sthen [Thu, 1 Jun 2017 20:18:44 +0000 (20:18 +0000)]
Revert 1.16 ("add a workaround for the rebound portjacking hijinks"),
it breaks at least nslookup, host, dig +tcp.
schwarze [Thu, 1 Jun 2017 19:05:15 +0000 (19:05 +0000)]
Minimal implementation of the \h (horizontal motion) escape sequence.
Good enough to cope with the average DocBook insanity.
schwarze [Thu, 1 Jun 2017 15:24:41 +0000 (15:24 +0000)]
STYLE message about full stop at the end of .Nd; inspired by mdoclint(1)
sthen [Thu, 1 Jun 2017 15:23:43 +0000 (15:23 +0000)]
Expand $eapid in iked tags, allowing PF rules to be written based on EAP
identity (username). OK mikeb@
schwarze [Thu, 1 Jun 2017 14:55:24 +0000 (14:55 +0000)]
Delete -f. What matters is covered by mandoc.
OK jmc@ wiz@
patrick [Thu, 1 Jun 2017 14:38:28 +0000 (14:38 +0000)]
Return time_uptime as value for when pf was enabled instead of
time_second. Since time_second changes depending on the wall-
clock time, time_second is not a reliable source for the status.
We can even end up with a negative time delta. Thus, use the
monotonically growing time_uptime and export it to userland.
ok bluhm@ mikeb@
schwarze [Thu, 1 Jun 2017 12:26:14 +0000 (12:26 +0000)]
mention /var/db/acpi; diff from Jan Stary <hans at stare dot cz>;
OK deraadt@
naddy [Thu, 1 Jun 2017 12:14:48 +0000 (12:14 +0000)]
Remove branch prediction hint from conditional branch instruction.
These hints are not recognized by clang's builtin assembler.
From the corresponding amd64 change. ok visa@ kettenis@
patrick [Thu, 1 Jun 2017 11:32:15 +0000 (11:32 +0000)]
Don't panic when we cannot locate a handle for the Serial IO protocol.
Fixes reports on tech and in private.
ok yasuoka@ stsp@
naddy [Thu, 1 Jun 2017 11:18:53 +0000 (11:18 +0000)]
Sync with amd64 and allow building the i386 bootstrap with clang:
* build with -ffreestanding
* skip the integrated assembler for assym.h
* use as(1) to build biosboot.S and the various versions of srt0.S
ok kettenis@
mpi [Thu, 1 Jun 2017 10:59:23 +0000 (10:59 +0000)]
Re-enabled futex based condvar & mutexes, they are not the cause of
vmd(8)'s regression.
deraadt [Thu, 1 Jun 2017 10:43:33 +0000 (10:43 +0000)]
crtbegin and crtend files need to be in comp, to support relink of
libraries other than crt0
noticed by mikeb, solution from kettenis
mpi [Thu, 1 Jun 2017 09:47:55 +0000 (09:47 +0000)]
Defering some processing to the soft-interrupt handler introduced a
race. Revert for now.
Issue found by claudio@.
mpi [Thu, 1 Jun 2017 08:46:34 +0000 (08:46 +0000)]
New condvar introduced a regression with vmd(8), revert until it is found.
Reported by Gregor Best.
joris [Thu, 1 Jun 2017 08:38:56 +0000 (08:38 +0000)]
If CVS_LOCK_REPO is set only attempt to unlock the repo if we're local.
Otherwise we end up calling cvs_repository_unlock() with garbage from the
stack if we're dealing with a remote cvsroot.
joris [Thu, 1 Jun 2017 08:17:27 +0000 (08:17 +0000)]
Don't look at file_type until after cvs_remote_classify_file() was called.
The file status may be unknown until after that call.
joris [Thu, 1 Jun 2017 08:08:24 +0000 (08:08 +0000)]
Stop looking at current_cvsroot->cr_method to figure out if we're remote or not.
