| Age | Commit message (Collapse) | Author |
|---|
|
checking counterpart are created the same way.
|
|
section 7.1 for DoT servers.
We are setting the CA cert bundle path (/etc/ssl/cert.pem) directly in
libunbound so we need to losen pledge(2) a bit and allow rpath. At the
same time we unveil only /etc/ssl/cert.pem. We can drop the chroot(2)
since pledge(2) and unveil(2) give us more fine grained isolation.
prodding by tb@.
p.s. for portable it might be necessary to pass in a file descriptor
from the parent, slurp in the file and then use X509_STORE_load_mem()
(pointed out by sthen) in the guts of libunbound.
|
|
with latest command line prompt change.
ok kn@ jmc@, with more improvements inevitable.
|
|
getasciilabel() when getasciilabel() explicitly avoids
changing those fields.
ok otto@
|
|
|
|
pointed out by otto@
|
|
bare minimum /usr for all sets on amd64 is 920M used space, and we need
some more for upgrades, as well as relinking libs and kernels.
OK deraadt@
|
|
revision 1.178 from 23.10.2015 accidentially removed the tflag bits,
turning `-t' into a NOOP.
Found out the hard way during debug.
OK deraadt
|
|
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().
ok tedu florian
|
|
display the disk device whose label is being
edited. Change '>' to '#' when in expert mode.
|
|
ok florian
|
|
|
|
While we are behind a captive portal we have to ask the dhcp provided
resolvers. However it is possible that those resolvers do not like
to talk to unwind because of EDNS0.
Unwind handles this case by closing its listening socket and hands
over to asr. Except for the resolving of the captive portal host which
it still tries to resolve via libunbound.
Turns out there is no need for this we can just use getaddrinfo_async
from asr which then either hits unwind which does the right thing or
unwind closed its listening socket and asr moves on to talk directly
to the dhcp resolvers.
|
|
Fix a regression of revision 1.326 "Zap v4mask and v6mask in host()" which
allowed CIDR networks with more than one "/" to be loaded into tables.
I took care of this code path with regard to rules coming the ruleset
parser, which aborts earlier on such invalid specifications, but missed
`-T add 1/2/3' and the like.
Analyzed and fixed by Petr Hoffmann <petr dot hoffmann at oracle dot com>,
thanks!
OK deraadt
|
|
Brainfart pointed out by tb
|
|
|
|
|
|
users to know the size of the currently used font.
Based on a diff from Artturi Alm, thanks!
OK sthen@, kettenis@, tedu@, jcs@
|
|
only two older cards currently attempt to set this, and it
should not be neccessary anyway;
i've added in a some (commented) info to explain this;
discussed with and ok stsp
|
|
disable this), and provide a little more info on "duration";
some driver-specific notes hopefully to follow...
help/ok stsp
|
|
seeing what is going on.
There is still a lot to do wrt logging but it's not a priority yet.
|
|
|
|
pointless.
Trigger a check
- on startup
- when forwarders change on config reload
- when dhcp provided forwarders change
- on network interface state change
When a check finishes and the checked resolver cannot resolve anything
configure a timer to run another check in the future using an
exponential backoff for the timeout.
|
|
|
|
|
|
of WIP escaped into the wild and broke parsing of domain-search.
Reported by Greg Steuck and Raf Czlonka. Fix tested by Greg.
|
|
We still want to log other causes when failing to open the lease file,
but then do so with a more helpful error message.
ok florian@
|
|
|
|
it would be so much easier.
|
|
Zap insidious trailing space.
|
|
the option data cannot be prepended or appended to. Instead, treat
"prepend" as "supersede" and "append" as "default". This preserves the
safe aspects of current behaviour. Issue a parsing warning when
appropriate to encourage people to fix their configuration files.
Eliminate egregious repeated code by abstracting merge_option_data().
|
|
offending line. It is fruitless to try to position the "^" at a
character more than 80 characters from the start of the line.
|
|
traceroute bits from benno.
ok benno claudio
|
|
|
|
pretty_print_classless_routes(), making both of them local to
options.c.
Avoids a double pretty print of DHO_DOMAIN_SEARCH, eliminates an
unneeded 1024 byte static array.
Shrinks size of upcoming diff to implement parsing of domain search
option in leases and dhclient.conf.
|
|
field being memcpy()'d into.
Tweak DHO_ROUTERS handling to be similar to the other cases populating
proposal->rtstatic, including a warning when things go wrong.
|
|
BIOCSFILDROP used to just be a flag, ie, any non-zero value was
treated the same, but i'm changing it so different values do different
things. this way the programs should keep working even if i decide
to change the values for these macros.
|
|
Only accept a new config reload if it's not currently running and
on accept a config reload end if one is currently running.
OK pamela
|
|
OK pamela
|
|
mean we should no longer trust processes, so we call fatal(x). The
control socket is the exception, where we ignore rather than allow
crashes due to data from the outside.
suggestion/input and OK florian@
|
|
|
|
|
|
input and OK florian@
|
|
going on so use log_warnx to not print a useless 2nd error message.
OK pamela
|
|
instead of an mpe and mpw section, have an MPLS section that talks
about mpe, mpw, and mpip.
|
|
no functional change
|
|
patch from Alessandro dot Gallo at syssegv dot org
|
|
-F or -f is required;
ok krw
|
|
|
|
Left behind in pfctl_parser.h revision 1.91
"First pass at removing the 'pf_pool' mechanism [...]"
These functions don't exist anymore, no object change.
OK procter
|
