semarie [Thu, 7 Jul 2016 09:26:25 +0000 (09:26 +0000)]
biff, mesg, vi: only consider ACCESSPERMS for setting tty mode.
it explicitly removes any S_ISUID|S_ISGID|S_ISTXT bits, instead of letting
pledge(2) silenciously remove them.
ok beck@ deraadt@
semarie [Thu, 7 Jul 2016 09:24:09 +0000 (09:24 +0000)]
tmux: only consider ACCESSPERMS for setting mode on socket_path.
it explicitly removes any S_ISUID|S_ISGID|S_ISTXT bits, instead of letting
pledge(2) silenciously remove them.
ok nicm@ beck@ deraadt@
mglocker [Thu, 7 Jul 2016 08:08:02 +0000 (08:08 +0000)]
Add man page for the maxrtc(4) I2C driver.
mlarkin [Thu, 7 Jul 2016 00:58:31 +0000 (00:58 +0000)]
sanity check vm create and run args earlier
bluhm [Wed, 6 Jul 2016 21:30:21 +0000 (21:30 +0000)]
Now libtls is always reading cert.pem during tls_config_new().
Adapt ktrace count in syslogd test.
otto [Wed, 6 Jul 2016 20:32:02 +0000 (20:32 +0000)]
J/j is a three valued option, document and fix code to actuall support that
with a little help from jmc@ for the man page bits
ok jca@ and a reluctant tedu@
millert [Wed, 6 Jul 2016 19:29:13 +0000 (19:29 +0000)]
Allow space-deliminated fields in syslog.conf in addition to
traditional tabs-deliminated fields. This is consistent with what
FreeBSD, NetBSD and Linux do. Adapted from FreeBSD.
millert [Wed, 6 Jul 2016 19:26:35 +0000 (19:26 +0000)]
Return EINVAL for mknod/mknodat when dev is -1 (aka VNOVAL).
OK beck@ tedu@
jsing [Wed, 6 Jul 2016 16:47:18 +0000 (16:47 +0000)]
Check that the given ciphers string is syntactically valid and results in
at least one matching cipher suite.
ok doug@
jca [Wed, 6 Jul 2016 16:38:09 +0000 (16:38 +0000)]
route6d spring cleanup
Various tweaks and fixes:
- nuke util.h, not needed since pidfile(3) went away
- nuke the rrt_same member of struct riprt, "future use" since import
- mark rtdexit as __dead
- nuke progname handling
- fix pid handling: cache the pid *after* calling daemon(3)
- nuke setting rtm_pid. The kernel is responsible for setting this
in routing messages.
- nuke the useless myseq variable
ok florian@ benno@ millert@ deraadt@ renato@
jsing [Wed, 6 Jul 2016 16:31:18 +0000 (16:31 +0000)]
Remove manual file loading (now that libtls does this for us) and adjust
pledge to match. Also use tls_config_error() to provide friendlier error
messages.
jsing [Wed, 6 Jul 2016 16:16:36 +0000 (16:16 +0000)]
Always load CA, key and certificate files at the time the configuration
function is called. This simplifies code and results in a single memory
based code path being used to provide data to libssl. Errors that occur
when accessing the specified file are now detected and propagated
immediately. Since the file access now occurs when the configuration
function is called, we now play nicely with privsep/pledge.
ok beck@ bluhm@ doug@
tedu [Wed, 6 Jul 2016 15:53:01 +0000 (15:53 +0000)]
fix several places where calculating ticks could overflow.
it's not enough to assign to an unsigned type because if the arithmetic
overflows the compiler may decide to do anything. so change all the
long long casts to uint64_t so that we start with the right type.
reported by Tim Newsham of NCC.
ok deraadt
mpi [Wed, 6 Jul 2016 15:50:00 +0000 (15:50 +0000)]
Move Hop-by-Hop processing into its own function ip6_hbhchcheck().
This function will help splitting the IPv6 input path in two, in
order to run the first part without KERNEL_LOCK() held.
Tested by Hrvoje Popovski, ok bluhm@
visa [Wed, 6 Jul 2016 14:19:29 +0000 (14:19 +0000)]
sync
mlarkin [Wed, 6 Jul 2016 07:09:15 +0000 (07:09 +0000)]
clarify a comment about memory regions
guenther [Wed, 6 Jul 2016 04:35:12 +0000 (04:35 +0000)]
Use fstatat() to avoid path surgery.
bug catching and ok millert@
jsing [Wed, 6 Jul 2016 02:32:57 +0000 (02:32 +0000)]
Correctly handle an EOF that occurs prior to the TLS handshake completing.
