ipsec panic early

Hi, Instead of printing a debug message at the end, panic early if the IPsec security protocol is unknown. ok? bluhm Index: netinet/ipsec_input.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_input.c,v retrieving

Re: Atomic copyin(9)/copyout(9) for amd64

> Date: Tue, 2 May 2017 15:52:56 + > From: Visa Hankala > > On Mon, May 01, 2017 at 06:02:24PM +0200, Mark Kettenis wrote: > > The futex(2) syscall needs to be able to atomically copy the futex in > > and out of userland. The current implementation uses copyin(9) and > >

ksh(1): UTF-8 column count bug

Hi, I recently encountered a bug in ksh(1)'s emacs mode while running from xterm(1). How-to reproduce: 1. Insert a sequence containing at least one UTF-8 character until the line exceeds the last column, triggering horizontal scroll. 2. Moving backwards using any motion (^A, ^B, ^[b) fails

Re: ksh(1): UTF-8 column count bug

On Thu, May 11, 2017 at 03:36:17PM +0200, Ingo Schwarze wrote: > Hi, > > i checked Anton's analysis and believe it is completely correct. > Any OKs to commit? ok

Re: IPsec forward policy check in ip6_input

On Thu, May 11, 2017 at 01:36:51PM +0200, Mike Belopuhov wrote: > Maybe we should move ip_input_ipsec_fwd_check into the ipsec_input.c > and give it a better name like ipsec_forward_check? This function > doesn't do any IPv4 or IPv6 specific dances anyways. There are more such functions:

Re: ksh(1): UTF-8 column count bug

Hi, i checked Anton's analysis and believe it is completely correct. Any OKs to commit? See below for details. Yours, Ingo Anton Lindqvist wrote on Thu, May 11, 2017 at 08:02:59AM +0200: > I recently encountered a bug in ksh(1)'s emacs mode while running from > xterm(1). How-to reproduce:

[PATCH] typo in src/bin/ksh/README

Hi all, I've got a small diff which fixes a typo in the README file. While there, I have removed a hyphen from "PD-ksh" as it does not appear in any of the other files. Also, the first line has been changed on purpose to highlight the fact that BOM[0] had been introduced here, most likely by

Re: IPv6 IPsec transport pf

On Mon, May 08, 2017 at 20:22 +0200, Alexander Bluhm wrote: > Hi, > > IPv6 IPsec transport mode does not work if pf is enabled. The > problem is that the decrypted packets in the input path are not > checked with pf(4). So if you have stateful filtering on enc0 (the > default) direction aware

Re: IPsec forward policy check in ip6_input

On Thu, May 11, 2017 at 13:11 +0200, Alexander Bluhm wrote: > Hi, > > ipv4_input() checks the IPsec policy for forwarding and local > delivery. Such code is missing in IPv6, the behavior is different. > > Start using the forwarding check also in ip6_input(). While there > avoid an ugly #ifdef

Re: [PATCH] Clean up obsolete information in gettimeofday.2

On Sat, 29 Apr 2017 23:05:45 +0900, Bryan Linton wrote: > Is this worth deleting now that struct timezone *tzp is no longer > used? Actually, gettimeofday(2) will fill in struct timezone *tzp if it is non-NULL. It is still possible to set the time zone via the TIMEZONE kernel option. However,

Fix comment into sys/dev/acpi/acpibtn.c

I think this comment was copy-pasted as is from the comment some lines below, but this is about hibernation, not sleep. Ok? Index: acpibtn.c === RCS file: /cvs/src/sys/dev/acpi/acpibtn.c,v retrieving revision 1.44 diff -u -p -u -p

IPsec forward policy check in ip6_input

Hi, ipv4_input() checks the IPsec policy for forwarding and local delivery. Such code is missing in IPv6, the behavior is different. Start using the forwarding check also in ip6_input(). While there avoid an ugly #ifdef in ipv4_input(). ok? bluhm Index: netinet/ip_input.c

Convert explicit_bzero+free to freezero on smtpd(8)

Hi, This converts explicit_bzero+free to freezero on smtpd(8). OK? Index: ca.c === RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v retrieving revision 1.26 diff -u -p -u -r1.26 ca.c --- ca.c9 Jan 2017 09:53:23 - 1.26 +++