bluhm [Wed, 29 Apr 2015 08:41:24 +0000 (08:41 +0000)]
When the HTTP client did close the connection while relayd was still
parsig the HTTP header, the session was never destroyed. This
resulted in a file descriptor leak.
Add a check wether the protocol knows how much data to expect. If
relayd is reading unlimited data or is expecting nothing to read,
ignore the end-of-file. Otherwise it is a protocol violation, so
close the session immediately.
While there, make relayd compile with DEBUG defined.
Based on a diff from claudio@; tested by claudio@; OK claudio@ benno@
deraadt [Wed, 29 Apr 2015 06:37:14 +0000 (06:37 +0000)]
the non braced do while made my teeth hurt
guenther [Wed, 29 Apr 2015 06:06:38 +0000 (06:06 +0000)]
Also generate db_structinfo.txt with struct member offset and size info
prodded by deraadt@ and miod@
guenther [Wed, 29 Apr 2015 06:01:37 +0000 (06:01 +0000)]
Delete the duplicated sched_{policy,param} members from the internal struct
pthread and instead use the values from the embedded struct pthread_attr.
For bonus points, pay attention to the sched_inherit attribute and possibly
set the values from the parent thread.
Problem noted by natano of bitrig.
dtucker [Wed, 29 Apr 2015 05:23:27 +0000 (05:23 +0000)]
Add tests for ListenAddress/Port/AddressFamily in alternate orders.
jsg [Wed, 29 Apr 2015 04:43:25 +0000 (04:43 +0000)]
Remove a check for NULL that would have been after a NULL dereference
if callers of save_vec() weren't expected to pass a non NULL pointer
as an argument.
ok kettenis@
jsg [Wed, 29 Apr 2015 04:29:23 +0000 (04:29 +0000)]
Move a variable's initialisation so a panic will work as intended.
ok guenther@ deraadt@
deraadt [Wed, 29 Apr 2015 04:00:25 +0000 (04:00 +0000)]
Change internal xrealloc() to a idiom-following xreallocarray().
This loses a "new size is 0" failure case. Probably not relevant;
and since we develop this in OpenBSD, we'll catch that before someone
else imports this...
ok millert
dtucker [Wed, 29 Apr 2015 03:48:56 +0000 (03:48 +0000)]
Allow ListenAddress, Port and AddressFamily in any order. bz#68,
ok djm@, jmc@ (for the man page bit).
doug [Wed, 29 Apr 2015 02:11:09 +0000 (02:11 +0000)]
Add whitespace and replace OPENSSL_free with free in documentation.
ok jsing@
doug [Wed, 29 Apr 2015 02:02:46 +0000 (02:02 +0000)]
Call CBB_add_space() rather than reimplementing it.
ok jsing@
doug [Wed, 29 Apr 2015 01:49:28 +0000 (01:49 +0000)]
Rename cbb_buffer_add_u to cbb_add_u and remove redundant code.
All of cbb_buffer_add_u's callers first call CBB_flush and send cbb->base.
cbb_add_u() now has that common code in one place.
ok jsing@
doug [Wed, 29 Apr 2015 01:39:32 +0000 (01:39 +0000)]
Added len_len error checking for internal cbb_buffer_add_u().
ok jsing@
doug [Wed, 29 Apr 2015 01:31:39 +0000 (01:31 +0000)]
Call CBS_mem_equal() rather than reimplementing it.
ok jsing@
doug [Wed, 29 Apr 2015 01:27:34 +0000 (01:27 +0000)]
Avoid NULL deref in CBS_get_any_asn1_element().
This function is documented as allowing NULL for out_header_len.
ok jsing@
doug [Wed, 29 Apr 2015 01:23:20 +0000 (01:23 +0000)]
Added error checking for len argument in cbs_get_u().
tweak + ok jsing@
doug [Wed, 29 Apr 2015 01:16:06 +0000 (01:16 +0000)]
free() can handle NULL.
ok jsing@
millert [Wed, 29 Apr 2015 00:42:12 +0000 (00:42 +0000)]
Add missing #include <stdint.h> for SIZE_MAX
doug [Wed, 29 Apr 2015 00:24:31 +0000 (00:24 +0000)]
Reject dNSName of " " for subjectAltName extension.
RFC 5280 says " " must not be used as a dNSName.
ok jsing@ jca@
millert [Wed, 29 Apr 2015 00:13:26 +0000 (00:13 +0000)]
Add missing #include <stdint.h> for SIZE_MAX
doug [Wed, 29 Apr 2015 00:11:12 +0000 (00:11 +0000)]
Add missing BN_CTX_end() calls.
