| Age | Commit message (Collapse) | Author |
|---|
|
|
|
From Mikhail <mp39590@gmail.com>
|
|
compiling.
Use a couple of local 'struct prt' variables to make MBR_init()
easier to read.
No functional change.
|
|
|
|
easier to read.
No functional change.
|
|
|
|
|
|
|
|
from jmc
|
|
correct "cast" in ipsec.conf.5 to "cast128", add missing
"chacha20-poly1305", and sync iked.conf.5 and ipsec.conf.5 some
places.
ok jmc sthen
|
|
ok jmc sthen
|
|
There since 1998, probably dead long before.
"I am sure swabips died before you were born." deraadt
|
|
|
|
Fail early and exit non-zero immediately instead of indicating success and
possibly carrying the next ifconfig command.
Found at install when wifi interfaces are reset with "-nwid -nwkey -wpa":
Which network interface do you wish to configure? (or 'done') [bse0] bwfm0
ifconfig: SIOCS80211NWKEY: Operation not supported by device
Access point? (ESSID, 'any', list# or '?') [any] 2
Security protocol? (O)pen, (W)EP, WPA-(P)SK [O]
bwfm(4) currently does not support WEP.
OK stsp
|
|
instead of having it on the stack. Adjust code accordingly.
|
|
partition 0 information from the default MBR.
loongson and macppc provide partition 0 information but no boot code.
amd64, i386, landisk provide boot code but no partition 0 information.
Other arch's get by w/o a default MBR (a.k.a. /usr/mdec/mbr).
No functional change.
|
|
out of date: remove it (sthen) and add a pointer to -C (dlg);
ok sthen
|
|
There is no requirement other than replying to client port 68/udp
as per RFC 2131, so drop the 67/udp check.
Same conclusion from florian
Reported and tested by Roc Vallès < vallesroc AT gmail DOT com>, thanks!
|
|
ok benno@ dlg@
|
|
protocols for a single policy, e.g. "proto { ipencap, ipv6 }".
feedback and ok benno@
ok patrick@
|
|
The generated route message is not at all resolvd(8) specific.
Mention how unwind(8) reacts to proposals as well.
"Broadcast" wording deraadt jmc
OK millert
|
|
OK deraadt
|
|
Issue reported by Kristof Provost from FreeBSD.
[ https://reviews.freebsd.org/D32488 ]
In order to fix the issue we must delay '$nr' macro
expansion after optimizer collapses ruleset.
OK kn@
|
|
|
|
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
|
We document them as explicitly required, `unwind -dnvf...' spits them
out like this and the last `force' example uses them as well.
|
|
Ramdisk kernels lack support for alternate routing tables,
so "-T N" for N > 0 always fails.
"route -T0 exec" is just a useless "exec", so zap it completely.
OK benno
|
|
(200ms) to answer before trying the next strategy. However, we need to
skip strategies that are not available. In the default configuration,
without a config file unwind(8) would give DoT 200ms more time, but no
DoT forwarders are known, so this is useless.
OK kn
|
|
|
|
r1.91 added tags for all commands, but "del[ete]" is special in that
mandoc(1) will generate a tag for "del" only.
Add an explicit for the full command to fix this.
|
|
|
|
|
|
parse_config() handle the case of defaults. This prevents the resolver
process from spinning up resolver strategies before the config has
been parsed and tearing them down immediately after if they are not
listed in the config files preferences section.
OK kn
|
|
An unwind.conf like the following would still query forwarders,
both "." periodically and any explicit "example.com." queries:
preference { recursor autoconf stub }
forwarder { 2001:db8::1 }
force accept bogus forwarder { example.com. }
That's because the forwarder and resolver children processes start with
the default configuration and main later sends them the effective user
configuration; merging them, however, would ignore the list of enabled
resolvers, i.e. those listed in the `preference {}' block and thusly
cause children to always have all forwarders enabled (as is by default).
Copy the resolvers list during merge to fix this and restore expected
behaviour.
(Noticed during tests with "forwarder" temporarily removed from
`preference {}' while leaving the rest as is: my VPN interface serving
that forwarder showed DNS traffic while it was supposed to be silent.)
OK florian
|
|
algorithm is gone. Reomve all LZS references from the tree. The
v42bis in isakmpd also looks unsupported.
OK mvs@ patrick@ sthen@
|
|
ok benno
|
|
an accessor instead of reaching directly into the struct.
ok benno
|
|
-l, -c/-h/-s or DIOCGPDINFO) should be enough for anyone.
|
|
Problem reported by Guy Godfroy on bugs, thanks!
|
|
"rpath wpath" from the pledge() invocation. Makes default_dmbr information
available to DISK_open().
No intentional functional change.
|
|
disk.
The decoded values were overwritten by an invocation of PRT_fix_CHS() before
they were used.
|
|
optimistic alignment expectations" when extracting a uint32_t field from a
packed struct.
r1.70 (March 2015) removed one of the two #if 0 chunks, realizing there was no
real gain to be had even if various compilers were ever able to intuit the
expected alignment.
Belatedly nuke the other #if 0 chunk and always memcpy() the uint32_t values out
of the struct.
|
|
functions that take "char *" arguments. Where such chars are
assigned to int or passed to ctype functions, explicitly cast them
to unsigned char.
For OpenBSD's clang, -Wpointer-sign has been disabled by default,
but when the parse.y code was built elsewhere, the compiler would
complain.
With help from millert@
ok benno@ deraadt@
|
|
No-one is going to build this with OpenSSL 0.9.7 or earlier, so we
can remove this code.
ok bluhm sthen (as part of a larger diff)
|
|
All this does is a call to OpenSSL_add_all_algorithms(), which is
no longer needed since libbcrypto initializes itself.
ok bluhm sthen (part of a larger diff)
|
|
Those architectures needing either MBR boot code (amd64, i386,
landisk) or special boot partitions (macppc, loongson) have long
used /usr/mdec/mbr to provide that information.
Other architectures should not blindly write i386/amd64 boot code
into the MBR.
Fail quickly if the desired default MBR file is missing.
Prompted by deraadt@, tweak from kettenis@.
|
|
Without this change the responder would always prefer the first DH
group configured in its policy. This would lead to invalid KE
messages that cause an additional exchange which old
implementations do not support correctly. Now we ignore the order
of DH groups in the policy and prefer the group from the policy
that matches the KE payload.
from markus@
ok patrick@
|
|
ok patrick@
|
|
Two statements on one line may have seemed clever but now it's
just confusing.
No functional change.
|
|
ok millert
|
