| Age | Commit message (Collapse) | Author |
|---|
|
since that one is kept.
OK tb@
|
|
OK tb@
|
|
OK tb@
|
|
Instead use struct auth_config and struct auth_state in the pfkey calls
and those tcp_md5 calls where it matters.
This is preparation work to allow RTR to use TCP MD5 as well.
OK tb@
|
|
Mainly handle unknown ext-communities better and handle the special
case of type == -1.
OK tb@
|
|
before calling connect(). This way it happens for sure and on top the TOS
is already set on the initial SYN.
OK tb@
|
|
OK input lucas
|
|
ok claudio
|
|
ok claudio
|
|
|
|
ok sthen, florian
Committing on behalf of jmc as requested.
|
|
|
|
First of all warn that a prefix was dropped. In the generate an update
code handle possible overflows of attributes and NLRI and withdraw the
affected prefix. This way the peer will not have stale data.
OK tb@
|
|
than the immediate +0.1. print an https://ftp.openbsd.org/... URL where
the new signify pubkey can be found if not present.
no guarantees: we only test +0.1, but jumping further does work quite
often (and if tight on disk, can work better than multiple steps) -
this avoids editing the script if you're going to do it anyway.
"Only upgrades from one version to the next are tested. Skipping
versions may work. Downgrading is unlikely to work."
discussed with deraadt chris florian, ok deraadt
|
|
|
|
- simpler tense
- fix the -width parameter
- add -nosplit to AUTHORS
|
|
Document the shutdown behaviour for vmd(8). Suggested via bugs@
via eric at mulh.net.
ok jmc@, bluhm@
|
|
The default is to install the next release. Snapshots are only
installed when invoked with -s.
The logic on what to do per default got out of hand and it was very
difficult to reason about what sysupgrade(8) actually did. deraadt@
then suggested that we should dumb it all down, sysupgrade(8) is there
to upgrade from one release to the next. More advance usage needs to
be requested by the user.
With all this simplification we can now be a bit more smart to work
out what the next release is. With that, snapshots right before a
release can be sysupgrade(8)'ed to the official release.
OK sthen on a previous version that was much more complicated but
allowed shortly-before-release -> release upgrade
testing sthen on this version
Guidance, prodding & OK deraadt
|
|
ok benno@
|
|
|
|
|
|
claudio agress
|
|
requested by tb@
|
|
|
|
OK claudio@
|
|
This extends the zic input format to add support for %z, which
expands to a UTC offset in as-short-as-possible ISO 8601 format.
It's intended to better support zones that do not have an established
abbreviation already. tzdata2024b and higher require a version of
zic that supports the %z format. From upstream tzcode. OK beck@
|
|
from hshoexer@; OK mlarkin@
|
|
|
|
|
|
congestion.
|
|
missing when disconnecting all when acct-{on,off} received.
|
|
|
|
The CRL number draft clarified what ignoring means and it includes checking
that the CRL number is well-formed again. So do this but continue to ignore
the value for any other purpose. This refactors x509_convert_seqnum() into
a couple of helpers. There's some duplication between crl_check_crl_number()
and crl_parse_crl_number() which could be removed if anyone cares.
tweaks/ok job
|
|
To launch a guest with AMD SEV enabled, vmd needs to do a few things:
- retrieve ASID used by guest on VM creation
- provide ASID to psp(4)
- let psp(4) encrypt memory used intially by guest
- run guest
- release resources held by psp(4) on guest shutdown
To enable SEV for a guest use the parameter "sev" in the guest's vm
section in vm.conf.
from hshoexer@; OK mlarkin@
|
|
|
|
ok job
|
|
Again malloc(0) is not portable and calling memcpy with a NULL pointer
and a 0 length is not allowed by the C standard.
OK tb@
|
|
Calling malloc / reallocarray with a 0 size is not portable and the
memcpy with a possible NULL pointer as source and 0 len is seen as UB
by newer C standards (grmbl).
OK tb@
|
|
OK tb@
|
|
An announce PDU requires at least one provider ASnum while a withdraw
must not include any provider ASnums. The first is mandated by the ASPA
profile and the 2nd by the 8210bis draft.
Further cleanup some leftovers from the old per-AFI split of ASPA.
OK tb@
|
|
extra security measures of recallocarray() which adds a lot of overhead.
OK tb@
|
|
Just drop the attribute if received from an external peer.
Treat as withdraw if the len is 0 or not % 4.
OK tb@
|
|
imsg_get_data() does the same and produces the same error.
OK tb@
|
|
OK tb@
|
|
|
|
From Christian Ludwig.
|
|
|
|
diff originally from peter n. m. hansteen
ok ajacoutot
|
|
prompted by mail from illya meyer
ok gilles
|
|
(it is, but only for root, which i'll address in separate commit);
ok mp gilles
|
