| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
so that it works and compiles during the tb@ pre-bump shuffle(tm).
|
|
only sets its value. It is more obvious to return the next protocol
or IPPROTO_DONE to signal error. All IP protocol functions do that.
OK sashan@ florian@
|
|
and flag multiple subpackages as an error
|
|
ok jsg@
|
|
ok jsg@
|
|
PPPOE packets within. Do (*if_output)() calls within netisr handler with
netlock held.
We can't predict netlock state when pipex(4) related (*if_qstart)()
handlers called. This means we can't use netlock within pppac_qstart()
and pppx_if_qstart() handlers.
ok bluhm@
|
|
The verifier callback is used by mutt to do a form of certificate
pinning where the callback gets fired and depending on a
cert saved to a file will decide to accept an untrusted cert.
This corrects two problems that affected this. The callback was not
getting the correct depth and chain for the error where mutt would
save the certificate in the first place, and then the callback was not
getting fired to allow it to override the failing certificate
validation.
thanks to Avon Robertson <avon.r@xtra.co.nz> for the report and
sthen@ for analysis.
"The callback is not an API, it's a gordian knot - tb@"
ok jsing@
|
|
result, from ncurses 5.9 patch 20130126:
+ change %l behavior in tparm to push the string length onto the
stack rather than saving the formatted length into the output
buffer (report by Roy Marples, cf: 980620).
ok millert
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sftp -D "/usr/libexec/sftp-server -el debug3"
ok markus@
|
|
use a per rttimer struct timeout. On enqueue the struct rttimer belongs
to the timeout, in case the route is removed before the timer fires
cleanup based on the timeout_del() return value. If the timeout currently
running then just clear the rtt_rt pointer and let the timeout handle the
cleanup. This should hopefully fix the icmp_pmtu_timeout crashes reported
by some people.
OK bluhm@
|
|
prevent concurrent access to rt_llinfo from rtrequest_delete().
But the common case, when the MAC address is already known, works
without lock.
tested by Hrvoje Popovski; OK mvs@
|
|
an i386 system noone remembers details about and which is unlikely to be
relevant those days, and has been found to misbehave on some modern systems,
such as the OnLogic Helix 500, or RPi4 with glass console.
|
|
|
|
|
|
|
|
|
|
this in decades.
ok sthen krw
|
|
No need to be twiddling eptp in vcpu_reset_regs.
ok mlarkin@
|
|
disabled by default. Also add a tso option to ifconfig(8) to enable and
disable this feature.
ok deraadt
|
|
Consolidate the km_free calls while at it.
ok mlarkin@
|
|
ok jsing@
|
|
- Rearrange the security check code in sys_kbind() so that we only
need to take the kernel lock once if we need to raise SIGILL.
- Protect process.ps_kbind_addr and process.ps_kbind_cookie with
process.ps_mtx. This is easier to do after the aforementioned
rearrangement. Under normal circumstances this isn't necessary:
the process is single-threaded when we initialize kbind(2).
But in stranger situations this brief mutex ensures that the
first thread to reach sys_kbind() initializes both variables.
- Wrap the binding loop with the kernel lock. We need to carefully
confirm that uvm_unmap_remove(), uvm_map_extract(), and
uvm_unmap_detach() are MP-safe in a subsequent patch before
completely removing the kernel lock from sys_kbind().
- Remove the kernel lock from kbind(2) in syscalls.master.
Prompted by mpi@, dlg@, and deraadt@. Current patch workshopped with
deraadt@. Based on a patch from dlg@.
With input from dlg@, bluhm@, mpi@, kettenis@, deraadt@, and
guenther@.
Thread: https://marc.info/?l=openbsd-tech&m=165274831829349&w=2
ok deraadt@ kettenis@ mpi@
|
|
ok jsing@
|
|
OK deraadt@ mpi@ claudio@ miod@
|
|
The tentacles are everywhere. This checks that all certs in a chain
have keys and signature algorithms matching the requirements of the
security_level configured in the verify parameters.
ok beck jsing
|
|
For some unknown reason this needed a different name than security_level,
both internally and in the public API. Obviously it is exactly the same
garbage.
ok beck jsing
|
|
the world seems to be using.
Symbols.list changes and exposure to wait for minor bump
ok jsing@ jca@
|
|
so we do not need to copy it to the new system.
|
|
Make the silly file removal happen after the vnode has been unlocked.
This avoids a file-directory reversal in the vnode locking order.
OK jca@
|
|
When closing a kqueue, block until any pending wakeup task has finished.
Otherwise, if a pending task progressed slowly, the kqueue could stay
alive longer than the associated file descriptor table, causing
a use-after-free in KQRELE().
This also fixes a failed assertion "p->p_kq->kq_refcnt.r_refs == 1" in
kqpoll_exit().
The use-after-free bug had existed since the introduction of
kqueue_task() (the bug could occur if fdplock() blocked in KQRELE()).
However, the issue became worse when the task was allowed to run without
the kernel lock in sys/kern/kern_event.c r1.187.
Prompted by a report from Mikhail on bugs@.
OK mpi@
Reported-by: syzbot+fca7e4fa773c90886819@syzkaller.appspotmail.com
|
|
fails when enforced or there is a missmatch and that the session is accepeted
if the roles match.
|
|
OK tb@
|
|
With this it is possible to send a role in the OPEN message and if that
was successful the RDE will add the new OTC attribute if necessary.
OK tb@
|
|
EIO. Thus the userland notices the error and closes the device. We forget the
error on reopen and the device works again.
Ok mbuhl
|
|
It's most likely that users have the wrong baud rate in /etc/ttys as
this was corrected in revision 1.11 of sys/dev/ic/pluart.c. Make sure to
change the console baud rate from 38400 to 115200 in /etc/ttys before
upgrading.
ok visa@
|
|
once per function. This gives a more consistent time value.
OK claudio@ miod@ mvs@
|
|
This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().
ok beck jsing
|
|
ok beck jsing
|
|
ok beck jsing
|
|
ok beck jsing
|
|
ok beck jsing
|
|
Reduces the risk of post-upgrade steps (sysmerge -b etc) being missed if
there was some issue with those jobs e.g. fw_update or reorder_kernel
triggering watchdog or an impatient admin to reboot the system. ok florian@
|