After calling BN_CTX_start(), there must be a BN_CTX_end() before
returning. There were missing BN_CTX_end() calls in error paths. One diff
chunk was simply removing redundant code related to this.
ok deraadt@
halex [Wed, 29 Apr 2015 00:10:44 +0000 (00:10 +0000)]
VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still
worth noting
"go ahead" schwarze@
kettenis [Tue, 28 Apr 2015 22:29:24 +0000 (22:29 +0000)]
Explicitly include .codepatch and .codepatchend in .rodata such that
the binutils 2.17 linker doesn't make them disappear.
ok deraadt@, guenther@
sthen [Tue, 28 Apr 2015 21:41:40 +0000 (21:41 +0000)]
ajacoutot spotted a problem with the new sshd logic (to disable root logins
by default completely in most cases, except where a public ssh key was provided
to autoinstall) - in the case where a (non-root) account was created, sshd
was being disabled; this diff fixes it. Looks good ajacoutot, OK djm@,
extensive testing+OK rpe@,
kettenis [Tue, 28 Apr 2015 20:54:18 +0000 (20:54 +0000)]
Protect the per-process itimerval structs with a mutex. We update these
from hardclock() which runs without grabbing the kernel lock. This means
that two threads could concurrently update the struct which could lead to
corruption of the value which in turn could stop the timer. It could also
result in getitimer(2) returning a non-normalized value.
With help from guenther@.
ok deraadt@, guenther@
kettenis [Tue, 28 Apr 2015 18:39:13 +0000 (18:39 +0000)]
Don't grab the kernel lock for clock interrupts. The way we use mutexes
these days is incompatible with that practice and leads to deadlocks.
ok jsing@
mpi [Tue, 28 Apr 2015 14:51:50 +0000 (14:51 +0000)]
Make sure to overwrite sdl_type after calling ether_ifattach().
Fix a problem found by Johan Huldtgren, ok phessler@
jsg [Tue, 28 Apr 2015 14:07:47 +0000 (14:07 +0000)]
Fix a memory leak in an error path found by Maxime Villard's
Brainy Code Scanner.
jmc [Tue, 28 Apr 2015 14:07:16 +0000 (14:07 +0000)]
tidy up the prebind text; prompted by zhuk
jmc [Tue, 28 Apr 2015 13:47:38 +0000 (13:47 +0000)]
enviroment -> environment: apologies to darren for not spotting that first
time round...
nicm [Tue, 28 Apr 2015 12:09:24 +0000 (12:09 +0000)]
If looking for an index, don't fill in window when given a session.
nicm [Tue, 28 Apr 2015 11:57:20 +0000 (11:57 +0000)]
Do not do a search for the tty path if there isn't one.
nicm [Tue, 28 Apr 2015 11:33:17 +0000 (11:33 +0000)]
If can't find pane as a pane, try as a window; likewise if can't find
window as a session.
nicm [Tue, 28 Apr 2015 10:43:13 +0000 (10:43 +0000)]
Add select-layout -o to undo the last layout change (apply the previously
set layout).
dtucker [Tue, 28 Apr 2015 10:25:15 +0000 (10:25 +0000)]
Fix typo in previous
dtucker [Tue, 28 Apr 2015 10:17:58 +0000 (10:17 +0000)]
Document that the TERM environment variable is not subject to SendEnv
and AcceptEnv. bz#2386, based loosely on a patch from jjelen at redhat,
help and ok jmc@
stsp [Tue, 28 Apr 2015 07:55:13 +0000 (07:55 +0000)]
In rtsx(4), condense the list of support chips in a comment, remove the unused
F_5227 flag, sort PCI IDs, and fix a typo in a comment. No functional change.
from brad
mlarkin [Tue, 28 Apr 2015 05:54:31 +0000 (05:54 +0000)]
Someone went to the trouble of vertically aligning a set of parameters but
missed one. This diff is only a spacing change.
lteo [Tue, 28 Apr 2015 02:26:43 +0000 (02:26 +0000)]
Add a missing free in the error path.
ok nicm@
djm [Mon, 27 Apr 2015 23:17:11 +0000 (23:17 +0000)]
Rework sshd enable root login questions in light of sshd PermitRootLogin
default change. The new default is not to ask to enable root logins
when a non-root user has been addedi. There is some additional sublety
for auto-installs that provide root ssh keys.
