| Age | Commit message (Collapse) | Author |
|---|
|
we already do on arm64. Prevents using the framebuffer on the cubox-i as
regular memory for example.
|
|
method to let the ACPI implementation know what features we support.
|
|
otherwise if omitted we need to unveil(2) both _PATH_UNIX and _PATH_KSYMS with
same permissions.
Unconditionally we need to also unveil(2) dbdir, which by default is
_PATH_VARDB but can be changed via args (-o directory), with read/write/create
permissions. There are a couple of temp files that will be created but it's
inside dbdir so there's no need to unveil(2) them individually.
Since we already call pledge(2) before, twice, we need to add "unveil" promise
to both of them, and finally call pledge(2) once again with the needed promises
except "unveil".
OK millert@
|
|
with pledge(2), but since we know exactly what it is then we can go further and
also unveil(2) it with read permissions.
OK millert@ deraadt@
|
|
OK deraadt@
|
|
OK deraadt@
|
|
|
|
LOADADDR(.text) is only available after the description of the text
section. Instead simply use ENTRY(start) like we do on amd64. The
bootloader strips the high bits from the entry point address already,
so using the virtual address as the entry point address works.
with/ok kettenis@
|
|
by making all handlers consistent.
ok bluhm@, visa@
|
|
|
|
netbsd, with help from martijn@ and millert@.
|
|
ok kettenis@
|
|
The disk path wasn't updated so vmd tried to open the derived disk
image for each base over and over again.
OK ori@ mlarkin@
|
|
OK phessler@
|
|
handy if you type the path wrong or don't have permission...
ok deraadt@
|
|
rib_valid() check. The list of ribs can have holes.
OK benno@
|
|
and re-exec's itself. That locks the pledge 'exec' nicely.
|
|
|
|
From Andrew Daugherity
|
|
|
|
|
|
at start of doc
|
|
implement. Knock out the I915_PARAM_MMAP_VERSION parameter that advertises
this flag until we actually implement it.
Fixes GPU hangs on GM45 chipset graphics.
ok deraadt@
|
|
marking them const will keep a source change from silently moving them
back to .data
ok deraadt@ kettenis@
|
|
sizeof calculation that did not respect possible padding bytes.
OK sthen@ denis@
|
|
If a connection that is being accepted gets aborted early, or if the
user-supplied buffer is invalid, doaccept() leaks a socket. This is
a regression caused by r1.153 of uipc_syscalls.c.
Correct the issue by associating the socket with the file early enough.
In case soaccept() or copyaddrout() fails, the socket will be freed
as a result of the file closing. This logic was used by the pre-r1.153
code.
closef() may block, so it is hoisted outside the fdp lock.
OK bluhm@ mpi@
|
|
options for the terminal default colour, bypassing any inheritance from
other options. Prompted by a discussion with abieber@.
|
|
|
|
enhance PORTS_PRIVSEP documentation
ok espie@
|
|
greywatcher()) we know that the only files that it will ever access are
PATH_SPAMD_DB in rw mode, alloweddomains_file in r and that it will need to
execute PATH_PFCTL so we can unveil(2) them with those permissions.
OK deraadt@ millert@ beck@
|
|
PATH_SPAMD_DB, so unveil(2) it with O_RDWR permissions.
OK millert@ beck@
|
|
permissions:
_PATH_MASTERPASSWD_LOCK - write/create permissions
_PATH_MASTERPASSWD - read permission
_PATH_BSHELL - execute permission (required since we might need to spawn an
external passwordcheck program if defined in /etc/login.conf)
_PATH_PWD_MKDB - execute permission
OK millert@ deraadt@
|
|
for HTML output. Somewhat relevant because pod2man(1) relies on this.
Missing feature reported by Pali dot Rohar at gmail dot com.
Note that constant width font was already correctly selected before
this when required by semantic markup. Only attempting physical
markup with the low-level escape sequence was ineffective.
|
|
the timeout gets configured instead of gre_up().
this avoids complex gre_ioctl() ordering rules and
enables the sc_ka_hold timeout before the first packet
is received.
from markus@
|
|
is referenced from code being linked.
ok deraadt@, naddy@, guenther@
|
|
|
|
|
|
ok eric@
|
|
|
|
and changes to struct visibility/sizes (libssl).
|
|
Only stdio is needed when running the 'show *' commands. Everything else is
only needed while parsing args and opening sockets.
OK claudio@ deraadt@ phessler@
|
|
In January 2017, we changed large amounts of libssl's data structures to
be non-visible/internal, however intentionally left things that the
software ecosystem was needing to use. The four or so applications that
reached into libssl for record layer related state now implement
alternative code. As such, make these data structures internal.
ok tb@
|
|
|
|
libcrypto (the "new" stuff replaced this back around 2000 or so...).
ok tb@
|
|
{CMS,KRB5,SRP} were removed.
|
|
access it. ok deraadt@ kettenis@
|
|
OK sthen@
|
|
Update usage message and add missing "neighbor" argument.
OK benno@
|
|
walked. rib_dump_r() is now an internal function and instead the code gets
an additional callback for throttling the rib_dump code. This removes a
lot of similar code used to make sure the RDE is not walking to fast and
replaces it with simpler callbacks. The other big change is the removal
of struct rib pointers in other data structures. The rib pointers are not
stable because of a realloc() call happening when extending the array so
instead use the RIB ID as a reference.
Tested and OK denis@ and benno@
|
|
Adj-RIB-Out prints the right (modified) nexthop. Found by Marko Cupac.
OK benno@
|
