| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
(and the second copy of the "normal" files in share/zoneinfo/posix).
The way these files are supposed to work is that you set the system
clock to the time with leap-seconds included (UTC+leap, or TAI-10) and
copy the entire "right" set of files to the main zoneinfo directory
(upstream provides them as parallel directories to encourage this).
And everyone else sets the system clock to UTC and uses the "posix" files.
https://data.iana.org/time-zones/theory.html#leapsec
We don't have much support for a non-UTC system clock, and these files
have been seen to cause some confusion.
kettenis@ says "Software that really cares probably has its own leap-
second table and will actually rely on the POSIX definition of time_t to
convert times into human readable form."
ok deraadt naddy millert
|
|
document built-packages.log
|
|
|
|
|
|
|
|
dnssec the sysadmin has some idea what's going on in logs, and
"aggressive-nsec: yes", if we're using dnssec anyway we might as well
get the benefits. These were both enabled last time dnssec was enabled
in this sample unbound.conf.
ok florian@
|
|
instead of ditching stderr entirely, keep it in a temp file, and if the
child exits with an error, we got something to display.
(note that returning and undef'd plist is enough of an error, just we
had no clue what went wrong previously)
aja@ ran into this a few weeks ago.
|
|
|
|
I broke adjfreq(2)'s atomic swap in kern_time.c,v1.112. By using the
"f" variable to store both the new and old frequency adjustments, the
new adjustment gets clobbered by the old adjustment if the caller asked
for a swap.
ok visa@ mpi@
|
|
|
|
ok deraadt@
|
|
Fix argument types of functions containing a static variable when compiled
with clang(1).
|
|
Handle the "varname.id" schema used by gcc(1) and "funcname.varname" used
by clang(1).
Fix a shadowing issue with clang(1).
|
|
Fix a shadowing issue reported by procter@.
|
|
SIOCGIFADDR, SIOCGIFNETMASK, SIOCGIFDSTADDR, SIOCGIFBRDADDR,
SIOCSIFADDR, SIOCSIFNETMASK, SIOCSIFDSTADDR, and SIOCSIFBRDADDR.
Name in_ioctl_set_ifaddr() consistently. Use in_sa2sin() to validate
inet address. Combine if_addrlist loops and add comment. Although
netmask is not a inet address, length must be valid.
Reported-by: syzbot+5fc6da002fc4e8d994be@syzkaller.appspotmail.com
OK visa@
|
|
|
|
ok deraadt@
|
|
ieee80211 ioctl(2) implementation. Do the same for the driver
specific code of ac(4) and wi(4) wireless network devices.
OK mpi@
|
|
OK deraadt@ otto@
|
|
enforce this for the an(4) wireless network device.
found by Ilja Van Sprundel; OK dlg@ deraadt@ mpi@
|
|
i think this is a fix for a real bug. pfsync leaked the hooks it
had on a parent^Wsyncdev when the parent went away. now there's
KASSERTs to make sure all hooks are removed before an interface
goes away, the leak caused the KASSERTs to fire and made the bug
obvious.
found by hrvoje popovski
|
|
ok patrick@
|
|
making RTM_INVALIDATE code path perform same check as RTM_DELETE does.
ok mpi@
|
|
ok jasper@, deraadt@
|
|
ok dlg@, jasper@
|
|
Spotted by deraadt@
|
|
This never worked out and is getting in the way of DNS proposals which
are coming next.
No (intended) functional change.
Input & OK tohe
|
|
|
|
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's
SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable,
and ssh-keygen's new -w and -x options.
Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal
substitutions.
ok djm@
|
|
it's no longer necessary to hold NET_LOCK to call interface hook
adds or dels now, but it is necessary not to hold NET_LOCK when
calling some barrier functions.
found by hrvoje popovski
|
|
i had NET_ASSERT_LOCKED() in the hook add and remove operations,
because that's what's held when the hooks are run. some callers do
not hold the NET_LOCK when calling them though, eg, bridge(4). aggr
and tpmr used to not hold NET_LOCK while being destroyed, which
also caused the asserts to fire, so i moved the port destroys inside
NET_LOCK, but now I have deadlocks with some barrier calls.
the hooks having their own lock means callers don't have to hold
NET_LOCK and the list will stay sane. the code that runs the hooks
gives up the mutex when calling the hook, but keeps track of where
it's up to bey putting a cursor in the list.
there's a single global mutex for all the interface linkstate and
detach hooks, but this stuff isn't a hot path by any stretch of the
imagination.
based on (a lot of) testing by hrvoje popovski. thank you.
|
|
this is largely mechanical, except for carp. this moves the addition
of the carp link state hook after we're committed to using the new
interface as a carpdev. because the add can't fail, we avoid a
complicated unwind dance. also, this tweaks the carp linkstate hook
so it only updates the relevant carp interface, not all of the
carpdevs on the parent.
hrvoje popovski has tested an early version of this diff and it's
generally ok, but there's some splasserts that this diff fires that
i'll fix in an upcoming diff.
ok claudio@
|
|
forward copy mode commands, this makes it easier to use the cursor_word
and cursor_line formats. From Anindya Mukherjee in GitHub issue 1964.
|
|
AI_ADDRCONFIG flag for getaddrinfo to only return addresses for a
configured address family.
Implementing a loop over all IPs is left as an exercise to the reader.
Reported some time ago by kasimov.an AT gmail on bugs@, thanks!
oh boy deraadt@
OK benno@
|
|
and IOCPARM_LEN macros types.
|
|
Otherwise, reports might go by unnoticed.
Prodded by and ok visa@
|
|
avoids DNS lookups entirely, but yes this https is correctly validated)
long discussions with otto, florian, and the quad9 crew.
|
|
|
|
start unwind earlier, before /var is mounted.
discussed with deraadt
|
|
other methods failed to inject/churn the rng enough. Move it up far earlier.
ok naddy sthen kettenis
|
|
commit.
|
|
Tx aggregation is stopped. Fixes a bug where outstanding frames on
the aggregation queue interfere with roaming to another AP.
net80211 will only roam once all outstanding frames destined for the
old AP have been sent, i.e. once that AP node's Tx refcount goes to 0.
Any outstanding frames sitting in the Tx aggregation queue, waiting to
be ACKed, will keep this refcount above zero.
To make roaming work reliably in combination with Tx aggregation, the
driver must ensure that ieee80211_release_node() gets called for each
frame on the queue when Tx aggregation is stopped.
Problem observed by tobhe@
Fix tested + ok tobhe@ jca@
|
|
Do not overwrite the address family, we need to know if this is IPv4
or IPv6 to parse the message.
Nameservers are IP addresses, not NUL-terminated strings.
Check that the length is a multiple of the length of an IP address.
OK krw
|
|
More people know what a "stub" resolver is then asr.
Pointed out by & discussed with deraadt
Input & OK otto
|
|
to APs that are relatively far away and suffer some packet loss.
The former threshold was 7 beacons (about 700 ms).
This raises the threshold to 30 beacons (about 3 seconds).
Should still be good enough for detecting APs that have disappeared, and
makes wifi networks provided by the University of Bucharest more reliable
in the p2k19 hackroom.
While here, make 'ifconfig iwm0/iwn0 debug' print an obvious message when
we believe that the AP has disappeared.
Problem reported and fix tested by landry@ / pirofti@
ok mpi@ sthen@
|
|
ok deraadt@
|
|
or a USB device. ok mpi
|
|
or after deciding to terminate or when AUTOCONF4 is not set.
|
