ajacoutot [Sun, 24 Aug 2014 17:01:44 +0000 (17:01 +0000)]
Drop obvious comments.
bcook [Sun, 24 Aug 2014 16:11:39 +0000 (16:11 +0000)]
constify strerror return value
There is no intention to modify the string returned by strerror and
doing so is forbidden by the standard.
from Jonas 'Sortie' Termansen
ok tedu@ deraadt@
bcook [Sun, 24 Aug 2014 16:08:30 +0000 (16:08 +0000)]
Include <sys/time.h> to get struct timeval
The crypto/bio/bss_dgram.c file assumes that another file indirectly
includes <stdlib.h> that includes <sys/time.h>.
from Jonas 'Sortie' Termansen
ok deraadt@ tedu@
bcook [Sun, 24 Aug 2014 16:07:29 +0000 (16:07 +0000)]
Include <sys/select.h> to get select
These files currently depends on the wrapper <stdlib.h> file indirectly
including a header that provides select().
from Jonas 'Sortie' Termansen
ok deraadt@ tedu@
jsing [Sun, 24 Aug 2014 14:55:23 +0000 (14:55 +0000)]
Let SSL_CIPHER_description() allocate the buffer for the description,
rather than passing in a fixed size buffer.
This is yet another example of a horribly designed API - if the given
buffer is NULL then SSL_CIPHER_description() allocates one for us (great!),
which we then need to free (no problem). However, if this allocation fails
it returns a pointer to a static string "OPENSSL_malloc Error" - obviously
bad things happen if we call free() with this pointer.
Unfortunately, there is no way of knowing that the function failed, other
than comparing the returned string against the string literal - so do that
before calling free()...
Joint work with beck@ during g2k14.
doug [Sun, 24 Aug 2014 14:45:00 +0000 (14:45 +0000)]
Remove imaginary non-reserved port support from mountd.
This bug was reported by Julian Hsiao.
ok concept deraadt@, miod@
mountd.8 diff is from jmc@. ok doug@
mountd.c diff is from me. ok miod@
jsing [Sun, 24 Aug 2014 14:36:45 +0000 (14:36 +0000)]
Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and a
ssl3_cipher_get_value() helper function, which returns the cipher suite
value for the given cipher.
ok miod@
schwarze [Sun, 24 Aug 2014 13:46:57 +0000 (13:46 +0000)]
reduce indentation of main program by one tab, no functional change
ok ajacoutot@
ajacoutot [Sun, 24 Aug 2014 13:32:53 +0000 (13:32 +0000)]
Drop uneeded parenthesis in usage().
ok schwarze@
ajacoutot [Sun, 24 Aug 2014 13:30:27 +0000 (13:30 +0000)]
Drop unused variables.
ajacoutot [Sun, 24 Aug 2014 13:29:16 +0000 (13:29 +0000)]
In debug mode, make it clear when we are using the default flags when
none are set.
initial patch from me but reworked by schwarze@
ok schwarze@
ajacoutot [Sun, 24 Aug 2014 08:13:15 +0000 (08:13 +0000)]
Fix args to needs_root() when using "disable" (broken in the v1.9
positional args cleanup commit).
from Sebastien Marie
ajacoutot [Sun, 24 Aug 2014 07:55:20 +0000 (07:55 +0000)]
In debug mode (`-d'), only print the flags relevant to the rc.d(8) we are
calling instead of all flags which makes it very difficult to see the
information we actually need.
ok schwarze@ robert@
ajacoutot [Sun, 24 Aug 2014 07:46:54 +0000 (07:46 +0000)]
Since rcctl(8) can changes the position of such and such variable, sort
the file so that we always have a consistent output.
ok schwarze@ jasper@
ajacoutot [Sun, 24 Aug 2014 07:33:26 +0000 (07:33 +0000)]
Make it possible to pass `-d' and `-f' to the rc.d(8) script.
man page bits from schwarze@
ok jasper@ schwarze@
brad [Sun, 24 Aug 2014 05:01:42 +0000 (05:01 +0000)]
Add some TX BD flags for BCM5717 family chips.
bluhm [Sat, 23 Aug 2014 18:32:55 +0000 (18:32 +0000)]
Move splnet() in in_ifinit() to protect less code that does not
need it.
