Lower bound for how long to prefer IPv6 at least.
RFC 8925 suggests 5 minutes, so that's what we are going with.
kn noticed that if the IPv6-Only preferred option is send from the
server with a value of 0, dhcpleased(8) would still request a lease
while apple devices would not.
There were two problems with that:
1. A value of 0 would be treated as turning the feature of, which is
not correct.
2. The value would be used for a timeout, so a very small value would
create a timeout that would constantly fire.
OK kn
rpki-client: improve error message for duplicate TALs
Using several TALs with the same SPKI doesn't really make sense and no
longer works due to the way the CCR is constructed. Since the current
error is very confusing, hint more clearly at the problem.
Prompted by a report by Gregory Edigarov on misc.
ok job
In pseudo-assembly statements, %L implies a trailing %., so constructs using
%L%. are wrong.
The fact that this never caused any assembler complaints hints that the two
occurrences of this wrong construct are never hit - and in fact, commenting
them out entirely does not appear to change anything in generated code.
Let cmmu_apr_cmode() also provide the value of CACHE_GLOBAL if needed, rather
than have pmap use an incorrect heuristic to decide whether it can be cleared.
swirc: fix segmentation fault on OpenBSD 7.8 and greater.
The type for 'malloc_options' has changed to an immutable char pointer.
Better to not set it at all.
From maintainer Markus Uhlin, thanks!
OK sthen@
MFC: Update to redis-6.2.20
CVE-2025-49844: A Lua script may lead to remote code execution
CVE-2025-46817: A Lua script may lead to integer overflow and potential RCE
CVE-2025-46818: A Lua script can be executed in the context of another user
CVE-2025-46819: LUA out-of-bound read
Update to redis-6.2.20
CVE-2025-49844: A Lua script may lead to remote code execution
CVE-2025-46817: A Lua script may lead to integer overflow and potential RCE
CVE-2025-46818: A Lua script can be executed in the context of another user
CVE-2025-46819: LUA out-of-bound read
ok sthen
update to got 0.120; ok sthen@
- disable gotwebd authentication if it is not enabled in /etc/gotwebd.conf
- ensure that GOTWEBD_LOGIN_TIMEOUT is used consistently at build time
- prevent date-specific gotsysd regress failures due to asctime_r whitespace
- make gotwebd refuse to start up if the _gotwebd user is root
- make gotwebd warn if the webserver's user is set to root in /etc/gotwebd.conf
- add /etc/gotwebd.conf parameters for hiding repositories
- reject bad hostnames provided to the gotsh weblogin command
- allow gotwebd to optionally display a login hint when authentication fails
