mikeb [Fri, 22 May 2015 14:18:55 +0000 (14:18 +0000)]
Cut down on if statements around pf_icmp_state_lookup
Checked with blambert@, OK millert, henning
mikeb [Fri, 22 May 2015 14:16:09 +0000 (14:16 +0000)]
Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore.
ok henning
jsg [Fri, 22 May 2015 13:48:25 +0000 (13:48 +0000)]
be pedantic with sizeof use
no change in behaviour as sizeof(char **) is the same as sizeof(char *)
ok otto@ guenther@
jsg [Fri, 22 May 2015 12:52:00 +0000 (12:52 +0000)]
Don't use an uninitialised softc pointer in midiread/midiwrite.
ok ratchov@
jsg [Fri, 22 May 2015 12:46:38 +0000 (12:46 +0000)]
LITTE_ENDIAN -> LITTLE_ENDIAN
ok ratchov@
kettenis [Fri, 22 May 2015 06:50:54 +0000 (06:50 +0000)]
Limit the number of dma segments used for transmitting packets to
IWM_NUM_OF_TBS - 2. We have IWM_NUM_OF_TBS slots, but use two of those
for sending commands to the firmware. Hopefully fixes the
iwm0: hardware error, stopping device
errors I've seen somewhat regularly.
ok claudio@, deraadt@
djm [Fri, 22 May 2015 05:28:45 +0000 (05:28 +0000)]
mention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332
djm [Fri, 22 May 2015 04:45:52 +0000 (04:45 +0000)]
Reorder EscapeChar option parsing to avoid a single-byte out-
of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@
djm [Fri, 22 May 2015 03:50:02 +0000 (03:50 +0000)]
add knob to relax GSSAPI host credential check for multihomed hosts
bz#928, patch by Simon Wilkinson; ok dtucker
(kerberos/GSSAPI is not compiled by default on OpenBSD)
dtucker [Fri, 22 May 2015 02:45:42 +0000 (02:45 +0000)]
Update DH groups
dtucker [Fri, 22 May 2015 02:43:59 +0000 (02:43 +0000)]
Remove 6k and 8k bit moduli fragments since they are now kept in
usr.bin/ssh/moduli-gen.
dtucker [Fri, 22 May 2015 02:34:53 +0000 (02:34 +0000)]
Update DH groups
deraadt [Fri, 22 May 2015 01:48:21 +0000 (01:48 +0000)]
sync
deraadt [Fri, 22 May 2015 01:46:31 +0000 (01:46 +0000)]
sync
jsg [Fri, 22 May 2015 01:34:13 +0000 (01:34 +0000)]
fix a non safe use of TAILQ_FOREACH with TAILQ_REMOVE
ok reyk@
jsg [Fri, 22 May 2015 01:30:27 +0000 (01:30 +0000)]
fix a non safe use of LIST_FOREACH with LIST_REMOVE
ok claudio@ kettenis@ reyk@
kettenis [Thu, 21 May 2015 22:13:55 +0000 (22:13 +0000)]
Use m_defrag(9) instead of rolling our own version of it.
ok jca@
deraadt [Thu, 21 May 2015 22:00:36 +0000 (22:00 +0000)]
sync
miod [Thu, 21 May 2015 19:32:29 +0000 (19:32 +0000)]
Establish interrupts for both keyboard and mouse slots at pckbc attach time,
rather than lazily from pckbc when slots are discovered. This is consistent
with what other isa devices (and pckbc on non-isa busses) do, and as a side
effect, this makes the dmesg output shorter.
This will also let us get rid of pckbc's intr_establish() callback in a
later diff.
Prompted by krw@ noticing ugly kernel output in a configuration with the
mouse slot left empty. ok krw@ mpi@
miod [Thu, 21 May 2015 19:29:31 +0000 (19:29 +0000)]
Report all valid interrupt locators in isaprint() - although config(8) stanzas
only allow one irq for isa devices, there is actually support for more since
we got isapnp(4) support, and upcoming changes will actually have regular isa(4)
devices claim more than one irq in their indirect match function.
miod [Thu, 21 May 2015 19:26:34 +0000 (19:26 +0000)]
no such thing as mips64le
kettenis [Thu, 21 May 2015 19:13:59 +0000 (19:13 +0000)]
Switch amd64, hppa, mips64, mips64le and powerpc to binutils 2.17.
ok deraadt@
reyk [Thu, 21 May 2015 14:24:43 +0000 (14:24 +0000)]
No need to call tzset() and log_init() in the forked constraint
handler. It is run in a chroot, so tzset() wouldn't even succeed to
open the zone file. Found with tame.
