claudio [Tue, 27 Jul 2021 07:42:37 +0000 (07:42 +0000)]
Implemnt the RFC8050 in the MRT parser. With this MRT dumps containing
add-path information will be dumped properly.
There is one bit where this implementation is not in line with the RFC.
The encoding of DUMP_V2_RIB_GENERIC_ADDPATH for non IPv4 or IPv6 prefixes
is implemented the way gobgp did it (which seems to be the only other BGP
implementation that supports generic encoding). The RFC puts the path_id
in the NLRI for generic encoding instead of adding it to RIB entry struct
like in the IPv4 and IPv6 encoding. This is an open discussion point with
the RFC author.
OK benno@
claudio [Tue, 27 Jul 2021 07:32:08 +0000 (07:32 +0000)]
Add the needed MRT dump defines for RFC8050 support. This will be used
to dump add-path enabled systems because the NLRI format changes based
on the add-path capability and there is no way to know which format is
in use so new message types had to be added.
Also extend the ctl_show_rib structure to include the path_id.
OK benno@
jsg [Tue, 27 Jul 2021 07:20:11 +0000 (07:20 +0000)]
replace efibind.h files with the small amount we need
tested on armv7 arm64 and amd64 (bootx64)
ok kettenis@ mpi@
claudio [Tue, 27 Jul 2021 07:14:31 +0000 (07:14 +0000)]
Implement RFC9072: Extended Optional Parameters Length for BGP OPEN Message
This allows to send more then 255 bytes of optional parameters. With this
it is possible to send more capabilities. bgpd will switch automatically
to the new extended lenght format if needed but by default the old 1 byte
param length encoding is used to keep compatible with old systems.
OK benno@
kevlo [Tue, 27 Jul 2021 01:44:55 +0000 (01:44 +0000)]
Fix Rx hash type
This matches what Linux and FreeBSD do.
ok jmatthew@
mvs [Mon, 26 Jul 2021 23:17:06 +0000 (23:17 +0000)]
Use per-CPU counters for tunnel descriptor block (tdb) statistics.
'tdb_data' struct became unused and was removed.
ok bluhm@
kettenis [Mon, 26 Jul 2021 22:13:19 +0000 (22:13 +0000)]
Print a few more registers in dump_regs().
bluhm [Mon, 26 Jul 2021 21:27:56 +0000 (21:27 +0000)]
Do not queue crypto operations for IPsec. The packet entries in
task queues were unlimited and could overflow during havy traffic.
Even if we still use hardware drivers that sleep, softnet task
instead of soft interrupt can handle this now. Without queues net
lock is inherited and kernel lock is only needed once per packet.
This results in less lock contention and faster IPsec.
Also protect tdb drop counters with net lock and avoid a leak in
crypto dispatch error handling.
intense testing Hrvoje Popovski; OK mpi@
bluhm [Mon, 26 Jul 2021 20:44:44 +0000 (20:44 +0000)]
The mbuf header cleanup in revision 1.173 of ip_icmp.c was too
strict. ICMP error packets generated by pf were not passed
immediately, but could be blocked. Preserve PF_TAG_GENERATED flag
in icmp_reflect() and icmp6_reflect().
reported by sf@; OK patrick@ kn@
bluhm [Mon, 26 Jul 2021 20:38:18 +0000 (20:38 +0000)]
Fix typo.
from alf schlichting
tb [Mon, 26 Jul 2021 16:54:20 +0000 (16:54 +0000)]
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze
while documenting X509_ocspid_print().
ok schwarze
kettenis [Mon, 26 Jul 2021 16:47:52 +0000 (16:47 +0000)]
Adjust driver for device tree binding changes.
stsp [Mon, 26 Jul 2021 14:15:40 +0000 (14:15 +0000)]
Fix accounting of the number of frames queued on an iwx(4) Tx ring.
