Add tar(1) -F option to select write format
We want to move towards 'pax' as the default format for writing, this
option lets users downgrade to -F ustar where the 'pax' format isn't
convenient/usable (same as -x <format> in pax(1)).
-F <format> is more generic than -o/-O. -H (GNU tar) was already used
and we don't want long options so --format (NetBSD/FreeBSD) is excluded
too.
ok sthen@ caspar@ millert@
Correctly detect 'pax' format archives in append mode
We expect that existing pax archives start with a global or extended
header. If they don't, append operations will be done using ustar
format.
Fixes append mode on pax archives where pax(1) would bail out when
appending to pax archives, falsely detecting a mismatch. Reading was
unaffected. Reported by caspar@, ok caspar@ millert@
Fix key share negotiation in HRR case
In the ClientHello retrying the handshake after a HelloRetryRequest, the
client must send a single key share matching the group selected by the
server in the HRR. This is not necessarily the mutually preferred group.
Incorrect logic added in ssl_tlsect.c r1.134 would potentially reject
such a key share because of that.
Instead, add logic to ensure on the server side that there is a single
share matching the group we selected in the HRR.
Fixes a regress test in p5-IO-Socket-SSL where server is configured
with P-521:P-384 and the client with P-256:P-384:P-521. Since the
client sends an initial P-256 key share, a HRR is triggered which
the faulty logic rejected because it was not the mutually preferred
P-384 but rather matching the server-selected P-521.
This will need some deduplication in subsequent commits. We may also
want to consider honoring the mutual preference and request a key
[4 lines not shown]
Prevent toctu issues in static file serving and auto index generation.
This fixes a problem in passing, reported by matthieu@ where httpd
would return 500 Internal Server Error when it could stat(2) but not
open(2) a file. The correct error code is 403.
testing matthieu
ok tobhe, tl;dr ok stsp
input & OK deraadt
Destination addresses make no sense on loopback interfaces.
While here use (variable & FLAG) or !(variable & FLAG) consistently in
in6_update_ifa().
Discussed with claudio
OK denis
Rename bn_expand() to bn_expand_bits().
Also change the bits type from int to size_t, since that's what the callers
are passing and we can avoid unnecessary input validation.
ok tb@
Use route cache function in IP input.
Instaed of passing a struct rtentry from ip_input() to ip_forward()
and then embed it into a struct route for ip_output(), start with
struct route and pass it along. Then the route cache is used
consistently. Also the route cache hit and missed counters should
reflect reality after this commit.
There is a small difference in the code. in_ouraddr() checks for
NULL and not rtisvalid(). Previous discussion showed that the route
RTF_UP flag should only be considered for multipath routing.
Otherwise it does not mean anything. Especially the local and
broadcast check in in_ouraddr() should not be affected by interface
link status.
When doing cache lookups, route must be valid, but after rtalloc_mpath()
lookup, use any route that route_mpath() returns.
OK claudio@
Run raw IPv6 input in parallel.
Get rip6_input() in the same shape as rip_input(). Call
soisdisconnected() from rip6_disconnect(). This means that the raw
IP socket cannot be reconnected later. Now raw IPv6 behaves like
IPv4 in this regard, KAME code is quite inconsistent here. Also
make sure that there is no race between disconnect, input and wakeup.
The inpcb fileds inp_icmp6filt and inp_cksum6 are protected by
exclusive net lock in icmp6_ctloutput(). With all that, mark raw
IPv6 sockets to handle input in parallel.
OK mvs@
Call bufq_destroy() in swap_off for the VREG case since swap_on() called
bufq_init(). Similar issue as the use-after-free in mfs.
Missing call noticed by jsg@
OK deraadt@ mpi@
Call bufq_destroy() in mfs_reclaim() before freeing the mfsnode.
This fixes a use-after-free bug in bufq_quiesce() once a mfs partition
was unmounted.
OK mpi@ deraadt@
Prevent a NULL dereference in error code path.
Under memory pressure allocating an amap chunk can fail. In such case it
is not possible to call amap_wipeout() because the newly allocated amap
isn't yet on the global list.
Issue reported by bluhm@, ok jsg@
Don't take solock() in soreceive() for udp(4) sockets.
These sockets are not connection oriented, they don't call pru_rcvd(),
but they have splicing ability and they set `so_error'.
Splicing ability is the most problem. However, we can hold `sb_mtx'
around `ssp_socket' modifications together with solock(). So the
`sb_mtx' is pretty enough to isspiced() check in soreceive(). The
unlocked `so_sp' dereference is fine, because we set it only once for
the whole socket life-time and we do this before `ssp_socket'
assignment.
We also need to take sblock() before splice sockets, so the sosplice()
and soreceive() are both serialized. Since `sb_mtx' required to unsplice
sockets too, it also serializes somove() with soreceive() regardless on
somove() caller.
The sosplice() was reworked to accept standalone sblock() for udp(4)
sockets.
[11 lines not shown]
