Also batch retries of non-functional CAs based on their Rsync base URI
While there, ensure RRDP URIs are ignored when batching in Rsync-only mode.
OK tb@
Properly apply constraints to BGPsec Router certs.
The goal is to just warn about overclaiming intermediate certs but
BGPsec Router Keys are also certs and those should use strict constraint
validation.
OK tb@
acpidmar(4): Unload maps before destruction
Remove dmar_dumpseg() as dmar_dmamap_unload() also calls dmar_dumpseg().
This changes slightly the trace output with enabled debugging. But
avoids duplicate information.
ok kettenis@
sndiod: Remove the app/xxx.level controls before exit
All other structures are freeed before exit; this mostly reduces the
noise in malloc(3) leak reports.
sndiod: Don't pre-allocate the resampling history buffers
The max resampling history buffer is not few bytes anymore. Instead,
allocate a buffer of the needed size, only when the client requires
resampling. Saves around 8MB in the bss section.
Escape label values and help text according to OpenMetric ABNF
In rpki-client we pass URIs as labels and those URIs could include a
double quote char which needs escaping. Implement this similar to
how it is done in json.c. While there also handle the case for the
help text even though those strings are hard coded and clean.
OK tb@
Use the fusefs_mount pointer instead of the fuse device as a component
of the inode hash.
This ensures that the inode hash will always be unique for each
mounted file system. Using the device numbers of the cloned /dev/fuse0
device can result in a kernel panic if the fuse device is closed
but the file system remains mounted and another fuse file system
is mounted using a recycled device minor.
OK claudio@
sndiod: Don't forget to call slot_detach() for drained slots
Each call to slot_attach() must have a matching slot_detach() call.
Not doing so may cause memory leaks.
libsndio: Upon xrun, reset the number of unreported clock ticks
On xrun, the device is restarted and its state is restored, which
includes the clock position. Not resetting the pending (i.e.
unreported) clock ticks counter will shift the clock to a wrong
position, causing programs to misbehave.
pf(4) fix NULL pointer dereference in outbound packet path.
Outbound packet which matches rule with source limiter attached,
for example:
source limiter "crash" id 1 entries 10000 limit 1000
pass out from any to any source limiter "crash" keep state
triggers a NULL pointer dereference.
The issue was kindly reported and initial version of fix
submitted by SecBuddyF, Tencent KeenLab.
The submitted diff fixed the issue for failing look up by destination
address in outbound packet. dlg@ also pointed out the change should
be further improved so NULL pointer dereference is avoided when rule
uses nat-to/rdr-to option.
OK dlg@