violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@
where ber is utilized. This also allows us to remove the ber->be_next
check, which can cause weird behaviour, because a NULL be_next would result
in parsing the last element twice.
OK claudio@ on previous version
OK rob@
in the default smtpd.conf and smtpd.conf(5) manual page. This
eliminates ambiguity in our documentation examples that can cause
confusion.
Input and OK deraadt@ schwarze@ kn@
The firmware on OCTEON machines usually does not provide an interface
for accessing devices, which has made it tricky to implement an OpenBSD
bootloader. To solve this device access problem, this new loader has
been built on top of a small kernel. The kernel provides all the
necessary devices drivers, while most of the usual bootloader logic
is in a userspace program in a ramdisk.
The loader program is accompanied by a special device, octboot(4).
The main purpose of this device is to implement a mechanism for
loading and launching kernels. The mechanism has been inspired by Linux'
kexec(2) system call.
The bootloader will be enabled later when it is ready for general use.
Discussed with deraadt@
are relative to monotime; so they shift when time is being adjusted.
2) Fix a race between SIGCHLD delivery and reading the result imsg.
3) Some cleanup: use a number to distinguish pools internally
Note that, at this time, Unbound does not re-use TLS connections
(https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4089) so the
TCP and TLS handshakes will cause a disproportiate increase in
latency compared to UDP. ok sthen@ florian@
and net config can change as well. So if a peer does not respond,
throw it out of the pool if it's a pool member and re-resolve to
find a replacement. Hold on to good peers so we end up with a good
set of peers. ok benno@
requiring it (sftp-server).
Remove the /exists///// behaviour from here. The /nonexistant
behaviour remains in the kernel and needs to be shot next.
There may be ports fallout, but we doubt it.
ok beck djm
- Cloudflare have very good adjacency (if PCH did anycast ntp, we'd use it)
- As ntp input, it is great they don't leapsmear
- Not all their nodes do ntp, hope they succeed at scaling that up
- ntpd constrains (un-auth) ntp packets within a TLS constraint window
so there is no downside (unlike pool.ntp entries which slowly decay
but that's a story for another commit..)
ok otto