release: 1.0.22

doc: update NEWS for the latest commit

This could be used to expose 4 bytes of memory if the LLDP packet uses
the full MTU of the interface and is malformed.

Fix heap OOB read in VLAN decapsulation memmove

In lldpd_decode(), the VLAN decapsulation memmove shifts frame data
4 bytes left starting at offset 2*ETHER_ADDR_LEN.  The source pointer
is correctly offset by +4, but the length argument uses the full
remaining frame length (s - 2*ETHER_ADDR_LEN) instead of accounting
for the 4-byte shift (s - 2*ETHER_ADDR_LEN - 4).

When the received frame fills the hardware MTU allocation exactly,
the memmove reads 4 bytes past the end of the heap buffer.

doc: update NEWS with most notable changes

None of them seems security sensitive, with the exception of the LLDP
parsing, which is unprivileged and does not look like exploitable.

daemon/lldpd: return NULL from lldpd_get_os_release on empty result

If `/etc/os-release` exists but has no PRETTY_NAME entry, the static
release buffer is left empty and the function returned a pointer to an
empty string. The caller then reads `lsb_release[strlen(...) - 1]`, i.e.
`lsb_release[-1]`. Match `lldpd_get_lsb_release()`'s contract by
returning NULL when there is no result, so the fallback path runs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/edp: dedup management addresses against the destination list

When merging VLAN-only EDP frames into an existing port, the dedup
loop searched chassis->c_mgmt — the source we were draining — instead
of oport->p_chassis->c_mgmt where the entries were about to be
inserted. The check could therefore never fire and duplicates
accumulated on the destination chassis. Free duplicates that the
destination already has.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/interfaces-bsd: cap NetBSD aggregate port count

The buffer is sized for 24 agrportinfo entries. Clamp it explicitly.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/interfaces-bsd: free req in ifbsd_check_bridge

The function allocated req via `realloc()` and never freed it, leaking
on every interface refresh. Add a goto end pattern so all exit paths
release it.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/priv-bsd: fix typos in asroot_iface_description_os

`socket()` returns -1 on error, not 1. The previous check treated fd 1
(stdout): as the failure case and any actual socket creation failure as
success, leading to ioctl(-1, ...) afterwards.

Also fix the FreeBSD-only line that referenced an undeclared 'ift'
instead of the local 'ifr', which would have failed to compile on
FreeBSD when IFDESCRSIZE is defined (but does it happen since we never
caught this before?).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

marshal: use ssize_t for size accumulators in unserialize

total_len and size were int. Comparisons against len (size_t) relied on
implicit signed/unsigned promotion to reject negative values, which
worked only because the resulting size_t was huge. Use ssize_t so the
sign is explicit, cast to size_t when comparing against len, and reject
a negative osize for fixed strings outright instead of letting calloc
fail later.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/seccomp: use only async-signal-safe calls in SIGSYS handler

`log_warnx()` and `fatalx()` use stdio/syslog and are not async-signal-
safe; if the handler interrupts the main thread mid-log, the resulting
deadlock would mask the real seccomp violation. Replace with direct
`write(2)` of a fixed prefix and the looked-up syscall name.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

log: do not re-feed caller fmt as a format string to stderr

vlog() built a new format string with the original fmt embedded as a
%s argument and then passed the composite to vfprintf(). Any %
specifier in fmt would be interpreted twice, which is fine for the
literal format strings used today but a footgun for any future caller
that lets fmt come from untrusted input.

Format the caller's message once via vasprintf() and substitute the
resulting plain string into the prefix.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/event: avoid double-free of client on send failure

levent_ctl_send() used to free the client on write failure. When
called via levent_ctl_send_cb() from client_handle_client() inside
levent_ctl_recv(), the recv side then jumped to recv_error and freed
the same client a second time.

