| Age | Commit message (Collapse) | Author |
|---|
|
Turns out that registry at https://www.iana.org/assignments/as-numbers/as-numbers.xml
is an incomplete one, where only 'new' assignments are listed. In the
past this registry used to list all ASNs, but the RIRs asked IANA to
revert to not being very detailed...
There is another source of truth, the 'nro-delegated-stats' file at
https://ftp.ripe.net/pub/stats/ripencc/nro-stats/latest/nro-delegated-stats
this is updated daily and composed of information from each RIR.
Summary of changes:
* LACNIC manages a more ASNs than previously known:
- allow those ASNs for LACNIC
- deny those for RIPE, APNIC, ARIN
* AFRINIC's allow list was good (compared to nro-delegated-stats), but the
full set of AfriNIC ASNs wasn't denylisted for RIPE, ARIN, APNIC.
OK tb@
|
|
with Allwinner SoCs and the presence of this particular miniroot is making
it hard to update U-Boot.
ok jsg@
|
|
|
|
|
|
|
|
For sshd (the only relinked program at the moment), this file is created
in an extremely nasty way. It'll be better if we have a proper clean
install.sh script, which I've built for sshd. But let's first commit the
change to /etc/rc which will handle that in the near future.
ok djm
|
|
|
|
LACNIC received a new block of ASNs from IANA
https://mail.lacnic.net/pipermail/lacnog/2024-March/009690.html
OK tb@
|
|
when we manually edit this file we forget that.
noticed by naddy
|
|
|
|
|
|
OK deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OK tb@
|
|
from Kirill Miazine, thanks.
|
|
|
|
Fixes build in src/gnu/usr.bin/clang/include/llvm/AMDGPU.
OK semarie@
|
|
Following https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html
Simply apply the inverse of 'afrinic.constraints' r1.2 to the other RIR files
(since no resources can be transferred from AFRINIC to any other RIRs).
OK tb@
|
|
OK tb@
|
|
12 factors apps and similar don't daemonize and are thus vulnerable to
receiving a SIGHUP signal at the end of /etc/rc. Shield them by running
them in a different process group. Do this only for services that need
rc_bg=Yes, as suggested by ajacoutot@
There have been several reports about this issue in the past years, the
last one being from edd@ who successfully tested this fix. Input from
several folks, ok sthen@ ajacoutot@
|
|
|
|
Today AFRINIC clarified its actual current resource holdings by issuing
a new CA certificate in response to a report on overclaiming:
https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html
OK tb@
|
|
carved out of a larger block assigned to RIPE NCC
OK tb@
|
|
See https://datatracker.ietf.org/doc/html/draft-snijders-constraining-rpki-trust-anchors
for more information.
Tested for a few months.
OK tb@ claudio@
|
|
ok deraadt@, millert@, phessler@
|
|
with "smart home"/IoT devices, which runs over TCP or UDP over v6 over
various physical/network layers (Ethernet, Wifi, or low power lossy
radio-based networks like Thread). req by Jordan Williams ok deraadt
https://csa-iot.org/wp-content/uploads/2022/11/22-27349-001_Matter-1.0-Core-Specification.pdf
|
|
Terminal initialization is usually only needed for hardware terminals,
which are rare these days, and the initialization strings result
in a bunch of extra newlines on pseudo-terminals. OK nicm@
|
|
Terminal initialization is usually only needed for hardware terminals,
which are rare these days, and the initialization strings result
in a bunch of extra newlines on pseudo-terminals. OK nicm@
|
|
|
|
This is for llvm 16; powerpc64 (like some other platforms) needs a
higher datasize limit to build base-clang 16.
ok jca@
|
|
needed to build llvm-16 gnu/usr.bin/clang/include/llvm/AMDGPU
ok jca@
|
|
doesn't fail - new clang is even greedier than the old one.
I picked the value 1500M out of the air, it works for me but could perhaps
be finessed downwards a bit.
(I'm also using 1500M for make build / mkr+mkrx on i386; make -j8 build
is no longer a good idea on i386 ;)
|
|
Suggested by jsing@, ok tb@
|
|
|
|
Reported by jsing@
|
|
user to generate the AMDGPU includes in llvm-16
discussed with deraadt@
|
|
on bugs@.
|
|
Switch "ssl" to "tls" in relayd.conf(5) if you haven't done so in the last
ten years, "ssl" is now an error.
Say "TLS" not "SSL/TLS" and drop the primer in the TLS RELAYS section.
OK benno
|
|
The share/nls/<locale> paths are unused.
ok miod@ deraadt@
|
|
|
|
of software, another one will announce that we should wait for a security
fix. the only winning move is not to play.
|
|
|
|
Print to the console the fingerprint of a newly generated ssh host
key of the preferred type (currently ED25519), typically when booting
for the first time. This simplifies a secure first ssh connection to
a freshly installed machine.
ok deraadt@ kn@, and various for earlier iterations
|
|
RFC8326 Section 4.1.
OK sthen@ phessler@ job@
|
