| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
remove handling of 206 Partial Content (the client does not use range
headers). Report the Last-Modified timestamp back to the requestor and
switch OK to a enum value for (FAIL, OK and NOT MODIFIED).
OK tb@
|
| |
|
|
|
| |
a string plus length. Preparation work for RRDP.
OK tb@
|
| |
|
|
|
| |
a Content-Length header). HTTP RFC 7231 section 4.3.2.
found by niklas@, claudio@ agrees.
|
| |
|
|
|
|
|
|
|
|
| |
readable output for very long timeouts to prevent overflow.
While here add years and days.
Days might actually show up in normal leases. Years is to catch
"infinity" which is encoded as UINT32_MAX and used by vmd(8).
Previously we would overflow, wrap to negative which then got
transformed to 0s.
Pointed out by Dave Voutila while working on the vmd(8) dhcp code.
|
| |
|
|
|
|
| |
path. These have to be dropped or every subsequent call will cause decrypt
errors. Use a sequence number cookie to keep the systems in sync.
Diff from niklas@ with some minor adjustments by myself.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Diff from Preben Guldberg < preben at guldberg dot org>, thanks!
In "vmctl status", VMs that are being stopped but are still running
will simply show up as "running".
Give preference to showing the "stopping" state akin to how a paused
VM is handled.
Tested by Dave Voutila
OK tb
|
| |
|
|
| |
with "temporary".
|
| | |
|
| |
|
|
| |
ok mpi@ kn@
|
| |
|
|
|
| |
it will show just OpenBSD while -portable will show the portable version.
OK sthen@, tb@, kn@
|
| |
|
|
|
|
| |
Using the -t option relative locations can be passed as tal locations
and so the process can not chdir until these files were read.
OK job@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Diff and (slightly tweaked) text below from
Dave Voutila < dave at sisu dot io >, thanks!
--
Since 6.7 switched to FFS2 as the default filesystem for new installs,
the ability for vmd(8) to load a kernel and boot.conf from a disk image
directly (without SeaBIOS) has been broken.
A diff from tb to add FFS2 support never mdae it into the tree.
On 5th Jan 2021, new ramdisks for amd64 have started shipping gzipped,
breaking the ability to load the bsd.rd directly as a kernel image for a vmd
guest without first uncompressing the image.
Using BIOS works, the FFS2 change happend ten months ago and few if any have
complained about the breakage. vmctl(8) is still vague about supporting it
per its man page and one still has to pass the disk image twice as a "-b"
and "-d" argument to boot an OpenBSD guest *without* BIOS.
Josh Rickmar reported the gzip issue on bugs@ and provided patches to add
support for compressed ramdisks and kernel images. The easiest way to do so
is to drop support for FFS images since they require a call to fmemopen(3)
while all the other logic uses fopen(3)/fdopen(3) calls and a file
descriptor. It is much easier to get thsoe patches merged if they don't
have to account for extracting files from disk images.
--
No objections anyone
"Removing it makes sense" reyk (who wrote the FFS module)
OK mlarkin
|
| |
|
|
| |
ok claudio
|
| |
|
|
|
| |
error upwards since a NULL return represents a bad-URI.
Diff originally from tb@
|
| |
|
|
|
|
|
| |
A malformed URI such as "https://[::1/index.html" causes a NULL access
in the hosttail[1] == ":" check.
ok claudio
|
| |
|
|
|
|
|
| |
compare it to -1. Instead use a temp variable and assign to bufsz after
the -1 check.
Also add errx() calls after the switch statements in the FSM functions.
OK job@ tb@
|
| |
|
|
|
| |
to realize that the pids are initialized if !noop and not accessed if noop.
OK job@ tb@
|
| |
|
|
|
| |
anymore.
OK job@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
returned by adjtime(2) from the kernel. T1 is local time when the
NTP packet is sent and T4 when the response is received. If between
these events a NTP reply from another server is received, it may
change the kernel offset with adjtime(2). Then the calulation of
the client offset was done with different bases, the result was
wrong and the system time started moving around.
So instead of correcting T1 and T4 individually at different events,
correct their sum once.
Error handling was missing if there is no timestamp in the response.