OK deraadt@
nicm [Thu, 21 May 2015 13:35:15 +0000 (13:35 +0000)]
Rename caddr_t p to cp in an inner block to avoid aliasing the outer
struct proc *p, ok deraadt
djm [Thu, 21 May 2015 12:01:19 +0000 (12:01 +0000)]
Support "ssh-keygen -lF hostname" to find search known_hosts and
print key hashes. Already advertised by ssh-keygen(1), but not
delivered by code; ok dtucker@
jmc [Thu, 21 May 2015 10:42:30 +0000 (10:42 +0000)]
some fixes from pjanzen;
mpi [Thu, 21 May 2015 09:44:32 +0000 (09:44 +0000)]
No need for ifp since we do not set "rcvif".
mpi [Thu, 21 May 2015 09:36:20 +0000 (09:36 +0000)]
No need to set "rcvif", if_input() does it for you.
mpi [Thu, 21 May 2015 09:25:18 +0000 (09:25 +0000)]
tedu commented out xl_testpacket(), remove one of the IFQ_ENQUEUE()
in the tree.
mpi [Thu, 21 May 2015 09:22:39 +0000 (09:22 +0000)]
Convert to if_output().
mpi [Thu, 21 May 2015 09:17:53 +0000 (09:17 +0000)]
Correctly state the link state to INVALID when creating a carp interface.
Since vhe are allocated with M_ZERO and INIT is also defined to be 0,
carp_set_state() would result in a no-op because of the state check.
So explicitly initialize the state of a vhe to INIT and move the state
check in carp_set_state_all() to prevent similar issues in the future.
Problem and initial diff from Johan Ymerson, thanks!
ok henning@
gerhard [Thu, 21 May 2015 07:39:52 +0000 (07:39 +0000)]
Access to uninitialized variable fixed.
ok mikeb@
djm [Thu, 21 May 2015 06:44:25 +0000 (06:44 +0000)]
regress test for AuthorizedPrincipalsCommand
djm [Thu, 21 May 2015 06:43:30 +0000 (06:43 +0000)]
add AuthorizedPrincipalsCommand that allows getting authorized_principals
from a subprocess rather than a file, which is quite useful in
deployments with large userbases
feedback and ok markus@
djm [Thu, 21 May 2015 06:40:02 +0000 (06:40 +0000)]
regress test for AuthorizedKeysCommand arguments
djm [Thu, 21 May 2015 06:38:35 +0000 (06:38 +0000)]
support arguments to AuthorizedKeysCommand
bz#2081 loosely based on patch by Sami Hartikainen
feedback and ok markus@
djm [Thu, 21 May 2015 04:55:51 +0000 (04:55 +0000)]
refactor: split base64 encoding of pubkey into its own
sshkey_to_base64() function and out of sshkey_write();
ok markus@
afresh1 [Thu, 21 May 2015 03:58:09 +0000 (03:58 +0000)]
Re-remove extra perl utils, patch lost in 5.20.2 update
pointed out by miod@
schwarze [Wed, 20 May 2015 23:39:55 +0000 (23:39 +0000)]
Remove clauses 3 and 4 from Christos Zoulas' BSD license.
This is safe because Christos did that himself in NetBSD in 2008.
No code change.
millert [Wed, 20 May 2015 22:50:07 +0000 (22:50 +0000)]
Remove function argument name from posix_spawnattr_getsigmask()
prototype to match other prototypes in the file. OK guenther@ deraadt@
millert [Wed, 20 May 2015 20:26:00 +0000 (20:26 +0000)]
Fix sign compare bug introduced when rnum() was redefined to use
arc4random_uniform(). From pjanzen@, OK deraadt@
rpe [Wed, 20 May 2015 19:14:35 +0000 (19:14 +0000)]
Merge the get_drive() function with install_disk(), which is the
only remaining consumer.
