jail Using NullFS @@ -716,8 +716,8 @@ ifconfig_bridge0="inet 192.168.1.150/24 addm em0 up" The next step is to create the jail as indicated above. -Either the crossref:jails[classic-jail] procedure and the -crossref:jails[thin-jail] procedure can be used. +Either the crossref:jails[classic-jail, Classic Jail (Thick Jail)] procedure and the +crossref:jails[thin-jail, Thin Jails] procedure can be used. The only thing that will change is the configuration in the [.filename]#/etc/jail.conf# file. The path [.filename]#/usr/local/jails/containers/vnet# will be used as an example for the created jail. @@ -790,7 +790,7 @@ Once enabled, it can be started without rebooting by executing the following com .... The next step will be to create a jail as indicated above, for example in -crossref:jails[creating-thin-jail-openzfs-snapshots], but *without* performing the configuration. +crossref:jails[creating-thin-jail-openzfs-snapshots, Creating a Thin Jail Using OpenZFS Snapshots], but *without* performing the configuration. FreeBSD Linux jails require a specific configuration that will be detailed below. Once the jail has been created as explained above, execute the following command to perform required configuration for the jail and start it: diff --git a/documentation/content/en/books/handbook/l10n/_index.adoc b/documentation/content/en/books/handbook/l10n/_index.adoc index 72bed18137f9..418cb756956f 100644 --- a/documentation/content/en/books/handbook/l10n/_index.adoc +++ b/documentation/content/en/books/handbook/l10n/_index.adoc @@ -85,7 +85,7 @@ LanguageCode_CountryCode.Encoding .... The _LanguageCode_ and _CountryCode_ are used to determine the country and the specific language variation. -crossref:l10n[locale-lang-country] provides some examples of __LanguageCode_CountryCode__: +crossref:l10n[locale-lang-country,Common Language and Country Codes] provides some examples of __LanguageCode_CountryCode__: [[locale-lang-country]] .Common Language and Country Codes @@ -332,7 +332,7 @@ To test keymaps without rebooting, use man:kbdmap[1]. The `keychange` entry is usually needed to program function keys to match the selected terminal type because function key sequences cannot be defined in the keymap. Next, set the correct console terminal type in [.filename]#/etc/ttys# for all virtual terminal entries. -crossref:l10n[locale-charset] summarizes the available terminal types.: +crossref:l10n[locale-charset,Defined Terminal Types for Character Sets] summarizes the available terminal types.: [[locale-charset]] .Defined Terminal Types for Character Sets @@ -364,7 +364,7 @@ crossref:l10n[locale-charset] summarizes the available terminal types.: |=== For languages with wide or multibyte characters, install a console for that language from the FreeBSD Ports Collection. -The available ports are summarized in crossref:l10n[locale-console]. +The available ports are summarized in crossref:l10n[locale-console,Available Console from Ports Collection]. Once installed, refer to the port's [.filename]#pkg-message# or man pages for configuration and usage instructions. [[locale-console]] @@ -409,7 +409,7 @@ When configuring Xorg for localization, additional fonts and input methods are a Application specific i18n settings such as fonts and menus can be tuned in [.filename]#~/.Xresources# and should allow users to view their selected language in graphical application menus. The X Input Method (XIM) protocol is an Xorg standard for inputting non-English characters. -crossref:l10n[locale-xim] summarizes the input method applications which are available in the FreeBSD Ports Collection. +crossref:l10n[locale-xim,Available Input Methods] summarizes the input method applications which are available in the FreeBSD Ports Collection. Additional Fcitx and Uim applications are also available. [[locale-xim]] diff --git a/documentation/content/en/books/handbook/mac/_index.adoc b/documentation/content/en/books/handbook/mac/_index.adoc index d324e3f814cc..db0bc164aa5f 100644 --- a/documentation/content/en/books/handbook/mac/_index.adoc +++ b/documentation/content/en/books/handbook/mac/_index.adoc @@ -150,7 +150,7 @@ This may only be done in single-user mode and is not a requirement for the swap [NOTE] ==== Some users have experienced problems with setting the `multilabel` flag on the root partition. -If this is the case, please review crossref:mac[mac-troubleshoot]. +If this is the case, please review crossref:mac[mac-troubleshoot, Troubleshooting the MAC Framework]. ==== Since the multi label policy is set on a per-file system basis, a multi label policy may not be needed if the file system layout is well designed. diff --git a/documentation/content/en/books/handbook/mail/_index.adoc b/documentation/content/en/books/handbook/mail/_index.adoc index 6e4ea0e00f1b..48f58ef4c1ce 100644 --- a/documentation/content/en/books/handbook/mail/_index.adoc +++ b/documentation/content/en/books/handbook/mail/_index.adoc @@ -81,7 +81,7 @@ This application can be a command line program, such as the built-in `mail` util Dozens of graphical programs are also available in the Ports Collection, including Claws Mail, Evolution, and Thunderbird. Some organizations provide a web mail program which can be accessed through a web browser. More information about installing and using a MUA on FreeBSD can be found in -crossref:mail[mail-agents]. +crossref:mail[mail-agents, Mail User Agents]. Mail Transfer Agent (MTA):: The Mail Transfer Agent (MTA) is responsible for receiving incoming mail and delivering outgoing mail. @@ -384,7 +384,7 @@ To install it execute the following command: # pkg install dma .... -Perform the configuration as indicated in crossref:mail[configuring-dragonfly-mail-agent]. +Perform the configuration as indicated in crossref:mail[configuring-dragonfly-mail-agent, Configuring DragonFly Mail Agent (DMA)]. Then change all the entries in the file [.filename]#/etc/mail/mailer.conf# to man:dma[8]: @@ -871,7 +871,6 @@ Enter the ISP's outgoing mail relay in place of `mail.example.com`. Some ISPs call this the "outgoing mail server" or "SMTP server". Make sure to disable Sendmail, including the outgoing mail service. -See crossref:mail[mail-disable-sendmail] for details. package:mail/ssmtp[] has some other options available. Refer to the examples in [.filename]#/usr/local/etc/ssmtp# or the manual page of ssmtp for more information. diff --git a/documentation/content/en/books/handbook/mirrors/_index.adoc b/documentation/content/en/books/handbook/mirrors/_index.adoc index fc806feb0766..fef82f8902d9 100644 --- a/documentation/content/en/books/handbook/mirrors/_index.adoc +++ b/documentation/content/en/books/handbook/mirrors/_index.adoc @@ -356,7 +356,7 @@ For example, the URL `https://git.FreeBSD.org/src.git` specifies the main branch |======================================================= External mirrors maintained by project members are also available; please refer -to the crossref:mirrors[external-mirrors] section. +to the crossref:mirrors[external-mirrors, External mirrors] section. To clone a copy of the FreeBSD system source code repository: diff --git a/documentation/content/en/books/handbook/network-servers/_index.adoc b/documentation/content/en/books/handbook/network-servers/_index.adoc index 03e1ed081041..9150452d7f9d 100644 --- a/documentation/content/en/books/handbook/network-servers/_index.adoc +++ b/documentation/content/en/books/handbook/network-servers/_index.adoc @@ -895,7 +895,7 @@ nis_client_enable="YES" + This line configures the client to provide anyone with a valid account in the NIS server's password maps an account on the client. There are many ways to configure the NIS client by modifying this line. -One method is described in crossref:network-servers[network-netgroups]. +One method is described in crossref:network-servers[network-netgroups, Using Netgroups]. For more detailed reading, refer to the book `Managing NFS and NIS`, published by O'Reilly Media. . To import all possible group entries from the NIS server, add this line to [.filename]#/etc/group#: + diff --git a/documentation/content/en/books/handbook/network/_index.adoc b/documentation/content/en/books/handbook/network/_index.adoc index c2b69cd54f9c..e25cc34640a4 100644 --- a/documentation/content/en/books/handbook/network/_index.adoc +++ b/documentation/content/en/books/handbook/network/_index.adoc @@ -616,7 +616,7 @@ network={ The first step will be to configure the wireless network card to an interface. To find out what wireless network cards are in the system check the section -crossref:network[config-identify-network-adapter]. +crossref:network[config-identify-network-adapter, Identify Network Adapters]. [source,shell] .... diff --git a/documentation/content/en/books/handbook/ports/_index.adoc b/documentation/content/en/books/handbook/ports/_index.adoc index dcfb26e30862..8797672f9b27 100644 --- a/documentation/content/en/books/handbook/ports/_index.adoc +++ b/documentation/content/en/books/handbook/ports/_index.adoc @@ -1307,4 +1307,4 @@ Instead, any fixes and support come from the general community who subscribe to + If there is no response to the email, use Bugzilla to submit a bug report using the instructions in extref:{problem-reports}[Writing FreeBSD Problem Reports]. . Fix it! The extref:{porters-handbook}[Porter's Handbook] includes detailed information on the ports infrastructure so that you can fix the occasional broken port or even submit your own! -. Install the package instead of the port using the instructions in crossref:ports[pkgng-intro]. +. Install the package instead of the port using the instructions in crossref:ports[pkgng-intro, Using pkg for Binary Package Management]. diff --git a/documentation/content/en/books/handbook/printing/_index.adoc b/documentation/content/en/books/handbook/printing/_index.adoc index 5ef36c1b83c6..40482444e26d 100644 --- a/documentation/content/en/books/handbook/printing/_index.adoc +++ b/documentation/content/en/books/handbook/printing/_index.adoc @@ -57,7 +57,7 @@ The data must be delivered to the printer, and must be in a form that the printe Basic printing can be set up quickly. The printer must be capable of printing plain `ASCII` text. -For printing to other types of files, see crossref:printing[printing-lpd-filters]. +For printing to other types of files, see crossref:printing[printing-lpd-filters, Filters]. [.procedure] **** @@ -125,7 +125,7 @@ Starting lpd. [TIP] ==== If both lines do not start at the left border, but "stairstep" instead, see -crossref:printing[printing-lpd-filters-stairstep]. +crossref:printing[printing-lpd-filters-stairstep, Preventing Stairstepping on Plain Text Printers]. ==== + Text files can now be printed with `lpr`. diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc index 8332e314f964..100e4a8f41ed 100644 --- a/documentation/content/en/books/handbook/security/_index.adoc +++ b/documentation/content/en/books/handbook/security/_index.adoc @@ -870,7 +870,7 @@ PubkeyAuthentication yes .... Once the configuration is done, the users will have to send the system administrator their *public key* and these keys will be added in [.filename]#.ssh/authorized_keys#. -The process for generating the keys is described in crossref:security[Key-based Authentication]. +The process for generating the keys is described in crossref:security[security-ssh-keygen, Key-based Authentication]. Then restart the server executing the following command: @@ -880,7 +880,7 @@ Then restart the server executing the following command: .... It is strongly recommended to follow the security improvements indicated in -crossref:security[security-sshd-security-options]. +crossref:security[security-sshd-security-options, SSH Server Security Options]. [[security-sshd-security-options]] === SSH Server Security Options diff --git a/documentation/content/en/books/handbook/serialcomms/_index.adoc b/documentation/content/en/books/handbook/serialcomms/_index.adoc index 05717f630249..bcb2993ca04e 100644 --- a/documentation/content/en/books/handbook/serialcomms/_index.adoc +++ b/documentation/content/en/books/handbook/serialcomms/_index.adoc @@ -103,7 +103,7 @@ The documentation for the hardware should describe the type of cable required. These two types of cables differ in how the wires are connected to the connector. Each wire represents a signal, with the defined signals summarized in -crossref:serialcomms[serialcomms-signal-names]. +crossref:serialcomms[serialcomms-signal-names,RS-232C Signal Names]. A standard serial cable passes all of the RS-232C signals straight through. For example, the "Transmitted Data" pin on one end of the cable goes to the "Transmitted Data" pin on the other end. This is the type of cable used to connect a modem to the FreeBSD system, and is also appropriate for some terminals. @@ -112,8 +112,8 @@ A null-modem cable switches the "Transmitted Data" pin of the connector on one e The connector can be either a DB-25 or a DB-9. A null-modem cable can be constructed using the pin connections summarized in -crossref:serialcomms[nullmodem-db25], crossref:serialcomms[nullmodem-db9], and -crossref:serialcomms[nullmodem-db9-25]. +crossref:serialcomms[nullmodem-db25, DB-25 to DB-25 Null-Modem Cable], crossref:serialcomms[nullmodem-db9,DB-9 to DB-9 Null-Modem Cable], and +crossref:serialcomms[nullmodem-db9-25,DB-9 to DB-25 Null-Modem Cable, DB-9 to DB-25 Null-Modem Cable]. While the standard calls for a straight-through pin 1 to pin 1 "Protective Ground" line, it is often omitted. Some terminals work using only pins 2, 3, and 7, while others require different configurations. When in doubt, refer to the documentation for the hardware. @@ -502,7 +502,7 @@ ttyu3 "/usr/libexec/getty std.115200" dialup off secure When attaching a terminal to one of those ports, modify the default entry to set the required speed and terminal type, to turn the device `on` and, if needed, to change the port's `secure` setting. If the terminal is connected to another port, add an entry for the port. -crossref:serialcomms[ex-etc-ttys] configures two terminals in [.filename]#/etc/ttys#. +crossref:serialcomms[ex-etc-ttys,Configuring Terminal Entries] configures two terminals in [.filename]#/etc/ttys#. The first entry configures a Wyse-50 connected to [.filename]#COM2#. The second entry configures an old computer running Procomm terminal software emulating a VT-100 terminal. The computer is connected to the sixth serial port on a multi-port serial card. @@ -611,7 +611,7 @@ A standard RS-232C serial cable should suffice. FreeBSD needs the RTS and CTS signals for flow control at speeds above 2400 bps, the CD signal to detect when a call has been answered or the line has been hung up, and the DTR signal to reset the modem after a session is complete. Some cables are wired without all of the needed signals, so if a login session does not go away when the line hangs up, there may be a problem with the cable. -Refer to crossref:serialcomms[term-cables-null] for more information about these signals. +Refer to crossref:serialcomms[term-cables-null, Serial Cables and Ports] for more information about these signals. Like other UNIX(R)-like operating systems, FreeBSD uses the hardware signals to find out when a call has been answered or a line has been hung up and to hangup and reset the modem after a call. FreeBSD avoids sending commands to the modem or watching for status reports from the modem. @@ -693,7 +693,7 @@ vq|VH57600|Very High Speed Modem at 57600,8-bit:\ For a slow CPU or a heavily loaded system without 16550A-based serial ports, this configuration may produce `uart` "silo" errors at 57.6 Kbps. The configuration of [.filename]#/etc/ttys# is similar to -crossref:serialcomms[ex-etc-ttys], but a different argument is passed to `getty` and `dialup` is used for the terminal type. +crossref:serialcomms[ex-etc-ttys,Configuring Terminal Entries], but a different argument is passed to `getty` and `dialup` is used for the terminal type. Replace _xxx_ with the process `init` will run on the device: [.programlisting] @@ -1016,7 +1016,7 @@ This section provides a more detailed explanation of the steps needed to setup a . Prepare a serial cable. + Use either a null-modem cable or a standard serial cable and a null-modem adapter. -See crossref:serialcomms[term-cables-null] for a discussion on serial cables. +See crossref:serialcomms[term-cables-null, Serial Cables and Ports] for a discussion on serial cables. . Unplug the keyboard. + Many systems probe for the keyboard during the Power-On Self-Test (POST) and will generate an error if the keyboard is not detected. @@ -1167,7 +1167,7 @@ At the moment, the boot loader has no option equivalent to `-P` in the boot bloc ==== While it is not required, it is possible to provide a `login` prompt over the serial line. To configure this, edit the entry for the serial port in [.filename]#/etc/ttys# -using the instructions in crossref:serialcomms[term-config]. +using the instructions in crossref:serialcomms[term-config, Terminal Configuration]. If the speed of the serial port has been changed, change `std.115200` to match the new setting. ==== diff --git a/documentation/content/en/books/handbook/virtualization/_index.adoc b/documentation/content/en/books/handbook/virtualization/_index.adoc index 808257806219..763a7ce62f3d 100644 --- a/documentation/content/en/books/handbook/virtualization/_index.adoc +++ b/documentation/content/en/books/handbook/virtualization/_index.adoc @@ -4,7 +4,7 @@ part: Part III. System Administration prev: books/handbook/filesystems next: books/handbook/l10n description: Virtualization software allows multiple operating systems to run simultaneously on the same computer -tags: ["virtualization", "Parallels", "VMware", "VirtualBox", "bhyve", "XEN"] +tags: ["virtualization", "Parallels", "VMware", "VirtualBox", "QEMU", "bhyve", "XEN"] showBookMenu: true weight: 28 path: "/books/handbook/virtualization/" @@ -61,6 +61,7 @@ After reading this chapter, you will know: ** Parallels Desktop(Apple(R) macOS(R)) ** VMware Fusion(Apple(R) macOS(R)) ** VirtualBox(TM)(Microsoft(R) Windows(R), Intel(R)-based Apple(R) macOS(R), Linux) +** QEMU(FreeBSD) ** bhyve(FreeBSD) * How to tune a FreeBSD system for best performance under virtualization. @@ -496,6 +497,786 @@ perm pass* 0660 # service devfs restart .... +[[qemu-virtualization-host-guest]] +== Virtualization with QEMU on FreeBSD + +link:https://www.qemu.org[QEMU] is a generic machine emulator and virtualizer that is completely open source software. +It is developed by a large, active community and provides support for FreeBSD, OpenBSD, and NetBSD as well as other operating systems. + +From the link:https://www.qemu.org/docs/master/[QEMU documentation]: + +* QEMU can be used in several different ways. +The most common is for System Emulation, where it provides a virtual model of an entire machine (CPU, memory, and emulated devices) to run a guest OS. +In this mode the CPU may be fully emulated, or it may work with a hypervisor such as `KVM`, `Xen` or `Hypervisor.Framework` to allow the guest to run directly on the host CPU. + +* The second supported way to use QEMU is User Mode Emulation, where QEMU can launch processes compiled for one CPU on another CPU. +In this mode the CPU is always emulated. + +* QEMU also provides a number of standalone command line utilities, such as the man:qemu-img[1] disk image utility that allows one to create, convert, and modify disk images. + +QEMU can emulate a wide number of architectures including `Arm(TM)`, `i386`, `x86_64`, `MIPS(TM)`, `s390X`, `SPARC(TM)` (Sparc(TM) and Sparc64(TM)), and others. +The list of link:https://www.qemu.org/docs/master/system/targets.html#system-targets-ref[QEMU System Emulator Targets] is regularly kept up to date. + +This section describes how to use QEMU for both System Emulation and User Mode Emulation on FreeBSD, and provides examples of using QMEU commands and command line utilities. + +[[qemu-installing-qemu-software]] +=== Installing QEMU Software +QEMU is available as a FreeBSD package or as a port in package:emulators/qemu[]. +The package build includes sane options and defaults for most users and is the recommended method of installation. + +[source,shell] +.... +# pkg install qemu +.... + +The package installation includes several dependencies. +Once the installation is complete, create a link to the host version of QEMU that will be used most often. +If the host is an Intel(TM) or AMD(TM) 64 bit system that will be: + +[source,shell] +.... +# ln -s /usr/local/bin/qemu-system-x86_64 /usr/local/bin/qemu +.... + +Test the installation by running the following command as a non-root user: + +[source,shell] +.... +% qemu +.... +This brings up a window with QEMU actively trying to boot from hard disk, floppy disk, DVD/CD, and PXE. +Nothing has been set up yet, so the command will produce several errors and end with "No bootable device" as shown in Figure xref:qemu-nullboot[{counter:figure}]. +However, it does show that the QEMU software has been installed correctly. + +[[qemu-nullboot]] +.QEMU with no bootable image +image::qemu-freebsd01.png[QEMU with no bootable image] + +[[qemu-virtual-machine-install]] +=== Virtual Machine Install + +[NOTE] +==== +QEMU is under very active development. +Features and command options can change from one version to the next. +This section provides examples developed with QEMU version 9.0.1 (Summer, 2024). +When in doubt, always consult the link:https://www.qemu.org/docs/master/[QEMU Documentation] particularly the link:https://www.qemu.org/docs/master/about/index.html[About QEMU] page which has links to supported build platforms, emulation, deprecated features, and removed features. +==== + +Follow the steps below to create two virtual machines named "*left*", and "*right*". +Most commands can be performed without root privileges. + +. Create a test environment to work with QEMU: ++ +[source,shell] +.... +% mkdir -p ~/QEMU ~/QEMU/SCRIPTS ~/QEMU/ISO ~/QEMU/VM +.... ++ +The [.filename]#SCRIPTS# directory is for startup scripts and utilities. +The [.filename]#ISO# directory is for the guest ISO boot images. +The [.filename]#VM# directory is where the virtual machine images (`VMs`) will reside. + +. Download a recent copy of FreeBSD into [.filename]#~/QEMU/ISO#: ++ +[source,shell] +.... +% cd ~/QEMU/ISO +% fetch https://download.freebsd.org/releases/ISO-IMAGES/14.1/FreeBSD-14.1-RELEASE-amd64-bootonly.iso +.... ++ +Once the download is complete create a shorthand link. +This shorthand link is used in the startup scripts below. ++ +[source,shell] +.... +% ln -s FreeBSD-14.1-RELEASE-amd64-bootonly.iso fbsd.iso +.... +. Change directory to the location for virtual machines ([.filename]#~/QEMU/VM#). +Run man:qemu-img[1] to create the disk images for the “left” VM: ++ +[source,shell] +.... +% cd ~/QEMU/VM +% qemu-img create -f raw left.img 15G +.... ++ +The QEMU `raw` format is designed for performance. +The format is straightforward and has no overhead which makes it faster, especially for high performance or high throughput scenarios. +The use case is for maximum performance where no additional features, such as snapshots, are needed. +This format is used in the script for the "left" VM below. ++ +A separate format is `qcow2` which uses QEMU's "copy on write" technique for managing disk space. +This technique does not require a complete 15G disk, just a stub version that is managed directly by the VM. +The disk grows dynamically as the VM writes to it. +This format supports snapshots, compression, and encryption. +The use case for this format is for development, testing, and scenarios with the need of these advanced features. +This format is used in the script for the "right" VM below. ++ +Run man:qemu-img[1] again to create the disk image for the "right" VM using `qcow2`: ++ +[source,shell] +.... +% qemu-img create -f qcow2 -o preallocation=full,cluster_size=512K,lazy_refcounts=on right.qcow2 20G +.... ++ +To see the actual size of the file use: ++ +[source,shell] +.... +% du -Ah right.qcow2 +.... ++ +. Set up networking for both virtual machines with the following commands. +In this example the host network interface is `em0`. +If necessary, change it to fit the interface for the host system. +This must be done after every host machine restart to enable the QEMU guest VMs to communicate. ++ +[source,shell] +.... +# ifconfig tap0 create +# ifconfig tap1 create +# sysctl net.link.tap.up_on_open=1 +net.link.tap.up_on_open: 0 -> 1 +# sysctl net.link.tap.user_open=1 +net.link.tap.user_open: 0 -> 1 +# ifconfig bridge0 create +# ifconfig bridge0 addm tap0 addm tap1 addm em0 +# ifconfig bridge0 up +.... ++ +The above commands create two man:tap[4] devices (`tap0`, `tap1`) and one man:if_bridge[4] device (`bridge0`). +Then, they add the `tap` devices and the local host interface (`em0`) to the `bridge`, and set two man:sysctl[8] entries to allow for normal users to open the tap device. +These commands will allow the virtual machines to talk to the network stack on the host. ++ +. Change to [.filename]#~/QEMU/SCRIPTS#, use the following script to start the first virtual machine, "left". +This script uses the QEMU raw disk format. ++ +[.programlisting] +.... +/usr/local/bin/qemu-system-x86_64 -monitor none \ + -cpu qemu64 \ + -vga std \ + -m 4096 \ + -smp 4 \ + -cdrom ../ISO/fbsd.iso \ + -boot order=cd,menu=on \ + -blockdev driver=file,aio=threads,node-name=imgleft,filename=../VM/left.img \ + -blockdev driver=raw,node-name=drive0,file=imgleft \ + -device virtio-blk-pci,drive=drive0,bootindex=1 \ + -netdev tap,id=nd0,ifname=tap0,script=no,downscript=no,br=bridge0 \ + -device e1000,netdev=nd0,mac=02:20:6c:65:66:74 \ + -name \"left\" +.... + +[TIP] +==== +Save the above into a file (for example `left.sh`) and simply run: % `/bin/sh left.sh` +==== + +QEMU will start up a virtual machine in a separate window and boot the FreeBSD iso as shown in Figure xref:qemu-newboot-loader-menu[{counter:figure}]. +All command options such as `-cpu` and `-boot` are fully described in the QEMU man page man:qemu[1]. + +[[qemu-newboot-loader-menu]] +.FreeBSD Boot Loader Menu +image::qemu-freebsd02.png[The FreeBSD loader menu.] + +[TIP] +==== +If the mouse is clicked in the QEMU console window, QEMU will “grab” the mouse as shown in Figure xref:qemu-grab[{counter:figure}]. +Type kbd:[Ctl]+kbd:[Alt]+kbd:[G]” to release the mouse. +==== + +[[qemu-grab]] +.When QEMU Has Grabbed the Mouse +image::qemu-freebsd03.png[When QEMU has grabbed the mouse] + +[NOTE] +==== +On FreeBSD, an initial QEMU installation can be somewhat slow. +This is because the emulator writes filesystem formatting and metadata during the disk first use. +Subsequent operations are generally much faster. +==== + +During the installation there are several points to note: + +* Select to use UFS as the filesystem. +ZFS does not perform well with small memory sizes. +* For networking use DHCP. +If desired, configure IPv6 if supported by the local LAN. +* When adding the default user, ensure they are a member of the *wheel* group. + +Once the installation completes, the virtual machine reboots into the newly installed FreeBSD image. + +Login as `root` and update the system as follows: + +[source,shell] +.... +# freebsd-update fetch install +# reboot +.... + +[NOTE] +==== +After a successful installation, QEMU will boot the operating system installed on the disk, and not the installation program. +==== + +[NOTE] +==== +QEMU supports a ```-runas``` option. +For added security, include the option "-runas your_user_name" in the script listing above. +See man:qemu[1] for details. +==== + +Login as `root` again and add any packages desired. +To utilize the X Window system in the guest, see the section "Using the X Window System" below. + +This completes the setup of the "left" VM. + +To install the "right" VM, run the following script. +This script has the modifications needed for tap1, format=qcow2, the image filename, the MAC address, and the terminal window name. +If desired, include the "-runas" parameter as described in the above note. + +[.programlisting] +.... + +/usr/local/bin/qemu-system-x86_64 -monitor none \ + -cpu qemu64 \ + -vga cirrus \ + -m 4096 -smp 4 \ + -cdrom ../ISO/fbsd.iso \ + -boot order=cd,menu=on \ + -drive if=none,id=drive0,cache=writeback,aio=threads,format=qcow2,discard=unmap,file=../VM/right.qcow2 \ + -device virtio-blk-pci,drive=drive0,bootindex=1 \ + -netdev tap,id=nd0,ifname=tap1,script=no,downscript=no,br=bridge0 \ + -device e1000,netdev=nd0,mac=02:72:69:67:68:74 \ + -name \"right\" +.... + +Once the installation is complete, the "left" and "right" machines can communicate with each other and with the host. +If there are strict firewall rules on the host, consider adding or modifying rules to allow the bridge and tap devices to communicate with each other. + +[[qemu-usage-tips]] +=== Usage Tips +[[qemu-setting-up-x-windows]] +==== Using the X Window System + +crossref:x11[x11,Installing Xorg] describes how to set up the `X Window` system. +Refer to that guide for initial `X Window` setup then consult crossref:desktop[desktop,Desktop Environments] on how to set up a complete desktop. + +This section demonstrates use of the XFCE desktop. + +Once the installation is complete, login as a regular user, then type: + +[source,shell] +.... +% startx +.... + +The XFCE4 window manager should start up and present a functioning graphical desktop as in Figure xref:qemu-two-qemu[{counter:figure}]. +On initial startup, it may take up to a minute to display the desktop. +See the documentation at the link:https://www.xfce.org[XFCE website] for usage details. +[[qemu-two-qemu]] +.Both QEMU VMs +image::qemu-freebsd04.png[Both QEMU VMs] + +[TIP] +==== +Adding more memory to the guest system may speed up the graphical user interface. +==== + +Here, the "left" VM has had the `X Window` system installed, while the "right" VM is still in text mode. + +[[qemu-using-qemu-window]] +==== Using the QEMU Window + +The QEMU window functions as a full FreeBSD console, and is capable of running multiple virtual terminals, just like a bare-metal system. + +To switch to another virtual console, click into the QEMU window and type kbd:[Alt+F2] or kbd:[Alt+F3]. +FreeBSD should switch to another virtual console. +Figure xref:qemu-console-ttyv3[{counter:figure}] shows the "left" VM displaying the virtual console on `ttyv3`. +[[qemu-console-ttyv3]] +.Switching to Another Virtual Console in the QEMU Window +image::qemu-freebsd05.png[Switching to Another Virtual Console in the QEMU Window] + +[TIP] +==== +The host current desktop manager or window manager may be already setup for another function with the kbd:[Alt+F1], kbd:[Alt+F2] key sequences. +If so, try typing kbd:[Ctl+Alt+F1], kbd:[Ctl+Alt+F2], or some other similar key combination. +Check the window manager or desktop manager documentation for details. +==== + +[[qemu-using-qemu-window-menus]] +==== Using the QEMU Window Menus + +Another feature of the QEMU window is the `View` menu and the Zoom controls. +The most useful is `Zoom to Fit`. +When this menu selection is clicked, it is then possible to resize the QEMU window by clicking the window corner controls and resizing the window. +Figure xref:qemu-zoom-to-fit[{counter:figure}] shows the effect of resizing the "left" window while in graphics mode. + +[[qemu-zoom-to-fit]] +.Using the View Menu `Zoom to Fit` Option +image::qemu-freebsd06.png[Using the View Menu `Zoom to Fit` Option] + +[[qemu-other-qemu-window-menu-options]] +==== Other QEMU Window Menu Options + +Also shown in the `View` menu are + +* `cirrus-vga`, `serial0`, and `parallel0` options. +These allow for switching input/output to the selected device. + +The QEMU window `Machine` menu allows for four types of control over the guest VM: + +* `Pause` allows for pausing the QEMU virtual machine. +This may be helpful in freezing a fast scrolling window. +* `Reset` immediately resets the virtual machine back at cold "power on" state. +As with a real machine, it is not recommended unless absolutely necessary. +* `Power Down` simulates an ACPI shutdown signal and the operating system goes through a graceful shutdown. +* `Quit` powers off the virtual machine immediately - also not recommended unless necessary. + +[[qemu-adding-serial-port-to-guest-vm]] +=== Adding a Serial Port Interface to a Guest VM + +To implement a serial console, a guest VM running FreeBSD needs to insert +[.programlisting] +.... +console="comconsole" +.... +in [.filename]#/boot/loader.conf# to allow the use of the FreeBSD serial console. + +The updated configuration below shows how to implement the serial console on the guest VM. +Run the script to start the VM. +[.programlisting] +.... +# left+serial.sh +echo +echo "NOTE: telnet startup server running on guest VM!" +echo "To start QEMU, start another session and telnet to localhost port 4410" +echo + +/usr/local/bin/qemu-system-x86_64 -monitor none \ + -serial telnet:localhost:4410,server=on,wait=on\ + -cpu qemu64 \ + -vga std \ + -m 4096 \ + -smp 4 \ + -cdrom ../ISO/fbsd.iso \ + -boot order=cd,menu=on \ + -blockdev driver=file,aio=threads,node-name=imgleft,filename=../VM/left.img \ + -blockdev driver=raw,node-name=drive0,file=imgleft \ + -device virtio-blk-pci,drive=drive0,bootindex=1 \ + -netdev tap,id=nd0,ifname=tap0,script=no,downscript=no,br=bridge0 \ + -device e1000,netdev=nd0,mac=02:20:6c:65:66:74 \ + -name \"left\" +.... +[[qemu-left-serial-port]] +.Enabling a Serial Port over TCP +image::qemu-freebsd07.png[] + +In Figure xref:qemu-left-serial-port[{counter:figure}], the serial port is redirected to a TCP port on the host system at VM startup and the QEMU monitor waits (`wait=on`) to activate the guest VM until a man:telnet[1] connection occurs on the indicated localhost port. +After receiving a connection from a separate session, the FreeBSD system starts booting and looks for a console directive in [.filename]#/boot/loader.conf#. +With the directive "console=comconsole", FreeBSD starts up a console session on a serial port. +The QEMU monitor detects this and directs the necessary character I/O on that serial port to the telnet session on the host. +The system boots and once finished, login prompts are enabled on the serial port (`ttyu0`) and on the console (`ttyv0`). + +It is important to note that the this serial redirect over TCP takes place outside the virtual machine. +There is no interaction with any network on the virtual machine and therefore it is not subject to any firewall rules. +Think of it like a dumb terminal sitting on an RS-232 or USB port on a real machine. + +[[qemu-notes-on-serial-console]] +==== Notes on Using the Serial Console + +On the serial console, if the window is resized, execute man:resizewin[1] to update the terminal size. + +It may be desirable (even necessary) to stop syslog message from being sent to the console (both the QEMU console and the serial port). +Consult man:syslog.conf[5] for details on redirecting console messages. + +[NOTE] +==== +Once the [.filename]#/boot.loader.conf# has been updated to permit a serial console, +the guest VM will attempt to boot from the serial port every time. +Ensure that the serial port is enabled as shown in the listing above, or update the [.filename]#/boot/loader.conf# file to not require a serial console. +==== + +[[qemu-user-mode-emulation]] +=== QEMU User Mode Emulation + +QEMU also supports running applications that are precompiled on an architecture different from the host CPU. +For example, it is possible to run a Sparc64 architecture operating system on an x86_64 host. +This is demonstrated in the next section. + +[[qemu-sparc64-user-mode-emulation]] +==== Setting up a SPARC64 Guest VM on an x86_64 Host + +Setting up a new VM with an architecture different from the host