tb [Thu, 7 Jul 2022 17:12:15 +0000 (17:12 +0000)]
Make CBB_finish() fail if *out_data is not NULL
Contrary to CBS_stow(), CBB_finish() will leak, so ensure we fail if
*out_data is populated.
Discussed with & ok jsing
tb [Thu, 7 Jul 2022 17:09:45 +0000 (17:09 +0000)]
Initialize hkdf_label to NULL.
Needed for an upcoming diff adding a NULL check to CBB_finish().
ok jsing
tb [Thu, 7 Jul 2022 17:08:28 +0000 (17:08 +0000)]
Use a local bits variable to avoid ugly line break due to nested function
calls.
ok jsing
claudio [Thu, 7 Jul 2022 13:55:52 +0000 (13:55 +0000)]
Skip dmetric related code for the Adj-RIB-Out since there is no decision
process there.
OK tb@
mpi [Thu, 7 Jul 2022 13:52:20 +0000 (13:52 +0000)]
Revert previous attempt at serializing `uo_refs'.
It is incorrect to look at/modify `uo_refs' without lock in uvm_vnp_sync().
However sleeping is not possible and spinning introduces a deadlock with the
KERNEL_LOCK() when another thread faults on a mmaped region related to a
vnode we're currently synching.
A proper fix should be investigated. For now a kown a race, mostly safe due
to the KERNEL_LOCK(), is better than a possible deadlock.
Issue reported by caspar@
Discussed with and ok semarie@
claudio [Thu, 7 Jul 2022 13:40:27 +0000 (13:40 +0000)]
Adjust to new bgpctl output
tb [Thu, 7 Jul 2022 13:20:12 +0000 (13:20 +0000)]
Use the security level knob in the test script.
from beck
tb [Thu, 7 Jul 2022 13:12:57 +0000 (13:12 +0000)]
Only run tests against ciphers supported by the method.
tb [Thu, 7 Jul 2022 13:11:45 +0000 (13:11 +0000)]
Add some minimal regress coverage for the security level.
From beck
tb [Thu, 7 Jul 2022 13:10:22 +0000 (13:10 +0000)]
Make the ssltest security level aware.
From beck
tb [Thu, 7 Jul 2022 13:05:40 +0000 (13:05 +0000)]
sync
tb [Thu, 7 Jul 2022 13:05:13 +0000 (13:05 +0000)]
Bump libtls minor after libcrypto and libssl minor bump
tb [Thu, 7 Jul 2022 13:04:39 +0000 (13:04 +0000)]
Unifdef LIBRESSL_HAS_SECURITY_LEVEL and remove some workarounds
that are no longer needed now that libcrypto exposes the necessary
security-bits API.
ok jsing
tb [Thu, 7 Jul 2022 13:03:53 +0000 (13:03 +0000)]
Bump minor after symbol addition
tb [Thu, 7 Jul 2022 13:03:20 +0000 (13:03 +0000)]
Update Symbols.list
ok jsing
tb [Thu, 7 Jul 2022 13:02:59 +0000 (13:02 +0000)]
Expose security level symbols and error codes in the headers.
ok jsing
tb [Thu, 7 Jul 2022 13:02:11 +0000 (13:02 +0000)]
bump minor after symbol addition
tb [Thu, 7 Jul 2022 13:01:51 +0000 (13:01 +0000)]
Update Symbols.list
ok jsing
tb [Thu, 7 Jul 2022 13:01:28 +0000 (13:01 +0000)]
Expose new API in headers.
These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.
ok jsing
claudio [Thu, 7 Jul 2022 12:38:19 +0000 (12:38 +0000)]
Properly break out of the loop setting the PREF flags.
claudio [Thu, 7 Jul 2022 12:20:50 +0000 (12:20 +0000)]
Adjust prototype of dummy rde_generate_updates() function
claudio [Thu, 7 Jul 2022 12:17:57 +0000 (12:17 +0000)]
Print dmetric for prefixes, this may still change in the future.
OK tb@
claudio [Thu, 7 Jul 2022 12:16:04 +0000 (12:16 +0000)]
Introduce a decision metric (dmetric) that classifies the relation of
this prefix with respect to its previous one.
Currently the plan is to distinguish the best prefix (only one), ecmp
prefixes (currently the same as as-wide-multipath), as-wide-multipath
prefixes, valid prefixes and invalid prefixes.
This information will be used to implement add-path send but also for
ecmp support in bgpd.
