mpi [Tue, 29 Apr 2014 14:11:23 +0000 (14:11 +0000)]
Finally plug the public xfer leak #1 in our USB stack.
Every call to usbd_abort_pipe() on an interrupt pipe would simply
reset the intrxfer pointer, which would prevent usbd_close_pipe()
to free it. Since we abort pipes in a lot of situations: when a
device is detached, when a USB-to-serial adapter is closed, when
an error occurs, when the machine is suspended, etc, this would
result in hundreds of leaked xfers in most of my machines.
xhci(4) is not affected, but you can't enable it right now since
the stack is not ready :)
While here put a KASSERT() to make sure drivers are only calling
the interrupt abort method for intrxfer, if that's not the case,
please let met know.
tedu [Tue, 29 Apr 2014 14:10:07 +0000 (14:10 +0000)]
nginx dudes unrolled SSL_OP_ALL by hand so we also have to delete
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from here to benefit. ok miod
mcbride [Tue, 29 Apr 2014 13:49:19 +0000 (13:49 +0000)]
regen
jmc [Tue, 29 Apr 2014 13:48:18 +0000 (13:48 +0000)]
smtpd is the default mailer now;
From: Jan Stary
ok gilles
mcbride [Tue, 29 Apr 2014 13:46:55 +0000 (13:46 +0000)]
Add Microsoft Wireless Mobile Mouse 3500 and Wireless Arc Mouse.
ok mpi
djm [Tue, 29 Apr 2014 13:10:30 +0000 (13:10 +0000)]
bz#1818 - don't send channel success/failre replies on channels that
have sent a close already; analysis and patch from Simon Tatham;
ok markus@
mpi [Tue, 29 Apr 2014 12:53:33 +0000 (12:53 +0000)]
Make sure to call uhidev_close() upon detach, plug another xfer leak.
mpi [Tue, 29 Apr 2014 12:47:33 +0000 (12:47 +0000)]
Plug an xfer leak.
mpi [Tue, 29 Apr 2014 12:45:29 +0000 (12:45 +0000)]
Get rid of the per-softc freelist of transfer descriptors and use a
per-driver pool(9) instead.
With inputs from mikeb@
reyk [Tue, 29 Apr 2014 12:18:27 +0000 (12:18 +0000)]
Remove unused arguments from ssl_smtp_init()
ok gilles@
millert [Tue, 29 Apr 2014 12:11:25 +0000 (12:11 +0000)]
Remove support for the obsolete (non-POSIX) "more -d" prompt.
This was a local change that was only enabled when the LESS_IS_MORE
environment variable was set and not when invoked as "more".
OK shadchin@ jmc@
mpi [Tue, 29 Apr 2014 11:58:29 +0000 (11:58 +0000)]
If you plan to write an obfuscated-by-design kernel / userland
interface, I suggest you have a look at the link-layer sockaddr
interface:
/*
* A Link-Level Sockaddr may specify the interface in one of two
* ways: either by means of a system-provided index number (computed
* anew and possibly differently on every reboot), or by a human-readable
* string such as "il0" (for managerial convenience).
[...]
*/
ifa_ifwithnet() was not only checking for the sdl_index in order
to get the corresponding ifp for AF_LINK sockaddr, it was also
iterating over all the addresses on your system! But in this
case, the `address' field of "struct sockaddr_dl" is an interface
name set by link_addr(3).
How can this work? Well because the kernel allocates an empty
`netmask' field for each interface's lladdr, so that you can
abuse a network comparison function to reimplement strcmp(3)...
So when the userland does not specify an interface index, try
harder to see if it passed an ifp name, but at least be explicit
and use ifunit().
Found the hard way by/ok sthen@
markus [Tue, 29 Apr 2014 11:51:13 +0000 (11:51 +0000)]
make sure the state machine only advances if the AUTH payload has
been verified; with & ok mikeb@
reyk [Tue, 29 Apr 2014 10:18:06 +0000 (10:18 +0000)]
use explicit_bzero() instead of memset() to clear out sensitive data.
ok gilles@
reyk [Tue, 29 Apr 2014 10:08:55 +0000 (10:08 +0000)]
It is only required to load the keys and certs into the same SSL
context once. Simplify the code path by moving the loading from three
different places into ssl_ctx_create():
ok gilles@
kettenis [Tue, 29 Apr 2014 09:55:28 +0000 (09:55 +0000)]
Replace 1 << PAGE_SHIFT with PAGE_SIZE.