OK mpi@
jsing [Sat, 23 Aug 2014 15:37:38 +0000 (15:37 +0000)]
Remove non-standard GOST cipher suites (which are not compiled in
currently).
From Dmitry Eremin-Solenikov.
doug [Sat, 23 Aug 2014 15:29:55 +0000 (15:29 +0000)]
close fd when fdopen fails
ok yasuoka@
jsing [Sat, 23 Aug 2014 14:52:41 +0000 (14:52 +0000)]
Replace the remaining ssl3_get_cipher_by_char() calls with n2s() and
ssl3_get_cipher_by_id().
ok bcook@
deraadt [Sat, 23 Aug 2014 11:38:56 +0000 (11:38 +0000)]
oddly now needs sys/socket.h, because someone removed struct socket fwd
decl definition from somewhere in .h. This appears to be the only fallout
in the kernel.
stsp [Sat, 23 Aug 2014 10:34:18 +0000 (10:34 +0000)]
Enhance the ldomctl(8) man page.
Describe all available commands, document the init-system file format, and
add examples guiding users through the process of setting up guest domains
based on http://undeadly.org/cgi?action=article&sid=
20121214153413
input and ok jasper jmc schwarze
jmc [Sat, 23 Aug 2014 07:25:54 +0000 (07:25 +0000)]
unbind;
deraadt [Sat, 23 Aug 2014 05:49:42 +0000 (05:49 +0000)]
Shrink this to the minimum, but reference /etc/examples/pf.conf
(someone should really sit down and flesh out the examples)
deraadt [Sat, 23 Aug 2014 04:00:41 +0000 (04:00 +0000)]
sync
doug [Sat, 23 Aug 2014 01:00:20 +0000 (01:00 +0000)]
Fix fd leak when fdopen fails.
ok schwarze@
doug [Sat, 23 Aug 2014 00:48:57 +0000 (00:48 +0000)]
Fix double free in ike_auth.c
ok jca@
pelikan [Sat, 23 Aug 2014 00:11:03 +0000 (00:11 +0000)]
when you specify queues in a rule, make sure they have been defined.
DIOCADDRULE EBUSY turns into an error message that pfctl -n catches.
DIOCXCOMMIT EINVAL after the kernel rejected the rules was reported
to occur, possibly from hfsc.c: this should be fixed as well.
ok henning mikeb sthen
krw [Fri, 22 Aug 2014 23:05:15 +0000 (23:05 +0000)]
POSIX/FreeBSD/NetBSD/Linux/etc agree -- blk[size|cnt]_t is the bomb.
So add the types blksize_t (a.k.a. int32_t) and blkcnt_t (a.k.a.
int64_t). Use blkcnt_t in stat.h since the base type (int64_t) does
not change. blksize_t in stat.h will follow after the tree is audited
for signed issues, since the base type will change from u_int32_t
to a POSIX compliant int32_t.
Guidance and feedback from guenther@
ok millert@
sthen [Fri, 22 Aug 2014 22:37:32 +0000 (22:37 +0000)]
switch ndp to display MAC addresses in 00:00:00:00:00:00 format, ok deraadt@
sthen [Fri, 22 Aug 2014 22:14:53 +0000 (22:14 +0000)]
print leading 0's in MAC addresses again, ok deraadt
deraadt [Fri, 22 Aug 2014 20:03:54 +0000 (20:03 +0000)]
pseudo-device crypto was accidentally left for some architectures.
brad [Fri, 22 Aug 2014 19:28:25 +0000 (19:28 +0000)]
Strip the BIND code down to just building and installing dig, host and nslookup.
deraadt [Fri, 22 Aug 2014 19:19:25 +0000 (19:19 +0000)]
disable use of bind in base; in the base use nsd/unbound instead.
a proper & complete bind port will show up.
discussed with many for years
tedu [Fri, 22 Aug 2014 16:29:27 +0000 (16:29 +0000)]
don't need this file, only the mod version
bluhm [Fri, 22 Aug 2014 16:14:11 +0000 (16:14 +0000)]
Instead of getting a nasty error message from privsep
"syslogd: priv_getaddrinfo: overflow attempt in hostname"
check the host and port length when parsing the config.
