www/firefox-esr: add some missing unveils
- content process already accesses /etc/localtime, add /usr/share/zoneinfo
- main process already has /usr/share/zoneinfo, add /etc/localtime
- main process sometimes parses /etc/hosts (mostly on network.trr.mode
changes ?) so unveil it.
- unveil.socket is wrong but time is running out, and the socket process
isnt used much anyway (network.http.network_access_on_socket_process.enabled defaults to false)
required by upcoming changes to pledge/unveil
www/mozilla-firefox: add some missing unveils
- content process already accesses /etc/localtime, add /usr/share/zoneinfo
- main process already has /usr/share/zoneinfo, add /etc/localtime
- main process sometimes parses /etc/hosts (mostly on network.trr.mode
changes ?) so unveil it.
- unveil.socket is wrong but time is running out, and the socket process
isnt used much anyway (network.http.network_access_on_socket_process.enabled defaults to false)
required by upcoming changes to pledge/unveil
make uvm_io.c build conditional to save space on ramdisks
uvm_io() calls in kern_sysctl.c are under #ifndef SMALL_KERNEL
sys_process.c has a uvm_io() call but is only built for ptrace | dt
feedback from miod@
Remove custom Rx A-MPDU reordering code from iwx(4).
The equivalent code was deleted from iwlwifi in 2023. It is only needed for
iwm 9k devices running with multiple Rx queues. AX200 and later devices do
Rx reordering in firmware and provide flags the driver can check to avoid
sending duplicate frames up the stack.
See linux.git commit 29fa9a984b6d1075020f12071a89897fd62ed27f
and linux.git commit ff8e3a40d78bc414213b2724ad775adf98780a5a
ok phessler@ kettenis@ kevlo@
Tested:
AX200: jmc, stsp
AX210 (MA): kettenis, kevlo
AX211 (BZ): stsp
Prevent fatal firmware errors on iwx(4) Bz devices when forcing 11a/b/g mode.
Avoid enabling wide channels or MIMO in firmware Tx rate selection if we are
running in 11a/b/g mode.
Honour the "nomimo" network flag in any mode.
ok phessler@
Tested:
AX200: stsp
AX201 (MA): kettenis, kevlo
AX211 (BZ): stsp
libsndio: Make sio_sun_xrun() backend-independent
The sio_sun_xrun() function uses only the sio_hdl field of the
structure passed as its first (and only) argument. Change the function
to take a sio_hdl pointer instead. This hides all audio(4)-specific
data and makes clear that the function is not related to the audio(4)
API.
No behavior change.
unveil ssh-pkcs11-helper too; fixes breakage spotted by anton@
If SK/P11/askpass is overridden by environment, only unveil the requested
path and not both the requested one and the default.
feedback/ok deraadt@
Use __pledge_open(2) for files that libc urgently needs even in lower
promise levels. You must be running a kernel at least 4 days old.
Soon, another commit will happen that breaks compatibility even further,
and you'll need new static binaries and new libc.so, along with a new
kernel. This removes an old pledge design decision which is weak.
Long discussions with david leadbeater and beck
