pfctl(8) parser must not ignore error from pfctl_optimize_ruleset().
Ignoring the error may cause pfctl(8) to load inconsistent ruleset
preventing pf(4) to enforce desired policy.
Issue reported and fix suggested by berts _from_ fastmail _dot_ com
'Looks good.' @deraadt
sync iwx(4) RX descriptor status field with firmware layout
Same change was made in iwlwifi about 6 years ago.
See linux.git commit e365e7de63e5b612d94fb433e38d9414de811f7d
This matters to us now that we started looking at Rx status bits
beyond 16 bits in order to check for duplicate subframes in A-MPDUs.
Found by Coverity (CID 1670294)
pointed out by and ok jsg@
Fix support for some older iwx(4) devices broken by changes for BZ support.
Keep hardware revision info sent to firmware intact for older devices.
BZ devices store parts of hardware revision information in a new place.
I accidentally changed the information sent to older devices, which broke
firmware loading on a subset of AX201/AX210 devices.
Reported to me by several people, thanks!
This fix is based on a patch by David Leadbeater.
xargs(1): bump posix spec to 2024
The spec now documents -0 and -r.
In addition, the spec notes that specifying both -0 and -E are mutually
exclusive, leaving the actual behavior unspecified.
ok deraadt@, guenther@ on the spec version bump
ok millert@ on documenting the interaction between -0 and -E
rfc3779 regress: add an actual range
This improves the test coverage of make_addressRange() where there is an
annoyance with unused bits in the RFC 3779 ASN.1 encoding versus trailing
ones in the network encoding that the X509v3_addr_add_range() API expects.
When pledged, if a process receives a bad descriptor the receiver should
not be killed. The EPERM approach used for other conditions is good enough.
Report from Henry Ford
this will be errata 7.8/022_recvfd.patch and 7.7/028_recvfd.patch