Stop freeing inside levent_ctl_send() and make the caller responsible
(levent_ctl_notify() now frees on -1; the recv path already does).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

ctl: tighten umask around bind() for the control socket

Between bind() and the chown()/chmod() done by the caller, the unix
socket inode existed with whatever 0777 & ~current_umask produced,
typically 0755 — non-root users could connect during that window.
Set umask(S_IRWXO) for the duration of bind() so 'other' bits are
masked. Only apply when ENABLE_PRIVSEP is set since the chown/chmod
follow-up is itself privsep-only.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/priv-linux: reject embedded NUL in authorized path

The path comes from the unprivileged process and must_read() doesn't
care about NUL bytes inside the buffer. An embedded NUL would let the
regex check see a truncated path while open() saw the full one.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/priv: mark monitored as volatile sig_atomic_t

It is read by `sig_pass_to_chld()` and `sig_chld()` from signal context,
and written from the main thread (after fork). Plain int is not
guaranteed to be safe across this boundary.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

client/lldpcli: guard argc>0 before indexing argv

When the input is comment-only (e.g. "# foo"), tokenize_line() returns
zero tokens; `argv[argc - 1]` then reads `argv[-1]`. Guard the access.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

client/tokenizer: heap-allocate the work buffer

Replace the variable-length array sized by 2 * strlen(line) + 3 with a
calloc()/free() pair. Long input lines (e.g. read from a config file)
could otherwise grow the stack without bound.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/privsep_fd: bail out on failure or short read

daemon/dmi-osx: handle CFStringGetCStringPtr returning NULL

`CFStringGetCStringPtr` can return NULL if Core Foundation does not have
an internal C-string representation available; `strdup(NULL)` is
undefined. Fall back to CFStringGetCString into a heap buffer.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/agent: guard against NULL/empty net-snmp log message

`strdup(NULL)` is undefined and `msg[strlen(msg) - 1]` reads `msg[-1]`
when the message is empty. Bail out on NULL and skip the
trailing-newline strip when the message is empty.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

lldpd-structs: bound custom TLV oui_info length

oui_info_len is an int from a marshaled client message. Without a
sanity check, a negative or huge value drove malloc()/memcpy().

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/client: bound MED location data length

A client could submit `set->med_location` with `data_len` negative or
absurdly large; the subsequent `malloc()`/`memcpy` in the daemon would
either request huge sizes or rely on malloc failure to recover. Reject
obviously invalid lengths at the boundary.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

client/json: escape object keys

Object keys were emitted via `fprintf("\"%s\": ", ...)` without
escaping. `json_element_cleanup()` can promote a child element's name
string into the parent's key, so a neighbor-controlled string containing
a quote or backslash could inject into a key.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

client/json: escape control character 0x1F

The off-by-one in the boundary check let byte 0x1F (US) be emitted
literally inside JSON strings, which is invalid per RFC 8259.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/priv: fix ctlname parameter shadowing file-scope global

The local parameter shadowed the static ctlname, so `strdup()` was
assigned to the parameter and the global stayed NULL. As a result,
`asroot_ctl_cleanup()` never cleaned up the registered control socket.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/seccomp: fix out-of-bounds index of syscall_names

The bound used `sizeof(syscall_names)` (byte size of the pointer array)
instead of the entry count, allowing the SIGSYS handler to read up to
`sizeof(char*)-1` entries past the end of the table when an unexpected
syscall number was trapped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

daemon/lldp: reject zero-length management address

A neighbor sending a Management Address TLV with addr_str_length == 0
caused `addr_length` to underflow and `addr_str_buffer[0]` (the address
family byte) to be read uninitialized.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

build: update docker actions

Replace #780, #781, #782, #783, #784.

build: bump cross-platform-actions/action to v1.0.0

build: downgrade FreeBSD to 14.3

The crossplatform action is not ready for 14.4 yet.

build: test on FreeBSD 15.0

And remove FreeBSD 13.5 (EOL).

daemon/cdp: fix another logic error when parsing FDP packets

daemon/cdp: fix FDP MAC address

FDP never worked?

build: bump pytest from 7.2.0 to 9.0.3 in /tests/integration

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.2.0 to 9.0.3.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.2.0...9.0.3)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

liblldpctl: Fix const correctness of the receive callback

build: use a multi-stage build for Dockerfile

This should help when compiling for other architectures through QEMU as
the autogen.sh part is platform-independent.

build: untabify Dockerfile

release: 1.0.21

doc: be clearer about how to install on macOS

None of the above methods (notably the Docker one) would work.

build: add a few more Docker platforms

And make it more readable.

