Skip to content
Tree: 53ac6a9873
Commits on Dec 7, 2018
  1. As an extension to POSIX, for consistency with our behaviour for

    ischwarze committed Dec 7, 2018
    the "b" and "t" commands with a label, and for compatibility with
    GNU sed, also accept ";" followed by another command after "b"
    and "t" commands without a label: branch to the end of the script
    instead of erroring out.  Parsing is unchanged.
    Missing feature reported by Lars dot Nooden at gmail dot com on bugs@.
    OK martijn@ millert@
  2. I noticed the "pf table handler" process not going away on dhcpd rest…

    henning committed Dec 7, 2018
    looked at the error handling here, and.... oh my.
    If opening /dev/pf on startup fails, don't just warn and move on, but bail.
    If chroot (or the chdir after) fail, don't just warn and move on, bail.
    If dropping privileges fails, the last thing we want to do is to just move
    on with root privs, having warned or not.
    If the pipe to the parent process is closed, that almost certainly means
    that the parent process went away, and it absolutely certainly means that
    the table handler process has no meaningful reason to exist any more, thus
    ok florian ccardenas krw
  3. Remove public resolver IP addresses, just provide a neutral "document…

    sthen committed Dec 7, 2018
    prefix" address instead - there are so many available with varying
    policies that this isn't a good place to list them (and might imply
    some kind of recommendation which is not intended).
    Particularly prompted by several on the previous list ( and opendns)
    strip RRSIG from results which cause DNSSEC failures now that validation
    is enabled in the example config as noticed by solene@.
    While there, shrink qname-minimisation comment to match other nearby
    comments, and drop dns64 example which is quite a specialist use case
    and not really needed in this basic example.
  4. We are not going to send a neighbor advertisement from a non-master

    fobser committed Dec 7, 2018
    carp interface. Move the check to the beginning of the function to
    make it clear that there are no other side effects happening.
    OK claudio
  5. Enable DNSSEC validation.

    fobser committed Dec 7, 2018
    Requested by & OK claudio
    Input & OK sthen
    OK job, solene
    Various commenting that they run with validation since a long time
    without issues.
  6. Make sure that the prefixlen returned by mask2prefixlen6 is never bigger

    cjeker committed Dec 7, 2018
    than 128 also fail hard when the mask is non contiguous.
    OK remi@
  7. Be more strict in converting a netmask into a prefixlen. Make sure

    cjeker committed Dec 7, 2018
    the prefixlen is never bigger than 128 for inet6.
    OK remi@
  8. All the references to the M_ALIGN and MH_ALIGN macros are gone.

    cjeker committed Dec 7, 2018
    Time to bring them behind the shed and free them. Use m_align() instead.
    OK mpi@ henning@ florian@ kn@
  9. Refactor certificate initialization and verification.

    ericfaurot committed Dec 7, 2018
    Factorize code duplicated in smtp_session.c and mta_session.c
    Implement a simple callback interface, with proper request management
    and simplified imsg protocol.
    Only add the necessary parts for now.
    Exisiting code path will be adapted later.
    input from gilles@ sunil@
    ok gilles@
  10. Remove an ugly hack in the client certificate verification code that …

    botovq committed Dec 7, 2018
    around broken GOST implementations.  It looks like client certificates with
    GOST have been completely broken since reimport of the GOST code, so no-one
    is using LibreSSL this way.  The client side was fixed only last week for
    TLSv1.0 and TLSv1.1.  This workaround is now in the way of much needed
    simplifcation and cleanup, so it is time for it to go.
    suggested by and ok jsing
  11. Fix calculation of initial bandwidth limits.

    daztucker committed Dec 7, 2018
    Account for written bytes before the initial timer check so that the first
    buffer written is accounted.  Set the threshold after which the timer is
    checked such that the limit starts being computed as soon as possible, ie
    after the second buffer is written.  This prevents an initial burst of
    traffic and provides a more accurate bandwidth limit.  bz#2927, ok djm.
  12. only consider the ext-info-c extension during the initial KEX. It sho…

    djmdjm committed Dec 7, 2018
    be sent in subsequent ones, but if it is present we should ignore it.
    This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
    these clients. Reported by Jakub Jelen via bz2929; ok dtucker@
  13. mention that the ssh-keygen -F (find host in authorized_keys) and -R

