| Commit message (Collapse) | Author | Files | Lines |
|---|
|
upcoming update to those, which will see both codebases heading into the
gnu/llvm dumpster.
Feedback from jsg@
ok deraadt@ kettenis@
|
|
* Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead.
* In tagged lists, put bodies into bodies, not into heads.
* Add a few missing macros.
* Drop some useless quoting.
|
|
Follow the previous commit and complete the manual page for consistency;
better readable and tags for free.
OK tb
|
|
compared to the existing certificate on disk, automatically request a
new certificate without requiring -F.
(Previously the code using -F only coped with added SANs; if one was
removed in config then the certificate needed manual removal vefore
acme-client would work).
Name checks for -r (revocation) are kept as-is for now.
|
|
be in the right spot once tls_close() is handled by libevent.
suggested by jsing
|
|
In order to end a TLS connection regularly, an implementation MUST send a
close_notify alert. libtls does this in tls_close() via SSL_shutdown(),
so the socket had better still be open.
The incorrect order in server_close() caused a leak on each tls connection
due to a bug in libssl (fixed in tls_record_layer.c r1.56).
As pointed out by claudio, tls_close() should really be handled from the
main event loop. This will be addressed in a later commit.
ok claudio florian jsing
|
|
httpd(8)'s incorrect tls_close() after closing the underlying socket
led to a leak: tls_close()'s attempt to send out the close_notify won't
work very well over a closed pipe. This resulted in alert_data still
hanging off the TLSv1.3 context's record layer struct. The tls_free()
call should have cleaned this up but failed to do so.
The record layer's phh_data potentially has the same issue, so free it
as well. This diff makes -current httpd(8) run in constant memory over
hundreds of thousands TLS connections with a static site.
ok inoguchi jsing
|
|
gnu/ directory.
|
|
|
|
libraries due to dynamic export additions and removals in libc++abi.
Tested by kettenis@, visa@ and myself
ok kettenis@
|
|
ok kettenis@
|
|
ok kettenis@
|
|
While here, trim pointless quoting and one excessive column width.
|
|
Fixes build on powerpc and sparc64.
ok patrick@
|
|
netstat(1) is where the mapping between letters and flags is documented,
but searching for them ("man -k any=RTF_" or "man -k -i any=blackhole")
would only list route(4) and route(8).
Markup preprocessor defines as such.
OK schwarze
|
|
and move punctuation out of two that are already there
|
|
|
|
From Yifei ZHAN on tech@
|
|
LM9002/9003 is very similar to LM9001 since it works just fine on LM9002
with the codebase for LM9001.
LM9013 on the other hand is fairly different from LM9001 and is more like
Yeeloong 8089 when it comes to hardware design. More work might be needed
to make it fully functional.
From Yifei ZHAN on tech@
|
|
if_detach() will do this.
ok kn@
|
|
if_detach() will do this.
ok kn@
|
|
and were kept only for backward compatibility reasons.
ok mpi@ yasuoka@
|
|
|
|
bpf_catchpacket had a chunk to deal with reader timeouts, but that
has largely been moved to bpfread. the vestigal code that was left
still tried to wake up a reader when a buffer got full, but there
already is a chunk of code that wakes up readers when the buffer
gets full.
bpf_wakeup now checks for readers before calling wakeup directly,
rather than pushing the wakeup to a task and calling it unconditionally.
the task_add is now only done when the bpfdesc actually has something
that needs it.
ok visa@
|
|
|
|
uvm_km_valloc(9). Tested on a T5120.
ok mpi@
|
|
Change the pool(9) timeouts to use the system uptime instead of ticks.
- Change the timeouts from variables to macros so we can use
SEC_TO_NSEC(). This means these timeouts are no longer patchable
via ddb(4). dlg@ does not think this will be a problem, as the
timeout intervals have not changed in years.
- Use low-res time to keep things fast. Add a local copy of
getnsecuptime() to subr_pool.c to keep the diff small. We will need
to move getnsecuptime() into kern_tc.c and document it later if we
ever have other users elsewhere in the kernel.
- Rename ph_tick -> ph_timestamp and pr_cache_tick -> pr_cache_timestamp.
Prompted by tedu@ some time ago, but the effort stalled (may have been
my fault). Input from kettenis@ and dlg@.
Special thanks to mpi@ for help with struct shuffling. This change
does not increase the size of struct pool_page_header or struct pool.
ok dlg@ mpi@
|
|
Change bd_rtout to a uint64_t of nanoseconds. Update the code in
bpfioctl() and bpfread() accordingly.
Add a local copy of nsecuptime() to make the diff smaller. This will
need to move to kern_tc.c if/when we have another user elsewhere in
the kernel.
Prompted by mpi@. With input from dlg@.
ok dlg@ mpi@ visa@
|
|
We can simulate the current behavior without lbolt by sleeping for 1
second on the &nowake channel.
ok mpi@
|
|
We can simulate the current behavior without lbolt by sleeping for 1
second on the &nowake channel.
ok mpi@
|
|
through them and check that MAXLOOP is triggered in kernel.
|
|
PPC ASM had to be re-applied manually due to whitespace changes upstream,
other merge conflicts were harmless.
"Looks good" kettenis@
|
|
OK martijn@
|
|
build.
Encouraged by kettenis@
|
|
ok jca@, kn@
|
|
On architectures that do not always spill the return address to the stack,
it is possible for local stack frame data corruption in leaf functions to
span stack frames if the retguard cookie is not spilled in the function.
In leaf functions on these architectures, now spill the retguard cookie if
the function contains arrays or has variables which have their address taken.
|
|
|
|
Also remove dead DIALOUT macro.
ok mpi@
|
|
|
|
|
|
Changing it from ((condition) || function call) to an if() wrapped
in a do/while is easier to read and more stylistically consistent.
The seterr() function no longer needs to return a value.
From miod@, OK tb@
|
|
From miod@, OK tb@
|
|
by the proper miniroot bsd.rd a bit later.
|
|
Also, the temporary array in nonnewline() can be made static const.
From miod@, OK tb@
|
|
While there, use the length calculated by vasprintf() instead of using
strlen needlessly.
ok claudio florian
|
|
ok florian
|
|
on Amlogic SoCs where amltemp(4) doesn't fully attach before the first
polling timeout runs. This would stop the polling which means there was no
thermal management on these platforms.
ok patrick@
|
|
via dt(4) and btrace(8).
OK mpi@ millert@
|
|
|
|
From gilles@
OK millert@ giovanni@
|
patrick
schwarze
kn
sthen
tb
kettenis
visa
mvs
dlg
jmc
jmatthew
cheloha
bluhm
rob
chrisz
mortimer
jan
nicm
jsg
millert
deraadt
claudio
martijn