tedu [Thu, 8 Jan 2015 18:07:35 +0000 (18:07 +0000)]
increase namecache size to follow maxvnodes. seems better than desiredvnodes.
(accuracy of variable names, aside)
ok kettenis
florian [Thu, 8 Jan 2015 17:21:01 +0000 (17:21 +0000)]
Clear autoconf6 flag after autoconf6 cleanup happened, not before.
Otherwise clean up code will never run.
OK mpi@, benno@, henning@
mpi [Thu, 8 Jan 2015 15:05:44 +0000 (15:05 +0000)]
Include the Routing Table ID in "struct rtentry" and reorder the fields
such that there's no size change on, at least, amd64.
This will allow us to simplify some APIs and deprecate the remaining
flavors of "struct route".
ok claudio@, phessler@
mpi [Thu, 8 Jan 2015 14:29:18 +0000 (14:29 +0000)]
Factorize various duplicated chunks of (old and horrible) code, checking
for the validity of a given outgoing route entry into a single function.
This change is inspired from FreeBSD r111767. The function introduced
here, rt_checkgate(), should hopefully die in a near future. Why should
it die? Well, it is way too late to do such validity checks: if your
kernel can ends up in ether_output() with an invalid route, please do
not let it try to find a new one that might do the job.
Go read this function if you're wondering why you're getting messages
like:
"arpresolve: X.X.X.X: route without link local address"
Since this horrible logic has survived 20 years of copy & past and small
modifications for workarounds without a single clear commit message, let's
assume it is full of dragons and try to play safe. This factorization is
not intended to change any behavior.
With much inputs from bluhm@, tested by weerd@ and florian@ on setups
with p2p IPv6 interfaces.
ok bluhm@, benno@, florian@
djm [Thu, 8 Jan 2015 13:44:36 +0000 (13:44 +0000)]
fix ssh_config FingerprintHash evaluation order; from Petr Lautrbach
ajacoutot [Thu, 8 Jan 2015 13:29:34 +0000 (13:29 +0000)]
"default" is gone.
djm [Thu, 8 Jan 2015 13:10:58 +0000 (13:10 +0000)]
adjust for sshkey_load_file() API change
doug [Thu, 8 Jan 2015 11:08:50 +0000 (11:08 +0000)]
Convert spkac.c to the new option handling code.
input + ok jsing@
doug [Thu, 8 Jan 2015 11:06:12 +0000 (11:06 +0000)]
Convert pkcs8.c to the new option handling code.
Minor KNF in a few places too.
input + ok jsing@
doug [Thu, 8 Jan 2015 11:00:12 +0000 (11:00 +0000)]
Convert asn1pars.c to the new option handling.
Also, removed a few useless if null checks.
input from bcook@
input + ok jsing@
mpi [Thu, 8 Jan 2015 10:55:45 +0000 (10:55 +0000)]
Do not unconditionally set a link-local address.
carp(4) has a hack to update its Ethernet address which was also
generating the corresponding IPv6 link-local address. Since the
removal of the NOINET6 flag, this link-local address was generated
even if no IPv6 address has been configured on the interface.
This unbreak carp setup without v6 addresses, found the hard way by
sebastia@.
ok sebastia@, benno@, stsp@, @phessler
djm [Thu, 8 Jan 2015 10:15:45 +0000 (10:15 +0000)]
reorder hostbased key attempts to better match the default
hostkey algorithms order in myproposal.h; ok markus@
djm [Thu, 8 Jan 2015 10:14:08 +0000 (10:14 +0000)]
deprecate key_load_private_pem() and sshkey_load_private_pem()
interfaces. Refactor the generic key loading API to not require
pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes
ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
ajacoutot [Thu, 8 Jan 2015 09:03:26 +0000 (09:03 +0000)]
Clarify and simplify.
yasuoka [Thu, 8 Jan 2015 07:34:05 +0000 (07:34 +0000)]
Count number of sessions correctly.
bcook [Thu, 8 Jan 2015 05:34:21 +0000 (05:34 +0000)]
log as LOG_DAEMON in log_init again.
