| Age | Commit message (Collapse) | Author |
|---|
|
via bz#2687.
|
|
USBD_INVAL.
ok mpi@
|
|
in free_all_jacks().
ok stsp@ ratchov@
|
|
multiplexing state, not just new sessions.
mention that confirmation is checked via ssh-askpass
|
|
ok kettenis@
|
|
doing tokenizing on spaces and correctly ignore comments.
This should make this feature in general more robust.
OK benno@
|
|
All of our algorithm_mac == SSL_AEAD cipher suites use EVP_AEAD, so we can
condition on that rather than having a separate redundant flag.
ok tb@
|
|
|
|
the device is gone and give back the descriptor to the stack.
Without this usbd_abort_pipe() could end up in an infinite loop.
Issue reported by Tom Murphy.
|
|
regression test.
- make bgpd-example just check the config file we ship,
to make sure the config is not broken
- make bgpd-printconf checks a config file, writes the parsed output to a file
and checks if that file is parsable config, i.e. this check makes sure that
the config printer produces parsable configuration.
This way we still have to update the regression tests when the syntax
changes, and we fail if the commited example is bad, but we do not fail
just because someone forgot to update a file here.
ok claudio
|
|
This has been unused for years.
While here, zap the duplicate function signature from pfctl.h (already
present in pfctl_parser.h); spotted by sashan, thanks.
OK sashan
|
|
Instead of masking the host address in two different ways, just fill it
no matter the address family. In case of AF_INET, setting the extra 96 bit
does not hurt.
While here, stop resetting `af' for no reason and move up the variable
declaration.
OK benno sashan
|
|
from Nan Xiao; OK tb@
|
|
|
|
tested in snaps
ok kettenis@
|
|
and attach_all_mididevs(). this ensures unbind_all_jacks() and
usbd_deactivate() happen for both cases.
ok ratchov@
|
|
|
|
Instead of doing the same dance with every caller, check for user provided
mask or address familiy specific maximum inside the function itself.
Feedback and OK claudio
|
|
|
|
Simplify the RDE logic this way and make it possible to load such ranges
into a much faster lookup trie for prefix-sets.
When printing the config bgpd tries to use the nices way to express the rule:
e.g. match from any prefix 18.0.0.0/8 prefixlen 8 - 32
becomes match from any prefix 18.0.0.0/8 or-longer
Apart from that there is no user visible change because of this.
OK sthen@
|
|
EVP_MD_CTX_create -> EVP_MD_CTX_new
EVP_MD_CTX_destroy -> EVP_MD_CTX_free
This should make the intent more obvious and reduce head scratching during
code reviews.
Raised by tb@
|
|
When a renegotiation results in a change of cipher suite, the renegotation
would fail if it switched from AEAD to non-AEAD or vice versa. This is due
to the fact that the previous EVP_AEAD or EVP_CIPHER state remained,
resulting in incorrect logic that caused MAC failures.
Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it
into separate read/write components, then call these functions from the
appropriate places when a ChangeCipherSpec message is being processed.
Also, remove the separate ssl_clear_hash_ctx() calls and fold these into
the ssl_clear_cipher_{read,write}_state() functions.
Issue reported by Bernard Spil, who also tested this diff.
ok tb@
|
|
|
|
Prevent triggering an assert if two drivers try to submit a command
at the same time.
Issue reported by Tom Murphy.
|
|
OpenBSD coding practices (fork+exec/privsep/pledge/...). It is only
intended to replace the lpd(8) daemon for the moment, not the lpr(1),
lprm(1), lpq(1) and lpc(8) commands.
This is a work in progress. The server part should be fairly functionnal,
but the printer part is not complete: remote printers should work, for
local printers it depends on the setup. Anyway, at this point it's better
in the tree than rotting on my disk.
ok deraadt@
|
|
ok gilles@
|
|
OK phessler@
|
|
of doing the condition before calling aspath_match() just pass the neighbor-as
down to as_compare() which then has all needed data for the lookup. While
doing this also remove one of the as fields in struct filter_as since the
min/max fields can be reused for unary operations.
OK denis@ phessler@
|
|
|
|
ok solene
|
|
ok eric@
|
|
This brings it in line with host() and host_dns().
OK sashan miko
|
|
it is currently terminal and then do the length check. If that one triggers
do a treat-as-withdraw but at the same time drop the bad attribute since it
is better to not have invalid attributes in the Adj-RIB-In since most code
does not expect that.
OK benno@
|
|
|
|
|
|
|
|
ok mlarkin@
|
|
(there are no known attacks, this is just inexpensive prudence)
feedback and ok tb@ jsing@
|
|
|
|
pf(4) reassembly is complete. Instead count the holes that are
created when inserting a fragment. If there are no holes left, the
fragments are continuous.
idea from claudio@; OK claudio@ sashan@
|
|
ok gilles@
|
|
are recorded.
Be more specific and list those readmes in alphabetic order at end.
|
|
|
|
with the other MTA which assume a permfail unless the exit status is one
of a specific set. make smtpd honour the same exit statuses as postfix.
note that all errors that occur before the user mda is executed (fork, pipe
and related) are still considered tempfail, only errors coming from the mda
itself are handled as permfail.
this commit is a temporary solution as i believe the SIGCHLD handler is way
more complex than it should be and we'll simplify it after 6.4 is out.
ok eric@
|
|
From Artturi Alm.
|
|
can be used instead of doing direct fiddling around with struct in_addr.
Use it in a few cases where it makes the code more similar between INET
and INET6 case.
OK denis@
|
|
|
|
|
|
Instead of truncating nanosecond timeouts to zero here and polling, we
should round up to a delay of at least a tick, just like all the other
timespec syscalls.
Fixed in NetBSD kern_event.c v1.62 and FreeBSD r247804.
ok millert@ visa@
|
|
not exist anymore.
ok jca@ daniel@
|