Stop decrementing ring->queued inside the if-statement which guards
maintenance of the OACTIVE flag. This is wrong and resulted in a negative
counter value (visible in firmware error traces). The counter is already
decremented in the loop above where frames are taken off the ring.
schwarze [Mon, 26 Jul 2021 14:03:43 +0000 (14:03 +0000)]
new manual page X509_policy_tree_level_count(3)
documenting the X509_POLICY_TREE object and its sub-objects
krw [Mon, 26 Jul 2021 13:05:14 +0000 (13:05 +0000)]
Report write() and ioctl() errors encountered when writing GPT or MBR to disk.
Consolidate GPT/MBR read()/write() operations into DISK_writesectors() and
DISK_readsectors(), producing clearer logic and consistent handling of i/o and
errors.
Add some DPRINTF() and #ifdef DEBUG sections to allow more detailed error
reporting when desired.
sthen [Mon, 26 Jul 2021 12:59:41 +0000 (12:59 +0000)]
small tweaks to dhcpleased.conf(5), ok jmc florian
kn [Mon, 26 Jul 2021 12:47:44 +0000 (12:47 +0000)]
Pass make flags to kernel and lib builds
Running `make -j4' in /usr/src/distrib/amd64/ramdisk_cd/ et al. executes
make(1) to both build the RAMDISK kernel and build libraries.
Doing so does not propagate the flags specified to the ramdisk_cd
invocation, which in turn means `-j4' for example is ignored and both kernel
and libraries will not be built in parallel.
Pass make(1)'s MFLAGS along to retain relevant flags; make is clever enough
to separate flags, variable assignments and targets from each other and only
pass along things to `MFLAGS' that'd make sense, i.e. `make -C. -j4 foo=bar'
does *not* pass `-C.' to change directories.
(can be easily tested with `make -p ... | grep MFLAGS'.)
This makes hacking on ramdisks/the installer much faster, espescially since
the `bsd' target does `make clean' and therefore builds a new kernel every
time.
OK deraadt
jsg [Mon, 26 Jul 2021 11:06:36 +0000 (11:06 +0000)]
fix an mbuf leak with m_len 0 mbufs
from niklas@ via mikeb@
florian [Mon, 26 Jul 2021 09:26:36 +0000 (09:26 +0000)]
Implement possibility to send vendor class identifier (option 60) and
client identifier (option 61). Some dhcp servers expect these options
and refuse to hand out a lease without them.
Need for vendor class identifier pointed out & tested by bket
Need for client identifier pointed out by sthen
Input & reads OK sthen (as part of a larger diff)
OK kn (as part of a larger diff)
florian [Mon, 26 Jul 2021 09:22:00 +0000 (09:22 +0000)]
The SIOCAIFADDR ioctl could lose a race against another process
configuring the same IP.
Found the hard way by afresh1
rsadowski [Mon, 26 Jul 2021 07:37:05 +0000 (07:37 +0000)]
Qt4 cleanup
Drop all references to qt4 and replace by qt5/6.
Tweaks and OK espie@
jsg [Mon, 26 Jul 2021 06:24:22 +0000 (06:24 +0000)]
retry i2c transfers on -EAGAIN up to the number of times specified in
struct i2c_adapter
inteldrm gmbus returns -EAGAIN to fallback to gpio bitbanging
asou [Mon, 26 Jul 2021 06:00:37 +0000 (06:00 +0000)]
Add mtx_enter/mtx_leave in kvp_pool_keys().
ok mikeb
mpi [Mon, 26 Jul 2021 05:51:13 +0000 (05:51 +0000)]
Pass a socket pointer to various socket buffer routines in preparation for
per-socket locking.
No functional change.
jsing [Mon, 26 Jul 2021 03:17:38 +0000 (03:17 +0000)]
Dedup dtls1_dispatch_alert()/ssl3_dispatch_alert().