OK tb@
tb [Thu, 7 Jul 2022 11:40:17 +0000 (11:40 +0000)]
Switch ssltest to using the newly generated certs that use SHA-256 instead
of SHA-1. This helps the switch to security-level aware ssltest.
From jsing
claudio [Thu, 7 Jul 2022 10:46:54 +0000 (10:46 +0000)]
Refactor the code that generates updates so that up_generate_updates is
only called in one spot.
rde_generate_updates() gets a enum eval_mode argument to discern
the different cases. peer_generate_update() uses the eval_mode to skip
the update if it is not needed.
While there also add an extra AID check in IMSG_REFRESH case to make sure
the requested AID is actually available for this peer.
OK tb@
claudio [Thu, 7 Jul 2022 10:40:25 +0000 (10:40 +0000)]
Handle strange format strings better.
Make sure that the allocated buffers are not zero sized even for an empty
format string. Also do not call strftime if the buffer is empty. The return
value of strftime does not distinguish between an empty format string and
an overflow of the output buffer. Finally auto scale the size of the outbuf
in case strftime fails. Some format specifiers expand to 25 and more chars
so it is hard to guess in advance what size is required.
This may waste some memory but it keeps the code as simple as possible.
OK tb@
stsp [Thu, 7 Jul 2022 07:48:45 +0000 (07:48 +0000)]
remove a DPRINTF() from iwm(4) which no longer makes any sense
The conditions under which this debug message should trigger were
changed in r1.330 (cvs commit RcatFKLXoHUopLvW), which removed a
txd_done() call located before txq_advance(). The mbuf for the
most recently completed frame will no longer be NULL on entry.
Prompted by a question from waddlesplash at haiku-os.
daniel [Thu, 7 Jul 2022 00:56:46 +0000 (00:56 +0000)]
retire NexGen CPU identification code
On OpenBSD/i386 we only support Pentium compatible CPUs with an FPU.
The NexGen CPUs probably don't meet this requirement so remove the
small amount of support code to identify this brand of CPU.
The Nx586 "P" models did not include an FPU as they were expected
to be paired with an Nx587 FPU (which was never officially released).
The Nx586 "FP" models did include an FPU, but even these are allegedly
386 clones and not Pentium compatible. According to some websites,
486 instructions were emulated via hypercode. However the 486
instruction emulation was only enough to run applications and wasn't
good enough to run an OS that needs newer 486 and Pentium instructions.
Finally, while our current code references the "Processor Recognition
Application Note", we only implement the half of the documented
algorithm to detect NexGen CPUs. We don't implement the second half
of the algorithm to check for the vendor string "NexGenDriven" on NexGen
CPUs that support the CPUID instruction (like the Nx586-P120 and Nx586-P133).
ok jsg@
schwarze [Wed, 6 Jul 2022 17:19:57 +0000 (17:19 +0000)]
For accessibility, label the last two widgets in the search form.
Patch from Anna Vyalkova <cyber at sysrq dot in>, significantly tweaked by me.
schwarze [Wed, 6 Jul 2022 16:02:52 +0000 (16:02 +0000)]
https://w3.org/WAI/ARIA/apg/practices/names-and-descriptions/ says:
"Start names with a capital letter;
it helps some screen readers speak them with appropriate inflection."
Anna Vyalkova already did that correctly when sending patches,
but i ruined it when committing, so fix it now.
schwarze [Wed, 6 Jul 2022 15:47:10 +0000 (15:47 +0000)]
improve the description of header.html and footer.html
schwarze [Wed, 6 Jul 2022 15:25:22 +0000 (15:25 +0000)]
assign the ARIA role "doc-subtitle" to the .Nd element;
discussed with Anna Vyalkova <cyber at sysrq dot in>
schwarze [Wed, 6 Jul 2022 14:27:54 +0000 (14:27 +0000)]
While the HTML standard allows multiple <h1> elements in the same
document, <h1> is intended for top level headers, and most of the
sections in a manual page can hardly be considered top-level.
It is more usual to use <h1> only for the main title of the document
of for the site name.
Consequently, move .Sh/.SH from <h1> to <h2> and .Ss/.SS from <h2>
to <h3>, freeing <h1> for use by header.html in man.cgi(8).