Reported by Vasily Kolobkov, based on a diff from Marko Kreen.
ok beck@
schwarze [Tue, 5 Jul 2016 20:01:47 +0000 (20:01 +0000)]
Some new tests related to bin/cat.c rev. 1.25,
from Sevan Janiyan <venture37 at geeklan dot co dot uk>.
bru [Tue, 5 Jul 2016 19:33:14 +0000 (19:33 +0000)]
Improve the tracking functions in wsmouse.
ok mpi@
deraadt [Tue, 5 Jul 2016 18:45:39 +0000 (18:45 +0000)]
sync
millert [Tue, 5 Jul 2016 18:16:49 +0000 (18:16 +0000)]
Update to tzdata2016f from from ftp.iana.org.
tim [Tue, 5 Jul 2016 17:41:59 +0000 (17:41 +0000)]
Remove kern.random remnants; OK deraadt@
jca [Tue, 5 Jul 2016 16:41:40 +0000 (16:41 +0000)]
Move to svc_getreq_poll/svc_pollfd.
Stop using select to avoid the weird workarounds for fd_set size.
Also replace calloc with reallocarray. Prompted by a mail by Miod,
cluebat from guenther@.
ok millert@, prodding deraadt@
visa [Tue, 5 Jul 2016 13:41:46 +0000 (13:41 +0000)]
Remove debug code that slipped in.
visa [Tue, 5 Jul 2016 12:57:58 +0000 (12:57 +0000)]
Build eeprom(8) on octeon.
ok kettenis@ deraadt@ jasper@
visa [Tue, 5 Jul 2016 12:56:28 +0000 (12:56 +0000)]
regen
visa [Tue, 5 Jul 2016 12:55:32 +0000 (12:55 +0000)]
Add /dev/openprom.
ok kettenis@ deraadt@ jasper@
visa [Tue, 5 Jul 2016 12:53:40 +0000 (12:53 +0000)]
Add openprom(4) for octeon.
ok kettenis@ deraadt@ jasper@
tim [Tue, 5 Jul 2016 11:43:02 +0000 (11:43 +0000)]
Hook up the pcfrtc(4) manual; OK kettenis@
mpi [Tue, 5 Jul 2016 10:17:14 +0000 (10:17 +0000)]
Expand IN6_IFF_NOTREADY, ok bluhm@
sthen [Tue, 5 Jul 2016 09:45:02 +0000 (09:45 +0000)]
sync
mpi [Tue, 5 Jul 2016 09:17:10 +0000 (09:17 +0000)]
Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic
addresses set on p2p interfaces.
Found the hardway by naddy@
jsg [Tue, 5 Jul 2016 05:06:27 +0000 (05:06 +0000)]
Modify code added in rev 1.30 to use the correct variable instead of a
different uninitialised one.
ok martijn@
bcook [Tue, 5 Jul 2016 03:55:34 +0000 (03:55 +0000)]
remove extra assignment of s from 1.11, fix regression test
beck [Tue, 5 Jul 2016 03:24:38 +0000 (03:24 +0000)]
remove unneeded duplicate call - spotted by jsing@
bcook [Tue, 5 Jul 2016 02:54:35 +0000 (02:54 +0000)]
On systems where we do not have BN_ULLONG defined (most 64-bit systems),
BN_mod_word() can return incorrect results if the supplied modulus is
too big, so we need to fall back to BN_div_word.
Now that BN_mod_word may fail, handle errors properly update the man page.
Thanks to Brian Smith for pointing out these fixes from BoringSSL:
https://boringssl.googlesource.com/boringssl/+/
67cb49d045f04973ddba0f92fe8a8ad483c7da89
https://boringssl.googlesource.com/boringssl/+/
44bedc348d9491e63c7ed1438db100a4b8a830be
ok beck@
guenther [Tue, 5 Jul 2016 00:44:41 +0000 (00:44 +0000)]
Missed a reference to dl_prebind.h
problem noted by Andrew Ngo (andrew.ngo (at) gmail.com)
tedu [Tue, 5 Jul 2016 00:35:09 +0000 (00:35 +0000)]
remove some casts that aren't necessary.
beck [Tue, 5 Jul 2016 00:21:47 +0000 (00:21 +0000)]
Add several fixes from OpenSSL to make OCSP work with intermediate
certificates provided in the response. - makes our newly added
ocsp regress test pass too..
