regress/mmap: Test hints in VM-area edge cases
Test mmap(2) with hint above VM_MAXUSER_ADDRESS without MAP_FIXED.
This tests uvm_map.c,v 1.355.
Also test the lower boundary below PAGE_SIZE.
ok kettenis@
Security update to vaultwarden-1.35.4
This release contains security fixes:
- GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to
access a cipher from a different user (fully encrypted) if they
already know its internal UUID.
- GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with
manager-level access within an organization to modify collections they
can access, even if they do not have management permissions for them.
- GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with
manager-level access within an organization to modify collections they
are not assigned. These are private for now, pending CVE assignment.
Changes: https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.4
OK kirill@
update to freerdp-2.11.8
remove PORTROACH marker, this is the last 2.x release (updating is
blocked, 3.x needs a more complete posix timers implementation)
pledge "tmppath" goes away because it sucks. The history is kind of
sad: unveil(2) was invented by Bob Beck and myself because a couple
of us struggled and couldn't expand the "tmppath" mechanism to general use.
unveil(2) ended up being kind of "upside down" different, and so we never
deleted "tmppath" because the refactorings seemed complicated.
However over the last two weeks, we're removed all the "tmppath" in base
pretty easily, and the 18 ports using it have also been fixed.
The majority of situations now use unveil "/tmp" "rwc", unveil "/" "r" or
similar, and then pledge "rpath wpath cpath", and this is generally needed
to satisfy the mkstemp(3) family of functions in libc.
Use of "tmppath" will now cause pledge(2) to return EINVAL. There is
no backwards compatible way of mimic the behaviour correctly using
kernel-internal unveil hackery.
Prompted by a report from David Leadbeater; and extensive conversations
with beck and semarie.
Update various lifetimes.
This raises the router, dns and nat64 lifetimes from 30 minutes to 60
minutes and lowers the prefix valid lifetime from 90 minutes to 60
minutes.
This brings us in line with the values of draft-ietf-6man-slaac-renum
which is going to be published soon.
Aligning all these lifetimes to a single value (60 minutes) makes
sense because the information is transmitted in one router
advertisement packet. It does not make sense for one piece of
information to time out before another.
OK phessler
Call igmp_sendpkt() and mld6_sendpkt() with pktinfo argument.
Gather all information needed to send an IGMP or MLD6 packet in a
struct pktinfo. This allows splitting access to multicast data
structures from sending packets. Then adding locks to multicast
will be easier.
OK mvs@
Fix build with newer versions of gradle by setting LC_CTYPE="en_US.UTF-8"
in the env. Also be more verbose when building. No change to package so
no bump. From Mikolaj Kucharski.
Removing databases/puppetdb, sysutils/ruby-facter, sysutils/puppetserver,
sysutils/ruby-puppet, sysutils/ruby-puppetserver-ca.
openvox equivalents will take over.
OK kn@
Add @pkgpath and @conflict to openvoxdb, openvox-server, i
ruby-openvoxserver-ca, ruby-openvox, ruby-openfact and package renamings i
from puppet -> openvox equivalents to provide a working upgrade path.
OK kn@