    djmdjm committed Dec 7, 2018
    (remove host from authorized_keys) options may accept either a bare
    hostname or a [hostname]:port combo. bz#2935
  14. no need to allocate channels_pre/channels_post in channel_init_channe…

    djmdjm committed Dec 7, 2018
    as we do it anyway in channel_handler_init() that we call at the end of
    the function. Fix from Markus Schmidt via bz#2938
  15. Handle 2 Tx chains in the computation of transmit power for the RTL81…

    kevlo committed Dec 7, 2018
    While here sort vendors.
    Tested by jmatthew@
    ok stsp@, jmatthew@
Commits on Dec 6, 2018
  1. Add support for "-" as an input file for stdin as per POSIX.

    martijn committed Dec 6, 2018
    Simplify the code by allowing usage of stdin with the -i flag by pushing
    the result to stdout, so filters and in place editing can be combined.
    OK millert@
  2. Core files with >65535 sections have to use PN_XNUM and a section header

    guenther committed Dec 6, 2018
    to pass the real count, with a minimal .shstrtab segment for consistency.
    Also, add support for PN_XNUM to readelf.
    problem reported and testing by claudio@
    ok kettenis@
  3. add -not as a sh friendly alias for !.

    tedu committed Dec 6, 2018
    ok millert
  4. log more info about errors

    tedu committed Dec 6, 2018
  5. add very experimental support for dns over https. (RFC 8484)

    tedu committed Dec 6, 2018
    performance may be less than great.
    ok anton
  6. link-connect event report had an empty fcrdns field, but now that eri…

    poolpOrg committed Dec 6, 2018
    …c@ has
    plugged fcrdns in the smtp_session we can fill the field with a value
  7. allow passing data lines to proc filters

    poolpOrg committed Dec 6, 2018
    ok eric@
  8. Be more strict when converting a netmask to prefixlen in mask2prefixl…

    cjeker committed Dec 6, 2018
    Make sure we never return a value bigger than 128.
    OK remi@
  9. Implement a simple ruleset optimizer. All it does is merge filter rul…

    cjeker committed Dec 6, 2018
    …es that
    only differ in the filter sets. Since this is still rather common it is able
    to reduce the number of rules by 5% on an autogenerated config.
    OK job@
  10. in mda variables expansions, do not consider empty strings as errors …

    poolpOrg committed Dec 6, 2018
    an empty %{sender} is really a mailer-daemon and not an error
    reported and initial diff by Lauri Tirkkonen <>
    commit is a revised version of the diff based on a discussion with eric@
  11. Add a new argument -B device to vmctl start. It allows to set the boo…

    cjeker committed Dec 6, 2018
    …t device.
    At the moment only 'net' is supported and all other values are silently ignored.
    This allows to kick of an OpenBSD autoinstall by using:
    	vmctl start "installer" -Lc -B net -b bsd.rd -d disk.img
    OK ccardenas@
  12. Make it possible to define the bootdevice in vmd. This information is…

    cjeker committed Dec 6, 2018
    … used
    currently only when booting a OpenBSD kernel. If VMBOOTDEV_NET is used the
    internal dhcp server will pass "auto_install" as boot file to the client and
    the boot loader passes the MAC of the first interface to the kernel to indicate
    PXE booting. Adding boot order support to SeaBIOS is not yet implemented.
    Ok ccardenas@
  13. When building ND packets use m_align() to pack the mbuf as optimal as

    cjeker committed Dec 6, 2018
    possible. Because of an optional payload maxlen bytes are used on the
    m_align so that there is always enough space.
    OK florian@
  14. Avoid unnecessary dynamic memory allocation in athn_usb_newauth().

    stspdotname committed Dec 6, 2018
    Patch by Benjamin Baier
    ok ratchov@ mpi@
Commits on Dec 5, 2018
  1. Correctly disable pvclock(4) on old hardware that lack a stable clock

    reyk committed Dec 5, 2018
    I falsely assumed that the KVM_FEATURE_CLOCKSOURCE_STABLE_BIT
    indicates that the actual clock values are stable, but it turned out
    that this isn't always the case.  To detect if the clock value is
    stable, we now read it once in pvclock_attach() and check for the
    PVCLOCK_FLAG_TSC_STABLE flag.  This needs further investigation.
    Reported and fix tested by johnw.mail at
    OK chris@ phessler@
You can’t perform that action at this time.