involves several steps: + +* Getting the software that will run on the guest VM +* Creating a new disk image for the guest VM +* Setting up a new QEMU script with the new architecture +* Performing the install + +In the following procedure a copy of OpenBSD 6.8 SPARC64 software is used for this QEMU User Mode Emulation exercise. + +[NOTE] +==== +Not all versions of OpenBSD Sparc64 work on QEMU. +OpenBSD version 6.8 is known to work and was selected as the example for this section. +==== + +. Download OpenBSD 6.8 Sparc64 from an OpenBSD archive. ++ +On the OpenBSD download sites, only the most current versions are maintained. +It is necessary to search an archive to obtain past releases. ++ +[source,shell] +.... +% cd ~/QEMU/ISO +% fetch https://mirror.planetunix.net/pub/OpenBSD-archive/6.8/sparc64/install68.iso +.... + +. Creating a new disk image for the Sparc64 VM is similar to the "right" VM above. +This case uses the QEMU qcow2 format for the disk: ++ +[source,shell] +.... +% cd ~/QEMU/VM +qemu-img create -f qcow2 -o preallocation=full,lazy_refcounts=on sparc64.qcow2 16G +.... + +. Use the script below for the new Sparc64 architecture. +As with above example, run the script, then start a new session and `telnet` to localhost on the port indicated: ++ +[.programlisting] +.... +echo +echo "NOTE: telnet startup server running on guest VM!" +echo "To start QEMU, start another session and telnet to localhost port 4410" +echo + +/usr/local/bin/qemu-system-sparc64 \ + -serial telnet:localhost:4410,server=on,wait=on \ + -machine sun4u,usb=off \ + -smp 1,sockets=1,cores=1,threads=1 \ + -rtc base=utc \ + -m 1024 \ + -boot d \ + -drive file=../VM/sparc64.qcow2,if=none,id=drive-ide0-0-1,format=qcow2,cache=none \ + -cdrom ../ISO/install68.iso \ + -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-1,id=ide0-0-1 \ + -msg timestamp=on \ + -net nic,model=sunhme -net user \ + -nographic \ + -name \"sparc64\" +.... + +Note the following: + +* The `-boot d` option boots from the QEMU CDROM device which is set as `-cdrom ../ISO/install68.iso`. +* As before, the `telnet` server option is set to wait for a separate connection on port 4410. +Start up another session and use man:telnet[1] to connect to localhost on port 4410. +* The script sets the `-nographic` option meaning there is only serial port I/O. +There is no graphical interface. +* Networking is not set up through the man:tap[4] / man:if_bridge[4] combination. +This example uses a separate method of QEMU networking known as "Serial Line Internet Protocol" (SLIRP), sometimes referred to as "User Mode Networking". +Documentation on this and other QEMU networking methods is here: link:https://wiki.qemu.org/Documentation/Networking[QEMU Networking Documentation] + +If everything is set correctly, the system will boot as shown in Figure xref:qemu-sparc64-boot-cdrom-installation[{counter:figure}]. +[[qemu-sparc64-boot-cdrom-installation]] +.QEMU Booting OpenBSD 6.8 Sparc64 from CDROM During User Mode Emulation +image::qemu-freebsd08.png[] + +Once the system is installed, modify the script and change the boot parameter to `-boot c`. +This will indicate to QEMU to boot from the supplied hard disk, not the CDROM. + +The installed system can be used just like any other guest virtual machine. +However, the underlying architecture of the guest is Sparc64, not x86_64. + +[TIP] +==== +If the system is halted at the OpenBios console prompt `0 >`, enter `power-off` to exit the system. +==== +Figure xref:qemu-sparc64-login-to-installed-system[{counter:figure}] shows a root login to the installed system and running man:uname[1]. + +[[qemu-sparc64-login-to-installed-system]] +.QEMU Booting from CDROM During User Mode Emulation +image::qemu-freebsd09.png[] + +[[qemu-using-qemu-monitor]] +=== Using the QEMU Monitor + +The link:https://www.qemu.org/docs/master/system/monitor.html[QEMU monitor] controls a running QEMU emulator (guest VM). + +Using the monitor, it is possible to: + +* Dynamically remove or insert devices, including disks, network interfaces, CD-ROMs, or floppies +* Freeze/unfreeze the guest VM, and save or restore its state from a disk file +* Gather information about the state of the VM and devices +* Change device settings on the fly + +As well as many other operations. + +The most common uses of the monitor are to examine the state of the VM, and to add, delete, or change devices. +Some operations such as migrations are only available under hypervisor accelerators such as KVM, Xen, etc. and are not supported on FreeBSD hosts. + +When using a graphical desktop environment, the simplest way to use the QEMU monitor is the `-monitor stdio` option when launching QEMU from a terminal session. + +[.programlisting] +.... +# /usr/local/bin/qemu-system-x86_64 -monitor stdio \ + -cpu qemu64 \ + -vga cirrus \ + -m 4096 -smp 4 \ + ... +.... + +This results in a new prompt `(qemu)` in the terminal window as shown in Figure xref:qemu-monitor-operation[{counter:figure}]. + +[[qemu-monitor-operation]] +.QEMU Monitor Prompt and "stop" Command +image::qemu-freebsd13.png[] + +The image also shows the `stop` command freezing the system during the FreeBSD boot sequence. +The system will remain frozen until the `cont` command is entered in the monitor. + +[[qemu-adding-new-disk]] +==== Adding a New Disk to the VM + +To add a new disk to a running VM, the disk needs to be prepared as above: + +[source, shell] +.... +% cd ~/QEMU/VM +% qemu-img create -f raw new10G.img 10G +.... + +Figure xref:qemu-add-new-disk-figure[{counter:figure}] shows the monitor command sequence needed to add a new disk in the VM. +Once the device has been added with the `device_add` command in the monitor it shows up on the FreeBSD system console shown in the lower part of the figure. +The disk can be configured as needed. + +Note that the new disk must be added to the startup script if it is to be used after a VM reboot. + +[[qemu-add-new-disk-figure]] +.QEMU Monitor Commands to Add a New Disk +image::qemu-freebsd14.png[] + +[[qemu-using-monitor-manage-snapshots]] +==== Using the QEMU Monitor to Manage Snapshots + +QEMU's documentation describes several similar concepts when using the term *snapshot*. +There is the `-snapshot` option on the command line which refers to using a drive or portion of a drive to contain a copy of a device. +Then there are the monitor commands `snapshot_blkdev` and `snapshot_blkdev_internal` which describe the actual act of copying the blockdev device. +Finally, there are the monitor commands `savevm`, `loadvm`, and `delvm` commands which refer to creating and saving, loading, or deleting a copy of an entire virtual machine. +Along with the latter, the monitor `info snapshots` command lists out details of recent snapshots. + +This section will focus on creating, saving, and loading a complete VM image and will use the term *snapshot* for this purpose. + +To start, recreate the "left" VM from scratch, this time using the `qcow2` format. + +[source, shell] +.... +% cd ~/QEMU/VM +% rm left.img +% qemu-img create -f qcow2 left.qcow2 16G # Clean file for a new FreeBSD installation. +% cd ../SCRIPTS +# /bin/sh left.sh # See the below program listing. +.... + +Once the installation is complete, reboot, this time using the `-monitor stdio` option to allow use of the monitor. + +[.programlisting] +.... +# left VM script. +/usr/local/bin/qemu-system-x86_64 -monitor stdio \ + -cpu qemu64 \ + -vga std \ + -m 4096 \ + -smp 4 \ + -cdrom ../ISO/fbsd.iso \ + -boot order=cd,menu=on \ + -blockdev driver=file,aio=threads,node-name=imgleft,filename=../VM/left.qcow2 \ + -blockdev driver=qcow2,node-name=drive0,file=imgleft \ + -device virtio-blk-pci,drive=drive0,bootindex=1 \ + -netdev tap,id=nd0,ifname=tap0,script=no,downscript=no,br=bridge0 \ + -device e1000,netdev=nd0,mac=02:20:6c:65:66:74 \ + -name \"left\" +.... + +To demonstrate snapshots, the following procedure can be used: + +. Install FreeBSD from scratch +. Prepare the environment and take a snapshot with the `savevm` monitor command +. Install several packages +. Shut down the system +. Restart a bare QEMU instance and utilize the monitor command `loadvm` to restore the VM +. Observe that the restored VM does not have any packages + +During the "Prepare the environment" step, in a separate virtual console (ttyv1), an editing session with man:vi[1] is initiated simulating user activity. +Additional programs may be started if desired. +The snapshot should account for the state of all applications running at the time the snapshot is taken. + +Figure xref:qemu-using-monitor-snapshots[{counter:figure}] shows the newly installed FreeBSD system with no packages, and separately, the editing session on ttyv1. +The man:vi[1] editor is currently in `insert` mode with the typist typing the word "broadcast". + +[[qemu-using-monitor-snapshots]] +.QEMU VM Before First Snapshot +image::qemu-freebsd15.png[] + +To generate the snapshot, enter `savevm` in the monitor. +Be sure to give it a tag (such as `original_install`). + +[source,shell] +.... +QEMU 9.0.1 monitor - type 'help' for more information +(qemu) +(qemu) savevm original_install +.... + +Next, in the main console window, install a package, such as man:zip[1] which has no dependencies. +Once that completes, renter the monitor and create another snapshot (`snap1_pkg+zip`). + +Figure xref:qemu-after-monitor-snapshots[{counter:figure}] shows the results of the above commands and the output of the `info shapshots` command. + +[[qemu-after-monitor-snapshots]] +.QEMU Using Monitor Commands for Snapshots +image::qemu-freebsd16.png[] + +Reboot the system, and before FreeBSD starts up, switch to the monitor and enter `stop`. +The VM will stop. + +Enter `loadvm` with the tag you used above (here `original_install`). + +[source, shell] +.... +QEMU 9.0.1 monitor - type 'help' for more information +(qemu) stop +(qemu) loadvm original_install +(qemu) cont +.... + +Immediately, the VM screen will switch to the exact moment the `savevm` command was entered above. +Note that the VM is still stopped. + +Enter `cont` to start the VM, switch to the editing session on `ttyv1`, and type one letter on the keyboard. +The editor, still in insert mode, should respond accordingly. +Any other programs running at the time the snapshot was taken should be unaffected. + +The above steps show how a snapshot can be taken, the system modified, and then "rolled back" by restoring the previous snapshot. + +By default QEMU stores snapshot data in the same file as the image. +View the list of snapshots with man:qemu-img[1] as shown below in Figure xref:qemu-examine-monitor-snapshots[{counter:figure}]. + +[[qemu-examine-monitor-snapshots]] +.QEMU Using man:qemu-img[1] to Examine Snapshots +image::qemu-freebsd17.png[] + +[[qemu-using-qemu-usb-devices]] +=== Using QEMU USB Devices + +QEMU supports the creation of virtual USB devices that are backed by an image file. +These are virtual USB devices that can be partitioned, formatted, mounted, and used just like a real USB device. + +[.programlisting] +.... +/usr/local/bin/qemu-system-x86_64 -monitor stdio \ + -cpu qemu64 \ + -vga cirrus \ + -m 4096 -smp 4 \ + -cdrom ../ISO/fbsd.iso \ + -boot order=cd,menu=on \ + -drive if=none,id=usbstick,format=raw,file=../VM/foo.img \ + -usb \ + -device usb-ehci,id=ehci \ + -device usb-storage,bus=ehci.0,drive=usbstick \ + -device usb-mouse \ + -blockdev driver=file,node-name=img1,filename=../VM/right.qcow2 \ + -blockdev driver=qcow2,node-name=drive0,file=img1 \ + -device virtio-blk-pci,drive=drive0,bootindex=1 \ + -netdev tap,id=nd0,ifname=tap1,script=no,downscript=no,br=bridge0 \ + -device e1000,netdev=nd0,mac=02:72:69:67:68:74 \ + -name \"right\" +.... + +This configuration includes a `-drive` specification with the `id=usbstick`, raw format, and an image file (must be created by man:qemu-img[1]). +The next line contains the `-device usb-ehci` specification for a USB EHCI controller, with `id=ehci`. +Finally, a `-device usb-storage` specification ties the above drive to the EHCI USB bus. + +When the system is booted, FreeBSD will recognize a USB hub, add the attached USB device, and assign it to `da0` as shown in Figure xref:qemu-usb-internal-storage[{counter:figure}]. + +[[qemu-usb-internal-storage]] +.QEMU Created USB Hub and Mass Storage Device +image::qemu-freebsd12.png[] + +The device is ready to be partitioned with man:gpart[8], and formatted with man:newfs[8]. +Because the USB device is backed by a man:qemu-img[1] created file, data written to the device will persist across reboots. + +[[qemu-using-host-usb-devices]] +=== Using Host USB Devices via Passthrough + +QEMU USB passthrough support is listed as experimental in version 9.0.1 (Summer, 2024). +However, the following steps show how a USB stick mounted on the host can be used by the guest VM. + +For more information and examples, see: + +* link:https://www.qemu.org/docs/master/system/devices/usb.html[] + +The upper part of Figure xref:qemu-usb-passthrough[{counter:figure}] shows the QEMU monitor commands: + +* `info usbhost` shows information about all USB devices on the host system. +Find the desired USB device on the host system and note the two hexadecimal values on that line. +(In the example below the host USB device is a Memorex Mini, with vendorid 0718, and productid 0619.) +Use the two values shown by the `info usbhost` command in the `device_add` step below. +* `device_add` adds a USB device to the guest VM. + +[[qemu-usb-passthrough]] +.QEMU Monitor Commands to Access a USB Device on the Host +image::qemu-freebsd18.png[] + +As before, once `device_add` completes, the FreeBSD kernel recognizes a new USB device, as shown in the lower half of the Figure. + +Using the new device is shown in Figure xref:qemu-usb-passthrough2[{counter:figure}]. + +[[qemu-usb-passthrough2]] +.Using the Host USB Device via Passthrough +image::qemu-freebsd19.png[] + +If the USB device is formatted as a FAT16 or FAT32 filesystem it can be mounted as an MS-DOS(TM) filesystem with man:mount_msdosfs[8] as in the example shown. +The `/etc/hosts` file is copied to the newly mounted drive and checksums are taken to verify the integrity of the file on the USB device. +The device is then unmounted with man:umount[8]. + +If the USB device is formatted with NTFS it is necessary to install the `fusefs-ntfs` package and use man:ntfs-3g[8] to access the device: + +[source, shell] +.... +# pkg install fusefs-ntfs +# kldload fusefs +# gpart show da1 +# ntfs-3g /dev/da1s1 /mnt + +Access the drive as needed. When finished: + +# umount /mnt +.... + +Change the above device identifiers to match the installed hardware. +Consult man:ntfs-3g[8] for additional information on working with NTFS filesystems. + +[[qemu-summary]] +=== QEMU on FreeBSD Summary + +As noted above, QEMU works with several different hypervisor accelerators. + +The list of link:https://www.qemu.org/docs/master/system/introduction.html#virtualisation-accelerators[Virtualization Accelerators] supported by QEMU includes: + +* `KVM` on Linux supporting 64 bit Arm, MIPS, PPC, RISC-V, s390x, and x86 +* `Xen` on Linux as dom0 supporting Arm, x86 +* `Hypervisor Framework (hvf)` on MacOS supporting x86 and Arm (both 64 bit only) +* `Windows Hypervisor Platform (whpx)` on Windows supporting x86 +* `NetBSD Virutal Machine Monitor (nvmm)` on NetBSD supporting x86 +* `Tiny Code Generator (tcg)` on Linux and other POSIX, Windows, MacOS supporting Arm, x86, Loongarch64, MIPS, PPC, s390x, and Sparc64. + +All the examples in this section used the `Tiny Code Generator (tcg)` accelerator as that is the only supported accelerator on FreeBSD at present. + [[virtualization-host-bhyve]] == FreeBSD as a Host with bhyve @@ -602,7 +1383,7 @@ Now the guest can be started from the virtual disk: [[virtualization-bhyve-linux]] === Creating a Linux(R) Guest -Linux guests can be booted either like any other regular crossref:virtualization[virtualization-bhyve-uefi,"UEFI-based guest"] virtual machine, or alternatively, you can make use of the package:sysutils/grub2-bhyve[] port. +Linux guests can be booted either like any other regular crossref:virtualization[virtualization-bhyve-uefi,"UEFI-based guest"] virtual machine, or alternatively, you can make use of the package:sysutils/grub2-bhyve[] port. To do this, first ensure that the port is installed, then create a file to use as the virtual disk for the guest machine: @@ -1482,7 +2263,7 @@ Note that not all features are supported on FreeBSD yet. === Hardware Requirements for Xen(TM) Dom0 To run the Xen(TM) hypervisor on a host, certain hardware functionality is required. -Hardware virtualized domains require Extended Page Table (http://en.wikipedia.org/wiki/Extended_Page_Table[EPT]) and Input/Output Memory Management Unit (http://en.wikipedia.org/wiki/List_of_IOMMU-supporting_hardware[IOMMU]) support in the host processor. +Hardware virtualized domains require Extended Page Table (https://en.wikipedia.org/wiki/Extended_Page_Table[EPT]) and Input/Output Memory Management Unit (https://en.wikipedia.org/wiki/List_of_IOMMU-supporting_hardware[IOMMU]) support in the host processor. [NOTE] ==== diff --git a/documentation/content/en/books/handbook/virtualization/_index.po b/documentation/content/en/books/handbook/virtualization/_index.po index 342585c9fc9f..43c4dcc26f0f 100644 --- a/documentation/content/en/books/handbook/virtualization/_index.po +++ b/documentation/content/en/books/handbook/virtualization/_index.po @@ -2964,7 +2964,7 @@ msgid "" "To run the Xen(TM) hypervisor on a host, certain hardware functionality is " "required. Hardware virtualized domains require Extended Page Table (http://" "en.wikipedia.org/wiki/Extended_Page_Table[EPT]) and Input/Output Memory " -"Management Unit (http://en.wikipedia.org/wiki/List_of_IOMMU-" +"Management Unit (https://en.wikipedia.org/wiki/List_of_IOMMU-" "supporting_hardware[IOMMU]) support in the host processor." msgstr "" diff --git a/documentation/content/en/books/handbook/x11/_index.adoc b/documentation/content/en/books/handbook/x11/_index.adoc index eba545b49678..8bad3e2d7d85 100644 --- a/documentation/content/en/books/handbook/x11/_index.adoc +++ b/documentation/content/en/books/handbook/x11/_index.adoc @@ -608,7 +608,7 @@ However, there are several free, high quality Type1 (PostScript(R)) fonts availa The URW font collection (package:x11-fonts/urwfonts[]) includes high quality versions of standard type1 fonts (Times Roman(TM), Helvetica(TM), Palatino(TM) and others). The Freefonts collection (package:x11-fonts/freefonts[]) includes many more fonts, but most of them are intended for use in graphics software such as the Gimp, and are not complete enough to serve as screen fonts. In addition, Xorg can be configured to use TrueType(R) fonts with a minimum of effort. -For more details on this, see the man:X[7] manual page or crossref:x11[truetype]. +For more details on this, see the man:X[7] manual page or crossref:x11[truetype, TrueType(R) Fonts]. To install the above Type1 font collections from binary packages, run the following commands: @@ -637,7 +637,7 @@ Alternatively, at the command line in the X session run: This will work but will be lost when the X session is closed, unless it is added to the startup file ([.filename]#~/.xinitrc# for a normal `startx` session, or [.filename]#~/.xsession# when logging in through a graphical login manager like XDM). A third way is to use the new [.filename]#/usr/local/etc/fonts/local.conf# as -demonstrated in crossref:x11[antialias]. +demonstrated in crossref:x11[antialias, Anti-Aliased Fonts]. [[truetype]] === TrueType(R) Fonts @@ -671,7 +671,7 @@ Then create an index of X font files in a directory: .... Now add the TrueType(R) directory to the font path. -This is just the same as described in crossref:x11[type1]: +This is just the same as described in crossref:x11[type1, Type1 Fonts]: [source,shell] .... diff --git a/documentation/content/en/books/handbook/zfs/_index.adoc b/documentation/content/en/books/handbook/zfs/_index.adoc index ae95e8797c63..e8215f18e201 100644 --- a/documentation/content/en/books/handbook/zfs/_index.adoc +++ b/documentation/content/en/books/handbook/zfs/_index.adoc @@ -62,7 +62,7 @@ ZFS has three major design goals: crossref:zfs[zfs-term-l2arc,L2ARC], and a disk-based synchronous write cache named crossref:zfs[zfs-term-zil,ZIL]. -A complete list of features and terminology is in crossref:zfs[zfs-term]. +A complete list of features and terminology is in crossref:zfs[zfs-term, ZFS Features and Terminology]. [[zfs-differences]] == What Makes ZFS Different diff --git a/documentation/content/en/books/porters-handbook/flavors/_index.adoc b/documentation/content/en/books/porters-handbook/flavors/_index.adoc index 88245b8966e0..b54615509fa5 100644 --- a/documentation/content/en/books/porters-handbook/flavors/_index.adoc +++ b/documentation/content/en/books/porters-handbook/flavors/_index.adoc @@ -120,7 +120,7 @@ nox11_PKGNAMESUFFIX= -nox11 [example] ==== Here is a slightly edited excerpt of what is present in package:devel/libpeas[], -a port that uses the crosref:flavors[flavors-auto-python,Python flavors]. +a port that uses the crossref:flavors[flavors-auto-python,Python flavors]. With the default Python 2 and 3 versions being 2.7 and 3.6, it will automatically get `FLAVORS=py27 py36` [.programlisting] @@ -157,7 +157,7 @@ The `configure` script has to run in [.filename]#${WRKSRC}#, but we are only int Hint about the correct Python 3 config script path name. The packing list is different when the built with Python 3. As there are three possible Python 3 versions, set `PLIST` for all three using the -crosref:flavors[flavors-using-helpers,helper]. +crossref:flavors[flavors-using-helpers,helper]. ==== [[flavors-using-helpers]] diff --git a/documentation/content/en/books/porters-handbook/makefiles/_index.adoc b/documentation/content/en/books/porters-handbook/makefiles/_index.adoc index 54fa80d1e01d..e94fd4091a53 100644 --- a/documentation/content/en/books/porters-handbook/makefiles/_index.adoc +++ b/documentation/content/en/books/porters-handbook/makefiles/_index.adoc @@ -101,7 +101,7 @@ From time to time, some software will use a version scheme that is not compatibl [TIP] ==== When updating a port, it is possible to use man:pkg-version[8]'s `-t` argument to check if the new version is greater or lesser than before. -See crossref:makefiles[makefile-versions-ex-pkg-version]. +See crossref:makefiles[makefile-versions-ex-pkg-version, Using man:pkg-version\[8\] to Compare Versions]. ==== [[makefile-versions-ex-pkg-version]] @@ -282,7 +282,7 @@ man:pkg-version[8] will verify this: For some more advanced examples of setting `PORTVERSION`, when the software's versioning is really not compatible with FreeBSD's, or `DISTNAME` when the distribution file does not contain the version itself, see -crossref:makefiles[makefile-distname]. +crossref:makefiles[makefile-distname, `DISTNAME`]. [[makefile-naming-revepoch]] === `PORTREVISION` and `PORTEPOCH` @@ -1482,7 +1482,7 @@ These variables are available: |`GH_SUBDIR` |When the software needs an additional distribution file to be extracted within `${WRKSRC}`, this variable can be used. See the examples in -crossref:makefiles[makefile-master_sites-github-multiple] for more information. +crossref:makefiles[makefile-master_sites-github-multiple, Fetching Multiple Files from GitHub] for more information. |(none) |`GH_TUPLE` @@ -1577,7 +1577,7 @@ GH_TAGNAME= c472d66b .... This creates a versioning scheme that increases over time, and that is still -before version `0` (see crossref:makefiles[makefile-versions-ex-pkg-version] for details on man:pkg-version[8]): +before version `0` (see crossref:makefiles[makefile-versions-ex-pkg-version, Using man:pkg-version\[8\] to Compare Versions] for details on man:pkg-version[8]): [source,shell] .... @@ -1622,7 +1622,7 @@ USE_GITHUB= yes .... This creates a versioning scheme that increases over time (well, over commits), and does not conflict with the creation of a `0.7.4` version. -(See crossref:makefiles[makefile-versions-ex-pkg-version] for details on man:pkg-version[8]): +(See crossref:makefiles[makefile-versions-ex-pkg-version, Using man:pkg-version\[8\] to Compare Versions] for details on man:pkg-version[8]): [source,shell] .... @@ -1654,13 +1654,13 @@ v0.7.3-0-gc66c71d ==== Fetching Multiple Files from GitHub The `USE_GITHUB` framework also supports fetching multiple distribution files from different places in GitHub. -It works in a way very similar to crossref:makefiles[porting-master-sites-n]. +It works in a way very similar to crossref:makefiles[porting-master-sites-n, Multiple Distribution or Patches Files from Multiple Locations]. Multiple values are added to `GH_ACCOUNT`, `GH_PROJECT`, and `GH_TAGNAME`. Each different value is assigned a group. The main value can either have no group, or the `:DEFAULT` group. A value can be omitted if it is the same as the default as listed in -crossref:makefiles[makefile-master_sites-github-description]. +crossref:makefiles[makefile-master_sites-github-description,`USE_GITHUB` Description]. `GH_TUPLE` can also be used when there are a lot of distribution files. It helps keep the account, project, tagname, and group information at the same place. @@ -1678,7 +1678,7 @@ It is used as a unique key and using it more than once will overwrite the previo ==== As this is only syntactic sugar above `DISTFILES` and `MASTER_SITES`, the group names must adhere to the restrictions on group names outlined in -crossref:makefiles[porting-master-sites-n] +crossref:makefiles[porting-master-sites-n, Multiple Distribution or Patches Files from Multiple Locations] ==== When fetching multiple files from GitHub, sometimes the default distribution file is not fetched from GitHub. @@ -1752,7 +1752,7 @@ post-extract: ==== This is functionally equivalent to -crossref:makefiles[makefile-master_sites-github-multi], but using `GH_TUPLE`: +crossref:makefiles[makefile-master_sites-github-multi,Use of `USE_GITHUB` with Multiple Distribution Files], but using `GH_TUPLE`: [.programlisting] .... @@ -1895,7 +1895,7 @@ Similar to GitHub, if the distribution file comes from https://gitlab.com/[gitla |`GL_SUBDIR` |When the software needs an additional distribution file to be extracted within `${WRKSRC}`, this variable can be used. See the examples in - crossref:makefiles[makefile-master_sites-gitlab-multiple] for more information. + crossref:makefiles[makefile-master_sites-gitlab-multiple, Fetching Multiple Files from GitLab] for more information. |(none) |`GL_TUPLE` @@ -1959,12 +1959,12 @@ It will have `MASTER_SITES` set to `"https://gitlab.example.com"` and `WRKSRC` t ==== Fetching Multiple Files from GitLab The `USE_GITLAB` framework also supports fetching multiple distribution files from different places from GitLab and GitLab hosted sites. -It works in a way very similar to crossref:makefiles[porting-master-sites-n] and -crossref:makefiles[makefile-master_sites-gitlab-multiple]. +It works in a way very similar to crossref:makefiles[porting-master-sites-n, Multiple Distribution or Patches Files from Multiple Locations] and +crossref:makefiles[makefile-master_sites-gitlab-multiple, Fetching Multiple Files from GitLab]. Multiple values are added to `GL_SITE`, `GL_ACCOUNT`, `GL_PROJECT` and `GL_COMMIT`. Each different value is assigned a group. -crossref:makefiles[makefile-master_sites-gitlab-description]. +crossref:makefiles[makefile-master_sites-gitlab-description,`USE_GITLAB` Description]. `GL_TUPLE` can also be used when there are a lot of distribution files. It helps keep the site, account, project, commit, and group information at the same place. @@ -1982,7 +1982,7 @@ It is used as a unique key and using it more than once will overwrite the previo ==== As this is only syntactic sugar above `DISTFILES` and `MASTER_SITES`, the group names must adhere to the restrictions on group names outlined in -crossref:makefiles[porting-master-sites-n] +crossref:makefiles[porting-master-sites-n, Multiple Distribution or Patches Files from Multiple Locations] ==== When fetching multiple files using GitLab, sometimes the default distribution file is not fetched from a GitLab site. @@ -2058,7 +2058,7 @@ post-extract: [example] ==== This is functionally equivalent to -crossref:makefiles[makefile-master_sites-gitlab-multi], but using `GL_TUPLE`: +crossref:makefiles[makefile-master_sites-gitlab-multi,Use of `USE_GITLAB` with Multiple Distribution Files], but using `GL_TUPLE`: [.programlisting] .... @@ -2216,7 +2216,7 @@ This section explains how to quickly prepare fine grained fetching of multiple d We describe here a case of simplified `MASTER_SITES:n` usage. This will be sufficient for most scenarios. More detailed information are available in -crossref:makefiles[ports-master-sites-n-detailed]. +crossref:makefiles[ports-master-sites-n-detailed, Detailed Information]. Some applications consist of multiple distribution files that must be downloaded from a number of different sites. For example, Ghostscript consists of the core of the program, and then a large number of driver files that are used depending on the user's printer. @@ -2227,7 +2227,7 @@ Each site listed in `MASTER_SITES` is then followed by a colon, and the group th For example, consider an application with the source split in two parts, [.filename]#source1.tar.gz# and [.filename]#source2.tar.gz#, which must be downloaded from two different sites. The port's [.filename]#Makefile# would include lines like -crossref:makefiles[ports-master-sites-n-example-simple-use-one-file-per-site]. +crossref:makefiles[ports-master-sites-n-example-simple-use-one-file-per-site,Simplified Use of `MASTER_SITES:n` with One File Per Site]. [[ports-master-sites-n-example-simple-use-one-file-per-site]] .Simplified Use of `MASTER_SITES:n` with One File Per Site @@ -2247,7 +2247,7 @@ DISTFILES= source1.tar.gz:source1 \ Multiple distribution files can have the same group. Continuing the previous example, suppose that there was a third distfile, [.filename]#source3.tar.gz#, that is downloaded from `ftp.example2.com`. The [.filename]#Makefile# would then be written like -crossref:makefiles[ports-master-sites-n-example-simple-use-more-than-one-file-per-site]. +crossref:makefiles[ports-master-sites-n-example-simple-use-more-than-one-file-per-site,Simplified Use of `MASTER_SITES:n` with More Than One File Per Site]. [[ports-master-sites-n-example-simple-use-more-than-one-file-per-site]] .Simplified Use of `MASTER_SITES:n` with More Than One File Per Site @@ -2344,9 +2344,9 @@ MASTER_SITES= alpha:DEFAULT,SOME_SITE elements, if the postfix immediate preceding character is not a `/` then `:n` will be considered a valid part of the element instead of a group postfix even if an element is postfixed with `:n`. See both - crossref:makefiles[ports-master-sites-n-example-detailed-use-master-site-subdir] + crossref:makefiles[ports-master-sites-n-example-detailed-use-master-site-subdir,Detailed Use of `MASTER_SITES:n` in `MASTER_SITE_SUBDIR`] and - crossref:makefiles[ports-master-sites-n-example-detailed-use-complete-example-master-sites]. + crossref:makefiles[ports-master-sites-n-example-detailed-use-complete-example-master-sites,Detailed Use of `MASTER_SITES:n` with Comma Operator, Multiple Files, Multiple Sites and Multiple Subdirectories]. + [[ports-master-sites-n-example-detailed-use-master-site-subdir]] .Detailed Use of `MASTER_SITES:n` in `MASTER_SITE_SUBDIR` @@ -2440,7 +2440,7 @@ Sites are listed in the exact order they will be used. + This has been simplified as much as possible. See -crossref:makefiles[ports-master-sites-n-example-detailed-use-master-site-sourceforge]. +crossref:makefiles[ports-master-sites-n-example-detailed-use-master-site-sourceforge,Detailed Use of `MASTER_SITES:n` with SourceForge (`SF`)]. + [[ports-master-sites-n-example-detailed-use-master-site-sourceforge]] .Detailed Use of `MASTER_SITES:n` with SourceForge (`SF`) @@ -2459,7 +2459,7 @@ DISTFILES= something.tar.gz:sourceforge + All examples were done with `MASTER*` but they work exactly the same for `PATCH*` ones as can be seen in -crossref:makefiles[ports-master-sites-n-example-detailed-use-patch-sites]. +crossref:makefiles[ports-master-sites-n-example-detailed-use-patch-sites,Simplified Use of `MASTER_SITES:n` with `PATCH_SITES`]. + [[ports-master-sites-n-example-detailed-use-patch-sites]] .Simplified Use of `MASTER_SITES:n` with `PATCH_SITES` @@ -2490,7 +2490,7 @@ PATCHFILES= patch1:test with their matching group elements within both `MASTER_SITES` and `PATCH_SITES` which use matching group elements within both `MASTER_SITE_SUBDIR` and `PATCH_SITE_SUBDIR`. Check - crossref:makefiles[ports-master-sites-n-example-detailed-use-complete-example-master-sites]. + crossref:makefiles[ports-master-sites-n-example-detailed-use-complete-example-master-sites,Detailed Use of `MASTER_SITES:n` with Comma Operator, Multiple Files, Multiple Sites and Multiple Subdirectories]. ** `fetch-list`: works like old `fetch-list` with the exception that it groups just like `do-fetch`. ** `master-sites` and `patch-sites`: (incompatible with older versions) only return the elements of group `DEFAULT`; in fact, they execute targets `master-sites-default` and `patch-sites-default` respectively. + @@ -2622,13 +2622,13 @@ If it is not an OSI approved license it must also document any restrictions on r A short name for the license or licenses if more than one license apply. -If it is one of the licenses listed in crossref:makefiles[licenses-license-list], only `LICENSE_FILE` and `LICENSE_DISTFILES` variables can be set. +If it is one of the licenses listed in crossref:makefiles[licenses-license-list,Predefined License List], only `LICENSE_FILE` and `LICENSE_DISTFILES` variables can be set. If this is a license that has not been defined in the ports framework (see -crossref:makefiles[licenses-license-list]), the `LICENSE_PERMS` and `LICENSE_NAME` must be set, along with either `LICENSE_FILE` or `LICENSE_TEXT`. +crossref:makefiles[licenses-license-list,Predefined License List]), the `LICENSE_PERMS` and `LICENSE_NAME` must be set, along with either `LICENSE_FILE` or `LICENSE_TEXT`. `LICENSE_DISTFILES` and `LICENSE_GROUPS` can also be set, but are not required. -The predefined licenses are shown in crossref:makefiles[licenses-license-list]. +The predefined licenses are shown in crossref:makefiles[licenses-license-list,Predefined License List]. The current list is always available in [.filename]#Mk/bsd.licenses.db.mk#. [[licenses-license-ex1]] @@ -4168,58 +4168,58 @@ There are some macros to help simplify conditional values which differ based on For easier access, a comprehensive list is provided: `PLIST_SUB`, `SUB_LIST`:: -For automatic `%%_OPT_%%` and `%%NO__OPT__%%` generation, see crossref:makefiles[options_sub]. +For automatic `%%_OPT_%%` and `%%NO__OPT__%%` generation, see crossref:makefiles[options_sub, `OPTIONS_SUB`]. + -For more complex usage, see crossref:makefiles[options-variables]. +For more complex usage, see crossref:makefiles[options-variables, Generic Variables Replacement, `OPT_VARIABLE` and `OPT_VARIABLE_OFF`]. `CONFIGURE_ARGS`:: -For `--enable-_x_` and `--disable-_x_`, see crossref:makefiles[options-configure_enable]. +For `--enable-_x_` and `--disable-_x_`, see crossref:makefiles[options-configure_enable, `OPT_CONFIGURE_ENABLE`]. + -For `--with-_x_` and `--without-_x_`, see crossref:makefiles[options-configure_with]. +For `--with-_x_` and `--without-_x_`, see crossref:makefiles[options-configure_with, `OPT_CONFIGURE_WITH`]. + -For all other cases, see crossref:makefiles[options-configure_on]. +For all other cases, see crossref:makefiles[options-configure_on, `OPT_CONFIGURE_ON` and `OPT_CONFIGURE_OFF`]. `CMAKE_ARGS`:: For arguments that are booleans (`on`, `off`, `true`, `false`, `0`, `1`) see -crossref:makefiles[options-cmake_bool]. +crossref:makefiles[options-cmake_bool, `OPT_CMAKE_BOOL` and `OPT_CMAKE_BOOL_OFF`]. + -For all other cases, see crossref:makefiles[options-cmake_on]. +For all other cases, see crossref:makefiles[options-cmake_on, `OPT_CMAKE_ON` and `OPT_CMAKE_OFF`]. `MESON_ARGS`:: -For arguments that take `true` or `false`, see crossref:makefiles[options-meson_true]. +For arguments that take `true` or `false`, see crossref:makefiles[options-meson_true, `OPT_MESON_TRUE` and `OPT_MESON_FALSE`]. + -For arguments that take `yes` or `no`, use crossref:makefiles[options-meson_yes]. +For arguments that take `yes` or `no`, use crossref:makefiles[options-meson_yes, `OPT_MESON_YES` and `OPT_MESON_NO`]. + -For arguments that take `enabled` or `disabled`, see crossref:makefiles[options-meson_enabled]. +For arguments that take `enabled` or `disabled`, see crossref:makefiles[options-meson_enabled, `OPT_MESON_ENABLED` and `OPT_MESON_DISABLED`]. + -For all other cases, use crossref:makefiles[options-meson_on]. +For all other cases, use crossref:makefiles[options-meson_on, `OPT_MESON_ON` and `OPT_MESON_OFF`]. `QMAKE_ARGS`:: -See crossref:makefiles[options-qmake_on]. +See crossref:makefiles[options-qmake_on, `OPT_QMAKE_ON` and `OPT_QMAKE_OFF`]. `USE_*`:: -See crossref:makefiles[options-use]. +See crossref:makefiles[options-use, `OPT_USE` and `OPT_USE_OFF`]. `*_DEPENDS`:: -See crossref:makefiles[options-dependencies]. +See crossref:makefiles[options-dependencies, Dependencies, `OPT_DEPTYPE` and `OPT_DEPTYPE_OFF`]. `*` (Any variable):: The most used variables have direct helpers, see -crossref:makefiles[options-variables]. +crossref:makefiles[options-variables, Generic Variables Replacement, `OPT_VARIABLE` and `OPT_VARIABLE_OFF`]. + -For any variable without a specific helper, see crossref:makefiles[options-vars]. +For any variable without a specific helper, see crossref:makefiles[options-vars, `OPT_VARS` and `OPT_VARS_OFF`]. Options dependencies:: When an option need another option to work, see -crossref:makefiles[options-implies]. +crossref:makefiles[options-implies, `OPT_IMPLIES`]. Options conflicts:: When an option cannot work if another is also enabled, see -crossref:makefiles[options-prevents]. +crossref:makefiles[options-prevents, `OPT_PREVENTS` and `OPT_PREVENTS_MSG`]. Build targets:: When an option need some extra processing, see -crossref:makefiles[options-targets]. +crossref:makefiles[options-targets, Additional Build Targets, `_target_-_OPT_-on` and `_target_-_OPT_-off`]. [[options_sub]] ==== `OPTIONS_SUB` @@ -4396,8 +4396,8 @@ CONFIGURE_ARGS+= --no-test [TIP] ==== -Most of the time, the helpers in crossref:makefiles[options-configure_enable] -and crossref:makefiles[options-configure_with] provide a shorter and more comprehensive functionality. +Most of the time, the helpers in crossref:makefiles[options-configure_enable, `OPT_CONFIGURE_ENABLE`] +and crossref:makefiles[options-configure_with, `OPT_CONFIGURE_WITH`] provide a shorter and more comprehensive functionality. ==== [[options-cmake-helpers]] @@ -4434,7 +4434,7 @@ CMAKE_ARGS+= -DOPTIMIZE:BOOL=true [TIP] ==== -See crossref:makefiles[options-cmake_bool] for a shorter helper when the value is boolean. +See crossref:makefiles[options-cmake_bool, `OPT_CMAKE_BOOL` and `OPT_CMAKE_BOOL_OFF`] for a shorter helper when the value is boolean. ==== [[options-cmake_bool]] @@ -4744,7 +4744,7 @@ Provides a generic way to set and append to variables. [WARNING] ==== Before using `OPT_VARS` and `OPT_VARS_OFF`, see if there is already a more -specific helper available in crossref:makefiles[options-variables]. +specific helper available in crossref:makefiles[options-variables, Generic Variables Replacement, `OPT_VARIABLE` and `OPT_VARIABLE_OFF`]. ==== When option _OPT_ is selected, and `OPT_VARS` defined, `_key_=_value_` and `_key_+=_value_` pairs are evaluated from `OPT_VARS`. @@ -5305,7 +5305,7 @@ post-install: These macros do not add the installed files to [.filename]#pkg-plist#. They must be added manually. For optional documentation (`PORTDOCS`, see -crossref:makefiles[install-documentation]) and examples (`PORTEXAMPLES`), the `%%PORTDOCS%%` or `%%PORTEXAMPLES%%` prefixes must be prepended in [.filename]#pkg-plist#. +crossref:makefiles[install-documentation, Install Additional Documentation]) and examples (`PORTEXAMPLES`), the `%%PORTDOCS%%` or `%%PORTEXAMPLES%%` prefixes must be prepended in [.filename]#pkg-plist#. [[install-documentation]] === Install Additional Documentation @@ -5329,7 +5329,7 @@ post-install: .... On the other hand, if there is a DOCS option in the port, install the documentation in a `post-install-DOCS-on` target. -These targets are described in crossref:makefiles[options-targets]. +These targets are described in crossref:makefiles[options-targets, Additional Build Targets, `_target_-_OPT_-on` and `_target_-_OPT_-off`]. Here are some handy variables and how they are expanded by default when used in the [.filename]#Makefile#: diff --git a/documentation/content/en/books/porters-handbook/order/_index.adoc b/documentation/content/en/books/porters-handbook/order/_index.adoc index 2e260b3b2146..cf00bccfdfcd 100644 --- a/documentation/content/en/books/porters-handbook/order/_index.adoc +++ b/documentation/content/en/books/porters-handbook/order/_index.adoc @@ -154,13 +154,13 @@ This block is optional. The variables are: ==== `BROKEN_*` and `IGNORE_*` can be any generic variables, for example, `IGNORE_amd64`, `BROKEN_FreeBSD_10`, etc. With the exception of variables that depend on a crossref:uses[uses,`USES`], -place those in crossref:order[porting-order-uses]. +place those in crossref:order[porting-order-uses, `USES` and `USE_x`]. For instance, `IGNORE_WITH_PHP` only works if crossref:uses[uses-php,`php`] is set, and `BROKEN_SSL` only if crossref:uses[uses-ssl,`ssl`] is set. If the port is marked BROKEN when some conditions are met, and such conditions can only be tested after including [.filename]#bsd.port.options.mk# or [.filename]#bsd.port.pre.mk#, then those variables should be set later, in -crossref:order[porting-order-rest]. +crossref:order[porting-order-rest, The Rest of the Variables]. ==== [[porting-order-depends]] @@ -219,7 +219,7 @@ Try and sort all of those alphabetically. The `FOO` and `BAR` options do not have a standard description, so one need to be written. The other options already have one in [.filename]#Mk/bsd.options.desc.mk# so writing one is not needed. The `DOCS` and `EXAMPLES` use target helpers to install their files, they are shown here for completeness, -though they belong in crossref:order[porting-order-targets], so other variables and targets could be inserted before them. +though they belong in crossref:order[porting-order-targets, The Targets], so other variables and targets could be inserted before them. [.programlisting] .... diff --git a/documentation/content/en/books/porters-handbook/pkg-files/_index.adoc b/documentation/content/en/books/porters-handbook/pkg-files/_index.adoc index 40a4c0bb6c54..96606622eda3 100644 --- a/documentation/content/en/books/porters-handbook/pkg-files/_index.adoc +++ b/documentation/content/en/books/porters-handbook/pkg-files/_index.adoc @@ -149,7 +149,7 @@ The message is delimited by double quotes `"`, this is used for simple single li Multiline strings use the standard here document notation. The multiline delimiter _must_ start just after `<<` symbols without any whitespace and it _must_ consist of capital letters only. To finish a multiline string, add the delimiter string on a line of its own without any whitespace. -The message from crossref:pkg-files[porting-message-ucl-short-ex] can be written as: +The message from crossref:pkg-files[porting-message-ucl-short-ex,UCL Short Strings] can be written as: [.programlisting] .... diff --git a/documentation/content/en/books/porters-handbook/plist/_index.adoc b/documentation/content/en/books/porters-handbook/plist/_index.adoc index 7050ef8317be..68ebc9ea5bb9 100644 --- a/documentation/content/en/books/porters-handbook/plist/_index.adoc +++ b/documentation/content/en/books/porters-handbook/plist/_index.adoc @@ -159,7 +159,7 @@ If the port installs configuration files to [.filename]#PREFIX/etc# (or elsewher That will cause `pkg delete` to remove files that have been carefully edited by the user, and a re-installation will wipe them out. Instead, install sample files with a [.filename]#filename.sample# extension. -The `@sample` macro automates this, see crossref:plist[plist-keywords-sample] for what it does exactly. +The `@sample` macro automates this, see crossref:plist[plist-keywords-sample, Expanding Package List with Keywords] for what it does exactly. For each sample file, add a line to [.filename]#pkg-plist#: [.programlisting] @@ -217,7 +217,7 @@ Running `make makeplist` will show an example for [.filename]#pkg-plist#. The output of `makeplist` must be double checked for correctness as it tries to automatically guess a few things, and can get it wrong. User configuration files should be installed as [.filename]#filename.sample#, as -it is described in crossref:plist[plist-config]. +it is described in crossref:plist[plist-config, Configuration Files]. [.filename]#info/dir# must not be listed and appropriate [.filename]#install-info# lines must be added as noted in the crossref:makefiles[makefile-info,info files] section. Any libraries installed by the port must be listed as specified in the crossref:special[porting-shlibs,shared libraries] section. @@ -380,7 +380,7 @@ The "actual", non-sample, file is either the second filename, if present, or the This does three things. First, add the first file passed as argument, the sample file, to the plist. Then, on installation, if the actual file is not found, copy the sample file to the actual file. And finally, on deinstallation, remove the actual file if it has not been modified. -See crossref:plist[plist-config] for more information. +See crossref:plist[plist-config, Configuration Files] for more information. [[plist-keywords-shared-mime-info]] === `@shared-mime-info` _directory_ @@ -399,7 +399,7 @@ On deinstallation, remove it from [.filename]#/etc/shells#. === `@terminfo` Do not use by itself. -If the port installs [.filename]#*.terminfo# files, add crossref:uses[uses-terminfo,USES=terminfo] to its [.filename]#Makefile#. +If the port installs [.filename]#*.terminfo# files, add crossref:uses[uses-terminfo,`USES=terminfo`] to its [.filename]#Makefile#. On installation and deinstallation, if `tic` is present, refresh [.filename]#${PREFIX}/shared/misc/terminfo.db# from the [.filename]#*.terminfo# files in [.filename]#${PREFIX}/shared/misc#. @@ -503,7 +503,7 @@ For example, [.filename]#/var/db/${PORTNAME}# needs to have a `@dir` entry where ==== `@exec` _command_, `@unexec` _command_ (Deprecated) Execute _command_ as part of the installation or deinstallation process. -Please use crossref:plist[plist-keywords-base-exec] instead. +Please use crossref:plist[plist-keywords-base-exec, `@preexec` _command_, `@postexec` _command_, `@preunexec` _command_, `@postunexec` _command_] instead. [[plist-keywords-base-dirrm]] ==== `@dirrm` _directory_ (Deprecated) @@ -615,7 +615,7 @@ actions: [file(1)] These keywords contains a man:sh[1] script to be executed before or after installation, deinstallation, or upgrade of the package. In addition to the usual `@exec %_foo_` placeholders described in -crossref:plist[plist-keywords-base-exec], there is a new one, `%@`, which represents the argument of the keyword. +crossref:plist[plist-keywords-base-exec, `@preexec` _command_, `@postexec` _command_, `@preunexec` _command_, `@postunexec` _command_], there is a new one, `%@`, which represents the argument of the keyword. [[plist-keywords-examples]] ==== Custom Keyword Examples diff --git a/documentation/content/en/books/porters-handbook/special/_index.adoc b/documentation/content/en/books/porters-handbook/special/_index.adoc index dffc3bd9ae63..fb63f30849aa 100644 --- a/documentation/content/en/books/porters-handbook/special/_index.adoc +++ b/documentation/content/en/books/porters-handbook/special/_index.adoc @@ -421,11 +421,11 @@ For ports that use CMake, define `USES= cmake`. |`CMAKE_ON` |For each entry in `CMAKE_ON`, an enabled boolean value is added to -`CMAKE_ARGS`. See crossref:special[using-cmake-example2]. +`CMAKE_ARGS`. See crossref:special[using-cmake-example2,`CMAKE_ON` and `CMAKE_OFF`]. |`CMAKE_OFF` |For each entry in `CMAKE_OFF`, a disabled boolean value is added to -`CMAKE_ARGS`. See crossref:special[using-cmake-example2]. +`CMAKE_ARGS`. See crossref:special[using-cmake-example2,`CMAKE_ON` and `CMAKE_OFF`]. |`CMAKE_BUILD_TYPE` |Type of build (CMake predefined build profiles). Default is `Release`, or `Debug` if `WITH_DEBUG` is set. @@ -1620,7 +1620,7 @@ USE_GNOME= gtk30 .... `USE_GNOME` components automatically add the dependencies they need. -Please see crossref:special[gnome-components] for an exhaustive list of all `USE_GNOME` components and which other components they imply and their dependencies. +Please see crossref:special[gnome-components, GNOME Components] for an exhaustive list of all `USE_GNOME` components and which other components they imply and their dependencies. Here is an example [.filename]#Makefile# for a GNOME port that uses many of the techniques outlined in this document. Please use it as a guide for creating new ports. @@ -1656,7 +1656,7 @@ The `USE_GNOME` macro without any arguments does not add any dependencies to the This section explains which macros are available and how they are used. Like they are used in the above example. -The crossref:special[gnome-components] has a more in-depth explanation. +The crossref:special[gnome-components, GNOME Components] has a more in-depth explanation. `USE_GNOME` has to be set for these macros to be of use. `GLIB_SCHEMAS`:: @@ -2438,7 +2438,7 @@ If the application provides a qmake project file ([.filename]#*.pro#), define `U Similar to crossref:special[using-cmake,CMake], qmake supports out-of-source builds, which can be enabled by specifying the `outsource` argument (see crossref:special[using-qmake-example,`USES= qmake` example]). -Also see crossref:special[using-qmake-arguments]. +Also see crossref:special[using-qmake-arguments,Possible Arguments for `USES qmake`]. [[using-qmake-arguments]] .Possible Arguments for `USES= qmake` @@ -3096,7 +3096,7 @@ Available components are listed below (up-to-date components are also listed in ==== This is a simple example for a KDE port. `USES= cmake` instructs the port to utilize CMake, a configuration tool widely -used by KDE projects (see crossref:special[using-cmake] for detailed usage). +used by KDE projects (see crossref:special[using-cmake, Using `cmake`] for detailed usage). `USE_KDE` brings dependency on KDE libraries. Required KDE components and other dependencies can be determined through the configure log. `USE_KDE` does not imply `USE_QT`. @@ -3300,7 +3300,7 @@ The related entries are defined in both `PLIST_SUB` (documented in crossref:plis When the port is to be built using Apache Ant, it has to define `USE_ANT`. Ant is thus considered to be the sub-make command. When no `do-build` target is defined by the port, a default one will be set that runs Ant according to `MAKE_ENV`, `MAKE_ARGS` and `ALL_TARGET`. -This is similar to the `USES= gmake` mechanism, which is documented in crossref:special[building]. +This is similar to the `USES= gmake` mechanism, which is documented in crossref:special[building, Building Mechanisms]. [[java-best-practices]] === Best Practices @@ -3624,7 +3624,7 @@ A complete list of available variables can be found in [.filename]#/usr/ports/Mk [IMPORTANT] ==== All dependencies to Python ports using crossref:flavors[flavors-auto-python,Python flavors] (either with `USE_PYTHON=distutils` or `USE_PYTHON=flavors`) must have the Python flavor appended to their origin using `@${PY_FLAVOR}`. -See crossref:special[python-Makefile]. +See crossref:special[python-Makefile,Makefile for a Simple Python Module]. ==== [[python-Makefile]] @@ -3808,7 +3808,7 @@ The available wxWidgets versions and the corresponding ports in the tree are: |package:x11-toolkits/wxgtk30[] |=== -The variables in crossref:special[wx-ver-sel-table] can be set to one or more of these combinations separated by spaces: +The variables in crossref:special[wx-ver-sel-table,Variables to Select wxWidgets Versions] can be set to one or more of these combinations separated by spaces: [[wx-widgets-versions-specification]] .wxWidgets Version Specifications @@ -3874,7 +3874,7 @@ These applications can be specified in `WX_COMPS`. These components are availabl |=== The dependency type can be selected for each component by adding a suffix separated by a semicolon. -If not present then a default type will be used (see crossref:special[wx-def-dep-types]). +If not present then a default type will be used (see crossref:special[wx-def-dep-types,Default wxWidgets Dependency Types]). These types are available: [[wx-widgets-dependency-table]] @@ -3979,7 +3979,7 @@ CONFIGURE_ARGS+= --enable-wxpython [[wx-defined-variables]] === Defined Variables -These variables are available in the port (after defining one from crossref:special[wx-ver-sel-table]). +These variables are available in the port (after defining one from crossref:special[wx-ver-sel-table,Variables to Select wxWidgets Versions]). [[wx-widgets-variables]] .Variables Defined for Ports That Use wxWidgets @@ -4757,7 +4757,7 @@ USE_BUDGIE= libbudgie [[using-databases]] == Using Databases -Use one of the `USES` macros from crossref:special[using-databases-uses] to add a dependency on a database. +Use one of the `USES` macros from crossref:special[using-databases-uses,Database `USES` Macros] to add a dependency on a database. [[using-databases-uses]] .Database `USES` Macros diff --git a/documentation/content/en/books/porters-handbook/testing/_index.adoc b/documentation/content/en/books/porters-handbook/testing/_index.adoc index 7ac46b3a4eda..f49e02caa70d 100644 --- a/documentation/content/en/books/porters-handbook/testing/_index.adoc +++ b/documentation/content/en/books/porters-handbook/testing/_index.adoc @@ -192,7 +192,7 @@ The path with `LOCALBASE` is more likely to still work if the system administrat ==== All these tests are done automatically when running `poudriere testport` or `poudriere bulk -t`. It is highly recommended that every ports contributor install and test their ports with it. -See crossref:testing[testing-poudriere] for more information. +See crossref:testing[testing-poudriere, poudriere] for more information. ==== [[testing-poudriere]] @@ -443,7 +443,7 @@ Will update the given _PORTSTREE_, one tree given by the output of `poudriere -l [NOTE] ==== Ports trees without a method, see -crossref:testing[testing-poudriere-ports-tree-manual], cannot be updated like this and must be updated manually by the porter. +crossref:testing[testing-poudriere-ports-tree-manual, Using Manually Managed Ports Trees with poudriere], cannot be updated like this and must be updated manually by the porter. ==== [[testing-poudriere-testing-ports]] @@ -511,7 +511,7 @@ Adding the `-c`: Presents the port configuration dialog before the port is built. The ports given after `-o` in the format `_category_/_portname_` will use the specified options, all dependencies will use the default options. Testing dependent ports with non-default options can be accomplished using sets, -see crossref:testing[testing-poudriere-sets]. +see crossref:testing[testing-poudriere-sets, Using Sets]. [TIP] ==== diff --git a/documentation/content/en/books/porters-handbook/upgrading/_index.adoc b/documentation/content/en/books/porters-handbook/upgrading/_index.adoc index 394d8f333f92..5d061414c62c 100644 --- a/documentation/content/en/books/porters-handbook/upgrading/_index.adoc +++ b/documentation/content/en/books/porters-handbook/upgrading/_index.adoc @@ -72,7 +72,7 @@ To create a suitable `diff` for a single patch, copy the file that needs patchin % diff -u something.orig something > something.diff .... -Otherwise, either use the `git diff` method (crossref:upgrading[git-diff]) or copy the contents of the port to an entire different directory and use the result of the recursive man:diff[1] output of the new and old ports directories (for example, if the modified port directory is called [.filename]#superedit# and the original is in our tree as [.filename]#superedit.bak#, then save the result of `diff -ruN superedit.bak superedit`). +Otherwise, either use the `git diff` method (crossref:upgrading[git-diff, Using Git to Make Patches]) or copy the contents of the port to an entire different directory and use the result of the recursive man:diff[1] output of the new and old ports directories (for example, if the modified port directory is called [.filename]#superedit# and the original is in our tree as [.filename]#superedit.bak#, then save the result of `diff -ruN superedit.bak superedit`). Either unified or context diff is fine, but port committers generally prefer unified diffs. Note the use of the `-N` option-this is the accepted way to force diff to properly deal with the case of new files being added or old files being deleted. Before sending us the diff, please examine the output to make sure all the changes make sense. diff --git a/documentation/content/en/books/porters-handbook/uses/_index.adoc b/documentation/content/en/books/porters-handbook/uses/_index.adoc index 599256e11bb2..6c5dc918eaf3 100644 --- a/documentation/content/en/books/porters-handbook/uses/_index.adoc +++ b/documentation/content/en/books/porters-handbook/uses/_index.adoc @@ -501,7 +501,8 @@ Add a dependency to the client library of the Firebird database. Possible arguments: (none), `fc`, `fontsdir` (default), `none` Adds a runtime dependency on tools needed to register fonts. -Depending on the argument, add a `crossref:plist[plist-keywords-fc,@fc] ${FONTSDIR}` line, `crossref:plist[plist-keywords-fontsdir,@fontsdir] ${FONTSDIR}` line, or no line if the argument is `none`, to the plist. +Depending on the argument, add a `crossref:plist[plist-keywords-fc,`@fc`] +${FONTSDIR}` line, `crossref:plist[plist-keywords-fontsdir,`@fontsdir`] ${FONTSDIR}` line, or no line if the argument is `none`, to the plist. `FONTSDIR` defaults to [.filename]#${PREFIX}/share/fonts/${FONTNAME}# and `FONTNAME` to `${PORTNAME}`. Add `FONTSDIR` to `PLIST_SUB` and `SUB_LIST` @@ -1885,17 +1886,17 @@ The shebangfix macro fixes shebang lines in scripts listed in `SHEBANG_REGEX`, ` `SHEBANG_REGEX`:: Contains _one_ extended regular expressions, and is used with the `-iregex` argument of man:find[1]. -See crossref:uses[uses-shebangfix-ex-regex]. +See crossref:uses[uses-shebangfix-ex-regex,`USESshebangfix` with `SHEBANG_REGEX`]. `SHEBANG_GLOB`:: Contains a list of patterns used with the `-name` argument of man:find[1]. -See crossref:uses[uses-shebangfix-ex-glob]. +See crossref:uses[uses-shebangfix-ex-glob,`USESshebangfix` with `SHEBANG_GLOB`]. `SHEBANG_FILES`:: Contains a list of files or man:sh[1] globs. The shebangfix macro is run from `${WRKSRC}`, so `SHEBANG_FILES` can contain paths that are relative to `${WRKSRC}`. It can also deal with absolute paths if files outside of `${WRKSRC}` require patching. -See crossref:uses[uses-shebangfix-ex-files]. +See crossref:uses[uses-shebangfix-ex-files,`USESshebangfix` with `SHEBANG_FILES`]. Currently Bash, Java, Ksh, Lua, Perl, PHP, Python, Ruby, Tcl, and Tk are supported by default. @@ -1922,7 +1923,7 @@ These will _always_ be part of `_interp__OLD_CMD`: `"/usr/bin/env _interp_" /bin ==== `_interp__OLD_CMD` contain multiple values. Any entry with spaces must be quoted. -See crossref:uses[uses-shebangfix-ex-ksh]. +See crossref:uses[uses-shebangfix-ex-ksh,Specifying all the Paths When Adding an Interpreter to `USESshebangfix`]. ==== [IMPORTANT] @@ -2173,7 +2174,7 @@ The same variables are returned as when using Tcl. Possible arguments: (none) Changes some default behavior (mostly variables) of the build system to allow installing this port as a normal user. -Try this in the port before using crossref:uses[uses-fakeroot,USES=fakeroot] or patching. +Try this in the port before using crossref:uses[uses-fakeroot,`USES=fakeroot`] or patching. [[uses-uniquefiles]] == `uniquefiles` diff --git a/documentation/content/pt-br/books/fdp-primer/editor-config/_index.adoc b/documentation/content/pt-br/books/fdp-primer/editor-config/_index.adoc index a5062576c0bf..8c4a21a5bc70 100644 --- a/documentation/content/pt-br/books/fdp-primer/editor-config/_index.adoc +++ b/documentation/content/pt-br/books/fdp-primer/editor-config/_index.adoc @@ -52,7 +52,7 @@ Ajustar a configuração do editor de texto pode tornar o trabalho nos arquivos [[editor-config-vim]] == Vim -Instale o package:editors/vim[] e em seguida siga as instruções em crossref:editor-config[editor-config-vim-config]. Usuários mais avançados podem usar um linter mais adequado como o link:https://github.com/dense-analysis/ale[Ale] que também pode atuar como um link:https://langserver.org/[Protocolo de Servidor de Idiomas] do Vim. +Instale o package:editors/vim[] e em seguida siga as instruções em crossref:editor-config[editor-config-vim-config, Uso]. Usuários mais avançados podem usar um linter mais adequado como o link:https://github.com/dense-analysis/ale[Ale] que também pode atuar como um link:https://langserver.org/[Protocolo de Servidor de Idiomas] do Vim. [[editor-config-vim-use]] === Uso diff --git a/documentation/content/zh-cn/books/handbook/users/_index.adoc b/documentation/content/zh-cn/books/handbook/users/_index.adoc index 0636e929c584..3b0ebc9754d4 100644 --- a/documentation/content/zh-cn/books/handbook/users/_index.adoc +++ b/documentation/content/zh-cn/books/handbook/users/_index.adoc @@ -311,7 +311,7 @@ Other information: [NOTE] ==== -man:chfn[1] 和 man:chsh[1] 只是到 man:chpass[1] 的符号连接, 类似地, man:ypchpass[1], man:ypchfn[1] 以及 man:ypchsh[1] 也是这样。 NIS 是自动支持的, 不一定要在命令前指定 `yp`。 如果这让您有点不太明白, 不必担心, NIS 将在 crossref:network-servers[network-servers,] 介绍。 +man:chfn[1] 和 man:chsh[1] 只是到 man:chpass[1] 的符号连接, 类似地, man:ypchpass[1], man:ypchfn[1] 以及 man:ypchsh[1] 也是这样。 NIS 是自动支持的, 不一定要在命令前指定 `yp`。 如果这让您有点不太明白, 不必担心, NIS 将在 crossref:network-servers[network-servers,"?"] 介绍。 ==== [[users-passwd]] diff --git a/documentation/content/zh-tw/books/porters-handbook/plist/_index.adoc b/documentation/content/zh-tw/books/porters-handbook/plist/_index.adoc index fbf74d8e4c18..fdf2f53d9317 100644 --- a/documentation/content/zh-tw/books/porters-handbook/plist/_index.adoc +++ b/documentation/content/zh-tw/books/porters-handbook/plist/_index.adoc @@ -409,7 +409,7 @@ On deinstallation, remove it from [.filename]#/etc/shells#. === `@terminfo` Do not use by itself. -If the port installs [.filename]#*.terminfo# files, add crossref:uses[uses-terminfo,USES=terminfo] to its [.filename]#Makefile#. +If the port installs [.filename]#*.terminfo# files, add crossref:uses[uses-terminfo,`USES=terminfo`] to its [.filename]#Makefile#. On installation and deinstallation, if `tic` is present, refresh [.filename]#${PREFIX}/shared/misc/terminfo.db# from the [.filename]#*.terminfo# files in [.filename]#${PREFIX}/shared/misc#. diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd01.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd01.png new file mode 100644 index 000000000000..27fea7c4a129 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd01.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd02.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd02.png new file mode 100644 index 000000000000..d2af3821919c Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd02.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd03.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd03.png new file mode 100644 index 000000000000..7759729fbc3a Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd03.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd04.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd04.png new file mode 100644 index 000000000000..1230b050b63e Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd04.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd05.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd05.png new file mode 100644 index 000000000000..8f01e6a32439 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd05.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd06.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd06.png new file mode 100644 index 000000000000..d521a9b1e9de Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd06.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd07.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd07.png new file mode 100644 index 000000000000..5e0fd7e90241 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd07.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd08.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd08.png new file mode 100644 index 000000000000..b549d094be61 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd08.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd09.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd09.png new file mode 100644 index 000000000000..67520c0ea3f8 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd09.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd12.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd12.png new file mode 100644 index 000000000000..21592fa04d07 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd12.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd13.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd13.png new file mode 100644 index 000000000000..b36c4f366574 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd13.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd14.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd14.png new file mode 100644 index 000000000000..4154d7c99d6e Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd14.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd15.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd15.png new file mode 100644 index 000000000000..7b61a2badb25 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd15.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd16.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd16.png new file mode 100644 index 000000000000..651896e0bb83 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd16.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd17.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd17.png new file mode 100644 index 000000000000..0cae95147ba6 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd17.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd18.