Don't ktrace pledge if it is not enabled.
Index: sys/kern/kern_pledge.c
===
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.170
diff -u -p -r1.170 kern_pledge.c
--- sys/kern/kern_pledge.c 7 Jun 2016 01:31:54 -00
No problem, I undid that bit.
Thanks all.
On Mon, Jun 20, 2016 at 11:32 AM, Ted Unangst wrote:
> Brent Cook wrote:
> > diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c
> b/src/lib/libssl/src/crypto/dsa/dsa_key.c
> > index 2968fa2..e01bacb 100644
> > --- a/src/lib/libssl/src/crypto/dsa/dsa_k
sven falempin(sven.falem...@gmail.com) on 2016.06.20 17:38:40 -0400:
> Dear Tech Readers,
>
> in a pf.conf file one can do
> "silly things" = egress
Thanks for your diff, but
one, i dont think spaces in macros are useful in pf.conf.
second, we want to keep this consistent across all the parse.y
Alexander Bluhm(alexander.bl...@gmx.net) on 2016.06.21 00:14:19 +0200:
> Hi,
>
> I have seen a problem with pf divert when the dynamic port in a nat
> rule got reused. The function pf_state_key_attach() reused the
> state as it was in TCPS_FIN_WAIT_2. The corresponding socket was
> not reused, a
On Mon, Jun 20, 2016 at 12:34:17PM +0200, Stefan Sperling wrote:
> I found that my 8260 iwm(4) device has trouble associating to my 5 GHz
> AP, which runs OpenBSD with athn(4) in hostap mode. Most of the time
> it won't even get a DHCP lease. Some frames it believes it has sent
> are not even visib
Hi,
I have seen a problem with pf divert when the dynamic port in a nat
rule got reused. The function pf_state_key_attach() reused the
state as it was in TCPS_FIN_WAIT_2. The corresponding socket was
not reused, as the the TCPS_TIME_WAIT case in tcp_input() has
additional checks for timestamps a
>Note that the existing code would have worked just fine if mmap
>returned MAP_FAILED for W^X violations instead of terminating the
>program. Not entirely sure what the long-term plans are.
Yeah, I am not sure of the long-term plans yet either. In discussions
with the ports people the idea was f
Dear Tech Readers,
in a pf.conf file one can do
"silly things" = egress
as defined in parse.y like
varset : STRING '=' varstring {
if (pf->opts & PF_OPT_VERBOSE)
printf("%s = \"%s\"\n", $1, $3);
if (symset(
As reported by several people, mesa contains code that violates W^X.
As a result glxgears aborts when using the swrast driver. The diff
below disables the offending code. The code seems to deal the absence
of W|X memory just fine. There is a fallback path that is also used
on SELinux systems.
N
On 2016 Jun 19 (Sun) at 17:39:53 +0200 (+0200), Sebastian Benoit wrote:
:i would like to make bgpd a bit more quiet.
:
:This type of message
:
: bgpd[59424]: nexthop 1.2.3.4 now valid: via 192.168.0.1
:
:happens quite often depending on your upstreams. This makes it a debug
:message only.
:
:ok?
:
Brent Cook wrote:
> diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c
> b/src/lib/libssl/src/crypto/dsa/dsa_key.c
> index 2968fa2..e01bacb 100644
> --- a/src/lib/libssl/src/crypto/dsa/dsa_key.c
> +++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c
> -#endif
> +#endif
> \ No newline at end of file
ca
On Sun, Jun 19, 2016 at 05:39:53PM +0200, Sebastian Benoit wrote:
> i would like to make bgpd a bit more quiet.
>
> This type of message
>
> bgpd[59424]: nexthop 1.2.3.4 now valid: via 192.168.0.1
>
> happens quite often depending on your upstreams. This makes it a debug
> message only.
>
> ok
On 2016/06/20 16:55, Marc Espie wrote:
> The only thing I'm wondering about is if there's somebody out there who
> just uses the "big integer arithmetic" part of openssl, and doesn't want
> to go libgmp for licensing reasons.
>
> Like, if you're in it for (say) trying to break codes, having code
The only thing I'm wondering about is if there's somebody out there who
just uses the "big integer arithmetic" part of openssl, and doesn't want
to go libgmp for licensing reasons.
Like, if you're in it for (say) trying to break codes, having code that
goes as fast as it can might be useful.
Is
sure.. ok
On Mon, Jun 20, 2016 at 08:35:13AM -0500, Brent Cook wrote:
>
> This fixes a bug where the default certificate path locations would only
> be loaded if the CAfile or CApath locations were succesfully loaded
> first. Original patch from OpenSSL:
>
> https://github.com/openssl/openssl/
Reads good to me, and passes the regress here, so OK from me.
On Mon, Jun 20, 2016 at 04:40:25AM -0500, Brent Cook wrote:
> Hi,
>
> This is a patch from Cesar Pereida, removing support for
> DSA_FLAG_NO_EXP_CONSTTIME by making DSA always operate in constant time.
>
> See https://github.com/li
This fixes a bug where the default certificate path locations would only
be loaded if the CAfile or CApath locations were succesfully loaded
first. Original patch from OpenSSL:
https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190
Noted here on the LibreSSL-portable
* Mike Belopuhov [2016-06-20 00:33]:
> rdr-to/nat-to are not checked on purpose. i'm not certain about
> route-to/reply-to.
indeed, rdr-to/nat-to in the "unnatural" direction DO work, with
caveats. route-to and af-to are different.
as others already pointed out the check should be != PF_IN and
PR_WAITOK implies process context, so IPL_NONE is fine.
this is the same as the ufs change, but in tmpfs.
ok?
Index: tmpfs_vfsops.c
===
RCS file: /cvs/src/sys/tmpfs/tmpfs_vfsops.c,v
retrieving revision 1.8
diff -u -p -r1.8 tmpfs_vfs
> On 18 Jun 2016, at 1:53 AM, Martin Pieuchot wrote:
>
> On 15/06/16(Wed) 11:38, David Gwynne wrote:
>> this tweaks art_walk in preparation for a world where the table may
>> be updated on another cpu.
>>
>> at the moment we're relying on the big lock to serialise updates,
>> so this adds big l
On Mon, Jun 20, 2016 at 12:34:17PM +0200, Stefan Sperling wrote:
> I found that my 8260 iwm(4) device has trouble associating to my 5 GHz AP,
> which runs OpenBSD with athn(4) in hostap mode. Most of the time it won't
> even get a DHCP lease. Some frames it believes it has sent are not even
> visib
I found that my 8260 iwm(4) device has trouble associating to my 5 GHz AP,
which runs OpenBSD with athn(4) in hostap mode. Most of the time it won't
even get a DHCP lease. Some frames it believes it has sent are not even
visible on the air.
The iwm driver still has a copy of code from Linux that s
Hi,
This is a patch from Cesar Pereida, removing support for
DSA_FLAG_NO_EXP_CONSTTIME by making DSA always operate in constant time.
See https://github.com/libressl-portable/openbsd/pull/61 for more
details.
ok?
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h
b/src/lib/libssl/src/crypto/dsa/
iwm(4) should always send multicast frames at the lowest rate.
We probably got lucky and frames were still sent at a compatible rate
via the LQ retry table. But it is better to have an "IS_MULTICAST" check
like other drivers do.
On 5GHz, iwm(4) passes the wrong rate to BPF. This is a cosmetic issu
24 matches
Mail list logo
