| Age | Commit message (Collapse) | Author |
|---|
|
|
|
known_hosts; bz#2342
|
|
confirmation question; reported by Herb Goldman
|
|
|
|
confusing messages reported by Jan Stary <hans at stare dot cz>
|
|
in non-location virtual hosts. Add comments clarify the
variable-length values.
OK halex@
|
|
with halex@. No binary change - it is commented out.
|
|
|
|
imsg buffer.
Debugging & OK halex@
|
|
drivers do. While here remove unused fields from struct iwm_fw_info.
test and ok brad@ phessler@
|
|
|
|
|
|
using *at functions is equivalent to chdir()ing, which eases portability.
Tested with mixes of absolute and relative paths.
Eliminate a FILE leak too.
prodded by jsing@
|
|
|
|
Discussed with/requested by deraadt@ at the conclusion of s2k15.
|
|
This allows for clients that willingly choose to perform a downgrade and
attempt to establish a second connection at a lower protocol after the
previous attempt unexpectedly failed, to be notified and have the second
connection aborted, if the server does in fact support a higher protocol.
TLS has perfectly good version negotiation and client-side fallback is
dangerous. Despite this, in order to maintain maximum compatability with
broken web servers, most mainstream browsers implement this. Furthermore,
TLS_FALLBACK_SCSV only works if both the client and server support it and
there is effectively no way to tell if this is the case, unless you control
both ends.
Unfortunately, various auditors and vulnerability scanners (including
certain online assessment websites) consider the presence of a not yet
standardised feature to be important for security, even if the clients do
not perform client-side downgrade or the server only supports current TLS
protocols.
Diff is loosely based on OpenSSL with some inspiration from BoringSSL.
Discussed with beck@ and miod@.
ok bcook@
|
|
ssl3_cipher_get_value() to get the cipher suite value that we just
put in the struct - use the cipher suite value directly.
|
|
|
|
|
|
|
|
tls_config_insecure_noverifyname(), so that it is more accurate and keeps
inline with the distinction between DNS hostname and server name.
Requested by tedu@ during s2k15.
|
|
configuration.
|
|
|
|
be those that are TLSv1.2 with AEAD and PFS. Provide a "compat" mode that
allows the previous default ciphers to be selected.
Discussed with tedu@ during s2k15.
|
|
PAGE_MASK to be (~(PAGE_SIZE - 1)) where as our kernel defines it as
(PAGE_SIZE - 1). It is possible to flag a CS as wanting to use
GPU VM for cayman/aruba hardware though in practice Mesa won't
submit a CS flagged with GPU VM for these unless overriden via
RADEON_VA=true in the environment.
For Southern Islands radeons on the other hand GPU VM is required
and flagged by default.
|
|
for debugging the problem on RS690 and coming up with an initial diff.
Align the gart table allocation to the size of the allocation (rounded
up to nearest page size by bus_dmamem_alloc). Matches the behaviour of
the original Linux code's use of
pci_alloc_consistent()/dma_alloc_coherent().
Correct PAGE_MASK usage in rs400_gart_set_page(). Linux defines
PAGE_MASK to be (~(PAGE_SIZE - 1)) where as our kernel defines it as
(PAGE_SIZE - 1). Most of the other occurances in the drm code have been
adjusted accordingly but this one seems to have been missed.
|
|
requested by deraadt@
|
|
not whine and fail if there is none
ok djm@
|
|
|
|
they live in $OBJ not cwd; some by Roumen Petrov
|
|
|
|
ok jsing
|
|
This fixes a bug naddy@ found in plan9/rc(1).
|
|
then iwm(4) stops passing traffic. Firmware crashes were only observed with
my local patches, not the in-tree version of the driver.
|
|
The number stated was incorrect and there is no real reason to mention
them in the first place. Discussed with sthen.
|
|
Pointed out by brad.
|
|
|
|
|
|
ok dlg
|
|
in addition to the classic syntax \s(12, the modern syntax \s[12],
and the alternative syntax \s'12'. The historic syntax only works
for the font sizes 10-39.
Real-world usage found by naddy@ in plan9/rc.
|
|
prodded jmc@
|
|
ok dlg@
|
|
bz#2353 reported by calestyo AT scientia.net
|
|
No change to messages about them (ignore them right before line feeds,
report errors elsewhere).
naddy@ found a manual in the wild containing lots of these (ysm(1)),
and i can't imagine a situation where dropping them could be problematic.
|
|
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
|
|
|
|
Fixes inet6 autoconf, for example.
Reported and fix tested by matthieu and brad
|
|
No actual change, but makes it easier to reuse the code elsewhere.
Suggested by Andre Smagin
|
|
code scanner. Changing return to break also fixes a failure to unlock.
Also fix a NULL check for that variable noticed by bluhm.
ok bluhm henning millert
|
|
counter. Adapt tests.
|