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd18.png new file mode 100644 index 000000000000..e34f36f7ae1e Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd18.png differ diff --git a/documentation/static/images/books/handbook/virtualization/qemu-freebsd19.png b/documentation/static/images/books/handbook/virtualization/qemu-freebsd19.png new file mode 100644 index 000000000000..f7222892c992 Binary files /dev/null and b/documentation/static/images/books/handbook/virtualization/qemu-freebsd19.png differ diff --git a/documentation/static/pgpkeys/cs.key b/documentation/static/pgpkeys/cs.key index 81c19b441773..4fd7346acf5a 100644 --- a/documentation/static/pgpkeys/cs.key +++ b/documentation/static/pgpkeys/cs.key @@ -1,13 +1,14 @@ -// sh addkey.sh cs 1C7A2F39D966052B ; +// sh addkey.sh cs 67F86E1DE8C1E2DF ; [.literal-block-margin] .... -pub ed25519/1C7A2F39D966052B 2021-04-18 [SC] [expires: 2023-04-18] - Key fingerprint = 59A6 2B5D B2FE B9CA 2358 4FA1 1C7A 2F39 D966 052B +pub rsa4096/67F86E1DE8C1E2DF 2024-09-20 [SC] [expires: 2027-09-20] + Key fingerprint = 691D 8FB4 2025 448E 632C 70DB 67F8 6E1D E8C1 E2DF uid Carlo Strub uid Carlo Strub -sub cv25519/772125D25CCF4761 2021-04-18 [E] [expires: 2023-04-18] -sub ed25519/0C30619500D9CE7B 2021-04-18 [A] [expires: 2023-04-18] +sub rsa4096/8AD706ED651C14C2 2024-09-20 [E] [expires: 2027-09-20] +sub rsa4096/EDBC5475746B592D 2024-09-20 [A] [expires: 2027-09-20] +sub rsa4096/CC0D964FAB3F4717 2024-09-20 [S] [expires: 2027-09-20] .... @@ -15,23 +16,124 @@ sub ed25519/0C30619500D9CE7B 2021-04-18 [A] [expires: 2023-04-18] .... -----BEGIN PGP PUBLIC KEY BLOCK----- -mDMEYHyLqhYJKwYBBAHaRw8BAQdAvxtnrBIqw9b64xMLyDEnxFvi4MYJmmsrbV4u -nApPN760HkNhcmxvIFN0cnViIDxjc0BjYXJsb3N0cnViLmNoPoiWBBMWCAA+FiEE -WaYrXbL+ucojWE+hHHovOdlmBSsFAmB8i6oCGwMFCQPCZwAFCwkIBwIGFQoJCAsC -BBYCAwECHgECF4AACgkQHHovOdlmBSvpIQEAueYnQBryAAzekQKADICTnLTkeYVA -jB7nUC9sGS9xOCYA/1tCBKlpEzP3I/o1sQzc8XxA+CngCgp42J7CdN120hEFtBxD -YXJsbyBTdHJ1YiA8Y3NARnJlZUJTRC5vcmc+iJYEExYIAD4WIQRZpitdsv65yiNY -T6Ecei852WYFKwUCYHyMIQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX -gAAKCRAcei852WYFK7ZwAP97C2XKF4oufbmI6sdZNfrFHptQ5GTN88ipuoJ1cMiP -/AD9FjvcjF+X/uzUejl36s5kLWnZbrfsVirA/Xb1cs+nsw64OARgfIwxEgorBgEE -AZdVAQUBAQdADNxSVMdqRb7icACnKX7g4GXrklSTjVkW4nBNBLTKA2ADAQgHiH4E -GBYIACYWIQRZpitdsv65yiNYT6Ecei852WYFKwUCYHyMMQIbDAUJA8JnAAAKCRAc -ei852WYFK8CcAP9Rh6gyCM7WmkV9YKJxy4x2gTZr/5B1o3GbCexOzIkZYwEAyhzI -MBPHSHyGAMiXlfRLjD7hWnOm4FzBClCf1trUUQC4MwRgfIxAFgkrBgEEAdpHDwEB -B0CnBVdCUwl1GGTZnlA9Mji89DDFeQo9CF27wI6OL9RM0Ih+BBgWCAAmFiEEWaYr -XbL+ucojWE+hHHovOdlmBSsFAmB8jEACGyAFCQPCZwAACgkQHHovOdlmBSt4ywD+ -OIC2Ltf0U9jp1n/+YnI155dHcXod5wBCWI3bSY30pf8A/2ObPR+65/l8xQCP2Qv4 -UiGy6B3jEpxKZGZSgMnH9KIA -=yzkF +mQINBGbtdkMBEADo07Y3iF1IX7p965HHTHx9AjH/CrwPsgIQr3dTCra1+vZ7+kEZ +CX6PaC02xju6LkpPL/Lug9mh4rvTIrWM0vak0YJoW/cUizi4DHl66E24NVjLdBD8 +cFjI8zHfL7VG78sDMI+Z9777HOd1SC5toyHj9MDwk/kDgWx+mSHwKl124smgPa4u +Q53pR0+KfgXyTE//owArL4Oaczxn0Ztsn0fu3rrbj6l10/hfUrP8AV+zPgiJbWPx +55a91zN9XnRevsIoZEdL1SFXBB7ZSZLTosgNYcRuvDlvUJyOnojclS8ovIfiTY4/ +ctOPDWO/8vlY6HfhDWS4PTKpPEJbqBR8qaCJAbDA3Aunk0/mKnVg/pZ4k3cDxAfG +fWI3u5MTUdeZhNK46fvbsVLm+HQF99DS5F1VZbuP7oth2UsfdXW6buSL9AS7yVnU +qKiYq0PXEBehXGfItfA4oXq4edY3Rd85pEPJSkUlWNj5yMT2K7x8Ryv7yo4H1ade +CGyeaIIGT087Mtr0oo2V45yoB9MYaB6mJvSKr4Y2cnhGvFDvtLi48EM8lMguVf5G +LH86EluFSpPU9RQJrw9zJmc02mFFR3ATaPav2I8kWKkpyCR+vQsFBEIYwUoKzKIg +zWD2sN36q2A54IF3oh3/ylwKJIxN+lhP6lg9076DFCpjtbSo5wkAIYZaiwARAQAB +tB5DYXJsbyBTdHJ1YiA8Y3NAY2FybG9zdHJ1Yi5jaD6JAlQEEwEKAD4WIQRpHY+0 +ICVEjmMscNtn+G4d6MHi3wUCZu12QwIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMB +AAIeAQIXgAAKCRBn+G4d6MHi342DEACLASChlU0BZoZUJu2wg020d6PHoQfDLHH9 +aq3IytwqRCCmtxVTF6An2hBxHggiILYPTfiFyMvFxv0QU1LxvYcUIKGbwlOZc4m6 +RuXHV80jAaQKfrEwuGcQXOw0LR9JSyGSlsicRHFvO7s+vEcVY+6J1zDwownNoaZi +Lw7MJHH6s6/qswqxlTEHW0XcGcCfo316LNBlCIDwTIRLb/ymT1QROcyjrwyMa1yt +JRmlX5CK9p5HXD32VRaBt8Qz7NRxSRJktBOrUt/MWAEhOnK5syicOs1nGwqbAdEL +qxxb+5sbu+zo715GqlcoJ/0G9I5GdodhMao6iTcT8fmxYkfkA80Y2YxxtixPxF9H +qeFIWOYT0Ttd5Escr8qinJl+vzWdaBtW34DmZ0iMafSHStcw1RbuifAUxvDbrKXe +kEXdJDwT6rsTt2spnHJTe4f/gzx/l6rI3nW3OuYlWWvSce0v4Tg/Z53qnKfytzPj +e4FX9wNGB0KQGsaDGR37GYMC8PTIbidsZf7tDzX36ruAST1OpnIPXj68Rnnz96iJ +ue3YE7rI/NExO3qq+QZjDc1KjjdaJyXVV1Whgl3XP5uvGtNYaqnEPNU6o7dwnz25 +12IV0JnuCnH5rAHmbFccnfRT3Ay8WnD68ubsvqncJ0iTbg+9fPUXpYZ3UUXDfFHy +ZemW8aLYvbQcQ2FybG8gU3RydWIgPGNzQEZyZWVCU0Qub3JnPokCVAQTAQoAPhYh +BGkdj7QgJUSOYyxw22f4bh3oweLfBQJm7Xf/AhsDBQkFo5qABQsJCAcDBRUKCQgL +BRYCAwEAAh4BAheAAAoJEGf4bh3oweLfhLAQALpt/BATHMlmiix1qdertfY5JNNT +a4R0wiIcy3XZbAv+aRPxi4QZS2rvI2GFV5QQNe8pqQXao0Q8ljEjEDMVvgcyrPRy +TPVaH/AKKAZ6WXmWTcUlxcdj+mgJymxtQsxFm12O+tUXxQuA8TV2jecAl9KTstfx +Vf3sIiQRF8H6gykcSu5VGktokEna341/3l2BgergHCE0+p8B1rW32/mybOBAaz4E +M738myh7slcuERnCfzJ6+fopIyW5+mvAFMBst4BBIppGwumOTFtp/CDGuCSI8dFF +APWdgRczuz/vlEsqlUOtXQZJDkse9tky2CluEDH90MXIEN6bFt42pt3zqNJuVZ5I +yYkMydGTSI0A6uYQOym6qFr4cKR2zHqHu0MX52Hs5VITvRzsn3oEoiJTZNgderju +x5QvQNoVzttUE3caNxy6xJDLMlEwp+zUt6oTkTufa/b/Mv4OVKIY/13go1w0qMHv +OvR8pYKeQ5ayG3u9RRkf9HWZGy+tJEAeOktYPH+ccU08rubR50YOpPg1PbU7GSDH +DgTPHRJ9cilET6TX+XNNYjXMt3kPaMni5BkzX5eEseE1qODpj3OyL+EgkC68zC5X +OF7q/RtSPZUhpe7BQrE6pi8i8eeqsOWzcc2869qRJ9ZSrCSzZ6RjPtAAFHxW7YH6 +w5lD+HHZoFmokrMluQINBGbtdkMBEADj2rz/XFzPpD7k+YChhKOo5wDikBlRJ1Fl +5VKYHtq9Gz6lVNDaKEz+132AvihxTODFKiBvb01jUAiOc6nmDUcE8rWZJtiMQkfJ +ErYCG6fz2s/Am0I96fjCvztLcLuOr5tUxFbUnDKcmfIhSHJJN8aXfgIycU2IKtJt +NfPeLChdy9o6GQQrqp4OQSmJhUjeyyPovKdi3Gj+BBAL2FUMhcax9uIJVi56K0Cp +cfD2ev7jQ2kjHnVRPhQwxtaAIGHbnAyCkqOUsYw2zIDT2lM2HH8qpte1qtl+7T8i +03FaxiiO+h4ctbscaaWOR6miyk5ueKsUDb/Qe5IRENNo0lIJERMAABvLZDIsrzLB +6IJ7eqGN6D+PMao7jY6cWTn1ny+dJg2AiQIk0pWFcJryer9JPPjDbdNCskQlr8ym +ksXI72qz9O7VZT5Mu/vZ6AScVy/Jzdb+ic2n5ZtEmd+GUZN0r6DYU6s/Wl3VxLcH +MN4okkd2gAP9zxE8nZGW3Damv4TAB5yuafpoJK3gx5ouVhhjXWcY3IqVqo9OsUU5 +2VrSGWmDs4uUM6UjYypI+xIO+P68Jn/YPXrsftbEOg6cGsDNLn2TLjEvuwcR1qJ1 +iLrEt97nxEWYzQcDyls+3+kO+1Hzm3O6wlr22jmREq2wxx1lEfVAFCnvk5lMgk+/ +yuduHCdPJQARAQABiQI8BBgBCgAmFiEEaR2PtCAlRI5jLHDbZ/huHejB4t8FAmbt +dkMCGwwFCQWjmoAACgkQZ/huHejB4t/wpA//Sbho+sgyv4VpLISo8RGpFlaUqoHv +u8T9znUqfVdjHVbtcPZ2B2tl4lxvOgW2WQdJD6z58fXEYJpmEYHclIQWkxCgOZQ7 +lLL8/9BAVNUDl3wsiR5GTAHgpBXTxzMWuSUemr24wjNXg48J71OAezYS8vxNeEG5 +lYNqyVORzPhpld5dsMsnqB88GRIdz7cxI1XTFLRSusfxOfoTIdj2MoZONg+gLjf6 +Wmz0Pv2zhGEjVoEQMFiuN+nNst7c/lzWVLQYpS+Kgl8xhaHvmP8GKAnGsEdovoRZ +cCVs7oyFLrsn73z+yWk6IFHQoi2ThRTBjp4Yxai/bcA6lRQ5svIEQew4zurubTAT +4kX+7OKojsf0tjeV7luLOY898aqft/m34w2qF0qOu4WLD6PH0vF6bXmSd+k+C8QV +He7xzXZhpKFXs5qxLEg7ZYkSW3VL+uNqGh6C558kuiGotGqJNbttzgnuhNJdkhws +hzHSz5C+3NIVEsPIA2ipS+nYlwD/Cp0KklmHPn+oKgWihebssUdY0/4IwhYdj7wW +ktW/OhHp/4KueVO3j5bw1B+t/geUrXVs2Cz4aRlB6LVMM7G5Ufwi5oiuvOLwKwhQ +eNjZnFzOLKJLY6J1kLx7/BGDHEGci07cmMhVZHbdoD2UPZSKKPZ4a+thHhuSa6EV +SuZWHQC+6Jf173C5Ag0EZu12vAEQALs2HRRfU7tdHHSu3II/oZAdUxoyjl4R6XpP +G1Lv0F+mBXV5qd7arMY2bHtP2pNPSCUAPBTBjqN09/gLrMVG7GHZUBplWpLD7KW9 +nVfDhb1Atj8UynWRLegDMxxnyeCec8SXtc7mYzWwLJml23E+HWgX8XR5sqw3hzfb +68IG4Fi39xHfIZWdcrAkNIHwold4sqS2keZXqtbdqd4xQCBH1bBVOXEMp8WeJUGa +UZCHU8JXu8itqtFpqx2HSsrGoqv/fRdB6gf777bARb0VKIZKUOCIgNRBQdg9bKNY +upUu6dz6KcaXnr0wKStc3iR4/lh0fUB9CgfP6MF2yABpsuIWolbtmmL2wfgB27vn +67My8HyKdYdGJ6c88IGwVfllhyQWodP5OFJ1RjJKC+3Z3gNUEzEGvIRf22l8YpEN +ShqaFUv9ZdI9Z7/z8Ow+cwn7FKGONSjkjPOzBkUuYYGU4P20SBj0mf8FhfK+KRP5 +yRdAQ9MxuNvJ72nGkxtlNt2liKceClxRHsP3ajxCL2ZfiogRyVTSzFxmbxjriwuC +MnT9UW75LVrAKOGlUdiqJH9PFS6I4Xp7cmU3M2lB4/rbrJ/8JUb/8PkNzob3vD6b +17ThPhv9tg+wCIPbEPA6L1DFM8vqhDtq5iNr/L+6HMAQ0QmSvY4nPfuoPVmIz2EU +qapnFpLLABEBAAGJAjwEGAEKACYWIQRpHY+0ICVEjmMscNtn+G4d6MHi3wUCZu12 +vAIbIAUJBaOagAAKCRBn+G4d6MHi34mqD/wPdRdiM14LkzdahhLA2EMh30/JzfGb +0uZJ09y/syx7kAWHNV3420I76U9/c6tb77GTDEUWnZsWoYaQNb3FZM9sBiOHYVKR +XJ9vGyWcch2lkYfjZU4z5itFiTjjUtWSvgG8h/JPb2CnO4LXoc6SwrQ4+9euv59L +H8MQa1qei9E8+/hk5wJgr4ePMnzl2ILvadhLt05tDnmgRoGe3hSyjAYS391Q+yxR +vkmPiedDtH9OxO4bZ7t2nfPz8gyacsMbc5n6Qh1M7kk2Ov+e0hiL4mq+QVLXBSC+ +GfU1Et9iBHBwVuVTCJfWBPpccSBLqTrasnbNQRV3xGw+/FJIyshKh5aR+voHfoJP +WGXA3g3knwfIYfJ4Zjm8g0PFUQ7Bf0y+6CDj3K5gqgDnAsDTP4PfcLV84vHm1tt2 +uCfu4ZpgU+cxa+e951xhCg/ynrrDkOs5eRulEWyfN2OPetpUBRYmJugtJTB3w5KP +4jL8sEviARQI2nmEiRZBuKCTBYEt3zQ5zjDV5bsumFHBvgrY2dGJuJCK99QR/hEp +0ptopwsOq7ia0nL1iEoNEHZVxSNIWX+yVxUSRoGK+6TAGBctEk4DjFvEGYJRDk0L +wMFGnwBMj0yT6T6AzenM8SlBrjxwpytkyrb2AZe4S/v86+U20x8p0qB4PTQvpXqx +U7p/A11kx3Isf7kCDQRm7XdMARAAxXGm1Ma8R+m1eotO0hCdkBqdBeDEoM8ZCZRp +vOfjlVRtZPnKPj9BMBA17op40V4u2FzlpIjZ/Qlsf1I1TDUYGcNa8J4pTbBdA7Gk +JDB4O8w74B1ro7a+XslpOW57Z/Ne1PU+SBUXRoaU3QnSmZi1zWMsB14wpOqsthKt +oCwAOee0mJIehvaLSdkmWzyP7sQzabCQRkLEucezPcdDDJdGHA7rOPDABkqHNyhF +U2bn00G3NzTOFkWu8ueFvjiIIwD4c47gECfSCCyMBddVo7HllakHt10pC0b5WGVS +yziXLIbddSapgV5h+gQbb+DOqUuAqCcz5yN3Hj7NlFAUpTGpP3xr1ZKJsr+0SF8R +dzV8PAaEosXCdnV3vHeMaReEJxgyyf6hLuZ28iEY7P0ZgjN2hmA90+DGZT7gHqTe +gpqeD1z8Y0Kf/qPo5eSSBwfhSqMdZu7y0tPjFxpgIavHZM5r31B4c96BGrXnIRmb +JIzTPJZI9P7v8Vyukg+3P5NV9gkNinbWa0DJt5Pc5gkEOVwghco7WuUevWgdFu8N +wug2jvhyzOk8YeZKUQuI2tVuGPPj8FtrcVkScsQW60hhPxGtCB9MNdBhDhviobQ2 +W1cjJ+M8Mpqd6JFbILsmDj2x1oyeXgFDfhRFhDXoyGZOqErfXqEiagYnyaCP9+KK +KmcdiDMAEQEAAYkEcgQYAQoAJhYhBGkdj7QgJUSOYyxw22f4bh3oweLfBQJm7XdM +AhsCBQkFo5qAAkAJEGf4bh3oweLfwXQgBBkBCgAdFiEEkHahME/j84DWnKR7zA2W +T6s/RxcFAmbtd0wACgkQzA2WT6s/Rxdo3w/8C+DHGjrK0seQKrGify5Kk8sZMNLg +ZZxDuJ6mtx1CLn1b8ngDPvA92wfrRlUwKljZcjnYnZmu4nWEwo20Lkz6rAhxGpil +8OTe6CZ28mvK1YotE/ioxEsQdBBJIg+LwOXl82SRbRmTKO0y7meXky0stquVBZTD +bLbeJShnj0TCfue5dkgcry5d6r8lSgN1trUsPNcIFpwibBNmINUqW0OtgS12Y5tU +CB1/72MtFqUTR5YMwfy3HLvhGNCxdezL24qOAtjRCNo0PXHwUrCFL0CswUGUpXJ7 +ZdcRvNSWv7SOvVMCFIANrqu7i0vVPGDB17C2sP8hq9hhVhewYvDn8Cvi6KqtpQnj +wGWH7ChO0CWb9yJ+iPgeTKc19eFBuy0VFUmjYg+A6uAaK10T8xqmsx/03YZjvp/5 +ho1SQmSq05h9xCHILvtiybbbvmdOA7dM2fskVzA78ngHTcbmaJTajz9kEjfXjwXd +bE//AQEo2ZtrGEsYCdNL+afg7BSV5uGoiu0Ml7TeOdUsItv0YGd9TtwGfKXzeVJE +dE+TKqtdvWAE424cNxwwy1fhbBM6S4AecnfokFiwgGOYBnTk4K9bifnqZNME7+Ob ++Qg4jH2ibghlwQvLNShQBmInvcTh05OTmvwzBuZggMwhO8dCo9fKnyyBGWrBUWoz +nX1LzsUk0PpdvPfLrw/+P6BsD0Xo84/6A6P3buXowCNiaVeYsIcZapPMIsSvSe13 +VodE1pyCki5mQSfJJwvt90zKjS+mu6F8I3PvWSmUbgv9ijBQN5W5wgJ+/ioZMHin +Sw+rUPsW3lbR3zPQAnrcGmMeeJ5tzMkAp8oKsxGkapKAPOeoaMW5OujglSKwd8HZ +I3nH5iF2Mjs5jMKBY2+Iuo6CxudkibzqIvkICohF+5lT4pnYrv82RCNrufhhhWc5 +y5hNYvsKYfR7vP+GIvPWBiDYiYug220bh0qgd43cYufGJLmMtt/94mWOY76Vwylz +66PU44gADmguJ1M5+6brUwjiNMIFjz13WrwIIpF5dxSawHfQYAR+HSRWXQSkU1Dl +optaLEd/c6vMFtDF9FNKAPlrsBxdijCgq6nzemxuZI8QqjSrjBtMiQr1AaWJ8ibL +ClSs3zktsabn0UZqSn83gd4szIZgG+39RRi5RZCUXOVcu0zLLkHE34YZFF1g4QoY +8ucvtQpDqJB9Zl9OLMtGnBkwGb7H/jQOI3XQMj6eib33BEm6jV5KJYMzktO+usrb +LGzhVsm7CtM8lg5DMCLY3/FRbOFLFYiReNt/5JOc7waJr2j5RyuCmNEa4YQIdHXk +l4lhBCO9sU9OXSOy1mLGbsBystNEqKnFiZZzWZNQbNepWWVsVNEytjOd6y7fq60= +=NuRW -----END PGP PUBLIC KEY BLOCK----- .... diff --git a/documentation/static/pgpkeys/gshapiro.key b/documentation/static/pgpkeys/gshapiro.key index 22cb56958465..3e9779a07e3a 100644 --- a/documentation/static/pgpkeys/gshapiro.key +++ b/documentation/static/pgpkeys/gshapiro.key @@ -2,14 +2,14 @@ [.literal-block-margin] .... -pub rsa4096/7B529648EE857264 2017-08-27 [SC] [expires: 2024-10-03] +pub 4096R/7B529648EE857264 2017-08-27 [expires: 2026-09-26] Key fingerprint = 296C 94DB D028 0245 BFD3 91D7 7B52 9648 EE85 7264 -uid Gregory Neil Shapiro -uid Gregory Neil Shapiro -uid Gregory Neil Shapiro -sub rsa4096/E06797B94ECB7FF3 2017-08-27 [E] [expires: 2024-10-03] +uid Gregory Neil Shapiro +uid Gregory Neil Shapiro +uid Gregory Neil Shapiro +sub 4096R/E06797B94ECB7FF3 2017-08-27 [expires: 2026-09-26] Key fingerprint = 556B B17C EA8E 3237 AC47 412B E067 97B9 4ECB 7FF3 -sub rsa4096/389DBDBF7CB42F23 2017-08-27 [A] [expires: 2024-10-03] +sub 4096R/389DBDBF7CB42F23 2017-08-27 [expires: 2026-09-26] Key fingerprint = 3D1C 235E E7C2 8671 12E8 C9B6 389D BDBF 7CB4 2F23 .... @@ -181,429 +181,497 @@ Vx+cm+iw12syWWYyurJBF0xmHan4nzVWMB1y/A3ZCyi9u7aSUgUQInKO5R2gw1/N K/CkCU+XlISq5EMf2lp06cw6ERlkyKzqGprfhDidTKbQSeYSlKrEuoN316EWK3gb 9QI+DLe/x6tBAlGllIsvoQVevpdda2WBjCswsGs+m6rS+KDglxvXLwGrTfd8YCnJ cTBygRAkheshSeVBqL09gCeEd4X88j/MC9iOX6seU4WfzM4m2CSZh/uAIdhGGyX0 -tcW0O5ykMgX147pJQLXnCOsSPrthVhbt8gcQOzIMXrNm7sDjPzbtlpqBtCtHcmVn -b3J5IE5laWwgU2hhcGlybyA8Z3NoYXBpcm9ARnJlZUJTRC5vcmc+iQJEBBMBCgAu -BQJZoj6kAhsDBQkDwmcACwsJDQgKDAcLBAMCBhUKCQgLAwUWAgMBAAIeAQIXgAAK -CRB7UpZI7oVyZOHKD/9xWo+nwfUigKVtJSKmyogv8Js+/2t7kqhRiBm22pANQf3Y -cS71RDDKeJFXmuDOYdW6ZW/lYF8cU887WU5ZrbRsKaO9EHuKVijVqFgrtY5c3RPI -wgcfYu9SZCQ0Tm7wKKyIxUmElSl3gUrXue2XF/vpJrXrx1SzQh5ElI2n2S2RQ/M4 -SUlrpRYgz/1a15PyzetsdDC1mm0dFBtsZCa/fDjcBJmnXFX171hmb1E+Wd9NgRkx -UEMnD3UUyaGdS7gizhwRBKmk8eqjZP5zD6VsV5VVSI4x3T41O2ValEBuFoaSqjWK -3ilcxWruRQi1dK+8EKtfF2icZ+hePZqCqc74VFdPVBPa89hjhyypLtRqPdt1yC5u -C9xMGlU9NGtKVT3bxoZumzYoySDnpqZN70Z6ESVG30eDRQH5uCkl6SpNMOnnrpEz -2OLeEYsX2dGF0jaV1hAjC0uPLs7H43MMpr2I3RwzgQpNW/Dd9vpdT54KQ/Jgow8Z -fiKqe9WdhMW5kMNfoH3NjIj5wJ6Gz+pIoOM5rEDM6IqDzwDfxLEv8lJ0WLg++3Sb -kDLxlCqi4ypP0Ua95CSUfl26O8nzB+tlOvKBTRdZPl4cztHc3b5xFK5wGJgRuWjk -g3PmU10qT5o4E/MJREFjk1eoEJAot0KROTiXMP8HLZrJ3Q+TRNMhrzICCt5xFohG -BBARAgAGBQJZok/LAAoJEBj1A4AkwngC7uwAnjDl9mehxA6tLQKPmF4bBDMyxflA -AJ9VN97eUMYtzt34Ib05oEJeKb85TYicBBABAgAGBQJZolAvAAoJEL3aj9Y/6n39 -LMID/i79XRKZvgvzOIOmTP0Go6urCs96ie+JKLBvMFzQ4rL56CDssciFHUGJpHBn -fMr+AQdEfLawA4jLdMUnysZ/oW6bG+L5SQdcPPsZ/X8VuYtP15l97wzcVnf0hiD5 -J2E2IdvX10zbCVDqCAjSSqg44C+YOhE9qam7oxof0utSB5ShiJwEEAECAAYFAlmi -UGUACgkQfEtnbaAOFWN4pQQAigPtudFdSDucVxP0mCn4TIfBD2WmhTUBcAobr3hG -ASqvNFg6QvuKHVYW8kkp9N8PIQ8ZdHpfL0pHvhzNXUIXcqOvQbOhxpP6hKpdIt9b -wzQZJb10TEEQGcYvXJs/ttUe/8n+vQKh9AY7pPyRzlc9/io3zkYGFsq0bYxlwFLm -jGOInAQQAQIABgUCWaJQeAAKCRDW4KH+T74q3fT3BACjy9igcL51fuSDx53XrBq7 -sv1fKZ1CJh0+swJPBUJK3OPJN6wSpGYEOyjYUsfZkyjszFPUSWt0r2+/2I/D7mV4 -U5gaalkhsIVwoMguLB+oF37Mm8mnkqRWRUK8Cev/QLQqXpzoVooHpTA6zr8yNTcu -mdOjO2R611GnTWR+N36oMIhGBBARAgAGBQJZolCNAAoJECH5xbz3apv1sBIAoJqV -of/Pnvcxv+z1ajyJ1IjNMbDgAJ9C1XhfZlLn3dA4NeGJYftfj0TcNYkBHAQQAQIA -BgUCWaJQoAAKCRC9J20ub8+ohXQECAC01XnYzDPtmd2Sz2sL6LtzCQ9ycPF6/g0I -zReXVV4O1RA9q6Q99d9+MGgZiw1pUa8Ddgz2KyggVn4nRCvmPSUOqKqivj0G3vCu -14/129fyIpc6fAuCeKDpYr5W6uhNVKvz4EgKScqwT7ea7RvM5IEgVZFpocQYAcJj -ykecyK7UPcV/fyc6LjVmvvFi/cPuKe3Xdy697yKGwGEkX5laaJrc4NDBCer/pz2A -P6oWu5KFt9URiV18Oo79ooWgGLSZD2wcXcdPS14gT5Ad8gs7/vUpxkpZMKscNN4J -oXf7OHwvYUWf3fFi8EaXuOSU69JxK0bLOujWvt7USDH411lmUGHviQEcBBABAgAG -BQJZolGRAAoJEGKe+O4Mi4MztNwH+wZrG8cINfVHzYyhmRNj9o3N8JMht6nVyEmC -lF3XD8xOprPHHN3U4Ggkft3LUegGk5BGGFhGyWkPglChaxrgBCAUJRjzPfwOw4dC -azerbJHTCJ9xSRzuhoBRK41r2HTxn4nQrOxrWnej5/raWLe2Q/AeqU75VgeAtc79 -urtNWOrU9RctYK0ZZKVjXqiDKocHuBR/BZ993StfK2AyW3LAKl78qTvcYzKUhBgK -mdASAcKsEOCKmiFhV0RI3uXGu8RGg/4LHM9kJOpYPXRIUVIfsWQ1d+3tEDE+K2nT -Fd/aToz+F3PWLVX0rnZrn6VdO40dLnCtVIHWL4rbjoeTNUQ34l6InAQQAQIABgUC -WaJR/wAKCRDAKcpAFvTM6YYwA/4+TMQoBXLj5tWJ9x4ThW57ayNkHzZgwqexVDUl -NSi29/lFnK4zEkFsjHOKJqRh8W1InR7nLiTdpOfBPjHfNFz+k7Z2GCX/pV1+G6Xe -DYeJAQgyvIS+AOeDTMoOKYV+u7INS2B+bW+Mlnhx7KuhhqrSUS74anV21kq4F9MU -L9iOYIkCHAQQAQIABgUCWaJSOwAKCRA9Z8unyijlpItXD/40NgxAd3BePKaX7GLM -lV8exIZ46GASEDANLCIVtAIzVToBShVvsN0AXb3KYRADYHL5oWFZtNcJtFu2430E -hYuUYQtzRetVVBkD6+ek5DPsGpUG9Xks1bcSODk7fWe+BzcBGQWtQkPGgwyMTUS5 -AiW9VjHDSsFXMO9VTeRWZ/DMBuhtVz84H+jYpNOTtA5gjEtkrxO3CiOAzj3sDLEU -GAn18dVlqpcO1KOdFZRWqjKhtQ9R4CA0gRGya3OFH8NCoHcmPyGRgFfr4kkoXjB4 -nXTFg3ds3k+JhCD3NW9xcxrMcMNucqATeNQKIS+9mkPl62F1YFQMwhDzrceGvMYO -riVnJS4SYtkLQY0TFcp/qQQQL9qK9u+YcachODsuyDXdeXfk2tr9vleo+9CRWYpj -6WARzJPIB4qhj7MJHUc0tdEpIu9yHQcSCo5nHLrnzh/vDBmN6eBeEGalGQlVRcxm -XeapeO9js9IOXAX0fjohIB77kz7mO2Hfco8XY75+UzBBO0DzzMOFj3t4FmqC5vU6 -4gJzYSnKDt7nQSXsl+uumkZRZNwhdPM9PWZdyilh+aNc6Zt/LJ7xSa+V+dnoZAD0 -X1QYwrhOBEdHRpTYol6UfrcXieD3xNNb9LLetepLn0wkNWdpcEv63g4h5WTX/Wu5 -ihcfXICAaBZE2t/WwuD+Hg/aQIhGBBARAgAGBQJZpXhtAAoJEMJ4HBpGse/hI6UA -mwSyi5Q8iXGkCDCEjgoDCfpx/A7bAKCza3Ro7fQEn2pnwiGWsuCq+4jWLIhGBBAR -CAAGBQJZpVm0AAoJEJm+Jx1bULCPEiAAoIO3hHEVew6Yg2PR/Hfpm00XUPREAJ46 -z728TAiQAfZjviBJWu0MEPyPF4kBHAQQAQIABgUCWaV4OQAKCRAxTIGDLYIAMiRf -CADWpmLHlIyQfxzOvyis4Hf6M3YFimyXXVdaCcbx5bWzJPdHR7G+Rts8kebq4KU+ -H01VrZpmSBo0JoIDPWiSBXFFFoKz7B8gqtJQY+cJqJEsGFDCmykUTU8qS2I3Qomr -LPbjNv8y5EmPZlEVd1AIBw6Ee5Vke0h7robH1+K9vkz5XtK3TPfW//YkvNFYnh3B -9IzolM2pV2332aCp15Ma8mU095EV1QO1KoWL1nh6WteRA7TAbDSQXcF7H+x1+dpP -jisbx9nWTUczWNq669UkkzZSuLPoEtpe4fSdwUZBc3k99/Aulhe3m3NlMXMA/LA6 -jk3gkcWmL1CDeG9Lg0U4MxEHiQIcBBABAgAGBQJZpXiUAAoJENORlMjCjRz/E/cP -/jfXlUdpds17lL0+mYdmBBYgCNYYc/mKk5+zW2IzqbRTVZZs+SYnoQFMXssr7TWU -6GcG1PzoQMJ5nww3Aq2MKWFl7+N2qF0hBcumKgyirNF3XA98lpb8NKDwJHp+dsaZ -xEliRZJsAOPb8C+ws56O1PvPdiGW9Dpp1USdX3A5HPvEn3i6r+BKJrYuVh53s4Ht -k+zJBdXFk92sEspl25myHBjcWekusRyYjgKGM+dy9ngPNNSNtFmOs6lbM/URFIqn -EAJNamrUqEe9+LqGKZ+P5o+dyU+vTOhcLmA8CA/vnSTahrklq2G9+1QuIWfo7ktL -zBNLGkGklW43SZs3DLmD7oodRQvXf/s9u+5gyoVS1WJ+8fzpdDNHN9X52WMrEVWe -P49kxA3keFLthpAMHJAaxzO4WDLVE5rrwqkg8qmtoPn2AETCFMyJHrJ9nv7Hkh4R -Kx5aENwE917XgV2dflaFG7HqhM3OpAdXbvMMqTwoNsDi60kFrj5pcSAlYHzFFBif -bfy6B8xaMZJhQWi/yFthswGoPEZXzGnZDYqCQE5WqtbkSlqyyGt7Q1kbAGHmQCnM -9TnIpzIDaKZlwwQbBNhwe0cV4sXMWp5lg+Ewfh7DK4oicW14eTmoXSGHPXGaYSGe -o8AeFhAw8ra+FTBzcon9MlNDEcwxLxiwRorMSSYniPociQIgBBABCgAKBQJZpRlZ -AwUBPAAKCRCVthgbLTPp7INzEACsrRFpmb1piqSneAW0X/E9JUGZD8bSVhyHo4Ft -mGXv1LYDfzpIe+1SWVLX51Vkzj0IMgLzqF0+3vi+w6E3nF4uFZJ21gBpAYh+lqNj -da7PT7bEs640XF5iWdpQ1JNlaFjjhWi/k2Vjzg/S145EfbfVOh8U9ebl4hAhXcb0 -BRGqjqN8s7QYzB8N8d65PxztRaTvsSjVjUL6bGSbyFhYGFpCImQADmnvRyiIEr3n -Xxsq8YFia3oqTX0+knnHwABBT1ItLa9nbKrv0GUXoDVCSv1P+9aJUDcns5fJtJUO -KkOVeXDCvGjimsn/QBtKhbxlvAWapPjTlR5dyFDKe82LjIZ/F5rwcz3jczLJSm6w -TuDXPfkqndPwvFuQdrUMJepEKmrjg7hsEV7cuVYm4sB30lqhxu5ihxtxKQ2lO+eX -kOgmagZLFZABbOR7ggn/+oUK5YHqQzMMRuyIiz9HqVomtUdQbQe41d4rMM1lzmdM -YalLDN/HcoUB557m+dlnVmaOAneC0dXf7KoQBo/EaKRSDJ/+hGPKHBZy7o91/+6Q -jjitL5YihveTva6BKFvL8JkRWdcWPLrlb5pUyFLX/JVyMmN2ti+Rya6PQXSvM6PO -gBMPNaBgiLOXrWXcY2k0mg98D4OKQyQeZwQVtUJc59DsV73N5PUsvBlkZaXVSv+F -i8f9XYkCMwQQAQoAHRYhBBLAtuJbqa0s8btLQvAK9urCRdILBQJZpRhLAAoJEPAK -9urCRdILwjcQAJHW5S2/CCfVJJmzizlZ3QJMDp/hAcv1NbDbCP8iiWA5QGis/zgF -TXWatptQtT7FRDvgrmUoS6jF3TBMoDD/lPzrCECrY+4U/p//a+BvH7x1KlX6TnNb -QiWJByzK5WQ5TKE4xPz8dmfbneXgJ42jkhovUAgKhiRxHTQjlbXBYCyBJ50r/had -uCWboyCOk+jJFCksP0z+vFqBNyrorDVr8lcGNeLR2etf/RcuDpZ7L1yf1F61KtyZ -hUyQxX8I6gb35R54mBkcOC7uOF3e4OIAPf38xuE98zhQhtDVriKD36NHDO7QXI+R -EZ4E0eYjiqmKEOZW7Mmjen3s9X6ZstOaYzQt8iPj/i69GX8HV99RwDrg0ryANMok -E2dOPMNaBcX7H6Qi7V3PAdXoIsuJ92V6TnfUSD5wdXbEoOh5fAgpEJYlm47sewXU -XvJFceK95yNTAngcFHsDg9AeBQOABqLzIy6A0yhgzphxamh+vWS+KlHWLxOMgF35 -8kQwx4O0+1Xo+fDM5m6+Og32eJScGSujFK5it0DILAzau46qZR2h9pmbaB9QwkKW -qv98aPxMwkbIGB4BMEJnoQWWZQwwxTeoZoS+j6062r13u43kh4Apii0TO7HdjwJr -kb5MwOufKf2aaV6HcLIjlSkZmSB9vZow9+SkC2uOYQqmBZhwKwmNnnZiiQEcBBAB -AgAGBQJZpiwfAAoJEBCQryClqlvmzZAIAKFGn9RgYBzxwjMj48TmBn8vOByJKb5y -On9XNT4p7dwxWbDdJdLOlrJ2t0sEXzyKV1bfsQ5/tc0NaG6j+Vz7qTVaUb3QvMix -q/Odcw5LKGKnoK6SXbOAa6ixiHOU7JTob9qq/wvLnAseVBZWM0BYuD5VGgdqKivS -fBT2ciJPrDBJG88Yp5vuS/uvScy5K0AjmNEPNg7H1TSFsQOOzyCxjRlFLQqEMOfr -jGHcF5MlFNvcduDrhZ+sHzB9sQFior7imUr4GJl1MASsAk7otcZEfiFdcvMcBzHs -MvLFbU+g6FO15j88IhEnp8FUzwWpEEXWplcQgEUIpORzD+lJahxexAGIRgQQEQIA -BgUCWabOjQAKCRAJp6JK0eWCB7XjAJ9faeCHSPB9awP7h1Xp6I2CSjcS6QCgmME8 -cULPh6dOMOL9jwulW1i0upCIRgQQEQIABgUCWab/OgAKCRBPLNPYJ5PPLSIJAJ9r -s1JSV2iYGJNASca/rNpck65O0ACfbi/E4QHzaDAaSlSxO5KZcpJQx2SIawQQEQIA -KwUCWa2SsQWDAeKFAB4aaHR0cDovL3d3dy5jYWNlcnQub3JnL2Nwcy5waHAACgkQ -0rsNAWXQ/VjFZACfcjrjVBSYjwqqV50y0wss3z5bjeYAoIXtjI3BqtNxMMHYoCiZ -sm+MP3oQiEYEEBEKAAYFAlmwoDEACgkQ5r/NLxCBo3x8owCff6yONZoxIS+fJsEZ -rxMOtPQlqLIAoKRut0QxCrvk6h2WjVlo5qAB2HRwiQEzBBABCgAdFiEE+Fo4IENp -9xo01E6DSYSRCoyq7ooFAlnpOfYACgkQSYSRCoyq7oowrwgAk5MKKUPalcvwI8Km -eeLDnZxmM9pGpqdLPxbaSIdV4chRWeK119ztyOtPORFyYWQEb0CqH/Y3MdqIiWw1 -7lo0SUYR3d5gFkYEE9L3IPQhRx/TTHgaIY8Ai4uikK8KUdTdZLzQ/ns4TNM/7eAp -2JJF4lb8j/9VpTUEtaeg6cOoPey3mIGMB/sUg1IGpGvoAoii/85OAkW8SX5d2T1o -zV34uDY7uRgVfenR2aesjmL1htBTpfhtzaIpFSFqXrkC6oiW/Fb/22DAnVAkRC7s -YXWTjuDTOowwnZCiYyXof6pAmaLYpCsyZvo7A4UTyT1irjqbAVn3gIMVjOcJ6hYy -GTNs8okCRAQTAQoALgIbAwsLCQ0ICgwHCwQDAgYVCgkICwMFFgIDAQACHgECF4AF -Al1j4o0FCQeEEEcACgkQe1KWSO6FcmQtGg/+IHHeSwV0BTHLND4wW01k04BB+Nr+ -Lg3qKWsArjrbSaj/VlXCURLmoOSez8bqfv0Fa8vn5i7qygOI/TJQqLeUCMWWz3G/ -kq2uV0USIv+yQhlJyVIa3yi6taeo/DR0i+++rM1OXVHub8pgO6jhpfA7QCc0T+JO -OPwy/nUMZ/vh4OTrlJ074XCAmVrospG4lCafqG0tRkUFe5ftKsF0UFadW5WtUKhA -2pjc1EZg28iYGdAfd7iLDb6DrstF2ndd7EV7zMZ145yb14H7SBEscPzbU0QkjK+D -2J4vVpu/PhhW8NhcPlltXb5BiCokF2fwzYjGxhb4IJzigTPIfBmS0K11hajlU5Ms -bITRWINkvy6HFxo0obrOV0rC6JlxPuMKjzmCQ/jgcsWWoS6bXcVxY+S6Rwi31rEn -RSUqRgMt9emfUaHGEyQ7y4KSqZFu1Svq2cJP6PssGvlfVr1GKx65TnAxAuNETUrA -jCBBfPUM0+DU9XHLNs0kVfqhwQZRc2O9yHVIoRjSIqFcr1Iwv2dytCJvcYZQ7bGG -fyHvS70wm8HkuKYWeiQGXZPMSHRfx+Uz/wb+9yuQ3o6exEzXvCCCICSvSSVwaiUd -Ty9L5H9i1ME1j6DVkgIhxrMFvVDF677jxfyO/HJGbLCvqm2OPMNoQagzPqEhMrFN -Cmnq9aENYE8aGLiJAlsEEwEKAEUCGwMLCwkNCAoMBwsEAwIGFQoJCAsDBRYCAwEA -Ah4BAheAFiEEKWyU29AoAkW/05HXe1KWSO6FcmQFAmEie8MFCQlhdg8ACgkQe1KW -SO6FcmQKzw/+JTLjTRA312lVBVIZx78+n52vOwTuJHDFKbATrwIyGdZRkoeuBN0S -m1zNi27ZQsYJwd0dp/Bvik+2We678BAGMudNQTcAcpoQqGOdRdDdi+ssV3oWky2e -ArO9RYaIzJe7JhAbrGamGGmS57SvOds65b0oY/YQjQt15MaI+GXAYcx4CMJa5nlU -67y+VR0MPZXqfbi+aR78umqmwXC9PKrlv4NJqh5NZgRxw39bVNuaKhlgj2nfDW7U -iMmWzYFHfgkqhiVToAUASoRqU+CVdXReb8TfuMRuB9e4OLijraUDZV+YauksKOS3 -TOMx0C1KjGgebIlkyLNG+6lOJC/4yal/eKA4OLTURjVAieovgjXkv9i/80QO61X2 -sNCHaP0xNbMbxJfgpWpES1snmajIE+nKU4M5A2+n7cRtT1Is2ntT9gMJ/t1+oLEF -mH2JZw2i0y5wCptP0oOsMU9jZ+cmL+BCJXlHzY40beQYQUA18QlY0oC+VLowKdiz -SghPT/UCyS7n76IrV6X50ybm5/eFCLF7PxvzWhMVFA6ZEYmPsPEiJPriS6KwbCCZ -jheRJHdNtfoHrGQPLxQH0/JPUO8XkB40AeoI5RAfhu+YfcX8q1/CBr1PrQGRlwW9 -/KDSL+R5k97xoTH5yxL53W/YfFWSp2hipcrULU1v8phMPKaGk6jHVSSJAlsEEwEK -AEUCGwMLCwkNCAoMBwsEAwIGFQoJCAsDBRYCAwEAAh4BAheAFiEEKWyU29AoAkW/ -05HXe1KWSO6FcmQFAmM8kfAFCQ1cv6EACgkQe1KWSO6FcmRWMg/9GnnNtfXTDwDC -wM8Axaq6qHpM4m6AefJAxt5X+7UiMm1/ubmuXZV0D3DXCzxZA1UQe7OiRhxDHgMw -0M+81ytB52fKrdgyTIPEkzKNtofKMhAOLV1b0jbJCTT55SjRvGCzFIWcEOX0EVbU -cxlXfFaXbjPlYij3SgK/vvpIx6DmvOTfJopzht1N7Z1gOByr4Oo0w2Odr/Z7BJ+j -/jrT7QDphxbYqYw1HfehRwG3+lMBbgnHTvofmv/NU7x1+jGHA/3HOpRiUrRzCNlU -iJbuERUUAU2Fik8fhgiDYOdHngI7aHhqAJRb8sQUoGXQG0nf7pZmRZm6i7qNX1Qo -2smXwfB2ZMNat/2G/mG07KLuDEjXlQQJuyvvECN5dnL9VIxQ+2kgleX80OWvzZoI -J1TlG+bdZ5M85jpAk7TYKSm7lETtQzgbEbDh0GmcvONVB05TO8EMEVGQ9beGxQum -a/SZCX+3ggbbrK05lGKroXCXkWo+QltdT6HXPCx5wXuk/MFzR0wIeoeNZ1dSbsR9 -doG6mQf3EYjUiDlnArJC9G96tRt6jG6acks+HG5rVEdminBUREpYbm4gW284dUSf -aQaykWdUeHM4j8CwelpwaJDZJN7ISn93O89M2gH54WEPKdyPxUtXNPz+CNYtNGfQ -kcLfrT1kAOkNrlWY7AvRxBkPXUCIOoi0LEdyZWdvcnkgTmVpbCBTaGFwaXJvIDxn -c2hhcGlyb0BzZW5kbWFpbC5vcmc+iQJEBBMBCgAuBQJZok0xAhsDBQkDwmcACwsJ -DQgKDAcLBAMCBhUKCQgLAwUWAgMBAAIeAQIXgAAKCRB7UpZI7oVyZKQVEACSmgJk -Ru2lWFCsrkEw2ooTDurJ9+bBTgcliAPRLd1Yq4ry0O++Mbx4oSvXc9bV7WEN6DQn -xhwqi3oykp+rD37+v/0OLJwDlD3/mJOFsDsrC0+h3xRI8Saro7F7zrOb71olfj36 -NvBilSb4YlDpJsv99EEE85gdCL3dHxRfT5AfU04EScFJibSQVxzdkpgxifQRYVu2 -V8u9RaVZVneGrdlfCc3jlv/VRtc4zq4K2vyAMglfRnys4TwCD1/0uvyQ2pFQ/QTX -vfQb8COFFnE9o39B5Ry3W1zaTDpwWYjALcXrogKYK1psJaT9qcSE/TVevUDgOoeC -Q8QkaKm+Fgf7+Nxqs3mS7twIe5RN2WXo7abZXAnu94wOOHYz828Q8+A7+/+zA1+t -EYl/pWFoUDOCJNxzePbqw7lSfoypqJ9tOdLAM2kbwYoRe+fUQawqd+95S3yI91LA -XDI0ZmRn1mvICa3Ubngu7pLBv5CpXpNdinO1FauCiXFvimDdjG1e/iTHZwy33qO/ -3Q+VOXyvoXp0lEbzSiC8sd1HEuCleJTnpWs/IQypNfMVnsVn4X5rBE76kZDxmLD1 -iPhMLxmTC/EQTKAKS2IKEx9mP8gLxy7wDgyY/QL1JMjIa/0VftYH3fdrmB4uu1gZ -A6a8dzzacAolqO02ox5+BcGUU0ZdbRXgXMe7TIhGBBARAgAGBQJZok/LAAoJEBj1 -A4AkwngCcB8AoLxGcTOq4bEFabIrYMqkkfi6iwJ5AJ9iVGGY3onU8i0z6Fd1YPGm -SIA2ToicBBABAgAGBQJZolAvAAoJEL3aj9Y/6n39534D+gN/XDpcdFr2DSuibJCY -j3DqWDiLjIK29oEfRwt0CFwbDuW4aiI0UskvObLZVCaxT7hmEt0LWfMnpmcPIL6I -x7TeoVfmY4tgT9+rP1g0bc9Eob6abqJL3hjeqsMcZFckwKktBVynWlWJ8tZj7MFI -QaP0hphdJRFrfPdHs7eKYqiXiJwEEAECAAYFAlmiUGUACgkQfEtnbaAOFWOp8AP5 -ATJKdpYIrFeRSDb0dPNsIup0nX88W2k+HkotR8ngEHK7fE12w3YLUBPN8KUJ1iB2 -i8JCaddsviF68fJev567rOqI76RtfDMBeHl7L376ylZSQvaFk0ja+8BRwPbo7q7c -GaUmcc22xacuWSzNc97nbbYb27/3OrBXgBzEY2Xof7aInAQQAQIABgUCWaJQeAAK -CRDW4KH+T74q3Xb1BACWIOtamBVa7K/v5fzOwlJJbL/oLz7cl2esZVdFZ1nAk/zS -xnPxWqo2MzXHSwIy0vhqkbUOfCB9Z8WQYtFdA44QqhdM7l1kkyAhw8TJW1i53h6g -qUTBHvEn+4M1CSHEI5jIM69uOb+KuFu2FQ0OG7qZAjutfz2UjBnhin0Is89a84hG -BBARAgAGBQJZolCNAAoJECH5xbz3apv1b/wAoNAdEnlE29vNDEhO9Ngma908Zj4J -AJ9rmi5VbDV811hkXLw8gS4BII+T7YkBHAQQAQIABgUCWaJQoAAKCRC9J20ub8+o -hdhpB/4/VllbCe5ln1MsIz2+sSQPfvm42UYgxY/zhihErFkclG7LxynWsrk70Fdz -LNQfdu6nIHgbzlBRRkqwLP75yjsWIjzVb2F3UXL/DFv+bJqhPF76TdFqMsCDazjj -AJis9cVqlZiXv7SIWnYRtsceZ9wv0KZefLMp6XSlHANYecUiPeRBXuRPfR/oqV0w -eBbPg7SRGpiocXT5VSoFgQT9muVwLRQRNFksDUL95PMlpjvPt3ePRaa1wlsHJhKJ -UHa7uxFk9fOVFGwdu2TcpWDkAiXSr1KZb0AsU3/JC0KHn0UKygmkMikg5zQgqFGY -AWvQ+5QjgjhLCg+3NwH9FyGZhiHeiQEcBBABAgAGBQJZolGRAAoJEGKe+O4Mi4Mz -+zYH/0Ogs7vcMAWYJeTJgk/hma/Qq4vs3tY6l9xEz7QdOJxWob0OuHDlxfVOiOT5 -XzIjcUmkCZAPE4vGU0oRA9mm0MJesl1eSp7Fuls9Mv/WILlpTR9AT6AXSS7wlXpa -X6mR93renlNeT+HVZOoh+H5u5iicRBcjpDY0Etljmr09Ma1XTlJcn9xvRs8OG9De -29VMuMsaM8lbDy71h9PajkLT9ipivfN5fJCPmv1fHiN3k3R1lnouG2w4JVKOfCj1 -X6/MOTBCcxX6TfWbqjjbPV3VFnnQafFWOJb1T1V6ITaWBlWphgh1zoWXY4w1kMkA -cI9eYjAhRh51qGqCH+TWjApnmCeInAQQAQIABgUCWaJR/wAKCRDAKcpAFvTM6fa0 -BAC2v/Ih2wn6v9BHRgLVZak1OQfjtxxPZLCzJXxisPhalMAyMQxLJrDz2CesZdrb -yc6qZ6Fd87Ud2gUD7TCyIA+ebOdGF3exAvhOtmP0BkrkDjjqhspqFCXfTcKkU1NI -D+VX07dEGzpQAY8hco0L1R813NRJVQt23YLLStphCF6DpYkCHAQQAQIABgUCWaJS -OwAKCRA9Z8unyijlpJYkD/oDYZ176hzDUMhXkc2OjkO7RGfDGld5AKA1YDIaasBp -k/zXqhrtnOFpsD2dw68rjxeEDOIwoXa1wDnT0CAP2MfXKZphvTN42UG+P7OmCHJa -MMmz3NZTp1mwLALS3LSlD0brcVqaj8JE50LE7da0ZDqsYBn1QC2y72MMOjEkkVdL -S2Faet7WMb38YCmZ+S2V2aO2sxu8+eE3QbtrVqtl4dViUTmyWYHnncqVHFYt3Bf9 -GNzdI8OmJEJtw5FvVRFvLtkjOwTHYAVTHSfK+DE9HHcxvMEn6JwRT2PhQkBKZRsr -kUmGaZ0FgKlVkxDSd84zjnwKMwVdr+HNBM2pM2edz1u2atoQ21Ah1zsMngouZYvX -nqWqg+ww4XiRqj3AkSIOZYCj/2bVbIAAsidy4SbtBSbLLsE1k5R/m6iKVNfgQ3dT -IA/gG1kcYKp+cNV9GJMx6ALMNipdaabnq6ZphIwm0bSNeqBv/VOitiKeXbZiC8w1 -Ilq+cdhtet6/eDQS9srIhtwgPZTRR/fkjoVHRfY+CMQj+8efef8ITDLnXboJb3Rh -kqGdvQ3qMzam/BgGX126pH9j/DsuJbZL0p8kxknXwpR3i4KvFB8xXAL+vxxGZzIR -JQQwyRrheDSSy+ryjFYQ6bIJAiHZa+c8G6udek6LRSBMyd0FEmjBMUGGeHAt9DP8 -3YhGBBARAgAGBQJZpXhtAAoJEMJ4HBpGse/hKkUAniUqkFWH4jSbCwF1nn+Cl687 -52sCAJ4x9KoEWax1Wue8hziRlL7sFDSIrIhGBBARCAAGBQJZpVm0AAoJEJm+Jx1b -ULCPqKAAoIy00L8jVv2TYOyMu79Brlyi8AspAJ9ie/Tsl9TC7bNxLN7R7EsYIpOz -ZokBHAQQAQIABgUCWaV4OQAKCRAxTIGDLYIAMv5EB/wLnlaSu+BeYUJiT5URdW3f -NZ28gSr5jvqXNlQdFr3PtQhNXfHxmpRR81Jhsk3Q2vhAUf3C7p8HPCBrJ2EKp6Tk -2HmBpBMCpte0NJFBoItzOLJ3b9yvIiOhk8txS4G9rqHieJhyiJfG9JBn/02rL3SK -DrLngolUYA3tkLUH1VhUfX79UTWTjTO7lUoQKVSggMwEgiE+SevrQcPv+RaJuYjV -Cavb9G3lxAmV76CV3Uk2sZMXcs8IJcMHhjzJP75ShDcbsi/R/BV6vMmNmkE4y5Bi -ckT1Pgk2d3ysqgzqIrNMd4MlnBl2+ED0+PTffmEbt3lpkMiNs8yI7z0vllCbi0Mt -iQIcBBABAgAGBQJZpXiUAAoJENORlMjCjRz/r0EP/1gB9eDks+6VUdD2o/Dm0QM+ -rAdwkCIo2cz32d9vXfS2DuOlwVB5+CugKW6/gosE0rXEJC1FHXuPBTas6KpzzqRP -iDHnodlJhZzIaC+zI46uO6eCKsSmUxwxRuWlQYEo/mGwRAIRLLcLhweYbAzH7TcR -AajWBxdFIGJ/DpRU3E+75KFEl7u7UJap4GTbW7/6rdqCx5l2Ojmu/8aXMIxUGTpT -Ey3P5q7KdnN9r84D7QnCLVixkHZhQYFr9apcpjnwAtA/JJ9JZ8l9j1jtuzwL7nm/ -hgvlHa8VXzKXe7HAMFidZ1C9JmmopCVShZ3L5wsK5rsR5N1pJw0UDM3oNp68+OIF -w7XZ/2hFMOBoY/gwW0B3Ocw+ninmDhp6stQTXRSA+bU7DP2N5kc9CEUqnmqX7VFb -dqdbCr6UQorptNc3V3WlLb9eiI0TJ8rb5emH4sLbnDdzqP5kP5dUrv7WCZ6tu7cG -SNjGGL0gdWJYTIl4ueeihOtvo4DBupOSe1cAY6+wvbaiS2rQiVG4HMjbm7NEmMqJ -ur5ByCf8/ENJpM7xUnu2RhEIVedKUsa3Ht2rZk/zvvGSbKpzPghJ3tQ0BF3HO2cB -nhfHeSnHMUn2wGp6fM8ik3YjLhxpAibJ47DKfDwWza5LOShuXbxO8qH45DaDeRkI -lylj9fOS6PjsXxlkzJT6iQIgBBABCgAKBQJZpRlZAwUBPAAKCRCVthgbLTPp7GTl -D/4vyuIGY2/7gRxdiq1JoGrMEDuwKkvTMhuuR/nZRjrmP0zUchcHTH/RqJeS61vW -+RQfwmRJQogJfaMnNNR7GoZe+fhxMQmXXuKRX8l9GVb8oFMRvZkqZwUztwJu0Sh1 -aAUTcXdSbt16mMJWsLW0jX9gNzjZ3w406bJ4tucOy3LXx9eFP9gh+YSeiMsiPyOf -AI3TqQ3X38wSxFQNVxXBUxCj05Gr5afiFLyjVCOX2ZmJvYkPpJ0S5TxX47eLc0nd -GphzINFmKM3QZ4MxBTHPD1UdHygnlGTKnA8bnT4a0qMNwcOZ0u6msnlAxl6EUldt -I3b64Kn6aXdY1xxh+TIZjNgx0C8UVKRgYWKgbzCz61Gv3y57hvFdyeutuIcUriu4 -VA2aeOfBNONRA7mW4+3JSlH5UzOYXZRpBliaYJ3w7T40Qx+TRdKQP3/AebSGxVKL -3GVcLaanfTdZy4jqIZ2NBM8ML0UzjRYFyyZrT9fX0/6D6TL0CzyiQ0xjQdsJZ5Fd -yiMum00vrA3pBDDAkDGdonAoFS9XQf9U9Hipx4A8nDe/BBg+mckiiEQY3dVb3FIb -xiITbgJvC+jITMQQfXK5QkQaUsFpOwlKbZPVrqLZhE+GQyifKLxKchmHvyoR++mr -V+zo/T0RIQ5aHdzfiYaoKLaoHxk7XH4BWCLSOZa06scMkIkCMwQQAQoAHRYhBBLA -tuJbqa0s8btLQvAK9urCRdILBQJZpRhLAAoJEPAK9urCRdILcL4P/2DEmU6XHwTa -IJ3Lwa8U1VZKMj326KhlMI+eceZHuPXlmOWaLQuMKRVHCohbjwZ8646OleTMCgCr -8T/wvRG/QdmoXnypzqCQBfE3MYbOE/yMv6Lb3A6AQ6EAwjddZ2cxxZDTZvMMvRXA -1zDIaUeASsLRwK+TS6F5sXPMPLt1tw7KGUYvQE35uC8plfEaqBTfa8ZgtkKPxSrf -JOyWUGdyYXmEORN29Nsc+E2c7MUIYBXe1Z/n2u8eGd5oHhlI2ssIVZEdCof3kUUE -trOJLIrGjjIG7dtiuDmaIv1z22g4FOySDQ0b4AfzbAljlD36Ttb6iFgJAZVe4SXT -FfAtafqOtUAoftYQKMSCD+fsOg8nuXWt/yQx/7FbqjkIoGvVnYhbem8pqMQYvT3m -LtXoL1S9Lb4I2Pptxea0giOK3dIu5JGpfg8O3S5VF1mCR3k8WU9ZPcIdmy6z9pkX -8IEUJPd4Isau0hc3m/AofhT2vef276IhaD/4E6NvX2XM7BDVvgOcQRMJAd1KDC4I -918iWVZDSZ9OVgkubfZHhOzuPvnU3LrtrYxG94WUwxW5bMi/7c0XgGHV2AHIXH/R -rJouZKy2sXCDcnzqnGmtIkEDZSZWhAhVI41MF9VoHd4h4K8iOO/ZP6ny/Cn08KnY -3rTeakgfvnN+a3AB+d2Z4SpACoGGjdxdiQEcBBABAgAGBQJZpiwfAAoJEBCQryCl -qlvmhiwH/i5cjBv+v7ICPT7WusSHcsj0i0klF8QBHVAstq+ekkN7kDPtoXE8CZ0/ -CeiNK7jyskpvDPz4AO54Nx+vqqpmmsCoMDl61p5LGQVsv+2x1e4xo8bpul2KoUqQ -putsNajW5O2q7VL6T9FAo6I1d9dR0WuQupWPAoJV7YBZGfW1FkA+Q7y07xN2pzeW -6ORR2QIu/Yo8tenuRy4C+3LvPE/TNBjRC8AgDFqM18zd6q4Cw+tst6+ik46cI3Ij -Kx5vXJ6EsTLY/XjK6KR8b3rZvd8UhidAFLrUDdvsI44NTGGplNUqEvK4FyL4QW0M -QeUGSIjDnkt+kweYQzxCei5VHfOt6M2IRgQQEQIABgUCWabOjQAKCRAJp6JK0eWC -B2FYAJsGpFvlNVAFda9OeagcAqreMn2M7gCfaRkENL/I4I/aGgZ3u6kynTmpIdeI -RgQQEQIABgUCWab/OgAKCRBPLNPYJ5PPLaZ5AJ4zcReHDVE0rPNuMrCEp5Mz/Dp1 -NgCgh9zn/uurrFhfj5ZiXtY7XLYNMD6IawQQEQIAKwUCWa2SsQWDAeKFAB4aaHR0 -cDovL3d3dy5jYWNlcnQub3JnL2Nwcy5waHAACgkQ0rsNAWXQ/Vjr3wCfWpKk4poQ -wKsWTKO9DB+AnL6cJmoAoJvkUl4KCYx1VUHcjEz5pJo8F6NQiEYEEBEKAAYFAlmw -oDEACgkQ5r/NLxCBo3wblACdGhZVebqU8yQ8A9h3mL8otIp48vIAniJ7EUqpdeMc -PJRdzAGHu9f2gwNZiQEzBBABCgAdFiEE+Fo4IENp9xo01E6DSYSRCoyq7ooFAlnp -OfYACgkQSYSRCoyq7orAvAf9EEWkp6cpgfGDVS+uP9DnbUia/14TSpwYPx8wXm6q -xdiqs4K9H6VAewAqKHMGoAOQecIsDwwlgoHMpP9802PDbqaQjC4Njf98ExYShRmE -jej9kUTNrEKqRLUiGoWEongDXIjGkLUL8eP16S5keKfE6MDDthlTEDwM2TkLT8zV -sv7RLZc+NsrK9D0IfUiLsXsrkXVixJyGlJ+FpamV7n1n/2mabIUGvTJNmSsa8ilJ -qdk2WHPnC8skA6GcZiz1dukNsVG1FlBroodDbBNZWaxC3ipAWM2PsQPY+4+YRGbS -nwW6Edv+YNaWIEW6ZMgFo793kcbUIYBPvZqXNrVKmyvgd4kCRAQTAQoALgIbAwsL -CQ0ICgwHCwQDAgYVCgkICwMFFgIDAQACHgECF4AFAl1j4o4FCQeEEEcACgkQe1KW -SO6FcmQCKw/9H5LXwTsuRemdo7nDWHnU1VEA4WB3wjdJIZNJKSIOVMOQXU/zNILz -wyq92pn9xEJhQDAvoGzHEF9oSItwp2E9zS8Xxq+cMoOiZukPqRVPBispfXJMmxCB -FwlOi1YrLQe7f1WMmYx5+oWBH1ACzU/Upw/VZy9apKXy/JVs0koI8RSW/LO/8vl8 -2UoOfwo2S3YyV6rmSipJnTHdojJo+aqmtHPgIf4EagldK+Ue7Q/w2Y7C5x0Jh1z+ -oQN7YeUVokN5VN+10GaWSLorRX/tjJBkOdiRVDk8zsg3AT7XTUaQ0W3uzuUSDo54 -nVxBwxqNmYQ8m4iM+fuRviAuBXhekyTz3TYGSS30gQ0qFaw2LwPVbhczg3CKIpgf -JkGGqfd3ux6sbCaRJBGCm4Yk1rEx2DWnIZFbGbjBo/Nol7HNmL+nBvHXFyOMd6RO -L0QHgmhtWgq/oJ6CUGghtndFYZeSiYgV7bw6CE2J36ZYlatUSqTnJIfQph7y1nNN -xT26ubHB7GkvleoudRAFUqoIIcItNCP0eAB7By7jQwqzYzlci6s82bNdQ5RLqv1t -i0FqzVSqXhqV59hy1mYy1Up1PJN1Z3HXzrlj0vTZTZEtgIgZjXLBWtjGQrt5rMZv -y7cCQu1kuEErxZx3dkFvVCqzsQW62z65rzq9Rpcr1EeV3fCceKha2CaJAlsEEwEK -AEUCGwMLCwkNCAoMBwsEAwIGFQoJCAsDBRYCAwEAAh4BAheAFiEEKWyU29AoAkW/ -05HXe1KWSO6FcmQFAmEie8oFCQlhdg8ACgkQe1KWSO6FcmRpUBAAjbtaQXz1splo -nm2NX8c/Dm3PjmzaOXfITmdSmbohw2yxmKHClX91DnKcc7wJVNGDg6cVUmYzQ0Il -4/WfarWUE2ThW+/7GEhpLIBfgiWK7mnkX6KCdZ4WwebqMuRyiPZEU7OZkHA0q3ke -SLQtRw6ADLiFNSRxwY4kMElwZaTL6NRNa2eVUpfdXV91g9QXxtr/h/seIL5lBdnp -wOCrOLecy+79REOuZoWMqu7RyupfECrFEAGtFSso8+FYZmxEx3KBmXIbZgOXHwgT -mMd/VN1m1LTZ3UR9iqOa9y7AbUg0XOavjb6VYexEw4xNQLhh1S6774458ylV6pc6 -E9ZbjSTX94B4s/ehXTMZ2RvI74OrBS2gZluTgpDmePD2ThVCcbBRxilNMFqEZvaN -tNarpuoh9bZ0iWdCd/DIiAhFhyiM6vtuDEPrbStdL3aj25bm/tTXZCWodwru4/Vt -buvoPJVIVGKryE4OWYQM4PRWABPTxsl1ZL06+5HdO3gZlUh70x6wSGVPs2NwSmBb -QrvhoMnxHt0mUF/qSN7Dy51VJeUfN7k4vZevwG7SMyhS6ttwZW1pLMdFtsFIwXpu -MPIkMHt3zgieFQzsT79VEVHrV6bp9yZgVVJsO0mQXF2hB1q6Sr8Qzz8mq17Hm6S7 -7kkuE8doN9iMhZkbXmlvDd/O7B5unjeJAlsEEwEKAEUCGwMLCwkNCAoMBwsEAwIG -FQoJCAsDBRYCAwEAAh4BAheAFiEEKWyU29AoAkW/05HXe1KWSO6FcmQFAmM8kfkF -CQ1cv6EACgkQe1KWSO6FcmRHsA//fl5PvUjspzt+kOzWJCQ7OD8FiQRPT8jGUjS/ -lt3LkT1gi+YO/9SOHxm1DtMLxqe457wQN1F1VRvAi4tk7b6hPqZkWsMQJizOG/c3 -1oCzb+8BfeIqXlM/wRg9GlVxJy8WjrQgQbfHkBcCiugzwCWkv83C0PyyWaJGIAyV -WbORjEFSNohVmps2122Cii5oBaoaedr8BHtYVjl7EkJMf6v2wbO+kJPRbeeIu1sE -rz2hQ5azGPKA8DZLpSYf0EM12hyMXUxsUYsbapD5d0GCPqoPlbC2beVp/QFNXdvX -kdslFb2g57kHC0uywiSit0wXMSDB5ulmMXYU/5Z9seGhLgtszPjijgOK1J9cv+r7 -gSD//SNuHnzMAFq/FWU0vfRuK8C0hDHKtWT89WgwnfboHvb8HC/JF3RE/F/vMeAB -8yt5pobXTqkkGhDab+ZA/e5l9c6ETZ+CFyZsS4E2IGL3oIZ4DZDqljL8FWxLRwqP -lll7XVrVL8gPHLp1VRr68X3v3QVhkIC0zNCuUSn2EimRCEhE9YNnWRN6phYAFifB -8Y6ARGFHikPDCs9gD30N2Sqf9i45f94DrkVsau8F8zA9uUCgigjlKe0Z5HoJRJpx -UkvRPzFhoqwK+7Y7TAVKjbBuyswx+d3JcEbW0DJM7rnptWllI8vrQ7XS1vWwyYKF -CtPWoVO5Ag0EWaI5LQEQAM049gcpPc7yXsRTPGoG1Z/DQRt9Y941JS0/lPwP6fu4 -elVsIpe5hW4/M+XAKLV0PLWWMg8U6fdtDSLgFPktULDJ58cCzzw5P907vUWE8jSJ -byp8h+A4L2Vx4h+3QKn3czzIY989oYG6IR3ofG8kzeBwYySzixS5HvwC1Y44Nfus -4TDchL7tlcjWpTThSjEf3Fhhj3MlpwnyGf0Q9I/ueRs40+1IznzfuBURx0WxXNhc -2ppvbJPBaULKSvgzR4EjZxfA6F2NJQGT7FD7ZU6oh3iRPUm/ys4sT21koo2kqMG9 -g4XLYYI1/7oxgsnBlK17vrWns9ScXAe6HIyD/l8YdIwu/jUdRQG9+Ucr0Dcm7j+F -6BMwZuZ4T45QubqCB8zt6e7UJ6h7+zNAMbtEfkwJRGSJtj59dJ2GsNHnMz9XIva/ -8xTSI3Y5QRxO3r5tF4LG7Oe2REj6k5jUZvklJoCNlf18ta1xzv3p9RsD6qF3czza -U+O3nqW4e1z40oYJTG2ABezdH9xIapLavoNmDFwiN9eR52GF7tNKmUnAwMKgwJBQ -LifT07m+UxRiBByqg+KJFsRdFIgvQQtkmMu5Cttk9UcoBEcICJbu80/0HvgDHUr6 -Qf6xM23t7bZBIq79xo4Q9FOtTkFimQx/L3JZjz06tJFndD41E68pBLQvjCGK9CnX -ABEBAAGJAiUEGAEKAA8FAlmiOS0CGwwFCQPCZwAACgkQe1KWSO6FcmRhNw/9HY04 -8ZhSDfLZASXfiSd3qJo2AD06mgSZGWPGFxUB6dMG2S4rO8tjrADww4Ks937+djFY -p5da3dhfwBpdpQRuOs2n/hIa0v4ubgKNmU/s6GaOptaUn3u2ea4Qmi77d6x8UvH6 -kO0QMKa7O5jRf+YVq1Q3s5GbHHVzekRy2Kuc9lDAAXJbaba+PsurqoFE1RpfERYA -aL4qFwB8n9PqQZDnIQfkIl+Uyf1hwIH4khvcbd51+sBGRb3R7B/XVZy49baRxCV9 -rSYeCaH2o5XJd40ob5qU2g+d/QIIkc0EaGZZotvnvXSNGs9xns2chMOso0FsdqLE -rDlq96Tk7Dow0bXFq5tox+ECchOgxTAyzKV38JQQ0BMinQIsJYDncBHTq0W2Ahoq -cUGSBswfn14l1SoicxvMMjTP7ZWlg4+wxUyPr5PIV9WoK30XhVy2Fas4CG0HhhkQ -k+TwqcbFW9zBb3oMe4MXH/gUY7hDDRTx23GCHBJ1z82OlwL6TbAfp1y6859PsXz8 -AO1uY10JY1Jo4dblUYicQXKonuGKB26FlpG8MZ/7Frm7oxQkI34nv6YzfhaqdQvk -qTmR7fAjn+tpBUrJ+XKBWMZSQ0BP1RM6XzUVZYvFMRIs1dZooLW9mgPHPZbYN3cg -XzvY01XdE/ZvMpFcnXi3xKLw1pCGLoWLd3kBZKiJAiUEGAEKAA8CGwwFAl1j4psF -CQeEEGsACgkQe1KWSO6FcmTs8w//e2AvnkPeM36cUMXqZfAGd3g9r7bL/qVoF32r -U372g6pHUkEaoxLAWKSrS2a2S6PDQ0ujFRneXC8zFkWNYp93HCPNJ3LdWduDuhXx -iFO1Sja0f46MvTL46BtkpRFCdbYFkaNGfxplZm5B5LMtazKKZX85kWYCUttAa4Ey -jge6DPqTVOPhymAe19odxJmWIdHZxobUVPV4rVy+YM3kw6mlYqQ5vPZBmKwueI+W -n3TjJdX3zfOZ+A3HlAMsvLQ0+IqoLLnNGxxJwYpBWrbdasOhAp3WdkViJXD9qC/I -JxNJwkIvME3KW7oQe2GP6+UYf33sYG7xkM5DrTMfQM+1BkKtcQNJtQ3GR5COhNSy -GqrpII9scKoZO2fCHVWpdHHC+w0J4MgPnVj2VjSDOk/oQsN46zULkR0qux4NsnSQ -hyUzgpmKRaDKoiSPUZboSlraaHjuVAjxZp/Fc073RdoQIhzHnGvCxEL5fqa6wXx/ -Igx5BEUcPxUd23+3KLYdq+oIvM/Ti4cPpRSwChpw6XZFdsyO5Stz1euatCyyIU4H -Gdh+3MGWeg6GjlViWdDvDYwVDJm5+FnVPvy4dG2SAv7bLgdqyNLD/LVByYpNYnd8 -eonYLPOZqjRxfwq/T0Azevhe0D9Vy8OSlXGRjEuMn+t03X6U02q2Z5wfzEqp/7QA -hSaRJh6JAjwEGAEKACYCGwwWIQQpbJTb0CgCRb/Tkdd7UpZI7oVyZAUCYSJ72QUJ -CWF2LAAKCRB7UpZI7oVyZCKLD/4zLCkpCOmJFWKhAb0qeplMp6vBWnHhda2pDvH2 -m6yRgi7yqSBDobt9eJYefbWXd03DtRaXM0UkRKRVkVRwxB4FmxFmgx5bQ41X+JBJ -iB+03t7eZqNeEP4UT8KyT+XPfjGx8gbylC8JFlvQT3xI8kfhIAbbxKVFWl2ytB0n -uwikvuGhbR029FeMah/j24BahcKGjWaoTY17Y1mGhkMCKpcGJVREfUKAqxo9cfDV -qw7DHJEmtUB0e5DyKe4oLTWcnoSN47OfsATILI81Stn+x6V4Tmnla/0xUJqRZssI -yIFWFGYaYn6uBSiC1U0V4kV2y56NQWI+CXfND0BwC2Fma7LqMg7dakrb8MOE4vlY -keV2rj1qToJJBRSkRsYh+5hGFIlqqtmq2E+BHGkxYCYUIa4ZFb5IecYkYxghenKl -ohaFqqchIua2GtTxHCZmZoHAC36kH5AM7ST8HeDWEUjB29SXkjMA5aIiIFmT/1Bb -7zCQoawXfmc+U8dCD4npMF9SaHrQZNoxAHdR0iGbKCaIYaCzqpPhS2gRSum4rh+V -Yo9K8v614AkMCsk3+Wof/IV2asKZxT6vLjDUFY/P7MID3S9Awg0bQCytkoKsDWeX -CKpK2dA8hUwdFborpZbBGlZHdlIFrTlw3BYYVQuTP4h9K7xRxqdcEwEuei9z+afP -08gzPYkCPAQYAQoAJgIbDBYhBClslNvQKAJFv9OR13tSlkjuhXJkBQJjPJI0BQkN -XMAHAAoJEHtSlkjuhXJkQEUP/3LCVIctwP/OcX4fHLKK43B10DfdqEaArxX9Gtza -xTSFlJxqfhWL6ZRRSIhYn28zVVZTAESKEtBgM5NKWafn25mzVfOqRl/otv54twAv -HmWti6yZhgoaTfYmB4rJeTWCyogJkJkYFCdcHQkdo/gLFEz5tCZt2dXcXqGzzOl5 -/NvSNMh7h5gLqHTNKmx4jLe0Wwrgka4UHC8y6QEacDl2tRVjl7hV5gytbUZUjEsq -2Fk+UdCaecGTlhbQItuxj54jX9SLOCsaJRJyJ5z+j4NQ/FhaDRSCuvMAW4RvPfIx -+XMCWULEo8sHdpBDtoVdTqAy1Y2gzv/CXBzTq+1A3FuBo5Mf6Crm6zoZ+4Snk9wm -xmnZEIGBoj1ehVW2yR7lSdzBQiuj6LmIdcLw9tH8XV9PlHwkip28NUbZnRRi64g4 -MJTzKsIB8ymoBwxfNZcX7EC53fDFGQ22/+FbbH5bmeDTBGVWbC3C+qynMCBHamzz -f3tK+75kmVqQCdQ0VYRAEZshNLScGlm0b8V0sF7f7RSR3O0Xx8/infneddhRMgc+ -jbsGF2A1AkQQZoxXGMyteq5fcdkvbjvkZ1/E12YgWp3p3vmelwX1LOyoGTzN6DWR -cHjPSi5x4iB4P/8b/EIDb0wk3IonSG1zptaFWyy75qtQpnw2PLrHj+nUhEV7TFsn -/KknuQINBFmiPEcBEADT7fKxYxNAEiGjAQfhz42moy6tNfBB3Y8QFFF+lr2Hy5hW -e9/piU7cd/OME7MYYBDbINwc3hHim1mvIM1WOsSAHDHt25z8UuMEfN4ke1pq2Qkm -o/rhb405rfLNw7PFhQD4WTx0xK044zlHGgL/VTxAlMSA+atyOvVweOHi+8Txe6Yi -nZlr8K50ox/4PtyFpMIOLE8YppgLj+heGxRMRtYHHszOivhwqTPyQC64Kdg/WALc -XDJZHSCWGUH113XnuRPwbWbtJlA/F4+83MeCGOaqQmOBE/+St3Bc5OBQcmVwZ8rz -6WiNFuEAh7PwyCGhlsddNIjwjy4X/v7mjltt+GjsT4WjiSha7hPaA6dvjuBSP28w -lRBycYsNr6aVegPUH9Dq9P8ehW3kZ5GUX94W222S/MxOOa3NvAZWESreNhODAp3J -Q11l5ie3NY2sv3uYyEN9Cv/4CPWWtHmSgEQfcuOP8PZHnxe98SWfk/j8Z/oI0liR -uGFt1ME56OtQtY8TJJeoVpzZEVUsia3WXWC076CYcxwBjeM7jOC8UtvILRQ5JxiZ -0/wqdHtV8ZnojB4AjCpW+PWgpXUsUv6Kv8uCEnrk/54Orp7gDwqXH5Z5szmVrse6 -0w7VgZSSlJBRV3QrlCINsmxkbUlo7YflWohQit5CAHdPk/oMDRAhD5YFqIE7iwAR -AQABiQIlBBgBCgAPBQJZojxHAhsgBQkDwmcAAAoJEHtSlkjuhXJkH34P+wXkYGuY -q4ZLRIicEb9yjLq9S3O//caSSf5ZTakYgng2p57fTVHt239ofUes2/nKbyz9I3+U -DA/l5nabAwlU0BOSK6fmLcs1OvtvB5uec3l1a0QRFBNQlu2Vyjth12HZEBW2es+X -z6hLF3m/Q+uwOzleXQtcc4qQxIVuteyl+C05cWPKzPlc+ePAMGaFLeb01RBzn53F -cIHbUnw0cHIiXBqb11unRuzelrekc+qco3DHSM/FnnC3CC4gDzpm8u31OsopNNbW -gSHi67fFvkBQHAKCPpB/Mj0V+DKqPeH5R+ZvcJAxHF+NG7tf3NON8CMzmu/Fgu8D -XtlHJ7A6BB1KRu47KhIpiJd+2dcCdZAfedjAz7+PqCrrWCT19UWFg7NO6+DklToT -2axMiym+hU5ihuR2oqOwmPwAtwvEAR0W23yznG/w0yEhkD8wL9bq0ezzkWx/iANg -j6RtjiJcxvs5CH9x9BI2AScLdcgzWeaG1C1mXa253uHow+wZtRJUzxXwy0lFLR8k -WwaBgpjfH+zAY9Gug947QWOhfEbpBcGksb2pv7jaOlrFwbeklX7omtWNBOYIfnql -F6pwxduoave0mHBBOti6oPe+YOGdxblJ1MlSHG/gVeVqjrKdWd3fJy2xpo6HxcRb -ZzK2Zv1b9i0DwBdtPlDbiXe8qIKDY/kuMEjQiQIlBBgBCgAPAhsgBQJdY+K2BQkH -hA1sAAoJEHtSlkjuhXJkI28QAJCkH8jML7swwKuI7YXDDUtG8GDuCVjGquVSgOCI -b2phySEl6wjJS+m6tYcRutCSFkIM4Z5xgygeziCq7ODt3eNnt5FJgGvtQI3EUw8a -NnOpFsHOPSZWV87TZH4aWerO31GA0fmuGVbiL7kAkAvCxTW0y9qBKClzrH1IaBOl -YPBRfZOYjYYKCAI5eloQPslzXBpyKlaWVTuJtOd7F+sm2AQTjoQzuZY1YHgOIXZP -jWxRDcbHrUyX3qMdp0iiYzq/qm5OT1pNEavVY7aM5NFI6/T6Cp7yMkWxFwnkslnY -XqhuN8/ka2ulaoIhbBDTr47c/jX6O1EI++hAPxweUKjZSF1w8NOvbLGW5qfXKdxa -RW/8tCTPXQxaUHrsqZxUTFDCCmZasiZTR6rJTvBPceYuAUkSMmAWWCNSewm8q/UF -aLjy44/YReH7I7xC1a7EmJPs72/SArckzmGAgzxFl/4NRH3/yG9Zs5itbevo+Y9R -fTnR+Q3q/x2AWFxOMNcxFAROKmKDa/hJp5eGcr6MAUCe3SB4TaRJeTv6gEr+7NVc -98OjNAF/CPtcIdOjY/7iPBVj3AbhDH2DXjBIcTlTjX/rNBokW+g/Pkt55LiMohTJ -RIDYmOI54gCf1cjEzXHi5u2bRXXjjMRnaEe3t2kYLazzjLPFpg4J48ec8AabW1KC -kaAYiQI8BBgBCgAmAhsgFiEEKWyU29AoAkW/05HXe1KWSO6FcmQFAmEie+oFCQlh -cyMACgkQe1KWSO6FcmSF1A/+KlvQAJgc/s+8PA42rwizLNn60KuK0nczNx6zVKgh -I2Gn03U/V9buJuV5LEgdRGQgJ/O1JWZfDd6TobOzWbYAgstbxJrn+ruW2u6mfiWb -JToI+F++kGEcwLCsqMHF/JAv3bd5ZwqIvt5RM235VeDpqZNdtWcEJa5Z67qX3zZ6 -1/xilNhePliRtK+FfTNs6iREDGhKiozHNkSMdxR1ru0jUds9AwUP7AYj6wfuTZBe -HT2nBUXn9b4ViAnBnONQEPKJg5rMCOg4y+K8Iswq8Fs/O3Vt635Yx5C3eGTWhveo -FvgJqFEfpdSwrS2b+Te9xmuK2EWxYRYY6lp18Tu3J0Dt6rfw6mMDc96R+VmDgyFm -J4HUi0qBtW5tAblBKi9MLtvTy56+hHgPmJimxu+JDSWDsOdVaHCax6VQ21x1Arbj -TTWVCu1Fq44F9nPEKZVNZXXOpafEU0AgwuiDWrOh1TTW+ZEsHbYKit9gskGrZiwT -un/0rBUPSXHCOzt2MARAvv1jZMQEv3zxJUoA01Dxx7xShrVR2POULEVFpZuAh7Kf -py/WgeYaEiawJHU+VMGJDyypdSqIymTmL8L00CpmnjGhfDyb4ngZ4OGWi71SDq2r -XCmuumff4YcI9dtBqWrAIssYC/10r/HKsHmT3eC8gvC57zE5bL/jBo4rTTa88JtY -76WJAjwEGAEKACYCGyAWIQQpbJTb0CgCRb/Tkdd7UpZI7oVyZAUCYzySPAUJDVy8 -7QAKCRB7UpZI7oVyZOBlD/9Pf1IYTYNsBgzO0/5jCqlOfuVnRf/DLHCAZNedsuse -gVUF5TEIUT/bp9vvPKcBF3U3sPRglg1iYLC6mzaCEeLC1q42j7OXd3wfK+4c5cJw -ZB0geimGIYECY/9aDnPy1RxYSrgYoGVMENHzRqhEJE6cRUCrX87YUBjfeUH/kNhf -yYGc7dKEDe26HK7II0CBkAaCuAZ4EtVGPLTy4yZwRLe9SRjHsrJga9451pIdLqQW -ZyQddnXMVUGIsQKMzKPTbaGIAyXdqGGin4UvxCIMeh+0xz69n347XxL+h+r3LIRN -sowTTIK03Nc6G6GcZIf6PIC8JYS4Fz5qCwE+EyREXyph2CpwiG4PxtF4fiMiJXXD -7zGFkAGrZnvrdVCCtRb//fr4L634kYi+z0QuB654IhJ8IODYzgMQCbfS9Yp6kBdn -ce0n333E2gVuvb7rR1/ac0/aj5QZDBe19NG6Z0mwILMRFtq81itU9XRuKeTIfdK3 -xs+nxhF//6gUKlrmqk/iBw6/ihgQTNP6OQ5MZg1YMjGw9LS3MAp4CRELHYRI+Zf+ -eP1Av9Q9yNlk4dPCICMZqRfmqdWlPds0k7fD6I8AlhOFDvv4H5ZyUXd1sgqQJaH3 -11nx8bhp8to4D7ocx1Cn9VwWQDygj4T7cCSYaZ/FJP4TyqMXSyVAKvPZZ5OqABOa -sg== -=gV9M +tcW0O5ykMgX147pJQLXnCOsSPrthVhbt8gcQOzIMXrNm7sDjPzbtlpqBiQJeBBMB +CgBIAhsDCwsJDQgKDAcLBAMCBhUKCQgLAwUWAgMBAAIeAQIXgAIZARYhBClslNvQ +KAJFv9OR13tSlkjuhXJkBQJm9LliBQkRFOc1AAoJEHtSlkjuhXJk+twP/3DBVqlt +Ni6Nk6bVk3qYjUHKHVRqqDePO2GkaYMoyk7Jfdt9+kPUfVYcPZ7TxFHFdNcEP/i6 ++vi4jLELbd4QOgmAaOKuG5A9YP1w6psqSEELVhugarKqCYWa6oUvFHcFFv1zlxuK +M17xJNckd0Gc5f21qJfoF4LAtVtlqdzs9H2gq1clTKjuQKDMvqmZysa+M2u/VRAO +RS01lWnZgYFd/wc7QNv9dQWHR3IOGva0KnXpb7MFE4FWBpdbWQYW+kga+q1IpTu6 +rSGq5Y++WDjFwVZ0uw2yeaV49MRVC0Nu5+aM//SN1UyBV2sTSD8XzsowdCI+syHu +Evw8kFHH5YbxFfnn6lOklzHZu3JDkgFZyYI+PxkY+/isj3m4LCmet2EaC5iFubdk +sYxzAaEEzYIqeAVCOm3ZigOjNLrBT0PqjL0uzWMAQRGBnhHjmIvI79Ma9m6W8pSJ +X8SRRKTYJMfktGf19pJIddxN74pfByphLLsjTk0wkHbkalam9mIdBnvTF6xb3oiA +OXxiY4o/1Y8/dYODNR4IZbQocVpV8MgYoH6FW6pmlNtgJTfN05P7ZgKztCEdYtRK +nrEJ8y6UuF+bjvKM0mdsuwUbH9TgRX8v/VcMMhoQmDvIqAKDeA9RKNQWi93zB2dF +7VCbAKMKOeHC/d1m0pO+dj5w1SvdpsV9vfIYiGsEEBECACsFAmM8vW4FgwHihQAe +Gmh0dHA6Ly93d3cuY2FjZXJ0Lm9yZy9jcHMucGhwAAoJENK7DQFl0P1YivMAn17V +GWdGkDpkqelJzCtISFg/bTqMAJ0bn4ggc2g/yQgHKvmFbSx44mH31bQrR3JlZ29y +eSBOZWlsIFNoYXBpcm8gPGdzaGFwaXJvQEZyZWVCU0Qub3JnPokCRAQTAQoALgUC +WaI+pAIbAwUJA8JnAAsLCQ0ICgwHCwQDAgYVCgkICwMFFgIDAQACHgECF4AACgkQ +e1KWSO6FcmThyg//cVqPp8H1IoClbSUipsqIL/CbPv9re5KoUYgZttqQDUH92HEu +9UQwyniRV5rgzmHVumVv5WBfHFPPO1lOWa20bCmjvRB7ilYo1ahYK7WOXN0TyMIH +H2LvUmQkNE5u8CisiMVJhJUpd4FK17ntlxf76Sa168dUs0IeRJSNp9ktkUPzOElJ +a6UWIM/9WteT8s3rbHQwtZptHRQbbGQmv3w43ASZp1xV9e9YZm9RPlnfTYEZMVBD +Jw91FMmhnUu4Is4cEQSppPHqo2T+cw+lbFeVVUiOMd0+NTtlWpRAbhaGkqo1it4p +XMVq7kUItXSvvBCrXxdonGfoXj2agqnO+FRXT1QT2vPYY4csqS7Uaj3bdcgubgvc +TBpVPTRrSlU928aGbps2KMkg56amTe9GehElRt9Hg0UB+bgpJekqTTDp566RM9ji +3hGLF9nRhdI2ldYQIwtLjy7Ox+NzDKa9iN0cM4EKTVvw3fb6XU+eCkPyYKMPGX4i +qnvVnYTFuZDDX6B9zYyI+cCehs/qSKDjOaxAzOiKg88A38SxL/JSdFi4Pvt0m5Ay +8ZQqouMqT9FGveQklH5dujvJ8wfrZTrygU0XWT5eHM7R3N2+cRSucBiYEblo5INz +5lNdKk+aOBPzCURBY5NXqBCQKLdCkTk4lzD/By2ayd0Pk0TTIa8yAgrecRaIRgQQ +EQIABgUCWaJPywAKCRAY9QOAJMJ4Au7sAJ4w5fZnocQOrS0Cj5heGwQzMsX5QACf +VTfe3lDGLc7d+CG9OaBCXim/OU2InAQQAQIABgUCWaJQLwAKCRC92o/WP+p9/SzC +A/4u/V0Smb4L8ziDpkz9BqOrqwrPeonviSiwbzBc0OKy+egg7LHIhR1BiaRwZ3zK +/gEHRHy2sAOIy3TFJ8rGf6Fumxvi+UkHXDz7Gf1/FbmLT9eZfe8M3FZ39IYg+Sdh +NiHb19dM2wlQ6ggI0kqoOOAvmDoRPampu6MaH9LrUgeUoYicBBABAgAGBQJZolBl +AAoJEHxLZ22gDhVjeKUEAIoD7bnRXUg7nFcT9Jgp+EyHwQ9lpoU1AXAKG694RgEq +rzRYOkL7ih1WFvJJKfTfDyEPGXR6Xy9KR74czV1CF3Kjr0GzocaT+oSqXSLfW8M0 +GSW9dExBEBnGL1ybP7bVHv/J/r0CofQGO6T8kc5XPf4qN85GBhbKtG2MZcBS5oxj +iJwEEAECAAYFAlmiUHgACgkQ1uCh/k++Kt309wQAo8vYoHC+dX7kg8ed16wau7L9 +XymdQiYdPrMCTwVCStzjyTesEqRmBDso2FLH2ZMo7MxT1ElrdK9vv9iPw+5leFOY +GmpZIbCFcKDILiwfqBd+zJvJp5KkVkVCvAnr/0C0Kl6c6FaKB6UwOs6/MjU3LpnT +oztketdRp01kfjd+qDCIRgQQEQIABgUCWaJQjQAKCRAh+cW892qb9bASAKCalaH/ +z573Mb/s9Wo8idSIzTGw4ACfQtV4X2ZS593QODXhiWH7X49E3DWJARwEEAECAAYF +AlmiUKAACgkQvSdtLm/PqIV0BAgAtNV52Mwz7Zndks9rC+i7cwkPcnDxev4NCM0X +l1VeDtUQPaukPfXffjBoGYsNaVGvA3YM9isoIFZ+J0Qr5j0lDqiqor49Bt7wrteP +9dvX8iKXOnwLgnig6WK+VuroTVSr8+BICknKsE+3mu0bzOSBIFWRaaHEGAHCY8pH +nMiu1D3Ff38nOi41Zr7xYv3D7int13cuve8ihsBhJF+ZWmia3ODQwQnq/6c9gD+q +FruShbfVEYldfDqO/aKFoBi0mQ9sHF3HT0teIE+QHfILO/71KcZKWTCrHDTeCaF3 ++zh8L2FFn93xYvBGl7jklOvScStGyzro1r7e1Egx+NdZZlBh74kBHAQQAQIABgUC +WaJRkQAKCRBinvjuDIuDM7TcB/sGaxvHCDX1R82MoZkTY/aNzfCTIbep1chJgpRd +1w/MTqazxxzd1OBoJH7dy1HoBpOQRhhYRslpD4JQoWsa4AQgFCUY8z38DsOHQms3 +q2yR0wifcUkc7oaAUSuNa9h08Z+J0Kzsa1p3o+f62li3tkPwHqlO+VYHgLXO/bq7 +TVjq1PUXLWCtGWSlY16ogyqHB7gUfwWffd0rXytgMltywCpe/Kk73GMylIQYCpnQ +EgHCrBDgipohYVdESN7lxrvERoP+CxzPZCTqWD10SFFSH7FkNXft7RAxPitp0xXf +2k6M/hdz1i1V9K52a5+lXTuNHS5wrVSB1i+K246HkzVEN+JeiJwEEAECAAYFAlmi +Uf8ACgkQwCnKQBb0zOmGMAP+PkzEKAVy4+bVifceE4Vue2sjZB82YMKnsVQ1JTUo +tvf5RZyuMxJBbIxziiakYfFtSJ0e5y4k3aTnwT4x3zRc/pO2dhgl/6Vdfhul3g2H +iQEIMryEvgDng0zKDimFfruyDUtgfm1vjJZ4ceyroYaq0lEu+Gp1dtZKuBfTFC/Y +jmCJAhwEEAECAAYFAlmiUjsACgkQPWfLp8oo5aSLVw/+NDYMQHdwXjyml+xizJVf +HsSGeOhgEhAwDSwiFbQCM1U6AUoVb7DdAF29ymEQA2By+aFhWbTXCbRbtuN9BIWL +lGELc0XrVVQZA+vnpOQz7BqVBvV5LNW3Ejg5O31nvgc3ARkFrUJDxoMMjE1EuQIl +vVYxw0rBVzDvVU3kVmfwzAbobVc/OB/o2KTTk7QOYIxLZK8TtwojgM497AyxFBgJ +9fHVZaqXDtSjnRWUVqoyobUPUeAgNIERsmtzhR/DQqB3Jj8hkYBX6+JJKF4weJ10 +xYN3bN5PiYQg9zVvcXMazHDDbnKgE3jUCiEvvZpD5ethdWBUDMIQ863HhrzGDq4l +ZyUuEmLZC0GNExXKf6kEEC/aivbvmHGnITg7Lsg13Xl35Nra/b5XqPvQkVmKY+lg +EcyTyAeKoY+zCR1HNLXRKSLvch0HEgqOZxy6584f7wwZjengXhBmpRkJVUXMZl3m +qXjvY7PSDlwF9H46ISAe+5M+5jth33KPF2O+flMwQTtA88zDhY97eBZqgub1OuIC +c2Epyg7e50El7JfrrppGUWTcIXTzPT1mXcopYfmjXOmbfyye8UmvlfnZ6GQA9F9U +GMK4TgRHR0aU2KJelH63F4ng98TTW/Sy3rXqS59MJDVnaXBL+t4OIeVk1/1ruYoX +H1yAgGgWRNrf1sLg/h4P2kCIRgQQEQIABgUCWaV4bQAKCRDCeBwaRrHv4SOlAJsE +souUPIlxpAgwhI4KAwn6cfwO2wCgs2t0aO30BJ9qZ8IhlrLgqvuI1iyIRgQQEQgA +BgUCWaVZtAAKCRCZvicdW1CwjxIgAKCDt4RxFXsOmINj0fx36ZtNF1D0RACeOs+9 +vEwIkAH2Y74gSVrtDBD8jxeJARwEEAECAAYFAlmleDkACgkQMUyBgy2CADIkXwgA +1qZix5SMkH8czr8orOB3+jN2BYpsl11XWgnG8eW1syT3R0exvkbbPJHm6uClPh9N +Va2aZkgaNCaCAz1okgVxRRaCs+wfIKrSUGPnCaiRLBhQwpspFE1PKktiN0KJqyz2 +4zb/MuRJj2ZRFXdQCAcOhHuVZHtIe66Gx9fivb5M+V7St0z31v/2JLzRWJ4dwfSM +6JTNqVdt99mgqdeTGvJlNPeRFdUDtSqFi9Z4elrXkQO0wGw0kF3Bex/sdfnaT44r +G8fZ1k1HM1jauuvVJJM2Uriz6BLaXuH0ncFGQXN5PffwLpYXt5tzZTFzAPywOo5N +4JHFpi9Qg3hvS4NFODMRB4kCHAQQAQIABgUCWaV4lAAKCRDTkZTIwo0c/xP3D/43 +15VHaXbNe5S9PpmHZgQWIAjWGHP5ipOfs1tiM6m0U1WWbPkmJ6EBTF7LK+01lOhn +BtT86EDCeZ8MNwKtjClhZe/jdqhdIQXLpioMoqzRd1wPfJaW/DSg8CR6fnbGmcRJ +YkWSbADj2/AvsLOejtT7z3YhlvQ6adVEnV9wORz7xJ94uq/gSia2LlYed7OB7ZPs +yQXVxZPdrBLKZduZshwY3FnpLrEcmI4ChjPncvZ4DzTUjbRZjrOpWzP1ERSKpxAC +TWpq1KhHvfi6himfj+aPnclPr0zoXC5gPAgP750k2oa5JathvftULiFn6O5LS8wT +SxpBpJVuN0mbNwy5g+6KHUUL13/7PbvuYMqFUtVifvH86XQzRzfV+dljKxFVnj+P +ZMQN5HhS7YaQDByQGsczuFgy1ROa68KpIPKpraD59gBEwhTMiR6yfZ7+x5IeESse +WhDcBPde14FdnX5WhRux6oTNzqQHV27zDKk8KDbA4utJBa4+aXEgJWB8xRQYn238 +ugfMWjGSYUFov8hbYbMBqDxGV8xp2Q2KgkBOVqrW5Epasshre0NZGwBh5kApzPU5 +yKcyA2imZcMEGwTYcHtHFeLFzFqeZYPhMH4ewyuKInFteHk5qF0hhz1xmmEhnqPA +HhYQMPK2vhUwc3KJ/TJTQxHMMS8YsEaKzEkmJ4j6HIkCIAQQAQoACgUCWaUZWQMF +ATwACgkQlbYYGy0z6eyDcxAArK0RaZm9aYqkp3gFtF/xPSVBmQ/G0lYch6OBbZhl +79S2A386SHvtUllS1+dVZM49CDIC86hdPt74vsOhN5xeLhWSdtYAaQGIfpajY3Wu +z0+2xLOuNFxeYlnaUNSTZWhY44Vov5NlY84P0teORH231TofFPXm5eIQIV3G9AUR +qo6jfLO0GMwfDfHeuT8c7UWk77Eo1Y1C+mxkm8hYWBhaQiJkAA5p70coiBK9518b +KvGBYmt6Kk19PpJ5x8AAQU9SLS2vZ2yq79BlF6A1Qkr9T/vWiVA3J7OXybSVDipD +lXlwwrxo4prJ/0AbSoW8ZbwFmqT405UeXchQynvNi4yGfxea8HM943MyyUpusE7g +1z35Kp3T8LxbkHa1DCXqRCpq44O4bBFe3LlWJuLAd9JaocbuYocbcSkNpTvnl5Do +JmoGSxWQAWzke4IJ//qFCuWB6kMzDEbsiIs/R6laJrVHUG0HuNXeKzDNZc5nTGGp +Swzfx3KFAeee5vnZZ1ZmjgJ3gtHV3+yqEAaPxGikUgyf/oRjyhwWcu6Pdf/ukI44 +rS+WIob3k72ugShby/CZEVnXFjy65W+aVMhS1/yVcjJjdrYvkcmuj0F0rzOjzoAT +DzWgYIizl61l3GNpNJoPfA+DikMkHmcEFbVCXOfQ7Fe9zeT1LLwZZGWl1Ur/hYvH +/V2JAjMEEAEKAB0WIQQSwLbiW6mtLPG7S0LwCvbqwkXSCwUCWaUYSwAKCRDwCvbq +wkXSC8I3EACR1uUtvwgn1SSZs4s5Wd0CTA6f4QHL9TWw2wj/IolgOUBorP84BU11 +mrabULU+xUQ74K5lKEuoxd0wTKAw/5T86whAq2PuFP6f/2vgbx+8dSpV+k5zW0Il +iQcsyuVkOUyhOMT8/HZn253l4CeNo5IaL1AICoYkcR00I5W1wWAsgSedK/4Wnbgl +m6MgjpPoyRQpLD9M/rxagTcq6Kw1a/JXBjXi0dnrX/0XLg6Wey9cn9RetSrcmYVM +kMV/COoG9+UeeJgZHDgu7jhd3uDiAD39/MbhPfM4UIbQ1a4ig9+jRwzu0FyPkRGe +BNHmI4qpihDmVuzJo3p97PV+mbLTmmM0LfIj4/4uvRl/B1ffUcA64NK8gDTKJBNn +TjzDWgXF+x+kIu1dzwHV6CLLifdlek531Eg+cHV2xKDoeXwIKRCWJZuO7HsF1F7y +RXHivecjUwJ4HBR7A4PQHgUDgAai8yMugNMoYM6YcWpofr1kvipR1i8TjIBd+fJE +MMeDtPtV6PnwzOZuvjoN9niUnBkroxSuYrdAyCwM2ruOqmUdofaZm2gfUMJClqr/ +fGj8TMJGyBgeATBCZ6EFlmUMMMU3qGaEvo+tOtq9d7uN5IeAKYotEzux3Y8Ca5G+ +TMDrnyn9mmleh3CyI5UpGZkgfb2aMPfkpAtrjmEKpgWYcCsJjZ52YokBHAQQAQIA +BgUCWaYsHwAKCRAQkK8gpapb5s2QCAChRp/UYGAc8cIzI+PE5gZ/LzgciSm+cjp/ +VzU+Ke3cMVmw3SXSzpaydrdLBF88ildW37EOf7XNDWhuo/lc+6k1WlG90LzIsavz +nXMOSyhip6Cukl2zgGuosYhzlOyU6G/aqv8Ly5wLHlQWVjNAWLg+VRoHaior0nwU +9nIiT6wwSRvPGKeb7kv7r0nMuStAI5jRDzYOx9U0hbEDjs8gsY0ZRS0KhDDn64xh +3BeTJRTb3Hbg64WfrB8wfbEBYqK+4plK+BiZdTAErAJO6LXGRH4hXXLzHAcx7DLy +xW1PoOhTteY/PCIRJ6fBVM8FqRBF1qZXEIBFCKTkcw/pSWocXsQBiEYEEBECAAYF +Almmzo0ACgkQCaeiStHlgge14wCfX2ngh0jwfWsD+4dV6eiNgko3EukAoJjBPHFC +z4enTjDi/Y8LpVtYtLqQiEYEEBECAAYFAlmm/zoACgkQTyzT2CeTzy0iCQCfa7NS +UldomBiTQEnGv6zaXJOuTtAAn24vxOEB82gwGkpUsTuSmXKSUMdkiGsEEBECACsF +AlmtkrEFgwHihQAeGmh0dHA6Ly93d3cuY2FjZXJ0Lm9yZy9jcHMucGhwAAoJENK7 +DQFl0P1YxWQAn3I641QUmI8KqledMtMLLN8+W43mAKCF7YyNwarTcTDB2KAombJv +jD96EIhGBBARCgAGBQJZsKAxAAoJEOa/zS8QgaN8fKMAn3+sjjWaMSEvnybBGa8T +DrT0JaiyAKCkbrdEMQq75Oodlo1ZaOagAdh0cIkBMwQQAQoAHRYhBPhaOCBDafca +NNROg0mEkQqMqu6KBQJZ6Tn2AAoJEEmEkQqMqu6KMK8IAJOTCilD2pXL8CPCpnni +w52cZjPaRqanSz8W2kiHVeHIUVnitdfc7cjrTzkRcmFkBG9Aqh/2NzHaiIlsNe5a +NElGEd3eYBZGBBPS9yD0IUcf00x4GiGPAIuLopCvClHU3WS80P57OEzTP+3gKdiS +ReJW/I//VaU1BLWnoOnDqD3st5iBjAf7FINSBqRr6AKIov/OTgJFvEl+Xdk9aM1d ++Lg2O7kYFX3p0dmnrI5i9YbQU6X4bc2iKRUhal65AuqIlvxW/9tgwJ1QJEQu7GF1 +k47g0zqMMJ2QomMl6H+qQJmi2KQrMmb6OwOFE8k9Yq46mwFZ94CDFYznCeoWMhkz +bPKJAkQEEwEKAC4CGwMLCwkNCAoMBwsEAwIGFQoJCAsDBRYCAwEAAh4BAheABQJd +Y+KNBQkHhBBHAAoJEHtSlkjuhXJkLRoP/iBx3ksFdAUxyzQ+MFtNZNOAQfja/i4N +6ilrAK4620mo/1ZVwlES5qDkns/G6n79BWvL5+Yu6soDiP0yUKi3lAjFls9xv5Kt +rldFEiL/skIZSclSGt8ourWnqPw0dIvvvqzNTl1R7m/KYDuo4aXwO0AnNE/iTjj8 +Mv51DGf74eDk65SdO+FwgJla6LKRuJQmn6htLUZFBXuX7SrBdFBWnVuVrVCoQNqY +3NRGYNvImBnQH3e4iw2+g67LRdp3XexFe8zGdeOcm9eB+0gRLHD821NEJIyvg9ie +L1abvz4YVvDYXD5ZbV2+QYgqJBdn8M2IxsYW+CCc4oEzyHwZktCtdYWo5VOTLGyE +0ViDZL8uhxcaNKG6zldKwuiZcT7jCo85gkP44HLFlqEum13FcWPkukcIt9axJ0Ul +KkYDLfXpn1GhxhMkO8uCkqmRbtUr6tnCT+j7LBr5X1a9RiseuU5wMQLjRE1KwIwg +QXz1DNPg1PVxyzbNJFX6ocEGUXNjvch1SKEY0iKhXK9SML9ncrQib3GGUO2xhn8h +70u9MJvB5LimFnokBl2TzEh0X8flM/8G/vcrkN6OnsRM17wggiAkr0klcGolHU8v +S+R/YtTBNY+g1ZICIcazBb1Qxeu+48X8jvxyRmywr6ptjjzDaEGoMz6hITKxTQpp +6vWhDWBPGhi4iQJbBBMBCgBFAhsDCwsJDQgKDAcLBAMCBhUKCQgLAwUWAgMBAAIe +AQIXgBYhBClslNvQKAJFv9OR13tSlkjuhXJkBQJhInvDBQkJYXYPAAoJEHtSlkju +hXJkCs8P/iUy400QN9dpVQVSGce/Pp+drzsE7iRwxSmwE68CMhnWUZKHrgTdEptc +zYtu2ULGCcHdHafwb4pPtlnuu/AQBjLnTUE3AHKaEKhjnUXQ3YvrLFd6FpMtngKz +vUWGiMyXuyYQG6xmphhpkue0rznbOuW9KGP2EI0LdeTGiPhlwGHMeAjCWuZ5VOu8 +vlUdDD2V6n24vmke/LpqpsFwvTyq5b+DSaoeTWYEccN/W1TbmioZYI9p3w1u1IjJ +ls2BR34JKoYlU6AFAEqEalPglXV0Xm/E37jEbgfXuDi4o62lA2VfmGrpLCjkt0zj +MdAtSoxoHmyJZMizRvupTiQv+Mmpf3igODi01EY1QInqL4I15L/Yv/NEDutV9rDQ +h2j9MTWzG8SX4KVqREtbJ5moyBPpylODOQNvp+3EbU9SLNp7U/YDCf7dfqCxBZh9 +iWcNotMucAqbT9KDrDFPY2fnJi/gQiV5R82ONG3kGEFANfEJWNKAvlS6MCnYs0oI +T0/1Asku5++iK1el+dMm5uf3hQixez8b81oTFRQOmRGJj7DxIiT64kuisGwgmY4X +kSR3TbX6B6xkDy8UB9PyT1DvF5AeNAHqCOUQH4bvmH3F/Ktfwga9T60BkZcFvfyg +0i/keZPe8aEx+csS+d1v2HxVkqdoYqXK1C1Nb/KYTDymhpOox1UkiQJbBBMBCgBF +AhsDCwsJDQgKDAcLBAMCBhUKCQgLAwUWAgMBAAIeAQIXgBYhBClslNvQKAJFv9OR +13tSlkjuhXJkBQJjPJHwBQkNXL+hAAoJEHtSlkjuhXJkVjIP/Rp5zbX10w8AwsDP +AMWquqh6TOJugHnyQMbeV/u1IjJtf7m5rl2VdA9w1ws8WQNVEHuzokYcQx4DMNDP +vNcrQednyq3YMkyDxJMyjbaHyjIQDi1dW9I2yQk0+eUo0bxgsxSFnBDl9BFW1HMZ +V3xWl24z5WIo90oCv776SMeg5rzk3yaKc4bdTe2dYDgcq+DqNMNjna/2ewSfo/46 +0+0A6YcW2KmMNR33oUcBt/pTAW4Jx076H5r/zVO8dfoxhwP9xzqUYlK0cwjZVIiW +7hEVFAFNhYpPH4YIg2DnR54CO2h4agCUW/LEFKBl0BtJ3+6WZkWZuou6jV9UKNrJ +l8HwdmTDWrf9hv5htOyi7gxI15UECbsr7xAjeXZy/VSMUPtpIJXl/NDlr82aCCdU +5Rvm3WeTPOY6QJO02Ckpu5RE7UM4GxGw4dBpnLzjVQdOUzvBDBFRkPW3hsULpmv0 +mQl/t4IG26ytOZRiq6Fwl5FqPkJbXU+h1zwsecF7pPzBc0dMCHqHjWdXUm7EfXaB +upkH9xGI1Ig5ZwKyQvRverUbeoxumnJLPhxua1RHZopwVERKWG5uIFtvOHVEn2kG +spFnVHhzOI/AsHpacGiQ2STeyEp/dzvPTNoB+eFhDyncj8VLVzT8/gjWLTRn0JHC +3609ZADpDa5VmOwL0cQZD11AiDqIiQJbBBMBCgBFAhsDCwsJDQgKDAcLBAMCBhUK +CQgLAwUWAgMBAAIeAQIXgBYhBClslNvQKAJFv9OR13tSlkjuhXJkBQJm9LlyBQkR +FOc1AAoJEHtSlkjuhXJkunEP/jqFAyLEUjAlI2nAJ6aFtoojxiQipxSFZTKKjCwP +bICEa3R86aJzha+ynmXIiCtIaOJ6fAqABocZly5eH6x4I7x+YOAL3sfIaxnqP/JV +esYzT+Fa/tp6cADn7M8jdk+dzpi3UQt5+rNgNKrEZDAlHls6FgfSMUFPUBT8IS3O +PW4DFvTU8liekDimsQazZDg4FaxaG+3QijuDaXv7occ0i7WuafoRQuBhADXAQ8bi +fZKE/knrL4UdTAt965H1UK40+d5xC0+YBzF/fQFXntocNtDi7FHD2E5o7mMa2+LG +1g2p3MBBCC7EEt3tJ5PTtrpTkG7sRSkiDUXmG8xYmS9PvtV64gVwIrCMAJd9N69B +6jF8VHckRa58vES9T5TnDSg30sDnxSsb/z5Z7escFUDFL1unCJ79PNtajqvIcaqJ +7iaAsdSCkbLEow9Dq9CLr0djxh0eDKCvp7LZTVYTwg8sIZyou8G8kZJett3TBGuY +ivAKxWgeVrDkATd0T5rRBPQmcoY6heVUrQl1r7fNAvyhj9Fs6N0uod/y9z10QJ/H +sarwfRw8ClKqxEEFHU1+z5hhcoIBI9ZdfYlcW4VjxzoPO3m4qRn1lTHEtxG9XG4L +uc1LiFT+mlKlqSMy7tTakKU5Gn3ggH+0tw9SueI+UoB9RSOx7Jy5U6zvIXknIa45 +veGKiGsEEBECACsFAmM8vW4FgwHihQAeGmh0dHA6Ly93d3cuY2FjZXJ0Lm9yZy9j +cHMucGhwAAoJENK7DQFl0P1Yh58AoJIGgEteN2Jt2hbEjj1/vNlXAUW5AKCFfU3J +GF86MGRvydB2Oh1MoHm/lLQsR3JlZ29yeSBOZWlsIFNoYXBpcm8gPGdzaGFwaXJv +QHNlbmRtYWlsLm9yZz6JAkQEEwEKAC4FAlmiTTECGwMFCQPCZwALCwkNCAoMBwsE +AwIGFQoJCAsDBRYCAwEAAh4BAheAAAoJEHtSlkjuhXJkpBUQAJKaAmRG7aVYUKyu +QTDaihMO6sn35sFOByWIA9Et3VirivLQ774xvHihK9dz1tXtYQ3oNCfGHCqLejKS +n6sPfv6//Q4snAOUPf+Yk4WwOysLT6HfFEjxJqujsXvOs5vvWiV+Pfo28GKVJvhi +UOkmy/30QQTzmB0Ivd0fFF9PkB9TTgRJwUmJtJBXHN2SmDGJ9BFhW7ZXy71FpVlW +d4at2V8JzeOW/9VG1zjOrgra/IAyCV9GfKzhPAIPX/S6/JDakVD9BNe99BvwI4UW +cT2jf0HlHLdbXNpMOnBZiMAtxeuiApgrWmwlpP2pxIT9NV69QOA6h4JDxCRoqb4W +B/v43GqzeZLu3Ah7lE3ZZejtptlcCe73jA44djPzbxDz4Dv7/7MDX60RiX+lYWhQ +M4Ik3HN49urDuVJ+jKmon2050sAzaRvBihF759RBrCp373lLfIj3UsBcMjRmZGfW +a8gJrdRueC7uksG/kKlek12Kc7UVq4KJcW+KYN2MbV7+JMdnDLfeo7/dD5U5fK+h +enSURvNKILyx3UcS4KV4lOelaz8hDKk18xWexWfhfmsETvqRkPGYsPWI+EwvGZML +8RBMoApLYgoTH2Y/yAvHLvAODJj9AvUkyMhr/RV+1gfd92uYHi67WBkDprx3PNpw +CiWo7TajHn4FwZRTRl1tFeBcx7tMiEYEEBECAAYFAlmiT8sACgkQGPUDgCTCeAJw +HwCgvEZxM6rhsQVpsitgyqSR+LqLAnkAn2JUYZjeidTyLTPoV3Vg8aZIgDZOiJwE +EAECAAYFAlmiUC8ACgkQvdqP1j/qff3nfgP6A39cOlx0WvYNK6JskJiPcOpYOIuM +grb2gR9HC3QIXBsO5bhqIjRSyS85stlUJrFPuGYS3QtZ8yemZw8gvojHtN6hV+Zj +i2BP36s/WDRtz0ShvppuokveGN6qwxxkVyTAqS0FXKdaVYny1mPswUhBo/SGmF0l +EWt890ezt4piqJeInAQQAQIABgUCWaJQZQAKCRB8S2dtoA4VY6nwA/kBMkp2lgis +V5FINvR082wi6nSdfzxbaT4eSi1HyeAQcrt8TXbDdgtQE83wpQnWIHaLwkJp12y+ +IXrx8l6/nrus6ojvpG18MwF4eXsvfvrKVlJC9oWTSNr7wFHA9ujurtwZpSZxzbbF +py5ZLM1z3udtthvbv/c6sFeAHMRjZeh/toicBBABAgAGBQJZolB4AAoJENbgof5P +virddvUEAJYg61qYFVrsr+/l/M7CUklsv+gvPtyXZ6xlV0VnWcCT/NLGc/FaqjYz +NcdLAjLS+GqRtQ58IH1nxZBi0V0DjhCqF0zuXWSTICHDxMlbWLneHqCpRMEe8Sf7 +gzUJIcQjmMgzr245v4q4W7YVDQ4bupkCO61/PZSMGeGKfQizz1rziEYEEBECAAYF +AlmiUI0ACgkQIfnFvPdqm/Vv/ACg0B0SeUTb280MSE702CZr3TxmPgkAn2uaLlVs +NXzXWGRcvDyBLgEgj5PtiQEcBBABAgAGBQJZolCgAAoJEL0nbS5vz6iF2GkH/j9W +WVsJ7mWfUywjPb6xJA9++bjZRiDFj/OGKESsWRyUbsvHKdayuTvQV3Ms1B927qcg +eBvOUFFGSrAs/vnKOxYiPNVvYXdRcv8MW/5smqE8XvpN0WoywINrOOMAmKz1xWqV +mJe/tIhadhG2xx5n3C/Qpl58synpdKUcA1h5xSI95EFe5E99H+ipXTB4Fs+DtJEa +mKhxdPlVKgWBBP2a5XAtFBE0WSwNQv3k8yWmO8+3d49FprXCWwcmEolQdru7EWT1 +85UUbB27ZNylYOQCJdKvUplvQCxTf8kLQoefRQrKCaQyKSDnNCCoUZgBa9D7lCOC +OEsKD7c3Af0XIZmGId6JARwEEAECAAYFAlmiUZEACgkQYp747gyLgzP7Ngf/Q6Cz +u9wwBZgl5MmCT+GZr9Cri+ze1jqX3ETPtB04nFahvQ64cOXF9U6I5PlfMiNxSaQJ +kA8Ti8ZTShED2abQwl6yXV5KnsW6Wz0y/9YguWlNH0BPoBdJLvCVelpfqZH3et6e +U15P4dVk6iH4fm7mKJxEFyOkNjQS2WOavT0xrVdOUlyf3G9Gzw4b0N7b1Uy4yxoz +yVsPLvWH09qOQtP2KmK983l8kI+a/V8eI3eTdHWWei4bbDglUo58KPVfr8w5MEJz +FfpN9ZuqONs9XdUWedBp8VY4lvVPVXohNpYGVamGCHXOhZdjjDWQyQBwj15iMCFG +HnWoaoIf5NaMCmeYJ4icBBABAgAGBQJZolH/AAoJEMApykAW9Mzp9rQEALa/8iHb +Cfq/0EdGAtVlqTU5B+O3HE9ksLMlfGKw+FqUwDIxDEsmsPPYJ6xl2tvJzqpnoV3z +tR3aBQPtMLIgD55s50YXd7EC+E62Y/QGSuQOOOqGymoUJd9NwqRTU0gP5VfTt0Qb +OlABjyFyjQvVHzXc1ElVC3bdgstK2mEIXoOliQIcBBABAgAGBQJZolI7AAoJED1n +y6fKKOWkliQP+gNhnXvqHMNQyFeRzY6OQ7tEZ8MaV3kAoDVgMhpqwGmT/NeqGu2c +4WmwPZ3DryuPF4QM4jChdrXAOdPQIA/Yx9cpmmG9M3jZQb4/s6YIclowybPc1lOn +WbAsAtLctKUPRutxWpqPwkTnQsTt1rRkOqxgGfVALbLvYww6MSSRV0tLYVp63tYx +vfxgKZn5LZXZo7azG7z54TdBu2tWq2Xh1WJRObJZgeedypUcVi3cF/0Y3N0jw6Yk +Qm3DkW9VEW8u2SM7BMdgBVMdJ8r4MT0cdzG8wSfonBFPY+FCQEplGyuRSYZpnQWA +qVWTENJ3zjOOfAozBV2v4c0EzakzZ53PW7Zq2hDbUCHXOwyeCi5li9eepaqD7DDh +eJGqPcCRIg5lgKP/ZtVsgACyJ3LhJu0FJssuwTWTlH+bqIpU1+BDd1MgD+AbWRxg +qn5w1X0YkzHoAsw2Kl1ppuerpmmEjCbRtI16oG/9U6K2Ip5dtmILzDUiWr5x2G16 +3r94NBL2ysiG3CA9lNFH9+SOhUdF9j4IxCP7x595/whMMudduglvdGGSoZ29Deoz +Nqb8GAZfXbqkf2P8Oy4ltkvSnyTGSdfClHeLgq8UHzFcAv6/HEZnMhElBDDJGuF4 +NJLL6vKMVhDpsgkCIdlr5zwbq516TotFIEzJ3QUSaMExQYZ4cC30M/zdiEYEEBEC +AAYFAlmleG0ACgkQwngcGkax7+EqRQCeJSqQVYfiNJsLAXWef4KXrzvnawIAnjH0 +qgRZrHVa57yHOJGUvuwUNIisiEYEEBEIAAYFAlmlWbQACgkQmb4nHVtQsI+ooACg +jLTQvyNW/ZNg7Iy7v0GuXKLwCykAn2J79OyX1MLts3Es3tHsSxgik7NmiQEcBBAB +AgAGBQJZpXg5AAoJEDFMgYMtggAy/kQH/AueVpK74F5hQmJPlRF1bd81nbyBKvmO ++pc2VB0Wvc+1CE1d8fGalFHzUmGyTdDa+EBR/cLunwc8IGsnYQqnpOTYeYGkEwKm +17Q0kUGgi3M4sndv3K8iI6GTy3FLgb2uoeJ4mHKIl8b0kGf/TasvdIoOsueCiVRg +De2QtQfVWFR9fv1RNZONM7uVShApVKCAzASCIT5J6+tBw+/5Fom5iNUJq9v0beXE +CZXvoJXdSTaxkxdyzwglwweGPMk/vlKENxuyL9H8FXq8yY2aQTjLkGJyRPU+CTZ3 +fKyqDOois0x3gyWcGXb4QPT49N9+YRu3eWmQyI2zzIjvPS+WUJuLQy2JAhwEEAEC +AAYFAlmleJQACgkQ05GUyMKNHP+vQQ//WAH14OSz7pVR0Paj8ObRAz6sB3CQIijZ +zPfZ329d9LYO46XBUHn4K6Apbr+CiwTStcQkLUUde48FNqzoqnPOpE+IMeeh2UmF +nMhoL7Mjjq47p4IqxKZTHDFG5aVBgSj+YbBEAhEstwuHB5hsDMftNxEBqNYHF0Ug +Yn8OlFTcT7vkoUSXu7tQlqngZNtbv/qt2oLHmXY6Oa7/xpcwjFQZOlMTLc/mrsp2 +c32vzgPtCcItWLGQdmFBgWv1qlymOfAC0D8kn0lnyX2PWO27PAvueb+GC+UdrxVf +Mpd7scAwWJ1nUL0maaikJVKFncvnCwrmuxHk3WknDRQMzeg2nrz44gXDtdn/aEUw +4Ghj+DBbQHc5zD6eKeYOGnqy1BNdFID5tTsM/Y3mRz0IRSqeapftUVt2p1sKvpRC +ium01zdXdaUtv16IjRMnytvl6YfiwtucN3Oo/mQ/l1Su/tYJnq27twZI2MYYvSB1 +YlhMiXi556KE62+jgMG6k5J7VwBjr7C9tqJLatCJUbgcyNubs0SYyom6vkHIJ/z8 +Q0mkzvFSe7ZGEQhV50pSxrce3atmT/O+8ZJsqnM+CEne1DQEXcc7ZwGeF8d5Kccx +SfbAanp8zyKTdiMuHGkCJsnjsMp8PBbNrks5KG5dvE7yofjkNoN5GQiXKWP185Lo ++OxfGWTMlPqJAiAEEAEKAAoFAlmlGVkDBQE8AAoJEJW2GBstM+nsZOUP/i/K4gZj +b/uBHF2KrUmgaswQO7AqS9MyG65H+dlGOuY/TNRyFwdMf9Gol5LrW9b5FB/CZElC +iAl9oyc01Hsahl75+HExCZde4pFfyX0ZVvygUxG9mSpnBTO3Am7RKHVoBRNxd1Ju +3XqYwlawtbSNf2A3ONnfDjTpsni25w7LctfH14U/2CH5hJ6IyyI/I58AjdOpDdff +zBLEVA1XFcFTEKPTkavlp+IUvKNUI5fZmYm9iQ+knRLlPFfjt4tzSd0amHMg0WYo +zdBngzEFMc8PVR0fKCeUZMqcDxudPhrSow3Bw5nS7qayeUDGXoRSV20jdvrgqfpp +d1jXHGH5MhmM2DHQLxRUpGBhYqBvMLPrUa/fLnuG8V3J6624hxSuK7hUDZp458E0 +41EDuZbj7clKUflTM5hdlGkGWJpgnfDtPjRDH5NF0pA/f8B5tIbFUovcZVwtpqd9 +N1nLiOohnY0EzwwvRTONFgXLJmtP19fT/oPpMvQLPKJDTGNB2wlnkV3KIy6bTS+s +DekEMMCQMZ2icCgVL1dB/1T0eKnHgDycN78EGD6ZySKIRBjd1VvcUhvGIhNuAm8L +6MhMxBB9crlCRBpSwWk7CUptk9WuotmET4ZDKJ8ovEpyGYe/KhH76atX7Oj9PREh +Dlod3N+JhqgotqgfGTtcfgFYItI5lrTqxwyQiQIzBBABCgAdFiEEEsC24luprSzx +u0tC8Ar26sJF0gsFAlmlGEsACgkQ8Ar26sJF0gtwvg//YMSZTpcfBNogncvBrxTV +VkoyPfboqGUwj55x5ke49eWY5ZotC4wpFUcKiFuPBnzrjo6V5MwKAKvxP/C9Eb9B +2ahefKnOoJAF8Tcxhs4T/Iy/otvcDoBDoQDCN11nZzHFkNNm8wy9FcDXMMhpR4BK +wtHAr5NLoXmxc8w8u3W3DsoZRi9ATfm4LymV8RqoFN9rxmC2Qo/FKt8k7JZQZ3Jh +eYQ5E3b02xz4TZzsxQhgFd7Vn+fa7x4Z3mgeGUjaywhVkR0Kh/eRRQS2s4ksisaO +Mgbt22K4OZoi/XPbaDgU7JINDRvgB/NsCWOUPfpO1vqIWAkBlV7hJdMV8C1p+o61 +QCh+1hAoxIIP5+w6Dye5da3/JDH/sVuqOQiga9WdiFt6bymoxBi9PeYu1egvVL0t +vgjY+m3F5rSCI4rd0i7kkal+Dw7dLlUXWYJHeTxZT1k9wh2bLrP2mRfwgRQk93gi +xq7SFzeb8Ch+FPa95/bvoiFoP/gTo29fZczsENW+A5xBEwkB3UoMLgj3XyJZVkNJ +n05WCS5t9keE7O4++dTcuu2tjEb3hZTDFblsyL/tzReAYdXYAchcf9Gsmi5krLax +cINyfOqcaa0iQQNlJlaECFUjjUwX1Wgd3iHgryI479k/qfL8KfTwqdjetN5qSB++ +c35rcAH53ZnhKkAKgYaN3F2JARwEEAECAAYFAlmmLB8ACgkQEJCvIKWqW+aGLAf+ +LlyMG/6/sgI9Pta6xIdyyPSLSSUXxAEdUCy2r56SQ3uQM+2hcTwJnT8J6I0ruPKy +Sm8M/PgA7ng3H6+qqmaawKgwOXrWnksZBWy/7bHV7jGjxum6XYqhSpCm62w1qNbk +7artUvpP0UCjojV311HRa5C6lY8CglXtgFkZ9bUWQD5DvLTvE3anN5bo5FHZAi79 +ijy16e5HLgL7cu88T9M0GNELwCAMWozXzN3qrgLD62y3r6KTjpwjciMrHm9cnoSx +Mtj9eMropHxvetm93xSGJ0AUutQN2+wjjg1MYamU1SoS8rgXIvhBbQxB5QZIiMOe +S36TB5hDPEJ6LlUd863ozYhGBBARAgAGBQJZps6NAAoJEAmnokrR5YIHYVgAmwak +W+U1UAV1r055qBwCqt4yfYzuAJ9pGQQ0v8jgj9oaBne7qTKdOakh14hGBBARAgAG +BQJZpv86AAoJEE8s09gnk88tpnkAnjNxF4cNUTSs824ysISnkzP8OnU2AKCH3Of+ +66usWF+PlmJe1jtctg0wPohrBBARAgArBQJZrZKxBYMB4oUAHhpodHRwOi8vd3d3 +LmNhY2VydC5vcmcvY3BzLnBocAAKCRDSuw0BZdD9WOvfAJ9akqTimhDAqxZMo70M +H4CcvpwmagCgm+RSXgoJjHVVQdyMTPmkmjwXo1CIRgQQEQoABgUCWbCgMQAKCRDm +v80vEIGjfBuUAJ0aFlV5upTzJDwD2HeYvyi0injy8gCeInsRSql14xw8lF3MAYe7 +1/aDA1mJATMEEAEKAB0WIQT4WjggQ2n3GjTUToNJhJEKjKruigUCWek59gAKCRBJ +hJEKjKruisC8B/0QRaSnpymB8YNVL64/0OdtSJr/XhNKnBg/HzBebqrF2Kqzgr0f +pUB7ACoocwagA5B5wiwPDCWCgcyk/3zTY8NuppCMLg2N/3wTFhKFGYSN6P2RRM2s +QqpEtSIahYSieANciMaQtQvx4/XpLmR4p8TowMO2GVMQPAzZOQtPzNWy/tEtlz42 +ysr0PQh9SIuxeyuRdWLEnIaUn4WlqZXufWf/aZpshQa9Mk2ZKxryKUmp2TZYc+cL +yyQDoZxmLPV26Q2xUbUWUGuih0NsE1lZrELeKkBYzY+xA9j7j5hEZtKfBboR2/5g +1pYgRbpkyAWjv3eRxtQhgE+9mpc2tUqbK+B3iQJEBBMBCgAuAhsDCwsJDQgKDAcL +BAMCBhUKCQgLAwUWAgMBAAIeAQIXgAUCXWPijgUJB4QQRwAKCRB7UpZI7oVyZAIr +D/0fktfBOy5F6Z2jucNYedTVUQDhYHfCN0khk0kpIg5Uw5BdT/M0gvPDKr3amf3E +QmFAMC+gbMcQX2hIi3CnYT3NLxfGr5wyg6Jm6Q+pFU8GKyl9ckybEIEXCU6LVist +B7t/VYyZjHn6hYEfUALNT9SnD9VnL1qkpfL8lWzSSgjxFJb8s7/y+XzZSg5/CjZL +djJXquZKKkmdMd2iMmj5qqa0c+Ah/gRqCV0r5R7tD/DZjsLnHQmHXP6hA3th5RWi +Q3lU37XQZpZIuitFf+2MkGQ52JFUOTzOyDcBPtdNRpDRbe7O5RIOjnidXEHDGo2Z +hDybiIz5+5G+IC4FeF6TJPPdNgZJLfSBDSoVrDYvA9VuFzODcIoimB8mQYap93e7 +HqxsJpEkEYKbhiTWsTHYNachkVsZuMGj82iXsc2Yv6cG8dcXI4x3pE4vRAeCaG1a +Cr+gnoJQaCG2d0Vhl5KJiBXtvDoITYnfpliVq1RKpOckh9CmHvLWc03FPbq5scHs +aS+V6i51EAVSqgghwi00I/R4AHsHLuNDCrNjOVyLqzzZs11DlEuq/W2LQWrNVKpe +GpXn2HLWZjLVSnU8k3VncdfOuWPS9NlNkS2AiBmNcsFa2MZCu3msxm/LtwJC7WS4 +QSvFnHd2QW9UKrOxBbrbPrmvOr1GlyvUR5Xd8Jx4qFrYJokCWwQTAQoARQIbAwsL +CQ0ICgwHCwQDAgYVCgkICwMFFgIDAQACHgECF4AWIQQpbJTb0CgCRb/Tkdd7UpZI +7oVyZAUCYSJ7ygUJCWF2DwAKCRB7UpZI7oVyZGlQEACNu1pBfPWymWiebY1fxz8O +bc+ObNo5d8hOZ1KZuiHDbLGYocKVf3UOcpxzvAlU0YODpxVSZjNDQiXj9Z9qtZQT +ZOFb7/sYSGksgF+CJYruaeRfooJ1nhbB5uoy5HKI9kRTs5mQcDSreR5ItC1HDoAM +uIU1JHHBjiQwSXBlpMvo1E1rZ5VSl91dX3WD1BfG2v+H+x4gvmUF2enA4Ks4t5zL +7v1EQ65mhYyq7tHK6l8QKsUQAa0VKyjz4VhmbETHcoGZchtmA5cfCBOYx39U3WbU +tNndRH2Ko5r3LsBtSDRc5q+NvpVh7ETDjE1AuGHVLrvvjjnzKVXqlzoT1luNJNf3 +gHiz96FdMxnZG8jvg6sFLaBmW5OCkOZ48PZOFUJxsFHGKU0wWoRm9o201qum6iH1 +tnSJZ0J38MiICEWHKIzq+24MQ+ttK10vdqPblub+1NdkJah3Cu7j9W1u6+g8lUhU +YqvITg5ZhAzg9FYAE9PGyXVkvTr7kd07eBmVSHvTHrBIZU+zY3BKYFtCu+GgyfEe +3SZQX+pI3sPLnVUl5R83uTi9l6/AbtIzKFLq23BlbWksx0W2wUjBem4w8iQwe3fO +CJ4VDOxPv1URUetXpun3JmBVUmw7SZBcXaEHWrpKvxDPPyarXsebpLvuSS4Tx2g3 +2IyFmRteaW8N387sHm6eN4kCWwQTAQoARQIbAwsLCQ0ICgwHCwQDAgYVCgkICwMF +FgIDAQACHgECF4AWIQQpbJTb0CgCRb/Tkdd7UpZI7oVyZAUCYzyR+QUJDVy/oQAK +CRB7UpZI7oVyZEewD/9+Xk+9SOynO36Q7NYkJDs4PwWJBE9PyMZSNL+W3cuRPWCL +5g7/1I4fGbUO0wvGp7jnvBA3UXVVG8CLi2TtvqE+pmRawxAmLM4b9zfWgLNv7wF9 +4ipeUz/BGD0aVXEnLxaOtCBBt8eQFwKK6DPAJaS/zcLQ/LJZokYgDJVZs5GMQVI2 +iFWamzbXbYKKLmgFqhp52vwEe1hWOXsSQkx/q/bBs76Qk9Ft54i7WwSvPaFDlrMY +8oDwNkulJh/QQzXaHIxdTGxRixtqkPl3QYI+qg+VsLZt5Wn9AU1d29eR2yUVvaDn +uQcLS7LCJKK3TBcxIMHm6WYxdhT/ln2x4aEuC2zM+OKOA4rUn1y/6vuBIP/9I24e +fMwAWr8VZTS99G4rwLSEMcq1ZPz1aDCd9uge9vwcL8kXdET8X+8x4AHzK3mmhtdO +qSQaENpv5kD97mX1zoRNn4IXJmxLgTYgYveghngNkOqWMvwVbEtHCo+WWXtdWtUv +yA8cunVVGvrxfe/dBWGQgLTM0K5RKfYSKZEISET1g2dZE3qmFgAWJ8HxjoBEYUeK +Q8MKz2APfQ3ZKp/2Ljl/3gOuRWxq7wXzMD25QKCKCOUp7RnkeglEmnFSS9E/MWGi +rAr7tjtMBUqNsG7KzDH53clwRtbQMkzuuem1aWUjy+tDtdLW9bDJgoUK09ahU4kC +WwQTAQoARQIbAwsLCQ0ICgwHCwQDAgYVCgkICwMFFgIDAQACHgECF4AWIQQpbJTb +0CgCRb/Tkdd7UpZI7oVyZAUCZvS5fgUJERTnNQAKCRB7UpZI7oVyZMl8D/wO5rZM +hABjFth6XNBONDJBPoXXGfjvI3Zz5mWXQmVszcXW+8Z/3EYiCbB+dJ+hlfz7EQmz +OqINCgYgsoF0zk3XHu9fkGkjN4j/6NX+sY1Kt0P1jUnXutW19uwued3/bQ7OnoZ6 +O3mzWr0cy92k2S/d0ycGPhzxKYxxfbD5S/AMCw5XLd6O+dumQbsOAEcnOnnOh2g+ +6Qh6583anZYRFxIAEp+8RmOFjcLbJFKdfjhuDDTpakP+Da+KBHj82Zje/6wWOZsX +0JMJRNxLyZ6oKOElbio7b8QPCRVzZQxQaOAcloEuLv6ECPlmnH0gj1UafDmFTcfW +aEM7u6c9D7D0aQGstD/HHQPYTmpx4jY3zQk3R5jH6688AqLAwyAetPlk2RSJArJU +tXg1wmwwAKzErhc7o7A0Ckui4Tj1IoAWEtnfFwGEzpPcMOa3kBWAY+qKUtEzA/4U +/bQI1L8osyllykhG9PA/tNvN3zHRdjA7x2YdnGhBf5Mgwurbf6fLT7FQwUj2Jp8R +XcWA5QQYdSVPpd9Zc/PKFw6zu9zfNH3x6Ojr4eh3+7Zhd5hXzBEzyGx4Q1Bi2nfL +fWl7bEjyID298D9srg2Vx+QsH0dZXuGefdI7gVRxUDBrlV+HdoG/y0Vj3mZSWtTx +AAXuQrnMlxtLbFYihjFkstjcUQlfc+32B6yhtIhqBBARAgArBQJjPL1uBYMB4oUA +HhpodHRwOi8vd3d3LmNhY2VydC5vcmcvY3BzLnBocAAKCRDSuw0BZdD9WBWyAJY6 +J5Tyr1lYXstF5FKt/M5YLOfQAJ9dfpJV7wpYzXQU/bg6ITGklYm3ZbkCDQRZojkt +ARAAzTj2Byk9zvJexFM8agbVn8NBG31j3jUlLT+U/A/p+7h6VWwil7mFbj8z5cAo +tXQ8tZYyDxTp920NIuAU+S1QsMnnxwLPPDk/3Tu9RYTyNIlvKnyH4DgvZXHiH7dA +qfdzPMhj3z2hgbohHeh8byTN4HBjJLOLFLke/ALVjjg1+6zhMNyEvu2VyNalNOFK +MR/cWGGPcyWnCfIZ/RD0j+55GzjT7UjOfN+4FRHHRbFc2Fzamm9sk8FpQspK+DNH +gSNnF8DoXY0lAZPsUPtlTqiHeJE9Sb/KzixPbWSijaSowb2DhcthgjX/ujGCycGU +rXu+taez1JxcB7ocjIP+Xxh0jC7+NR1FAb35RyvQNybuP4XoEzBm5nhPjlC5uoIH +zO3p7tQnqHv7M0Axu0R+TAlEZIm2Pn10nYaw0eczP1ci9r/zFNIjdjlBHE7evm0X +gsbs57ZESPqTmNRm+SUmgI2V/Xy1rXHO/en1GwPqoXdzPNpT47eepbh7XPjShglM +bYAF7N0f3Ehqktq+g2YMXCI315HnYYXu00qZScDAwqDAkFAuJ9PTub5TFGIEHKqD +4okWxF0UiC9BC2SYy7kK22T1RygERwgIlu7zT/Qe+AMdSvpB/rEzbe3ttkEirv3G +jhD0U61OQWKZDH8vclmPPTq0kWd0PjUTrykEtC+MIYr0KdcAEQEAAYkCJQQYAQoA +DwUCWaI5LQIbDAUJA8JnAAAKCRB7UpZI7oVyZGE3D/0djTjxmFIN8tkBJd+JJ3eo +mjYAPTqaBJkZY8YXFQHp0wbZLis7y2OsAPDDgqz3fv52MVinl1rd2F/AGl2lBG46 +zaf+EhrS/i5uAo2ZT+zoZo6m1pSfe7Z5rhCaLvt3rHxS8fqQ7RAwprs7mNF/5hWr +VDezkZscdXN6RHLYq5z2UMABcltptr4+y6uqgUTVGl8RFgBovioXAHyf0+pBkOch +B+QiX5TJ/WHAgfiSG9xt3nX6wEZFvdHsH9dVnLj1tpHEJX2tJh4Jofajlcl3jShv +mpTaD539AgiRzQRoZlmi2+e9dI0az3GezZyEw6yjQWx2osSsOWr3pOTsOjDRtcWr +m2jH4QJyE6DFMDLMpXfwlBDQEyKdAiwlgOdwEdOrRbYCGipxQZIGzB+fXiXVKiJz +G8wyNM/tlaWDj7DFTI+vk8hX1agrfReFXLYVqzgIbQeGGRCT5PCpxsVb3MFvegx7 +gxcf+BRjuEMNFPHbcYIcEnXPzY6XAvpNsB+nXLrzn0+xfPwA7W5jXQljUmjh1uVR +iJxBcqie4YoHboWWkbwxn/sWubujFCQjfie/pjN+Fqp1C+SpOZHt8COf62kFSsn5 +coFYxlJDQE/VEzpfNRVli8UxEizV1migtb2aA8c9ltg3dyBfO9jTVd0T9m8ykVyd +eLfEovDWkIYuhYt3eQFkqIkCJQQYAQoADwIbDAUCXWPimwUJB4QQawAKCRB7UpZI +7oVyZOzzD/97YC+eQ94zfpxQxepl8AZ3eD2vtsv+pWgXfatTfvaDqkdSQRqjEsBY +pKtLZrZLo8NDS6MVGd5cLzMWRY1in3ccI80nct1Z24O6FfGIU7VKNrR/joy9Mvjo +G2SlEUJ1tgWRo0Z/GmVmbkHksy1rMoplfzmRZgJS20BrgTKOB7oM+pNU4+HKYB7X +2h3EmZYh0dnGhtRU9XitXL5gzeTDqaVipDm89kGYrC54j5afdOMl1ffN85n4DceU +Ayy8tDT4iqgsuc0bHEnBikFatt1qw6ECndZ2RWIlcP2oL8gnE0nCQi8wTcpbuhB7 +YY/r5Rh/fexgbvGQzkOtMx9Az7UGQq1xA0m1DcZHkI6E1LIaqukgj2xwqhk7Z8Id +Val0ccL7DQngyA+dWPZWNIM6T+hCw3jrNQuRHSq7Hg2ydJCHJTOCmYpFoMqiJI9R +luhKWtpoeO5UCPFmn8VzTvdF2hAiHMeca8LEQvl+prrBfH8iDHkERRw/FR3bf7co +th2r6gi8z9OLhw+lFLAKGnDpdkV2zI7lK3PV65q0LLIhTgcZ2H7cwZZ6DoaOVWJZ +0O8NjBUMmbn4WdU+/Lh0bZIC/tsuB2rI0sP8tUHJik1id3x6idgs85mqNHF/Cr9P +QDN6+F7QP1XLw5KVcZGMS4yf63TdfpTTarZnnB/MSqn/tACFJpEmHokCPAQYAQoA +JgIbDBYhBClslNvQKAJFv9OR13tSlkjuhXJkBQJhInvZBQkJYXYsAAoJEHtSlkju +hXJkIosP/jMsKSkI6YkVYqEBvSp6mUynq8FaceF1rakO8fabrJGCLvKpIEOhu314 +lh59tZd3TcO1FpczRSREpFWRVHDEHgWbEWaDHltDjVf4kEmIH7Te3t5mo14Q/hRP +wrJP5c9+MbHyBvKULwkWW9BPfEjyR+EgBtvEpUVaXbK0HSe7CKS+4aFtHTb0V4xq +H+PbgFqFwoaNZqhNjXtjWYaGQwIqlwYlVER9QoCrGj1x8NWrDsMckSa1QHR7kPIp +7igtNZyehI3js5+wBMgsjzVK2f7HpXhOaeVr/TFQmpFmywjIgVYUZhpifq4FKILV +TRXiRXbLno1BYj4Jd80PQHALYWZrsuoyDt1qStvww4Ti+ViR5XauPWpOgkkFFKRG +xiH7mEYUiWqq2arYT4EcaTFgJhQhrhkVvkh5xiRjGCF6cqWiFoWqpyEi5rYa1PEc +JmZmgcALfqQfkAztJPwd4NYRSMHb1JeSMwDloiIgWZP/UFvvMJChrBd+Zz5Tx0IP +iekwX1JoetBk2jEAd1HSIZsoJohhoLOqk+FLaBFK6biuH5Vij0ry/rXgCQwKyTf5 +ah/8hXZqwpnFPq8uMNQVj8/swgPdL0DCDRtALK2SgqwNZ5cIqkrZ0DyFTB0Vuiul +lsEaVkd2UgWtOXDcFhhVC5M/iH0rvFHGp1wTAS56L3P5p8/TyDM9iQI8BBgBCgAm +AhsMFiEEKWyU29AoAkW/05HXe1KWSO6FcmQFAmM8kjQFCQ1cwAcACgkQe1KWSO6F +cmRARQ//csJUhy3A/85xfh8csorjcHXQN92oRoCvFf0a3NrFNIWUnGp+FYvplFFI +iFifbzNVVlMARIoS0GAzk0pZp+fbmbNV86pGX+i2/ni3AC8eZa2LrJmGChpN9iYH +isl5NYLKiAmQmRgUJ1wdCR2j+AsUTPm0Jm3Z1dxeobPM6Xn829I0yHuHmAuodM0q +bHiMt7RbCuCRrhQcLzLpARpwOXa1FWOXuFXmDK1tRlSMSyrYWT5R0Jp5wZOWFtAi +27GPniNf1Is4KxolEnInnP6Pg1D8WFoNFIK68wBbhG898jH5cwJZQsSjywd2kEO2 +hV1OoDLVjaDO/8JcHNOr7UDcW4Gjkx/oKubrOhn7hKeT3CbGadkQgYGiPV6FVbbJ +HuVJ3MFCK6PouYh1wvD20fxdX0+UfCSKnbw1RtmdFGLriDgwlPMqwgHzKagHDF81 +lxfsQLnd8MUZDbb/4VtsfluZ4NMEZVZsLcL6rKcwIEdqbPN/e0r7vmSZWpAJ1DRV +hEARmyE0tJwaWbRvxXSwXt/tFJHc7RfHz+Kd+d512FEyBz6NuwYXYDUCRBBmjFcY +zK16rl9x2S9uO+RnX8TXZiBanene+Z6XBfUs7KgZPM3oNZFweM9KLnHiIHg//xv8 +QgNvTCTciidIbXOm1oVbLLvmq1CmfDY8useP6dSERXtMWyf8qSeJAjwEGAEKACYC +GwwWIQQpbJTb0CgCRb/Tkdd7UpZI7oVyZAUCZvS51wUJERTnqgAKCRB7UpZI7oVy +ZIecD/9OCtrvyiXo5vle0k4jOmtyQc7wQrWxYOEltXXATZJiPFEBec3MKR0HBUoK +I6QW1NM1A83wJQj4ZhSSgW5xj2c3dqMSP9mnRrrsBENwIWt2sLir9gNYvrrZLQPT +JjHl42qvSeXNfpre/HyVsrUnJl4YOlcMLGa9uaBeBxUY6FwZxp2HZdLWvacZLqNx +ZSSX56uL95EOmRz2ryvfOp84R3PnousKxzkC8JQ5uGRgelDriTgW8MdE1u7+IgKe +VNrl3CKlQsZD6ou1to6j1Y9W//6OoCDAm3BCG5ZZPqMBddfn1rKjw6AIn7LD2fgo +Xtt9Sh+HOMu8/q8aKJuYHMV/DDghmVg3Q3MT3WG+y4Y6dBT/B9PPktB8aNkJRCEd +NZAa/7sEwIp1nGX8mSjYKCEr5IelSq8XsLu+LbeGqPPDDuoE6ilvibOhoz+nVk7p +gyVZX397Q1xBgE0FDk5KfUVA3PCzOLJPH2+aDwSbCNp2aubi6Bih/cXyvbPLQxUb +Gt6o56L9qpXqQuAeZVW8EdYRpXQPNGcF01YsCHrj/wLa5b205KChozRYqF+zEqmA +TLNCBB2ClQa7WnW1TVEq+uVOA2uShgCFbpnPxtR4G3EQoBHCC+bPeBb2H5EROmW4 +Asfvas+77pzPDptdeIpjslMGef4Eb9zk6763uq9HgQVjbCbP+LkCDQRZojxHARAA +0+3ysWMTQBIhowEH4c+NpqMurTXwQd2PEBRRfpa9h8uYVnvf6YlO3HfzjBOzGGAQ +2yDcHN4R4ptZryDNVjrEgBwx7duc/FLjBHzeJHtaatkJJqP64W+NOa3yzcOzxYUA ++Fk8dMStOOM5RxoC/1U8QJTEgPmrcjr1cHjh4vvE8XumIp2Za/CudKMf+D7chaTC +DixPGKaYC4/oXhsUTEbWBx7Mzor4cKkz8kAuuCnYP1gC3FwyWR0glhlB9dd157kT +8G1m7SZQPxePvNzHghjmqkJjgRP/krdwXOTgUHJlcGfK8+lojRbhAIez8MghoZbH +XTSI8I8uF/7+5o5bbfho7E+Fo4koWu4T2gOnb47gUj9vMJUQcnGLDa+mlXoD1B/Q +6vT/HoVt5GeRlF/eFtttkvzMTjmtzbwGVhEq3jYTgwKdyUNdZeYntzWNrL97mMhD +fQr/+Aj1lrR5koBEH3Ljj/D2R58XvfEln5P4/Gf6CNJYkbhhbdTBOejrULWPEySX +qFac2RFVLImt1l1gtO+gmHMcAY3jO4zgvFLbyC0UOScYmdP8KnR7VfGZ6IweAIwq +Vvj1oKV1LFL+ir/LghJ65P+eDq6e4A8Klx+WebM5la7HutMO1YGUkpSQUVd0K5Qi +DbJsZG1JaO2H5VqIUIreQgB3T5P6DA0QIQ+WBaiBO4sAEQEAAYkCJQQYAQoADwUC +WaI8RwIbIAUJA8JnAAAKCRB7UpZI7oVyZB9+D/sF5GBrmKuGS0SInBG/coy6vUtz +v/3Gkkn+WU2pGIJ4Nqee301R7dt/aH1HrNv5ym8s/SN/lAwP5eZ2mwMJVNATkiun +5i3LNTr7bwebnnN5dWtEERQTUJbtlco7Yddh2RAVtnrPl8+oSxd5v0PrsDs5Xl0L +XHOKkMSFbrXspfgtOXFjysz5XPnjwDBmhS3m9NUQc5+dxXCB21J8NHByIlwam9db +p0bs3pa3pHPqnKNwx0jPxZ5wtwguIA86ZvLt9TrKKTTW1oEh4uu3xb5AUBwCgj6Q +fzI9Ffgyqj3h+Ufmb3CQMRxfjRu7X9zTjfAjM5rvxYLvA17ZRyewOgQdSkbuOyoS +KYiXftnXAnWQH3nYwM+/j6gq61gk9fVFhYOzTuvg5JU6E9msTIspvoVOYobkdqKj +sJj8ALcLxAEdFtt8s5xv8NMhIZA/MC/W6tHs85Fsf4gDYI+kbY4iXMb7OQh/cfQS +NgEnC3XIM1nmhtQtZl2tud7h6MPsGbUSVM8V8MtJRS0fJFsGgYKY3x/swGPRroPe +O0FjoXxG6QXBpLG9qb+42jpaxcG3pJV+6JrVjQTmCH56pReqcMXbqGr3tJhwQTrY +uqD3vmDhncW5SdTJUhxv4FXlao6ynVnd3yctsaaOh8XEW2cytmb9W/YtA8AXbT5Q +24l3vKiCg2P5LjBI0IkCJQQYAQoADwIbIAUCXWPitgUJB4QNbAAKCRB7UpZI7oVy +ZCNvEACQpB/IzC+7MMCriO2Fww1LRvBg7glYxqrlUoDgiG9qYckhJesIyUvpurWH +EbrQkhZCDOGecYMoHs4gquzg7d3jZ7eRSYBr7UCNxFMPGjZzqRbBzj0mVlfO02R+ +Glnqzt9RgNH5rhlW4i+5AJALwsU1tMvagSgpc6x9SGgTpWDwUX2TmI2GCggCOXpa +ED7Jc1wacipWllU7ibTnexfrJtgEE46EM7mWNWB4DiF2T41sUQ3Gx61Ml96jHadI +omM6v6puTk9aTRGr1WO2jOTRSOv0+gqe8jJFsRcJ5LJZ2F6objfP5GtrpWqCIWwQ +06+O3P41+jtRCPvoQD8cHlCo2UhdcPDTr2yxluan1yncWkVv/LQkz10MWlB67Kmc +VExQwgpmWrImU0eqyU7wT3HmLgFJEjJgFlgjUnsJvKv1BWi48uOP2EXh+yO8QtWu +xJiT7O9v0gK3JM5hgIM8RZf+DUR9/8hvWbOYrW3r6PmPUX050fkN6v8dgFhcTjDX +MRQETipig2v4SaeXhnK+jAFAnt0geE2kSXk7+oBK/uzVXPfDozQBfwj7XCHTo2P+ +4jwVY9wG4Qx9g14wSHE5U41/6zQaJFvoPz5LeeS4jKIUyUSA2JjiOeIAn9XIxM1x +4ubtm0V144zEZ2hHt7dpGC2s84yzxaYOCePHnPAGm1tSgpGgGIkCPAQYAQoAJgIb +IBYhBClslNvQKAJFv9OR13tSlkjuhXJkBQJhInvqBQkJYXMjAAoJEHtSlkjuhXJk +hdQP/ipb0ACYHP7PvDwONq8IsyzZ+tCritJ3Mzces1SoISNhp9N1P1fW7ibleSxI +HURkICfztSVmXw3ek6Gzs1m2AILLW8Sa5/q7ltrupn4lmyU6CPhfvpBhHMCwrKjB +xfyQL923eWcKiL7eUTNt+VXg6amTXbVnBCWuWeu6l982etf8YpTYXj5YkbSvhX0z +bOokRAxoSoqMxzZEjHcUda7tI1HbPQMFD+wGI+sH7k2QXh09pwVF5/W+FYgJwZzj +UBDyiYOazAjoOMvivCLMKvBbPzt1bet+WMeQt3hk1ob3qBb4CahRH6XUsK0tm/k3 +vcZrithFsWEWGOpadfE7tydA7eq38OpjA3PekflZg4MhZieB1ItKgbVubQG5QSov +TC7b08uevoR4D5iYpsbviQ0lg7DnVWhwmselUNtcdQK24001lQrtRauOBfZzxCmV +TWV1zqWnxFNAIMLog1qzodU01vmRLB22CorfYLJBq2YsE7p/9KwVD0lxwjs7djAE +QL79Y2TEBL988SVKANNQ8ce8Uoa1UdjzlCxFRaWbgIeyn6cv1oHmGhImsCR1PlTB +iQ8sqXUqiMpk5i/C9NAqZp4xoXw8m+J4GeDhlou9Ug6tq1wprrpn3+GHCPXbQalq +wCLLGAv9dK/xyrB5k93gvILwue8xOWy/4waOK002vPCbWO+liQI8BBgBCgAmAhsg +FiEEKWyU29AoAkW/05HXe1KWSO6FcmQFAmM8kjwFCQ1cvO0ACgkQe1KWSO6FcmTg +ZQ//T39SGE2DbAYMztP+YwqpTn7lZ0X/wyxwgGTXnbLrHoFVBeUxCFE/26fb7zyn +ARd1N7D0YJYNYmCwups2ghHiwtauNo+zl3d8HyvuHOXCcGQdIHophiGBAmP/Wg5z +8tUcWEq4GKBlTBDR80aoRCROnEVAq1/O2FAY33lB/5DYX8mBnO3ShA3tuhyuyCNA +gZAGgrgGeBLVRjy08uMmcES3vUkYx7KyYGveOdaSHS6kFmckHXZ1zFVBiLECjMyj +022hiAMl3ahhop+FL8QiDHoftMc+vZ9+O18S/ofq9yyETbKME0yCtNzXOhuhnGSH ++jyAvCWEuBc+agsBPhMkRF8qYdgqcIhuD8bReH4jIiV1w+8xhZABq2Z763VQgrUW +//36+C+t+JGIvs9ELgeueCISfCDg2M4DEAm30vWKepAXZ3HtJ999xNoFbr2+60df +2nNP2o+UGQwXtfTRumdJsCCzERbavNYrVPV0binkyH3St8bPp8YRf/+oFCpa5qpP +4gcOv4oYEEzT+jkOTGYNWDIxsPS0tzAKeAkRCx2ESPmX/nj9QL/UPcjZZOHTwiAj +GakX5qnVpT3bNJO3w+iPAJYThQ77+B+WclF3dbIKkCWh99dZ8fG4afLaOA+6HMdQ +p/VcFkA8oI+E+3AkmGmfxST+E8qjF0slQCrz2WeTqgATmrKJAjwEGAEKACYCGyAW +IQQpbJTb0CgCRb/Tkdd7UpZI7oVyZAUCZvS53gUJERTkkAAKCRB7UpZI7oVyZEiS +D/0f62kHIlH1AFJThQ1Z1uaPR1TMeSon4nn1pZNwZoKs3vwJsm/EFFRoOQMxSeap +msHalaPampwlfW3VgQNX1ruat1hge8sDaJtUd1QcltQ7VXpK+uVVMGnDt+yYXqXi +ZkaULq7YTS7s5xK6TQCTQyiI3XMxWBtFAfsXtL/ZIvLKuO7TBrJ38TqqZXkSOU9R +JOa5K8avtHG93cDnBWKlYbfGh2aP+kpWR7q722K5U05bu8cH1GMosSelnaPhjbUg +wQa88s7xpqskpHnJsaz50TocxNv/gt1bWLbpX3hpwSHJE2bZpGndE1j96vQjg0fB +GilRUQo8B2oaXxqkeTcnhj89nKAP+GVPI500ItSF3XHRLMHAJzJhJ0kS9Uy5m8Na +mbB2rLGwkukIbVo39dA9fL5Hd0bjHV20LWfrtNmRFp1HubWXxN46i1VMQ0k75B1f +4ujIhOuQiqOFtYUvLikm++/mCOZNSL87agjmHySZqm3ot6yTGE5zvXLLjaIG9BHW +a3IWCv6JH8TTzMeMXeJcDipQDPfIYR12KmmYrnkRXXEWQx40VeQvAgIKGYy3/gGP +JKVbSH8Xco8vy/bzyu489WsxzsApUzlYS1Lr4SkdlhHw0FLPfZkX7z6N0+y46+bS +igiW7HmQckJCms3iTcSO4zQcnrAAK0iGKGK9gp8oSwTNzQ== +=WiBU -----END PGP PUBLIC KEY BLOCK----- .... diff --git a/documentation/static/pgpkeys/yasu.key b/documentation/static/pgpkeys/yasu.key index ae51b81dc420..72817b33a93a 100644 --- a/documentation/static/pgpkeys/yasu.key +++ b/documentation/static/pgpkeys/yasu.key @@ -1,11 +1,13 @@ -// sh addkey.sh yasu D832BEEBEA4E9D4A ; +// sh addkey.sh yasu 4490C563F3069A92 ; [.literal-block-margin] .... -pub rsa3072/D832BEEBEA4E9D4A 2021-09-23 [SC] [expires: 2024-09-22] - Key fingerprint = 881A D41C E2E8 0463 0A1B CB2D D832 BEEB EA4E 9D4A +pub rsa4096/4490C563F3069A92 2019-03-19 [C] [expires: 2027-09-22] + Key fingerprint = 2668 36CB E4B6 E380 3D32 6DDD 4490 C563 F306 9A92 +uid Yasuhiro Kimura uid Yasuhiro Kimura -sub rsa3072/68B2DAC8F13AABFB 2021-09-23 [E] [expires: 2024-09-22] +sub rsa4096/D0D7AC3ED250133E 2023-07-16 [SA] [expires: 2026-07-15] +sub rsa4096/08B3FC8B49D602E1 2023-07-16 [E] [expires: 2026-07-15] .... @@ -13,43 +15,196 @@ sub rsa3072/68B2DAC8F13AABFB 2021-09-23 [E] [expires: 2024-09-22] .... -----BEGIN PGP PUBLIC KEY BLOCK----- -mQGNBGFMfCgBDADFE0AffS7k891Nt01DK+nIfSrqK8DBsCw21vL12seOp2Ttrjxe -GePcBAPBHkOwD5bsSHouke0x7EbCfc6nA94rzcO8hn9Yj7MJEni2/rwvUGjN7Un6 -3IaVPjD973h0iB0V/N7ytHA0fC12nYouJwmgPQrLTEvVkuayZzkkEH1kffZR9Xj4 -FwYpyhm9uauLT3RcU4xf9ORxdY9r1OgC1yZpAYCcyX1LRFZLCEEqRfzQ/wf/5tlB -6hCWXSpUxOPz9fEjjfsxiiIifBwxBcbRgLlJI8S0kqIEDWWDkU7TZwaA8rMryEDu -NafXJMrmuuUPpYUsoYfgfdX6b/p5GxlS4g7g/sEVULZAR5lfNHCFIxRd32xvfKXb -FyJ3aUdQl0sxZFzHefC8WDGDs9vmfxb7OfQCNmMJmVCtQl4iHo+ZXNzQWXa8Z19Z -9S/TXfwHuhyl06RJcpj3SVE3ElShkzN7QD9ez6o2K+bjbZvtP7f7mBCtF6qIfZAy -3Eh59TbPtvVe8bsAEQEAAbQiWWFzdWhpcm8gS2ltdXJhIDx5YXN1QEZyZWVCU0Qu -b3JnPokB1AQTAQoAPhYhBIga1Bzi6ARjChvLLdgyvuvqTp1KBQJhTHwoAhsDBQkF -o5qABQsJCAcDBRUKCQgLBRYDAgEAAh4FAheAAAoJENgyvuvqTp1KangL/158uUp1 -xP5TKMWpZ2eHWIqMWnOCcQliReetA8dvUQ/ZUUrbKPPdqGemh6UpvKauPMXpSttf -nAGRIWHyc9r/geufGnYsYzs0lf21KBdEfSGS/OGs0ulxQfPR5F6Ug9ijHvj+E6xP -cV4X8ob+rwD8WGD/8h/bWAPNT/VF8JSOXBjZ7HM2U1VLxVGQyjONls7Iad9HCSzo -WcQMHC3YVLJGUFcgwGtvRK7/lM75c0BGPybbtcfSnFtxCAsqim0SF5D8QW8oKhqz -u37aC7CQOW08F2W2Z0TyfoUDScQm7oK5GuUThnQ9NbwbK40oa6XIk/ZvzGHJS8Sn -nYZW/bi/piE/8qXGWHvarD1auTgfyJBX++WE7yQxyHn4L9ksqZI3pDYBGGhmUB2R -i5jYqy2fZGWxwQ6h4Bi201CC5F1B3OFywbLT+I1CxS096FrZ05IThmozrnyZSouu -o02FVHzodajDv+FIA91DCxFNAr5PIzc33eFh+gb4qmBOYxPo6aqDeSx2w7kBjQRh -THwoAQwA14rEA1i9oQra2iAFeTkRRXQ/7AREOJkOrY0EPtB2zbif1doMz+GzqVyr -V60MVAd02yanQbr/gsIxz5JpoKN63wtkr7eYC8Zviwa9penVl5zwl6xtJrul8n+V -ZwoeC6fCCkZtVwpJreWAJlLqVkm24bu5HI+gvuBqQM33rojXkvNOq5UTP5/APo38 -3wlQBYzXML1UgM9iYeBjXvaofRFNBL9ICPZ2cPHlC3nxzmkS/rLp6Gy1YOUs2+RT -WMYBmsVnHJiPqZM4JubZCN1Hzb4w50nzb6VjoAjgvvPCuTt80LyYy8eEmTmnNA+j -bvBehLeX7Z/GLuKU1kZqHfK/EgoQsyw/1fCsSonXcXjqTozFXk1c8guHXVG02Pho -28WbWgjhUcbZkRXJuHCPQtiDlGJg7Ovi0SUC5sTcGfPGOOnfFg7DNA0coFiVTsw9 -98a1UC4Le2RWrEF6Viq1RmX1UsR0Xg/D0wxSE38nfWJ9oaZS7x7/wBA/klujiyZj -2o7xN/1nABEBAAGJAbwEGAEKACYWIQSIGtQc4ugEYwobyy3YMr7r6k6dSgUCYUx8 -KAIbDAUJBaOagAAKCRDYMr7r6k6dSqm1C/9411b/evdquCzS8BAC2JzzZUabUXES -0p2jl+kTBb4HqaJTGJA4tgGmUd+ZGM/bakZ4XGo0ptNbkkUEZuD2YGMpaig/nauM -irxBir4f9T9M3PYddvtS6f59qL0n90TvT5xOM9YJ+zxGL0BH/dqJFb7ZfEBDQJ72 -CQc7nLO1ZBGEUvU8meN3jI0to/KINCTzWPNkFw2oc+xm15xhoO/gniLa/hHVltx/ -lmDaTdf3TmUYRvdWtVGqunYYm1MNFGq5VRbzrdt/c4mt4fIEPMqSODK0LB8JCehn -HyYJu1K9jjh5qMKGaQ6lMkhFDxRc5ThGtUGKIKnfnDr7df9gaECXhe7Hsgxhsiha -4H985Mi8IbBvYku4Fki2pBqdnlM5wy1Gp50tdLYTBMtbxJS93yaazd09Y8F7vQx1 -xChHdXeVi8YyPM0JYViKs0XSUsZV9uIQSkhxuBF33SAo16+cr+vSZl7KeTgGHjLp -W77x3WPoi66xBNQPFkOraVKTT6e3HVTspHA= -=pnLy +mQINBFyRIswBEADH5qQCpujYArxplSWDhjOjyPKsTGlcUulZslBRuCNG5zb2aXNP +CWMnaq6gLvbU/EKt1GaEymQ+VPYe1c5xxDLsdXHDGX/5FpH/s/sgTUdZKpQTR4eZ +MzDIYaObevwo4Z/lQj95jRuTvEGta5tPVXFCvrc1JV8tYoxSwLix+mCHIcj8KV/n +uqCDZoL/NSDAI5+v+fV60YHzcneB+ZqbzpbV/jI/KOiv/fiYkR2KzHnPnyJZNum9 +BAdAPjx/93zkxfIHRt92G95JvSUGMOw0tf4yPwUqdhNEQOOFS9AZ50tJ/8oLi289 +6Fp15Q5yQ6iSC8hKGvKN7d/2yoZLScXY7gW4Ay/hGgF60R7wT3Q3L5R0fXUBmiKC +2P1mR2c4asSQzJallcLdYojyOvp/q3R92Ahw/o1OtvGp4AyuWUAbm5EgGBUn2jsf +lbYEKT1ZcK3MC+kf1soLAqWVVBmkIh+3aHV8fkOe8kQK/llOc3mSCj2UoVQh+k3y +R9dfljDO74D1psbyBcYOOKOTzscs6ycn1B5VXq6sdgmDY7caQLGavmOZVJGXPxqh +O1NDg25AxHkKcWJskKUMrkZfIQzDvC8EoqPNIAjJfjiefLpbcLMDrhsL9hkPd1IB +T7Kf9z+EV/EddqudDEaM1CMc1bhGQORPmp9FBI8GRvykAqFO/wb75HVccwARAQAB +tCJZYXN1aGlybyBLaW11cmEgPHlhc3VARnJlZUJTRC5vcmc+iQJXBBMBCABBAhsB +BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAFiEEJmg2y+S244A9Mm3dRJDFY/MG +mpIFAmbvrgEFCRACJbUACgkQRJDFY/MGmpJSzhAAk74djyojEo/MWEp5CpZGRdjG +x7IO1rKBwg37HixbSYw0YcQVfvqaQ/n6iLnG/1P2j28SiGP8wilSzakpas8PvLtR +sBrKabJaj0QB9zPhP80KYg5mm6HmA/8qNgyvp/tKYdz4hTu9EL8ZrrpEjnis1QZy +uSqNnWA3N0xaxqjqR/zZhM/oNW282vHSFUu2uvhSUUmi8z1U1d6gGS0cpHL+jBrY +997944c34ixCxYSLoNBtL9yh8CvDr6QJKPnmcBZfpwl1oOUWmoKnDO4f04SyyFN2 +BRh3OoJBMdbMQ6/2fpZO9Er8iYrK3JD1lYr72Ufr3Ushkud2St+gNaCnLP/p3coe +kVebB0aEQqf+XkuZc7VZqRYodcuBrvHTYvHJ6/3xNEW44VOdlUL6uSV+FfuPKvhu +Eg54gaGZrcemo0vl/M+CfjVlBf4/lfDXpKa4RNuT0wXF8pOx4Ita4gk8bGbLHbwr +6nnXGZNWLIwhSac8+nBj++PeXMAIyBGHioMvHENeLLeYPgetzD1KBYtPhbHSoiZk +3aRrd7cQtoIFtTPGZ6eCDRuRA2wyVEX1iltBBYbYiwzAEzdD0nEcgvpgWokglvFA +vlmXpVde8F5pKYDBAydkexmHDl/HzpcHs9mBDdBDD1mXBZIEdRHgqNSTRNld90Xb +yNr4heyVwO4GkDSERLW0Illhc3VoaXJvIEtpbXVyYSA8eWFzdUB1dGFoaW1lLm9y +Zz6JAlQEEwEIAD4FCwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGwEWIQQmaDbL5Lbj +gD0ybd1EkMVj8waakgUCZu+uAQUJEAIltQAKCRBEkMVj8waakjiZEACfD9Gnnao1 +ROP8ON5gM6UtMGF49lo9lhvjBn+WmqQb66HZA5oYUkT26GAiO7+8dCOwD+zjXz+U +I5Dcj7f8C6c/Wik2LnpmhFm797iaROZnufNOfQbN0Kby2Rt0D9yvtYRaox6e/UoL +K++iLWbJATK84AoeLYRvOej31JDeFLHDwue6lFSFpRVxjDetYU4OkFd4vf/c9kv+ +hpkU7wpoVTSnbGdugEQGxbLCAXgO21yDgh7/0+2jvxjP8IbbOCeKX+mboM+BkPp0 +kH4V0DfnSoyNk0UO/Rwh4YwTsL+8R3tiedTGXr5KONso0gatyPm6K1USkz/Unh06 +lybmtZQe195jW3o+QhkGaCjy2xmyp4I6nqp6C7OPRYs6ytzNVOffNxD/hW2+caVC +s07CiT/xW70yfZDMld9TWYTQHFvZOdbBvCpU2geOtR/QB1Ic33oNA2scu3ayGsiS +DiaJ18nF4I94SRqihh4+BnkkjhiWUqhnpgJaUkAd7MKvs6SfFv6k/YiHGPlpsN7d +k9r+Cs9Lha9PCDmeYdTXdropSLfzCgyC1YGAJal/rLWtk4hQyzl69Z6JVerZj6y8 +y9RdVTZEthQQDfUK8Tf9bMqu+QyA5pGS+u007K/Gl9GySXzuisZRUP1isIH21jkJ +ecOkqOurfIcO/qH6SeINtgqaRg7XTI0iOLkCDQRckSLMARAAq88ShSst34DmNN+L +TIHcdcZH/nCtt+NeFWPHPKgz8fHlnKbxeP9XLgvshabgnDCYQsEWthfuF+9zNsUu +1lD8k43lFWr+C5Pe4eewc+B8p4zkOh/f0YNvz5JMrZqhbgSpS7sfPXYFZm9UBjBU +JEpXziIsCYbGD3Sid5UydT8jXgKMaW0MewezDf9Y3JBFyR5eYYQUDNMUX4m0CaMr +svHZrY6T4aBFxASjaK7yKKR6tOoVBTWYNvBE6lZuB78CGtGPfrA4fGUQiepGozdO +UR5+6XA9OxR+3bUyRpFiwjyWjtJL/qXeIJCl/IMw5cVmu16D2QyB++EZABjZVdAt +tqHG/Z8V0/Ov2TSS7HfQ1+iICwQoc5W2SDsUvmNdRjCdWimqJURLLaMp0PMxMR7h +BuYAMHlICvxaM2pUNXaKtue5kr7UTPgc2pTG0OutABFenCoLHUhAL64oTZYHAe7c +go1xs/xBTnVCZzal7nERJEMuWV8WuaARc2CDiaOBvFq45nET/9ouGrfdZDfGzDKG +fUs1maVleNqPmUAjdp9CsKwyVCrIp31KydXA9gkgblncdbo9Y/jcKyxPXpbxMR1K +cPMgRvGdG+mZ+92sVziUMvkMUggiwAngvHk/hM61+pFc97HY8RKOG9ixBbh900Hk +8zbsdG7h5tmh4rnVlq6UFL5KGp0AEQEAAYkCVQQoAQgAPxYhBCZoNsvktuOAPTJt +3USQxWPzBpqSBQJks37XIR0DSXQgaXMgcmVwbGFjZWQgd2l0aCBuZXcgc3Via2V5 +LgAKCRBEkMVj8waakvkHD/4t/hA86c0JqtcZB+fTvzChUzxjzECaIYIGXzSjEGcz +MNNVR3lHydvNtU6LsDKeUUWSmw0GSSnS2E37bjQ5eggiejDATzJPh1sW0515xSJu +89cHcm7aZR5iNRV4Juks2fyp91uFstqzQXXRQllmllgtB10+qxpGz11q17J9MkEN +CPysbdHtPetA4CMyDj8y1HUu60+PZIu2LI9Kj3edB6J/UzICmyab00dBGapTf2z+ +e2O9b0iPKQWCrUjmVzRU7quEzA4ey/ptvch7rxUEUJIZHAspKyxGX69jSaG+G7Nn +BoLbu9FxMztB+qqbuERrfOPMJXwWgOAUKQrBxKq2DPoAfOsUEi02aMhtlKZ8LNsU +f4QRRFLcJJJIEExiGu77CIDCnQXvMda7VLgn2eDtMXuUgX4iYNh6nkRk28c+5JkW +05USxcghyBgCCN1hJvaLZZDO76sGJx0bGRDdb8QiKa6L+zKBQOC1W+auNq//GtpO +zpteNFpyQDax+jf4OQClF6pF74i1KJWFlUe5s/6JExiaM5jIuvhv1YRZpUaISYd/ +nO1gx9IIgNED18aAmxjXTQERHpVi0k/QbueBktR/VBKLlLait0yNn0gY2CuowDcO +LmyqSQq4Wec5Q4SdS0/0GfIVJ3jc7/JSGBSfcUSnrFTI+k5fKmSNJmHgURXv/vGi +YYkEcgQYAQgAJgIbLhYhBCZoNsvktuOAPTJt3USQxWPzBpqSBQJkstunBQkT7MPb +AkDBdCAEGQEIAB0WIQTCai+LOAYyy0nPTfBa9uAIfq4tkQUCXJEizAAKCRBa9uAI +fq4tkTQzEACHRTNhxoWvJe7yBnqAlCBUcYc2M3lA8YrtfHQe+ebK0zfe30Fpvqzh ++DnpJOQSo2qCNH8BGC02Dr1rB0Ufif6LR+nL1i1J57QLEtrYLVWmW/nPTq1ww+c0 +ILVlMEoX4kJ4OeHG+onw8XdakzK5JpVRfc4JrVbvHzfEawsF/W/8QfHjYHrhRwGV +MsVqZfdUGXrqxoU1TRzqvZNkGMWGm2xLGQqA61+Au3Jgm2hb+ZghbqD7cFAI9q0F +lw+KAseNuAhcSK1iLI1N9XQP8hmMIeHw4wihz5a0RRch5GmtVE3r/1qqz0q1StZz +PM+9tKC8jTtj2myVqEoG4a8nPvU5a74f8gvNIqIE9XvlSzhAzm13Y7FJhm55eHT4 +Y0NUagWMQx3C19BiU8XGfx2kLzDEHuv28J8Ysbki6OTolPKYNlGDaghOc9PBY7JI +43j9tkAsphkG272guA6fKB6LHWtsKYJe5pJXyXJ5YQR6AnvsSV0gsaqUBOewJovQ +ozq6aZGyzk9A0MPYkoewdUcrRqyPlH+RDw7Y8nb/yxKFm4AGvHk1BzTHqJJraEBR +MrA6nwMjpsyxTE+H4GXniVxsjnikmQBjM1EttNl4jrj+hi1djLmAfa/f8IrjQxmW +ayB7IYCpmztcg7E5HNSyM5Vj03PDR/ejWTVdLx/kiGvBsXZ9ngKJ5QkQRJDFY/MG +mpKhAQ/8Cq0DGm5eQ+fNumur0L+PzjZkdSi+EvsiNRKaaP57h4TToaamoK/K/gCg +nKyU0TdkewdLpuKTu0JM/Tm89kAh1qrefUqZ5Z2rYwv1kObeHHKgfhbBP0TZOWrf +M4UjdRryB/csb6a0xRUdlgzSfQHagyy0XITq6ZNWUgkGeoMat5Qs8AffblD6norW +lEcwzONaOYEOtu+6Cq8tsh0jW2dfBEjJg6csXvk5/HFTAMkd1iXRDHt0O3NSmuMw +TxuHvwDI6u9IJGsv2e7/5s0AuwJoe54d/Rl3v3jpfTzcAyH7/HcSSFfEaM6tyNIA +AUiGtHuk+l2nTPK7JG/cDfUr+JOfdnM5q+TJ2JDt2FrCS25w+PSfaVq2pG+GLiwx +2c2qSBjDh6fpRApkFVzOV4UG1U449JvmKDLNklX66qh5dz8gKk0JpLIyZREsz1kE +eMpdbc4nnYp6poOIpfC1wY/914pKd4+mcqqiBKjB4uvAUaubYUce/Y6E1fAJ4YFa +i4o1zAqZ4HQn0NuIO8KkrTGrL1eNELPS/PfuEvlMzAPZhkjkN2MEC5WilNi4cu4r +9o9qLxgd+J7SAdT4dMEUny7WZ1TJihLxIfeQVkq8EhygMD8c9IUIVigQTodGgh5j +hbTeveYebJJZ45kEM/a/6gKZ/M7nefd7upg68SFsIyL/H2+8PEe5Ag0EXJFmdwEQ +ALyssRNwNYASoBER2veIGefPLl0eDuY5BDmZps1UBICtb0e57iliyKuKUB5pN/cY +z3O7CCP+hZfnEOkWSHemQRdH7y6sViCvCU7+geUcoczDGgn0Aow05WYWhN0mbl/e +9NgJlEHKbyUKjLVgwAPguHT+7zErKnEzICj8eiH6jxzCW6cwoNuJGXusn/JNp0Db +KHKMudnGT2n2vZ5RwC9x1bzIR69jfAB3wcOiNUbj1JpG/688RaWEFwifnGw8QcRu +oBnZWRlUEsQkll/B8XdHKRzEyGAs7oTmSNazXOUt1lxHW8/zPkV4DtO03srRf96x +x6os+fQgRa9RGN6T27VMuUtqJBD8Ou+SAyh+4gbaVG3/L+3u/B7jUMEvLRQ0dMRr +wIaXoMNSfBCKyjdvZY45O60nH87zMkXGiB4lBZflrCKzDJCePjhsNRd+S2NS5WAc +nQcKicmKOTlCZTHhoFLbmP4Q0QzQX2UBzKXltbHzFXbGz2xmzuPL+wdJJxZHT3bI +TjYKG/uaz92CGP0inM5Swe5VBnt6rJwjTmdH5eSLuNFiZOSuAC6+NTVYbb2vzXtr +GLSnsL1J9MATiyZ0zm+MXfj9bjeKaLVdO6arWijOTQz6PR75GTCJtmlaIZ49Vrsb +TFpZvtzGKTTGlFfFXzOqD2jyfVQNdv9LoUKhLM7WZw/zABEBAAGJAl0EKAEIAEcW +IQQmaDbL5LbjgD0ybd1EkMVj8waakgUCZLN/JSkdA1RoZSByZWFzb25lIHRvIHVz +ZSB0aGlzIHN1YmtleSBpcyBsb3N0LgAKCRBEkMVj8waaktZcEADBOrarxMRjVaNW +WbvjgAevunefWzhUgPhRJmYosZYH/ijGqgReXMgc8erh4arOirPXs7yRthdZG4x8 +CWkM1F4nXNq/jtyjIdnSpkY+/AdyuRDJhweW3PmDfeiIK0Fkqg3VjBwD6n+N7Laz +LlVqzBZ2CTg5ed+jMipCYwbP0puTBk+87FxKytgg0ddtYwns8jXzk6YG4VFvECZr +UT9f8SdmTDdHYmdsD/3qhF5MKOKBEDwJWnKS94jBx/GTMVFPU07nQ3SgmfXXMVAq +AC9AEp2caLyV7f80UmrCDzakhljkzE8jWrAuQFXnZHawBTRauhTOjZ5ru6bI58WA +zoNe/UStifradbGI/LromZkZTmDvyG8oYd1HSdbihh0E+pii3rK1IqxpvGgpxIut +L6PzzT4qpIAoGPkJychDGl+GBHatRcUFeiGEWJ5UKCkTddRndAmewEP+tloVhZJH +FFHMMBdAcD0Xw+Hdu2U/7bO4EkaYw6E7JCi2SoSfO5tX4/AkTKy5mXz2CmfqIxyi +bXW/Mlh5ZZ1x/DztknK592YF2RnbL56DwWy83vqdFnYmZLoJ2orp8othnKhcJCLQ ++8VVfAFmlC+qM8z1g69KzANtHkvysuFVYYfWGv1fSfKkA7U3evzaSSEOwy+8WSh/ +3fZ29FWIeKOMCKeRXFlzL7AwQ+bzO4kEcgQYAQgAJgIbAhYhBCZoNsvktuOAPTJt +3USQxWPzBpqSBQJkstunBQkT7IAwAkDBdCAEGQEIAB0WIQR2qWafgmEHbVwyPq4r +nouZhxQRPwUCXJFmdwAKCRArnouZhxQRP7f4D/9L330B0GArepaPFvkY9QHAmpWW +Y4A3ZMuZFtMnSfYFquDR/fty/u4l+oKUceKPnNeii9+St6H6ZUYgcrk9jpEqfECt +Io3R6aHNU/dPi4P3xm82k95r+4SowpGHwbPBrG4mfPgcAFPXLJBV/ofKp+B6K5FT +JpmI/3C6O7uHM4WFQHBR/WRmG8NBUWjLq0SIvDX9G+A9HcWFdSoeiJmSA4vO1CPM +2ELK7m7raNpvn16Nfl3p8iVDSeWhCSA+170oaA6pSsxPLO5moE8RhWOA4bcgGRK8 +tvTFaOpYLdo5uqiOg3A3EUVsCkfFGRFLS5itNQC22PcGD7d8MR/D+RF1JgRwP0TB +1CKfAL5hLXjiurrzv3f9R5bEK1pBYxGOnkFqJjo16WXgrVTVrfYh8GVAG1SbHxMp +U1I6bGfXrfiyRWJTeKbbKROLyeLIfcNnzZXXuV7MvfOYVitGGYd890izqDmrTo7b +G4yav6615IKk3E8lSM/ggGXTqdMbOTG1fo4qA1xd2viaAfCUp6P39Ux1HTO9G0se +lx/hnxw+eyeqVj5cZoXDJnm7yzHDOJ/sZ01bp9RCnmtp7PncvMrTJbr2/tABMdxt +PHs03ME9wScyBGR3NprTYmdAYQDroYPw6rApKzF2pYL2VlSu9/ul3IMqCli1qZBW +ILcw13R+i7/+6OChjgkQRJDFY/MGmpIrpxAAnAl5YL/K/z9gF1pT6RN4b7SUiK8u +EuPOt8HFnseIF0kLJWMGPAKykr2e4tYPgbLTJKn1mIxZQ6HFYybgZXJ2yNoY3kBI +0LofwDoEHZwkZzk5ydfdhUevlHDk/WzyWBWKhTVObCVNUgc+1du6EVBIeQ7eYTzA +yeSSF5F0DXGeS3XhA3faLUwewGphdjdV07SUG1UNzJPlEm0Aq+VYtp6vwE8pzUUR +NlQ4tm+oV0gEAE9PV1OfAxG9JHKV0N5WD1MfvN3jW8xWW4taN80mGliD+LxsTma9 +/Cw1av6lgvQJHoqf6UcglqAaPj6bAda6yGMPwE91W+wiRtcyoEo9zhBOLDHSInzD +nCZiEO2TeP+qxOWHda0Y8n2EACbINY8R/rqSotc1rvyqVgHDmoSe+Go0ILcqe8hS +iTCkho+W2gxZzaGFLU8Bpb9u7ABAvkjg1svAlsJYcVv6BS7NJcX5gAAyP5Wtp49u +7YTzoKA1Cu7xja0h5UwWpZBMe2rJkpRU7+FFyfu+HjBgEuk8GqfKT30GmcbIhbL5 +bHjAExV8DB9221cU4GLsopAXgjVEqdwdZPj5bu1l60mxrmZq8+VhS23dP9s5J4Wt +3/a/8mFur8fH1DkFKjzsWmGxe90kd/hazVTZSDdJAFUcsaMtH/5MY9pzKK5auNhC +zilVpUCBa5W8zT+5Ag0EZLN9PgEQANbeoVg2kWsyCL35NDxK9GmnmRhlgMlFhzGE +MSkMmBmDK0YmdLerAK07vs4XZGSEB1K8mmdkzpWrwjN6vRpG74qhhexmr5uidYar +tYZQ94ucTccSuG6bH8HLj2qrvkqSDZdI4kyNboQm8q2QXV272nxqgZbzv+sZ0SLq +bai7X1O2ldqDr7NCREQcvw2EDXroGNG+4pMWyYx4skj/srM+LhpkJta2+NFxW7n7 +t/nthK4D8lVYy8wTI6VgHvbPAcAcRITKnV1EzLgfKky+/ZDv0uS7ANy1m2i3TLZ6 +oK+zErRDuAf6KMFndAtyoK/eugbaf4bWN9ZMRUfkZ8O7QX0y6myUpe07a3RgeiCT +lR5BImNfpk9sM7MqfjGRSRQHww4NKuaby/YnnKraEDrJuyVoUM7YDcdFJRld5Ne1 +KYkNg0/7DHVCHGtSIj8qMZoSNJ2EYjJwBH0z7w3/OAaaUVQTFinuNI2b53+S4ph+ +SGZ6k3sk7jBW3QcUwsNE/E+8zh4kcXye1ajSlF4yyBGo1ijRDaCSQGbUcVeayTeL +o5a33qmAsFzOfv9vq63vFgDlXfdWXp4IfExS0D4nxWU08mWgQM9YDRaQpfv5b/de +I40J3uXiNXiQu5smA3tB2MsjgbaOgAvlph7H04ebsZlJ0aKVcE/pBNzBIDNW+xd4 +WW9E9zHlABEBAAGJBHIEGAEIACYFCQWjmoAWIQQmaDbL5LbjgD0ybd1EkMVj8waa +kgUCZLN97QIbIgJAwXQgBBkBCAAdFiEEXsxND5hP2hWKn3dH0NesPtJQEz4FAmSz +fT4ACgkQ0NesPtJQEz6BzRAAuIvkcE6eV3NGVImVl6X/b2QXdFDEriXcPyq6bluB +FdQB71oIAMj/++7kuY9nes3HghYZmoNQbtSggGuTLZx8yCjyyUO5orUwIjSXhbK8 +BuaPiSuyC+cF3e+Y+14av8OIlwDJ1xa1aItHqKkH3IK/SCIZwc1bYfPoalok1ja7 +7laD73p4+Mfqz0fFg0xOidFFAMLfvevS57qpX2Ifh4shj+WdelerVR7K4ajGp9Wl +XCu8ZDQRvVuWvmwtxW/RZhjc4gUJKIC0fHo4jWsa0Kk/4qO+OQ/qUytySKoMdK3E +fp8WgXljvc4omYddj4HVrdNq9y8aZpw+fjt3E/jnhD6Zy1xG9qz+26KXCpz6K92O +hc9EvtEPHiyYNOZ3Bm6m5omO1mI2wrs7KrecKQk3nToxE5H3n07BjvdQ0t7xJuiS +bPufLhtsHFlh0Vg+tZUA21+kc1khKjW71zpVdYoL4Ox6Usb9bGwJsvTrTVtIwPPD +1zuWp8BqF0DBMVP3HHG1a/F3yl+Ky5JoKoiYqHvIGByxJKEo7h5pHw0HsOId+yxS +k05CI46VQli1lBCqSpFc26beBggjhkcGeaDn/cXTMKTDqtLwcSBzk2ZLbIitIUev +cED+B97Whmlx6HF4Qrtq8qYe4an+2J7S0WsUAuXBfkfzX3j5LS4ZTH2T1NNqky/f +P+4JEESQxWPzBpqSVu8QAKFmAn9EbdguyRHwzO9Lu8UyvrVYOC90HcC20KLzw+UG +22QBxBUQkXOXTooAcSkd+kXwnh+w2g5riW68RzUQIfVtjd9lBfTlwXQvDx8kmSlt +d0fufxmrwCYnSF68RiyoTdi4BY9tuqW8qQZxDydTnbr2bDBKmE5YiA5gjxzJ7hlS +zDfTxmODJXH6CRmANmRUbO28J3J+v1W251HpeweJ0gCijFfUgVkD/mcvS8Fkef+r +hGeZVYRXVMvGkxv5weDuQUjEy99Y3fub1g3cFgD1UY44gtgL/qmvJ7e1MzNoqgGC +r1e7TJErzsha9Hfe9vNO338ROtcc4beD6OAt68Ket+rDHH2zgidNyfkNOcdE+v6u +oJLOhV5A+xriCT2dcakJ+Q8wxMGdHpj1WPquyINBZp7WLJhJJ0ro/5HygZeP3dvN +4TqDudaUfRxEoAEo0lX8m5TXFN+lVSyyvT8KscsKGiVHCZ49t7BWAhuEoIGckjgU +clAwKydSQ9tFM3vdkbV2FqKGwRlRIJzuxim31dxQHO8EZqobNAq4VhLD2xHJhOGZ +ZoO1zAIxw7M46/GMA/6DwrShm59qRP0a8BxnR/O5i7Dog8bYgDUhJEabLEAcNLR+ +2534qlrmwtqCXmgLLW08vJduccBvmTCVNri1HKcQl8QwCJlQV0/0on4kayld0jMY +uQINBGSzfgABEAC5l1TCIIiuWOedH6OXOysbQLVzZeauli1mcZ8VxAyC4SZ3hwDL +GwL9gXp/y8ptc1j5WmtW2Ev8xKB8tli41u1YSdGr5O4NOBNammLqpOfOX/h+9WbI +cjGdNBNtocrXBuNR2zshs91sMYXgWALEd1dUvJwo65b4T9Yf/OxwJFrckXnW8uLB +LN15lwn1yE1S39+Lkl2Rvscz9BzpKfOdqA0hG64yuIpD42zdr0S+/PELWeFmPMM8 +gRGbnoDdoJtLiPvR+Pm2bGFDPZMm1HctNEUkRP5xwmlhScKUMcir0rJKZgBtBKQo +zvGJo2VZYzKovTbpPFzDMUqoNGfP5//c1HSEgvob71oYtLSGwWY2EIW2AW6547Un +w08LVtZmLOlTW7/EBBAT8O+4bkl7NSugDTldih3Hsydz5SD3737uI3mUba6FUIdR ++G8fEbsi2eSCEJ8rXD95vStl++aPAesw24SP/hvMoXZ/cyxwnCSfvmco0dNd2fFt +/E4h1nT3Ce8ComfpFO9HPzJmqKZcQEBcrUh79vdvdeW+4FBoHKim5AIY5DhpaRU5 +/Fw0igOapIjs6pb0JFfVbkLMVeD2E/ptiEWSIm7Sw59hItAHB7l0Nz7C+zPdhpnO +5pwiD4cSorDpyvPQkJ/i0noDLU7saVs7yDRgmckfE0eL1KkWlj7LH72zQwARAQAB +iQI8BBgBCAAmFiEEJmg2y+S244A9Mm3dRJDFY/MGmpIFAmSzfgACGwwFCQWjmoAA +CgkQRJDFY/MGmpK3kxAAiRSE1J6K9BwPWh467KQxJHwbJP/MK6XjnaPqfBBvBCQM +kxtxcyD3R9q2y/VTJb5cHOiZV8IeGBHOfI1mPgSp23CZndTlMM0cHgxL7A85cSgN +w5LYXI41QeBS5p46N63WnXiLlOzjA2T2+uyCHzOhz21Do+plUxPRxAGri/7v6xSS +XoLAR94wOdiKkJoUFqLVQI2CMHgsmMS5j1nObzlHs5J+fpGjo1kabVKQgOZxKS0E +eB+A2qCPVuG1H/a6XljQV7kPpr0UOoZLl1zNqs2RnPKR/sW/DfbP9/aa8moKd8eA +MnqZXCXBCqHympwTD230fER9BVew27xGMACalcrUz62rBLEM/GK2x/HDGbNAgYKY +r6E40MUevJ/dy1Gn2GAKodOvF5610iNGWd2QNWh/nbgCLKATu6JEZ1TC+UVElf9w +FRZTrYCjMVn3ikQu7JjoPvR/LFq8cWXvu+PxR3IKHO8Lcs6uClzIrWpYcDKsULHM +pHPRhMW9XMjjoic5M7reT7YF8N0BCh2vdvQXxCFUG61GP8dwayppl2aioHAG9mTb +6JHvVbcwJOklNpIk8rGhKFJBMl36/EnAHt0O5Onzm29eboArh1f/2P7sc7UioGzp +UIodVIErkdpus5ZLxKtbR7hwq1VJ88eM0JSyj/rJO2BRAFVPkFfS08WDfOQ7s9g= +=7bfn -----END PGP PUBLIC KEY BLOCK----- .... diff --git a/shared/lib/InterDocumentReferencesMacro/extension.rb b/shared/lib/InterDocumentReferencesMacro/extension.rb index fc6ca4e76a7a..7d74ede1bb5a 100644 --- a/shared/lib/InterDocumentReferencesMacro/extension.rb +++ b/shared/lib/InterDocumentReferencesMacro/extension.rb @@ -12,6 +12,10 @@ def process parent, target, attrs anchor = attrs[1] text = attrs[2] + if text.nil? || text.empty? + warn "Crossref '#{anchor}' needs a description." + end + doc = parent.document if doc.backend == 'html5' diff --git a/website/content/en/administration.adoc b/website/content/en/administration.adoc index 0e07f59271b6..71e9c44f5b51 100644 --- a/website/content/en/administration.adoc +++ b/website/content/en/administration.adoc @@ -100,9 +100,11 @@ The https://www.freebsd.org/portmgr/charter/[portmgr team charter] describes the The primary responsibility of the FreeBSD Port Security Team is to provide rapid response to security incidents that affects the FreeBSD ports collection and protect the FreeBSD user community by keeping the community informed of bugs, exploits, popular attacks, and other risks. More details are available on the https://wiki.freebsd.org/PortsSecteam[Wiki page]. +* {fernape} * {fluffy} * {joneum} * {riggs} +* {tz} ''' @@ -151,7 +153,7 @@ Furthermore, it is responsible for resolving software bugs affecting the securit The FreeBSD Security Officer Charter describes the duties and responsibilities of the Security Officer in greater detail. * {gordon} (Officer) -* {bapt} (Core Team Liaison) +* {allanjude} (Core Team Liaison) * {delphij} (Officer Emeritus, Release Engineering Team Liaison) * {des} (Officer Emeritus) * {emaste} (Deputy Officer) diff --git a/website/content/en/applications.adoc b/website/content/en/applications.adoc index 63021f1066ce..a4e9a4478a73 100644 --- a/website/content/en/applications.adoc +++ b/website/content/en/applications.adoc @@ -22,9 +22,9 @@ Because FreeBSD is based on 4.4BSD, an industry-standard version of UNIX, it is Here are some examples of the environments in which FreeBSD is used: * *Internet services.* Many Internet Service Providers (ISPs) find FreeBSD ideal, running WWW, Usenet news, FTP, Email, and other services. Ready-to-run software like the http://nginx.org[NGINX] or http://www.apache.org/[Apache] web server or the http://proftpd.org/[ProFTPD] or http://security.appspot.com/vsftpd.html[vsftpd] FTP server make it easy to set up a business or community-centered ISP. Of course, with FreeBSD's unbeatable link:../internet/[networking], your users will enjoy high speed, reliable services. -* *X Window workstation.* From an inexpensive X terminal to an advanced X display, FreeBSD works quite well. Free X software (http://x.org/[X.Org](T)) comes with the system. http://www.nvidia.com/[NVIDIA] offers native drivers for their high-performance graphics hardware, and the industry standard http://www.opengroup.org/motif/[Motif](R) and http://www.opengl.org/[OpenGL](R) libraries are supported. The http://xfce.org/[Xfce] and http://lxde.org/[LXDE] products provide a desktop environment. The http://www.kde.org[KDE] and http://www.gnome.org[GNOME] desktop environments also enjoy full support and provide office suite functionality, with further good functionality available in the https://www.libreoffice.org/[LibreOffice], http://www.openoffice.org/[OpenOffice.Org] and http://www.softmaker.com/en/[TextMaker] products. +* *X Window workstation.* From an inexpensive X terminal to an advanced X display, FreeBSD works quite well. Free X software (https://x.org/[X.Org](T)) comes with the system. https://www.nvidia.com/[NVIDIA] offers native drivers for their high-performance graphics hardware, and the industry standard https://www.opengroup.org/motif/[Motif](R) and https://www.opengl.org/[OpenGL](R) libraries are supported. The https://xfce.org/[Xfce] and https://lxde.org/[LXDE] products provide a desktop environment. The https://www.kde.org[KDE] and https://www.gnome.org[GNOME] desktop environments also enjoy full support and provide office suite functionality, with further good functionality available in the https://www.libreoffice.org/[LibreOffice] and https://www.openoffice.org/[OpenOffice.Org] products. * *Networking.* From packet filtering to routing to name service, FreeBSD can turn any PC into a Internet firewall, email host, print server, PC/NFS server, and more. -* *Software development.* A suite of development tools comes with FreeBSD, including the GNU C/C++ compiler and debugger. The LLVM-based clang suite is also provided and will eventually replace the GNU suite. Java(R) and Tcl/Tk development are also possible for example, and more esoteric programming languages like Icon work just fine, too. And FreeBSD's shared libraries have always been easy to make and use. You can also choose from a wide range of popular and powerful editors, such as Emacs and Vim. +* *Software development.* A suite of https://docs.freebsd.org/en/books/developers-handbook/tools/[development tools] comes with FreeBSD, including the LLVM-based clang C/C++ compiler and debugger. Java(R) and Tcl/Tk development are also possible for example. And FreeBSD's shared libraries have always been easy to make and use. You can also choose from a wide range of popular and powerful editors, such as Emacs and Vim. * *Net surfing.* A real UNIX workstation makes a great Internet surfboard. FreeBSD versions of http://www.chromium.org/Home[Chromium] and http://www.mozilla.org/firefox/[Firefox] are available for serious web users. Surf the web, publish your own web pages, read Usenet news, and send and receive email with a FreeBSD system on your desktop. * *Education and research.* FreeBSD makes an excellent research platform because it includes complete source code. Students and researchers of operating systems or other computer science fields can benefit greatly from such an open and well-documented system. * *And much more.* Accounting, action games, MIS databases, scientific visualization, video conferencing, Internet relay chat (IRC), home automation, multiuser dungeons, bulletin board systems, image scanning, and more are all real uses for FreeBSD today. diff --git a/website/content/en/releases/13.3R/errata.adoc b/website/content/en/releases/13.3R/errata.adoc index 3e3fd57d7195..6e25e45defc9 100644 --- a/website/content/en/releases/13.3R/errata.adoc +++ b/website/content/en/releases/13.3R/errata.adoc @@ -53,6 +53,8 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl] |4 September 2024 |Multiple issues in ctl(4) CAM Target Layer |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] |4 September 2024 |bhyve(8) privileged guest escape via USB controller |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] |4 September 2024 |umtx Kernel panic or Use-After-Free +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] |19 September 2024 |bhyve(8) out-of-bounds read access via XHCI emulation +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] |19 September 2024 |Integer overflow in libnv |=== [[errata]] @@ -67,6 +69,7 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSD-EN-24:11.ldns] |19 June 2024 |LDNS uses nameserver commented out in resolv.conf |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:12.killpg.asc[FreeBSD-EN-24:12.killpg] |19 June 2024 |Lock order reversal in killpg causing livelock |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15.calendar] |4 September 2024 |cron(8) / periodic(8) session login +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:16.pf.asc[FreeBSD-EN-24:16.pf] |19 September 2024 |Incorrect ICMPv6 state handling in pf |=== [[open-issues]] diff --git a/website/content/en/releases/13.4R/errata.adoc b/website/content/en/releases/13.4R/errata.adoc index e0f439e3a38f..d03117d35c48 100644 --- a/website/content/en/releases/13.4R/errata.adoc +++ b/website/content/en/releases/13.4R/errata.adoc @@ -44,9 +44,8 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ [width="100%",cols="40%,30%,30%",options="header",] |=== |Advisory |Date |Topic - -|No advisories.|| - +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] |19 September 2024 |bhyve(8) out-of-bounds read access via XHCI emulation +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] |19 September 2024 |Integer overflow in libnv |=== [[errata]] diff --git a/website/content/en/releases/13.4R/relnotes.adoc b/website/content/en/releases/13.4R/relnotes.adoc index a50a26bf7694..b63bc2a77e18 100644 --- a/website/content/en/releases/13.4R/relnotes.adoc +++ b/website/content/en/releases/13.4R/relnotes.adoc @@ -315,8 +315,7 @@ However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual p With the current support schedule, stable/14 will reach end of life (EOL) around 5 years after the release of FreeBSD 14.0-RELEASE. The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. -With the release of {releasePrev} in November 2023, support for deprecated 32-bit platforms will end in November 2028. +With the release of 14.0-RELEASE in November 2023, support for deprecated 32-bit platforms will end in November 2028. The Project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later. Any alterations will be driven by community feedback and committed efforts to support these platforms. -Use FreeBSD {releasePrev} and following minor releases, or the stable/14 branch, to migrate off 32-bit platforms. diff --git a/website/content/en/releases/14.0R/errata.adoc b/website/content/en/releases/14.0R/errata.adoc index c29af801bec3..6c27c36c7c3b 100644 --- a/website/content/en/releases/14.0R/errata.adoc +++ b/website/content/en/releases/14.0R/errata.adoc @@ -62,6 +62,8 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] |4 September 2024 |bhyve(8) privileged guest escape via USB controller |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl] |4 September 2024 |Possible DoS in X.509 name checks in OpenSSL |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] |4 September 2024 |umtx Kernel panic or Use-After-Free +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] |19 September 2024 |bhyve(8) out-of-bounds read access via XHCI emulation +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] |19 September 2024 |Integer overflow in libnv |=== [[errata]] @@ -89,6 +91,7 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSD-EN-24:11.ldns] |19 June 2024 |LDNS uses nameserver commented out in resolv.conf |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSD-EN-24:14.ifconfig] |7 August 2024 |Incorrect ifconfig netmask assignment |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15.calendar] |4 September 2024 |cron(8) / periodic(8) session login +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:16.pf.asc[FreeBSD-EN-24:16.pf] |19 September 2024 |Incorrect ICMPv6 state handling in pf |=== [[open-issues]] diff --git a/website/content/en/releases/14.1R/errata.adoc b/website/content/en/releases/14.1R/errata.adoc index 9da6c9d78c85..186dc638f0ad 100644 --- a/website/content/en/releases/14.1R/errata.adoc +++ b/website/content/en/releases/14.1R/errata.adoc @@ -55,6 +55,8 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] |4 September 2024 |bhyve(8) privileged guest escape via USB controller |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl] |4 September 2024 |Possible DoS in X.509 name checks in OpenSSL |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] |4 September 2024 |umtx Kernel panic or Use-After-Free +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] |19 September 2024 |bhyve(8) out-of-bounds read access via XHCI emulation +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] |19 September 2024 |Integer overflow in libnv |=== [[errata]] @@ -67,6 +69,7 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:13.libc{plus}{plus}.asc[FreeBSD-EN-24:13.libc{plus}{plus}] |19 June 2024 |Incorrect size passed to heap allocated std::string delete |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSD-EN-24:14.ifconfig] |7 August 2024 |Incorrect ifconfig netmask assignment |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15.calendar] |4 September 2024 |cron(8) / periodic(8) session login +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-24:16.pf.asc[FreeBSD-EN-24:16.pf] |19 September 2024 |Incorrect ICMPv6 state handling in pf |=== [[open-issues]] diff --git a/website/content/en/releng/_index.adoc b/website/content/en/releng/_index.adoc index cf7ce125d259..a9f6fe301875 100644 --- a/website/content/en/releng/_index.adoc +++ b/website/content/en/releng/_index.adoc @@ -32,7 +32,6 @@ General information about committing to -STABLE. [cols=",,",options="header",] |=== |Date |Event |Information -|September 2024 |FreeBSD 13.4 |link:../releases/13.4R/schedule/[Target Schedule] |December 2024 |FreeBSD 14.2 |link:../releases/14.2R/schedule/[Target Schedule] |=== @@ -50,7 +49,7 @@ This table lists the code freeze status for major branches of the `src/` reposit |`releng/14.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 14.1 supported errata fix branch. |`releng/14.0` |Frozen |security-officer@FreeBSD.org |FreeBSD 14.0 supported errata fix branch. |`stable/13` |Open |committers |Development branch for FreeBSD 13-STABLE. -|`releng/13.4` |Frozen |re@FreeBSD.org |FreeBSD 13.4 supported errata fix branch. +|`releng/13.4` |Frozen |security-officer@FreeBSD.org |FreeBSD 13.4 supported errata fix branch. |`releng/13.3` |Frozen |security-officer@FreeBSD.org |FreeBSD 13.3 supported errata fix branch. |`releng/13.2` |Frozen |security-officer@FreeBSD.org |FreeBSD 13.2 errata fix branch (not officially supported). |`releng/13.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 13.1 errata fix branch (not officially supported). diff --git a/website/content/en/security/_index.adoc b/website/content/en/security/_index.adoc index 32d9ddbb2639..7c6724775397 100644 --- a/website/content/en/security/_index.adoc +++ b/website/content/en/security/_index.adoc @@ -104,7 +104,7 @@ link:unsupported[Older releases] are not supported and users are strongly encour |=== |Branch |Release |Release Date |Expected EoL |stable/14 |n/a |n/a |November 30, 2028 -|releng/14.1 |14.1-RELEASE |June 4, 2024 |14.2-RELEASE + 3 months +|releng/14.1 |14.1-RELEASE |June 4, 2024 |March 31, 2025 |releng/14.0 |14.0-RELEASE |November 20, 2023 |September 30, 2024 |stable/13 |n/a |n/a |April 30, 2026 |releng/13.4 |13.4-RELEASE |September 17, 2024 |June 30, 2025 diff --git a/website/content/en/status/report-2024-07-2024-09/kyua.adoc b/website/content/en/status/report-2024-07-2024-09/kyua.adoc new file mode 100644 index 000000000000..42e3f42ee300 --- /dev/null +++ b/website/content/en/status/report-2024-07-2024-09/kyua.adoc @@ -0,0 +1,40 @@ +=== Kyua Jail Support + +Contact: Igor Ostapenko + +The FreeBSD test suite is executed by the man:kyua[1] utility. +Kyua supports parallel execution of tests with `kyua -v parallelism= test`, however many network tests leverage man:jail[8] features like man:VNET[9] and have conflicts with jail naming and network configuration. +As a result they are marked with the `is_exclusive=true` metadata property to prevent them from running at the same time and interfering with each other. +It creates a dilemma when a project aims to increase test coverage, but the accumulation of exclusive tests proportionally increases the time required to run them. +This, in turn, affects the development process from multiple angles. + +Kyua has recently got a change in 15-CURRENT to support a new concept called "execution environment". +By default, tests run in the so-called "host" execution environment, where they are executed as before. +A test can opt-in to use a brand new execution environment, the "jail" one. +In this case, kyua creates a jail before running the test, and then executes the test within the jail. +That opens up the opportunity to run more tests in parallel due to the extra isolation provided by the jail concept itself, and specifically by the VNET. +It depends on hardware and configuration, but there are reports that having the same environment [.filename]#netpfil/pf# tests can be run around 4 times faster -- a few minutes instead of half an hour. + +The following Makefile change is a quick demo of how [.filename]#netpfil/pf# tests were switched to run in parallel with jail execution environment: + + -# Tests reuse jail names and so cannot run in parallel. + -TEST_METADATA+= is_exclusive=true + +# Allow tests to run in parallel in their own jails + +TEST_METADATA+= execenv="jail" + +TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets" + +More details: + +* The key commit with detailed description: link:https://cgit.freebsd.org/src/commit/?id=257e70f1d5ee61037c8c59b116538d3b6b1427a2[257e70f1d5ee61037c8c59b116538d3b6b1427a2] +* The man pages covering the "execenv" feature: man:kyuafile[5], man:kyua.conf[5] + +This change also brings new sysctl read-only variables, which expose more details about current jail, and may be generally useful: + +* `security.jail.children.max: Maximum number of child jails` +* `security.jail.children.cur: Current number of child jails` + +A hint: the `sysctl -n security.jail.children.cur` run from `prison0` provides the number of all jails in the system. + +Further improvements to Kyua, such as requirements definition and automatic resolution, are currently in the design phase. +Potentially new metadata properties like `required_klds` and `required_pkgs` provide a clue to these topics. +Please contact Igor to discuss ideas and use cases that can help shape these upcoming Kyua enhancements. diff --git a/website/content/en/status/report-2024-07-2024-09/releng.adoc b/website/content/en/status/report-2024-07-2024-09/releng.adoc new file mode 100644 index 000000000000..6426d7407ccf --- /dev/null +++ b/website/content/en/status/report-2024-07-2024-09/releng.adoc @@ -0,0 +1,16 @@ +=== FreeBSD Release Engineering Team + +Links: + +link:https://www.freebsd.org/releases/13.4R/announce/[FreeBSD 13.4-RELEASE announcement] URL: link:https://www.freebsd.org/releases/13.4R/announce/[] + +link:https://www.freebsd.org/releases/14.2R/schedule/[FreeBSD 14.2-RELEASE schedule] URL: link:https://www.freebsd.org/releases/14.2R/schedule/[] + +link:https://download.freebsd.org/releases/ISO-IMAGES/[FreeBSD releases] URL: link:https://download.freebsd.org/releases/ISO-IMAGES/[] + +link:https://download.freebsd.org/snapshots/ISO-IMAGES/[FreeBSD development snapshots] URL: link:https://download.freebsd.org/snapshots/ISO-IMAGES/[] + +Contact: FreeBSD Release Engineering Team, + +The FreeBSD Release Engineering Team is responsible for setting and publishing release schedules for official project releases of FreeBSD, announcing code freezes and maintaining the respective branches, among other things. + +The Team managed 13.4-RELEASE, leading to the final RELEASE build and announcement in September. +Planning has started for the upcoming 14.2-RELEASE cycle. + +The Release Engineering Team continued providing weekly development snapshot builds for the *main*, *stable/14*, and *stable/13* branches. diff --git a/website/content/en/status/report-2024-07-2024-09/vsock.adoc b/website/content/en/status/report-2024-07-2024-09/vsock.adoc new file mode 100644 index 000000000000..a67ed7d8dd86 --- /dev/null +++ b/website/content/en/status/report-2024-07-2024-09/vsock.adoc @@ -0,0 +1,25 @@ +=== VirtIO Sockets and AF_VSOCK support + +Links: + +link:https://github.com/daniloegea/freebsd-src/tree/virtio_vsocks[Source code] URL: link:https://github.com/daniloegea/freebsd-src/tree/virtio_vsocks[] + +Contact: Danilo Egea Gondolfo + +The VirtIO Socket device is used to enable communication between guests and host without networking. +The AF_VSOCK protocol family enables it to be used through the sockets API. + +For the past many months I have been working on a guest driver for the link:https://docs.oasis-open.org/virtio/virtio/v1.2/cs01/virtio-v1.2-cs01.html#x1-43600010[VirtIO Socket] device and an implementation of the AF_VSOCK protocol family. +Originally, I wanted to get the link:https://github.com/canonical/lxd/[lxd-agent] daemon link:https://github.com/canonical/lxd/issues/11603[working on FreeBSD] but the communication with the LXD host daemon is done through VSOCKs. +LXD is a nice container and virtual machine manager based on Linux/KVM and my end goal is to make FreeBSD a LXD first-class citizen. + +At the moment I have it working well enough to enable the lxd-agent to work. +I adapted the `golang.org/x/sys` library and the lxd-agent to support AF_VSOCK on FreeBSD. +Features such as command execution, interactive consoles and file transfer are working. + +On Linux, AF_VSOCK can be used with VirtIO, HyperV and VMware sockets as transports. +I am trying to design my implementation so it will also be possible to use it with different transports in the future. + +After getting the current work in a good shape, ideas for future work include integration of AF_VSOCK and HyperV Sockets (which is already supported on FreeBSD through AF_HYPERV), VIRTIO_VSOCK_F_SEQPACKET, VirtIO Socket device for bhyve and the host side of the driver. + +I will continue to slowly work on this on my limited free time and hopefully have something more concrete for the next time. +There is still a lot of work to be done until it become ready for code review. diff --git a/website/content/en/status/report-2024-07-2024-09/wiki.adoc b/website/content/en/status/report-2024-07-2024-09/wiki.adoc new file mode 100644 index 000000000000..49d615d1ab0f --- /dev/null +++ b/website/content/en/status/report-2024-07-2024-09/wiki.adoc @@ -0,0 +1,45 @@ +=== FreeBSD Wiki + +Links: + +link:https://wiki.freebsd.org/FrontPage[FreeBSD wiki front page] URL: link:https://wiki.freebsd.org/FrontPage[] + +Contact: Mark Linimon +Contact: Wiki admin + +The FreeBSD wiki is a repository of information that does not fit well in the link:https://docs.freebsd.org/en/[official project documentation] because it is too specific, too disparate, or too transient. + +==== Current projects: + +Mark Linimon has started attacking various stale pages. +The focus has been on pages that we show to new, interested, users. +(Recent Foundation newsletters refer to some of these pages directly.) +Unfortunately, many of these pages have become stale, to the point where they were actually not good recommendations. + +The pages that have received the most work are: + +* link:https://wiki.freebsd.org/IdeasPage[IdeasPage] (referenced in Foundation documentation) +* link:https://wiki.freebsd.org/JuniorJobs[JuniorJobs] (referenced in Foundation documentation) +* link:https://wiki.freebsd.org/SummerOfCodeIdeas[SummerOfCodeIdeas] +* various pages under link:https://wiki.freebsd.org/CategoryProject[CategoryProject] +* various pages under link:https://wiki.freebsd.org/CategoryTodo[CategoryTodo] +* link:https://wiki.freebsd.org/MentorMatch[MentorMatch] + +In addition to removing obviously stale entries, all entries have now been datestamped with the time that they were added to the various pages. +link:mailto:wiki-admin@freebsd.org[wiki-admin@] would like to request that we carry forward this tradition into the future. + +As well, link:mailto:wiki-admin@freebsd.org[wiki-admin@] has been sending email to ask committers/contributors to the above pages "should we keep this entry?" +This task will continue until the pages have been cleaned up. + +(NB: the fact that content in the wiki was stale was mentioned by numerous respondents in the FreeBSD Foundation 2024 Community Survey Report.) + +==== Previous plans that have stalled + +Plans are still underway to familiarize our audience on Discord with the wiki (there are too many "silos" in our FreeBSD community). +The team has simply not had enough cycles to do this. +However, contact Setesh on the FreeBSD Discord for more information. + +Preliminary work was being done on updating the wiki software itself. +Earlier, we were looking at switching implementations because MoinMoin development seemed to have stalled, leaving us with an unwanted hanging python2 dependency. +However, MoinMoin now claims that they are nearing a 2.0 release. +We have not yet tried an install of their latest beta version to test compatibility. +Testers welcome. diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml index fc502d85e69d..b88121ea3be5 100644 --- a/website/data/security/advisories.toml +++ b/website/data/security/advisories.toml @@ -1,6 +1,14 @@ # Sort advisories by year, month and day # $FreeBSD$ +[[advisories]] +name = "FreeBSD-SA-24:16.libnv" +date = "2024-09-19" + +[[advisories]] +name = "FreeBSD-SA-24:15.bhyve" +date = "2024-09-19" + [[advisories]] name = "FreeBSD-SA-24:14.umtx" date = "2024-09-04" diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index ddd7e6e5daa5..83dfdc646803 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,10 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-24:16.pf" +date = "2024-09-19" + [[notices]] name = "FreeBSD-EN-24:15.calendar" date = "2024-09-04" diff --git a/website/data/zh-tw/news/news.toml b/website/data/zh-tw/news/news.toml index 057e91262658..b6ca1378512c 100644 --- a/website/data/zh-tw/news/news.toml +++ b/website/data/zh-tw/news/news.toml @@ -1,5 +1,10 @@ # Sort news by year, month and day # $FreeBSD$ +[[news]] +date = "2024-09-17" +title = "FreeBSD 13.4-RELEASE 發布了" +description = "FreeBSD 13.4-RELEASE現已發布了。