ok bcook@
beck [Tue, 5 Jul 2016 00:16:23 +0000 (00:16 +0000)]
make less awful.. test against cloudflare too
beck [Mon, 4 Jul 2016 23:43:30 +0000 (23:43 +0000)]
Add a nasty little ocsp regress test in the hope pedants will make it better.
mlarkin [Mon, 4 Jul 2016 23:03:52 +0000 (23:03 +0000)]
limit each viornd request to 64KB.
kettenis [Mon, 4 Jul 2016 21:51:40 +0000 (21:51 +0000)]
Add nep(4).
guenther [Mon, 4 Jul 2016 21:15:06 +0000 (21:15 +0000)]
Remove prebind support: binding to symbol table indices is too fragile
for our development process.
ok kettenis@ deraadt@
kettenis [Mon, 4 Jul 2016 20:56:50 +0000 (20:56 +0000)]
Nuke prebind support; it's unworkable and we're never going to finish it.
ok guenther@, deraadt@
natano [Mon, 4 Jul 2016 18:34:03 +0000 (18:34 +0000)]
Add missing vput() in error path to prevent a vnode getting stuck with a
stale reference and lock, while it shouldn't hold either.
"makes sense to me" beck@
guenther [Mon, 4 Jul 2016 18:01:44 +0000 (18:01 +0000)]
DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS
contains -g by default anyway
problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
ok millert@ kettenis@ deraadt@
guenther [Mon, 4 Jul 2016 17:56:54 +0000 (17:56 +0000)]
gcc's -fvisibility=hidden isn't the behavior we wanted when cleaning up
symbol exports, so delete ${VISIBILITY_HIDDEN} as unused
ok kettenis@ deraadt@
tedu [Mon, 4 Jul 2016 16:12:52 +0000 (16:12 +0000)]
switch calculuated thrsleep timeout to unsigned to prevent overflow
into negative values, which later causes a panic.
reported by Tim Newsham at NCC.
ok guenther
mpi [Mon, 4 Jul 2016 09:30:18 +0000 (09:30 +0000)]
On Quad-G5 make hpb(4) attach first when iterating PCI buses.
This allows openpic(4) to properly map interrupt for the devices
instead of possibly dereferencing garbage.
Found the hardway by and ok jmatthew@
mpi [Mon, 4 Jul 2016 08:11:48 +0000 (08:11 +0000)]
Use the _SAFE_ version of SRPL_FOREACH() in rtable_walk_helper() to
prevent an off-by-one when removing entries from the mpath list.
Fix a regression introduced by the refactoring needed to serialize
rtable_walk() with create/delete.
ok jca@
guenther [Mon, 4 Jul 2016 04:33:35 +0000 (04:33 +0000)]
The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT
in snaps for a week, ok deraadt@
guenther [Mon, 4 Jul 2016 04:05:29 +0000 (04:05 +0000)]
Drop support for the undocumented second argument (same as -N option)
ok deraadt@
guenther [Mon, 4 Jul 2016 03:24:48 +0000 (03:24 +0000)]
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
millert [Mon, 4 Jul 2016 01:39:12 +0000 (01:39 +0000)]
The -I flag is documented but not implemented. This fixes that and
also honors the -I flag from ci/co when prompting like GNU RCS.
OK jca@
deraadt [Mon, 4 Jul 2016 00:40:17 +0000 (00:40 +0000)]
sync
mglocker [Sun, 3 Jul 2016 20:05:44 +0000 (20:05 +0000)]
Move videovar.h in to video.c since it isn't used anywhere else.
Suggested by mpi@ diff from Patrick Keshishian.
ok mpi
gilles [Sun, 3 Jul 2016 14:30:33 +0000 (14:30 +0000)]
add -r option to enqueuer as compat interface for mailx
diff by Richard <richard@aaazen.com>
semarie [Sun, 3 Jul 2016 04:36:08 +0000 (04:36 +0000)]
introduces new promise "chown" to allow changing owner/group with *chown(2) family
it splits PLEDGE_FATTR in two ("fattr" stills grant the 2 flags, so no functional changes):
- PLEDGE_CHOWN : to be able to call *chown(2) syscalls
- PLEDGE_FATTR : the rest
it introduces "chown" which grant:
- PLEDGE_CHOWN : be able to call *chown(2)
- PLEDGE_CHOWNUID : be able to modifying owner/group
ok deraadt@ tedu@
deraadt [Sun, 3 Jul 2016 03:19:02 +0000 (03:19 +0000)]
sync
afresh1 [Sun, 3 Jul 2016 01:07:47 +0000 (01:07 +0000)]
Update to perl 5.20.3
OK bluhm@
tedu [Sat, 2 Jul 2016 17:09:09 +0000 (17:09 +0000)]
check cache tree for collisions when inserting replies.
