Fix an inversed if-condition in ieee80211_michael_mic_failure()
Make the check for 60 seconds since the most recent previous MIC failure
work as intended. The code was enabling TKIP countermeasures if 60 seconds
have passed since the previous MIC failure. The intention is to enable
countermeasures only if less than 60 seconds have passed.
LLMS got very excited about this, even though nobody is expected to be
running an access point with WPA1 enabled in 2026.
TKIP is disabled by default. We keep it around just in case we need to
connect to the world via a forgotten 802.11g era AP out in a desert.
rpki-client: only output config files on successful run
While the suggested cronjob is 'rpki-client -v && bgpctl reload' and thus
only reloads bgpd if rpki-client completes successfully, the output logic
creates a config file that might still be loaded by an operator by hand.
If an error occurred in one of the subprocesses, only output ometrics (if
requested) and do not generate bgpd, bird, csv, json, and ccr.
ok claudio job
Fix a potential 1-byte buffer overflow in usbd_get_string_desc(). The code
allows for a transfer of up to 255 bytes but the struct behind the
usb_string_descriptor_t type is only 254 bytes. This is because USB
strings are UTF-16 and that leaves a single byte that can't be used in
a meaningful way. So truncating transfer to 254 bytes should not break
devices that are already broken. Found by Andrew Griffiths.
ok jsg@, deraadt@
link redis/main (8.8.0) to the build, but with a MESSAGE mentioning the
problems seen in tests. (I wasn't able to repeat the same problems with git
head yet, but it's painful to bisect via the ports tree as it needs some
manual fiddling to avoid over-long directory names...anyway this gets 8.x
into portroach so it'll be easier to pick up updates, and for anyone else
that wants to test/provide feedback).
Convert display-panes away from an overlay and into a mode. This is
another step on the road of getting rid of overlays altogether (they are
full of special cases; popups and menus are to go also eventually). We
lose some of the styling of borders but gain the ability to run
display-panes in another pane (perhaps not hugely useful but one never
knows). The -b flag goes away as no longer useful.
drop RDEP on gobject-introspection, actually only needed as a BDEP
(message says "Run-time dependency" but aja@ points me at this being done
automatically by meson gnome.generate_gir).
add MODTCL_VERSION=8.6 to redis/bsd, stu@ is planning to change the
default to 9 and tests in this version of redis have "package require
tcl 8.5" (which is >=8.5, <9).
redis/main tests fail in the same way with Tcl 9 as they do with 8.5
and 8.6.
Use SHA1Final() in libskey.
S/KEY requires hash output in little endian form, while SHA-1 produces big
endian output. Rather than using SHA1Pad() and then reaching into the SHA-1
state directly, use SHA1Final() and then convert to little endian using
be32toh/htole32.
ok claudio@ millert@ tb@