安裝前,請查看 發布通知發行勘誤以了解 13.4 的最新消息和問題。更多資訊可查看 發行版資訊頁面。" + [[news]] date = "2024-09-07" title = "FreeBSD 13.4-RC3 發布了" diff --git a/website/static/security/advisories/FreeBSD-EN-24:16.pf.asc b/website/static/security/advisories/FreeBSD-EN-24:16.pf.asc new file mode 100644 index 000000000000..4d674c3a60b3 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:16.pf.asc @@ -0,0 +1,160 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:16.pf Errata Notice + The FreeBSD Project + +Topic: Incorrect ICMPv6 state handling in pf + +Category: core +Module: pf +Announced: 2024-09-19 +Affects: All supported versions of FreeBSD +Corrected: 2024-09-04 08:53:34 UTC (stable/14, 14.1-STABLE) + 2024-09-19 13:02:58 UTC (releng/14.1, 14.1-RELEASE-p5) + 2024-09-19 13:03:30 UTC (releng/14.0, 14.0-RELEASE-p11) + 2024-09-04 08:53:34 UTC (stable/13, 13.4-STABLE) + 2024-09-05 07:35:39 UTC (releng/13.4, 13.4-RC3) + 2024-09-19 13:04:05 UTC (releng/13.3, 13.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +pf is an Internet Protocol packet filter originally written for OpenBSD. pf +uses a state table to determine whether to allow a packet that is from a +known/already open transmission. It identifies ICMPv6 states based on the +address family, protocol, addresses, and the ID. + +Normally, states are created by outgoing packets, or by incoming packets +matching 'pass' rules. Packets that do not match any rule will be blocked or +allowed depending on the default rule. + +ICMPv6 Neighbor Discovery has to be allowed in the firewall for IPv6 to work +properly in broadcast networks, such as Ethernet. + +II. Problem Description + +Patches for a previous security advisory, FreeBSD-SA-24:05, were incomplete +and introduced some overly strict pf state tracking for ICMPv6 packets. + +III. Impact + +The bugs may prevent ICMPv6 functions, e.g., Neighbor Discovery, from working +as designed when the pf firewall is configured. + +IV. Workaround + +No workaround is available but systems not using IPv6 and the pf firewall are +not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 14.1] +# fetch https://security.FreeBSD.org/patches/EN-24:16/pf-14.1.patch +# fetch https://security.FreeBSD.org/patches/EN-24:16/pf-14.1.patch.asc +# gpg --verify pf-14.1.patch.asc + +[FreeBSD 14.0] +# fetch https://security.FreeBSD.org/patches/EN-24:16/pf-14.0.patch +# fetch https://security.FreeBSD.org/patches/EN-24:16/pf-14.0.patch.asc +# gpg --verify pf-14.0.patch.asc + +[FreeBSD 13.4] +No discrete patch is provided against 13.4 as the fix for this issue was +incorporated into 13.4-RELEASE. + +[FreeBSD 13.3] +# fetch https://security.FreeBSD.org/patches/EN-24:16/pf-13.3.patch +# fetch https://security.FreeBSD.org/patches/EN-24:16/pf-13.3.patch.asc +# gpg --verify pf-13.3.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 38f74de7184a stable/14-n268653 +releng/14.1/ 1e965d5399e1 releng/14.1-n267715 +releng/14.0/ 413ae023b056 releng/14.0-n265452 +stable/13/ d6e5f8643d37 stable/13-n258307 +releng/13.4/ e893ec49afb2 releng/13.4-n258254 +releng/13.3/ ea9257bcd0e1 releng/13.3-n257467 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsRIIACgkQbljekB8A +Gu9oCxAAvkIiF5Z9qRv/7adAexBfujcrFeIR7Vfipt3KYjO21XIGZqTwNXr7pd5P +lZAVqmZyhIJYU1ddzjb9NqCTBDFCbBn6AurLK7MydQDYMVG0CNBKvofZi9y0mrGf +qR9HBoGN9jvGlK7pxtfS8eiV7tBGY5v2pYQdJINDCsCNT+g/gpYhotxqwFyUE1cu +FFH/HHz8KT6SULG7YxxqtvojA2ra3jvb1gKKvUYm7f/f6rE2rdshxXGYAc6onqnk +qlXhfJshnZOAjPq6IOvPRKv//s/rg9cQNcWpC/lKLRFPk0cYNQXjnrtRWT//8o0r +CmJga6A8UGYYX0N+KfwJHLlcyyc+v7rB14NGw07gcUmvpB3F+7lGNyf7/AcEZcDD +os3G752zs1O98PlGjBvlwFU7tafLfVAxGPf43YBXbEGpxeh6pHXCjoZIoEE5DD3Y +TvGtvM2QrH9jRxOjTJhKLA5VPmwUNGbrrMjTZg4Z+WYuUen7GsirlpriyaJH5Bkf +llHmnQrprd9kvrMMqueEtt9O2a+ljmk/BPM1j9dLelISv+WKZGAJ5jnvalZWJdnR +STJjqOJm4fYq7RE13N+MT2eoZFpGw2VSV6A5M6CbdP/4Ln5GArkp0/Dow6jQ0k6L +DOVfkeZfx6gsR8d9H7fA5XqxtW06QnBepUHblaKJVJTPPMTMpMU= +=At7n +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc b/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc index 0c6d2b859d80..aa65bb2f3c0a 100644 --- a/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc +++ b/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc @@ -24,6 +24,14 @@ For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . +Note: This advisory introduced additional issues that were addressed by +FreeBSD-EN-24:16.pf. Please refer to that erratum for additional fixes. + +0. Revision History + +v1.0 2024-08-07 -- Initial release +v1.1 2024-09-19 -- Add reference to EN-24:16.pf + I. Background pf is an Internet Protocol packet filter originally written for OpenBSD. pf @@ -135,21 +143,23 @@ VII. References + + The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhasACgkQbljekB8A -Gu9/0Q//S/qcyIxnQ1V8Gz8ghAQuJu8OlTdYV9OexFSKExcbc9FYK6LwhSUfPtHf -Bx9KowhQCH2D1X33qHRUCWVhDMhgpvHmg/+ajnm0IP/+nc+ZnNFCC0Ew5b/mk7Uw -jQAxW54/RSe1Cnl11T4RTcPI7YhGTej8T5T8dm2TlCdTI3m7xS/zfR3e4x89yrmW -gVUBG54udbSSzxMDJk2rbr9anoinzaI0eiXY/rnb729OTU6y4SmJ9ZZZwXs+bRpP -AUE7Zgj7pNrWC1CxTMy6XLdPE/L/8Yxz9mOFpyJcHahoEHcMH+5DKQePGa4mQgnS -N8Srtrxx3Ipz5/zzOPr+O0BbOh8m7KMXU/J8Y3aHpUzbnr+IfGEUHBukN93M3qbV -Qkw9iW+5HZ45P16Fyaj2cq7He7F39/7B/DhfjLldbUOnWGPmn3JrWkvONL++iAyI -+vOrfGubyTtwgSdZGDcv+FUrL6af6nQzFBBgv4z4TpHN+BTcwA5c6JwuOlvMc5ZY -ISh8WItjxmK5Gh27H7JBGKwWDnKYjqkRcgJ7QZd7dmjo2bzOlnKV0eYk51eBvoIh -FV4YGAgMPxCJGBrl54/0F5+C8zl0cjNlEhnyyl2IEBbPbnfmvpNw3tMbJdPfEUhF -DK+j5IkDU/4sNrV/dmeD+K+u/3xgDxtUv6IjH2odmADtlCbOV80= -=/mRR +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsNYgACgkQbljekB8A +Gu/+9Q/9H++Mts0NlrhE3hsCOats5GpAtsq/hRByjZx0flGwIKyIhvHh364hAWDQ +gvdzWijlrYz86jiekM+CEpg08lkCKKm9jM22AaA2uZqIaUNgh0blenDMvAOqJc4W +e08vmW1Q7RopuT3mjJHhqC9mU6s6B5aaAdjFfkKBRdp+BtMnTZmaH1Bx/acHx7SL +R9WVIDUMEQVorqo1/2YnuO+LrAaiFEKkJ7YN+CS/wN2IbDaupyny1fWKffhBGu0C +Hg/gubJuLGqlBvmDp88Mi+kxyzkw9+MbR3haS2P13FFxDj80JEhaH71hG7CAZ5xd +1S1qv2PvpEKw8TdH249Z0YVK1aUA6h3wy6TWrQkM1YjaWzHY3XJoMq90OwluQQTI +fw5njyLrVvYonHQLqLRv59hlC/0V9+Utpy8cvRA9d7dRf/JBarsFVhp5F7IQDLuq +qE/vf+0lRa7WwFkr+FWfP4Cgt+I39DJFW0nybtll4eJfR5+0j+vGsaZZM973S94F +xkqAU3xXulpQvT1qHvf7d7UY24H7Kmbzet0LNd30PrWT+uRktpZ164wHRZd96eHg +3TXOvSTgqIzvsuxcBI0vh+5EWbTgMKOG21zSwwzbDMM1vNI/39YYJaWnNlUFH17+ +w0sm1aAF9P4vbAz7n+hxQVJFEAZwSChIfuPEuV8QKJGbpyqoDm8= +=iMcB -----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc b/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc index 8fa9aa9e4369..62ca305f28fd 100644 --- a/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc +++ b/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc @@ -26,6 +26,15 @@ For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . +Note: This advisory provided an incomplete fix for the issues described as +CVE-2024-45287 that were further addressed by FreeBSD-SA-24:16.libnv. Please +refer to that advisory for additional fixes. + +0. Revision History + +v1.0 2024-09-04 -- Initial release +v1.1 2024-09-19 -- Add reference to SA-24:16.libnv + I. Background libnv (also called nvlist) is a general-purpose library designed for storing @@ -138,21 +147,23 @@ VII. References + + The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbY54cACgkQbljekB8A -Gu8YLRAAmpVVVib8RgEj0bKS5qNLwujEssMIO96LS73txcFGm/Iy+QJA/N/SRtDL -lnKRi0ya90pBmXXhX03Uei+O/nBAFxkCxCukuQ36bauJrA74RFgn/8ZK63RbvdDE -K+xAyK71FXLTr+wGqyzv0xOxNA60dl14WiyaLCUX++0DU3EesmVD508wIL7Ls/bS -5g5vllxmELV2zXYXY/DbEVHS/i2YRCs8ftasa92uXVgOibODVpL/GSXy1QHyykNQ -ODAmGjs+p0xf2JDJa2qvokMh4WS4HkGe4W/TcJueTiSbsdOrDDhOV/n0QTgwt1rQ -zq2QQU3tk2unYjhQrR6ZvHTbFCKc7G3BVFCPAZ6fSthq834EoCr2LUGyYhU+bLZ6 -SweQfCP48ExjIqvDzQqMOlvp9rMiLbxpjkdDcsml4zhD2GE+byuT6RSRBqq3tBvT -893YoIiW1m069DnAQxh1Zlewsk/BZFeeXBHZdk4Ik5KYFCwCabV3HLFa9hA1/iKx -5ITULL0gZgZKBQ9IbpkL45q9mcDHXrVuMPfA0a3bb38rpoK5uof25+oKSGGvWyDA -plGXuEh5Sltmx0lOdY2O70j8pLh7bVJCyo5rYDhObzQlWiajUx1pH3M9DePbI+Rk -Z+Gby0zKpXzgSfHSiSyfVPgDMa83yDpiozRMszjpvApB7h/hekQ= -=yX5r +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbtXEEACgkQbljekB8A +Gu8+cg/9EA0ChvapzjzrFUnypE9pEKtMopThNvtLq4h4wM7RqNZz0E2rpKEICPa2 +TdfVOFh3CrjMbpZugvRo8P7xWDZKr12zb5OtFdIMWshd4CTL0ymlUkejelCqsf4g +E7BqbLwxNjfynTwfKU532JqDyu3wB397Kb489pbaVV0INWt8FNnuJdgBIUmWebyg +MRmS7PngFxe6ecHI6CCzN+6cvXCcglX0du+EhxVvf64Ljt8l+is7wSPme6bvOV5d +jYmh2w2gJMPpMJQt4mTR5u/Sm2rmYnmxT4tHvwiYL0QfRS2QbPDFgB041lHqn09q +BmeC+H9YS1FdADSMlFWlOaryWQMSO9zP1E0D1E/41Penm2PPh9vH5C2KJ+oMri8b +xYh/D9KFpGqAErp3cdQKWAhO0kg/+RoLgSypG/lZewrtXVntkK6/Syt06Y9Csp3j +SNMU2Zy/K9gwZn4c9lXgD97Opy0W6b53dgblauTUVb8hljNeeU4zqKN8gjH65Ykk +WLjcar7tKzV7/keKXHWuV4iUNByRGuNP4u1XSJPjDFrc0R8mfdTOD7X58wKFMoXR +4Axfzi9D4OE9M+7JQSyuys5QBO7bYK03+5G2cVYLr8lZ6yEQxeatCbw8QlOKQ+dw +VBae56QGeWYY9YgdHJ+h8R5l+0i+7qCw904K3q+8bb5uZnv4yKI= +=xiTa -----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-24:15.bhyve.asc b/website/static/security/advisories/FreeBSD-SA-24:15.bhyve.asc new file mode 100644 index 000000000000..77351dc3dfe8 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-24:15.bhyve.asc @@ -0,0 +1,148 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-24:15.bhyve Security Advisory + The FreeBSD Project + +Topic: bhyve(8) out-of-bounds read access via XHCI emulation + +Category: core +Module: bhyve +Announced: 2024-09-19 +Credits: Synacktiv +Sponsored by: The FreeBSD Foundation, The Alpha-Omega Project +Affects: All supported versions of FreeBSD. +Corrected: 2024-09-19 12:40:17 UTC (stable/14, 14.1-STABLE) + 2024-09-19 13:30:18 UTC (releng/14.1, 14.1-RELEASE-p5) + 2024-09-19 13:30:44 UTC (releng/14.0, 14.0-RELEASE-p11) + 2024-09-19 12:48:52 UTC (stable/13, 13.4-STABLE) + 2024-09-19 13:35:06 UTC (releng/13.4, 13.4-RELEASE-p1) + 2024-09-19 13:35:37 UTC (releng/13.3, 13.3-RELEASE-p7) +CVE Name: CVE-2024-41721 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +bhyve(8) is a hypervisor that runs guest operating systems inside a virtual +machine. + +II. Problem Description + +bhyve can be configured to emulate devices on a virtual USB controller (XHCI), +such as USB tablet devices. An insufficient boundary validation in the USB +code could lead to an out-of-bounds read on the heap, which could potentially +lead to an arbitrary write and remote code execution. + +III. Impact + +A malicious, privileged software running in a guest VM can exploit the +vulnerability to crash the hypervisor process or potentially achieve code +execution on the host in the bhyve userspace process, which typically runs as +root. Note that bhyve runs in a Capsicum sandbox, so malicious code is +constrained by the capabilities available to the bhyve process. + +IV. Workaround + +No workaround is available, but guests that do not use XHCI emulation are not +impacted. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Guest operating systems emulating USB devices with XHCI need to be restarted for +the correction to be applied (i.e., their corresponding bhyve process needs to +be terminated and started again). + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-24:15/bhyve.patch +# fetch https://security.FreeBSD.org/patches/SA-24:15/bhyve.patch.asc +# gpg --verify bhyve.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the corresponding bhyve processes, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 419da61f8203 stable/14-n268745 +releng/14.1/ 3c6c0dcb5acb releng/14.1-n267716 +releng/14.0/ ba46f1174972 releng/14.0-n265453 +stable/13/ 2abd2ad64899 stable/13-n258347 +releng/13.4/ 5f035df278cc releng/13.4-n258258 +releng/13.3/ e7a790dc3ffe releng/13.3-n257468 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The corresponding part of the security audit report as provided by Synacktiv +will be published in due course. + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQ0ACgkQbljekB8A +Gu/6chAAzST6xGx6RCb7MAHeZbqE3mTTUFoEkElPG3OiFsnFDySDnk0kKIjCNRbq +GssLGYfUerFYD4/jDhGLApZnBnPhaTruNgwi38d8Pg4pkcqGv8Y5xSdOQBN83Rjq +WiEgRqysuaE6HhvNN+JYf690M1Z6Tz0WkqoUJa8ZB8WcDnvBNQwMM0Prmo1RTZGR +UXxftj+is3EQFUQs/3GcPRzTcp8Cu5QZnfFdbGph6Da/ZIQ6NaslYgslWvmsYHzP +AVb/WI54VnIuMVoRIDWGtjjQa8p2H+dRih67clZYFxl2ya85aK78UrrtPk8x4dci +9KsISpKidqC/ofdT4mHpNH3Uxx4N2ymPJG6xJ/MGmDmrIIk1vjKejy9RVSJzt4QN +Iu1u/8d5NVXsMxbKQMEKqXY2dPFKi17S+EnhKzJUjtXeBxcMbNPh2Xcl+BmI8cZ2 +WuJvfplzu5Wcvd3LUa7s0Z3AHKktiMr1IGIlk8XEEee0b7k164imZlRUZFTCYA6S +dNGTQ2UcHZz7W2Sk2HZf8CdNEgQQftW0BDc2IIs3lyA2WyPsIjGByUl987k3veQa +fQCXzf7cp/a0rOZ9KngMxdJap+TBKCsPLEFm46i074ngmuoJZsW3xd7ZD8hLFlPX +eaKh5MjWsHHfTYPRxeUKk2j9dobzN1ZP7AYWDasaDxZ4kmVIuEE= +=FVQ2 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-24:16.libnv.asc b/website/static/security/advisories/FreeBSD-SA-24:16.libnv.asc new file mode 100644 index 000000000000..751a154622f5 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-24:16.libnv.asc @@ -0,0 +1,157 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-24:16.libnv Security Advisory + The FreeBSD Project + +Topic: Integer overflow in libnv + +Category: core +Module: libnv +Announced: 2024-09-19 +Credits: Miłosz Kaniewski +Affects: All supported versions of FreeBSD. +Corrected: 2024-09-15 16:59:15 UTC (stable/14, 14.1-STABLE) + 2024-09-19 13:30:20 UTC (releng/14.1, 14.1-RELEASE-p5) + 2024-09-19 13:30:45 UTC (releng/14.0, 14.0-RELEASE-p11) + 2024-09-15 16:59:51 UTC (stable/13, 13.4-STABLE) + 2024-09-19 13:35:07 UTC (releng/13.4, 13.4-RELEASE-p1) + 2024-09-19 13:35:38 UTC (releng/13.3, 13.3-RELEASE-p7) +CVE Name: CVE-2024-45287 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +libnv (also called nvlist) is a general-purpose library designed for storing +name-value pairs. This library can serve as an Inter-Process Communication +(IPC) framework, enabling processes to exchange data. For example, it is +used in libcasper to communicate between privileged and unprivileged +processes. Additionally, libnv can function as an interface for communication +between userland and kernel. + +Originally, libnv was inspired by OpenZFS nvlist. However, the +implementations are separate. This advisory is only about base system +implementation of libnv, not a OpenZFS one. + +II. Problem Description + +A malicious value of size in a structure of packed libnv can cause an integer +overflow, leading to the allocation of a smaller buffer than required for the +parsed data. The introduced check was incorrect, as it took into account the +size of the pointer, not the structure. This vulnerability affects both +kernel and userland. + +This issue was originally intended to be addressed as part of +FreeBSD-SA-24:09.libnv, but due to a logic issue, this issue was not properly +addressed. + +III. Impact + +It is possible for an attacker to overwrite portions of memory (in userland +or the kernel) as the allocated buffer might be smaller than the data +received from a malicious process. This vulnerability could result in +privilege escalation or cause a system panic. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-24:16/libnv.patch +# fetch https://security.FreeBSD.org/patches/SA-24:16/libnv.patch.asc +# gpg --verify libnv.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +d) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 056c50c48be3 stable/14-n268739 +releng/14.1/ f67468e6e5e2 releng/14.1-n267717 +releng/14.0/ e9d57be06e23 releng/14.0-n265454 +stable/13/ d84fced6b468 stable/13-n258342 +releng/13.4/ 2cffa6354d9f releng/13.4-n258259 +releng/13.3/ 417e81a40091 releng/13.3-n257469 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQ8ACgkQbljekB8A +Gu9aMBAA1N3FliBdeklIU0XGoyrvS0z7goFpFKeLVlkIHssYzZQAWHMILHET6O9n +Gv5vICw5vGDWv/1Rb9muCMQ4wcEW/c/YFEU0FM3VFTgJ+fQrA4ZO/NjpRSixiGDk +uVkJ25Fo2TMp58ITPWmT3Nj1MJ0x9xNzMxXhLk2JgK/sEMH+/Giju8Zq7XojHHC0 +QluYmz1V3EClPXiArkcgt/pagQ24b5yYmOAKGQGHEdRM18QWeJzJ4kUBzATcUVjv +RWkLHz69emH6aQ3JNwyuEQlK/Xda3ge2zMIJ4tYObg21dEFdgqnFoLFrylCUkgIE +T86QPQfb0HGTRhnSjdh/NN5qyiOo9q4FzpIsI3eJ3XJgk0/T/O8Rv+2fexAm0g3+ +37kgkxohETi6RQc3D4ClpmW7bP1DEK8uUwUGeJgCNmkpE4DVpLmGZ0tNbSf/0Mk6 +slYSHb6dF6wNB4AV/1HIusp6i2GlPziNYkhlslkRQgeyXO9T1bWxYqdkYihDFLRs +PStlk1Diu0p+h3r08sX3LQrszBp1bLGkqaipFPLBwWStxYne9nsClORFhN4q9i+4 +fAnWxIRBXH62fJTy1DCPFqpI9zyvQTkVHQVKu5d+JgaTmTPsfJ3MIXdkGdAEV6+m +xbZSFwd2e8uzPIlZke2JmaT4xVv1T92lWu7Ywf8M0eEYWg5WQi8= +=OHm5 +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-24:16/pf-13.3.patch b/website/static/security/patches/EN-24:16/pf-13.3.patch new file mode 100644 index 000000000000..3f657dcfdd17 --- /dev/null +++ b/website/static/security/patches/EN-24:16/pf-13.3.patch @@ -0,0 +1,628 @@ +--- sys/net/pfvar.h.orig ++++ sys/net/pfvar.h +@@ -330,8 +330,8 @@ + mtx_unlock(_s->lock); \ + } while (0) + #else +-#define PF_STATE_LOCK(s) mtx_lock(s->lock) +-#define PF_STATE_UNLOCK(s) mtx_unlock(s->lock) ++#define PF_STATE_LOCK(s) mtx_lock((s)->lock) ++#define PF_STATE_UNLOCK(s) mtx_unlock((s)->lock) + #endif + + #ifdef INVARIANTS +@@ -2222,7 +2222,7 @@ + struct pf_addr *, struct pf_addr *, + uint16_t, uint16_t, struct pf_kanchor_stackframe *); + +-struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *, ++struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct mbuf *, int, struct pf_addr *, + struct pf_addr *, u_int16_t, u_int16_t); + struct pf_state_key *pf_state_key_clone(struct pf_state_key *); + +--- sys/netpfil/pf/pf.c.orig ++++ sys/netpfil/pf/pf.c +@@ -307,6 +307,9 @@ + struct pfi_kkif *, struct mbuf *, void *, + struct pf_pdesc *, struct pf_krule **, + struct pf_kruleset **); ++static int pf_state_key_addr_setup(struct pf_pdesc *, struct mbuf *, ++ int, struct pf_state_key_cmp *, int, struct pf_addr *, ++ int, struct pf_addr *, int); + static int pf_tcp_track_full(struct pf_kstate **, + struct pfi_kkif *, struct mbuf *, int, + struct pf_pdesc *, u_short *, int *); +@@ -320,8 +323,8 @@ + void *, struct pf_pdesc *); + int pf_icmp_state_lookup(struct pf_state_key_cmp *, + struct pf_pdesc *, struct pf_kstate **, struct mbuf *, +- int, struct pfi_kkif *, u_int16_t, u_int16_t, +- int, int *, int); ++ int, int, struct pfi_kkif *, u_int16_t, u_int16_t, ++ int, int *, int, int); + static int pf_test_state_icmp(struct pf_kstate **, int, + struct pfi_kkif *, struct mbuf *, int, + void *, struct pf_pdesc *, u_short *); +@@ -375,7 +378,7 @@ + extern struct proc *pf_purge_proc; + + VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); +-enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK }; ++enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK }; + + #define PACKET_UNDO_NAT(_m, _pd, _off, _s, _dir) \ + do { \ +@@ -1414,9 +1417,66 @@ + return (0); + } + ++static int ++pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m, int off, ++ struct pf_state_key_cmp *key, int sidx, struct pf_addr *saddr, ++ int didx, struct pf_addr *daddr, int multi) ++{ ++#ifdef INET6 ++ struct nd_neighbor_solicit nd; ++ struct pf_addr *target; ++ u_short action, reason; ++ ++ if (pd->af == AF_INET || pd->proto != IPPROTO_ICMPV6) ++ goto copy; ++ ++ switch (pd->hdr.icmp6.icmp6_type) { ++ case ND_NEIGHBOR_SOLICIT: ++ if (multi) ++ return (-1); ++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af)) ++ return (-1); ++ target = (struct pf_addr *)&nd.nd_ns_target; ++ daddr = target; ++ break; ++ case ND_NEIGHBOR_ADVERT: ++ if (multi) ++ return (-1); ++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af)) ++ return (-1); ++ target = (struct pf_addr *)&nd.nd_ns_target; ++ saddr = target; ++ if (IN6_IS_ADDR_MULTICAST(&pd->dst->v6)) { ++ key->addr[didx].addr32[0] = 0; ++ key->addr[didx].addr32[1] = 0; ++ key->addr[didx].addr32[2] = 0; ++ key->addr[didx].addr32[3] = 0; ++ daddr = NULL; /* overwritten */ ++ } ++ break; ++ default: ++ if (multi == PF_ICMP_MULTI_LINK) { ++ key->addr[sidx].addr32[0] = IPV6_ADDR_INT32_MLL; ++ key->addr[sidx].addr32[1] = 0; ++ key->addr[sidx].addr32[2] = 0; ++ key->addr[sidx].addr32[3] = IPV6_ADDR_INT32_ONE; ++ saddr = NULL; /* overwritten */ ++ } ++ } ++copy: ++#endif ++ if (saddr) ++ PF_ACPY(&key->addr[sidx], saddr, pd->af); ++ if (daddr) ++ PF_ACPY(&key->addr[didx], daddr, pd->af); ++ ++ return (0); ++} ++ + struct pf_state_key * +-pf_state_key_setup(struct pf_pdesc *pd, struct pf_addr *saddr, +- struct pf_addr *daddr, u_int16_t sport, u_int16_t dport) ++pf_state_key_setup(struct pf_pdesc *pd, struct mbuf *m, int off, ++ struct pf_addr *saddr, struct pf_addr *daddr, u_int16_t sport, ++ u_int16_t dport) + { + struct pf_state_key *sk; + +@@ -1424,8 +1484,12 @@ + if (sk == NULL) + return (NULL); + +- PF_ACPY(&sk->addr[pd->sidx], saddr, pd->af); +- PF_ACPY(&sk->addr[pd->didx], daddr, pd->af); ++ if (pf_state_key_addr_setup(pd, m, off, (struct pf_state_key_cmp *)sk, ++ pd->sidx, pd->src, pd->didx, pd->dst, 0)) { ++ uma_zfree(V_pf_state_key_z, sk); ++ return (NULL); ++ } ++ + sk->port[pd->sidx] = sport; + sk->port[pd->didx] = dport; + sk->proto = pd->proto; +@@ -4579,7 +4643,7 @@ + if (nr == NULL) { + KASSERT((sk == NULL && nk == NULL), ("%s: nr %p sk %p, nk %p", + __func__, nr, sk, nk)); +- sk = pf_state_key_setup(pd, pd->src, pd->dst, sport, dport); ++ sk = pf_state_key_setup(pd, m, off, pd->src, pd->dst, sport, dport); + if (sk == NULL) + goto csfailed; + nk = sk; +@@ -5990,8 +6054,9 @@ + + int + pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd, +- struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif, +- u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi) ++ struct pf_kstate **state, struct mbuf *m, int off, int direction, ++ struct pfi_kkif *kif, u_int16_t icmpid, u_int16_t type, int icmp_dir, ++ int *iidx, int multi, int inner) + { + key->af = pd->af; + key->proto = pd->proto; +@@ -6004,31 +6069,19 @@ + key->port[pd->sidx] = type; + key->port[pd->didx] = icmpid; + } +- if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) { +- switch (multi) { +- case PF_ICMP_MULTI_SOLICITED: +- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; +- key->addr[pd->sidx].addr32[1] = 0; +- key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE; +- key->addr[pd->sidx].addr32[3] = pd->src->addr32[3]; +- key->addr[pd->sidx].addr8[12] = 0xff; +- break; +- case PF_ICMP_MULTI_LINK: +- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; +- key->addr[pd->sidx].addr32[1] = 0; +- key->addr[pd->sidx].addr32[2] = 0; +- key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE; +- break; +- } +- } else +- PF_ACPY(&key->addr[pd->sidx], pd->src, key->af); +- PF_ACPY(&key->addr[pd->didx], pd->dst, key->af); ++ if (pf_state_key_addr_setup(pd, m, off, key, pd->sidx, pd->src, ++ pd->didx, pd->dst, multi)) ++ return (PF_DROP); + + STATE_LOOKUP(kif, key, direction, *state, pd); + ++ if ((*state)->state_flags & PFSTATE_SLOPPY) ++ return (-1); ++ + /* Is this ICMP message flowing in right direction? */ + if ((*state)->rule.ptr->type && +- (((*state)->direction == direction) ? ++ (((!inner && (*state)->direction == direction) || ++ (inner && (*state)->direction != direction)) ? + PF_IN : PF_OUT) != icmp_dir) { + if (V_pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: icmp type %d in wrong direction (%d): ", +@@ -6036,6 +6089,8 @@ + pf_print_state(*state); + printf("\n"); + } ++ PF_STATE_UNLOCK(*state); ++ *state = NULL; + return (PF_DROP); + } + return (-1); +@@ -6084,19 +6139,20 @@ + * ICMP query/reply message not related to a TCP/UDP packet. + * Search for an ICMP state. + */ +- ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir, ++ ret = pf_icmp_state_lookup(&key, pd, state, m, off, pd->dir, + kif, virtual_id, virtual_type, icmp_dir, &iidx, +- PF_ICMP_MULTI_NONE); ++ PF_ICMP_MULTI_NONE, 0); + if (ret >= 0) { ++ MPASS(*state == NULL); + if (ret == PF_DROP && pd->af == AF_INET6 && + icmp_dir == PF_OUT) { +- if (*state != NULL) +- PF_STATE_UNLOCK((*state)); +- ret = pf_icmp_state_lookup(&key, pd, state, m, ++ ret = pf_icmp_state_lookup(&key, pd, state, m, off, + pd->dir, kif, virtual_id, virtual_type, +- icmp_dir, &iidx, multi); +- if (ret >= 0) ++ icmp_dir, &iidx, multi, 0); ++ if (ret >= 0) { ++ MPASS(*state == NULL); + return (ret); ++ } + } else + return (ret); + } +@@ -6178,6 +6234,7 @@ + int off2 = 0; + + pd2.af = pd->af; ++ pd2.dir = pd->dir; + /* Payload packet is from the opposite direction. */ + pd2.sidx = (direction == PF_IN) ? 1 : 0; + pd2.didx = (direction == PF_IN) ? 0 : 1; +@@ -6485,9 +6542,9 @@ + } + #ifdef INET + case IPPROTO_ICMP: { +- struct icmp iih; ++ struct icmp *iih = &pd2.hdr.icmp; + +- if (!pf_pull_hdr(m, off2, &iih, ICMP_MINLEN, ++ if (!pf_pull_hdr(m, off2, iih, ICMP_MINLEN, + NULL, reason, pd2.af)) { + DPFPRINTF(PF_DEBUG_MISC, + ("pf: ICMP error message too short i" +@@ -6495,15 +6552,17 @@ + return (PF_DROP); + } + +- icmpid = iih.icmp_id; +- pf_icmp_mapping(&pd2, iih.icmp_type, ++ icmpid = iih->icmp_id; ++ pf_icmp_mapping(&pd2, iih->icmp_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); + +- ret = pf_icmp_state_lookup(&key, &pd2, state, m, +- pd->dir, kif, virtual_id, virtual_type, +- icmp_dir, &iidx, PF_ICMP_MULTI_NONE); +- if (ret >= 0) ++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, ++ pd2.dir, kif, virtual_id, virtual_type, ++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); ++ if (ret >= 0) { ++ MPASS(*state == NULL); + return (ret); ++ } + + /* translate source/destination address, if necessary */ + if ((*state)->key[PF_SK_WIRE] != +@@ -6514,10 +6573,10 @@ + if (PF_ANEQ(pd2.src, + &nk->addr[pd2.sidx], pd2.af) || + (virtual_type == htons(ICMP_ECHO) && +- nk->port[iidx] != iih.icmp_id)) ++ nk->port[iidx] != iih->icmp_id)) + pf_change_icmp(pd2.src, + (virtual_type == htons(ICMP_ECHO)) ? +- &iih.icmp_id : NULL, ++ &iih->icmp_id : NULL, + daddr, &nk->addr[pd2.sidx], + (virtual_type == htons(ICMP_ECHO)) ? + nk->port[iidx] : 0, NULL, +@@ -6533,7 +6592,7 @@ + + m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp); + m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2); +- m_copyback(m, off2, ICMP_MINLEN, (caddr_t)&iih); ++ m_copyback(m, off2, ICMP_MINLEN, (caddr_t)iih); + } + return (PF_PASS); + break; +@@ -6541,9 +6600,9 @@ + #endif /* INET */ + #ifdef INET6 + case IPPROTO_ICMPV6: { +- struct icmp6_hdr iih; ++ struct icmp6_hdr *iih = &pd2.hdr.icmp6; + +- if (!pf_pull_hdr(m, off2, &iih, ++ if (!pf_pull_hdr(m, off2, iih, + sizeof(struct icmp6_hdr), NULL, reason, pd2.af)) { + DPFPRINTF(PF_DEBUG_MISC, + ("pf: ICMP error message too short " +@@ -6551,22 +6610,24 @@ + return (PF_DROP); + } + +- pf_icmp_mapping(&pd2, iih.icmp6_type, ++ pf_icmp_mapping(&pd2, iih->icmp6_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); +- ret = pf_icmp_state_lookup(&key, &pd2, state, m, ++ ++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, + pd->dir, kif, virtual_id, virtual_type, +- icmp_dir, &iidx, PF_ICMP_MULTI_NONE); ++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); + if (ret >= 0) { +- if (ret == PF_DROP && pd->af == AF_INET6 && ++ MPASS(*state == NULL); ++ if (ret == PF_DROP && pd2.af == AF_INET6 && + icmp_dir == PF_OUT) { +- if (*state != NULL) +- PF_STATE_UNLOCK((*state)); +- ret = pf_icmp_state_lookup(&key, pd, +- state, m, pd->dir, kif, ++ ret = pf_icmp_state_lookup(&key, &pd2, ++ state, m, off, pd->dir, kif, + virtual_id, virtual_type, +- icmp_dir, &iidx, multi); +- if (ret >= 0) ++ icmp_dir, &iidx, multi, 1); ++ if (ret >= 0) { ++ MPASS(*state == NULL); + return (ret); ++ } + } else + return (ret); + } +@@ -6580,10 +6641,10 @@ + if (PF_ANEQ(pd2.src, + &nk->addr[pd2.sidx], pd2.af) || + ((virtual_type == htons(ICMP6_ECHO_REQUEST)) && +- nk->port[pd2.sidx] != iih.icmp6_id)) ++ nk->port[pd2.sidx] != iih->icmp6_id)) + pf_change_icmp(pd2.src, + (virtual_type == htons(ICMP6_ECHO_REQUEST)) +- ? &iih.icmp6_id : NULL, ++ ? &iih->icmp6_id : NULL, + daddr, &nk->addr[pd2.sidx], + (virtual_type == htons(ICMP6_ECHO_REQUEST)) + ? nk->port[iidx] : 0, NULL, +@@ -6601,7 +6662,7 @@ + (caddr_t)&pd->hdr.icmp6); + m_copyback(m, ipoff2, sizeof(h2_6), (caddr_t)&h2_6); + m_copyback(m, off2, sizeof(struct icmp6_hdr), +- (caddr_t)&iih); ++ (caddr_t)iih); + } + return (PF_PASS); + break; +--- sys/netpfil/pf/pf_lb.c.orig ++++ sys/netpfil/pf/pf_lb.c +@@ -606,7 +606,7 @@ + return (NULL); + } + +- *skp = pf_state_key_setup(pd, saddr, daddr, sport, dport); ++ *skp = pf_state_key_setup(pd, m, off, saddr, daddr, sport, dport); + if (*skp == NULL) + return (NULL); + *nkp = pf_state_key_clone(*skp); +--- tests/sys/netpfil/pf/Makefile.orig ++++ tests/sys/netpfil/pf/Makefile +@@ -12,6 +12,7 @@ + fragmentation \ + get_state \ + icmp \ ++ icmp6 \ + killstate \ + macro \ + map_e \ +--- tests/sys/netpfil/pf/icmp.sh.orig ++++ tests/sys/netpfil/pf/icmp.sh +@@ -71,7 +71,74 @@ + pft_cleanup + } + ++atf_test_case "ttl_exceeded" "cleanup" ++ttl_exceeded_head() ++{ ++ atf_set descr 'Test that we correctly translate TTL exceeded back' ++ atf_set require.user root ++} ++ ++ttl_exceeded_body() ++{ ++ pft_init ++ ++ epair_srv=$(vnet_mkepair) ++ epair_int=$(vnet_mkepair) ++ epair_cl=$(vnet_mkepair) ++ ++ vnet_mkjail srv ${epair_srv}a ++ jexec srv ifconfig ${epair_srv}a 192.0.2.1/24 up ++ jexec srv route add default 192.0.2.2 ++ ++ vnet_mkjail int ${epair_srv}b ${epair_int}a ++ jexec int sysctl net.inet.ip.forwarding=1 ++ jexec int ifconfig ${epair_srv}b 192.0.2.2/24 up ++ jexec int ifconfig ${epair_int}a 203.0.113.2/24 up ++ ++ vnet_mkjail nat ${epair_int}b ${epair_cl}b ++ jexec nat ifconfig ${epair_int}b 203.0.113.1/24 up ++ jexec nat ifconfig ${epair_cl}b 198.51.100.2/24 up ++ jexec nat sysctl net.inet.ip.forwarding=1 ++ jexec nat route add default 203.0.113.2 ++ ++ vnet_mkjail cl ${epair_cl}a ++ jexec cl ifconfig ${epair_cl}a 198.51.100.1/24 up ++ jexec cl route add default 198.51.100.2 ++ ++ jexec nat pfctl -e ++ pft_set_rules nat \ ++ "nat on ${epair_int}b from 198.51.100.0/24 -> (${epair_int}b)" \ ++ "block" \ ++ "pass inet proto udp" \ ++ "pass inet proto icmp icmp-type { echoreq }" ++ ++ # Sanity checks ++ atf_check -s exit:0 -o ignore \ ++ jexec cl ping -c 1 198.51.100.2 ++ atf_check -s exit:0 -o ignore \ ++ jexec cl ping -c 1 203.0.113.1 ++ atf_check -s exit:0 -o ignore \ ++ jexec cl ping -c 1 203.0.113.2 ++ atf_check -s exit:0 -o ignore \ ++ jexec cl ping -c 1 192.0.2.1 ++ ++ echo "UDP" ++ atf_check -s exit:0 -e ignore -o match:".*203.0.113.2.*" \ ++ jexec cl traceroute 192.0.2.1 ++ jexec nat pfctl -Fs ++ ++ echo "ICMP" ++ atf_check -s exit:0 -e ignore -o match:".*203.0.113.2.*" \ ++ jexec cl traceroute -I 192.0.2.1 ++} ++ ++ttl_exceeded_cleanup() ++{ ++ pft_cleanup ++} ++ + atf_init_test_cases() + { + atf_add_test_case "cve_2019_5598" ++ atf_add_test_case "ttl_exceeded" + } +--- /dev/null ++++ tests/sys/netpfil/pf/icmp6.sh +@@ -0,0 +1,156 @@ ++# ++# SPDX-License-Identifier: BSD-2-Clause ++# ++# Copyright (c) 2024 Rubicon Communications, LLC (Netgate) ++# ++# Redistribution and use in source and binary forms, with or without ++# modification, are permitted provided that the following conditions ++# are met: ++# 1. Redistributions of source code must retain the above copyright ++# notice, this list of conditions and the following disclaimer. ++# 2. Redistributions in binary form must reproduce the above copyright ++# notice, this list of conditions and the following disclaimer in the ++# documentation and/or other materials provided with the distribution. ++# ++# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++# SUCH DAMAGE. ++ ++. $(atf_get_srcdir)/utils.subr ++ ++common_dir=$(atf_get_srcdir)/../common ++ ++atf_test_case "zero_id" "cleanup" ++zero_id_head() ++{ ++ atf_set descr 'Test ICMPv6 echo with ID 0 keep being blocked' ++ atf_set require.user root ++ atf_set require.progs scapy ++} ++ ++zero_id_body() ++{ ++ pft_init ++ ++ epair=$(vnet_mkepair) ++ ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad ++ ++ vnet_mkjail alcatraz ${epair}b ++ jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad ++ ++ # Sanity check ++ atf_check -s exit:0 -o ignore \ ++ ping -c 1 2001:db8::1 ++ ++ jexec alcatraz pfctl -e ++ pft_set_rules alcatraz \ ++ "set block-policy drop" \ ++ "antispoof quick for { egress ${epair}b }" \ ++ "block all" \ ++ "pass out" \ ++ "pass in quick inet6 proto IPV6-ICMP icmp6-type 135" \ ++ "pass in quick inet6 proto IPV6-ICMP icmp6-type 136" \ ++ "pass out quick inet6 proto IPV6 from self to any" ++ ++ # Now we can't ping ++ atf_check -s exit:2 -o ignore \ ++ ping -c 1 2001:db8::1 ++ ++ # Force neighbour discovery ++ ndp -d 2001:db8::1 ++ ++ # Verify that we don't confuse echo request with ID 0 for neighbour discovery ++ atf_check -s exit:1 -o ignore \ ++ ${common_dir}/pft_ping.py \ ++ --sendif ${epair}a \ ++ --to 2001:db8::1 \ ++ --replyif ${epair}a ++ ++ jexec alcatraz pfctl -ss -vv ++ jexec alcatraz pfctl -sr -vv ++} ++ ++zero_id_cleanup() ++{ ++ pft_cleanup ++} ++ ++atf_test_case "ttl_exceeded" "cleanup" ++ttl_exceeded_head() ++{ ++ atf_set descr 'Test that we correctly translate TTL exceeded back' ++ atf_set require.user root ++} ++ ++ttl_exceeded_body() ++{ ++ pft_init ++ ++ epair_srv=$(vnet_mkepair) ++ epair_int=$(vnet_mkepair) ++ epair_cl=$(vnet_mkepair) ++ ++ vnet_mkjail srv ${epair_srv}a ++ jexec srv ifconfig ${epair_srv}a inet6 2001:db8:1::1/64 no_dad up ++ jexec srv route add -6 default 2001:db8:1::2 ++ ++ vnet_mkjail int ${epair_srv}b ${epair_int}a ++ jexec int sysctl net.inet6.ip6.forwarding=1 ++ jexec int ifconfig ${epair_srv}b inet6 2001:db8:1::2/64 no_dad up ++ jexec int ifconfig ${epair_int}a inet6 2001:db8:2::2/64 no_dad up ++ ++ vnet_mkjail nat ${epair_int}b ${epair_cl}b ++ jexec nat ifconfig ${epair_int}b inet6 2001:db8:2::1 no_dad up ++ jexec nat ifconfig ${epair_cl}b inet6 2001:db8:3::2/64 no_dad up ++ jexec nat sysctl net.inet6.ip6.forwarding=1 ++ jexec nat route add -6 default 2001:db8:2::2 ++ ++ vnet_mkjail cl ${epair_cl}a ++ jexec cl ifconfig ${epair_cl}a inet6 2001:db8:3::1/64 no_dad up ++ jexec cl route add -6 default 2001:db8:3::2 ++ ++ jexec nat pfctl -e ++ pft_set_rules nat \ ++ "nat on ${epair_int}b from 2001:db8:3::/64 -> (${epair_int}b:0)" \ ++ "block" \ ++ "pass inet6 proto udp" \ ++ "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv, echoreq }" ++ ++ # Sanity checks ++ atf_check -s exit:0 -o ignore \ ++ jexec cl ping -c 1 2001:db8:3::2 ++ atf_check -s exit:0 -o ignore \ ++ jexec cl ping -c 1 2001:db8:2::1 ++ atf_check -s exit:0 -o ignore \ ++ jexec cl ping -c 1 2001:db8:2::2 ++ atf_check -s exit:0 -o ignore \ ++ jexec cl ping -c 1 2001:db8:1::1 ++ ++ echo "UDP" ++ atf_check -s exit:0 -e ignore -o match:".*2001:db8:2::2.*" \ ++ jexec cl traceroute6 2001:db8:1::1 ++ jexec nat pfctl -Fs ++ ++ echo "ICMP" ++ atf_check -s exit:0 -e ignore -o match:".*2001:db8:2::2.*" \ ++ jexec cl traceroute6 -I 2001:db8:1::1 ++} ++ ++ttl_exceeded_cleanup() ++{ ++ pft_cleanup ++} ++ ++atf_init_test_cases() ++{ ++ atf_add_test_case "zero_id" ++ atf_add_test_case "ttl_exceeded" ++} diff --git a/website/static/security/patches/EN-24:16/pf-13.3.patch.asc b/website/static/security/patches/EN-24:16/pf-13.3.patch.asc new file mode 100644 index 000000000000..fe51cb96ca1c --- /dev/null +++ b/website/static/security/patches/EN-24:16/pf-13.3.