| Age | Commit message (Collapse) | Author |
|---|
|
OK millert@
|
|
found by "buffer overflow 'anchortypes' 10 <= 12" smatch error
feedback and ok sashan@, ok miod@ on an earlier version
|
|
discussed with markus@
|
|
input deraadt, ok tobhe
|
|
Softdep has been a no-op for some time now, this removes it to get
it out of the way.
Flensing mostly done in Talinn, with some help from krw@
ok deraadt@
|
|
From Stefan R. Filipek, thanks!
|
|
found by "buffer overflow 'peerxfs' 6 <= 6" smatch error
tobhe@ had a remote peer attempt a transform type of 6 and it is caught
by earlier checks before getting here.
ok tobhe@
|
|
found by "snprintf() is printing too much 8192 vs 1024" smatch error
ok tobhe@ stsp@
|
|
bluhm@ pointed out pfctl_net_kill_states() suffers from the
same copy'n'paste typo. Commit combines both fixes.
OK @bluhm, OK @kn
|
|
ok tobhe
|
|
Thus, dhcpleased accept non-calculated checksums which were verified by
hardware/hypervisor.
With tweaks from dlg@
ok bluhm@
mkay tobhe@
|
|
instead of 'broadcasting' replies for 'ikectl show sa' and
similar control requests, we now assign a uniq peerid to each
request and pass this peerid between the processes so the reply
can be sent on the matching connection.
from markus@
|
|
for other generic KMS drivers.
ok jsg@, matthieu@
|
|
proc_forward_imsg() does not need to forward file descriptors so just use
-1 there. In other places shuffle debug messages around or use a helper
variable since imsg_get_fd() can only be called once.
OK tb@ tobhe@
|
|
In this case iked would just silently drop incomming connections.
Thus, the user has a chance to figure out whats going on.
ok tobhe@
|
|
message.
from markus@
|
|
rules found in every anchor. This commit introduces the same behavior
for tables. Command 'pfctl -a "*" -sT' prints all tables attached to
every anchor loaded to pf(4).
Inconsistency has been noticed by Klemens (kn@).
OK @bluhm, OK @kn
|
|
ok jmc@
|
|
optimization. As observed by ali_farzanrad(at)riseup.net, support
for these was broken in the 5.5 release in early 2014 by the time_t
changes. No one noticed before now, so clearly this isn't something
we need to continue to support; rejecting in ffs_validate() is an
improvement.
Also: simplify DIRSIZ(), drop OLDDIRFMT and NEWDIRFMT, tests of
fs_maxsymlinklen against zero, #ifdef tests of FS_44INODEFMT, and
remove support for newfs -O0, last used in 2016.
ok miod@
|
|
|
|
Fixes SA tagging and a possible leak.
from markus@
|
|
|
|
Go ahead florian@ OK tb@
|
|
and breaks because ibuf_seek() now uses rpos itself. Now this is just
ibuf_get_ibuf() with an extra allocation done.
OK tobhe@ tb@
|
|
|
|
This lets dhcpleased(8) request "IPv6-only preferred". If the
server replies with this option dhcpleased stops and does not request
a lease and deconfigures IPv4 on the interface.
For now this is pretty much useless unless one dynamically configures
pf(4) to act as a CLAT. gelatod(8) from ports can help with this.
However, this helps me while hacking on a kernel based stateless CLAT
by moving dhcpleased out of the way while having an IPv6-mostly
network configured to compare behaviour with macOS.
Input jmc
OK phessler
Input & OK sthen
|
|
from markus@
|
|
this can be used to add static entries on interfaces like vxlan(4).
|
|
|
|
with "0x".
Pointed out by Philippe Meunier.
|
|
pcap_dispatch() returns -1 (PCAP_ERROR) or -2 (PCAP_ERROR_BREAK) the
latter is used when a signal is received and is not an error. So limit
the code to log errors to np == -1.
OK semarie@ sashan@
|
|
from dhill@
|
|
using 'flag <part #>' to make a partition the only bootable partition.
Just turn off the bootable bit in the other partitions.
ok dlg@
|
|
.. INT64_MAX decimal values..
Easier to specify the 64 bits of GPT partition attributes and
0x8000000000000000 (a.k.a. MS_NOAUTOMOUNT, a.k.a. 1 << 63)
becomes accessable.
Prompted by bug report and testing by Philippe Meunier. Thanks!
ok dlg@
|
|
from markus@
|
|
OK kn@ jmc@
|
|
pflogd uses blocking bpf reads, but installs a bunch of signal
handlers to handle cleanly closing and (re)opening the log file.
signal() by default sets the handlers up so they're restartable.
this has the effect that when pflogd receives a signal while waiting
in bpfread, the signal handler runs and sets a flag saying the file
should be rotated or closed or whatever, but then the kernel restarts
the read.
when pflogd used a bpf read timeout, pflogd would run it's "event"
loop every time the read timeout expired. this meant even though
the bpf read was restarted, by having the read timeout expire every
500ms the flag the signal handlers set would be processed in a
relatively short period of time.
after moving bpf to a wait timeout, pflogd basically has to wait
for a packet to be captured before the bpf read will return. if
you're trying to kill pflogd on an idle firewall then you're basically
stuck.
making the signal handlers not restartable allows bpfread to fail
with EINTR so pflogd can go around it's even loop and exit as
expected.
reported by Mikhail on bugs@
ok claudio@
pflogd needs a rewrite though.
|
|
|
|
|
|
From Laurie Tratt, ok florian
|
|
for pfctl -f /path/to/pf.conf. Otherwise, if you accidentally use a dir
instead of a file (e.g. if you have an /etc/pf directory and don't notice
the name when tab-completing), you successfully install an empty ruleset.
ok sashan@
|
|
This makes is possible to build the base system with a C99 compiler.
OK deraadt@ mvs@
|
|
the parsing code
|
|
prevent out-of-bounds read in strlen().
ok tb@
|
|
Pointed out by gcc via tb.
rdns_count is validated by all callers of propose_rdns(), so we can
trust it here to be sensible.
While here fix a pasto in an error message.
OK tb
|
|
ipsecctl -m and ipsecctl -s. Refactor ipsecctl_show_*() to setup all
sysctls first before dropping privileges and finally parsing and
printing IPsec SAs and flows.
feedback and ok mbuhl@
ok deraadt@
|
|
They must not be empty, or else creation/unlock fails (and boot loaders
would not be able to abort and drop back to the boot> prompt).
[-p passfile] handles this with "invalid passphrase length", so align
the interactive prompt and retry there.
-s remains a one-shot whilst getting a better error message.
This is user friendlier and fixes the last installer "bug" on my list
wrt. disk encryption where hitting Enter twice at the passphrase prompt
would abort bioctl(8) and thus the installation.
OK deraadt
|
|
It contains the path to the file containing a passphrase;
password reads misleading and was also the only usage of "word" in contrast
to consistent "phrase" usage.
|
|
This cherry-picks upstream git commit
0ee44ef384593ed0382d1ce6048d5a9c9440b45c.
Issue reported by landry@, which could be traced back to a buggy WiFi
driver that would constantly return ENOBUFS. This in turn lead
unwind(8) enter a tight loop through poll / sendto without making any
progress and burning 100% cpu.
OK sthen
I missed to commit this file when commiting to unbound.
Pointed out by tb, thanks!
|
|
|
