bcook [Tue, 26 May 2015 03:05:26 +0000 (03:05 +0000)]
Add OPENSSL_NO_EGD to opensslfeatures.h.
Since RAND_egd has been removed from LibreSSL, simplify porting software that
relies on it. See https://github.com/libressl-portable/openbsd/pull/34
from Bernard Spil, ok deraadt@
dlg [Tue, 26 May 2015 03:01:54 +0000 (03:01 +0000)]
make vlans inherit their parents hardmtu as well as mtu.
from brad@ and tested locally.
jsg [Tue, 26 May 2015 02:21:54 +0000 (02:21 +0000)]
Build all the firmware for usb devices on armv7.
jsg [Tue, 26 May 2015 02:13:07 +0000 (02:13 +0000)]
Sync usb devices with amd64.
Prompted by djm noticing uslcom(4) was not included.
jsg [Tue, 26 May 2015 02:01:53 +0000 (02:01 +0000)]
build wsconsctl and wsconscfg on armv7
benno [Mon, 25 May 2015 22:18:38 +0000 (22:18 +0000)]
fix panic for real and revert previous rev 1.52
from markus@
sorry for the mixup
jca [Mon, 25 May 2015 21:59:37 +0000 (21:59 +0000)]
Kill outdated comment.
ok eric@
guenther [Mon, 25 May 2015 21:35:35 +0000 (21:35 +0000)]
Make SSL_CIPHER_get_bits() report ChaCha20-Poly1305 ciphers as using
256bit keys
problem noted by Tim Kuijsten (info (at) netsend.nl)
ok deraadt@ miod@ bcook@
eric [Mon, 25 May 2015 19:30:25 +0000 (19:30 +0000)]
Skip search domains iteration if RES_DNSRCH and/or RES_DEFNAMES is unset.
prodded by Brad
ok jca@
naddy [Mon, 25 May 2015 19:29:36 +0000 (19:29 +0000)]
bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@
eric [Mon, 25 May 2015 19:16:08 +0000 (19:16 +0000)]
getnameinfo(3) doesn't need to initialize the resolver when it's only used
for address/port formatting (e.g. NI_NUMERICHOST).
ok deraadt@ jca@
benno [Mon, 25 May 2015 18:48:17 +0000 (18:48 +0000)]
fix a panic in import_identities() in case the ID isnt loaded
(triggered by bgpd).
ok marku@s, mikeb@
miod [Mon, 25 May 2015 15:19:22 +0000 (15:19 +0000)]
Initialize ipa_ndrq in isascan() too...
mpi [Mon, 25 May 2015 15:04:26 +0000 (15:04 +0000)]
Match newer elantech v4 touchpads, logic taken from Linux.
Based on a submission from and ok jcs@.
deraadt [Mon, 25 May 2015 14:58:34 +0000 (14:58 +0000)]
only scan sensors if they are configured
ok bcook
miod [Mon, 25 May 2015 14:56:26 +0000 (14:56 +0000)]
Port the ELF m88k work to binutils 2.17. Good enough to build a booting
kernel, and hopefully userland as well.
deraadt [Mon, 25 May 2015 14:50:10 +0000 (14:50 +0000)]
sort
jsg [Mon, 25 May 2015 12:53:12 +0000 (12:53 +0000)]
Make this build when using the __STRICT_ALIGNMENT version of USETW.
miod [Mon, 25 May 2015 12:42:54 +0000 (12:42 +0000)]
vax ELF bits for binutils 2.17.
miod [Mon, 25 May 2015 12:40:04 +0000 (12:40 +0000)]
Convert from ether_input() with separate mbuf data and Ethernet header, to
if_input(). Based upon an initial diff from mpi@, and then painfully made
STRICT_ALIGNMENT-compliant. Tested on 4/260.
ok mpi@
miod [Mon, 25 May 2015 12:12:42 +0000 (12:12 +0000)]
Change ENTRY to __start to match binutils 2.15, needed for static PIE
mpi [Mon, 25 May 2015 11:52:15 +0000 (11:52 +0000)]
Prevent a use after free in by closing all open endpoints upon detach.
