make authorized_keys "restrict" keyword apply correctly to tunnel
forwarding (which is administratively disabled by default).
Reported by Erichen, Institute of Computing Technology,
Chinese Academy of Sciences
Handle allocation failure and track correct mbuf length in IPComp.
In swcr_compdec() m_copyback(M_NOWAIT) may fail, but the error is
not checked. The mbuf chain could be too short, but the expected
length is returned as result. Then ipcomp_input() will not set
m->m_pkthdr.len to the actual length of the mbuf chain. This only
affects decompression, other cases do not need additional memory
for enlarging.
OK deraadt@
sysv_sema: Use better sleep addresses
the sema array itself is used to derive wait channels. It may be re-
allocated when resized. The old array gets lost and so do the wait
channels. Thus waiters will never be woken up again. The sema array
holds pointers. Use those as wait channels instead, the backing objects
live long enough.
ok mvs@
sys/cnmac: increase command buffer pool from 32 to 256 entries.
With the current limit, two stalled output ports can exhaust this shared
resource and eventually prevent all ports from transmitting packets.
OK: visa@
Remove adjout_prefix_free() and its use in adjout_prefix_unlink() instead
use tombstones in the adjout array for empty/unlinked entries and collect
them later via adjout_prefix_collect().
adjout_prefix_first() and adjout_prefix_next() return direct pointers
into the adjout prefix array and adjout_prefix_free() reshuffles entries
so the pointers returned by first/next are no longer valid. By using
tombstones the array pointers remain intact and it is possible to walk
the array.
Once done with the pt_entry adjout_prefix_collect() is called and it will
collect all tombstones. Again after calling adjout_prefix_collect() any
pointer into the adjout array is most probably invalid.
While this solves the problem with prefix withdraw it does not solve
addition of new entries. The good thing is that there is no code path
that would require such an operation.
On top of this the adjout_prefix_dump_r() has to walk all prefixes since
[3 lines not shown]
rpki-client: simplify absence of SIA handling for BRK and RSC
While RFC 6487, 4.8.8.2 clearly mandates the presence of the SIA extension
for all EE certificates, there are two exceptions. BGPsec router keys are
known to be special for no good rason, and they uphold this tradition and
the EE cert of RSCs doesn't have a SIA since that makes sense for things
that aren't distributed via the RPKI repository system.
The logic allowing these special snowflakes is currently quite contorted.
Simplify the comment to omit unnecesary fluff and implement the logic to
match the comment precisely, also suppressing a duplicated warnx(). This
does not really change anything but is much easier to follow.
ok claudio
more cleanup on close to avoid a use after free
In Linux, some driver specific cleanup is handled with the release
function pointer in struct file_operations.
For amdgpu, this was changed in Linux 6.16 from drm_release() to
amdgpu_drm_release(). Add a file_close function pointer to
struct drm_driver so we can call a function that does the same cleanup.
found by gnezdo@ with KASAN
ok gnezdo@
fix "ifconfig vebX -tagged ifX"
it was wired up in the code to expect an extra argument, which isn't
needed or expected as it is meant to clear all the tags on the
interface.
found by and fix identified by scott colby on bugs@
thanks scott
unlink the transformed temporary file on every commit failure
queue_message_commit() left the .comp/.enc temporary behind on an ENOSPC
rename failure and on the shared err path, so repeatedly triggering
transform or out-of-space failures accumulated orphaned files. unlink
tmppath on all of those paths.
from Andrew Griffiths, ok op@