I mirrored from smtpd a little too literally.
deraadt [Thu, 8 Jan 2015 03:41:14 +0000 (03:41 +0000)]
missing , found by Dongsheng Song
doug [Thu, 8 Jan 2015 01:44:29 +0000 (01:44 +0000)]
Avoid a double-free in an error path.
ok jsing@ beck@
deraadt [Thu, 8 Jan 2015 01:28:56 +0000 (01:28 +0000)]
declare a local version of MIN(), call it MINIMUM()
(sorry, my other changes were accidentally premature)
brad [Thu, 8 Jan 2015 00:49:18 +0000 (00:49 +0000)]
Use the correct config registers for the RTL8139 family. Unlike the RTL8169
and RTL8168 family, the RTL8139 has different register map for config registers.
From FreeBSD
WoL bits reviewed and tested by stsp@
bcook [Thu, 8 Jan 2015 00:30:08 +0000 (00:30 +0000)]
sync log.c from smtpd.
Reduces the number of log.c snowflakes by a little, and gives ntpd a
variadic fatal() function to be used later.
ok deraadt@
deraadt [Thu, 8 Jan 2015 00:30:07 +0000 (00:30 +0000)]
declare a local version of MIN(), call it MINIMUM()
bcook [Thu, 8 Jan 2015 00:25:47 +0000 (00:25 +0000)]
use the correct format string for refid
ok deraadt@
deraadt [Wed, 7 Jan 2015 21:34:23 +0000 (21:34 +0000)]
Do not need sys/param.h
tedu [Wed, 7 Jan 2015 19:53:34 +0000 (19:53 +0000)]
bcallah noticed the ifndef guard for headers was wrong. don't fix, just
remove it, and put these includes up with their friends.
rpe [Wed, 7 Jan 2015 19:31:51 +0000 (19:31 +0000)]
Cleanup network config after fetching the responsefile. This enables
automatic upgrades on systems with trunk interfaces.
OK krw@
rpe [Wed, 7 Jan 2015 19:20:53 +0000 (19:20 +0000)]
Fix get_ifdevs() - don't filter vlan interfaces.
OK krw@
gilles [Wed, 7 Jan 2015 18:28:12 +0000 (18:28 +0000)]
fix ctype casting bug spotted by Jonas 'Sortie' Termansen
tedu [Wed, 7 Jan 2015 18:15:07 +0000 (18:15 +0000)]
workaround for the Meyer, et al, Bleichenbacher Side Channel Attack.
fake up a bignum key before RSA decryption.
discussed/ok djm markus
ajacoutot [Wed, 7 Jan 2015 17:15:47 +0000 (17:15 +0000)]
Tweaks from jmc@
millert [Wed, 7 Jan 2015 17:08:21 +0000 (17:08 +0000)]
It is the copy command that is abbreviated as 'c', not chdir.
Also document that cd is an alias for chdir. From Kaspars Bankovskis.
millert [Wed, 7 Jan 2015 17:01:39 +0000 (17:01 +0000)]
Document the '=' command; from trondd at gmail
reyk [Wed, 7 Jan 2015 16:57:17 +0000 (16:57 +0000)]
SVG is common enough to add it to the default types.
dcoppa [Wed, 7 Jan 2015 16:52:05 +0000 (16:52 +0000)]
Sync rxvt-unicode's terminfo entry with rxvt-unicode-9.21:
- Updated: Marc Lehmann <schmorp@schmorp.de>, 24 Nov 2014: implement cvvis as blinking cursor
- Updated: Marc Lehmann <schmorp@schmorp.de>, 13 Dec 2014: removed superfluous 0 from sgr
ok nicm@
naddy [Wed, 7 Jan 2015 16:08:50 +0000 (16:08 +0000)]
updates for Serbia and Montenegro, from Zeljko Jovanovic
tedu [Wed, 7 Jan 2015 16:05:28 +0000 (16:05 +0000)]
stupid me. need errno.h
tedu [Wed, 7 Jan 2015 15:46:23 +0000 (15:46 +0000)]
set errno = EINVAL for invalid salts and hashes in most functions.
remember to set EACCES in bcrypt_checkpass for hash differences.
the higher level crypt_checkpass function will reset errno to EACCES in
all cases, which is probably the right behavior, but this change gives code
working with the lower level functions the correct errno if they care.
deraadt [Wed, 7 Jan 2015 15:44:47 +0000 (15:44 +0000)]
sync
naddy [Wed, 7 Jan 2015 15:41:48 +0000 (15:41 +0000)]
5.8 packages key
schwarze [Wed, 7 Jan 2015 12:19:17 +0000 (12:19 +0000)]
Bugfix: When the invocation of a user-defined macro follows a roff
conditional request on the same input line, don't skip the first few
bytes of its content.
reyk [Wed, 7 Jan 2015 11:04:29 +0000 (11:04 +0000)]
Relax configuration list parsing to allow multi-line blocks for tls,
root, tcp etc.