Instead use cvsroot_is_local() and cvsroot_is_remote().
jmc [Thu, 1 Jun 2017 07:58:56 +0000 (07:58 +0000)]
update currency exchange rates;
djm [Thu, 1 Jun 2017 06:59:21 +0000 (06:59 +0000)]
no need to bzero allocated space now that we use use recallocarray;
ok deraadt@
djm [Thu, 1 Jun 2017 06:58:25 +0000 (06:58 +0000)]
unconditionally zero init size of buffer; ok markus@ deraadt@
djm [Thu, 1 Jun 2017 06:16:43 +0000 (06:16 +0000)]
some warnings spotted by clang; ok markus@
djm [Thu, 1 Jun 2017 04:51:58 +0000 (04:51 +0000)]
fix casts re constness
tb [Wed, 31 May 2017 20:43:49 +0000 (20:43 +0000)]
No slaacd.conf(5) is currently planned. Remove Xr to nonexistent manual.
ok florian
schwarze [Wed, 31 May 2017 20:18:43 +0000 (20:18 +0000)]
Let the 's' command delete the right number of bytes when UTF-8
characters are involved; similar to what anton@ previously did for 'r';
OK tb@ anton@;
also tested by Walter Alejandro Iglesias <wai at roquesor dot com>.
claudio [Wed, 31 May 2017 20:01:51 +0000 (20:01 +0000)]
Too vs To. Found by Denis Fondras openbsd (at) ledeuns (dot) net
tedu [Wed, 31 May 2017 19:51:27 +0000 (19:51 +0000)]
late game space battles require tty pledge to clear screen, etc.
from tomr
millert [Wed, 31 May 2017 19:41:30 +0000 (19:41 +0000)]
Use ferror() to check for getline() failure. From Scott Cheloha.
OK jung@
deraadt [Wed, 31 May 2017 19:18:18 +0000 (19:18 +0000)]
Split early startup code out of locore.S into locore0.S. Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.
Late during kernel boot, unmap the early startup code.
As a result, the internal layout of every newly build bsd kernel is
different from past kernels. Internal relative offsets are not known
to an outside attacker. The only known offsets are in the startup code,
which has been unmapped.
Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.
ok kettenis mlarkin visa, also thanks to tedu for getting me back to this
schwarze [Wed, 31 May 2017 17:58:56 +0000 (17:58 +0000)]
about ten different improvements; OK tedu@ espie@ bentley@
nicm [Wed, 31 May 2017 17:56:48 +0000 (17:56 +0000)]
Style and spacing nits.
schwarze [Wed, 31 May 2017 17:16:48 +0000 (17:16 +0000)]
use the standard OpenBSD license for new manual pages
rather than some 2-clause variant of the ancient BSD license;
OK benno@ tedu@
joris [Wed, 31 May 2017 16:48:16 +0000 (16:48 +0000)]
Do not use CVS_LOCK_REPO for committing.
This flag tells our file recursion code that for each directory entered
we should lock it. Commit however locks all relevant directories on its
own when it is about to make changes and should not depend on the file
recursion code to do so.
tb [Wed, 31 May 2017 16:44:52 +0000 (16:44 +0000)]
sync
nicm [Wed, 31 May 2017 16:44:33 +0000 (16:44 +0000)]
Shut up a warning.
joris [Wed, 31 May 2017 16:31:55 +0000 (16:31 +0000)]
Plug memleak in rcs_translate_tag() that was causing havoc on large repos.
joris [Wed, 31 May 2017 16:18:20 +0000 (16:18 +0000)]
When unlocking a directory only unlock the given one rather then all repo_locks.
joris [Wed, 31 May 2017 16:14:37 +0000 (16:14 +0000)]
fix indentation
joris [Wed, 31 May 2017 16:13:25 +0000 (16:13 +0000)]
Fix opencvs tag so it does not attempt to to local operations in a remote setup.
While here make sure the "up-to-date" check (-c) works as one expects.
stsp [Wed, 31 May 2017 16:12:39 +0000 (16:12 +0000)]
Implement support for missed beacon notifications in iwn(4).
Works with WIFIonICE.
ok phessler@
schwarze [Wed, 31 May 2017 15:35:22 +0000 (15:35 +0000)]
remove -X, it was just migrated to mandoc -Wstyle; OK wiz@
schwarze [Wed, 31 May 2017 15:30:12 +0000 (15:30 +0000)]
STYLE message about missing use of Ox/Nx/Fx/Dx; OK jmc@ wiz@
nicm [Wed, 31 May 2017 15:27:57 +0000 (15:27 +0000)]
time.h here too.
nicm [Wed, 31 May 2017 15:26:41 +0000 (15:26 +0000)]
Need time.h.
mikeb [Wed, 31 May 2017 14:52:05 +0000 (14:52 +0000)]
Add support for EV_RECEIPT and EV_DISPATCH flags
From FreeBSD via Jan Schreiber <jes at posteo ! de>, thanks!
