| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Noted by pjanzen@ with input from deraadt@.
|
|
and can depend on the /usr/share/zoneinfo bypass.
OK mestre, millert, deraadt
|
|
With this bgpd.h no longer depends on net/route.h
OK tb@
|
|
The generic add-path code up_generate_addpath() reevaluates everything
since this is the simplest way to select the announced paths. For add-path
all this is overkill since there is no dependency between prefixes and so
individual prefixes can be handled more efficently.
Extend rde_generate_updates() to pass the current newbest and oldbest
prefixes (for the selected best path) but now also include newpath and
oldpath (which is the prefix that is added/removed/modified).
If newpath or oldpath is set then a single prefix was altered and
up_generate_addpath_all() can just remove or add this prefix.
If newpath and oldpath are NULL than the full list based on newbest
needs to be inserted and any old path/prefix removed in the process.
This improves update generation performance on big route collectors using
add-path all substantially.
OK tb@
|
|
|
|
findblkname() and DISKUNIT(). Allows all block devices, not just
sd* and vnd* to generate useful names in DEBUG output.
Cluebat by deraadt@
|
|
|
|
it may later be used from a resume path when we don't want to print
same change as amd64 amd64errata.c 1.11 by robert
ok robert@ deraadt@
|
|
|
|
tweaks from cheloha@; ok deraadt@, sthen@, cheloha@
|
|
on resume, the errata is re-applied.
In addition make amd64_errata() print the information about the applied
errata only once for the first CPU.
input from jsg@ and deraadt@, ok deraadt@
|
|
sure ikes_retransmit_response events don't also increase the
ikes_msg_rcvd_busy counter.
ok markus@
|
|
|
|
the RTP_BGP and similar defines all into kroute.c and export them via
kr_default_prio() and kr_check_prio().
OK tb@
|
|
Reading time zone files from user-controlled paths can result in
pledge(2) or unveil(2) violations. We also ignore files that contain
a '.' character to avoid paths containing ".." or hidden files.
Work with and OK deraadt@
|
|
Symbols.list mistake: undefine aliases (except _cfb block ciphers which
are aliases for historical reasons). Use -Wl,--no-allow-shlib-undefined.
|
|
Use a per peer path_id_tx to assign to paths received from none add-path
enabled peers. This skips two extra walks of the RIB prefix list and is
a big speed-up when there are many regular sessions. If the session uses
add-path recv then the old way of assigning random path_ids needs to be
used.
With input and OK tb@
|
|
Found the hardway by miod@ and deraadt@.
|
|
ok claudio
|
|
Fix undefined behavior and a use-after-free in cat().
|
|
OpenBSD are security fixes #629 #640 and other changes #610 #643.
No library bump necessary.
OK deraadt@
|
|
to a separate function that gets called after identifycpu() so that
we have the required information to handle the correct MSRs for each
cpu.
Additionally, move the handling of the DE_CFG_SERIALIZE_LFENCE and
IA32_DEBUG_INTERFACE_LOCK MSRs out of identifycpu() to the new
function so that they get set again after a suspend/resume cycle as
well, which in fixes TSC sync failures.
discussed with and input from deraadt@, mlarkin@
|
|
From Chengming Gui
985a5d3d491d558f785b77cc5b86837bfa408587 in linux 5.15.y/5.15.69
39c84b8e929dbd4f63be7e04bf1a2bcd92b44177 in mainline linux
|
|
ok bluhm@
|
|
Reported by Christian Weisgerber
OK kn@
|
|
|
|
HY-D1 C32r1 (0x00100f81) and HY-D1 G34r1 (0x00100f91) have the same
errata and multiple cpuid values can map to a single enum value.
|
|
spotted by jmc@
|
|
|
|
error types and other events that help analyze errors in larger setups.
The counters can be printed with 'ikectl show stats'.
ok bluhm@ patrick@
from and ok markus@
|
|
without a unit number (so without the @1234 bit) works as well.
This is a re-commit of the backed out change with the endless loop fixed.
|
|
to use a time zone path that's not relative to /usr/share/zoneinfo.
Hopefully we can limit tzset(3) to only look at zone info files in
/usr/share/zoneinfo, soon.
OK millert, deraadt
|
|
this using unveil(2), but ignore errors if /var/log doesn't exist. We
want to be able to set the time if the system is damanged or /var is
not mounted yet.
We also need to unveil everything for reading since we still allow
arbitrary locations of zone info files. Hopefully that will go away
soon.
OK deraadt
|
|
ok miod@ deraadt@
|
|
These functions were renamed in the last bump
#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf #define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
They don't appear in the compiled library itself, so no further bump
required.
Fixes libressl-portable/portable#791
Found the hard way by vollkommenheit
ok deraadt jsing
|
|
available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names.
ok markus@
|
|
ok markus@
|
|
names; ok markus@
|
|
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
|
|
|
|
|
|
Taking these definitions from NetBSD's pm_direct.h; most PMU_*
commands have the same names in the BSDs and Linux.
ok miod@ kettenis@
|
|
The issue was reported by Stephan Somogyi - Thanks!
|
|
Give the user a hint as to what happened if they boot up and the TSC
is not the active counter.
"sure" deraadt@
|
|
By default, just say "tsc: cpu0/cpuN: sync test failed". If you want
more information you need to recompile with TSC_DEBUG set.
While here, disable TSC_DEBUG.
"sure" deraadt@
|
|
Found by kn@ and myself, ok deraadt@
|
|
While RFC 8446 is clear about what legacy session identifiers can be sent
by a TLSv1.3 client and how middlebox compatibility mode is requested, it
is delightfully vague about the circumstances under which a client is
permitted to send CCS messages. While it does not make sense for a client
to send CCS messages when they are not requesting middlebox compatibility
mode, it is not strictly forbidden by the RFC and at least one (unknown)
TLSv1.3 stack has been observed to do this in the wild.
Revert part of the previous change and allow clients to send CCS messages,
even if they are not requesting middlebox compatibility mode.
Found the hard way by florian@
ok tb@
|
|
OK tb
|
|
|