patch by myself and rpe@ with feedback from sthen@;
ok rpe@ deraadt@ sthen@
nicm [Mon, 27 Apr 2015 22:58:58 +0000 (22:58 +0000)]
Do not include unattached clients when trying to find one for target.
nicm [Mon, 27 Apr 2015 22:50:35 +0000 (22:50 +0000)]
Reset cfg_ncauses to 0 as well or we could allocate the wrong size if
called again.
nicm [Mon, 27 Apr 2015 22:42:10 +0000 (22:42 +0000)]
Assign to the right variable when comparing clients.
djm [Mon, 27 Apr 2015 21:42:48 +0000 (21:42 +0000)]
Make sshd default to PermitRootLogin=no;
ok deraadt@ rpe@
bluhm [Mon, 27 Apr 2015 20:01:59 +0000 (20:01 +0000)]
Let the HTTP client close the connection within an incomplete header
line. Check that the session in relayd gets closes and it does not
result in a file descriptor leak.
Bug in relayd found by claudio@.
nicm [Mon, 27 Apr 2015 19:12:27 +0000 (19:12 +0000)]
Simplify remote(5) example file and remove stuff not supported by cu(1).
some tweaks from sobrado@, ok deraadt@
nicm [Mon, 27 Apr 2015 16:25:57 +0000 (16:25 +0000)]
Rewrite of the target resolution internals to be simpler and more
consistent but with much less duplication, but keeping the same internal
API. Also adds more readable aliases for some of the special tokens used
in targets (eg "{start}" instead of "^"). Some behaviours may have
changed, for example prefix matches now happen before fnmatch.
mpi [Mon, 27 Apr 2015 14:51:44 +0000 (14:51 +0000)]
Do not call nd6_purge() before purging the IPv6 addresses of a detached
interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently
exposed by a crazy pool/malloc damage finder being currently refined by
dlg@ and deraadt@.
ok mikeb@, henning@
nicm [Mon, 27 Apr 2015 13:52:17 +0000 (13:52 +0000)]
Use a systrace(4) sandbox with a short whitelist of allowed syscalls for
the file(1) child process. Based on similar code in ssh sandbox-systrace.c.
Idea and help from deraadt@.
nicm [Mon, 27 Apr 2015 13:48:06 +0000 (13:48 +0000)]
Add a _file user and use for privsep, ok deraadt
nicm [Mon, 27 Apr 2015 13:41:45 +0000 (13:41 +0000)]
Add simple privilege separation to file(1). Two processes, file
descriptors and a few other bits are opened in parent and passed to
child using imsg. Child currently drops to "nobody" but this will change.
kettenis [Mon, 27 Apr 2015 13:25:10 +0000 (13:25 +0000)]
Adjust ld semantics to make static PIE the default. Forgotten by pascal@.
Original commit message:
Change gcc and ld semantics to make static PIE the default when invoking
'cc -static'. To explicitly request the legacy behaviour, use -nopie.
For the few port affected by this, bumps will follow shortly.
looks good to kettenis@, ok kurt@
jmc [Mon, 27 Apr 2015 11:12:49 +0000 (11:12 +0000)]
remove some extraneous text; ok nicm
benno [Mon, 27 Apr 2015 09:54:04 +0000 (09:54 +0000)]
sync with rev 1.99 of sbin/route/show.c
requested by claudio@ and mpi@
benno [Mon, 27 Apr 2015 09:51:58 +0000 (09:51 +0000)]
route show does not need to filter unwanted af itself, the sysctl does
that for us.
approach seems sound deraadt@
ok claudio@ mpi@ henning@ phessler@
mpi [Mon, 27 Apr 2015 09:14:45 +0000 (09:14 +0000)]
Since upd(4) currently supports a known but limited number of sensors,
parse the HID descriptor multiple times to find them.
This logic is necessary to later create a tree of sensors in order to
avoid lookups in the hot path for sensors that depend on the value of
others.
From David Higgs.
stsp [Mon, 27 Apr 2015 09:07:49 +0000 (09:07 +0000)]
Update list of card readers supported by rtsx(4). From brad.
nicm [Mon, 27 Apr 2015 07:49:36 +0000 (07:49 +0000)]
If the requested pane is already active, do not unzoom the window (or do
anything else). Prevents mouse clicking when zoomed causing unzoom,
reported by Jose Antonio Delgado Alfonso (with a different fix).
mpi [Mon, 27 Apr 2015 07:41:41 +0000 (07:41 +0000)]
with more unit convertion when new sensors will appear.