Discussed with Anna Vyalkova <cyber at sysrq dot in>.
espie [Wed, 6 Jul 2022 09:42:15 +0000 (09:42 +0000)]
missed one PERMIT_PACKAGE_* -> PERMIT_PACKAGE
nicm [Wed, 6 Jul 2022 08:40:52 +0000 (08:40 +0000)]
Show config errors on attach if they were not shown when the session
was created.
nicm [Wed, 6 Jul 2022 08:32:28 +0000 (08:32 +0000)]
Remove debugging code.
nicm [Wed, 6 Jul 2022 08:31:59 +0000 (08:31 +0000)]
Defer reading from control client until the command line command has
completed.
claudio [Wed, 6 Jul 2022 07:59:03 +0000 (07:59 +0000)]
More ts(1) cleanup. Change main loop so that in interval mode only one
clock_gettime call is used resulting in more precise interval times.
Move the localtime call to fmtfmt() and rename the variable for the
micorsecond string to us.
Based on work done by cheloha@
OK job@ and cheloha@
nicm [Wed, 6 Jul 2022 07:51:37 +0000 (07:51 +0000)]
Mention whether time is creation/activity for sort orders.
nicm [Wed, 6 Jul 2022 07:36:36 +0000 (07:36 +0000)]
Support hyperlinks with capture-pane -e and add a mouse_hyperlink
format, GitHub issue 3247 from Jeff Chiang.
daniel [Wed, 6 Jul 2022 02:09:05 +0000 (02:09 +0000)]
update countres and capitals in quiz(6)
Changes:
- update country and capital names that have changed in recent years
- remove the formal prefix from South Africa for consistency with other
country names
- add additional capitals for countries with multiple capitals
- add "The" as optional prefix for The Gambia and The Bahamas
- add missing suffix "City" to a few capitals
- add many missing countries
NetBSD appears to have also added territories which I've not added in this
update.
The removal of The Hague for The Netherlands was taken from NetBSD and
confirmed by otto@
The duplicate Turkey and Georgia entries have not been touched.
Prompted by a diff by Ben Fuller, who also provided much helpful feedback.
schwarze [Tue, 5 Jul 2022 21:25:23 +0000 (21:25 +0000)]
Finally get rid of the archaic <table> markup for header and footer lines
and use flexbox CSS instead. Improve accessibility by adding role
and aria-label attributes to these header and footer lines.
Using ideas from both Anna Vyalkova <cyber at sysrq dot in> and myself.
As a welcome side effect, this also resolves the long-standing issue
that the rendering was always 65em wide, requiring horizontal scrolling
when the window was narrower. Now, rendering nicely adapts to browser
windows of arbitrary narrowness.
tb [Tue, 5 Jul 2022 20:31:46 +0000 (20:31 +0000)]
Add missing X509_V_ERR_ strings using the ones from OpenSSL.
The well-known masters of consistency of course use strings that don't
match the names of the errors.
ok jsing
tb [Tue, 5 Jul 2022 16:14:18 +0000 (16:14 +0000)]
Use secop instead of op everywhere
tb [Tue, 5 Jul 2022 16:05:18 +0000 (16:05 +0000)]
Pull setting of is_ee out of the function calls to appease scan-build
visa [Tue, 5 Jul 2022 15:06:16 +0000 (15:06 +0000)]
Remove old poll/select wakeup mechanism.
Also remove unneeded seltrue() and selfalse().
OK mpi@ jsg@
schwarze [Tue, 5 Jul 2022 14:03:35 +0000 (14:03 +0000)]
Somehow, the content of header.html ended up
before and outside the <header> element.
Fix this by moving it into the <header> element where it belongs.
While here, also wrap footer.html in a <footer> element.
tb [Tue, 5 Jul 2022 09:33:39 +0000 (09:33 +0000)]
Missing header change that should have gone with xhci_acpi.c r1.8
from kettenis via patrick
kn [Tue, 5 Jul 2022 08:14:12 +0000 (08:14 +0000)]
Stick with just "interfaces and bridges"
Drop the Xr to bridge(4) since it isn't handled specially and there's also
veb(4) around.
OK jmc
anton [Tue, 5 Jul 2022 04:49:02 +0000 (04:49 +0000)]
cope with ASN1_TIME_set_string_X509() rename
jsg [Tue, 5 Jul 2022 02:47:05 +0000 (02:47 +0000)]
workaround link training problems on s3 resume with alder lake
The firmware from multiple lenovo alder lake machines claim there are
two eDP ports in the video bios table (VBT).
