Add support for external account binding. If we're creating a new account
with the ACME CA, and we have an EAB key and key ID specified with the new
-e command line argument, compute the required hash of the account details
and include it in the new account request.
feedback from florian@ and tb@
tested against security/pebble and Digicert by me, and against Actalis by
rroadrrunner at proton dot me.
ok florian@ tb@
Attach ksmn(4) on 19h/1x devices
Tested on:
cpu0: AMD EPYC 9354P 32-Core Processor, 3250.01 MHz, 19-11-01, patch 0a101154
and fix the assertion ksmn_ccd_attach to allow for devices with 12 CCDs.
ok brynet@ claudio@
Replace assert() with a graceful failure by aborting the http request.
An overlong HTTP line can fill the receive buffer to its max but then
http_get_line() would still return NULL trying to read more data.
Since the buffer is full the assert would trigger. Now the http request
is terminated.
Reported by Frank Denis
OK tb@
For bgpctl show mrt detail print the last change time as an ISO format time.
If abs_time is set then switch fmt_monotime() to absolute timestamps.
This uses monotime_to_time, gmtime and strftime("%FT%TZ") to get an
ISO format timestamp string.
While there also adjust get_rel_monotime() to be more like
monotime_to_time() and stop treating negative numbers as error.
In fmt_monotime() check the monotime against 0 to print 'Never' for timers
that are not running.
With this bgpctl show mrt detail prints:
Last update: 2019-05-08T20:03:06Z
OK tb@
rfc3779 test: exercise IPAddressFamily_cmp a bit more
This populates an IPAddrBlocks object with not all that sensible data and
tests behavior of serialization and deserialization of this thing. Prior
to x509_addr.c rev 1.96 this would call memcmp() on NULL.
Implement a better fix. The previous fix allowed to overflow in a
different spot. This would still only lead to a crash, and would only be
reachable by arbitrary users if the admin enabled the agentx socket, and
set custom permissions.
OK deraadt@, mvs@
mention that compression could potentially leak information about session
contents (cf. the CRIME attack on TLS) if a connection allows attacker-
controlled traffic over it alongside trused traffic. This might occur
in some forwarding scenarios.
with deraadt@
In the vscsi_callback() handle ISCSI_SCSI_STAT_CHCK_COND more carefully.
Especially the embedded sense data needs to be extracted respecting the
real buffer length. Make sure at least 2 bytes are availabe for the lenght
and also check that the resulting len is not bigger then the buffer
itself.
Reported by Frank Denis
OK deraadt@
Introduce a force_update flag to force pend_prefix_add() calls
in adjout_prefix_update().
peer_dump() can be called with a preloaded Adj-RIB-Out and in that case
the code needs to force updates out. This is done instead of walking the
table twice -- once with peer_dump() and then with peer_blast().
Using the force_update flag there ensures that all entries are properly
sent to the peer.
OK tb@
sndiod: Allow control slots to have NULL opt pointer
This case is not encoutered yet, but to control non-audio properties
the control slots must work with no opt structure.
Adjust last commit, the loop termination was not quite correct.
Set pte to NULL before the inner pt_get loop so that the outer
loop terminates correctly on (!found && pte != NULL).
Since pte is NULL now plen needs to be set earlier as well.
OK tb@
Use clearer semantics on how rde_generate_updates is called.
Adjust prefix_evaluate and prefix_evaluate_nexthop so that
rde_generate_updates() is only called with a few options.
Either new is valid or old is valid. If both are invalid then
there is no need to call rde_generate_updates(). If both are
valid only new matters and old_pathid_tx is set to 0.
In prefix_evaluate() most calls are with either new or old set to NULL.
If both are set then new->path_id_tx == old->path_id_tx.
In prefix_evaluate_nexthop() if old was valid then new becomes invalid
but if old was invalid new may still be invalid.
OK tb@
Respect RTR min-version in the implicit downgrade path and release
activity lock when closing the connection.
Check min_version in the implict downgrade case and error out if the
suggested version is too low. Also trigger the RTR_EVNT_NEGOTIATION_DONE
event only after parsing all of the header. If the PDU was bad don't
trigger this event.
In the rtr_fsm() when closing a connection check the state of the
active_lock and if the lock is held, reset the cache, release the lock and
recalculate the sets. The internal state is corrupt if a connection error
triggerd during an exchange so it makes no sense to carry a bad cache
around.
OK tb@
sndiod: Add a reference counter to the port structure
Using a counter is simpler than (ab-)using the midi endpoint bitmaps
to figure out if the port is in use. In turn this allows holding a
reference to the port without involving midi endpoint
connections. This change also reduces the differences between MIDI
ports and audio devices: less logic, less bugs.