OK tedu, bluhm
phessler [Wed, 31 May 2017 13:22:16 +0000 (13:22 +0000)]
another place to use ieee80211_min_basic_rate() to select the minimum tx rate
OK stsp@
visa [Wed, 31 May 2017 13:05:43 +0000 (13:05 +0000)]
Use mbuf_queue to properly serialize access to pflow output queue.
Input from mpi@, jmatthew@; OK mpi@, henning@, benno@
jmc [Wed, 31 May 2017 12:46:30 +0000 (12:46 +0000)]
section order;
phessler [Wed, 31 May 2017 12:24:06 +0000 (12:24 +0000)]
add ieee80211_min_basic_rate() to iwm(4), to select the lowest available
datarate for management frames
based on revs 1.187 and r 1.188 from iwn(4)
OK stsp@
nicm [Wed, 31 May 2017 11:00:00 +0000 (11:00 +0000)]
Some applications like vi(1) and tmux until 10 minutes or so ago, do not
redraw on SIGWINCH if the size returns to the original size between the
original SIGWINCH and when they get around to calling TIOCGWINSZ. So use
the existing resize timer to introduce a small delay between the two
resizes.
markus [Wed, 31 May 2017 10:54:00 +0000 (10:54 +0000)]
make sure we don't pass a NULL string to vfprintf (triggered by the
principals-command regress test); ok bluhm
claudio [Wed, 31 May 2017 10:49:10 +0000 (10:49 +0000)]
Man page bits for ext-community which grew a few more subtypes.
Based on a diff from Job Snijders
claudio [Wed, 31 May 2017 10:48:06 +0000 (10:48 +0000)]
Update ext community printer to the changes done in bgpd.
OK henning@ benno@
claudio [Wed, 31 May 2017 10:47:21 +0000 (10:47 +0000)]
Oups, that should have not been committed. Revert.
claudio [Wed, 31 May 2017 10:44:00 +0000 (10:44 +0000)]
Rework the way we do extended communities (mainly in the parser) and update
the IANA table to a somewhat more complete list. This includes BGP Prefix
Origin Validation State support via the ext-community ovs keyword.
OK henning@ benno@ based on a diff by Job Snijders
sthen [Wed, 31 May 2017 10:30:30 +0000 (10:30 +0000)]
sync
sthen [Wed, 31 May 2017 10:29:47 +0000 (10:29 +0000)]
install futex(2), ok mpi
nicm [Wed, 31 May 2017 10:29:15 +0000 (10:29 +0000)]
It is not OK to ignore SIGWINCH if SIOCGWINSZ reports the size has
unchanged, because it may have changed and changed back in the time
between us getting the signal and calling ioctl(). Always redraw when we
see SIGWINCH.
nicm [Wed, 31 May 2017 10:15:51 +0000 (10:15 +0000)]
Because we defer actually resizing applications (calling TIOCSWINSZ)
until the end of the server loop, tmux may have gone through several
internal resizes in between. This can be a problem if the final size is
the same as the initial size (what the application things it currently
is), because the application may choose not to redraw, assuming the
screen state is unchanged, when in fact tmux has thrown away parts of
the screen, assuming the application will redraw them.
To avoid this, do an extra resize if the new size is the same size as
the initial size. This should force the application to redraw when tmux
needs it to, while retaining the benefits of deferring (so we now resize
at most two times instead of at most one - and only two very rarely).
Fixes a problem with break-pane and zoomed panes reported by Michal
Mazurek.
tedu [Wed, 31 May 2017 10:09:31 +0000 (10:09 +0000)]
perhaps a few more words about encoding format
jmc [Wed, 31 May 2017 10:06:02 +0000 (10:06 +0000)]
minor tweaks;
markus [Wed, 31 May 2017 10:04:29 +0000 (10:04 +0000)]
use SO_ZEROIZE for privsep communication (if available)
tedu [Wed, 31 May 2017 09:58:36 +0000 (09:58 +0000)]
utf8 has an rfc
florian [Wed, 31 May 2017 09:39:03 +0000 (09:39 +0000)]
Deleting a default route proposal is a bit of work and the code got
copied around (not always correctly). Introduce free_dfr_proposal() to
have this in one place.
