no need to request it ever again. The only exception is the
escalation of failed constraint checks that might lead into
re-requesting the constraint time from all servers. Adjust the states
accordingly.
OK henning@
time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses. This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present. This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@
in the image is for Cubieboard1. Discussed with bmercer@
While here switch from using the separate spl and u-boot images
to the combined spl and u-boot 'u-boot-sunxi-with-spl.bin'.
did). This allows any local changes to /etc/services to be effective
if all you have is the default.
Issue pointed out by Brian S. Vangsgaard on bugs@. Thanks!
ok phessler@ deraadt@
instead of disk. OpenSSL didn't provide a built-in API from loading
certificates in a chroot'ed process that doesn't have direct access to
the files. X509_STORE_load_mem() provides a new backend that will be
used by libssl and libtls to implement such privsep-friendly
functionality.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
If the network is unreachable when ntpd starts and host_dns fails, be sure
that we still close the HOST_DNS imsg.
Thanks to Paul de Weerd <weerd at weirdnet dot nl> for reporting this.
ok beck@
for a couple decades. Keep the OSIOCGIFCONF ioctl to support COMPAT_LINUX
but move the rest of the Linux-specific ioctl() handling into linux_socket.c
This lets struct osockaddr finally move from sys/socket.h to protocols/talkd.h
ok krw@ deraadt@ mpi@
directory is not contained in OpenBSD base, and because even people
having the directory often don't understand that they need to run
makewhatis(8) - and instead complain about the resulting warnings.
This commit reverts revisions 1.17 and 1.21.
Requested by deraadt@ millert@ kettenis@ who argue that people
using /usr/ports/infrastructure/bin/ already need to set PATH,
so editing man.conf (or, though more fragile, setting MANPATH)
should not be a big deal for them.
The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state
after a fork, so provide an override until the fork-safe version in CVS appears
in a release.
These are the same as the FreeBSD shims.
ok deraadt@
superflous '*' after '/*' and adding blank after terminating '$'.
Also eases parsing of the lines by simple awk scripts.
Aesthetic approval from tedu@.