| Age | Commit message (Collapse) | Author |
|---|
|
This gives a more intuitive log-entry for filter stderr output and gets rid
of the last_dynproc_id.
"nice" gilles@
|
|
|
|
Just like avoiding reverse lookups when printing entries or not resolving
hostnames when deleting entries, make -n effect setting entries as well;
just like pfctl(8)'s -N from which the manual wording was copied verbatim.
OK deraadt
|
|
fix an issue where CNAME records generate bogus results.
ok gilles@
|
|
|
|
triggered by a very different patch from Rashad Kanavath;
OK florian@
|
|
-delete is part of POSIX since 2001 and tedu added support for it in 2012,
-print0 however never made it into any standard, so replace this less
portable idiom with its more concise built-in counterpart.
Both -print0 as well as xargs(1) -0 explain and reference each other and
CAVEATS goes into detail with problematic file names, so no information
is lost by replacing this particular example.
While here, make the -exec example rm(1) multiple files at once.
Feedback from claudio tb
Input and OK millert
|
|
|
|
|
|
Adjust expected values in test.
reminded by Moritz Buhl
|
|
|
|
Fix a wrong output when using 'vmctl stop' without any further arguments.
Patch from Caspar Schutijser, thanks!
ok deraadt
|
|
replace it with a valid_domainname() check that implements something closer
to RFC 5321, but still usable in real-life.
ok gilles@ millert@
|
|
|
|
|
|
|
|
add Intel WHL-U Host ids
|
|
version_to_spc() to map the formerly reserved value 0x07 in the
INQUIRY version field to 5 (a.k.a. SPC-5), instead of 0 (a.k.a. device
does not claim support for any SPC version).
Tweak comment for 0x03 mapping to note it means compliance to SPC, not
SPC-3. Tweak comment for 0x06 mappoing to specify the ANSI INCITS
513-2005 that documents SPC-4.
|
|
to regress as it was done in ssh make file.
from Moritz Buhl
|
|
that the test programs link with the rpki-client object files again.
from Moritz Buhl
|
|
okay millert@
|
|
"Looks good" deraadt millert
|
|
ok patrick@, jsg@
|
|
|
|
|
|
auich_alloc_cdata() fails; ok ratchov@
|
|
|
|
|
|
The DST and TIMEZONE options(4) are incompatible with KARL, so we need
some other way to compensate for an RTC running with a known offset.
Enter kern.utc_offset, an offset in minutes East of UTC. TIMEZONE has
always been minutes West, but this is inconsistent with how everyone
else talks about timezones, hence the flip.
TIMEZONE has the advantage of being compiled into the binary. Our new
sysctl(2) has no such luck, so it needs to be set as early as possible
in boot, from sysctl.conf(5), so we can correct the kernel clock from
the RTC's local time to UTC before daemons like ntpd(8) and cron(8)
start. To encourage this, kern.utc_offset is made immutable after the
securelevel(7) is raised to 1.
Prompted by yasuoka@. Discussed with deraadt@, kettenis@, yasuoka@.
Additional testing by yasuoka@.
ok deraadt@, yasuoka@
|
|
ok espie@
|
|
The previous mechanism used a single timeout for the entire upgrade which
was kept when introducing the per-set watchdog.
Half an hour now seems more sensible to safely catch the biggest sets on
slow hardware, so avoid needlessly stalling (failed) upgrades for too long.
OK sthen deraadt
|
|
If a CPU updates a pmap concurrently with the activation of that pmap
on another CPU, invalidation of TLB entries might be incomplete.
It is also possible that a CPU altogether stops updating its TLB.
Prevent the race by synchronizing pmap activations and logic that
determines where to send TLB invalidation IPIs.
To avoid mutex wait without ability to process IPIs, the context switch
code is adjusted to call pmap_activate() with interrupts enabled.
In practice, interrupts up to IPL_SCHED are still disabled on context
switch.
|
|
for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link
local addresses derived from ethernet MAC addresses (RFC 2464). This
leads to hard to debug IPv6 connectivity problems and is probably not
worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking
These are still possible with RFC 7217 addresses for an adversary
connected to the same layer 2 network (think conference wifi). Since
the link local prefix stays the same (fe80::/64) the link local
addresses do not change between different networks.
An adversary on the same layer 2 network can probably track ethernet
MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
These now become possible, however, as noted above a layer 2 adversary
was probably able to do this via different means.
People concerned with these weaknesses are advised to use
ifconfig lladdr random.
OK benno
input & OK kn
|
|
|
|
aperture is needed. Skip SI/CIK ids as we don't build amdgpu with
SI/CIK support (radeondrm covers these) and skip VEGA20 ids we
don't match on as they are flagged AMD_EXP_HW_SUPPORT.
|
|
|
|
in reality the depth was always -1 which made the compare function
a No-Op. Properly check the device path depth value and look for
the Messaging type instead to find the correct NIC. This check
never worked before and was uncovered by the last change.
Regression noticed by bluhm@
|
|
that will end up in config_detach() flags via scsi_detach_target().
ok jmatthew@ dlg@
|
|
ok deraadt@
|
|
some of the comments for sections that will never ever be used here.
|
|
as arguments rpki-client will now load the TAL installed in /etc/rpki by
default. For debug reasons an option -t tal is added to pass in TAL files
by hand. The argument is now instead the filename of the output file.
Now `rpki-client roa.conf` will do what you need which is a lot nicer.
Agreed by deraadt@ job@ to be a step in the right direction.
|
|
pretended to care. So just make in a void, and explicitly return 0 in
the appropriate case in scsi_probe().
|
|
as in OpenSSL 1.1.1. I rewrote most of the text for clarity, precision,
and conciseness and added some additional information. A few sentences
from Paul Yang remain.
|
|
- Add static_ASN1_* macro. Patch was provided by steils AT gentoo.org
|
|
- history trim
- sundry
diff from evan silberman;
tweaked/ok by schwarze and deraadt
|
|
lead to one repo closing handles from the other to avoid DoS, as exemplified
by stable-packages.
okay sthen@
|
|
|
|
|
|
|
|
|