Which results in link training problems on resume from S3 with the
screen continually turning on and off. Forcing port B to not be
recognised as eDP works around this. I believe port A is the normal eDP
port.
https://gitlab.freedesktop.org/drm/intel/-/issues/5531
https://gitlab.freedesktop.org/drm/intel/-/issues/4950
kettenis [Mon, 4 Jul 2022 20:03:15 +0000 (20:03 +0000)]
Add support for the dual role controllers integrated on the Qualcomm
Snapdragon 8cx gen 3 SoC.
ok patrick@
miod [Mon, 4 Jul 2022 19:06:10 +0000 (19:06 +0000)]
Use destination buffer size as strlcpy() bound, not source; harmless here for
both sizes are equal.
ok kettenis@
cheloha [Mon, 4 Jul 2022 17:29:03 +0000 (17:29 +0000)]
ts(1): the first argument to clock_gettime(2) is a clockid_t, not an int
schwarze [Mon, 4 Jul 2022 16:20:09 +0000 (16:20 +0000)]
Improve accessibility of man.cgi(8) in various respects,
in particular adding <header>, <main>, and <nav> elements
and role and aria-label attributes in several places.
Patch from Anna Vyalkova <cyber at sysrq dot in>,
minimally tweaked by me.
schwarze [Mon, 4 Jul 2022 15:45:27 +0000 (15:45 +0000)]
Repair "make man.cgi" which got accidentally broken in the previous
commit to the Makefile. The man.cgi binary now uses roff_escape.o, too.
tb [Mon, 4 Jul 2022 14:39:43 +0000 (14:39 +0000)]
The OpenSSL API is called ASN1_TIME_set_string_X509() (uppercase x)
schwarze [Mon, 4 Jul 2022 14:37:14 +0000 (14:37 +0000)]
Put the HTML comment containing the Copyright header (if any)
between the <head> and the <body> rather than before the <head>
because the <meta charset="utf-8"/> element ought to be within
the first 1024 bytes of the HTML code.
Issue found with validator.w3.org.
tb [Mon, 4 Jul 2022 12:31:55 +0000 (12:31 +0000)]
Bump to LibreSSL 3.6.0
tb [Mon, 4 Jul 2022 12:23:30 +0000 (12:23 +0000)]
Sync with changes in dsa_meth.c
pointed out by jsing
tb [Mon, 4 Jul 2022 12:22:32 +0000 (12:22 +0000)]
Prepare to provide DSA_meth_{get0,set1}_name()
Also follow OpenSSL by making the name non-const to avoid ugly casting.
Used by OpenSC's pkcs11-helper, as reported by Fabrice Fontaine in
https://github.com/libressl-portable/openbsd/issues/130
ok jsing sthen
tb [Mon, 4 Jul 2022 12:17:32 +0000 (12:17 +0000)]
Prepare to provide X509_VERIFY_PARAM_get_time()
ok jsing sthen
espie [Mon, 4 Jul 2022 10:41:21 +0000 (10:41 +0000)]
somehow, when I created this file, I copied the licence of the other files
around, but with my name instead... which makes absolutely no sense
whatsoever, especially the regents part.
replace with ISC licence, much saner.
(as noticed by miod@, who else ?)
tobhe [Mon, 4 Jul 2022 09:23:15 +0000 (09:23 +0000)]
Ignore any CERT payload after the first instead of failing the exchange
when more than one is received. The first CERT is always the leaf
certificate, additional payloads can be used to send intermediate certs
which iked can not handle at the moment.
This fixes exchanges where the certificate chain is still valid because
matching intermediate certs are available locally in /etc/iked.
Reported and tested by Loïc Revest <l.revest (at) apc.fr>
ok mbuhl@
dtucker [Mon, 4 Jul 2022 09:10:31 +0000 (09:10 +0000)]
Add TEST_REGRESS_CACHE_DIR which, if set, is used to cache regress test
names that have succeeded and skip those on a re-run.
tobhe [Mon, 4 Jul 2022 08:39:55 +0000 (08:39 +0000)]
Fix error in the comparison of the Child SA nonces to decide which
SA shall be deleted. ni should be set to the minimum nonce for the
exchange intitiated by us while nr should be the smaller of the
nonces of the simultaneous exchange initiated by the peer, which
is stored in sa_simulat.
This fixes the ni < nr comparison below and makes sure our Child SA
is only deleted in the correct case as specified in RFC 7296.