As this should not happen in our kernel, fatal() is appropriate.
tested by weerd@; OK claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The control socket is not unveiled, therefore accounting would report
unveil violations whenever apmd(8) stopped (normally).
As discussed and done with other daemons such as relayd which also employ
no pledge (due to inherent limitations) but unveil effecting all of /,
simply stop removing the socket upon exit and leave it to the next apmd
which completely sets up its control socket anew at startup.
Violations reported by anton
Feedback OK semarie mestre
|
| |
|
|
| |
Use st_blksize to set high water mark; florian@
|
| |
|
|
|
|
|
|
|
| |
- create an element that accumulates version values for when we have
several
- actually use compare on version values instead of hardcoding the
difference
no functional change
|
| |
|
|
|
|
| |
an array that is reallocated during runtime. With this the entityq can
move back into struct repo.
OK tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Pledge is not possible due to the ioctls, but as apmd hoists both the
control socket and apm device early at startup and only ever possibly
executes scripts under /etc/apm/, hiding the rest of the filesystem
becomes easy.
Technically, only "x" is required to traverse the directory and run
scripts, but apmd carefully access(2) each script, which requires
the read bit regardless of the permission bits being tested.
OK mestre
|
| |
|
|
|
|
| |
The repo structs are reallocated during runtime and so the back pointers to
the head element of the TAILQ get corrupted.
Noticed by tb@
|
| |
|
|
|
| |
just drop the entity queue element.
OK benno@ tb@
|
| |
|
|
|
| |
Simplifies the code a fair bit.
OK tb@
|
| |
|
|
|
|
|
| |
reduce size. Allows a clang 11 amd64 release to complete without
overflowing the floppy image.
ok kettenis@ deraadt@
|
| |
|
|
|
|
|
| |
issue hit by florian@
diff by jsing@
ok tb@
|
| |
|
|
|
|
| |
couldn't handle ICCN message which has a ProxyAuthenChallenge AVP
longer than 24 octets. Juniper actually send such challenges.
Reported and tested by Ryan Freeman.
|
| |
|
|
| |
ok yasuoka@
|
| |
|
|
|
|
| |
that the order does not matter so simplify the code and just walk the
list twice. Add the .crl first and then in the second round all other files.
OK job@
|
| |
|
|
|
|
| |
anymore after moving it from its own subprocess to snmpe.
feedback and OK jan@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
are started before syslogd(8). This resulted in ugly sendsyslog(2)
dropped logs and the real message was lost.
Create a temporary stash for log messages within the kernel. It
has a limited size of 100 messages, and each message is truncated
to 8192 bytes. When the stash is exhausted, the well-known dropped
message is generated with a counter. After syslogd(8) has setup
everything, it sends a debug line through libc to flush the kernel
stash. Then syslogd receives all messages from the kernel before
the usual logs.
OK deraadt@ visa@
|
| |
|
|
|
|
|
| |
For nexthops it is fine if they point to NULL. This is used in local
announcements. Only if they point to a real struct the state must be
NEXTHOP_REACH.
Bug reported by and OK florian@
|
| |
|
|
|
|
| |
and installing USD/SMM/PSD docs.
jmc@ agrees with the direction, ok millert@ on an earlier diff
|
| |
|
|
|
|
|
| |
dns for the peer address.
spotted by krw@
ok krw@ tb@
|
| |
|
|
|
|
| |
The subclass arrays have to be empty.
OK deraadt@
|
| |
|
|
|
| |
RRDP will add a bunch more checks so this makes even more sense.
With and OK tb@
|
| |
|
|
|
| |
be used by the RRDP code as well.
OK tb@
|
| |
|
|
| |
OK dlg@
|
| |
|
|
|
|
|
|
|
|
| |
Note that it changes the way SNI works: The certificate to use is now
selected by looking at the names found in the certificates themselves,
rather than the names of the pki entries in the configuration file.
The set of certificates for a tls listener must be defined explicitly by
using the pki listener option multiple times.
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok claudio
|
| | |
|
| |
|
|
| |
everything. Oups.
|
claudio
benno
florian
kn
jmc
jmatthew
tb
bluhm
otto
espie
sthen
jsg
eric
yasuoka
patrick
martijn
jan