OK henning@
schwarze [Fri, 22 Aug 2014 15:49:44 +0000 (15:49 +0000)]
typo; noticed by jmc@ some time ago
jsg [Fri, 22 Aug 2014 08:10:38 +0000 (08:10 +0000)]
Set the default nfsd flags to "-tun 4". Matches the comment
in rc.conf and the behaviour of the backwards compatibility
code in rc.subr for nfs_server=YES.
ok ajacoutot@
doug [Fri, 22 Aug 2014 07:59:52 +0000 (07:59 +0000)]
fix memory leak in isakmpd
ok gerhard@ (also corrected first version)
deraadt [Fri, 22 Aug 2014 07:41:48 +0000 (07:41 +0000)]
sync
ajacoutot [Fri, 22 Aug 2014 05:47:08 +0000 (05:47 +0000)]
Enable rcctl(8).
prodded by deraadt@
jsg [Fri, 22 Aug 2014 04:36:16 +0000 (04:36 +0000)]
remove an uneeded test
ok yasuoka@
deraadt [Fri, 22 Aug 2014 01:28:19 +0000 (01:28 +0000)]
sync
kspillner [Thu, 21 Aug 2014 21:49:37 +0000 (21:49 +0000)]
Set the sensor's status when docking and undocking, not just its value.
With this change sensorsd(8) now correctly detects state changes when
docking and undocking.
ok mlarkin@
schwarze [Thu, 21 Aug 2014 20:27:03 +0000 (20:27 +0000)]
Bugfix: make whatis(1) case-insensitive again.
The traditional whatis(1) was case-insensitve and it's still documented
that way, that but apparently got broken with or after the switch.
chrisz [Thu, 21 Aug 2014 19:23:10 +0000 (19:23 +0000)]
Add Last-Modified: HTTP header.
OK reyk@
bluhm [Thu, 21 Aug 2014 17:16:37 +0000 (17:16 +0000)]
Document square brackets for IPv6 addresses. From FreeBSD.
OK logan@ henning@
bluhm [Thu, 21 Aug 2014 17:00:34 +0000 (17:00 +0000)]
Send and receive UDP syslog packets on the IPv6 socket.
OK henning@
ajacoutot [Thu, 21 Aug 2014 16:50:11 +0000 (16:50 +0000)]
Unbreak when "SRCDIR=."
reported by phessler@
jca [Thu, 21 Aug 2014 16:46:48 +0000 (16:46 +0000)]
Fix double free. ok guenther@
schwarze [Thu, 21 Aug 2014 16:03:50 +0000 (16:03 +0000)]
limit CGI process execution time to make REDoS attacks less effective;
attack surface pointed out by Sebastien Marie
mikeb [Thu, 21 Aug 2014 15:09:27 +0000 (15:09 +0000)]
deny "once" flags for match rules; ok henning
mpi [Thu, 21 Aug 2014 14:52:55 +0000 (14:52 +0000)]
Now that DVACT_DEACTIVATE is propagated to the children of a device when
a driver does not implement a specific *_activate() handler and that our
USB stack sets the dying flag before detaching a device, these specific
handlers can die.
brad [Thu, 21 Aug 2014 14:30:21 +0000 (14:30 +0000)]
Fix a copy and pasto with the standard ring setup with calling if_rxr_init()
to use BGE_STD_RX_RING_CNT instead of BGE_JUMBO_RX_RING_CNT.