From David Higgs.
mpi [Mon, 27 Apr 2015 07:37:19 +0000 (07:37 +0000)]
Make use of DEVNAME(), from David Higgs.
mpi [Mon, 27 Apr 2015 07:20:57 +0000 (07:20 +0000)]
Correctly write the 64bits of the HID 1, 4 and 5 registers.
This makes the secondary cpu of my PowerMac as fast as the primary one,
and divide the build time by 3 with a GENERIC.MP kernel on MP G5s
Found thanks to MP kernel profiling.
ok dlg@, miod@
bcook [Mon, 27 Apr 2015 03:37:06 +0000 (03:37 +0000)]
Not all Linux libc's include linux/sysctl.h in sys/sysctl.h.
Include it if we have the sysctl syscall.
bcook [Mon, 27 Apr 2015 03:34:43 +0000 (03:34 +0000)]
Support AIX versions without WPAR support.
From Michael Felt.
djm [Mon, 27 Apr 2015 01:53:37 +0000 (01:53 +0000)]
more OPENSSL=no fixes; ok dtucker@
djm [Mon, 27 Apr 2015 01:52:30 +0000 (01:52 +0000)]
fix compilation with OPENSSL=no; ok dtucker@
dtucker [Mon, 27 Apr 2015 00:37:53 +0000 (00:37 +0000)]
Include stdio.h for FILE (used in sshkey.h) so it compiles with OPENSSL=no.
djm [Mon, 27 Apr 2015 00:21:21 +0000 (00:21 +0000)]
allow "sshd -f none" to skip reading the config file, much like
"ssh -F none" does. ok dtucker
nicm [Sun, 26 Apr 2015 22:51:32 +0000 (22:51 +0000)]
Don't support -s on FIFOs, it doesn't work well and the workarounds are
a bit horrible.
nicm [Sun, 26 Apr 2015 20:25:20 +0000 (20:25 +0000)]
Remove panes from layout if spawning them fails, reported by Anthony J
Bentley.
benno [Sun, 26 Apr 2015 20:12:03 +0000 (20:12 +0000)]
mlarkin asks "bgpctl checks the length of the control socket path to
make sure it fits. When browsing around last night I saw that bgpd
does not. Any reason it shouldn't? Please commit"
Add a check in parse.y to check this when reading the configuration.
ok phessler@ henning@
nicm [Sun, 26 Apr 2015 19:53:50 +0000 (19:53 +0000)]
stat() the original link path not the resolved one which may be relative.
dcoppa [Sun, 26 Apr 2015 17:26:59 +0000 (17:26 +0000)]
Fix typo in the buffer size value: 7680 in the manpage vs 7860 in
the sndiod.c code.
Initially, I thought the error was in the manpage, but Alexander
told me it was the code, so fix the code instead.
ok ratchov@
henning [Sun, 26 Apr 2015 14:49:23 +0000 (14:49 +0000)]
get_responsefile: instead of keeping the dhcp-supplied next-server where
we fetch the response file from in a local _server var, put it in an
exported AI_SERVER one. last not least that allows install.site to see it.
ok krw rpe
sf [Sun, 26 Apr 2015 12:27:29 +0000 (12:27 +0000)]
Have vio_start() check if the queue is empty.
from brad@
jmatthew [Sun, 26 Apr 2015 12:24:03 +0000 (12:24 +0000)]
Get dwc2 working on octeon.
- transplant the clock setup code from octhci
- add a bus space tag to deal with dwc2 using little endian addressing
- bump up the rx fifo size, necessary for umass/sd to work
tested on an edgerouter lite, which can almost boot by itself now
ok uebayasi@ (various parts), miod@ (bus space bits)
sf [Sun, 26 Apr 2015 12:19:24 +0000 (12:19 +0000)]
vio: Support checksum offloading for IPv4 TX
"Looks good to me" brad@
stsp [Sun, 26 Apr 2015 11:47:22 +0000 (11:47 +0000)]
regen
stsp [Sun, 26 Apr 2015 11:47:13 +0000 (11:47 +0000)]
Add IDs for RTL8188ETV and RTL8188EU. From FreeBSD via Mikhail on tech@
phessler [Sun, 26 Apr 2015 11:32:54 +0000 (11:32 +0000)]
for every policy we write out, flush the output so we don't get an
irritating partially written line
kettenis [Sun, 26 Apr 2015 11:09:32 +0000 (11:09 +0000)]
Disable PAE when switching to the hibernate resume pagetables. This involves
a slightly conmplicated dance where we stash the PAE PDPTEs into the
hibernate resume pagetables and use those before turning off PAE.
