| Age | Commit message (Collapse) | Author |
|---|
|
Fixes a crash on landisk (strict alignement arch) reported by otto@
ok deraadt@ otto@
|
|
does the same thing.
ok patrick@
|
|
clue
to avoid setting interface mtu.
|
|
|
|
Mixing up function and void pointers isn't defined by POSIX or the
C standard. POSIX only specifies that casting the result of dlsym(3) to
an appropriate function pointer works.
Avoid all this by using a typedef.
from Michael Forney, ok tb@
|
|
|
|
column for df subcommand. Fixes misalignment in some cases.
|
|
information in struct acpi_attach_args.
ok mpi@
|
|
CMSG_DATA man page. Avoids SIGBUS on landisk; ok kettenis@ jca@
|
|
While here, use consistent casing and don't use .Ev for
set-user-ID/set-group-ID.
from Miod
|
|
from Miod
|
|
and also not needed. This just needs a char lookup ('{') like it is done
in all the other rules with '{'. With this parse.y can be compiled with
bison.
OK otto@ benno@
|
|
OK florian@
|
|
This prevent exiting processes from hanging when a slave pseudo terminal
is close(2)d before its master.
From NetBSD via anton@.
Reported-by: syzbot+2ed25b5c40d11e4c3beb@syzkaller.appspotmail.com
ok anton@, kettenis@
|
|
|
|
|
|
terminate the connection with an unexpected_message alert.
See RFC 8446 section 5.4.
Found with tlsfuzzer
hint/ok jsing
|
|
|
|
|
|
desynchronising error; reminded by Aymeric Vincent
ok deraadt markus
|
|
regex in test. So make regress passes for the release, the error
message will be improved later.
discussed with jsing@
|
|
From gilles@, OK deraadt@ jung@
|
|
ok bcook inoguchi deraadt
|
|
discussed with jsing@
|
|
Do not use the pointer returned by ibuf_reserve() after calling another
ibuf function. After the call the internal buffer may have moved by realloc()
and so the pointer is invalid. Instead use ibuf_size() to get the current
offset in the buffer and use ibuf_seek() later on to write back the updated
lsa age into the buffer at the right spot.
This fixes an issue seen by Richard Chivers on routers with many passive
interfaces.
OK stsp@ denis@ deraadt@ also tested by sthen@
|
|
ibuf function. After the call the internal buffer may have moved by realloc()
and so the pointer is invalid. Instead use ibuf_size() to get the current
offset in the buffer and use ibuf_seek() later on to write back the updated
lsa age into the buffer at the right spot.
This fixes an issue seen by Richard Chivers on routers with many passive
interfaces.
OK stsp@ deraadt@
|
|
preserve symbolic links. Instead just ignore them.
OK benno@ deraadt@
|
|
An invalid/corrupted hop6 option in rip6_input()/ip6_savecontrol() could
lead m_copydata(9)s' check to trigger a panic.
Fix from maxv@NetBSD where the problem was also reported by syzkaller.
Reported-by: syzbot+3b07b3511b4ceb8bf1e2@syzkaller.appspotmail.com
Reported-by: syzbot+7ee0eb2691d507fcad2e@syzkaller.appspotmail.com
ok sashan@, dlg@, claudio@, deraadt@
|
|
Purging this queue prevents a panic which occurs when a WPA2-enabled athn(4)
hostap interface is reconfigured while this queue contains frames.
In hostap mode, this queue contains group-addressed (broadcast) frames
which are buffered for clients sleeping in powersave state. Frames on
this queue are transmitted when it is time to send another beacon, at
which point in time sleeping clients wake up to receive such frames.
The panic message is "key unset for sw crypto", which can be explained as
follows: Group keys are cleared when the interface goes down. The beacon Tx
interrupt handler gets triggered by hardware when the interface comes back
up. This handler attempts to encrypt the queued frames for transmission,
resulting in the above panic since the group key has been zeroed out.
This panic has been observed with athn(4) by Jan Stary and Ted Patterson,
and Ted has confirmed that this patch fixes the problem.
ok kettenis@ (with the caveat that it's been a long time since he put our
AP-side powersave support into a working state)
|
|
i noticed this is desirable while looking at an issue
reported by Doug Moss <dougmoss710 at yahoo dot com> on bugs@;
OK deraadt@ sthen@ tb@
|
|
block ack notifications sent by iwn(4) firmware").
This effectively reverts changes in how the driver interacts with firmware
and fixes connections getting stuck for unknown reasons, in two known cases:
One with an Airport Extreme 6th gen AP and another with a b-box 3V+ modem
using a Sagemcom MAC address for its built-in AP.
The Sagemcom case was observed by myself.
The Airport case was reported by Jeremy O'Brien via abieber@.
I am committing this now to prevent the problem from affecting 6.7 release
even though we don't yet understand what caused the problem.
ok mpi@
|
|
Fixes coverity CID 1492830.
ok sthen, deraadt
|
|
Otherwise we fail to do PSS signatures since the key size is too small.
|
|
cast in the printf to unsigned long long or just use unsigned long long
from the start. In this case it is better to switch the type. Similar
changes had been done before.
OK deraadt@
|
|
|
|
go for it deraadt@
|
|
A large number of redistributed routes make ospf6d crash.
OK remi@, sthen@
|
|
regress on i386 after inoguchi moved some symbols to const.
ok inoguchi jsing deraadt
|
|
|
|
ok job, input claudio benno
|
|
ok job
|
|
Also include the group name in the general neighbor description.
Both issues reported by Patrick Velder
OK deraadt@
|
|
|
|
|
|
In compatibility mode, a TLSv1.3 server MUST send a dummy CCS message
immediately after its first handshake message. This is normally after the
ServerHello message, but it can be after the HelloRetryRequest message.
As such we accept one CCS message from the server during the handshake.
However, it turns out that in the HelloRetryRequest case, Facebook's fizz
TLSv1.3 stack sends CCS messages after both the HelloRetryRequest message
and the ServerHello message. This is unexpected and as far as I'm aware,
no other TLSv1.3 implementation does this. Unfortunately the RFC is rather
ambiguous here, which probably means it is not strictly an RFC violation.
Relax the CCS message handling to allow two dummy CCS messages during a
TLSv1.3. This makes our TLSv1.3 client work with Facebook Fizz when HRR
is triggered.
Issue discovered by inoguchi@ and investigated by tb@.
ok deraadt@ tb@
|
|
Makefile omitted by mistake from commit tJPIjljmTjZW
ok djm@ deraadt@
|
|
ok djm@ deraadt@
|
|
configure EDH-based cipher suites with Perfect Forward Secrecy (PFS)
for older clients that do not support ECDHE. Problem noticed and
initial diff by Jesper Wallin, thanks!
ok kn@
|
|
|
|
the output structures may still change but it should be a good starting
point for poeple to start playing with it.
OK benno@, job@, deraadt@
|
