| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fix some whitespace and memset() parameters in passing.
No intentional functional change.
|
|
build for regress and need that function now.
|
|
|
|
No functional change.
|
|
runs without kernel lock, use IPL_MPFLOOR protection for its pools.
OK mvs@ claudio@
|
|
Make this work concurrently by allocating and freeing the EVP_ENCODE_CTX
for every call to base64_decode(). This is not a hot path so the impact
is negligible.
OK tb@
|
|
ok claudio
|
|
an index to the gp[] array by calling said parameter 'pn' and making it
const unsigned int.
No functional change.
|
|
No functional change.
|
|
gh.gh_part_num does not need a letoh32().
No functional change.
|
|
The handshake state machine does not handle key updates since that's a
post-handshake handshake message. This is code under #ifdef TLS13_DEBUG
and if it is ever to be reused in tls13_handshake_msg.c, that will have
to be revisited.
ok inoguchi jsing
|
|
call rt_timer_init() from rtable_init().
OK mvs@ claudio@
|
|
uvn_detach sets UVM_VNODE_RELKILL flag and wait for all async i/o to finish. but
uvm_vnp_terminate() could clear the flag and take over the vnode.
mpi@ noted that this code path is mostly dead code because there is no "async
I/O" (uvn_io() is always synchronous).
ok visa@ mpi@
|
|
|
|
already stored as int and and talsz is the limit for these ids.
OK tb@
|
|
parse_filepath(). If that happens something went very wrong and
it is better to fail hard then to limp along.
OK tb@
|
|
-DTEST_CACHING: try the cache
-DTEST_CACHING_VERBOSE: make it say what it does
-DTEST_CACHING_RECHECK: don't trust the cache and compare the extracted
value with the actual package contents (thus making it slower once again)
Quite a few more checks along the way, in general
|
|
|
|
Verify the CRL referenced from the mft against the mft's fileAndHash info.
If the CRL matches then load it and use it to validate this mft. If the
mft validated OK add the now also valid CRL to the auth store for later use.
Before the newest CRL was always selected but that has negative consequences
because it is common practice to revoke the previous MFT's EE cert and with
that the cache is turned useless as soon as a new CRL is used. Also there
was a possibility that the CRL used for validation of the MFT was not the
one later used.
Both RFC6486 and draft-ietf-sidrops-6486bis are unclear about this part
of the validation process. We opted in favor of the chached MFT.
With and OK tb@
|
|
the kstat api is a small part of implementing a kstat, most of it
depends on how you set up the kstat struct.
|
|
|
|
From Andrius Varanavicius
|
|
which is needed for at least Vortex86DX3 machines.
Patch from Andrius Varanavicius via bugs@
Special thanks to DMP for donating hardware which helped make this fix
possible.
|
|
we did want it, so it's there and documented.
|
|
kstat allows the kernel to expose arbitrary data for userland to
consume. currently this is used by some network card drivers to
expose hardware counters they provide, and a bit by the network
stack to show things like ifq counters.
ok bluhm@ deraadt@
|
|
and then back to little-endian when writing to disk.
Reduces the number of invocations of the letoh*() and htole*()
functions by 90 or so. Also makes that code much easier to read.
No intentional functional change.
|
|
|
|
|
|
to open all wskbd devices, but report the first error and exit if
none was successful.
OK deraadt@ espie@
|
|
|
|
|
|
|
|
ok krw@
|
|
|
|
There are a few chips which cannot be recognized by PCI ID alone.
Reading device registers is also required to identify such devices.
iwx(4) should now detect AX201 devices requiring the following firmware
images:
iwx-Qu-b0-hr-b0-63
iwx-Qu-b0-jf-b0-63
iwx-Qu-c0-jf-b0-63
iwx-QuZ-a0-hr-b0-67
iwx-QuZ-a0-jf-b0-63
These are already installed in /etc/firmware but have so far been unused.
This is obviously going to cover a range of devices which have not actually
been tested yet. If you have such a device please test and report back.
Tested on previously working AX200/AX201 devices by jmc@ and myself.
Sven Wolf has successfully tested a newly supported device.
Based on an initial patch by Iraklis Karagkiozoglou, thanks!
|
|
|
|
|
|
linked to quirks during do_quirks.
then add a pre-cache that does run locate once on the full list of things
we want to update/install (assuming "regular" pkgsets, that is, where the
names are the ones we want).
Then the actual fetching of caching info will look in that pre-cache before
resorting to locate itself (or going straight to the wire).
The code isn't active yet, the XXX comment in
OpenBSD/PackageRepository/Installed.pm
says it all.
|
|
|
|
and fix a typo
from ed maste
|
|
The spec (RFC 6487, 4.8.6) expresses a preference for a single rsync URI
but allows for other URIs in the CRL distributionPoint. This doesn't
currently happen in practice but could come at some point. So look for
the rsync URI and skip over others, which is more correct and might help
in the future.
Pointed out by & ok claudio
|
|
string comparison, we can simply annotate the quirks repository as cached.
this does streamline the code somewhat
so simply activate warp-speed by uncommenting one line.
|
|
the full plist for a signature.
shaves most of the remaining time with caching active
|
|
(and we all laughed a little)
|
|
the VM instructions so that SETNA propagates the error condition
of the latter. Avoids "cpu0: failed to enter VMM mode" errors.
Fixes previous commit.
tested by Hrvoje; OK dv@
|
|
ok jca@
|
|
to get_header() with the rest of the header validity
checks.
No functional change.
|
|
While it makes sense to limit bind(2) of unicast addresses that overlap
each other to be all from the same UID (like 0.0.0.0:53 and 127.0.0.1:53)
it makes little sense for multicast. Multicast is delivered to all sockets
that match so there is no risk of someone stealing traffic from someone
else. This should hopefully help with mDNS as reported by robert@
OK deraadt@ bluhm@
|
|
have at least mpfloor spl protection. Fix witness issue found by
Hrvoje where pfsync holds mutex and interrupt grabs kernel lock.
OK sashan@
|