Fix a panic reported by landry@ with Android's ADB.
Tested and ok ajacoutot@
espie [Mon, 25 May 2015 07:20:31 +0000 (07:20 +0000)]
allow pkg_add as nonroot to soft-fail when outside of local base.
deraadt [Mon, 25 May 2015 03:07:49 +0000 (03:07 +0000)]
a dreaded whitespace; Kyle Milz
deraadt [Mon, 25 May 2015 03:07:07 +0000 (03:07 +0000)]
missing word in comment; Kyle Milz
guenther [Mon, 25 May 2015 00:12:59 +0000 (00:12 +0000)]
Teach binutils the {rd,wr}{fs,gs}base instructions.
Flag bits worked out with kettenis@
ok mlarkin@
djm [Sun, 24 May 2015 23:39:16 +0000 (23:39 +0000)]
add missing 'c' option to getopt(), case statement was already
there; from Felix Bolte
schwarze [Sun, 24 May 2015 15:44:52 +0000 (15:44 +0000)]
Maximilian dot Fillinger at uni-duesseldorf dot de
starts helping with the pod2mdoc(1)-based conversion
of LibreSSL crypto manuals from perlpod(1) to mdoc(7).
Here comes the first file, slightly tweaked by me.
miod [Sun, 24 May 2015 15:25:34 +0000 (15:25 +0000)]
Initialize ipa_nirq in isascan(). Gets rid of spurious irq locators being
printed for isadma(4).
jsg [Sun, 24 May 2015 11:06:16 +0000 (11:06 +0000)]
add the chromebook board id the exynos code uses
jsg [Sun, 24 May 2015 11:01:48 +0000 (11:01 +0000)]
imx_board_devs -> exynos_board_devs
miod [Sun, 24 May 2015 10:57:47 +0000 (10:57 +0000)]
Follow the recent pckbc@isa changes and always establish all the necessary
interrupts at pckbc attach time, and get rid of the `intr_establish'
pckbc callback.
Tested on hppa (gsckbc) and sgi (pckbc@hpc); not tested on sparc64 (pckbc@ebus)
but this attachment was already behaving this way and its intr_establish
callback was an empty function.
matthieu [Sun, 24 May 2015 08:01:46 +0000 (08:01 +0000)]
Add udl(4) and uvideo(4) to armv7 GENERIC. Tested on my sabre lite (imx).
enable udl firmware and COMPAT_RAW_KBD to make udl useable with X.
ok jsg@
espie [Sun, 24 May 2015 07:53:14 +0000 (07:53 +0000)]
pass subst to the installer state, so that -Dunsigned would work
guenther [Sun, 24 May 2015 01:01:49 +0000 (01:01 +0000)]
Treat primary cpu like others and put pointer to its GDT in cpu_info.ci_gdt
requested by and ok mlarkin@
bcook [Sat, 23 May 2015 21:09:46 +0000 (21:09 +0000)]
bump to version 2.2
ok deraadt@
jsg [Sat, 23 May 2015 14:28:37 +0000 (14:28 +0000)]
fix a memory leak in an error path
ok markus@ dtucker@
jsg [Sat, 23 May 2015 14:26:06 +0000 (14:26 +0000)]
fix a memory leak in an error path
markus [Sat, 23 May 2015 12:57:09 +0000 (12:57 +0000)]
PACKET_TAG_IPSEC_PENDING_TDB is gone, too.
markus [Sat, 23 May 2015 12:52:59 +0000 (12:52 +0000)]
remove PACKET_TAG_IPSEC_PENDING_TDB, it is never set; ok mikeb@
markus [Sat, 23 May 2015 12:38:53 +0000 (12:38 +0000)]
introduce ipsec-id bundles and use them for ipsecflowinfo,
fixes rekeying for l2tp/ipsec against multiple windows clients
and saves memory (for many SAs to same peers); feedback and ok mikeb@
jsg [Sat, 23 May 2015 12:08:14 +0000 (12:08 +0000)]
use & not && when testing lcr bits
tested by jmatthew
ok pirofti@ jmatthew@ jasper@
mpi [Sat, 23 May 2015 08:32:12 +0000 (08:32 +0000)]
Call if_input() instead of setting the "rcvif" pointer ourself.
ok dlg@
mpi [Sat, 23 May 2015 08:31:05 +0000 (08:31 +0000)]
Pass output packets to bpf(4). This is helpful when debugging stack
issues.
ok reyk@
guenther [Sat, 23 May 2015 05:17:20 +0000 (05:17 +0000)]
Canonicalize all devices to DUIDs in order to make -w and -W output consistent.
