Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OK tb@
|
|
from Kirill Miazine, thanks.
|
|
|
|
Fixes build in src/gnu/usr.bin/clang/include/llvm/AMDGPU.
OK semarie@
|
|
Following https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html
Simply apply the inverse of 'afrinic.constraints' r1.2 to the other RIR files
(since no resources can be transferred from AFRINIC to any other RIRs).
OK tb@
|
|
OK tb@
|
|
12 factors apps and similar don't daemonize and are thus vulnerable to
receiving a SIGHUP signal at the end of /etc/rc. Shield them by running
them in a different process group. Do this only for services that need
rc_bg=Yes, as suggested by ajacoutot@
There have been several reports about this issue in the past years, the
last one being from edd@ who successfully tested this fix. Input from
several folks, ok sthen@ ajacoutot@
|
|
|
|
Today AFRINIC clarified its actual current resource holdings by issuing
a new CA certificate in response to a report on overclaiming:
https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html
OK tb@
|
|
carved out of a larger block assigned to RIPE NCC
OK tb@
|
|
See https://datatracker.ietf.org/doc/html/draft-snijders-constraining-rpki-trust-anchors
for more information.
Tested for a few months.
OK tb@ claudio@
|
|
ok deraadt@, millert@, phessler@
|
|
with "smart home"/IoT devices, which runs over TCP or UDP over v6 over
various physical/network layers (Ethernet, Wifi, or low power lossy
radio-based networks like Thread). req by Jordan Williams ok deraadt
https://csa-iot.org/wp-content/uploads/2022/11/22-27349-001_Matter-1.0-Core-Specification.pdf
|
|
Terminal initialization is usually only needed for hardware terminals,
which are rare these days, and the initialization strings result
in a bunch of extra newlines on pseudo-terminals. OK nicm@
|
|
Terminal initialization is usually only needed for hardware terminals,
which are rare these days, and the initialization strings result
in a bunch of extra newlines on pseudo-terminals. OK nicm@
|
|
|
|
This is for llvm 16; powerpc64 (like some other platforms) needs a
higher datasize limit to build base-clang 16.
ok jca@
|
|
needed to build llvm-16 gnu/usr.bin/clang/include/llvm/AMDGPU
ok jca@
|
|
doesn't fail - new clang is even greedier than the old one.
I picked the value 1500M out of the air, it works for me but could perhaps
be finessed downwards a bit.
(I'm also using 1500M for make build / mkr+mkrx on i386; make -j8 build
is no longer a good idea on i386 ;)
|
|
Suggested by jsing@, ok tb@
|
|
|
|
Reported by jsing@
|
|
user to generate the AMDGPU includes in llvm-16
discussed with deraadt@
|
|
on bugs@.
|
|
Switch "ssl" to "tls" in relayd.conf(5) if you haven't done so in the last
ten years, "ssl" is now an error.
Say "TLS" not "SSL/TLS" and drop the primer in the TLS RELAYS section.
OK benno
|
|
The share/nls/<locale> paths are unused.
ok miod@ deraadt@
|
|
|
|
of software, another one will announce that we should wait for a security
fix. the only winning move is not to play.
|
|
|
|
Print to the console the fingerprint of a newly generated ssh host
key of the preferred type (currently ED25519), typically when booting
for the first time. This simplifies a secure first ssh connection to
a freshly installed machine.
ok deraadt@ kn@, and various for earlier iterations
|
|
RFC8326 Section 4.1.
OK sthen@ phessler@ job@
|
|
new radius_standard module.
|
|
It has been 8 years since DSA keys were disabled by default for
ssh/sshd, and 15 months since ssh-keygen -A belatedly stopped
generating DSA host keys.
ok semarie@ deraadt@
|
|
ok yasuoka@
|
|
|
|
|
|
|
|
|
|
|
|
From Jan Stary
Ok patrick@
|
|
manipulating tape drives -> means gid operator on device nodes). This group
is also used with group-access bit on the setuid-root shutdown command
(mode ug+x,u+s). Some people use this to shutdown/reboot their machines, but
use of that group is giving them disk read access also, which is wrong.
It would be a pain to re-gid all the device nodes, so instead let's renumber
the operator execution gid into group "_shutdown".
Users using this shutdown/reboot functionality will notice it no longer works,
and move themselves to the correct group.
Various choices discussed at large, this seems our best choice.
ok sthen
|
|
|
|
for https (HTTP/3 over QUIC). Add it to /etc/services so that it's included
when /etc/rc populates sysctl net.inet.udp.baddynamic.
suggested by Renauld Allard, ok tb@
|