| Age | Commit message (Collapse) | Author |
|---|
|
like done in ftp' fetch.c revision 1.216.
ok tb
|
|
since fetch.c revision 1.211, ftp removes trailingwhitespaces early so
there's no need to re-do that when parsing a header.
while here, remove an unused variable too.
ok tb, millert
|
|
Switch to warnx() instead of cryptowarnx() for now.
ok job
|
|
DIOCGETRULES."
regress/sbin/pfctl panics with "rw_enter: pfioctl_rw locking against myself"
as reported by bluhm on bugs@.
|
|
Encode cert and intermediate CAs in new cert bundle object,
so the information can be passed to the ca process in one step.
Pass untrusted intermediates to X509_verify_cert().
From markus@
|
|
would lose their parent.
ok tobhe@
|
|
editor_allocspace() interates over alloc_tables calling
allocate_space(). allocate_space() iterates over
space_allocations calling allocate_partition().
allocate_partition() calls allocate_diskchunk() which finds disk
space for the partition.
No intentional functional change.
ok otto@
|
|
Replace hand-rolled reference counting with refcnt_init(9) and hook it up
with a new dt(4) probe.
OK bluhm mvs
|
|
Was overlooked in r1.209.
diff from 'a dog' (OpenBSD [at] anthropomorphic [dot] dog)
ok tb, sthen
|
|
specify also that it can be set globally with set-default-mode, as done
in the description of the other built-in modes.
Diff from Simon Branch (that I got via jmc@), thanks!
|
|
Pass the timeout and sleep priority not only to sleep_setup() but also
to sleep_finish(). With that sls_timeout and sls_catch can be removed
from struct sleep_state.
The timeout is now setup first thing in sleep_finish() and no longer as
last thing in sleep_setup(). This should not cause a noticeable difference
since the code run between sleep_setup() and sleep_finish() is minimal.
OK kettenis@
|
|
The driver not only provides the temperature readings for the cores, cluster
and memory in hw.sensors, but also allows the thermal zone code to act on
temperature changes.
ok drahn@
|
|
ok kettenis@
|
|
for interface groups data allocations.
ok kn claudio bluhm
|
|
|
|
snmpd(8) and 'pfctl -s Interfaces' dump pf's internal list of interfaces.
pf's internal interface list is completely protected by the pf lock,
pf lock assertions since pf_if.c r1.110 from over a week ago support this.
pfi_*() iterate over net lock protected if_groups lists, but only to read,
so downgrade from exclusive write net lock to a shared read-only one.
Feedback mvs
OK sashan
|
|
pf.conf's 'set skip on ifN' and 'pfctl -F all|Reset' set and clear flags,
PFI_IFLAG_SKIP being the only flag. Nothing else in base uses these ioctls
and internal state is protected by the pf lock already.
OK sashan
|
|
from reyk@
|
|
|
|
|
|
Additionally fix the bacmp() function to work on integers and strings.
bacmp() is used when maps are printed out since the output is sorted by value.
Also adjust the rule parser to look into correctly into if branches to figure
out which values to request from the kernel.
OK kn@
|
|
part of the bt.5 man page.
Input and OK kn@
|
|
"@option explicit-update" flavor of firmware circa 2013.
pkg_add hasn't needed to know about this since basically forever
|
|
The existence of the public get_rfc*() API is a historic curiosity that may
soon be corrected. We inherited its use and it survived in libssl until now.
Switch to the better named BN_get_rfc*() wrappers.
ok jsing
|
|
This bug can cause all sorts of problems, but in particular it was
most easily reproduced as a double fault in the syscall return path on
this CPU model:
Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
Tons of help from guenther@ in narrowing down the root cause. Fix
tweaked by guenther@. Additional input from deraadt@ and kettenis@.
ok guenther@
|
|
found by mlarkin
|
|
This code is unreachable since binary curve support was removed.
There is a lot more to clean up in here...
ok jsing
|
|
This was needed for defining the multiplication over binary fields. Since
that code is gone, this is no longer needed.
ok jsing
|
|
The remaining EC_METHODs in libcrypto all have a field type of
NID_X9_62_prime_field, so this function always returns 0. Make
that more obvious.
ok jsing
|
|
of the results based on that. Also, the system now enforces
unreadability in copyin() of ld.so, libc, and application text,
even when PKU isn't enabled, so adjust those results to match.
ok deraadt@ anton@
|
|
|
|
Through draft-ietf-sidrops-aspa-profile-15, the ASPA profile was
made AFI-agnostic. This represents a simplification for both operators
and implementers in both the RPKI and BGP layers of the stack.
This update changes the JSON structure.
No effort was made to simultaneously support ASPA v0 and v1 objects.
OK tb@ claudio@
|
|
If the mtime in the file header is larger than MAX_TIME_T, trucate
it to MAX_TIME_T, not INT_MAX. OK otto@
|
|
Reported by David Leadbeater. OK op@
|
|
|
|
from weerd
|
|
the change is not trivial and I don't have a eigrp testbed.
OK tb@
|
|
OK kn@
|
|
Do the checksum calculation in send_packet() instead of doing it all over
the place. This way the fixup only happens in one place.
OK tb@
|
|
For some reason there is no NULL check on setting the HKDF key for p2 like
in the other cases in the switch, instead OpenSSL fail in memdup, nulling
out the key but leaving he key_len at the old value. This looks accidental
but our behavior makes some haproxy regress tests segfault. So mimic weird
OpenSSL semantics but in addition set the key_len to 0.
Reported by Ilya Shipitsin
ok jsing
|
|
back to old size since the contents will be overwritten. GitHub issue
3510.
|
|
|
|
Processes like snmpd or systat open pf(4) once and then issue many
DIOCGETRULES calls over their runtime. This accumulates many pf_trans
structs over their lifetime. At some point the kernel runs out of
memory because of that. By closing all transactions before creating
a new one, long living processes do no longer leak transactions.
This probably needs further refinement once more transactions types are
added but for now this solves the problem.
Problem found by florian@
OK sashan@ kn@
|
|
|
|
|
|
from lucas de sena
ok espie
|
|
dwge(4) implementations. The counters are all 32 bit, so enable reset-on-read
and accumulate them into 64 bit software counters, and enable the MMC
interrupts that indicate one or more counters is halfway to overflowing.
Tested on an RK3399, which has the counters, and an Allwinner A20, which
doesn't.
ok dlg@
|
|
|
|
|
|
|