henning [Wed, 31 May 2017 09:30:38 +0000 (09:30 +0000)]
clarify that translations happen immediately on match rules, not generally
Tony Gong <tony.y.gong at gmail>
bluhm [Wed, 31 May 2017 09:25:17 +0000 (09:25 +0000)]
As pf blocks packets with IPv6 options header, the tests needs an
allow-opts rule.
bluhm [Wed, 31 May 2017 09:19:10 +0000 (09:19 +0000)]
Block IPv6 packets in pf(4) that have hop-by-hop options header or
destination options header. Such packets can be passed by adding
"allow-opts" to the rule. So IPv6 options are handled like their
counterpart in IPv4 now.
tested by benno@; OK henning@
stsp [Wed, 31 May 2017 09:17:39 +0000 (09:17 +0000)]
The net80211 stack was providing a 'beacon miss timeout' value (in ms)
which specified how much time may elapse without beacons before drivers
begin searching for a new AP.
Drivers convert this timeout value into the amount of beacons they're allowed
to miss. Having the stack provide this number upfront simplifies things.
ok mpi@
deraadt [Wed, 31 May 2017 09:15:42 +0000 (09:15 +0000)]
Switch to recallocarray() for a few operations. Both growth and shrinkage
are handled safely, and there also is no need for preallocation dances.
Future changes in this area will be less error prone.
Review and one bug found by markus
deraadt [Wed, 31 May 2017 08:58:52 +0000 (08:58 +0000)]
These shutdown() SHUT_RDWR are not needed before close()
ok djm markus claudio
sf [Wed, 31 May 2017 08:57:48 +0000 (08:57 +0000)]
virtio_pci: Support IPL_MPSAFE interrupt handlers
markus [Wed, 31 May 2017 08:55:10 +0000 (08:55 +0000)]
new socketoption SO_ZEROIZE: zero out all mbufs sent over socket
ok deraadt bluhm
nicm [Wed, 31 May 2017 08:43:44 +0000 (08:43 +0000)]
Look for setrgbf and setrgbb terminfo extensions for RGB colour. This is
the most reasonable of the various (some bizarre) suggestions for
capabilities.
yasuoka [Wed, 31 May 2017 08:40:32 +0000 (08:40 +0000)]
Add serial console support for efiboot.
stsp [Wed, 31 May 2017 08:33:11 +0000 (08:33 +0000)]
Add missing function prototype for iwm_rx_bmiss().
tedu [Wed, 31 May 2017 08:30:22 +0000 (08:30 +0000)]
add a tiny, to be improved, man page for utf8 encoding.
ok stsp
yasuoka [Wed, 31 May 2017 08:23:33 +0000 (08:23 +0000)]
Disable "machine boot" and "machine comaddr" from efiboot.
stsp [Wed, 31 May 2017 08:14:52 +0000 (08:14 +0000)]
Implement support for iwm(4) firmware's missed beacon notification.
Requested by deraadt@
ok mpi@
espie [Wed, 31 May 2017 08:12:27 +0000 (08:12 +0000)]
document COMPILER, this is getting to be clean enough to be documentable
krw [Wed, 31 May 2017 08:10:24 +0000 (08:10 +0000)]
Optimize virtio_enqueue_trim() a bit by nuking unneeded
re-initializations of statically set fields. Move a common
chunk out of both clauses of if/else.
No intentional functional change.
ok sf@
markus [Wed, 31 May 2017 08:09:45 +0000 (08:09 +0000)]
clear session keys from memory; ok djm@
tb [Wed, 31 May 2017 08:02:56 +0000 (08:02 +0000)]
whitespace nit
tb [Wed, 31 May 2017 07:55:29 +0000 (07:55 +0000)]
Change cp -pR to pax copy mode with -k when copying /etc/skel. This way
we keep existing files in the user's home directory that might have been
installed from siteXX.tgz. Found the hard way by Erling Westenvik.
Thanks to trondd for helpful analysis.
"If that's what it does, I'm all for it" halex
anton [Wed, 31 May 2017 07:48:04 +0000 (07:48 +0000)]
Drop -t option from ctags call.