ok dlg@
jsg [Thu, 21 Aug 2014 14:26:16 +0000 (14:26 +0000)]
add $OpenBSD$
mpi [Thu, 21 Aug 2014 14:24:08 +0000 (14:24 +0000)]
Kill the remaining <netinet/in_systm.h> inclusion!
schwarze [Thu, 21 Aug 2014 12:56:24 +0000 (12:56 +0000)]
Right after .Fl, a middle delimiter triggers an empty scope,
just like a closing delimiter. This didn't work in groff-1.15,
but it now works in groff-1.22.
After being closed by delimiters, .Nm scopes do not reopen.
Do not suppress white space after .Fl if the next node is a text node
on the same input line; that can happen for middle delimiters.
Fixing an issue reported by jmc@.
ajacoutot [Thu, 21 Aug 2014 12:47:22 +0000 (12:47 +0000)]
Make "rcctl status" output match rc.conf(8) format.
ok jasper@
mpi [Thu, 21 Aug 2014 11:54:00 +0000 (11:54 +0000)]
Misleading comments about splnet().
mpi [Thu, 21 Aug 2014 10:23:47 +0000 (10:23 +0000)]
Change the output of arp(8) to match what ndp(8) does and include the
expire timer.
This will makes it easier to add further information in a coherent way
between these tools for local and broadcast entries.
This new view displays either symbolic names (by default) or numerical
addresses (with "-n") for hosts but not both at the same time, just
like ndp(8), route(8) or netstat(1) do.
ok henning@
schwarze [Thu, 21 Aug 2014 10:15:11 +0000 (10:15 +0000)]
Now that rc.conf(8) defines what a base system service, a base
system daemon, and a package daemon is, refer to it instead of
duplicating information. While here, clean up wording.
OK ajacoutot@
mpi [Thu, 21 Aug 2014 10:07:07 +0000 (10:07 +0000)]
If an ifa has as NULL ifp pointer then is should be considered as
invalid. When such thing happens, it means that the address is no
longer configured on the system but still referenced by some routes.
So do not return such ifa in ifa_ifwithroute().
Fix a panic reported by Pierre Bardou.
ok mikeb@, henning@
ajacoutot [Thu, 21 Aug 2014 10:06:14 +0000 (10:06 +0000)]
Drop sanitation, _rc_parse_conf does this for us already.
ok schwarze@
ajacoutot [Thu, 21 Aug 2014 08:54:58 +0000 (08:54 +0000)]
If a service is disabled its flags are unconditionally set to "NO", so
there's not need to display "enabled" or "disabled" when calling "status",
we have the information already.
doug [Thu, 21 Aug 2014 01:08:52 +0000 (01:08 +0000)]
Free resources on error in mkstemp and fdopen
ok djm@
bluhm [Thu, 21 Aug 2014 00:04:58 +0000 (00:04 +0000)]
Parse loghost in a separate function. Allow [] around hostname,
needed for IPv6 addresses. Print full loghost specifier in case
of error or debug. Make string sizes more precise.
input henning@; input and OK deraadt@
dlg [Wed, 20 Aug 2014 23:56:57 +0000 (23:56 +0000)]
after allocating an mbuf and cluster you still need to init the length
fields.
found by steven roberts, who also tested this fix for me
schwarze [Wed, 20 Aug 2014 22:13:24 +0000 (22:13 +0000)]
Move the examples to the EXAMPLES section and add some actual
reference manual style documentation to the DESCRIPTION.
Feedback and OK rpe@ and ajacoutot@, also using feedback from deraadt@.
bluhm [Wed, 20 Aug 2014 20:54:27 +0000 (20:54 +0000)]
Link ospfd and syslogd regression tests to the build.
bluhm [Wed, 20 Aug 2014 20:52:14 +0000 (20:52 +0000)]
Run syslogd regressions tests. As only one syslogd can run per
machine, each test kills any syslogd first. At the end the system's
syslogd gets restarted.
