Send the new system statistics command if supported by iwx(4) firmware.
This will be needed for BZ devices.
ok phessler@, kettenis@
Tested:
AX200: stsp
AX201: kirill
AX210 (MA): kettenis
AX211: phessler
AX211 (BZ): stsp
Further improve the log messages for attribute parse errors.
Add an extra case for the case where the length of the attribute
overflows the attribute buffer. This is a reasonably common issues
and therefor the extra message that includes attribute, flags and length.
OK tb@
Fix in the OTC attribute parser for ROLE_PEER.
For sessions with peer role the ASnum of the OTC attribute is compared to
the remote ASnum of the session. At that point in the parser the data
should not be consumed. So use an extra temporary buffer to extract the
OTC value. This is similar to the case in ATTR_AS4_AGGREGATOR where the
same trick is used.
OK tb@
Adjust mrt config setting of the group id.
The code in the session engine expect group id to be 0 for any case where
only a single peer is targeted. Only set the group id for group matches.
Adjust the logic in printconf.c to follow this behaviour. Add a comment
to better explain why the logic is the way it is for future me.
OK tb@
Move banner exchange to sshd-auth process
Previously, exchange of the initial SSH- banners was performed
by the privileged sshd-session monitor. This moves it to the
unprivileged sshd-auth subprocess, removing ~200 LoC from the
monitor's privileged attack surface.
The monitor gains a new "setcompat" RPC to allow sshd-auth to
inform it of bug compat flags picked up from the client's banner.
feedback dtucker@, ok markus@ deraadt@
These programs are using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
this is errata/7.7/023_tmppath.patch.sig
These programs are using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
this is errata/7.8/017_tmppath.patch.sig