The option has been deprecated for almost 7 years by now.
ok tb@
florian [Wed, 31 May 2017 07:30:32 +0000 (07:30 +0000)]
do not leak address and dfr proposals if an interface goes away
tedu [Wed, 31 May 2017 07:20:26 +0000 (07:20 +0000)]
we can just use void for functions that always return 0.
from Michael W. Bombardieri
tedu [Wed, 31 May 2017 07:18:10 +0000 (07:18 +0000)]
add a workaround for the rebound portjacking hijinks. ok millert
florian [Wed, 31 May 2017 07:14:58 +0000 (07:14 +0000)]
remove DEBUG_IMSG; I have figured out imsg flow by now; no binary
change
tedu [Wed, 31 May 2017 07:12:28 +0000 (07:12 +0000)]
make a copy of the first EV_SET argument to prevent multiple evaluation.
matches freebsd, fixes lldb. from Kamil Rytarowski at NetBSD.
while here, make the same change to KNOTE. ok deraadt
markus [Wed, 31 May 2017 07:00:13 +0000 (07:00 +0000)]
remove now obsolete ctx from ssh_dispatch_run; ok djm@
anton [Wed, 31 May 2017 06:59:12 +0000 (06:59 +0000)]
Allow replacement of UTF-8 characters in vi mode.
Reported by Walter Alejandro Iglesias on tech@.
ok schwarze@ tb@
jsg [Wed, 31 May 2017 06:46:57 +0000 (06:46 +0000)]
ca_revoke() gets called two ways. Directly from ca_opt() with keyname
set to the cert to revoke, and indirectly from ca_create() with a
keyname set to NULL.
ca_create() sets REQ_EXT so avoid setting it in ca_revoke() when keyname
is NULL and the crl database is being initialised.
Avoids "REQ_EXT already set" when creating a CA error introduced
in rev 1.44 which set REQ_EXT unconditionally in ca_revoke().
jmc [Wed, 31 May 2017 06:23:19 +0000 (06:23 +0000)]
tweak previous;
mpi [Wed, 31 May 2017 05:59:09 +0000 (05:59 +0000)]
Move IPv4 & IPv6 incoming/forwarding path, PIPEX ppp processing and
IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK().
We currently rely on the NET_LOCK() serializing access to most global
data structures for that. IP input queues are no longer used in the
forwarding case. They still exist as boundary between the network and
transport layers because TCP/UDP & friends still need the KERNEL_LOCK().
Since we do not want to grab the NET_LOCK() for every packet, the
softnet thread will do it once before processing a batch. That means
the L2 processing path, which is currently running without lock, will
now run with the NET_LOCK().
IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread
will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set.
Tested by Hrvoje Popovski.
ok visa@, bluhm@, henning@
jmatthew [Wed, 31 May 2017 05:54:06 +0000 (05:54 +0000)]
add some details relating to SATA device power management
part of a diff from Imre Vadasz via sf@
jmatthew [Wed, 31 May 2017 05:47:29 +0000 (05:47 +0000)]
fix SATA_SStatus_DET_OFFLINE value and add newer SStatus bits
from Imre Vadasz via sf@
markus [Wed, 31 May 2017 05:34:14 +0000 (05:34 +0000)]
use the ssh_dispatch_run_fatal variant
dlg [Wed, 31 May 2017 05:25:12 +0000 (05:25 +0000)]
fold the vnetid and parent lines into a single encap line.
this is a modest attempt to shorten the ifconfig output. encap wont
show up if neither vnetid or parent are supplied by an interface.
whitespace tweaks from benno@
output tweaks from reyk@
ok deraadt@ henning@
dlg [Wed, 31 May 2017 05:14:51 +0000 (05:14 +0000)]
make vlan use their parents lladdr all the time, not just when theyre up.
krw@ has been having issues with dhclient on vlan interfaces because
i made them only configure the lladdr when they were brought up.
dhclient likes to read the mac address and then bring them up.
this makes vlan copy the parents lladdr onto the vlan interface
when the parent is configured. this probably helps with v6 addresses
on vlan interfaces too.
the new code still supports configuring a custom lladdr on a vlan
interface. this can be done both before and after a parent is
configured, and if a parent is removed.
while here, if the parent is reconfigured while the vlan is up, dont
error if the new parent is the same as the current one. this should
make running netstart again less noisy.
ok krw@
djm [Wed, 31 May 2017 05:08:46 +0000 (05:08 +0000)]
another ctx => ssh conversion (in GSSAPI code)
deraadt [Wed, 31 May 2017 04:52:11 +0000 (04:52 +0000)]
use strerror; from Edgar Pettijohn