ok beck@, miod@
dcoppa [Tue, 29 Apr 2014 07:52:06 +0000 (07:52 +0000)]
Fix typo: d_addrt -> daddr_t
ok bmercer@
jsg [Tue, 29 Apr 2014 07:44:19 +0000 (07:44 +0000)]
fix a test for invalid timezones
oks from a bunch of people
andre [Tue, 29 Apr 2014 07:23:40 +0000 (07:23 +0000)]
Remove device white-listing as matching method, relies on on usage id
versus supported sensors table filtering.
discussed with and ok mpi@
sperreault [Mon, 28 Apr 2014 21:38:59 +0000 (21:38 +0000)]
Implement AI_ADDRCONFIG
This is a getaddrinfo() flag that is defined thusly in RFC 3493:
If the AI_ADDRCONFIG flag is specified, IPv4 addresses shall be
returned only if an IPv4 address is configured on the local system,
and IPv6 addresses shall be returned only if an IPv6 address is
configured on the local system. The loopback address is not
considered for this case as valid as a configured address.
For example, when using the DNS, a query for AAAA records should
occur only if the node has at least one IPv6 address configured
(other than IPv6 loopback) and a query for A records should occur
only if the node has at least one IPv4 address configured (other
than the IPv4 loopback).
The flag is set by default when hints is NULL.
ok Eric Faurot, Jason McIntyre
miod [Mon, 28 Apr 2014 21:14:50 +0000 (21:14 +0000)]
Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
brad [Mon, 28 Apr 2014 21:01:51 +0000 (21:01 +0000)]
Remove bogus semicolon.
Pointed out by LLVM.
fd.c:1378:29: error: if statement has empty body [-Werror,-Wempty-body]
ok miod@
tedu [Mon, 28 Apr 2014 20:10:55 +0000 (20:10 +0000)]
use the correct algorithm mask. reported by satish lvr via
http://marc.info/?l=openssl-dev&m=
139779977532459&w=2
ok miod
tedu [Mon, 28 Apr 2014 20:05:21 +0000 (20:05 +0000)]
SSL_OP_ALL is supposed to be all options and workarounds that are safe,
but disabling attack mitigations is not safe. 0.9.6d contained a
workaround for an attack against CBC modes. 0.9.6e disabled it by default
because "some" implementations couldn't handle empty fragments. 12 years
have passed. Does anybody still care? Let's find out.
ok miod
miod [Mon, 28 Apr 2014 19:06:19 +0000 (19:06 +0000)]
Remove ending cplusplus guard followed by starting cplusplus guard; from
Gebruiker Schoot.
miod [Mon, 28 Apr 2014 19:04:59 +0000 (19:04 +0000)]
Leftover includes and local declarations; from Gebruiker Schoot
miod [Mon, 28 Apr 2014 18:49:28 +0000 (18:49 +0000)]
Ignore IRIX6-compatible archive map on mips64 platform, since the mips64
toolchain creates them. This lets nm -w correctly return 0 for valid archives.
ok jasper@ deraadt@
okan [Mon, 28 Apr 2014 17:03:48 +0000 (17:03 +0000)]
re-add _ppp for npppd here as well; ok ajacoutot
jmc [Mon, 28 Apr 2014 16:23:19 +0000 (16:23 +0000)]
macro fixes for previous; ok reyk
reyk [Mon, 28 Apr 2014 15:43:04 +0000 (15:43 +0000)]
sync bzero => memset that was done for ip_divert.c before.
ok tedu@
florian [Mon, 28 Apr 2014 15:25:34 +0000 (15:25 +0000)]
Do not sleep after poll returning an error. Blindly copied over from
ping6 to ping by me without thinking clearly.
pointed out by deraadt@
OK jca@
syl [Mon, 28 Apr 2014 13:08:34 +0000 (13:08 +0000)]
Add support for 255 character file names in fuse.
from Helg Bredow, thanks!
input/OK reyk@
blambert [Mon, 28 Apr 2014 12:48:36 +0000 (12:48 +0000)]
fix memory leak
ok reyk@
espie [Mon, 28 Apr 2014 12:34:11 +0000 (12:34 +0000)]
check for integer overflows in custom allocs, okay jca@
mikeb [Mon, 28 Apr 2014 12:03:32 +0000 (12:03 +0000)]
Add support for exporting ARP table via ipNetToMediaTable OID.
With help from blambert@ and sthen@, tested by sthen@, benno@
and myself; ok blambert
reyk [Mon, 28 Apr 2014 11:19:22 +0000 (11:19 +0000)]
spacing
reyk [Mon, 28 Apr 2014 11:17:15 +0000 (11:17 +0000)]
bump copyright
reyk [Mon, 28 Apr 2014 11:16:18 +0000 (11:16 +0000)]
Add missing documentation for ipcomp(4) support and the configuration
payloads.
ok sthen@ krw@
reyk [Mon, 28 Apr 2014 11:05:59 +0000 (11:05 +0000)]
It's about time to remove the infamous CAVEATS section in iked(8).