The code for dtls1_dispatch_alert() and ssl3_dispatch_alert() is largely
identical - with a bit of reshuffling we can use ssl3_dispatch_alert() for
both protocols and remove the ssl_dispatch_alert function pointer.
ok inoguchi@ tb@
jca [Sun, 25 Jul 2021 22:58:39 +0000 (22:58 +0000)]
Consistently use __asm instead of asm/__asm__
ok kettenis@
benno [Sun, 25 Jul 2021 20:31:41 +0000 (20:31 +0000)]
The output of server_root_strip() is a string. Use the correct format
"%s". Same for the output of relay_expand_http().
with and ok claudio@
Found by Cedric Tessier, thanks!
cheloha [Sun, 25 Jul 2021 15:47:26 +0000 (15:47 +0000)]
nanosleep.2: HISTORY: correct historic sleep() system call origins
A sleep() system call first appeared in Research UNIX v2, not v3.
See, e.g., the TOC here:
https://www.tuhs.org/Archive/Distributions/Research/Dennis_v2/v2man.pdf
Pointed out by jsg@ in a related discussion on tech@:
https://marc.info/?l=openbsd-tech&m=
162718667209936&w=2
mpi [Sun, 25 Jul 2021 14:13:47 +0000 (14:13 +0000)]
Kill unused sbinsertoob().
ok mvs@
schwarze [Sun, 25 Jul 2021 14:05:03 +0000 (14:05 +0000)]
Document X509_STORE_CTX_set_trust(3), X509_STORE_CTX_set_purpose(3),
and X509_STORE_CTX_purpose_inherit(3). These functions look deceptively
simple on first sight, but their semantics is surprisingly complicated.
florian [Sun, 25 Jul 2021 12:35:58 +0000 (12:35 +0000)]
If the lease didn't contain renewal or rebinding options set the
defaults before validating the times to prevent excessive logging.
Found the hard way & OK brynet
dtucker [Sun, 25 Jul 2021 12:27:37 +0000 (12:27 +0000)]
Skip unit and makefile-based key conversion tests when we're building
with OPENSSL=no.
dtucker [Sun, 25 Jul 2021 12:13:03 +0000 (12:13 +0000)]
Replace OPENSSL as the variable that points to the openssl binary
with OPENSSL_BIN. This will allow us to use the OPENSSL variable from
mk.conf or the make(1) command line indicating if we're building with
our without OpenSSL, and ultimately get the regress tests working in
the OPENSSL=no configuration.
espie [Sun, 25 Jul 2021 11:29:42 +0000 (11:29 +0000)]
nobody noticed, but the variable is still called "MODULES" with an S
florian [Sun, 25 Jul 2021 08:36:06 +0000 (08:36 +0000)]
Do not doubt a secure (i.e. validated) NXDOMAIN response when we just
switched networks. We validated it, we can't do better than that!
While here reorder the long list of conditions to make it easier to
understand when we doubt a response because we might be behind a
captive portal. First list all conditions when we do not doubt the
response and then the two conditions when we do doubt the response.
OK benno
florian [Sun, 25 Jul 2021 08:34:43 +0000 (08:34 +0000)]
We store a list of resolver strategies in order of their preference in
the configuration struct. This is also an implicit list of enabled
resolver strategies. We have also stored an explict lookup array of
enabled strategies outside of the configuration to be able to quickly
answer "is this strategy enabled" without traversing the preferences
list.
Move this table into the configuration so that we don't need to
"repair" it on config reload.
This fixes a bug where on startup the preferences list and enabled
lookup table were not in sync. It didn't matter in practice since we
do a config reload and then pass in DNSSEC trustanchors on startup.
Both actions combined repaired things.
OK benno
aoyama [Sun, 25 Jul 2021 07:12:51 +0000 (07:12 +0000)]
Force to use serial console when no graphic board is found.
If no graphic board is found, LUNA's ROM monitor forces to use serial
console even though DIP switch setting is 'use graphic console'.
For the consistency, change the the kernel behavior the same as ROM
monitor does.