OK krw@
pelikan [Wed, 20 May 2015 15:21:57 +0000 (15:21 +0000)]
Signed types are bad array indicies - let it panic instead.
ok deraadt krw millert
mikeb [Wed, 20 May 2015 14:34:27 +0000 (14:34 +0000)]
scrap unused ixgbe_get_link_capabilities_X540
reyk [Wed, 20 May 2015 13:32:39 +0000 (13:32 +0000)]
Remove hotplug(4) sensor support: the code has been disabled by
henning@ 9 years ago because of an issue with the /dev/hotplug device
- it does not support multiple readers opening it. Nobody ever cared
enough to fix it so it is time to sent the dead code to the Attic.
OK henning@ (feeling sad about it), mpi@ and others
kettenis [Wed, 20 May 2015 09:28:47 +0000 (09:28 +0000)]
Use off_t instead of size_t to pass file size and print it using %lld when
constructing the Content-Length header field. Should fix some, but probably
not all, problems with serving files bigger than 2G on 32-bit architectures.
ok reyk@, florian@
mpi [Wed, 20 May 2015 08:54:37 +0000 (08:54 +0000)]
Keep track of the ifih corresponding to a vlan instance to ease its
removal.
As soon as carp(4) will be converted to the new if_input() API it
will be possible to add multiple vlan(4) and carp(4) pseudo-ifps on
top of the same parent interface. When such thing happens we can no
longer assume that the first pseudo-ifp to be destroyed will be the
last configured.
ok dlg@
mpi [Wed, 20 May 2015 08:28:54 +0000 (08:28 +0000)]
Do not increment if_opackets in if_output(). It might make sense to do
that later but all drivers should be adapated.
Should fix a double output packet accounting, reported by Hrvoje Popovski.
nicm [Wed, 20 May 2015 06:39:02 +0000 (06:39 +0000)]
Return empty string if format is empty rather than attempting to
allocate zero bytes.
miod [Wed, 20 May 2015 04:33:35 +0000 (04:33 +0000)]
No need to check the return value of memcpy() if you actually checked this
pointer for NULL the line above; ok doug@
jsg [Wed, 20 May 2015 03:49:23 +0000 (03:49 +0000)]
Remove cubieboard specific gpio led setting.
From Artturi Alm in bitrig.
jsg [Wed, 20 May 2015 01:44:20 +0000 (01:44 +0000)]
Now all the socs use the same va entry point and don't have any
conflicting symbols we can combine the configs.
Multiple umg files are still required however. The bsd.umg target in
the kernel is replaced by targets for bsd.IMX.umg, bsd.OMAP.umg and
bsd.SUNXI.umg.
jsg [Wed, 20 May 2015 00:39:16 +0000 (00:39 +0000)]
ARM L2C driver is only relevant on Cortex-A9 machines.
From Patrick Wildt in bitrig.
jsg [Wed, 20 May 2015 00:14:55 +0000 (00:14 +0000)]
add per soc match functions instead of using armv7_match
guenther [Tue, 19 May 2015 20:50:06 +0000 (20:50 +0000)]
Instead of testing for __ELF__ and/or vax, leave out the bits for interfacing
with ld.so locking whenever building NOPIC
pointless use of __ELF__ noted by brad@
ok miod@
miod [Tue, 19 May 2015 20:42:11 +0000 (20:42 +0000)]
Only attempt to load /etc/random.seed from the boot device after the kernel
image has been succesfully loaded (with the recent loadfile changes allowing
us to know where the randomness needs to be loaded). While there, don't
bother doing this when booting from tape.
This works around the sun4e PROM 1.6, which gets confused by PROM open() -
close() sequences without any I/O happening in between.
Crank boot blocks version to 2.11.
miod [Tue, 19 May 2015 20:39:12 +0000 (20:39 +0000)]
Extend the libsa loadfile(9) granularity to tell apart randomness from the rest
of the kernel, and extend the array filled by loadfile to report the location
of the randomness area.