Software is never "finished" but the implementation has matured enough
to drop the disclaimer about using it in production networks.
Thanks to markus@, mikeb@ and Hans-Joerg Hoexer for their significant
and ongoing work on improving iked(8).
Removal prompted by sthen@ and many others.
jsg [Mon, 28 Apr 2014 10:06:37 +0000 (10:06 +0000)]
Move an opening brace so a loop that delays while waiting
for hardware to set a ready bit actually delays.
ok krw@ deraadt@ 'sounds correct' miod@
deraadt [Mon, 28 Apr 2014 09:45:30 +0000 (09:45 +0000)]
whitespace cleanup while reading result of florian's recent (very nice) work
blambert [Mon, 28 Apr 2014 08:25:05 +0000 (08:25 +0000)]
better proc id name (it handles traps, not alerts) for the
snmp trap handler
djm [Mon, 28 Apr 2014 03:09:18 +0000 (03:09 +0000)]
buffer_get_string_ptr's return should be const to remind
callers that futzing with it will futz with the actual buffer
contents
schwarze [Sun, 27 Apr 2014 23:03:52 +0000 (23:03 +0000)]
Improve error handling in dbopen(). If PRAGMA SQL statements fail,
report the error, close the database, and return failure from dbopen(),
such that the main program can recover and rebuild the database.
As noticed by stsp@, this can happen when database files are
accessible, but corrupt or in the wrong format, which will now
automatically be repaired.
Besides, use a safer idiom after sqlite3_open*() failure that also
handles out-of-memory situations correctly, and do not forget to
close the database after CREATE TABLE failure.
schwarze [Sun, 27 Apr 2014 22:41:39 +0000 (22:41 +0000)]
For LUNA88K, make sure the architecture name shown to the user
matches the architecture name required for man -S and apropos -S.
Adjust the case of LUNA68K to match the case of LUNA88K.
ok aoyama@
guenther [Sun, 27 Apr 2014 22:18:25 +0000 (22:18 +0000)]
Regress for access()
miod [Sun, 27 Apr 2014 20:38:39 +0000 (20:38 +0000)]
typo in comment
miod [Sun, 27 Apr 2014 20:34:33 +0000 (20:34 +0000)]
Remove orphaned l2n6 and n2l6 macros.
miod [Sun, 27 Apr 2014 20:26:46 +0000 (20:26 +0000)]
Use C99 initializers for the various FOO_METHOD structs. More readable, and
avoid unreadable/unmaintainable constructs like that:
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
0,
"CMAC",
"OpenSSL CMAC method",
0,0,0,0,
0,0,0,
cmac_size,
0,
0,0,0,0,0,0,0,
cmac_key_free,
0,
0,0
};
ok matthew@ deraadt@
miod [Sun, 27 Apr 2014 20:24:52 +0000 (20:24 +0000)]
static const char * = "" -> static const char[] = "", to produce shorter code.
No functional change.
miod [Sun, 27 Apr 2014 20:22:30 +0000 (20:22 +0000)]
Unifdef -U OPENSSL_BUILD_SHLIBCRYPTO, since all it causes under Unix is to
redefine OPENSSL_EXTERN from `extern' to `extern'.
miod [Sun, 27 Apr 2014 20:20:57 +0000 (20:20 +0000)]
Put explicit (void) in function declarations and shuffle keywords in some
declaration to pass -Wextra, should we want to add it to CFLAGS.
No binary change.
zhuk [Sun, 27 Apr 2014 18:08:35 +0000 (18:08 +0000)]
Fix library search order in our libtool.
Before, libtool first searched all directories for .la files, and if
search failed, switched to actual libraries (.so/.a). But the correct way
is to check each directory first for .la, then for .so/.a.
The problem was reported by ajacoutot@ who verified that the patch fixes
his case and okay'ed the initial diff. And jasper@'s bulk uncovered a bug
which is fixed now (verified by another bulk).
jmc [Sun, 27 Apr 2014 16:58:08 +0000 (16:58 +0000)]
zap trailing whitespace;
jmc [Sun, 27 Apr 2014 16:56:51 +0000 (16:56 +0000)]
sort the ip6 sysctls;
jsing [Sun, 27 Apr 2014 16:19:04 +0000 (16:19 +0000)]
We do not need a separate file for two compatibility wrapper functions.
ok miod@
beck [Sun, 27 Apr 2014 15:59:25 +0000 (15:59 +0000)]
Fix leak last commit introduced. Spotted by Sebastian Kapfer.
logan [Sun, 27 Apr 2014 15:55:16 +0000 (15:55 +0000)]
Document net.inet6.ip6.dad_pending.
