Show -o and -a in ssh-keygen(1) synopsis

The ssh-keygen -o flag wasn't listed in the synopsis, and -a was only listed with -T (where it specifies the number of primality tests), not for specifying the number of KDF rounds of new-format private key files. I only tested creating a new private key and conversion of existing keys with -p. I

[PATCH] cu(1) man page: ~>, ~D and restricted mode

Hey, The cu(1) tilde escapes ~C, ~R, ~X, ~$ and ~> are not allowed in restricted mode; however, the man page states that ~D is not allowed and omits the fact that ~> is not allowed. I have a patch below to correct this. Cheers, Kris Katterjohn Index: cu.1

Re: please test: unveil for ifconfig

A bug in the unveil implementation has been found that prevents wifi firmware loading if this diff is applied. On August 2, 2018 7:04:31 PM GMT+02:00, Florian Obser wrote: >I have been told that this is going to fall into snaps soon. If you >are doing weird (or normal) things with ifconfig,

Re: [1/3] acme-client - correct error message in parse.y

Todd C. Miller(todd.mil...@sudo.ws) on 2018.08.03 11:06:58 -0600: > On Fri, 03 Aug 2018 22:20:47 +1000, Ross L Richardson wrote: > > > [Previously submitted large diff now being sent in three more-readily > > digestible pieces...] > > These all look fine to me, though I'm unusure how important

Re: [1/3] acme-client - correct error message in parse.y

On Fri, 03 Aug 2018 22:20:47 +1000, Ross L Richardson wrote: > [Previously submitted large diff now being sent in three more-readily > digestible pieces...] These all look fine to me, though I'm unusure how important the style fixes are. It may make merging changes from upstream more difficult

bgpd: reload RIBs in background

So the reshuffling made it possible to simply run the reconfigure of the RIBs in the background and no longer lock up the RDE for extended times. In short this means that during 'bgpctl reload' other bgpctl calls no longer block and that also UPDATE from neighbors are fully processed. This does

Re: rad(8): move dns settings to global options

On 2018/08/03 14:58, Florian Obser wrote: > sthen pointed out that it's better to overwrite dns options, not to merge That works exactly how I'd expect - OK. > diff --git engine.c engine.c > index db31fb2a15b..93010cace51 100644 > --- engine.c > +++ engine.c > @@ -260,6 +260,7 @@

[3/3] acme-client - style(9) cleanup in parse.y

This diff contains only style(9) cleanup: - mainly "return (x);" => "return x;" - a few "if (x)" ==> "if (x != something)" No change to parse.o Ross Index: parse.y === RCS file:

[2/3] acme-client - correct "sign with" error messages in parse.y

It appears that, sometime in the early development of the config file stuff, there was a different syntax for what is now "sign with". A couple of error messages refer to "use" [but should not]. Ross Index: parse.y === RCS file:

[1/3] acme-client - correct error message in parse.y

[Previously submitted large diff now being sent in three more-readily digestible pieces...] The error message looks to have been copied/pasted from the earlier DOMAIN CHAIN CERT STRING case, but not edited. Ross Index: parse.y

acme-client.conf.5 - "sign with" setting is (also) optional

sign with is the final optional setting not yet documented If absent, defaults to the first authority in the config. Ross Index: acme-client.conf.5 === RCS file: /cvs/src/usr.sbin/acme-client/acme-client.conf.5,v

acme-client.conf.5 - domain chain certificate is (also) optional

domain chain certificate is one of the two remaining optional settings not yet documented Ross Index: acme-client.conf.5 === RCS file: /cvs/src/usr.sbin/acme-client/acme-client.conf.5,v retrieving revision 1.14 diff -u

rad(8): move dns settings to global options

Move dns settings to global options so that they don't need to be repeated in every interface block. OK? diff --git engine.c engine.c index db31fb2a15b..93010cace51 100644 --- engine.c +++ engine.c @@ -260,6 +260,7 @@ engine_dispatch_main(int fd, short event, void *bula) { static struct

Re: bgpd: sofreconfig in reshuffle

On Fri, Aug 03, 2018 at 11:01:39AM +0200, Claudio Jeker wrote: > On Thu, Aug 02, 2018 at 02:56:59PM +0200, Claudio Jeker wrote: > > On Tue, Jul 31, 2018 at 05:39:31PM +0200, Claudio Jeker wrote: > > > Instead of walking the Adj-RIB-In per RIB walk it once and check per > > > prefix if the RIB

Re: bgpd: sofreconfig in reshuffle

On Thu, Aug 02, 2018 at 02:56:59PM +0200, Claudio Jeker wrote: > On Tue, Jul 31, 2018 at 05:39:31PM +0200, Claudio Jeker wrote: > > Instead of walking the Adj-RIB-In per RIB walk it once and check per > > prefix if the RIB needs an update or not. This will make it easier to make > > this run

Re: correct nd6_timer_next accounting

On Fri, Aug 03, 2018 at 08:11:46AM +0200, Florian Obser wrote: > Anyone brave enough to OK this? I haven't heard from anyone that it > breaks their internet... No regressions so far on both my daily machine and gateway at home. OK kn

Re: if_mue.c: loop -> memset

On Fri, Aug 03, 2018 at 01:00:57PM +0800, Michael W. Bombardieri wrote: > > Hello, > > When reading over the mue(4) code I noticed that memset() can be used > for clearing hashtbl. Also the switch case for IFM_100_TX was the same > code as for IFM_1000_T so it can be rolled into one. Committed,

Re: correct nd6_timer_next accounting

Anyone brave enough to OK this? I haven't heard from anyone that it breaks their internet... On Wed, Aug 01, 2018 at 11:18:02PM +0200, Florian Obser wrote: > I'm chasing a bug in IPv6 where ndp reports an entry as (incomplete) > but when you try to reach that target no neighbor solicitation is >