Fix #456.

build: fix hardcoded ghcr.io path

Related to #456

daemon/priv: factor out check of authorized paths

doc: fix libtool invocation

daemon: do not fallback to ioctl for wireless

Even very old kernels support this wireless directory.

daemon: use /sys/class/net/.../wireless to check wireless interface

IFLA_INFO_KIND never is "wireless" as wireless interfaces do not
implement `rtnl_link_ops`.

Fix #738

daemon: only keep one privileged op to remove both socket and lock

daemon: fix arbitrary file deletion in the privileged process

The `asroot_ctl_cleanup()` handler reads an arbitrary path from the
unprivileged process and deletes it. Instead, introduce
`asroot_ctl_cleanup_lock()` to only clean the lock and
`asroot_ctl_cleanup()` cleans the socket.

Fix #772

client: fix compilation warning about unterminated strings

With GCC 15, we get:

```
../../../src/client/json_writer.c: In function ‘json_element_dump’:
../../../src/client/json_writer.c:160:43: warning: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (3 chars into 2 available) [-Wunterminated-string-initialization]
  160 |         static const char pairs[2][2] = { "{}", "[]" };
      |                                           ^~~~
../../../src/client/json_writer.c:160:49: warning: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (3 chars into 2 available) [-Wunterminated-string-initialization]
  160 |         static const char pairs[2][2] = { "{}", "[]" };
      |                                                 ^~~~
```

This is a false positive as they are not used as strings, but let's
accomodate the compiler by using enough space for the NUL terminator.

doc: add NEWS entry for latest commit

interfaces: use ethtool link mode bits for accurate MAU type selection (#771)

* interfaces: use ethtool link mode bits for accurate MAU type selection

For speeds >= 10G, consult the ethtool supported link mode bitmask
to determine the correct MAU type instead of relying solely on
speed + port type. This fixes incorrect MAU type announcements
(e.g., 100G-SR4 transceivers being reported as 100G-LR4).

Fall back to the existing port-type approximation when no link mode
bit matches (e.g., legacy kernels without GLINKSETTINGS).

Add missing ethtool link mode bit definitions (bits 52-89) and speed
defines for 200G/400G to the local ethtool header.

Fixes: #477
* interfaces: move mau variable to function scope

Address review feedback: declare mau at the top of iflinux_macphy()
instead of inside each case block.

* interfaces: simplify mau assignment with combined if-assign pattern

daemon: fix path traversal vulnerability in asroot_iface_description_os()

`asroot_iface_description_os()` a sysfs path from an interface name
received from the unprivileged process. The validation only rejects `\0`
or `.` in first position. Add `/` to the list of rejected characters to
avoid path traversal.

Fix #773

daemon: fix path traversal vulnerability in asroot_open()

asroot_open() in src/daemon/priv-linux.c validates file paths against a
list of regex patterns using regexec(). The patterns are not anchored
with ^ or $, so regexec() performs substring matching. A path containing
an authorized pattern as a substring — with additional ../ traversal
components — passes validation but resolves to a different file when
passed to open().

For example, the pattern `/proc/net/bonding/[^.][^/]*` matches both:

- `/proc/net/bonding/bond0` (intended)
- `/proc/net/bonding/bond0/../../self/environ` (traversal — if bond0 is a directory)

Use anchors in the regex. Also, refuse any path containing `/..`, as it
is not possible to express with POSIX basic regular expression.