The test framework runs a client, and a server, and a syslogd. The
messages are passed via the log socket or via UDP from the client
to syslogd. From there UDP transport is used to reach the server.
All processes write log files where the message has to show up.
The test arguments are kept in the args-*.pl files.
The content of a log file, the data sent to a pipe process and what
the server received are checked. The invocation of the sendsyslog(2)
syscall is checked with ktrace, the open file descriptors of syslogd
are checked with fstat.
bluhm [Wed, 20 Aug 2014 20:10:17 +0000 (20:10 +0000)]
Replace gethostbyaddr(3) with getnameinfo(3). Remove the sigprocmask()
that was necessary for gethostbyaddr() because the latter is not
signal safe. Change the return code semantics of priv_getnameinfo()
to match getnameinfo(3).
input and OK jca@
bluhm [Wed, 20 Aug 2014 19:33:43 +0000 (19:33 +0000)]
Add missing OpenBSD RCS id.
bluhm [Wed, 20 Aug 2014 19:16:27 +0000 (19:16 +0000)]
Rename priv_gethostserv() to priv_getaddrinfo() as this is what the
function does. Change the return code semantics to match getaddrinfo(3).
OK deraadt@
florian [Wed, 20 Aug 2014 19:13:03 +0000 (19:13 +0000)]
Better explain what unbound is for.
While there fix some nits.
Problem pointed out by deraadt@
Input jmc@, schwarze@
wouter@ committed a slightly different diff upstream. Pull that on out
of svn and hand merge it.
OK schwarze@
jmc [Wed, 20 Aug 2014 18:59:56 +0000 (18:59 +0000)]
remove one more reference to crypto(4); ok mikeb
rpe [Wed, 20 Aug 2014 17:15:17 +0000 (17:15 +0000)]
Store the positional args in vars with meaningful names which makes the arg
checking block easier to comprehend.
OK ajacoutot@
ajacoutot [Wed, 20 Aug 2014 15:04:14 +0000 (15:04 +0000)]
Greatly simplify get/set flags and status.
Provide a unified output for the status of disabled services/daemons:
foobar_flags will always be "NO" regardless of the type (pkg script,
base system daemon, special variable).
ajacoutot [Wed, 20 Aug 2014 13:23:56 +0000 (13:23 +0000)]
Drop default values from rc.conf.local when we run "enable".
mikeb [Wed, 20 Aug 2014 11:23:40 +0000 (11:23 +0000)]
Remove userland bits related to the crypto(4) interface; ok deraadt
mikeb [Wed, 20 Aug 2014 10:06:31 +0000 (10:06 +0000)]
Implement rxrinfo ioctl for cluster usage statistics
rpointel [Wed, 20 Aug 2014 07:55:45 +0000 (07:55 +0000)]
unify the declaration of functions.
ok aja@
ratchov [Wed, 20 Aug 2014 07:19:42 +0000 (07:19 +0000)]
Call audio_{pint,rint}() call-backs with the mutex held. Found by
Izumi Tsutsui, thanks!
ok miod@
phessler [Wed, 20 Aug 2014 06:52:21 +0000 (06:52 +0000)]
When doing Whole disk installs on macppc, blank the first 1 meg of the
disk, so we can successfully create our partitions including the
all important boot partition.
Reported by many, but last by /u/TheWalkingGlitch via reddit
OK krw@
mikeb [Wed, 20 Aug 2014 06:31:22 +0000 (06:31 +0000)]
Bye bye /dev/crypto
The interface has been disabled by default for about 4 years and
currently there's not much value in having it around at all.
ok deraadt
mikeb [Wed, 20 Aug 2014 06:23:03 +0000 (06:23 +0000)]
Bye bye /dev/crypto
The interface has been disabled by default for about 4 years and
currently there's not much value in having it around at all.