Based on diff from Manuel Giraud (manuel (at) ledu-giraud.fr) Thanks!
jsg [Sat, 23 May 2015 00:53:25 +0000 (00:53 +0000)]
define BYTEORDER so the endian tests will work
ok deraadt@ miod@
bluhm [Fri, 22 May 2015 19:09:18 +0000 (19:09 +0000)]
Add tests for relayd TLS inspection with plain SSL and HTTPS.
deraadt [Fri, 22 May 2015 15:10:13 +0000 (15:10 +0000)]
sync
mikeb [Fri, 22 May 2015 14:18:55 +0000 (14:18 +0000)]
Cut down on if statements around pf_icmp_state_lookup
Checked with blambert@, OK millert, henning
mikeb [Fri, 22 May 2015 14:16:09 +0000 (14:16 +0000)]
Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore.
ok henning
jsg [Fri, 22 May 2015 13:48:25 +0000 (13:48 +0000)]
be pedantic with sizeof use
no change in behaviour as sizeof(char **) is the same as sizeof(char *)
ok otto@ guenther@
jsg [Fri, 22 May 2015 12:52:00 +0000 (12:52 +0000)]
Don't use an uninitialised softc pointer in midiread/midiwrite.
ok ratchov@
jsg [Fri, 22 May 2015 12:46:38 +0000 (12:46 +0000)]
LITTE_ENDIAN -> LITTLE_ENDIAN
ok ratchov@
kettenis [Fri, 22 May 2015 06:50:54 +0000 (06:50 +0000)]
Limit the number of dma segments used for transmitting packets to
IWM_NUM_OF_TBS - 2. We have IWM_NUM_OF_TBS slots, but use two of those
for sending commands to the firmware. Hopefully fixes the
iwm0: hardware error, stopping device
errors I've seen somewhat regularly.
ok claudio@, deraadt@
djm [Fri, 22 May 2015 05:28:45 +0000 (05:28 +0000)]
mention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332
djm [Fri, 22 May 2015 04:45:52 +0000 (04:45 +0000)]
Reorder EscapeChar option parsing to avoid a single-byte out-
of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@
djm [Fri, 22 May 2015 03:50:02 +0000 (03:50 +0000)]
add knob to relax GSSAPI host credential check for multihomed hosts
bz#928, patch by Simon Wilkinson; ok dtucker
(kerberos/GSSAPI is not compiled by default on OpenBSD)
dtucker [Fri, 22 May 2015 02:45:42 +0000 (02:45 +0000)]
Update DH groups
dtucker [Fri, 22 May 2015 02:43:59 +0000 (02:43 +0000)]
Remove 6k and 8k bit moduli fragments since they are now kept in
usr.bin/ssh/moduli-gen.
dtucker [Fri, 22 May 2015 02:34:53 +0000 (02:34 +0000)]
Update DH groups
deraadt [Fri, 22 May 2015 01:48:21 +0000 (01:48 +0000)]
sync
deraadt [Fri, 22 May 2015 01:46:31 +0000 (01:46 +0000)]
sync
jsg [Fri, 22 May 2015 01:34:13 +0000 (01:34 +0000)]
fix a non safe use of TAILQ_FOREACH with TAILQ_REMOVE
ok reyk@
jsg [Fri, 22 May 2015 01:30:27 +0000 (01:30 +0000)]
fix a non safe use of LIST_FOREACH with LIST_REMOVE
ok claudio@ kettenis@ reyk@
kettenis [Thu, 21 May 2015 22:13:55 +0000 (22:13 +0000)]
Use m_defrag(9) instead of rolling our own version of it.
ok jca@
deraadt [Thu, 21 May 2015 22:00:36 +0000 (22:00 +0000)]
sync
miod [Thu, 21 May 2015 19:32:29 +0000 (19:32 +0000)]
Establish interrupts for both keyboard and mouse slots at pckbc attach time,
rather than lazily from pckbc when slots are discovered. This is consistent
with what other isa devices (and pckbc on non-isa busses) do, and as a side
effect, this makes the dmesg output shorter.