OK from jmc@, and thanks to sthen@ for pointing out my mistake in the first
version of the diff.
jmc [Sun, 27 Apr 2014 15:30:16 +0000 (15:30 +0000)]
zap a ton of silly Tn, and uppercase TTL; a few other minor tweaks along the
way;
stsp [Sun, 27 Apr 2014 14:55:09 +0000 (14:55 +0000)]
Add PME_STATUS and PME_EN bitmasks for the PCI PMCSR register.
ok kettenis@
mpi [Sun, 27 Apr 2014 14:48:10 +0000 (14:48 +0000)]
Start de-obfuscating the HC drivers.
Since pipe methods have an xfer argument, always use it to get acces to
various data structure (pipe, bus, device) instead of having a different
way to get a pointer to these descriptors in every function.
Also kill the {E,U}XFER() macro and use a consistent name accross all the
methods for {e,u}hci_xfer.
krw [Sun, 27 Apr 2014 13:41:50 +0000 (13:41 +0000)]
Don't zap disklabel (and next 6 blocks) when installing boot block on
4k-sector disk drives.
Noted and fix tested by David Vasek via misc@
tweaks & ok jsing@
mpi [Sun, 27 Apr 2014 13:32:04 +0000 (13:32 +0000)]
Do not let the bluetooth HID device, present in Apple machines with USB,
grab the console.
This makes ddb(4) usable with any simple wired USB keyboard on G3/G4
machines that do not have adb(4) input devices, on G5s and certainly on
some MacBooks too.
ok andre@, miod@
yasuoka [Sun, 27 Apr 2014 10:07:29 +0000 (10:07 +0000)]
Get back "_ppp" user and "_ppp" group. From now they will be solely
used by npppd.
ok deraadt
jmatthew [Sun, 27 Apr 2014 08:40:13 +0000 (08:40 +0000)]
transplant hotplug code over from qle(4)
todd [Sun, 27 Apr 2014 06:43:39 +0000 (06:43 +0000)]
sync
jmatthew [Sun, 27 Apr 2014 05:23:35 +0000 (05:23 +0000)]
When the firmware has already allocated the handle we want to use to log in
to a port, restart the update process to keep things in sync. Domain
controller logins get special handling here because they don't show up in the
list of logged in ports.
miod [Sat, 26 Apr 2014 22:54:54 +0000 (22:54 +0000)]
Appease gcc3 -Wuninitialized.
kettenis [Sat, 26 Apr 2014 21:45:50 +0000 (21:45 +0000)]
Get rid of duplication of the global lock code. Allow recursion in all
code paths.
ok pirofti@
beck [Sat, 26 Apr 2014 18:56:37 +0000 (18:56 +0000)]
Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@
todd [Sat, 26 Apr 2014 15:45:53 +0000 (15:45 +0000)]
sync
mpi [Sat, 26 Apr 2014 14:26:48 +0000 (14:26 +0000)]
Do not pass a NULL argument to OF_getprop(), even if it's fine for the
moment since we use an intermediate buffer and we specify a length of 0,
there's no need for an exception here.
Noticied while playing with the virtual-mode client interface of firmware.
mpi [Sat, 26 Apr 2014 14:19:04 +0000 (14:19 +0000)]
Allow to compile with DEBUG_PMAP defined.
jsing [Sat, 26 Apr 2014 13:07:16 +0000 (13:07 +0000)]
More KNF.
jsing [Sat, 26 Apr 2014 13:04:24 +0000 (13:04 +0000)]
KNF.
millert [Sat, 26 Apr 2014 11:53:05 +0000 (11:53 +0000)]
Kill the link to /usr/bin/page. OK henning@ jmc@ miod@ schwarze@
sthen [Sat, 26 Apr 2014 11:28:49 +0000 (11:28 +0000)]
fix whitespace
sthen [Sat, 26 Apr 2014 11:27:23 +0000 (11:27 +0000)]
Only remove queues from the TAILQ when the ticket changes; fixes PPS/BPS
displays for queues in "systat q". From Arto Jonsson.
jsing [Sat, 26 Apr 2014 11:08:59 +0000 (11:08 +0000)]
This is not FreeBSD.
ok miod@
jsing [Sat, 26 Apr 2014 11:08:10 +0000 (11:08 +0000)]
Do you really want to build OpenSSL for 16-bit Windows? Well, we don't.
ok miod@
florian [Sat, 26 Apr 2014 11:02:45 +0000 (11:02 +0000)]
Link traceroute6 to traceroute, thus completing the merge.