This doesn't introduce any change for bootblocks (save for a slightly larger
stack usage due to the larger array), for the new {LOAD,COUNT}_RANDOM bits
are included in the {LOAD,COUNT}_ALL masks everything uses or computes from.
miod [Tue, 19 May 2015 20:28:14 +0000 (20:28 +0000)]
Move acquisition of the kernel lock deeper in the interrupt path, and make
sure clock interrupts do not attempt to acquire it.
This will also eventually allow for IPL_MPSAFE interrupts on alpha.
Tested by dlg@ and I.
rpe [Tue, 19 May 2015 20:12:29 +0000 (20:12 +0000)]
Fix installing sets from cdrom if more than one drive is present.
Run makedev in install_cdrom() to create the necessary device nodes,
which got lost in a recent change.
Found by James Hartley, thanks for the bug report!
OK krw@
sobrado [Tue, 19 May 2015 18:50:39 +0000 (18:50 +0000)]
improve spacing in disklabel template.
sobrado [Tue, 19 May 2015 18:16:32 +0000 (18:16 +0000)]
better spacing in media types.
ok reyk@
sobrado [Tue, 19 May 2015 18:12:58 +0000 (18:12 +0000)]
sort media type extensions for text/html and image/jpeg as given in
/usr/share/misc/mime.types; do not include shtml as it is for Server
Side Includes (SSI) -- we will never do SSI.
joint work with reyk@
ok reyk@
sobrado [Tue, 19 May 2015 18:03:32 +0000 (18:03 +0000)]
drop comment about being possible to include /etc/nginx/mime.types,
we do not have to care about nginx anymore.
ok jmc@ (who thinks previously suggested removing it), and reyk@
mikeb [Tue, 19 May 2015 17:16:20 +0000 (17:16 +0000)]
Test divert-to rules' address handling (pfctl/parse.y -r1.648)
reyk [Tue, 19 May 2015 16:07:38 +0000 (16:07 +0000)]
Get the rdomain from the newly exposed ifi_rdomain field in if_data
instead of calling the SIOCGIFRDOMAIN ioctl for every single address.
OK deraadt@
millert [Tue, 19 May 2015 16:05:12 +0000 (16:05 +0000)]
When a user is specified via the -u flag, use setusercontext() to
setup (most of) the execution environment. We still have to defer
setting the actual uid until after we change root. OK deraadt@
millert [Tue, 19 May 2015 16:03:19 +0000 (16:03 +0000)]
Add -c flag to display the user's login class. OK espie@
mpi [Tue, 19 May 2015 15:10:59 +0000 (15:10 +0000)]
splx should also be called in the error case, fix a regression
introduced during the if_output() conversion.
Found by jsg@
mpi [Tue, 19 May 2015 14:16:35 +0000 (14:16 +0000)]
Do not leak a rtentry if it is unusable.
Found by The Brainy Code Scanner from Maxime Villard.
kettenis [Tue, 19 May 2015 13:38:29 +0000 (13:38 +0000)]
Keep visibility information for references to discarded sections.
mikeb [Tue, 19 May 2015 12:50:53 +0000 (12:50 +0000)]
Increase a maximum firmware handshake timeout to 10s
BCM5718 Programmers Guide in chapter 7 "Device Control", section
"Device Reset Procedure" states that SEEPROM chips need a larger
timeout than Flash ones.
ok reyk
mpi [Tue, 19 May 2015 11:34:30 +0000 (11:34 +0000)]
Convert to if_input().
ok dlg@
mpi [Tue, 19 May 2015 11:24:01 +0000 (11:24 +0000)]
Convert to if_input().
ok dlg@
mpi [Tue, 19 May 2015 11:21:42 +0000 (11:21 +0000)]
We cannot check for M_BCAST or M_MCAST now that vlan_input() is ran
before ether_input().
mpi [Tue, 19 May 2015 11:09:24 +0000 (11:09 +0000)]
Take vlan(4) out of ether_input().