This will also let us get rid of pckbc's intr_establish() callback in a
later diff.
Prompted by krw@ noticing ugly kernel output in a configuration with the
mouse slot left empty. ok krw@ mpi@
miod [Thu, 21 May 2015 19:29:31 +0000 (19:29 +0000)]
Report all valid interrupt locators in isaprint() - although config(8) stanzas
only allow one irq for isa devices, there is actually support for more since
we got isapnp(4) support, and upcoming changes will actually have regular isa(4)
devices claim more than one irq in their indirect match function.
miod [Thu, 21 May 2015 19:26:34 +0000 (19:26 +0000)]
no such thing as mips64le
kettenis [Thu, 21 May 2015 19:13:59 +0000 (19:13 +0000)]
Switch amd64, hppa, mips64, mips64le and powerpc to binutils 2.17.
ok deraadt@
reyk [Thu, 21 May 2015 14:24:43 +0000 (14:24 +0000)]
No need to call tzset() and log_init() in the forked constraint
handler. It is run in a chroot, so tzset() wouldn't even succeed to
open the zone file. Found with tame.
OK deraadt@
nicm [Thu, 21 May 2015 13:35:15 +0000 (13:35 +0000)]
Rename caddr_t p to cp in an inner block to avoid aliasing the outer
struct proc *p, ok deraadt
djm [Thu, 21 May 2015 12:01:19 +0000 (12:01 +0000)]
Support "ssh-keygen -lF hostname" to find search known_hosts and
print key hashes. Already advertised by ssh-keygen(1), but not
delivered by code; ok dtucker@
jmc [Thu, 21 May 2015 10:42:30 +0000 (10:42 +0000)]
some fixes from pjanzen;
mpi [Thu, 21 May 2015 09:44:32 +0000 (09:44 +0000)]
No need for ifp since we do not set "rcvif".
mpi [Thu, 21 May 2015 09:36:20 +0000 (09:36 +0000)]
No need to set "rcvif", if_input() does it for you.
mpi [Thu, 21 May 2015 09:25:18 +0000 (09:25 +0000)]
tedu commented out xl_testpacket(), remove one of the IFQ_ENQUEUE()
in the tree.
mpi [Thu, 21 May 2015 09:22:39 +0000 (09:22 +0000)]
Convert to if_output().
mpi [Thu, 21 May 2015 09:17:53 +0000 (09:17 +0000)]
Correctly state the link state to INVALID when creating a carp interface.
Since vhe are allocated with M_ZERO and INIT is also defined to be 0,
carp_set_state() would result in a no-op because of the state check.
So explicitly initialize the state of a vhe to INIT and move the state
check in carp_set_state_all() to prevent similar issues in the future.
Problem and initial diff from Johan Ymerson, thanks!
ok henning@
gerhard [Thu, 21 May 2015 07:39:52 +0000 (07:39 +0000)]
Access to uninitialized variable fixed.