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQoACgkQbljekB8A +Gu9blRAAqe2+7l0ZZcw3minxaU3hmjJiXscCVRJvb+Igj99LQDpQLCWNsiOzPOp5 +3A2Jnkjpd5Ax1qZ/n7zydFubKFNlW7cBEsgzTg1P3X7r4/LV/x0pame/bImVpRqd +s5+Zd8ygE/udOj1fPn83EBIedQF9u0MzN3rU2Ll5YqsCH2cW7DQ548VgXsl6J1TB +TjnJSCM87WBy1UhgaMt/A2pzoAMyjViBPQcKtWwYwkEv5avJo/eX0+RpYZlbVUl4 +MTKBcr0Utq8PueRHQQDlgvF7MHrbrnXg4qBdTKZqodGtDc3Ty9bDJXTfT9D27Vtr +ltaL4TyB8Zu0cy4DsUzN+1HnBTUrYQiyfZeMB2cJwwATkPs4VDBJzBJpjdgZG9pT +ZWXQBlLUyDPg40c0DPGe+IixxWj6J8oprlXqc1XmGzbopvBbrBvVd6G3OkC5H99T +UxdD//5Czr9P+9jiQF4oXGaUAs3EjL8zXHDPzu9vnau5CRP0uT6AcZ83qx5l6kiJ ++VheGTuPbZDY36WQ9iMPeMyZO1fQ3BBchaaaO6vP7pyV7fpBAvq0pWGZvydiQI7C +PpxQEhHIRVa7aFrKU4S7a6E/hvgugQatn8u0KViKFSy5ixBg/vz2hJD8qAuxpbt8 +4aRxXj/PpUa8JIdNRcA1ZU0vYolEDo5+2tB+5RUN7DzV3yC0QuY= +=I//K +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-24:16/pf-14.0.patch b/website/static/security/patches/EN-24:16/pf-14.0.patch new file mode 100644 index 000000000000..0486e01fc4df --- /dev/null +++ b/website/static/security/patches/EN-24:16/pf-14.0.patch @@ -0,0 +1,486 @@ +--- sys/net/pfvar.h.orig ++++ sys/net/pfvar.h +@@ -359,8 +359,8 @@ + mtx_unlock(_s->lock); \ + } while (0) + #else +-#define PF_STATE_LOCK(s) mtx_lock(s->lock) +-#define PF_STATE_UNLOCK(s) mtx_unlock(s->lock) ++#define PF_STATE_LOCK(s) mtx_lock((s)->lock) ++#define PF_STATE_UNLOCK(s) mtx_unlock((s)->lock) + #endif + + #ifdef INVARIANTS +@@ -2482,8 +2482,8 @@ + struct pf_addr *, struct pf_addr *, + uint16_t, uint16_t, struct pf_kanchor_stackframe *); + +-struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *, +- struct pf_addr *, u_int16_t, u_int16_t); ++struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct mbuf *, int, ++ struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t); + struct pf_state_key *pf_state_key_clone(struct pf_state_key *); + void pf_rule_to_actions(struct pf_krule *, + struct pf_rule_actions *); +--- sys/netpfil/pf/pf.c.orig ++++ sys/netpfil/pf/pf.c +@@ -292,6 +292,9 @@ + u_int16_t, u_int16_t, int *, struct pfi_kkif *, + struct pf_kstate **, int, u_int16_t, u_int16_t, + int, struct pf_krule_slist *); ++static int pf_state_key_addr_setup(struct pf_pdesc *, struct mbuf *, ++ int, struct pf_state_key_cmp *, int, struct pf_addr *, ++ int, struct pf_addr *, int); + static int pf_test_fragment(struct pf_krule **, struct pfi_kkif *, + struct mbuf *, void *, struct pf_pdesc *, + struct pf_krule **, struct pf_kruleset **); +@@ -308,8 +311,8 @@ + void *, struct pf_pdesc *); + int pf_icmp_state_lookup(struct pf_state_key_cmp *, + struct pf_pdesc *, struct pf_kstate **, struct mbuf *, +- int, struct pfi_kkif *, u_int16_t, u_int16_t, +- int, int *, int); ++ int, int, struct pfi_kkif *, u_int16_t, u_int16_t, ++ int, int *, int, int); + static int pf_test_state_icmp(struct pf_kstate **, + struct pfi_kkif *, struct mbuf *, int, + void *, struct pf_pdesc *, u_short *); +@@ -359,7 +362,7 @@ + + VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); + +-enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK }; ++enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK }; + + #define PACKET_UNDO_NAT(_m, _pd, _off, _s) \ + do { \ +@@ -1418,9 +1421,66 @@ + return (0); + } + ++static int ++pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m, int off, ++ struct pf_state_key_cmp *key, int sidx, struct pf_addr *saddr, ++ int didx, struct pf_addr *daddr, int multi) ++{ ++#ifdef INET6 ++ struct nd_neighbor_solicit nd; ++ struct pf_addr *target; ++ u_short action, reason; ++ ++ if (pd->af == AF_INET || pd->proto != IPPROTO_ICMPV6) ++ goto copy; ++ ++ switch (pd->hdr.icmp6.icmp6_type) { ++ case ND_NEIGHBOR_SOLICIT: ++ if (multi) ++ return (-1); ++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af)) ++ return (-1); ++ target = (struct pf_addr *)&nd.nd_ns_target; ++ daddr = target; ++ break; ++ case ND_NEIGHBOR_ADVERT: ++ if (multi) ++ return (-1); ++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af)) ++ return (-1); ++ target = (struct pf_addr *)&nd.nd_ns_target; ++ saddr = target; ++ if (IN6_IS_ADDR_MULTICAST(&pd->dst->v6)) { ++ key->addr[didx].addr32[0] = 0; ++ key->addr[didx].addr32[1] = 0; ++ key->addr[didx].addr32[2] = 0; ++ key->addr[didx].addr32[3] = 0; ++ daddr = NULL; /* overwritten */ ++ } ++ break; ++ default: ++ if (multi == PF_ICMP_MULTI_LINK) { ++ key->addr[sidx].addr32[0] = IPV6_ADDR_INT32_MLL; ++ key->addr[sidx].addr32[1] = 0; ++ key->addr[sidx].addr32[2] = 0; ++ key->addr[sidx].addr32[3] = IPV6_ADDR_INT32_ONE; ++ saddr = NULL; /* overwritten */ ++ } ++ } ++copy: ++#endif ++ if (saddr) ++ PF_ACPY(&key->addr[sidx], saddr, pd->af); ++ if (daddr) ++ PF_ACPY(&key->addr[didx], daddr, pd->af); ++ ++ return (0); ++} ++ + struct pf_state_key * +-pf_state_key_setup(struct pf_pdesc *pd, struct pf_addr *saddr, +- struct pf_addr *daddr, u_int16_t sport, u_int16_t dport) ++pf_state_key_setup(struct pf_pdesc *pd, struct mbuf *m, int off, ++ struct pf_addr *saddr, struct pf_addr *daddr, u_int16_t sport, ++ u_int16_t dport) + { + struct pf_state_key *sk; + +@@ -1428,8 +1488,12 @@ + if (sk == NULL) + return (NULL); + +- PF_ACPY(&sk->addr[pd->sidx], saddr, pd->af); +- PF_ACPY(&sk->addr[pd->didx], daddr, pd->af); ++ if (pf_state_key_addr_setup(pd, m, off, (struct pf_state_key_cmp *)sk, ++ pd->sidx, pd->src, pd->didx, pd->dst, 0)) { ++ uma_zfree(V_pf_state_key_z, sk); ++ return (NULL); ++ } ++ + sk->port[pd->sidx] = sport; + sk->port[pd->didx] = dport; + sk->proto = pd->proto; +@@ -5110,7 +5174,7 @@ + if (nr == NULL) { + KASSERT((sk == NULL && nk == NULL), ("%s: nr %p sk %p, nk %p", + __func__, nr, sk, nk)); +- sk = pf_state_key_setup(pd, pd->src, pd->dst, sport, dport); ++ sk = pf_state_key_setup(pd, m, off, pd->src, pd->dst, sport, dport); + if (sk == NULL) + goto csfailed; + nk = sk; +@@ -6090,8 +6154,9 @@ + + int + pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd, +- struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif, +- u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi) ++ struct pf_kstate **state, struct mbuf *m, int off, int direction, ++ struct pfi_kkif *kif, u_int16_t icmpid, u_int16_t type, int icmp_dir, ++ int *iidx, int multi, int inner) + { + key->af = pd->af; + key->proto = pd->proto; +@@ -6104,31 +6169,19 @@ + key->port[pd->sidx] = type; + key->port[pd->didx] = icmpid; + } +- if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) { +- switch (multi) { +- case PF_ICMP_MULTI_SOLICITED: +- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; +- key->addr[pd->sidx].addr32[1] = 0; +- key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE; +- key->addr[pd->sidx].addr32[3] = pd->src->addr32[3]; +- key->addr[pd->sidx].addr8[12] = 0xff; +- break; +- case PF_ICMP_MULTI_LINK: +- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; +- key->addr[pd->sidx].addr32[1] = 0; +- key->addr[pd->sidx].addr32[2] = 0; +- key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE; +- break; +- } +- } else +- PF_ACPY(&key->addr[pd->sidx], pd->src, key->af); +- PF_ACPY(&key->addr[pd->didx], pd->dst, key->af); ++ if (pf_state_key_addr_setup(pd, m, off, key, pd->sidx, pd->src, ++ pd->didx, pd->dst, multi)) ++ return (PF_DROP); + + STATE_LOOKUP(kif, key, *state, pd); + ++ if ((*state)->state_flags & PFSTATE_SLOPPY) ++ return (-1); ++ + /* Is this ICMP message flowing in right direction? */ + if ((*state)->rule.ptr->type && +- (((*state)->direction == direction) ? ++ (((!inner && (*state)->direction == direction) || ++ (inner && (*state)->direction != direction)) ? + PF_IN : PF_OUT) != icmp_dir) { + if (V_pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: icmp type %d in wrong direction (%d): ", +@@ -6136,6 +6189,8 @@ + pf_print_state(*state); + printf("\n"); + } ++ PF_STATE_UNLOCK(*state); ++ *state = NULL; + return (PF_DROP); + } + return (-1); +@@ -6184,19 +6239,20 @@ + * ICMP query/reply message not related to a TCP/UDP packet. + * Search for an ICMP state. + */ +- ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir, ++ ret = pf_icmp_state_lookup(&key, pd, state, m, off, pd->dir, + kif, virtual_id, virtual_type, icmp_dir, &iidx, +- PF_ICMP_MULTI_NONE); ++ PF_ICMP_MULTI_NONE, 0); + if (ret >= 0) { ++ MPASS(*state == NULL); + if (ret == PF_DROP && pd->af == AF_INET6 && + icmp_dir == PF_OUT) { +- if (*state != NULL) +- PF_STATE_UNLOCK((*state)); +- ret = pf_icmp_state_lookup(&key, pd, state, m, ++ ret = pf_icmp_state_lookup(&key, pd, state, m, off, + pd->dir, kif, virtual_id, virtual_type, +- icmp_dir, &iidx, multi); +- if (ret >= 0) ++ icmp_dir, &iidx, multi, 0); ++ if (ret >= 0) { ++ MPASS(*state == NULL); + return (ret); ++ } + } else + return (ret); + } +@@ -6278,6 +6334,7 @@ + int off2 = 0; + + pd2.af = pd->af; ++ pd2.dir = pd->dir; + /* Payload packet is from the opposite direction. */ + pd2.sidx = (pd->dir == PF_IN) ? 1 : 0; + pd2.didx = (pd->dir == PF_IN) ? 0 : 1; +@@ -6585,9 +6642,9 @@ + } + #ifdef INET + case IPPROTO_ICMP: { +- struct icmp iih; ++ struct icmp *iih = &pd2.hdr.icmp; + +- if (!pf_pull_hdr(m, off2, &iih, ICMP_MINLEN, ++ if (!pf_pull_hdr(m, off2, iih, ICMP_MINLEN, + NULL, reason, pd2.af)) { + DPFPRINTF(PF_DEBUG_MISC, + ("pf: ICMP error message too short i" +@@ -6595,15 +6652,17 @@ + return (PF_DROP); + } + +- icmpid = iih.icmp_id; +- pf_icmp_mapping(&pd2, iih.icmp_type, ++ icmpid = iih->icmp_id; ++ pf_icmp_mapping(&pd2, iih->icmp_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); + +- ret = pf_icmp_state_lookup(&key, &pd2, state, m, +- pd->dir, kif, virtual_id, virtual_type, +- icmp_dir, &iidx, PF_ICMP_MULTI_NONE); +- if (ret >= 0) ++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, ++ pd2.dir, kif, virtual_id, virtual_type, ++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); ++ if (ret >= 0) { ++ MPASS(*state == NULL); + return (ret); ++ } + + /* translate source/destination address, if necessary */ + if ((*state)->key[PF_SK_WIRE] != +@@ -6614,10 +6673,10 @@ + if (PF_ANEQ(pd2.src, + &nk->addr[pd2.sidx], pd2.af) || + (virtual_type == htons(ICMP_ECHO) && +- nk->port[iidx] != iih.icmp_id)) ++ nk->port[iidx] != iih->icmp_id)) + pf_change_icmp(pd2.src, + (virtual_type == htons(ICMP_ECHO)) ? +- &iih.icmp_id : NULL, ++ &iih->icmp_id : NULL, + daddr, &nk->addr[pd2.sidx], + (virtual_type == htons(ICMP_ECHO)) ? + nk->port[iidx] : 0, NULL, +@@ -6633,7 +6692,7 @@ + + m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp); + m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2); +- m_copyback(m, off2, ICMP_MINLEN, (caddr_t)&iih); ++ m_copyback(m, off2, ICMP_MINLEN, (caddr_t)iih); + } + return (PF_PASS); + break; +@@ -6641,9 +6700,9 @@ + #endif /* INET */ + #ifdef INET6 + case IPPROTO_ICMPV6: { +- struct icmp6_hdr iih; ++ struct icmp6_hdr *iih = &pd2.hdr.icmp6; + +- if (!pf_pull_hdr(m, off2, &iih, ++ if (!pf_pull_hdr(m, off2, iih, + sizeof(struct icmp6_hdr), NULL, reason, pd2.af)) { + DPFPRINTF(PF_DEBUG_MISC, + ("pf: ICMP error message too short " +@@ -6651,22 +6710,24 @@ + return (PF_DROP); + } + +- pf_icmp_mapping(&pd2, iih.icmp6_type, ++ pf_icmp_mapping(&pd2, iih->icmp6_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); +- ret = pf_icmp_state_lookup(&key, &pd2, state, m, ++ ++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, + pd->dir, kif, virtual_id, virtual_type, +- icmp_dir, &iidx, PF_ICMP_MULTI_NONE); ++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); + if (ret >= 0) { +- if (ret == PF_DROP && pd->af == AF_INET6 && ++ MPASS(*state == NULL); ++ if (ret == PF_DROP && pd2.af == AF_INET6 && + icmp_dir == PF_OUT) { +- if (*state != NULL) +- PF_STATE_UNLOCK((*state)); +- ret = pf_icmp_state_lookup(&key, pd, +- state, m, pd->dir, kif, ++ ret = pf_icmp_state_lookup(&key, &pd2, ++ state, m, off, pd->dir, kif, + virtual_id, virtual_type, +- icmp_dir, &iidx, multi); +- if (ret >= 0) ++ icmp_dir, &iidx, multi, 1); ++ if (ret >= 0) { ++ MPASS(*state == NULL); + return (ret); ++ } + } else + return (ret); + } +@@ -6680,10 +6741,10 @@ + if (PF_ANEQ(pd2.src, + &nk->addr[pd2.sidx], pd2.af) || + ((virtual_type == htons(ICMP6_ECHO_REQUEST)) && +- nk->port[pd2.sidx] != iih.icmp6_id)) ++ nk->port[pd2.sidx] != iih->icmp6_id)) + pf_change_icmp(pd2.src, + (virtual_type == htons(ICMP6_ECHO_REQUEST)) +- ? &iih.icmp6_id : NULL, ++ ? &iih->icmp6_id : NULL, + daddr, &nk->addr[pd2.sidx], + (virtual_type == htons(ICMP6_ECHO_REQUEST)) + ? nk->port[iidx] : 0, NULL, +@@ -6701,7 +6762,7 @@ + (caddr_t)&pd->hdr.icmp6); + m_copyback(m, ipoff2, sizeof(h2_6), (caddr_t)&h2_6); + m_copyback(m, off2, sizeof(struct icmp6_hdr), +- (caddr_t)&iih); ++ (caddr_t)iih); + } + return (PF_PASS); + break; +--- sys/netpfil/pf/pf_lb.c.orig ++++ sys/netpfil/pf/pf_lb.c +@@ -633,7 +633,7 @@ + return (NULL); + } + +- *skp = pf_state_key_setup(pd, saddr, daddr, sport, dport); ++ *skp = pf_state_key_setup(pd, m, off, saddr, daddr, sport, dport); + if (*skp == NULL) + return (NULL); + *nkp = pf_state_key_clone(*skp); +--- tests/sys/netpfil/pf/Makefile.orig ++++ tests/sys/netpfil/pf/Makefile +@@ -13,6 +13,7 @@ + fragmentation_pass \ + get_state \ + icmp \ ++ icmp6 \ + killstate \ + macro \ + map_e \ +--- /dev/null ++++ tests/sys/netpfil/pf/icmp6.sh +@@ -0,0 +1,89 @@ ++# ++# SPDX-License-Identifier: BSD-2-Clause ++# ++# Copyright (c) 2024 Rubicon Communications, LLC (Netgate) ++# ++# Redistribution and use in source and binary forms, with or without ++# modification, are permitted provided that the following conditions ++# are met: ++# 1. Redistributions of source code must retain the above copyright ++# notice, this list of conditions and the following disclaimer. ++# 2. Redistributions in binary form must reproduce the above copyright ++# notice, this list of conditions and the following disclaimer in the ++# documentation and/or other materials provided with the distribution. ++# ++# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++# SUCH DAMAGE. ++ ++. $(atf_get_srcdir)/utils.subr ++ ++common_dir=$(atf_get_srcdir)/../common ++ ++atf_test_case "zero_id" "cleanup" ++zero_id_head() ++{ ++ atf_set descr 'Test ICMPv6 echo with ID 0 keep being blocked' ++ atf_set require.user root ++ atf_set require.progs scapy ++} ++ ++zero_id_body() ++{ ++ pft_init ++ ++ epair=$(vnet_mkepair) ++ ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad ++ ++ vnet_mkjail alcatraz ${epair}b ++ jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad ++ ++ # Sanity check ++ atf_check -s exit:0 -o ignore \ ++ ping -c 1 2001:db8::1 ++ ++ jexec alcatraz pfctl -e ++ pft_set_rules alcatraz \ ++ "set block-policy drop" \ ++ "antispoof quick for { egress ${epair}b }" \ ++ "block all" \ ++ "pass out" \ ++ "pass in quick inet6 proto IPV6-ICMP icmp6-type 135" \ ++ "pass in quick inet6 proto IPV6-ICMP icmp6-type 136" \ ++ "pass out quick inet6 proto IPV6 from self to any" ++ ++ # Now we can't ping ++ atf_check -s exit:2 -o ignore \ ++ ping -c 1 2001:db8::1 ++ ++ # Force neighbour discovery ++ ndp -d 2001:db8::1 ++ ++ # Verify that we don't confuse echo request with ID 0 for neighbour discovery ++ atf_check -s exit:1 -o ignore \ ++ ${common_dir}/pft_ping.py \ ++ --sendif ${epair}a \ ++ --to 2001:db8::1 \ ++ --replyif ${epair}a ++ ++ jexec alcatraz pfctl -ss -vv ++ jexec alcatraz pfctl -sr -vv ++} ++ ++zero_id_cleanup() ++{ ++ pft_cleanup ++} ++ ++atf_init_test_cases() ++{ ++ atf_add_test_case "zero_id" ++} diff --git a/website/static/security/patches/EN-24:16/pf-14.0.patch.asc b/website/static/security/patches/EN-24:16/pf-14.0.patch.asc new file mode 100644 index 000000000000..8fbfe7653b66 --- /dev/null +++ b/website/static/security/patches/EN-24:16/pf-14.0.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQsACgkQbljekB8A +Gu/uNRAAl55peDh/O/GRKNB4Cf5auf+rnL2A8pFZ2zLYhjhguVoHauuuviFWCgK0 +BhsEGspwAVAzG79zUCBMrhIZfJ2zP6IAwJ6X+I8HoZYIhYMBM7X1OmDq8lDffpgo +Z9C73lftJXvT+L54SxWVmxs1agBBM/0GB1x+YXugxVmUElIj+e/Wv/uEcGFLKxFc +9sva/uaxJEY2Un8VslgClrJz85cRQfC2E6JxZ4t7FTcE+MlVzbYa9YZeHO8+AxqJ +3lnZBo1dDGeXzXNxsSdFOnz+vwbdRHo5U8a6b+G8b9eCJj3+WCF2/zuKTLPqLYMC +QUw8Fj+mAbVge5rOmT74UWRVhvL3pdw82O1X0V0jJZu2OQ1LW5AEUJKA/ssdVsZa +wRO5A8T8vJCyhid8YErUzAr3O6Bat/r7bJI2TJDoUODbcrzdXuT0dgCEIMfL6EGu +Z337blTPnBdD7u1oYhY7MOudT3il7z9yoYWRPfxxqMJQf0gI6qf6q/iztnlzNcIX +1xHxNWVxL1p0arfMuHcgolepS8OC6uN/pT04M/UftiUf82Z1DPZMNtYqOR4veb7t +xQ0kwj2JbqdZ9OccpozEgtfcFIQ8R3EavL88dudHROR5g1LVOUlnjfVeM+RsHKAo +bU+PpL7QOTj0uMsIaFa2sawEd9wsqYvuEgBg3wvqB08ho8MmZkQ= +=331g +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-24:16/pf-14.1.patch b/website/static/security/patches/EN-24:16/pf-14.1.patch new file mode 100644 index 000000000000..543043ca2305 --- /dev/null +++ b/website/static/security/patches/EN-24:16/pf-14.1.patch @@ -0,0 +1,384 @@ +--- sys/net/pfvar.h.orig ++++ sys/net/pfvar.h +@@ -359,8 +359,8 @@ + mtx_unlock(_s->lock); \ + } while (0) + #else +-#define PF_STATE_LOCK(s) mtx_lock(s->lock) +-#define PF_STATE_UNLOCK(s) mtx_unlock(s->lock) ++#define PF_STATE_LOCK(s) mtx_lock((s)->lock) ++#define PF_STATE_UNLOCK(s) mtx_unlock((s)->lock) + #endif + + #ifdef INVARIANTS +@@ -2512,8 +2512,8 @@ + struct pf_addr *, struct pf_addr *, + uint16_t, uint16_t, struct pf_kanchor_stackframe *); + +-struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *, +- struct pf_addr *, u_int16_t, u_int16_t); ++struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct mbuf *, int, ++ struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t); + struct pf_state_key *pf_state_key_clone(struct pf_state_key *); + void pf_rule_to_actions(struct pf_krule *, + struct pf_rule_actions *); +--- sys/netpfil/pf/pf.c.orig ++++ sys/netpfil/pf/pf.c +@@ -325,6 +325,9 @@ + u_int16_t, u_int16_t, int *, struct pfi_kkif *, + struct pf_kstate **, int, u_int16_t, u_int16_t, + int, struct pf_krule_slist *); ++static int pf_state_key_addr_setup(struct pf_pdesc *, struct mbuf *, ++ int, struct pf_state_key_cmp *, int, struct pf_addr *, ++ int, struct pf_addr *, int); + static int pf_test_fragment(struct pf_krule **, struct pfi_kkif *, + struct mbuf *, void *, struct pf_pdesc *, + struct pf_krule **, struct pf_kruleset **); +@@ -341,8 +344,8 @@ + void *, struct pf_pdesc *); + int pf_icmp_state_lookup(struct pf_state_key_cmp *, + struct pf_pdesc *, struct pf_kstate **, struct mbuf *, +- int, struct pfi_kkif *, u_int16_t, u_int16_t, +- int, int *, int); ++ int, int, struct pfi_kkif *, u_int16_t, u_int16_t, ++ int, int *, int, int); + static int pf_test_state_icmp(struct pf_kstate **, + struct pfi_kkif *, struct mbuf *, int, + void *, struct pf_pdesc *, u_short *); +@@ -395,7 +398,7 @@ + + VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); + +-enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK }; ++enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK }; + + #define PACKET_UNDO_NAT(_m, _pd, _off, _s) \ + do { \ +@@ -1457,9 +1460,66 @@ + return (0); + } + ++static int ++pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m, int off, ++ struct pf_state_key_cmp *key, int sidx, struct pf_addr *saddr, ++ int didx, struct pf_addr *daddr, int multi) ++{ ++#ifdef INET6 ++ struct nd_neighbor_solicit nd; ++ struct pf_addr *target; ++ u_short action, reason; ++ ++ if (pd->af == AF_INET || pd->proto != IPPROTO_ICMPV6) ++ goto copy; ++ ++ switch (pd->hdr.icmp6.icmp6_type) { ++ case ND_NEIGHBOR_SOLICIT: ++ if (multi) ++ return (-1); ++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af)) ++ return (-1); ++ target = (struct pf_addr *)&nd.nd_ns_target; ++ daddr = target; ++ break; ++ case ND_NEIGHBOR_ADVERT: ++ if (multi) ++ return (-1); ++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af)) ++ return (-1); ++ target = (struct pf_addr *)&nd.nd_ns_target; ++ saddr = target; ++ if (IN6_IS_ADDR_MULTICAST(&pd->dst->v6)) { ++ key->addr[didx].addr32[0] = 0; ++ key->addr[didx].addr32[1] = 0; ++ key->addr[didx].addr32[2] = 0; ++ key->addr[didx].addr32[3] = 0; ++ daddr = NULL; /* overwritten */ ++ } ++ break; ++ default: ++ if (multi == PF_ICMP_MULTI_LINK) { ++ key->addr[sidx].addr32[0] = IPV6_ADDR_INT32_MLL; ++ key->addr[sidx].addr32[1] = 0; ++ key->addr[sidx].addr32[2] = 0; ++ key->addr[sidx].addr32[3] = IPV6_ADDR_INT32_ONE; ++ saddr = NULL; /* overwritten */ ++ } ++ } ++copy: ++#endif ++ if (saddr) ++ PF_ACPY(&key->addr[sidx], saddr, pd->af); ++ if (daddr) ++ PF_ACPY(&key->addr[didx], daddr, pd->af); ++ ++ return (0); ++} ++ + struct pf_state_key * +-pf_state_key_setup(struct pf_pdesc *pd, struct pf_addr *saddr, +- struct pf_addr *daddr, u_int16_t sport, u_int16_t dport) ++pf_state_key_setup(struct pf_pdesc *pd, struct mbuf *m, int off, ++ struct pf_addr *saddr, struct pf_addr *daddr, u_int16_t sport, ++ u_int16_t dport) + { + struct pf_state_key *sk; + +@@ -1467,8 +1527,12 @@ + if (sk == NULL) + return (NULL); + +- PF_ACPY(&sk->addr[pd->sidx], saddr, pd->af); +- PF_ACPY(&sk->addr[pd->didx], daddr, pd->af); ++ if (pf_state_key_addr_setup(pd, m, off, (struct pf_state_key_cmp *)sk, ++ pd->sidx, pd->src, pd->didx, pd->dst, 0)) { ++ uma_zfree(V_pf_state_key_z, sk); ++ return (NULL); ++ } ++ + sk->port[pd->sidx] = sport; + sk->port[pd->didx] = dport; + sk->proto = pd->proto; +@@ -5152,7 +5216,7 @@ + if (nr == NULL) { + KASSERT((sk == NULL && nk == NULL), ("%s: nr %p sk %p, nk %p", + __func__, nr, sk, nk)); +- sk = pf_state_key_setup(pd, pd->src, pd->dst, sport, dport); ++ sk = pf_state_key_setup(pd, m, off, pd->src, pd->dst, sport, dport); + if (sk == NULL) + goto csfailed; + nk = sk; +@@ -6581,8 +6645,9 @@ + + int + pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd, +- struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif, +- u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi) ++ struct pf_kstate **state, struct mbuf *m, int off, int direction, ++ struct pfi_kkif *kif, u_int16_t icmpid, u_int16_t type, int icmp_dir, ++ int *iidx, int multi, int inner) + { + key->af = pd->af; + key->proto = pd->proto; +@@ -6595,31 +6660,19 @@ + key->port[pd->sidx] = type; + key->port[pd->didx] = icmpid; + } +- if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) { +- switch (multi) { +- case PF_ICMP_MULTI_SOLICITED: +- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; +- key->addr[pd->sidx].addr32[1] = 0; +- key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE; +- key->addr[pd->sidx].addr32[3] = pd->src->addr32[3]; +- key->addr[pd->sidx].addr8[12] = 0xff; +- break; +- case PF_ICMP_MULTI_LINK: +- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; +- key->addr[pd->sidx].addr32[1] = 0; +- key->addr[pd->sidx].addr32[2] = 0; +- key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE; +- break; +- } +- } else +- PF_ACPY(&key->addr[pd->sidx], pd->src, key->af); +- PF_ACPY(&key->addr[pd->didx], pd->dst, key->af); ++ if (pf_state_key_addr_setup(pd, m, off, key, pd->sidx, pd->src, ++ pd->didx, pd->dst, multi)) ++ return (PF_DROP); + + STATE_LOOKUP(kif, key, *state, pd); + ++ if ((*state)->state_flags & PFSTATE_SLOPPY) ++ return (-1); ++ + /* Is this ICMP message flowing in right direction? */ + if ((*state)->rule.ptr->type && +- (((*state)->direction == direction) ? ++ (((!inner && (*state)->direction == direction) || ++ (inner && (*state)->direction != direction)) ? + PF_IN : PF_OUT) != icmp_dir) { + if (V_pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: icmp type %d in wrong direction (%d): ", +@@ -6627,6 +6680,8 @@ + pf_print_state(*state); + printf("\n"); + } ++ PF_STATE_UNLOCK(*state); ++ *state = NULL; + return (PF_DROP); + } + return (-1); +@@ -6675,19 +6730,20 @@ + * ICMP query/reply message not related to a TCP/UDP packet. + * Search for an ICMP state. + */ +- ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir, ++ ret = pf_icmp_state_lookup(&key, pd, state, m, off, pd->dir, + kif, virtual_id, virtual_type, icmp_dir, &iidx, +- PF_ICMP_MULTI_NONE); ++ PF_ICMP_MULTI_NONE, 0); + if (ret >= 0) { ++ MPASS(*state == NULL); + if (ret == PF_DROP && pd->af == AF_INET6 && + icmp_dir == PF_OUT) { +- if (*state != NULL) +- PF_STATE_UNLOCK((*state)); +- ret = pf_icmp_state_lookup(&key, pd, state, m, ++ ret = pf_icmp_state_lookup(&key, pd, state, m, off, + pd->dir, kif, virtual_id, virtual_type, +- icmp_dir, &iidx, multi); +- if (ret >= 0) ++ icmp_dir, &iidx, multi, 0); ++ if (ret >= 0) { ++ MPASS(*state == NULL); + return (ret); ++ } + } else + return (ret); + } +@@ -6769,6 +6825,7 @@ + int off2 = 0; + + pd2.af = pd->af; ++ pd2.dir = pd->dir; + /* Payload packet is from the opposite direction. */ + pd2.sidx = (pd->dir == PF_IN) ? 1 : 0; + pd2.didx = (pd->dir == PF_IN) ? 0 : 1; +@@ -7076,9 +7133,9 @@ + } + #ifdef INET + case IPPROTO_ICMP: { +- struct icmp iih; ++ struct icmp *iih = &pd2.hdr.icmp; + +- if (!pf_pull_hdr(m, off2, &iih, ICMP_MINLEN, ++ if (!pf_pull_hdr(m, off2, iih, ICMP_MINLEN, + NULL, reason, pd2.af)) { + DPFPRINTF(PF_DEBUG_MISC, + ("pf: ICMP error message too short i" +@@ -7086,15 +7143,17 @@ + return (PF_DROP); + } + +- icmpid = iih.icmp_id; +- pf_icmp_mapping(&pd2, iih.icmp_type, ++ icmpid = iih->icmp_id; ++ pf_icmp_mapping(&pd2, iih->icmp_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); + +- ret = pf_icmp_state_lookup(&key, &pd2, state, m, +- pd->dir, kif, virtual_id, virtual_type, +- icmp_dir, &iidx, PF_ICMP_MULTI_NONE); +- if (ret >= 0) ++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, ++ pd2.dir, kif, virtual_id, virtual_type, ++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); ++ if (ret >= 0) { ++ MPASS(*state == NULL); + return (ret); ++ } + + /* translate source/destination address, if necessary */ + if ((*state)->key[PF_SK_WIRE] != +@@ -7105,10 +7164,10 @@ + if (PF_ANEQ(pd2.src, + &nk->addr[pd2.sidx], pd2.af) || + (virtual_type == htons(ICMP_ECHO) && +- nk->port[iidx] != iih.icmp_id)) ++ nk->port[iidx] != iih->icmp_id)) + pf_change_icmp(pd2.src, + (virtual_type == htons(ICMP_ECHO)) ? +- &iih.icmp_id : NULL, ++ &iih->icmp_id : NULL, + daddr, &nk->addr[pd2.sidx], + (virtual_type == htons(ICMP_ECHO)) ? + nk->port[iidx] : 0, NULL, +@@ -7124,7 +7183,7 @@ + + m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp); + m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2); +- m_copyback(m, off2, ICMP_MINLEN, (caddr_t)&iih); ++ m_copyback(m, off2, ICMP_MINLEN, (caddr_t)iih); + } + return (PF_PASS); + break; +@@ -7132,9 +7191,9 @@ + #endif /* INET */ + #ifdef INET6 + case IPPROTO_ICMPV6: { +- struct icmp6_hdr iih; ++ struct icmp6_hdr *iih = &pd2.hdr.icmp6; + +- if (!pf_pull_hdr(m, off2, &iih, ++ if (!pf_pull_hdr(m, off2, iih, + sizeof(struct icmp6_hdr), NULL, reason, pd2.af)) { + DPFPRINTF(PF_DEBUG_MISC, + ("pf: ICMP error message too short " +@@ -7142,22 +7201,24 @@ + return (PF_DROP); + } + +- pf_icmp_mapping(&pd2, iih.icmp6_type, ++ pf_icmp_mapping(&pd2, iih->icmp6_type, + &icmp_dir, &multi, &virtual_id, &virtual_type); +- ret = pf_icmp_state_lookup(&key, &pd2, state, m, ++ ++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, + pd->dir, kif, virtual_id, virtual_type, +- icmp_dir, &iidx, PF_ICMP_MULTI_NONE); ++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); + if (ret >= 0) { +- if (ret == PF_DROP && pd->af == AF_INET6 && ++ MPASS(*state == NULL); ++ if (ret == PF_DROP && pd2.af == AF_INET6 && + icmp_dir == PF_OUT) { +- if (*state != NULL) +- PF_STATE_UNLOCK((*state)); +- ret = pf_icmp_state_lookup(&key, pd, +- state, m, pd->dir, kif, ++ ret = pf_icmp_state_lookup(&key, &pd2, ++ state, m, off, pd->dir, kif, + virtual_id, virtual_type, +- icmp_dir, &iidx, multi); +- if (ret >= 0) ++ icmp_dir, &iidx, multi, 1); ++ if (ret >= 0) { ++ MPASS(*state == NULL); + return (ret); ++ } + } else + return (ret); + } +@@ -7171,10 +7232,10 @@ + if (PF_ANEQ(pd2.src, + &nk->addr[pd2.sidx], pd2.af) || + ((virtual_type == htons(ICMP6_ECHO_REQUEST)) && +- nk->port[pd2.sidx] != iih.icmp6_id)) ++ nk->port[pd2.sidx] != iih->icmp6_id)) + pf_change_icmp(pd2.src, + (virtual_type == htons(ICMP6_ECHO_REQUEST)) +- ? &iih.icmp6_id : NULL, ++ ? &iih->icmp6_id : NULL, + daddr, &nk->addr[pd2.sidx], + (virtual_type == htons(ICMP6_ECHO_REQUEST)) + ? nk->port[iidx] : 0, NULL, +@@ -7192,7 +7253,7 @@ + (caddr_t)&pd->hdr.icmp6); + m_copyback(m, ipoff2, sizeof(h2_6), (caddr_t)&h2_6); + m_copyback(m, off2, sizeof(struct icmp6_hdr), +- (caddr_t)&iih); ++ (caddr_t)iih); + } + return (PF_PASS); + break; +--- sys/netpfil/pf/pf_lb.c.orig ++++ sys/netpfil/pf/pf_lb.c +@@ -633,7 +633,7 @@ + return (NULL); + } + +- *skp = pf_state_key_setup(pd, saddr, daddr, sport, dport); ++ *skp = pf_state_key_setup(pd, m, off, saddr, daddr, sport, dport); + if (*skp == NULL) + return (NULL); + *nkp = pf_state_key_clone(*skp); diff --git a/website/static/security/patches/EN-24:16/pf-14.1.patch.asc b/website/static/security/patches/EN-24:16/pf-14.1.patch.asc new file mode 100644 index 000000000000..214b1cb8ca4d --- /dev/null +++ b/website/static/security/patches/EN-24:16/pf-14.1.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQwACgkQbljekB8A +Gu8r/Q//fjwmvxhYt3odCrFRDSv+pO9VNUPhSgIf3aDlTaj4wScX6cnoXmGXG3Tx +YHBGjr1Teu8UlS3lITY1DiW3nni52a2VU0jpkuZ0Tj3uJ+2UWMJ15hUPYzxkeDNl +DND/Cc0iueGhXNgLqDQ5X/EuOB5RovDijvX16S+Ez8Mk5p50bS1fymLEH3w8SaRQ +ZgYFTS1drrd5hdQ+xEFK6nYzxoOt1JeueZB1eE54SUcFRKdUAhgxcx3uYm3eQQM2 +za//619N3g/Ck/oBpR9QdPMXXS2HkD2wI9dNcj/Pvrc5tAnQ0sV82CzpQR9whVsP +qSESpNAMrAZPSbBU79kFRXqwCqRRt2JDkzs63HtAJQGydJLEea3yP8FUBPK+iHKH +rQMq20VXQ5ilQp/chtm7JElAUhYyRm5TYBsVppBX3xgIqb9sv6pDsyYhQVCmb40o +WFXAlSte6jKXcg2ayFaZaNAnbLck5Sf6cEkd+lr56Nd9J1aLkQBLgiK5sk77gMKF +Dhk7+mQl6nRc9Dm2N/ZqqAaGjBpqtr04/ShNxzR4gl9BVruh7WOCjq2b4XllEbQ/ +SBB1jr6T2fY7Q/1ydtJuXNfIyd8ZuXQpCs9YpoNTMc9j33cslykXviuQrnr4jhhL +37WLk+mz0lkhgnV9Av5JJwX5z/5yNTkFTrCjYLS932ONeYIaL8s= +=hUTv +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/SA-24:15/bhyve.patch b/website/static/security/patches/SA-24:15/bhyve.patch new file mode 100644 index 000000000000..31524ad6ec1d --- /dev/null +++ b/website/static/security/patches/SA-24:15/bhyve.patch @@ -0,0 +1,165 @@ +--- usr.sbin/bhyve/pci_xhci.c.orig ++++ usr.sbin/bhyve/pci_xhci.c +@@ -580,7 +580,7 @@ + uint64_t devctx_addr; + struct xhci_dev_ctx *devctx; + +- assert(slot > 0 && slot <= XHCI_MAX_DEVS); ++ assert(slot > 0 && slot <= XHCI_MAX_SLOTS); + assert(XHCI_SLOTDEV_PTR(sc, slot) != NULL); + assert(sc->opregs.dcbaa_p != NULL); + +@@ -853,7 +853,10 @@ + if (sc->portregs == NULL) + goto done; + +- if (slot > XHCI_MAX_SLOTS) { ++ if (slot == 0) { ++ cmderr = XHCI_TRB_ERROR_TRB; ++ goto done; ++ } else if (slot > XHCI_MAX_SLOTS) { + cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON; + goto done; + } +@@ -889,6 +892,14 @@ + + DPRINTF(("pci_xhci reset device slot %u", slot)); + ++ if (slot == 0) { ++ cmderr = XHCI_TRB_ERROR_TRB; ++ goto done; ++ } else if (slot > XHCI_MAX_SLOTS) { ++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON; ++ goto done; ++ } ++ + dev = XHCI_SLOTDEV_PTR(sc, slot); + if (!dev || dev->dev_slotstate == XHCI_ST_DISABLED) + cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON; +@@ -897,6 +908,10 @@ + + dev->hci.hci_address = 0; + dev_ctx = pci_xhci_get_dev_ctx(sc, slot); ++ if (dev_ctx == NULL) { ++ cmderr = XHCI_TRB_ERROR_PARAMETER; ++ goto done; ++ } + + /* slot state */ + dev_ctx->ctx_slot.dwSctx3 = FIELD_REPLACE( +@@ -957,8 +972,20 @@ + goto done; + } + ++ if (slot == 0) { ++ cmderr = XHCI_TRB_ERROR_TRB; ++ goto done; ++ } else if (slot > XHCI_MAX_SLOTS) { ++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON; ++ goto done; ++ } ++ + /* assign address to slot */ + dev_ctx = pci_xhci_get_dev_ctx(sc, slot); ++ if (dev_ctx == NULL) { ++ cmderr = XHCI_TRB_ERROR_PARAMETER; ++ goto done; ++ } + + DPRINTF(("pci_xhci: address device, dev ctx")); + DPRINTF((" slot %08x %08x %08x %08x", +@@ -1019,6 +1046,14 @@ + + DPRINTF(("pci_xhci config_ep slot %u", slot)); + ++ if (slot == 0) { ++ cmderr = XHCI_TRB_ERROR_TRB; ++ goto done; ++ } else if (slot > XHCI_MAX_SLOTS) { ++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON; ++ goto done; ++ } ++ + dev = XHCI_SLOTDEV_PTR(sc, slot); + assert(dev != NULL); + +@@ -1032,6 +1067,10 @@ + + dev->hci.hci_address = 0; + dev_ctx = pci_xhci_get_dev_ctx(sc, slot); ++ if (dev_ctx == NULL) { ++ cmderr = XHCI_TRB_ERROR_PARAMETER; ++ goto done; ++ } + + /* number of contexts */ + dev_ctx->ctx_slot.dwSctx0 = FIELD_REPLACE( +@@ -1138,11 +1177,19 @@ + + cmderr = XHCI_TRB_ERROR_SUCCESS; + +- type = XHCI_TRB_3_TYPE_GET(trb->dwTrb3); ++ if (slot == 0) { ++ cmderr = XHCI_TRB_ERROR_TRB; ++ goto done; ++ } else if (slot > XHCI_MAX_SLOTS) { ++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON; ++ goto done; ++ } + + dev = XHCI_SLOTDEV_PTR(sc, slot); + assert(dev != NULL); + ++ type = XHCI_TRB_3_TYPE_GET(trb->dwTrb3); ++ + if (type == XHCI_TRB_TYPE_STOP_EP && + (trb->dwTrb3 & XHCI_TRB_3_SUSP_EP_BIT) != 0) { + /* XXX suspend endpoint for 10ms */ +@@ -1227,6 +1274,14 @@ + + cmderr = XHCI_TRB_ERROR_SUCCESS; + ++ if (slot == 0) { ++ cmderr = XHCI_TRB_ERROR_TRB; ++ goto done; ++ } else if (slot > XHCI_MAX_SLOTS) { ++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON; ++ goto done; ++ } ++ + dev = XHCI_SLOTDEV_PTR(sc, slot); + assert(dev != NULL); + +@@ -1325,8 +1380,20 @@ + goto done; + } + ++ if (slot == 0) { ++ cmderr = XHCI_TRB_ERROR_TRB; ++ goto done; ++ } else if (slot > XHCI_MAX_SLOTS) { ++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON; ++ goto done; ++ } ++ + /* assign address to slot; in this emulation, slot_id = address */ + dev_ctx = pci_xhci_get_dev_ctx(sc, slot); ++ if (dev_ctx == NULL) { ++ cmderr = XHCI_TRB_ERROR_PARAMETER; ++ goto done; ++ } + + DPRINTF(("pci_xhci: eval ctx, dev ctx")); + DPRINTF((" slot %08x %08x %08x %08x", +@@ -1555,8 +1622,9 @@ + dev = XHCI_SLOTDEV_PTR(sc, slot); + devep = &dev->eps[epid]; + dev_ctx = pci_xhci_get_dev_ctx(sc, slot); +- +- assert(dev_ctx != NULL); ++ if (dev_ctx == NULL) { ++ return XHCI_TRB_ERROR_PARAMETER; ++ } + + ep_ctx = &dev_ctx->ctx_ep[epid]; + diff --git a/website/static/security/patches/SA-24:15/bhyve.patch.asc b/website/static/security/patches/SA-24:15/bhyve.patch.asc new file mode 100644 index 000000000000..ff1990187428 --- /dev/null +++ b/website/static/security/patches/SA-24:15/bhyve.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQ4ACgkQbljekB8A +Gu+qgA/+Igo7p4BoEnxeQyAwvfqe/VEdNPYGIf+/pf5GwL+vqKPERzptSbTX84xM ++PA+FFAPsiHkgFYiQy7+BM5x3p34zyHmS/Lu0NcAVVkupjpCfiLB5Pn86XyMBuFI +I8ZGvtMeTaTwZzI94Tw6eFA8O+2kdpFoNCqVsYR3z7uU/WtdY3OrXjEkweWBTZF8 +2GT3LyBsHTxFP0Pn9+C8f1kwe3foIsGrITuD8fKZdWlZHnyPySuaKvDBoXoG7nbv +TXemVN8AkNXvUZeMLl42GxThpDWSi0M9+bkzqmP3QgrikH0nKLSWmaNXTtW0dxqs +KUmiT3HgQoCf5h5ZnmUgktOoWrjTxevL/ZSRD/a01sZNOQG+rGmY5VhOXB9tewTX +a0v7WI/uN9pszIGbd+w8ErNU+/Eata+8AjwpITFL+JRL3jaL9z+6v4jUuSlNJPLc +8BnPcLCtgzH6A5byaqucxQzKKu2aL3tzskdaOtp8RuwtCWVy+KPO2eRd+4Ri8Lq4 +1voz5m4t/QQTJyyooDZ5ab3LJC7p9N6LqoArE24kZlYzg1RPKww4NLw1gK0BB49l +LBuJkSPu/Vub0tVq+M6b2VJB1Rb720DVF51bpix8MFdAAB2qBdQ32pQj6Yg3xYMM +LEu3XYP//GSMlM0UBUGcRttCjWdLIpNZP+Wmka25Q5DQClOU2XI= +=DugM +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/SA-24:16/libnv.patch b/website/static/security/patches/SA-24:16/libnv.patch new file mode 100644 index 000000000000..4a904b0ce667 --- /dev/null +++ b/website/static/security/patches/SA-24:16/libnv.patch @@ -0,0 +1,11 @@ +--- sys/contrib/libnv/nvlist.c.orig ++++ sys/contrib/libnv/nvlist.c +@@ -1029,7 +1029,7 @@ + nvlist_check_header(struct nvlist_header *nvlhdrp) + { + +- if (nvlhdrp->nvlh_size > SIZE_MAX - sizeof(nvlhdrp)) { ++ if (nvlhdrp->nvlh_size > SIZE_MAX - sizeof(*nvlhdrp)) { + ERRNO_SET(EINVAL); + return (false); + } diff --git a/website/static/security/patches/SA-24:16/libnv.patch.asc b/website/static/security/patches/SA-24:16/libnv.patch.asc new file mode 100644 index 000000000000..ca6086921e91 --- /dev/null +++ b/website/static/security/patches/SA-24:16/libnv.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPRAACgkQbljekB8A +Gu/XPRAAxmzdpoMrIjrxZ7ibST+R9l722PhmUZXwxy8284t024Qp0sjFtsKbpQnd +/C8oMDJddeGOSHe9tHpErUVuWwb0EiFWOtUUUjHn7vRjv9GnSgrUNHHt1MI45bYs +lmserwas+SsR/oZPljEAidN1CqUEMFci9MRpGs5skDs2rt7bCTdlK4CoeVF6Wvvu +QJW3P36V8WXSo4fQbIx2TBrKsRM5urHatteT+fS53ruVJRklj+79OG+R8tpgSiZM +GIFlGUxwotkIfXzlcru4OsfgKZ38722OosDX7u0A/TH7XAyewTsUEzLIoafInPnv +G+umTYV+9hPhnBg555oAFSqMK2iJyistIWQ02LPce8CCy4oqaKk5uKMg4VzsFnzW +WS6JXL7aIhaQ3P9sDYLBjKw/HqqifK3S0LzQ7rl3yWJs0X5cOCzVwPIpqniOkFtR +pXHMeeX/r7V/NUlzWHef6SgXE3VYa3zwY7zbWQKvQ3u96KcqgssxrrK2w57IiMNo +OON0QL6M12qHRuM6BrumqWpS9P2Z2E4d4Rko3ras5ljpA7FRkMSYCLpFo/trhz/h +YVxHvDaoSjHHUa1XhBtJn8yajvFqOijs3qfVD9O92pZXzyaetUziwnb5JG2T4SvL +KX36zSzxIlcZh4ySjuOPEfkS6gkuClijUyLzk2pJN/OwRIc8SCc= +=5ulb +-----END PGP SIGNATURE-----