if two identical requests are sent out, the first will create a cache
entry. the second will not go into the cache tree, but will linger around,
causing a crash when we free it and try to remove from the tree. instead,
give up if insert fails.
diagnosis and initial patch from Duncan.
mglocker [Sat, 2 Jul 2016 16:28:50 +0000 (16:28 +0000)]
Get 'AOAShasta' soundchip working found on PowerMac9,1.
ok deraadt
eric [Sat, 2 Jul 2016 09:32:30 +0000 (09:32 +0000)]
remove misleading comment. it's not true anymore.
ok gilles@
eric [Sat, 2 Jul 2016 08:47:30 +0000 (08:47 +0000)]
datain counter is part of the transaction state
ok gilles@
eric [Sat, 2 Jul 2016 07:55:59 +0000 (07:55 +0000)]
set the msgid on the transaction
ok gilles@ jung@
jmc [Sat, 2 Jul 2016 05:58:00 +0000 (05:58 +0000)]
do not uppercase "hop limit";
renato [Fri, 1 Jul 2016 23:36:38 +0000 (23:36 +0000)]
More renaming and whitespace cleanup.
No binary change after "strip -s".
renato [Fri, 1 Jul 2016 23:33:46 +0000 (23:33 +0000)]
Be more compliant with RFC 4447.
When sending a label withdraw during the pseudowire Control Word
negotiation, append a "Wrong C-bit" status TLV after the FEC TLV (in
conformance to RFC 4447 section 6.2). Apparently this has no use other
than aiding in troubleshooting.
Also, extend the recv_labelmessage() function to accept Status TLVs and
ignore them instead of shutting down the session.
renato [Fri, 1 Jul 2016 23:29:55 +0000 (23:29 +0000)]
Several minor tweaks.
renato [Fri, 1 Jul 2016 23:22:42 +0000 (23:22 +0000)]
Decrease the initialization FSM timeout.
The previous value of 180 was just too long. If a neighbor get stuck in
the initialization FSM for more than 15 seconds, then there's certainly
something wrong and the session should be dropped.
A potential case of a neighbor getting stuck in the initialization
FSM is when both the local and the remote LSRs disable the LDPv4 GTSM
negotiation and there's a mismatch in their GTSM configuration (one is
enabled for GTSM while the other is not).
In this case, a smaller timeout allows for a quicker recovery of the
session when the configuration is fixed on either side.
renato [Fri, 1 Jul 2016 23:18:24 +0000 (23:18 +0000)]
Rename hello flags to keep consistent with the rest of the code.
Flag constants should start with F_.
renato [Fri, 1 Jul 2016 23:14:31 +0000 (23:14 +0000)]
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
schwarze [Fri, 1 Jul 2016 22:40:44 +0000 (22:40 +0000)]
For -be, indent the $ on blank lines.
Patch from Giles Lean (NetBSD PR bin/4841), tweaked by kleink at
NetBSD (rev. 1.17 1998-01-27), version for OpenBSD sent in by Sevan
Janiyan <venture37 at geeklan dot co dot uk>.
OK deraadt@
schwarze [Fri, 1 Jul 2016 20:23:29 +0000 (20:23 +0000)]
Update and simplify the documentation of the -s option,
which was forgotten when implementing the new man.conf(5) format.
The outdated information was originally pointed out
by Andy Bradford <amb dash openbsd at bradfords dot org> on misc@.
OK jmc@
eric [Fri, 1 Jul 2016 19:52:31 +0000 (19:52 +0000)]
always refer to the helo string stored on the session
ok gilles@
jca [Fri, 1 Jul 2016 18:37:15 +0000 (18:37 +0000)]
Make accepted sockets inherit IP_TTL from the listening socket.
This is consistent with the IPV6_UNICAST_HOPS behavior, and is the only
way to allow applications to completely control the TTL of outgoing
packets (else an application could temporariy send packets with the
default TTL, until it sets again IP_TTL ; this is harmful eg for GTSM).
ok bluhm@
jca [Fri, 1 Jul 2016 18:28:58 +0000 (18:28 +0000)]
Allow resetting the IP_TTL and IP_MINTTL sockopts
IP_TTL can be reset by passing -1, IP_MINTTL can be reset by passing 0.