Makes (un)hibernate work with the new PAE pmap.
ok mlarkin@
stsp [Sun, 26 Apr 2015 10:22:13 +0000 (10:22 +0000)]
Add Digitus DN-7003GT to list of supported urtw(4) devices.
stsp [Sun, 26 Apr 2015 10:18:30 +0000 (10:18 +0000)]
regen
stsp [Sun, 26 Apr 2015 10:18:19 +0000 (10:18 +0000)]
Add USB device ID for RTL8812AU. Found in "TP-Link AC1200 T4U" device.
kettenis [Sun, 26 Apr 2015 09:49:42 +0000 (09:49 +0000)]
Enable NX support in the resume path. Makes suspend/resume work with the
PAE pmap.
ok deraadt@, mlarkin@
kettenis [Sun, 26 Apr 2015 09:48:29 +0000 (09:48 +0000)]
Only enable PAE if the CPU we're running on has NX support. Without NX
support we're only wasting memory on the larger PAE page tables without
any real benefit. This allows some simplifications of the low-level
assembly code.
ok mlarkin@, deraadt@
sthen [Sun, 26 Apr 2015 09:22:33 +0000 (09:22 +0000)]
bump i386 MAXDSIZ to 3GB. - "If you're running this, and presumably actually
using that much memory, go for it" tedu@ "I don't see any immediate downsides"
kettenis@
deraadt [Sun, 26 Apr 2015 07:25:10 +0000 (07:25 +0000)]
sync
jmatthew [Sun, 26 Apr 2015 06:38:04 +0000 (06:38 +0000)]
Two extra messages required after sending a baud rate update, as observed
in the linux mct_u232 driver, which apparently got them by sniffing usb
traffic from the vendor's windows 98 driver. Makes this device work at
115200:
umct0 at uhub0 port 2 "Belkin Components F5U109 Serial" rev 1.10/1.02 addr 2
ok dlg@
guenther [Sun, 26 Apr 2015 05:30:42 +0000 (05:30 +0000)]
Require a PT_LOAD segment's p_filesz to be no larger than its p_memsz.
test cases provided by Alejandro Herna'ndez (nitrousenador (at) gmail.com)
ok deraadt@ jsg@
guenther [Sun, 26 Apr 2015 01:23:19 +0000 (01:23 +0000)]
Fix glitches in previous commit: strip the \n and only complain on failure
ok deraadt@
phessler [Sat, 25 Apr 2015 21:44:26 +0000 (21:44 +0000)]
some people are capitalizing keywords, so ignore case when we test the tokens
OK henning@ benno@
miod [Sat, 25 Apr 2015 21:38:22 +0000 (21:38 +0000)]
Cut the aliases part of /etc/rpc lines before feeding them to strtonum(), for
it will fail otherwise; ok deraadt@ millert@
guenther [Sat, 25 Apr 2015 21:31:24 +0000 (21:31 +0000)]
We now following the ABI and always clear cld on function entry, so remove
the extra CLD instructions from when that wasn't true
testing miod@ krw@
guenther [Sat, 25 Apr 2015 21:21:02 +0000 (21:21 +0000)]
cpu_busy_cycle_fcn callback has never been used
nicm [Sat, 25 Apr 2015 21:17:09 +0000 (21:17 +0000)]
Only print MIME warnings when warnings are enabled.
miod [Sat, 25 Apr 2015 21:15:08 +0000 (21:15 +0000)]
Repair boot device detection when booting off the second SCSI controller on
AV530.
guenther [Sat, 25 Apr 2015 20:47:49 +0000 (20:47 +0000)]
Disable kq-tun test, as it's been broken for a while and not because of kq
afresh1 [Sat, 25 Apr 2015 19:30:14 +0000 (19:30 +0000)]
Apply pre-built unicore patch, remove excess files - perl-5.20.2
afresh1 [Sat, 25 Apr 2015 19:26:15 +0000 (19:26 +0000)]
Apply local patches, remove excess files - perl-5.20.2
afresh1 [Sat, 25 Apr 2015 19:14:36 +0000 (19:14 +0000)]
Fix merge issues, remove excess files - match perl-5.20.2 dist