ok deraadt
mikeb [Wed, 20 Aug 2014 06:14:42 +0000 (06:14 +0000)]
unlink crypto(4) pseudo device from the architecture dependant character
device tables and kernel config files. ok deraadt
doug [Wed, 20 Aug 2014 06:03:20 +0000 (06:03 +0000)]
Release CPU mutexes on EINVAL.
ok guenther@
guenther [Wed, 20 Aug 2014 04:12:30 +0000 (04:12 +0000)]
Backport support for i386/amd64 'rdtscp' instruction from binutils-2.17
Request and testing by krw@
dlg [Wed, 20 Aug 2014 03:29:35 +0000 (03:29 +0000)]
brad said i had some whitespace screwups in my previous diff. this cleans
them up and the others i found in this file.
no functional change.
deraadt [Wed, 20 Aug 2014 01:28:55 +0000 (01:28 +0000)]
djm how did you make a typo like that...
dlg [Wed, 20 Aug 2014 01:02:50 +0000 (01:02 +0000)]
remove the custom jumbo allocator. its never been enabled or used.
putting this into the tree to make it easier to test.
dlg [Wed, 20 Aug 2014 01:02:02 +0000 (01:02 +0000)]
replace the custom jumbo allocator with MCLGETI.
putting this in the tree to make it easier for people to test.
dlg [Wed, 20 Aug 2014 01:00:15 +0000 (01:00 +0000)]
replace the custom jumbo allocator with MCLGETI.
putting this in the tree to make it easier for people to test.
dlg [Wed, 20 Aug 2014 00:59:56 +0000 (00:59 +0000)]
replace the custom jumbo allocator with MCLGETI.
putting this in the tree to make it easier for people to test.
dlg [Wed, 20 Aug 2014 00:50:45 +0000 (00:50 +0000)]
replace sks jumbo allocator with MCLGETI. the system provides jumbos in
the right shape now, we dont have to do it by hand all over the place
any more.
rework the rxr ring management to use if_rxring while here.
largely based on if_sk.c r1.152 and if_skvar.h r1.4 by kettenis.
tested by me on:
skc0 at pci3 dev 11 function 0 "Schneider & Koch SK-98xx" rev 0x12, GEnesis (0x0): apic 3 int 5
sk0 at skc0 port A: address 00:00:5a:99:8a:ec
xmphy0 at sk0 phy 0: XMAC II Gigabit PHY, rev. 2
and this from ian mcwilliam
skc0 at pci0 dev 9 function 0 "D-Link DGE-530T B1" rev 0x11, Yukon Lite (0x9): apic 2 int 17
sk0 at skc0 port A: address 00:17:9a:ba:b5:39
eephy0 at sk0 phy 0:
88E1011 Gigabit PHY, rev. 5
tested by brad@ too
dlg [Wed, 20 Aug 2014 00:00:46 +0000 (00:00 +0000)]
bring back r1.130:
add an explicit rwlock around the global state (the pool list and serial
number) rather than rely on implicit process exclusion, splhigh and splvm.
the only things touching the global state come from process context so we
can get away with an rwlock instead of a mutex. thankfully.
ok matthew@
djm [Tue, 19 Aug 2014 23:58:28 +0000 (23:58 +0000)]
When dumping the server configuration (sshd -T), print correct KEX,
MAC and cipher defaults. Spotted by Iain Morgan
djm [Tue, 19 Aug 2014 23:57:18 +0000 (23:57 +0000)]
~-expand lcd paths
schwarze [Tue, 19 Aug 2014 23:35:28 +0000 (23:35 +0000)]
Let's talk about obstacles you face when trying to pull off a partial tedu@.
miod [Tue, 19 Aug 2014 19:04:07 +0000 (19:04 +0000)]
More PIC programming magic, as well as a specific workaround for lost
interrupts in PIC rev 1; from IRIX via Linux 2.5.69.
This doesn't fix the lost SCSI interrupts jasper@ eventually experiences on
Origin 350 systems, but this can't hurt anyway.