ok mikeb@
djm [Thu, 21 May 2015 06:44:25 +0000 (06:44 +0000)]
regress test for AuthorizedPrincipalsCommand
djm [Thu, 21 May 2015 06:43:30 +0000 (06:43 +0000)]
add AuthorizedPrincipalsCommand that allows getting authorized_principals
from a subprocess rather than a file, which is quite useful in
deployments with large userbases
feedback and ok markus@
djm [Thu, 21 May 2015 06:40:02 +0000 (06:40 +0000)]
regress test for AuthorizedKeysCommand arguments
djm [Thu, 21 May 2015 06:38:35 +0000 (06:38 +0000)]
support arguments to AuthorizedKeysCommand
bz#2081 loosely based on patch by Sami Hartikainen
feedback and ok markus@
djm [Thu, 21 May 2015 04:55:51 +0000 (04:55 +0000)]
refactor: split base64 encoding of pubkey into its own
sshkey_to_base64() function and out of sshkey_write();
ok markus@
afresh1 [Thu, 21 May 2015 03:58:09 +0000 (03:58 +0000)]
Re-remove extra perl utils, patch lost in 5.20.2 update
pointed out by miod@
schwarze [Wed, 20 May 2015 23:39:55 +0000 (23:39 +0000)]
Remove clauses 3 and 4 from Christos Zoulas' BSD license.
This is safe because Christos did that himself in NetBSD in 2008.
No code change.
millert [Wed, 20 May 2015 22:50:07 +0000 (22:50 +0000)]
Remove function argument name from posix_spawnattr_getsigmask()
prototype to match other prototypes in the file. OK guenther@ deraadt@
millert [Wed, 20 May 2015 20:26:00 +0000 (20:26 +0000)]
Fix sign compare bug introduced when rnum() was redefined to use
arc4random_uniform(). From pjanzen@, OK deraadt@
rpe [Wed, 20 May 2015 19:14:35 +0000 (19:14 +0000)]
Merge the get_drive() function with install_disk(), which is the
only remaining consumer.
OK krw@
pelikan [Wed, 20 May 2015 15:21:57 +0000 (15:21 +0000)]
Signed types are bad array indicies - let it panic instead.
ok deraadt krw millert
mikeb [Wed, 20 May 2015 14:34:27 +0000 (14:34 +0000)]
scrap unused ixgbe_get_link_capabilities_X540
reyk [Wed, 20 May 2015 13:32:39 +0000 (13:32 +0000)]
Remove hotplug(4) sensor support: the code has been disabled by
henning@ 9 years ago because of an issue with the /dev/hotplug device
- it does not support multiple readers opening it. Nobody ever cared
enough to fix it so it is time to sent the dead code to the Attic.
OK henning@ (feeling sad about it), mpi@ and others
kettenis [Wed, 20 May 2015 09:28:47 +0000 (09:28 +0000)]
Use off_t instead of size_t to pass file size and print it using %lld when
constructing the Content-Length header field. Should fix some, but probably
not all, problems with serving files bigger than 2G on 32-bit architectures.
ok reyk@, florian@
mpi [Wed, 20 May 2015 08:54:37 +0000 (08:54 +0000)]
Keep track of the ifih corresponding to a vlan instance to ease its
removal.
As soon as carp(4) will be converted to the new if_input() API it
will be possible to add multiple vlan(4) and carp(4) pseudo-ifps on
top of the same parent interface. When such thing happens we can no
longer assume that the first pseudo-ifp to be destroyed will be the
last configured.
ok dlg@
mpi [Wed, 20 May 2015 08:28:54 +0000 (08:28 +0000)]
Do not increment if_opackets in if_output(). It might make sense to do
that later but all drivers should be adapated.
Should fix a double output packet accounting, reported by Hrvoje Popovski.
nicm [Wed, 20 May 2015 06:39:02 +0000 (06:39 +0000)]
Return empty string if format is empty rather than attempting to
allocate zero bytes.
miod [Wed, 20 May 2015 04:33:35 +0000 (04:33 +0000)]
No need to check the return value of memcpy() if you actually checked this
pointer for NULL the line above; ok doug@
jsg [Wed, 20 May 2015 03:49:23 +0000 (03:49 +0000)]
Remove cubieboard specific gpio led setting.
From Artturi Alm in bitrig.
jsg [Wed, 20 May 2015 01:44:20 +0000 (01:44 +0000)]
Now all the socs use the same va entry point and don't have any
conflicting symbols we can combine the configs.
Multiple umg files are still required however. The bsd.umg target in
the kernel is replaced by targets for bsd.IMX.umg, bsd.OMAP.umg and
bsd.SUNXI.umg.