To keep the list of input handlers short, multiple vlans share the
same ifih.
if_input_process() now looks if the interface of a mbuf changed to
make sure the corresponding handlers are executed. This is a hack
and will be improved later.
ok dlg@
nicm [Tue, 19 May 2015 08:48:37 +0000 (08:48 +0000)]
In terminfo, sometimes cvvis implies cnorm and sometimes it doesn't, so
don't assume it does. Fixes missing cursor with emacs-in-tmux-in-tmux.
jsg [Tue, 19 May 2015 06:09:35 +0000 (06:09 +0000)]
change names to not conflict with omap intc
From Patrick Wildt in bitrig
jsg [Tue, 19 May 2015 06:04:26 +0000 (06:04 +0000)]
rename global variables to not conflict with gptimer
jsg [Tue, 19 May 2015 03:30:54 +0000 (03:30 +0000)]
Abstract the soc_machdep.c functions to allow a kernel to be built for
multiple socs.
From Patrick Wildt in bitrig with some additional changes.
jsg [Tue, 19 May 2015 00:05:59 +0000 (00:05 +0000)]
use the same va entry point on all armv7 socs
Similiar changes were made in bitrig by Patrick Wildt.
As part of this change the physical load address for imx and sunxi have
changed. Any u-boot settings that include it will need to be modified.
imx: 0x10800000 -> 0x10300000
sunxi: 0x40800000 -> 0x40300000
Tested by bmercer, canacar and myself.
ok bmercer@
jsg [Mon, 18 May 2015 23:56:47 +0000 (23:56 +0000)]
Make armv7 startup PIC. From Dale Rahn in bitrig.
Tested by bmercer, canacar and myself.
ok bmercer@
czarkoff [Mon, 18 May 2015 20:26:16 +0000 (20:26 +0000)]
Make TAPE=- mean stdout in tar
Some scripts and GUI ssh clients assume that tar writes to standard output by
default. This changes allows enforcing such behavior by setting TAPE="-" in
user profile.
Also, this makes parsing argument to "-f" option and contents of TAPE
environment variable consistent.
OK guenther@, jmc@ and sthen@
guenther [Mon, 18 May 2015 19:59:27 +0000 (19:59 +0000)]
Do lazy update/reset of the FS.base and %[def]s segment registers: reseting
segment registers in cpu_switchto if the old thread had made it to userspace
and restoring FS.base only on first return to userspace since context switch.
ok mlarkin@
bluhm [Mon, 18 May 2015 19:10:35 +0000 (19:10 +0000)]
For each file in sysctl(KERN_FILE_BYFILE), FILLIT() calls fill_file(),
which calls VOP_GETATTR(). For NFS, that leads to nfs_getattr().
If the node's attributes are not in NFS's cache, nfs_getattr() will
invoke nfs_request() and the latter will sleep, allowing the file
pointer to disappear while we traverse the list.
This results in kernel crashes while running netstat or pstat -f.
Grab a reference to the file descriptor before calling FILLIT(),
and release it afterwards. This way the file descriptor cannot
disappear while we sleep in nfs_getattr().
Analysis and fix from Pedro Martelletto; input and OK guenther@ mpi@
kettenis [Mon, 18 May 2015 18:38:49 +0000 (18:38 +0000)]
Make the compiler emit visibility information for (undefined) references with
non-default visibility.
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=20218 for details.
This version comes from FreeBSD and has been made available under the GPLv2
license. It has some additional bits thrown in from me to make it work in
mips64 too, and another bit to stop the C++ compiler to randomly emit
visibility information for C++ symbols that in the end aren't referenced.
ok guenther@
espie [Mon, 18 May 2015 18:25:13 +0000 (18:25 +0000)]
identical common code -> refactor
espie [Mon, 18 May 2015 18:17:27 +0000 (18:17 +0000)]
better error in case we can't create tempfiles
krw [Mon, 18 May 2015 17:51:21 +0000 (17:51 +0000)]
Tweak parsing so that hostnames starting with 0-9 are accepted.
Reported long ago by matthieu@. Also Jacob Berkman via the lists.
Tests and suggestions from Jacob and Matthieu.
bluhm [Mon, 18 May 2015 16:57:20 +0000 (16:57 +0000)]
Fix a crash reported and analyzed by Bertrand PROVOST. When a HTTP
client or server writes multiple requests or chunks in a single
transfer, relayd invokes the libevent callback manually for the
next data. If the callback closes the session, this resulted in
an use after free.
