In 2011, henning@ removed fiddling with the ip checksum of normalised
packets in r1.131 of sys/net/pf_norm.c. Rationale was that the checksum
is always recalculated in all output paths anyway. In 2016, procter@
reintroduced checksum modification to preserve end-to-end checksums in
r1.189 of sys/net/pf_norm.c. Likely soomewhere in that timeslot checksum
recalculation of normalised packets was broken.
With input from bluhm@.
OK sashan@, bluhm@
The following three cases behave identical in bash(1), but our ksh
(ksh93 also) fails to run the trap in the last case:
(non-zero exit code is trigger, no redirection)
$ ksh -c 'trap "echo ERR" ERR ; false'
ERR
(failed redirection is trigger, 'echo' was not executed)
$ ksh -c 'trap "echo ERR" ERR ; echo >/'
ksh: cannot create /: Is a directory
ERR
(failed redirection, no execution, trap was NOT triggered)
$ ksh -c 'trap "echo ERR" ERR ; exec >/'
ksh: cannot create /: Is a directory
bash(1) prints "ERR" in all three cases, as expected.
ksh93 behaves like our ksh(1).
In ksh `exec' is a builtin (CSHELL), but also special (SPEC_BI):
$ type alias
alias is a shell builtin
$ type exec
exec is a special shell builtin
Without command and redirection alone, `exec' permanently redirects I/O for
the shell itself, not executing anything; it is the only (special) builtin
with such a special use-case, implemented as c_sh.c:c_exec().
This corner-case is overlooked in exec.c:execute() which handles iosetup()
failure for all commands, incl. builtins.
Exclude c_exec() from the rest of special builtins to ensure it runs the
ERR trap as expected:
$ ./obj/ksh -c 'trap "echo ERR" ERR ; exec >/'
ksh: cannot create /: Is a directory
ERR
Also add three new regress cases covering this; rest keep passing.
OK millert
In config_free_policy() the refcounting is unchanged and each SA linked to the
policy will trigger a call to policy_ref() and increase the references as
before the change. This allows unconditional calls to policy_ref() and
policy_unref() and the callers no longer have to check if IKED_POLICY_REFCNT
is set.
From and ok markus@
We should be fine silencing only the test condition which produces legit
output and warnings.
All else produces no output and should not error out; if it does, those
warnings should be printed and fixed.
Feedback OK halex
of 500 or greater and not require _XOPEN_SOURCE_EXTENDED. Bring in
changes from upstream ncurses patches 20100403 and 20111030 to take this
into account. Reported by Grigory Kirillov via jmc@.
ok millert jmc
drm/amdgpu: don't register a dirty callback for non-atomic
drm/amdgpu: use dirty framebuffer helper
kettenis found that these changes made xpdf slow on x395 (picasso).
I can not reproduce this on renoir.
to try to change the permissions of it. We won't know who's trying that
until we enable it and see what breaks.
A tricky piece relating to setrlimit stack size changing was previously commited.
ok kettenis
PF_OPENBSD_MUTABLE. While there, add the missing PF_MASKOS, which makes
it obvious this bit is indeed in the space reserved for OS-specific bits.
ok deraadt@
them into a page-aligned region in the bss, with the right markers for
kernel/ld.so to identify the region and skip making it immutable.
While here, fix readelf/objdump versions to show all of this.
ok miod kettenis