Reported by and fix from Sibar Soumi <sibar.soumi (at) achelos.de>
ok mbuhl@
nicm [Mon, 4 Jul 2022 08:39:45 +0000 (08:39 +0000)]
Sort panes by index not by ID, GitHub issue 3249.
nicm [Mon, 4 Jul 2022 08:24:36 +0000 (08:24 +0000)]
Mouse clicks could change current item, so work it out again. GitHub
issue 3242.
tb [Sun, 3 Jul 2022 22:10:25 +0000 (22:10 +0000)]
Reword a comment
tb [Sun, 3 Jul 2022 22:07:12 +0000 (22:07 +0000)]
Unwrap a line
job [Sun, 3 Jul 2022 16:55:39 +0000 (16:55 +0000)]
Revert previous changeset: While using .Nm without an argument
in the SYNOPSIS is not strictly wrong, the conventional way is
to always state the name explicitely in the SYNOPSIS.
With help from Ingo Schwarze
florian [Sun, 3 Jul 2022 16:00:11 +0000 (16:00 +0000)]
use sys/types.h to get at __dead.
Pointed out by & OK deraadt
deraadt [Sun, 3 Jul 2022 15:06:06 +0000 (15:06 +0000)]
thou shalt not include sys/cdefs.h because it is not standardized, the
file to be used is sys/types.h
sthen [Sun, 3 Jul 2022 15:02:04 +0000 (15:02 +0000)]
Update instructions for using curl's mk-ca-bundle script.
jsing [Sun, 3 Jul 2022 14:58:00 +0000 (14:58 +0000)]
Simplify certificate list handling code in legacy server.
A client is required to send an empty list if it does not have a suitable
certificate - handle this case up front, rather than going through the
normal code path and ending up with an empty certificate list. This matches
what we do in the TLSv1.3 stack and will allow for ruther clean up (in
addition to making the code more readable).
Also tidy up the CBS code and remove some unnecessary length checks. Use
'cert' and 'certs' for certificates, rather than 'x' and 'sk'.
ok tb@
jsing [Sun, 3 Jul 2022 14:52:39 +0000 (14:52 +0000)]
Simplify certificate list handling code in legacy client.
Tidy up CBS code and remove some unnecessary length checks. Use 'cert' and
'certs' for certificates, rather than 'x' and 'sk'.
ok tb@
schwarze [Sun, 3 Jul 2022 14:28:26 +0000 (14:28 +0000)]
Instead of the custom <div class="manual-text">, use the standard
HTML <main> element. The benefit is that it has the ARIA landmark
role "main" by default. To ease the transition for people using
their own CSS file instead of mandoc.css, retain the custom class
for now.
I had this idea in a discussion with Anna Vyalkova <cyber at sysrq dot in>.
Patch from Anna, slightly tweaked by me.
job [Sun, 3 Jul 2022 14:12:30 +0000 (14:12 +0000)]
Nm is already defined
From Daniel Ebdrup
kn [Sun, 3 Jul 2022 12:14:36 +0000 (12:14 +0000)]
Create virtual interfaces upfront if specified on the command line
In cases like `sh /etc/netstart pair1 pair2', one of hostname.pair{1,2}
will contain a "patch pair{2,1}" command which expects the other interface
to exist.
If none exist, this would fail and netstart had to be run separately or
"patch"ed interface had to be manually created before.
There are other use cases where interfaces depend on each other, so before
(re)configuring an explicit list of interfaces, create all virtual ones
upfront so that a single netstart invocation will configure everything
correctly without having reflect dependencies in multiple ordered netstart
invocations.
Copy isin() from install.sub to help.
Feedback OK halex
florian [Sun, 3 Jul 2022 12:07:52 +0000 (12:07 +0000)]
Implement SVCB and HTTPS record types.
Testing caspar, otto
OK otto
tb [Sun, 3 Jul 2022 08:15:52 +0000 (08:15 +0000)]
Simplify tls1_ec_nid2group_id()
Replace long switch statement duplicating data from nid_list[] with a
linear scan.
requested by and ok jsing
tb [Sun, 3 Jul 2022 08:13:45 +0000 (08:13 +0000)]
Simplify tls1_ec_group_id2{bits,nid}()
Instead of a nonsensical NULL check, check nid_list[group_id].{bits,nid}
is not 0. This way we can drop the group_id < 1 check.
ok jsing
jsing [Sat, 2 Jul 2022 19:36:07 +0000 (19:36 +0000)]
Call certificate variables cert and certs, rather than x and sk
ok tb@
kn [Sat, 2 Jul 2022 19:00:35 +0000 (19:00 +0000)]
Make -s accept HUP like kill(1) and GNU timeout(1) do
timeout.c's parse_signal() basically does what kill.c's signame_to_num()
does, except it expects "SIG" in string signals.