Instead of the more complicated fix suggested by Bertrand PROVOST,
just move the invocation of the callback to the end of the function.
So in case the callback frees any structures, they are not accessed.
OK benno@ reyk@
bluhm [Mon, 18 May 2015 16:45:16 +0000 (16:45 +0000)]
The first line of a HTTP request is the method-url-version. The
second line is a key-value header. So you cannot append to the
previous key-value before line three. Also reset the last header
when all headers are purged to avoid a use after free.
OK benno@ reyk@
reyk [Mon, 18 May 2015 16:04:21 +0000 (16:04 +0000)]
Change spamd to use divert-to instead of rdr-to.
divert-to has many advantages over rdr-to for proxies. For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.
Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to. spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)
Tested by many
With help from okan@
OK okan@ beck@ millert@
ajacoutot [Mon, 18 May 2015 15:17:29 +0000 (15:17 +0000)]
Put ntpd.conf in MUTABLE so it's installed with 0644 mode.
discussed by deraadt@
deraadt [Mon, 18 May 2015 15:06:05 +0000 (15:06 +0000)]
getentropy() and sendsyslog() have been around long enough.
openssh-portable may want the #ifdef's but not base.
discussed with djm few weeks back
krw [Mon, 18 May 2015 14:59:42 +0000 (14:59 +0000)]
Stop rejecting leases with a subnet that overlaps a subnet already
present. The latest routing stack code can now handle these situations.
Much requested by beck@ and others. Detailed discussion at s2k15
identified required routing changes.
ok claudio@
reyk [Mon, 18 May 2015 14:19:23 +0000 (14:19 +0000)]
Currently, after 4 failed constraint checks, we suspect the constraint
of being wrong, not the NTP responses, reset it and query it from all
the constraint servers all over again. This is turned out to be a bit
aggressive because it could get triggered with just a few bad NTP
peers in a larger pool. To avoid constant reconnections, scale the
error margin with the number of resolved NTP peers using peer_cnt * 4.
This way a single or a few outliers in a NTP pool cannot trigger
reconnecting to the constraint servers immediately. More NTP peers,
less reason to mistrust the constraint.
Found by dtucker@
OK deraadt@
deraadt [Mon, 18 May 2015 13:57:34 +0000 (13:57 +0000)]
swap calloc() arguments for clarity
deraadt [Mon, 18 May 2015 13:48:37 +0000 (13:48 +0000)]
enable ntpd by default at install time. We use pools and a reliable
constraint to keep them in check. in the worst case of being on a
dark net, nothing changes.
this is being enabled by default to allow gathering of more operational
information from users. and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future. if not, ntpd
will become even more awesome along the way.
with reyk rpe
reyk [Mon, 18 May 2015 13:32:28 +0000 (13:32 +0000)]
Move the rdomain from struct ifnet into struct if_data. This way it
will be exported to userland with the existing sysctl, getifaddrs()
and routing socket (if_msghdr.ifm_data) interfaces that expose
if_data. All programs and daemons - Apps - that call the
SIOCGIFRDOMAIN ioctl in a getifaddrs() loop or after receiving an
interface message on the routing socket can now remove the pointless
additional ioctl. In base, that could be: dhclient, isakmpd, dhcpd,
dhcrelay, ntpd, ospfd, ripd, ifconfig.
No ABI breakage because it uses a previously unused pad field in if_data.
OK mpi@ deraadt@
mikeb [Mon, 18 May 2015 12:21:04 +0000 (12:21 +0000)]
Prevent splassert from firing during sd_flush which runs "cold"
While mfi(4) should pass SCSI transfer flags (e.g. SCSI_POLL and
SCSI_NOSLEEP) down to the management function, make it at least
use "cold" consistently for now.
ok dlg
deraadt [Mon, 18 May 2015 11:57:52 +0000 (11:57 +0000)]
No longer need tricks with setvbuf(). Instead, we just give permission
to call fstat() and fcntl().
ok nicm