| Age | Commit message (Collapse) | Author |
|---|
|
receiver.
|
|
Should help diagnose various reports regarding missing battery sensors.
|
|
register. Use 32-bit reads and writes to access the URXH and UTXH
registers. They're documented as 32-bit registers in the Exynos 4 and
Exynos 5 User Manuals and accessing URXH with an 8-bit read triggers a
fault on Apple's M1 SoC.
ok patrick@
|
|
children of the node claimed by expower(4). That node also fained a
"syscon" compatible in the process. Deal with these changes,
ok patrick@
|
|
ok hackroom
tested by plenty
|
|
Don't set taskq to system_wq in INIT_WORK(). Test if taskq pointer is
non-NULL before calling taskq_barrier() in flush functions.
fixes a black screen on boot problem with 5.10.y drm using nano x1
bisected by jcs@ to
'drm/i915: Always flush the active worker before returning from the wait'
|
|
- Remove watchpoint support since we do not support hardware watchpoints.
- Support floating point regsisters in the ReadAll/WriteAll interface.
- Standardize the sizes used in GerGPRSize() and GetFPRSize() to correspond
to the sizes we get from ptrace.
- Fix the r/w of the mmx registers to map onto the st fp registers instead
of xmm registers.
- Normalize some variable names to be architecture neutral.
ok patrick@
|
|
remove this section as part of crunchgen generated commands.
it avoids calling "strip -R .comment" for some but not all architectures.
ok deraadt@ danj@
|
|
the .SUNW_ctf section is added by ctfstrip(1), which is only used for kernels.
ok deraadt@ danj@
|
|
ok deraadt@ danj@
|
|
"strip -R section" command run "strip" (without option) as well.
there is no need to call both.
(binaries checked with sha1)
original diff from danj@
ok deraadt@
|
|
in the command "objcopy -Sg", the -g option (STRIP_DEBUG) overrides
the -S option (STRIP_ALL). so it is the same as "objcopy -g".
"strip" command without option is doing STRIP_ALL.
merge the both commands to "objcopy -S"
ok deraadt@ danj@
|
|
ok deraadt@ danj@
|
|
Set up the DMAC filter in one go instead of doing it separately for
unicast and multicast DMACs. This attempts to make the code a little
more readable. The setup should now run a bit faster as well because
it now does fewer register accesses.
Tested on CN5020, CN6120 and CN7130.
|
|
ok hackroom
tested by plenty
|
|
The new 'iface' config option can be used to specify an interface
for the virtual addresses received from the peer.
Routes are automatically added based on the configured flows.
Input from sthen@ and claudio@
ok patrick@
|
|
|
|
|
|
|
|
|
|
|
|
No code/functional change
|
|
|
|
|
|
|
|
|
|
|
|
after ikectl reload.
ok patrick@
|
|
|
|
use cases, so explain the situation a bit more. Since the 80's, I estimate
around 5 algorithm changes, so any chosen seed is unrepeatable UB.
+The deterministic sequence algorithm changed a number of times since
+original development, is underspecified, and should not be relied upon to
+remain consistent between platforms and over time.
ok jmc kettenis
|
|
table. Hence we have to grab both the pf lock and the pf state lock.
Found by dlg@
ok bluhm@ sashan@
|
|
to acme-client users.
|
|
-genkey" rather than separately generating parameters and key. Give a
clue that some CAs accept only prime256v1. Show the user where to stop
if they're just generating a private key for acme-client and therefore
don't need to generate a csr or cert manually. Add xr to acme-client(1)
suggest by tb@.
ok jmc tb
|
|
addresses that come from pf cannot be right, so remove the code.
Coverity CID 1501718
OK dlg@ claudio@
|
|
Notably this update removes various old Symantec roots (GeoTrust,
thawte, VeriSign) that were set in NSS to be distrusted on 1/1/2021.
Nobody should have been using these for years; only certain subCAs
signed by these were valid in NSS in that time due to an exemption:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec
Notably Apple's "Apple IST CA 2 - G1" which is still in use for
some endpoints (it is cross signed by another CA too but these
endpoints are publishing the GeoTrust intermediate cert).
So for now I have skipped removal of "GeoTrust Global CA" to avoid
affecting these sites. Debian ran into this when they updated their
cert database and had to back this part out, affected sites are
not reachable on Android Firefox and maybe other newer Firefoxes.
Some sites that were affected have moved to a different CA in the
last few days but others, notably api.push.apple.com, remain
(I can only guess that there is a complicated problem involved,
possibly cert pinning on old devices - the clock is ticking though
as this expires in May 2022 anyway ;)
Additions:
/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno Root CA 2017
/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority
Removals:
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=TW/O=Government Root Certification Authority
/C=LU/O=LuxTrust S.A./CN=LuxTrust Global Root 2
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA
|
|
|
|
|
|
This was proposed by Emil Velikov to simplify libdrm and will remove the
need for some patches in ports.
/dev/drm0 -> /dev/dri/card0
/dev/drmR128 -> /dev/dri/renderD128
The previous names will remain for a period of time and will later be
removed. Major and minor numbers remain the same.
libdrm will not be changed to use the new names until known privsep
and sandbox use has been updated to allow the new names.
ok deraadt@
|
|
|
|
|
|
patch from Mike Frysinger
|
|
and remove an unused variable; ok dtucker@
|
|
ok kettenis@
|
|
ok kettenis@
|
|
ok kettenis@
|
|
ok markus@
|
|
|
|
ok bluhm@
|
|
fully initialized because we initialize `if_groups' after linking. It's
not triggered because if_attach() and if_unit(9) are serialized by
kernel lock and `ifp' is often filled by nulls. Move `if_groups'
initialization to if_attach_common() to prevent this.
ok bluhm@ claudio@ deraadt@
|
|
work anyway. Dynamic binaries help building errata, reduce disk
usage and make ROP harder. Also remove an unused bsd.subdir.mk
include.
OK sthen@ mvs@ deraadt@ tobhe@ patrick@
|