Fix #774.

build: bump actions/upload-artifact from 6 to 7

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build: bump actions/download-artifact from 7 to 8

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

docs: add NEWS entry for latest PR

Merge pull request #763 from thbtcllt/dev

Add lldp configuration option to send mac address for port id and interface alias for port description

test: add test for the new portdescription-source option

test result:
- 148 passed
- 7 skipped
- 0 failed

doc: add description of new portdescription-source option

interface: add alias on neighbors display

With previous commit it is possible to configure (PortID / Port Descr) to
provide the macaddress and the interface alias.
To help to retrieve the information the command 'lldpcli show neighbors'
provides the alias of the interface if present.

config: add portdescription-source option

This new option allows to control the port description source
(alias vs ifname) when the portidsubtype is macaddress.

Usage:
  lldpcli configure lldp portidsubtype macaddress
  lldpcli configure lldp portdescription-source alias

Result: PortID = MAC address, PortDescr = interface alias

fix: Swallow exceptions caused by user callbacks

Otherwise, the process will crash.

update: Remove ctx pointers from C++ wrapper change callbacks

Instead, use lambdas if private contexts are required. They are way more C++-idiomatic.

osx: sync HomeBrew formula

osx: update HomeBrew formula

fix: Avoid potential deadlock

Don't keep a mutex lock while running the user callbacks to avoid potential deadlocks caused by callbacks that the user code requires.

build: bump actions/upload-artifact from 5 to 6

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build: bump cross-platform-actions/action from 0.30.0 to 0.32.0

Bumps [cross-platform-actions/action](https://github.com/cross-platform-actions/action) from 0.30.0 to 0.32.0.
- [Release notes](https://github.com/cross-platform-actions/action/releases)
- [Changelog](https://github.com/cross-platform-actions/action/blob/master/changelog.md)
- [Commits](https://github.com/cross-platform-actions/action/compare/v0.30.0...v0.32.0)

---
updated-dependencies:
- dependency-name: cross-platform-actions/action
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

build: bump actions/download-artifact from 6 to 7

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

daemon/protocols: fix typo in CDP_SWITCH_DEFAULT_POE_PD.

build: update automake/autoconf for OpenBSD

build: test more BSD versions

build: bump actions/checkout from 5 to 6

Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build: bump cross-platform-actions/action from 0.29.0 to 0.30.0

Bumps [cross-platform-actions/action](https://github.com/cross-platform-actions/action) from 0.29.0 to 0.30.0.
- [Release notes](https://github.com/cross-platform-actions/action/releases)
- [Changelog](https://github.com/cross-platform-actions/action/blob/master/changelog.md)
- [Commits](https://github.com/cross-platform-actions/action/compare/v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: cross-platform-actions/action
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

build: bump actions/upload-artifact from 4 to 5

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build: bump actions/download-artifact from 5 to 6

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

daemon/lldpd: handle empty case for PRETTY_NAME

Again, fix #751.

daemon/lldpd: fix off-by-one issue when PRETTY_NAME is empty

lldpd: fix leak in levent_snmp_read by cleaning up netsnmp_large_fd_set

daemon/lldpd: handle case where PRETTY_NAME is empty

Fix #751

Add missing compat.h header under src/client/

Under certain conditions, build would fail due to a missing reference to
\#include "../compat/compat.h" in text_writer.c, kv_writer.c and
xml_writer.c.

example:
---------------
lldpd-1.0.20/src/client/text_writer.c:157:9: fatal error: call to undeclared function 'rpl_malloc'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
        priv = malloc(sizeof(*priv));
               ^
../../config.h:316:16: note: expanded from macro 'malloc'
\#define malloc rpl_malloc
               ^
1 error generated.
make[2]: *** [lldpcli-text_writer.o] Error 1
make[1]: *** [install-recursive] Error 1
make: *** [stamp-x86_64] Error 2
---------------
lldpd-1.0.20/src/client/kv_writer.c:41:19: fatal error: call to undeclared function 'rpl_malloc'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
        if ((newprefix = malloc(s + 1)) == NULL) fatal(NULL, NULL);
                         ^
../../config.h:316:16: note: expanded from macro 'malloc'
\#define malloc rpl_malloc
               ^
1 error generated.
make[2]: *** [lldpcli-kv_writer.o] Error 1
make[1]: *** [install-recursive] Error 1
make: *** [stamp-x86_64] Error 2
---------------
lldpd-1.0.20/src/client/xml_writer.c:139:9: fatal error: call to undeclared function 'rpl_malloc'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
        priv = malloc(sizeof(*priv));
               ^
../../config.h:316:16: note: expanded from macro 'malloc'
\#define malloc rpl_malloc
               ^
1 error generated.
make[2]: *** [lldpcli-xml_writer.o] Error 1
make[1]: *** [install-recursive] Error 1
make: *** [stamp-x86_64] Error 2

release: 1.0.20

build: bump actions/download-artifact from 4 to 5

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build: bump actions/checkout from 4 to 5