Tested on my LUNA-88K2.
mglocker [Sun, 25 Jul 2021 06:43:04 +0000 (06:43 +0000)]
Enable LEDs for the LAN7800 chip, as e.g. found on the
Raspberry Pi 3 Model B+.
ok kevlo@
jsg [Sun, 25 Jul 2021 06:11:48 +0000 (06:11 +0000)]
enable iwm(4)
from Ashton Fagg who tested on 9260
jsg [Sun, 25 Jul 2021 05:51:15 +0000 (05:51 +0000)]
enable ix(4)
from Ashton Fagg who tested on 82599
jca [Sat, 24 Jul 2021 22:41:09 +0000 (22:41 +0000)]
riscv64 userland timecounter support
ok kettenis@
deraadt [Sat, 24 Jul 2021 19:11:02 +0000 (19:11 +0000)]
sync
kettenis [Sat, 24 Jul 2021 18:15:13 +0000 (18:15 +0000)]
Implement a workaround for the SiFive FU740 CIP-1200 errata.
Remove the (incomplete) support for ASIDs. RISC-V hardware that implements
ASIDs doesn't exist at this moment and the current code interferes with
the errata workaround and other pmap improvements we're planning to make.
ok drahn@, jca@, deraadt@
jca [Sat, 24 Jul 2021 16:56:54 +0000 (16:56 +0000)]
Pretty print ELF machine name as "RISC-V"
Instead of "<unknown>: f3". ok kettenis@
mglocker [Sat, 24 Jul 2021 14:43:53 +0000 (14:43 +0000)]
The updated dwctwo(4) driver introduces two new parameters.
mglocker [Sat, 24 Jul 2021 14:41:41 +0000 (14:41 +0000)]
Fix octeon build after dwctwo(4) update.
From deraadt@
schwarze [Sat, 24 Jul 2021 14:33:14 +0000 (14:33 +0000)]
Two new manual pages X509_TRUST_set(3) and X509_check_trust(3)
documenting ten functions related to X509_TRUST objects,
trust identifiers, and trust indices.
kn [Sat, 24 Jul 2021 14:15:34 +0000 (14:15 +0000)]
Capitalise DNS response code, stub learns from SLAAC, clarify wording
OK florian
inoguchi [Sat, 24 Jul 2021 13:21:04 +0000 (13:21 +0000)]
Compare strcmp and strcasecmp return value with zero
patrick [Sat, 24 Jul 2021 10:52:07 +0000 (10:52 +0000)]
The I2C controller's clock- and bitrate properties used different naming
between ACPI and FDT. The ACPI tables have now been adjusted, so now we
need to accept the new scheme as well.
ok kettenis@
mpi [Sat, 24 Jul 2021 09:16:51 +0000 (09:16 +0000)]
Modifying a knote must be done with the corresponding lock held. Assert
that the KERNEL_LOCK() is held unless the filter is marked as MPSAFE.
Should help finding missing locks when unlocking various filters.
ok visa@
visa [Sat, 24 Jul 2021 08:21:13 +0000 (08:21 +0000)]
Replace cpus_running with CPU_IS_RUNNING().
mglocker [Sat, 24 Jul 2021 06:04:44 +0000 (06:04 +0000)]
The updated dwctwo(4) driver introduces two new parameters.
jmatthew [Sat, 24 Jul 2021 05:49:59 +0000 (05:49 +0000)]
Use the presence of an intrmap, rather than the number of queues, to
determine how admin interrupts are set up, so we don't get confused about
it when there's only one queue.
visa [Sat, 24 Jul 2021 05:45:49 +0000 (05:45 +0000)]
Add basic regression tests for strchr() and strrchr().
visa [Sat, 24 Jul 2021 05:35:56 +0000 (05:35 +0000)]
Fix strchr() and strrchr() on mips64
Truncate the character arguments of strchr() and strrchr() to eight bits
so that the implied char conversion would work correctly. Otherwise the
functions would always return NULL when the character argument is
negative.