Borrow the isalpha() check from kill.c to get the same behaviour.
OK deraadt
jsing [Sat, 2 Jul 2022 18:14:35 +0000 (18:14 +0000)]
Use ASN1_INTEGER to parse/build (Z)LONG_it
Rather than having yet another (broken) ASN.1 INTEGER content builder and
parser, use {c2i,i2c}_ASN1_INTEGER().
ok beck@
deraadt [Sat, 2 Jul 2022 17:38:23 +0000 (17:38 +0000)]
sync
deraadt [Sat, 2 Jul 2022 17:21:32 +0000 (17:21 +0000)]
dhclient(8) has been undergoing replacement with "ifconfig xxx inet auto"
for a couple of years, backed by dhcpleased(8), which provides much better
dns handling. The next step is to make the dhclient simply execve
ifconfig in that way, and provide syslog warnings about deprecated options
along the way. This way, we can find the last few dhclient users, and what
they are missing.
ok florian krw
jsing [Sat, 2 Jul 2022 17:09:09 +0000 (17:09 +0000)]
Remove references to openssl/obj_mac.h
Consumers should include openssl/objects.h instead.
tb [Sat, 2 Jul 2022 16:31:04 +0000 (16:31 +0000)]
Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c
The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff
is now confined into ssl_seclevel.c and the rest of the library can make
use of the more straightforward wrappers, which makes it a lot easier on
the eyes.
ok beck jsing
deraadt [Sat, 2 Jul 2022 16:06:56 +0000 (16:06 +0000)]
Avoid c99 features, come on, this is supposed to be highly portable software
ok florian
tb [Sat, 2 Jul 2022 16:01:56 +0000 (16:01 +0000)]
Adjust to new tls1_ec_nid2group_id API.
tb [Sat, 2 Jul 2022 16:00:12 +0000 (16:00 +0000)]
Rename uses 'curve' to 'group' and rework tls1 group API.
This reworks various tls1_ curve APIs to indicate success via a boolean
return value and move the output to an out parameter. This makes the
caller code easier and more consistent.
Based on a suggestion by jsing
ok jsing
tb [Sat, 2 Jul 2022 15:53:37 +0000 (15:53 +0000)]
Fix off-by-one in length check.
Spotted by jsing
jsg [Sat, 2 Jul 2022 14:08:52 +0000 (14:08 +0000)]
remove machine/lock.h where unused
Previously for __cpu_simple_lock parts. Now only hppa and m88k use
__cpu_simple_lock (and hppa uses atomic.h for it).
ok miod@ visa@
mvs [Sat, 2 Jul 2022 11:49:23 +0000 (11:49 +0000)]
Unlock peer in the SOCK_STREAM and SOCK_SEQPACKET error path.
Reported-by: syzbot+a648408d6a58fd40b59a@syzkaller.appspotmail.com
by anton@
tb [Sat, 2 Jul 2022 09:33:20 +0000 (09:33 +0000)]
Make tls1_ec_curve_id2nid() return explicit NID_undef instead of 0 on error
and adjust the only caller that didn't check for NID_undef already.
ok beck jsing
visa [Sat, 2 Jul 2022 08:50:41 +0000 (08:50 +0000)]
Remove unused device poll functions.
Also remove unneeded includes of <sys/poll.h> and <sys/select.h>.
Some addenda from jsg@.
OK miod@ mpi@
danj [Sat, 2 Jul 2022 03:32:05 +0000 (03:32 +0000)]
Add /etc/rpki/skiplist
ok tb
deraadt [Sat, 2 Jul 2022 03:03:00 +0000 (03:03 +0000)]
sync
mvs [Fri, 1 Jul 2022 09:57:24 +0000 (09:57 +0000)]
Remove PIPEXCSESSION ioctl(2) call only from npppd(8).
Long time ago pipex(4) sessions can't be deleted until pipex(4) queues
become empty. Such dead sessions stay linked to the stack and the
session `ip_forward' flag was used to prevent packets processing. But
now pipex(4) session could be closed just after close request. This
logic became unnecessary.
PIPEXCSESSION ioctl(2) will be removed from kernel with upcoming diff.
ok yasuoka@