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

daemon/interfaces: fix management address selection when negative

When we had a negative IP address, and nothing positive, the address was
still selected as it didn't match an interface. When all negative, we
should only select an address if both IP and interface are allowed.

This mechanism is becoming a bit complex.

docs: add a NEWS entry for the previous change

add support for vlan-advertisements configuration (#740)

* add support for vlan-advertisements configuration

adding new configurations configure [ports ethx [,..]] lldp vlan-advertisements pattern and
unconfigure [ports ethx,[,...]] lldp vlan-advertisements pattern.
The commands enable control of which vlans are advertised

* Code review changes

Updated manual page.
Added add an example of invocation in tests/lldpcli.conf.
Added tests to tests/integration/test_dot1.py.
Vlan formatting fixes.

* more CR fixes

* Fix memory leak

fixing port->p_vlan_advertise_pattern memory leak

client: keep "configure med fast-start" working

People should now use "configure lldp fast-start", but we keep the
previous configuration working as well.

Add an entry in NEWS.

Fix #680 (well, previous commit did)

fix: Some cleanup in moving fast-start into LLDP core

fix: Move tx-fast config from MED to LLDP section

fix: Always TX fast start complient to IEEE802.1as-2009

daemon/interfaces: fix double-free when unable to initialize interface

When an interface is converted from one type to another and cannot be
initialized, we free it twice: once on the error and again when removing
unused interfaces.

Remove the first occurrence and ensure we get in a state where the
interface can be both cleaned up or reinstantiated in a later round.

autoconf: Use m4sh syntax where appropriate

This fixes an issue where when using the options

  --without-embedded-libevent --without-libbsd

configure errors out with missing libevent:

  checking for libevent >= 2.0.5... no
  configure: error: *** libevent not found

but succeeds to find libevent when using

  --without-embedded-libevent --with-libbsd

configure options instead.
See also: https://autotools.info/autoconf/m4sh.html

build: bump cross-platform-actions/action from 0.28.0 to 0.29.0

Bumps [cross-platform-actions/action](https://github.com/cross-platform-actions/action) from 0.28.0 to 0.29.0.
- [Release notes](https://github.com/cross-platform-actions/action/releases)
- [Changelog](https://github.com/cross-platform-actions/action/blob/master/changelog.md)
- [Commits](https://github.com/cross-platform-actions/action/compare/v0.28.0...v0.29.0)

---
updated-dependencies:
- dependency-name: cross-platform-actions/action
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #742 from rbu9fe/fix/error-category

fix: Error category handling

fix: Add missing include

fix: Add missing is_error_code_enum specialization

Directly pass error code to std::system_error.

fix: Error category handling

A std::error_code stores the error category only by reference, hence, we must use an object in static storage.
Add lldpcli::make_error_code for convenience similar to std::make_error_code.

build: bump cross-platform-actions/action from 0.27.0 to 0.28.0

Bumps [cross-platform-actions/action](https://github.com/cross-platform-actions/action) from 0.27.0 to 0.28.0.
- [Release notes](https://github.com/cross-platform-actions/action/releases)
- [Changelog](https://github.com/cross-platform-actions/action/blob/master/changelog.md)
- [Commits](https://github.com/cross-platform-actions/action/compare/v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: cross-platform-actions/action
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

lib/cpp: Fix memory leaks in LldpCtl

LldpCtl::GetInterfaces() and LldpAtom::GetAtomList() did not decrement ref for retrieved atoms
Ensure parent atom outlives its children atoms