- verify that kbd is executable and kbdtype is not empty
- use safer 'print --' to pipe the initial pf ruleset to pfctl
- simplify the ipsecctl if-block
Feedback and OK halex@
OK krw@
development of a cargo cult in case people look at existing files
for examples. This achieves a consistent .Fo and .Fn quoting style
across the whole tree.
MD4 should have been removed a long time ago. Also, RFC 6150 moved it to
historic in 2011. Rides the major crank from removing SHA-0.
Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@
- run domainname only with a non-empty /etc/defaultdomain file
- Make single-user if-block more intuitive, which also matches
better what the comment actually says
OK halex@, krw@ on a similar diff
cpu's specific hardware capabilities users of libcrypto might be interested
in, as an integer value. This deprecates the existing OPENSSL_ia32cap()
macro and the OPENSSL_ia32cap_loc() function (which returns the pointer so
that you can mess with stuff you shouldn't mess with).
Interpreting the value returned by OPENSSL_cpu_caps() is, of course,
machine-dependent.
Minor version bump for libcrypto.
ok beck@ jsing@
The creation of Unix sockets directories in /tmp for X happens right
after pruning /tmp. So the whole dance of checking for their
existence, ownership or permissions is not necessary. It's safe to
just create them with the right permissions if X is installed.
Changes to do_fsck():
Remove the _flags variable and pass flags to fsck directly with "$@".
Feedback and OK halex@
OK krw@ on a similar diff
C standard are all weak.
Apply __{BEGIN,END}_HIDDEN_DECLS to gdtoa{,imp}.h, hiding the
arch-specific __strtorx, __ULtox_D2A, __strtorQ, __ULtoQ_D2A symbols.
**smaller than /24 allocations**. Our default ruleset will not allow
those, even though they will be for various pieces of critical dual-stack
infrastructure to help IPv6-only systems survive.
This adds a default rule to allow those blocks. With it, I see the
RIPE announced test blocks on our AMS-IX peers.
ARIN announced this block and policy at, enjoy
https://www.arin.net/announcements/2014/20140130.html
OK benno@, claudio@, sthen@, florian@
so that we can provide asm labels for the memcpy/memset/__stack_smash_handler
calls that it generates ab initio. Eliminate direct #includes of it. Make
sure it's a dependency of all objects (unnecessary for asm, but close enough).
ok deraadt@