I was originally sent on this little errand by deraadt@.
OK sthen@, benno@
(Committing from a bus somewhere in germany on its way to berlin.)
jsg [Sat, 26 Apr 2014 06:17:26 +0000 (06:17 +0000)]
remove a duplicate break statement
shadchin [Sat, 26 Apr 2014 05:58:43 +0000 (05:58 +0000)]
Revert 1.11. That patch is not only not necessary, it is quite harmful now.
ok schwarze@
mlarkin [Sat, 26 Apr 2014 05:43:00 +0000 (05:43 +0000)]
Perform MAXPHYS-sized reads for the chunktable instead of PAGE_SIZE-sized
reads.
Also fix a VA leak in the chunktable read error path.
jmc [Fri, 25 Apr 2014 22:28:42 +0000 (22:28 +0000)]
discussing terminfo is not needed; ok schwarze
schwarze [Fri, 25 Apr 2014 20:33:05 +0000 (20:33 +0000)]
This manual was lacking it's most important section, HISTORY.
While here, add .An (author name) macros.
schwarze [Fri, 25 Apr 2014 20:23:37 +0000 (20:23 +0000)]
Security is square, gaming is hip,
so extend the Valhalla Rampage to where it really matters.
Tedu 118 lines of dead code containing 77 dead magic numbers,
rotting in the tree since June 24, 2001.
Spotted by and ok jsg@, ok sthen@.
halex [Fri, 25 Apr 2014 19:34:24 +0000 (19:34 +0000)]
filter excess data from autoinstall output *before* it ends up in the
log file on the ramdisk, in order not to run out of its precious space
reported by, tested and ok sebastia@
schwarze [Fri, 25 Apr 2014 18:07:41 +0000 (18:07 +0000)]
Make more(1) POSIX compliant with respect to the -e option.
By default, "more" now works like "less -e", and "more -e" now
works like "less -E", and more never exits just because the file
fits on the first screen, like "less -F" would.
While documenting this, add some text to the DESCRIPTION explaining
how paging works. That allows a very concise description of -e.
code change ok millert@
manual page joint work with and ok jmc@
bluhm [Fri, 25 Apr 2014 17:59:53 +0000 (17:59 +0000)]
Redirecting stderr to /dev/null suppresses all errors. Instead use
the new status=none feature to make dd quiet.
OK halex@
jmc [Fri, 25 Apr 2014 15:09:56 +0000 (15:09 +0000)]
add traceroute6 to NAME, and knock out some unneeded Bk/Ek;
jmc [Fri, 25 Apr 2014 14:54:45 +0000 (14:54 +0000)]
sort; ok blambert
jsing [Fri, 25 Apr 2014 14:53:22 +0000 (14:53 +0000)]
KNF.
mlarkin [Fri, 25 Apr 2014 14:37:06 +0000 (14:37 +0000)]
Defer the free of the hibernate structures until later, when it is safe to
do so.
Freeing the hibernate structures too early leads to inadvertent calls into
splx when we aren't ready for them yet. Found when trapping splx calls in
the resume path.
discussed with deraadt@ at m2k14
schwarze [Fri, 25 Apr 2014 14:10:59 +0000 (14:10 +0000)]
Fix a minor optimization i broke in bsd.lv rev. 1.163 on August 20, 2010:
Do not bother looking into the hash table when the length of the macro
already tells us it's invalid. No functional change.
Noticed by jsg@, thanks!
jsing [Fri, 25 Apr 2014 14:08:32 +0000 (14:08 +0000)]
Fold in the zlib_cleanup macro.
jsing [Fri, 25 Apr 2014 14:00:15 +0000 (14:00 +0000)]
do_pipe_sig is now only used in openssl.c - just call signal() directly
from there instead and ditch the macro.
jsing [Fri, 25 Apr 2014 13:56:39 +0000 (13:56 +0000)]
NON_MAIN no longer means anything so remove it, along with APP_INIT.
ok miod@
jsing [Fri, 25 Apr 2014 13:55:25 +0000 (13:55 +0000)]
The apps_{startup,shutdown} macro mess is now only used in openssl.c -
reduce the macro to two functions and just call them instead.
ok miod@
shadchin [Fri, 25 Apr 2014 13:38:21 +0000 (13:38 +0000)]
Merge Less 458 plus local patches
ok guenther@, ok jmc@ for man bits
projects / openbsd / log