OK miod@
dtucker [Sat, 24 Jul 2021 02:57:28 +0000 (02:57 +0000)]
Skip RFC4716 format import and export tests when built without OpenSSL.
dtucker [Sat, 24 Jul 2021 02:51:14 +0000 (02:51 +0000)]
Don't omit ssh-keygen -y from usage when built without OpenSSL. It is
actually available, albeit only for
ed25519 keys.
dtucker [Sat, 24 Jul 2021 02:08:13 +0000 (02:08 +0000)]
Exclude key conversion options from usage when built without OpenSSL
since those are not available, similar to what we currently do with
the moduli screening options. We can also use this to skip the
conversion regression tests in this case.
djm [Sat, 24 Jul 2021 01:55:19 +0000 (01:55 +0000)]
don't leak environment= variable when it is not the first match
djm [Sat, 24 Jul 2021 01:54:23 +0000 (01:54 +0000)]
test for first-match-wins in authorized_keys environment=
options
deraadt [Fri, 23 Jul 2021 23:06:39 +0000 (23:06 +0000)]
sync
mglocker [Fri, 23 Jul 2021 21:47:22 +0000 (21:47 +0000)]
Make GENERIC compile again.
schwarze [Fri, 23 Jul 2021 20:50:28 +0000 (20:50 +0000)]
Similar to x509/x509_purp.c rev. 1.5:
Delete some code from X509_TRUST_cleanup(3) that had no effect:
it called a function on static objects that returns right away
unless the argument is dynamically allocated.
Pointed out by tb@.
This commit is identical to:
OpenSSL commit
5e6e650d62af09f47d63bfdd6c92e3b16e9da644
Author: Kurt Cancemi <kurt at x64architecture dot com>
Date: Thu Jun 9 21:57:36 2016 -0400
schwarze [Fri, 23 Jul 2021 20:40:49 +0000 (20:40 +0000)]
Delete some code from X509_PURPOSE_cleanup(3) that had no effect:
it called a function on static objects that returns right away
unless the argument is dynamically allocated.
OK jsing@ tb@
The useless code was independently discovered while writing documentation.
This commit is identical to:
OpenSSL commit
fa3a0286d178eb3b87bf2eb5fd7af40f81453314
Author: Kurt Cancemi <kurt at x64architecture dot com>
Date: Wed Jun 8 19:15:38 2016 -0400
schwarze [Fri, 23 Jul 2021 20:25:36 +0000 (20:25 +0000)]
Add a roff(7) comment that X509_issuer_and_serial_hash() is
intentionally undocumented because it uses MD5 only and is
unused in real-world code according to codesearch.debian.net.
No objection from tb@.
otto [Fri, 23 Jul 2021 18:04:28 +0000 (18:04 +0000)]
Make MALLOC_STATS compile again; noted by Omar Polo and Joe Nelson
schwarze [Fri, 23 Jul 2021 16:43:56 +0000 (16:43 +0000)]
clarify the meaning of the argument of X509_VERIFY_PARAM_set_purpose(3)
deraadt [Fri, 23 Jul 2021 16:23:37 +0000 (16:23 +0000)]
compile in non-DIAGNOSTIC mode; ok mglocker
schwarze [Fri, 23 Jul 2021 16:22:59 +0000 (16:22 +0000)]
mention the possibility that user-defined purpose identifiers may have
been defined or user-supplied checking functions may have been installed
job [Fri, 23 Jul 2021 16:03:47 +0000 (16:03 +0000)]
Adjust HTTP/1.1 request string
* "Connection: keep-alive" isn't needed, as the HTTP 1.1 default is to
use persistent connections (RFC 7230, section 6.3).
* "Host" is recommended to be in the front.
* "Accept-Encoding: identity" makes it clear to the server compression
encodings are not supported.
Based on suggestions from Julian Reschke.
OK benno@ claudio@
jca [Fri, 23 Jul 2021 15:31:14 +0000 (15:31 +0000)]
Use 8/4/1 bytes loads/stores for copyin/copyout/kcopy
Only use multiple bytes operations on properly aligned addresses, as
I have observed a 40x penalty for unaligned 8 bytes operations compared
to equivalent 1-byte loops on this Sifive Unmatched. The speed gain is
small but significant.
