Just like the 5 GHz channels, 2.4 GHz channels are spaced 5 MHz apart.
40 MHz wide channels hence span channels [N, N + 4] not [N, N + 1].
Adjust our secondary channel range checks accordingly.
expansion, re-check for all contained escape sequences whether they
need delayed expansion, not just for the particular escape sequences
that triggered delayed expansion in the first place. This is needed
because delayed expansion can result in strings containing nested
escape sequences recursively needing delayed expansion, too.
This fixes an assertion failure in krb5_openlog(3), see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266882
Thanks to Wolfram Schneider <wosch at FreeBSD> for reporting the bug
and to Baptiste Daroussin <bapt at FreeBSD> for forwarding the report.
Wide channel configurations not listed in operating class tables of
the 802.11ac spec can trigger regulatory assertion failures in iwm(4)
firmware, and potentially other device firmware.
Ignore non-standard channels configs such that we downgrade to 40MHz
or even 20MHz to make such APs usable, albeit at lower speed.
Found by dlg@ with a mikrotik AP advertising channel configs that do
not appear as such in the spec:
80 MHz: |104|108|112|116|
40 MHz: |primary: 112|secondary above: 116|
Either of these triggered iwm0: 0x000014FD | ADVANCED_SYSASSERT
Fix tested by myself on iwx(4) AX200 and dlg@ on iwm(4) 7260.
Johannes Berg helped with deciphering the error code, thanks!
In comparison to MI boot which only cares about /bsd.upgrade's x bit,
powerpc64 rdboot just wants a regular file.
Require and strip u+x before execution to prevent sysupgrade(8) loops.
OK kettenis
In comparison to MI boot which only cares about /bsd.upgrade's x bit,
octeon rdboot just wants a regular file.
Require and strip u+x before execution to prevent sysupgrade(8) loops.
OK kettenis
read-only instead. This means that writing to the filesystem will fail.
As a consequence chmod'ing of files in the bootloader will fail, but that
will fix itself on the next clean boot.
Same change as I committed to powerpc64 a few days ago.
ok kn@, deraadt@
m_split() calls m_align() to initialize the data pointer of newly
allocated mbuf. If the new mbuf will be converted to a cluster,
this is not necessary. If additionally the new mbuf is larger than
MLEN, this can lead to a panic.
Only call m_align() when a valid m_data is needed. This is the
case if we do not refecence the existing cluster, but memcpy() the
data into the new mbuf.
Reported-by: syzbot+0e6817f5877926f0e96a@syzkaller.appspotmail.com
OK claudio@ deraadt@
Now that syslogd handles delayed DNS lookups, also count dropped
packets to UDP loghosts. Although not every outgoing UDP packet
dropped along the path can be detected, the message makes the admin
aware that there is a local blind spot during startup.
Improve debug and log messages, especially if UDP logging is shut
down permanently. Also do not print 'last message repeated' if the
message was dropped.
OK deraadt@
ECDSA signatures are much smaller than RSA signatures while offering
similar security. Adding support for P-256 now allows CA developers
to test their implementations, and paving the way for signers in the
production environment in the future to take advantage of ECDSA.
OK tb@
Extend the yes/no question to no/passphrase/keydisk and have users pick an
existing, preformated RAID partition; no support (yet) for creating one.
OK tb afresh1
read-only instead. This means that writing to the filesystem will fail.
As a consequence chmod'ing of files in the bootloader will fail, but that
will fix itself on the next clean boot.
ok kn@
This function was the unfortunate protagonist in a series of tragic merge
errors resulting in only a short stint of a year and nine months between
OpenSSL 0.9.8j and 1.0.0a actually present in OpenBSD. Then it said good
bye for good, but somehow a prototype came back with 1.0.1g, a famous
version released when there were slightly more pressing things to be
taken care of than a function supporting a config knob whose only purpose
was to turn off fips mode or to error.
from schwarze
PS: The mechanism that it was supposed to provide is still documented in
openssl.cnf(5). I am going remove the relevant bit at some point, but not
today.
