| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
Being two different cryptographic primitives, it is clear that there must
be some differences between RSA and EC keygen, but they don't have to be
entirely different. We need to set the key type, RSA needs a bit size and
ECDSA needs a curve. That's all the differences there need to be.
Garbage collect a few useless elses and avoid two exit labels paths where
one would do just fine.
As another small bonus, this file no longer uses "deprecated API", so the
portable fork can get rid of an ugly openssl 3 patch if they want to.
ok florian
|
|
|
|
Using imsg for the "proc" table (external programs) has proven quite
painful in practice since a lot of smtpd internals (structs, enums,
etc..) have to be kept in sync with the various tables implementations.
Instead, a filter-like protocol for tables decouples the implementations
and allows to write and test tables easily.
The new text-based transport protocol is documented in the (added)
smtpd-tables(7) manpage.
The old imsg protocol is no longer supported and existing tables have to
be converted. In particular, users of opensmtpd-extras tables will need
install the new opensmtpd-table-* packages.
With lots of suggestions and improvements from gilles and a tweak
from Philipp (philipp+openbsd [at] bureaucracy [dot] de), thanks!
ok gilles
|
|
|
|
|
|
|
|
The file parser splits the line on the ':' character too for key-value
tables, and so mis-parses IPv6 addresses. The "::1 localhost" example
in table(5) is actually parsed as key "" and value ":1 localhost".
For list tables, the "# @list" marker can be used as a workaround, but
for key-valued the parser has to be fixed.
There are also some weird edge cases when splitting the lines.
Now the parser always splits on the first whitespace or colon, and then
strips the spaces. For lines starting with '[' the parser will jump to
the matching ']' before attempting to split. So, for example:
[::1]:localhost becomes "[::1]" -> "localhost"
[::1] example.org becomes "[::1]" -> "example.org"
foo: bar becomes "foo" -> "bar"
foo::bar becomes "foo" -> ":bar"
foo : bar becomes "foo" -> ": bar"
etc...
This only affects the parser for file table(5)s and makemap(8). Inline
tables or "proc" tables are unaffected.
ok gilles@
|
|
The -r option can be used to limit the output of 'vmctl status' to only
running VMs. This is useful for machines that have a large number of
stopped VMs, as the running ones are printed at the top by default and
previously required scrolling back to see the list of running VMs, and/or
using 'grep RUNNING'.
There is no change for users not using -r.
ok dv
|
|
the existing format (with Z). From espie.
|
|
Issue reported by job
OK tb, job
|
|
There's no need to distinguish the "first" time running a vcpu from
the subsequent times because vmm(4) uses in-kernel state tracking
the last vm exit reason to optimize the logic for updating vcpu
registers from userland. While here, clean up the DPRINTF's to make
the Intel VMX logic similar to the AMD SVM.
ok mlarkin@
|
|
Leftover from when RFC 8555 support was added.
ok florian
|
|
segfault reported by sthen, which was most likely caused by buf_dump().
OK tb
|
|
|
|
OK tb@
|
|
There is no need to have an easy knob to get outdated or crappy
implementations to limp along. Instead the various default on
capabilities just need to be disabled (e.g. announce as-4byte no).
OK tb@
|
|
Pointed out by kn, missed in previous.
|
|
OK phessler, kn
(Committing from a ferry somewhere on the English channel. Sadly the
free WiFi does not provide IPv6.)
|
|
ok tb@
|
|
spotted by jsg
|
|
ok claudio
|
|
a down of an idle connection will properly stop the session.
OK tb@ (as part of larger diff)
|
|
Also make sure that something is logged when a session is stopped.
Part of a bigger diff which was OK tb@
|
|
attribute error.
BGP more and more relies on capabilities, automatically clearing them
all no longer seems the right choice. Now operators need to adjust the
config explicitly to allow such connections.
From a larger diff which is OK tb@
|
|
Also clean up the externs a little bit by moving experimental and noop
to extern.h.
Reminded by and OK tb@
|
|
RFC-to-be draft-ietf-sidrops-cms-signing-time updates RFC 6488 by
mandating the presence of the CMS signing-time attribute and disallowing
the use of the CMS binary-signing-time attribute in RPKI Signed Objects.
The ecosystem has behaved this way for a number of years now.
Flip from warning to erroring for non-compliant objects.
OK tb@
|
|
RFC 6487 section 8 specifies only a single CRL is issued at a time, so
error when multiple .crl files are listed in a Manifest's FileList.
The CRLDP extension identifies the location of the CRL, so the CRL's
filename must match the CA's CRLDP's 'rsync://' entry, error if that
isn't the case. (RFC 6486 section 4.8.6)
with & OK tb@
|
|
issue reported by tech3599 at posteo net via henning;
discussed with/ok henning
|
|
ok job
|
|
OK tb@
|
|
OK tb@ job@
|
|
This fixes a problem in passing, reported by matthieu@ where httpd
would return 500 Internal Server Error when it could stat(2) but not
open(2) a file. The correct error code is 403.
testing matthieu
ok tobhe, tl;dr ok stsp
input & OK deraadt
|
|
OK tb@
|
|
This reduces the diff when doing updates considerably.
No change in .o files.
Much help & OK sthen
|
|
|
|
|
|
sparc64 built test by tb
OK tb, sthen
|
|
|
|
(yes I know there is a newer one, I'll update on top)
|
|
stdin, stdout, stderr are reserverd. They should point to a terminal,
a redirect file or pipe, or /dev/null. Closing them and allocating
arbitrary files in those places is not good. Call closefrom with
4 to keep /dev/null open in snmpd_metrics.
OK martijn@
|
|
OK tb@
|
|
Fixes: https://github.com/openbgpd-portable/openbgpd-portable/issues/77
ok claudio
|
|
|
|
ctl_convert still had old logic assuming disk sizes were in MiB and
not bytes, causing an attempt to create a new disk using the '-i'
argument to generate impossibly large output disk images (e.g. 1 MiB
ends up 1 TiB).
Reported by and diff from Jesper Wallin.
|
|
last_sent_errcode is now cleared late (when state changes to ESTABLISHED)
and so notifications sent in the OPEN phase would be dropped after the
first incident. Using the session state to know if sending a message is
possible seems more robust and is what session_stop() uses as well.
For now log the notification which are not sent as 'dropping' to see how
often this happens.
OK tb@
|
|
In order to continue work on mmio and other instruction emulation,
vmd(8) needs the ability to inject exceptions (like page faults)
from userland.
Refactor the way events are injected from userland, cleaning up how
hardware (external) interrupts are injected in the process.
ok mlarkin@
|