Input & ok kettenis@
schwarze [Fri, 23 Jul 2021 14:27:32 +0000 (14:27 +0000)]
new manual page X509_PURPOSE_set(3) documenting 11 functions
related to X509_PURPOSE objects, purpose identifiers, and purpose indices
cheloha [Fri, 23 Jul 2021 12:47:21 +0000 (12:47 +0000)]
nanosleep.2: miscellaneous cleanup and rewrites
Clean up the nanosleep(2) manpage. Correct errors and rewrite the
clunky parts.
Lots of input and suggestions from schwarze@ and deraadt@.
Thread: https://marc.info/?l=openbsd-tech&m=
162681970507360&w=2
ok schwarze@
florian [Fri, 23 Jul 2021 11:56:01 +0000 (11:56 +0000)]
When dhcpleasectl asks to send a new request on an interface we are
probably stuck in some way and the user wants a mostly clean slate.
If we already have an IP address transition to state REBOOTING so that
we no longer unicast dhcp requests. We will then try to reacquire our
lease twice before giving up and transition to INIT and send dhcp
discover messages accepting any IP address.
jmc [Fri, 23 Jul 2021 06:02:39 +0000 (06:02 +0000)]
occured -> occurred;
jmc [Fri, 23 Jul 2021 06:01:17 +0000 (06:01 +0000)]
punctuation;
djm [Fri, 23 Jul 2021 05:56:47 +0000 (05:56 +0000)]
mention in comment that read_passphrase(..., RP_ALLOW_STDIN) will
try to use askpass first. bz3314
convert a couple of debug() -> debug_f() while here
dtucker [Fri, 23 Jul 2021 05:53:02 +0000 (05:53 +0000)]
Simplify keygen-convert by using $SSH_KEYTYPES directly.
djm [Fri, 23 Jul 2021 05:24:02 +0000 (05:24 +0000)]
note successful authentication method in final "Authenticated to ..."
message and partial auth success messages (all at LogLevel=verbose)
ok dtucker@
dtucker [Fri, 23 Jul 2021 05:07:16 +0000 (05:07 +0000)]
Test conversion of
ed25519 and ecdsa keys too.
dtucker [Fri, 23 Jul 2021 04:56:21 +0000 (04:56 +0000)]
Add test for exporting pubkey from a passphrase-protected private key.
djm [Fri, 23 Jul 2021 04:04:52 +0000 (04:04 +0000)]
Add a ForkAfterAuthentication ssh_config(5) counterpart to the
ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch.
ok dtucker
djm [Fri, 23 Jul 2021 04:00:59 +0000 (04:00 +0000)]
Add a StdinNull directive to ssh_config(5) that allows the config
file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
djm [Fri, 23 Jul 2021 03:57:20 +0000 (03:57 +0000)]
make authorized_keys environment="..." directives first-match-wins
and more strictly limit their maximum number; prompted by OOM
reported by OSS-fuzz (35470).
feedback and ok dtucker@
djm [Fri, 23 Jul 2021 03:54:55 +0000 (03:54 +0000)]
regression test for time-limited signature keys
djm [Fri, 23 Jul 2021 03:37:52 +0000 (03:37 +0000)]
Let allowed signers files used by ssh-keygen(1) signatures support key
lifetimes, and allow the verification mode to specify a signature time
to check at. This is intended for use by git to support signing
objects using ssh keys. ok dtucker@
jmatthew [Fri, 23 Jul 2021 00:29:14 +0000 (00:29 +0000)]
pci_intr_msix_count() is the function that drivers using multiple MSI-X
vectors use to decide whether to use MSI-X, so make it return 0 if MSI
is not enabled for the device.
fixes problems with ix(4) on older amd64 hardware and current riscv64
ok kettenis@ dlg@
schwarze [Thu, 22 Jul 2021 19:44:30 +0000 (19:44 +0000)]
document X509_STORE_CTX_set_time(3) and X509_STORE_CTX_set_depth(3)
schwarze [Thu, 22 Jul 2021 19:09:26 +0000 (19:09 +0000)]
Major cleanup.