This is consistent with what Linux does and
IPV6_UNICAST_HOPS/IPV6_MINHOPCOUNT.
ok bluhm@
jca [Fri, 1 Jul 2016 18:18:57 +0000 (18:18 +0000)]
Unbreak getsockopt(IPV6_MINHOPCOUNT)
ok bluhm@
eric [Fri, 1 Jul 2016 17:53:23 +0000 (17:53 +0000)]
flag the local socket listener as local.
clarify check for local listeners.
ok gilles@ millert@
millert [Fri, 1 Jul 2016 15:47:15 +0000 (15:47 +0000)]
Avoid printing f->f_lasttime and/or f->f_prevhost if they are empty.
This fixes a long-standing issue where syslogd would print 15 NUL
bytes followed by two blank spaces before the log message for
warnings generated while parsing syslog.conf. OK bluhm@
bluhm [Fri, 1 Jul 2016 15:30:46 +0000 (15:30 +0000)]
Timing changed, now a syslogd test may get EPIPE instead of
ECONNREFUSED error.
visa [Fri, 1 Jul 2016 15:12:37 +0000 (15:12 +0000)]
Add fdt init for octeon.
jcs [Fri, 1 Jul 2016 15:02:49 +0000 (15:02 +0000)]
add a simple keyboard backlight driver for some chromebooks,
adjustable with wsconsctl keyboard.backlight
ok bmercer, kettenis
millert [Fri, 1 Jul 2016 15:00:48 +0000 (15:00 +0000)]
Include errno string in log message when we fail to open a file.
The privileged process sends the errno value back when it cannot
open a file. OK gilles@
patrick [Fri, 1 Jul 2016 09:34:39 +0000 (09:34 +0000)]
SolidRun's HummingBoards and CuBoxes are also available with
the i.MX6 Solo and DualLite SoCs. Those are slightly different
to the bigger versions and thus have a different FDT compatible
name. To be able for us to boot on those machines, add those
compatible names to the list and re-use the board ids.
ok kettenis@
jmc [Fri, 1 Jul 2016 07:00:02 +0000 (07:00 +0000)]
update currency exchange rates;
bcook [Fri, 1 Jul 2016 00:29:14 +0000 (00:29 +0000)]
Simplify IP proto-specific sockopt error handling.
This makes error messages more specific and simplifies
masking compatible sections for the portable version.
ok beck@
ratchov [Thu, 30 Jun 2016 21:37:29 +0000 (21:37 +0000)]
Use CLOCK_UPTIME instead of CLOCK_MONOTONIC, as the later makes jumps
during suspend/resume cycles which triggers watchdog time-outs and
in turn prevents sndiod from resuming.
afresh1 [Thu, 30 Jun 2016 21:16:13 +0000 (21:16 +0000)]
Update perl Time::HiRes to 1.9739
Which provides hires `utime`
requested by espie@ OK millert@
mglocker [Thu, 30 Jun 2016 19:54:13 +0000 (19:54 +0000)]
Also mention the term 'USB device' in the title to make clear that the
reference count is on a device level.
ok jmc
gilles [Thu, 30 Jun 2016 18:41:39 +0000 (18:41 +0000)]
update aliases documentation to reflect reality
tedu [Thu, 30 Jun 2016 15:59:30 +0000 (15:59 +0000)]
don't need the .xr to sysctl now either
tedu [Thu, 30 Jun 2016 15:58:06 +0000 (15:58 +0000)]
nptys sysctls were removed
tedu [Thu, 30 Jun 2016 15:56:59 +0000 (15:56 +0000)]
ntpys sysctl was removed
tedu [Thu, 30 Jun 2016 15:54:53 +0000 (15:54 +0000)]
992 ptys is the hard max.
mpi [Thu, 30 Jun 2016 12:36:27 +0000 (12:36 +0000)]
Use ``rt_addr'' rather than ``rt_ifa'' to get the source address
corresponding to a route.
ok florian@ on a previous version, input and ok bluhm@
bcook [Thu, 30 Jun 2016 12:19:51 +0000 (12:19 +0000)]
Tighten behavior of _rs_allocate failure for portable arc4random implementations.
In the event of a failure in _rs_allocate for rsx, we still have a reference to
freed memory for rs on return. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
ok deraadt@
bcook [Thu, 30 Jun 2016 12:17:29 +0000 (12:17 +0000)]
Tighten behavior of _rs_allocate on Windows.
For Windows, we are simply using calloc, which has two annoyances:
the memory has more permissions than needed by default, and it comes
from the process heap, which looks like a memory leak since this memory
is rightfully never freed.
This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the
memory to READ|WRITE and keeps the memory out of the process heap.
ok deraadt@