1. Fix the order of functions to match the order they occur in
application code, making the text significantly easier to follow.
2. Do not use the same argument placeholder *sk for several different
things; call the arguments *trusted, *untrusted, and *crls as
appropriate.
3. Avoid using the word "initialised" for two different concepts
in the same manual page; it was sometimes intended to mean "fill
with zeros" and sometimes "replace the zeros with useful data".
4. Generally, make the text more precise, more straightforward,
and shorter (-84 +65 lines of mdoc code).
krw [Thu, 22 Jul 2021 18:54:17 +0000 (18:54 +0000)]
mbrfile can be const.
mglocker [Thu, 22 Jul 2021 18:32:33 +0000 (18:32 +0000)]
Sync dwctwo(4) with the NetBSD-current code base.
On the Raspberry Pi 3 Model B+ this does as a benefit:
* Enable the USB on-board Ethernet controller through mue(4).
* Enable the two USB uhub2 ports for removable devices.
Feedback incorporated from kettenis@ and jsg@.
ok kettenis@
deraadt [Thu, 22 Jul 2021 18:29:47 +0000 (18:29 +0000)]
Only perform the default-route-pause if there are interfaces with the
AUTOCONF flag set. This removes the delay for even more (strange)
static configs.
ok sthen
kettenis [Thu, 22 Jul 2021 18:16:13 +0000 (18:16 +0000)]
Delete unused non-PIC code.
ok mlarkin@
sthen [Thu, 22 Jul 2021 18:09:04 +0000 (18:09 +0000)]
small tweak for default route checking, we don't care about the number of
routes, only if at least one exists, so can avoid the subshell and just use
grep -q. ok deraadt
stsp [Thu, 22 Jul 2021 18:01:29 +0000 (18:01 +0000)]
Make dhcpleased(8) always configure provided routes, regardless of
whether the address we received in our lease is already configured.
In the case I observed, no default route was added to the routing table
even though the server provided both an address and a route option.
As it happened the leased address was already configured on the interface.
This should not prevent routing table updates, but it did.
ok florian
schwarze [Thu, 22 Jul 2021 17:11:14 +0000 (17:11 +0000)]
Split the functions operating on the X509_VERIFY_PARAM object out
of X509_STORE_CTX_new(3) because i'm about to document five additional
functions of this kind and the page X509_STORE_CTX_new(3) is growing
unwieldy.
No text change yet, except that i added an introductory sentence
to the beginning of the DESCRIPTION of the new page.
tb [Thu, 22 Jul 2021 16:40:19 +0000 (16:40 +0000)]
Add sizes for free() in zlib
Rebased version of a diff from miod who described it as follows:
This tries to keep diffability against upstream, hence a questionable
choice of the size type for zcfree() - but all sizes should fit in 32
bits anyway.
Since all zcfree routines used in the tree cope with NULL arguments
(including the various alloc.c used by the boot blocks), I have
simplified TRY_FREE to compensate for the growth.
Reminded by and ok mpi
schwarze [Thu, 22 Jul 2021 15:35:50 +0000 (15:35 +0000)]
document X509_STORE_CTX_get0_current_issuer(3)
and X509_STORE_CTX_get0_current_crl(3)
kn [Thu, 22 Jul 2021 15:32:51 +0000 (15:32 +0000)]
Send rDNS proposals on ramdisks
Otherwise resolvd(8) will never learn nameservers and update
/etc/resolv.conf with IPv6 resolvers.
At the moment IPv6 only installations always prompt for nameservers
anyway, but that is its own bug and will be fixed soon.
This enables the upcoming fix to detect learned nameservers in the
first place.
Feedback OK florian