Based on a diff from Nathanael Rensen.
OK florian@
ajacoutot [Wed, 7 Jan 2015 10:44:14 +0000 (10:44 +0000)]
Start tweaking a bit.
mpi [Wed, 7 Jan 2015 10:32:13 +0000 (10:32 +0000)]
Only MS IntelliMouse have a Z axis, prevent a false positive triggered
by -Wuninitialized reported by jsg@.
ok stsp@
florian [Wed, 7 Jan 2015 10:29:22 +0000 (10:29 +0000)]
Bump example pubkey filenames for 5.7
OK benno@
dlg [Wed, 7 Jan 2015 10:26:48 +0000 (10:26 +0000)]
use the same trick as mpii for posting the request descriptor with
a single 64bit write on lp64 archs, instead of two sequenced 32bit
writes. cos the 64bit store is atomic, we dont need the mutex
around it either.
yasuoka [Wed, 7 Jan 2015 07:49:18 +0000 (07:49 +0000)]
Fix impi(4) to make watchdog work and not to panic.
diff from uebayasi jsg
ok uebayasi
dlg [Wed, 7 Jan 2015 04:56:56 +0000 (04:56 +0000)]
replace bcopy with memcpy. still cant see the bug im looking for.
dlg [Wed, 7 Jan 2015 04:46:18 +0000 (04:46 +0000)]
i may as well turn bzero into memset while i am busy not having
luck finding my bug.
bcook [Wed, 7 Jan 2015 01:15:57 +0000 (01:15 +0000)]
mix in more virtual memory and process information
deraadt [Wed, 7 Jan 2015 00:40:57 +0000 (00:40 +0000)]
sync
bluhm [Tue, 6 Jan 2015 23:11:23 +0000 (23:11 +0000)]
Backout revision 1.37. Setting ev->ev_pncalls to NULL results in
a use after free if the callback has freed the ev. With F in
malloc.conf both tmux and the regression tests triggered a segmentation
fault.
OK nicm@
deraadt [Tue, 6 Jan 2015 22:19:36 +0000 (22:19 +0000)]
mips64 architectures moving to static PIE
deraadt [Tue, 6 Jan 2015 22:14:53 +0000 (22:14 +0000)]
add 5.8 base key
sthen [Tue, 6 Jan 2015 22:05:51 +0000 (22:05 +0000)]
firmware key for 5.8
sthen [Tue, 6 Jan 2015 21:34:27 +0000 (21:34 +0000)]
add Medion Mobile S4222; Ingo Feinerer
stsp [Tue, 6 Jan 2015 21:26:46 +0000 (21:26 +0000)]
Remove the NOINET6 interface flag, a left-over from the times when IPv6
was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable
an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment
still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet.
ok stsp, benno, mpi
nicm [Tue, 6 Jan 2015 21:14:42 +0000 (21:14 +0000)]
Revert to r1.16 since this is still clearly broken and I can't see how
right now.
bcook [Tue, 6 Jan 2015 21:08:11 +0000 (21:08 +0000)]
add initial HP-UX getentropy/arc4random support.
patch from Kinichiro Inoguchi, tested on HP-UX 11.31
ok deraadt@
stsp [Tue, 6 Jan 2015 17:55:28 +0000 (17:55 +0000)]
Make httpd return "404 not found" if an intermediate component of a requested
file path does not exist rather than returning "500 internal server error".
ok reyk
reyk [Tue, 6 Jan 2015 17:48:04 +0000 (17:48 +0000)]
I missed one goto abort instead of free(line).
Found by Fabian Raetz at gmail
armani [Tue, 6 Jan 2015 17:27:58 +0000 (17:27 +0000)]
We do not support freeing memory using reqbufs with a zero size so
return EINVAL in this case.
Also change an easily triggerable panic by a printf and return EINVAL.
Reminded by brad@, one typo spotted by sthen@ and ok mpi@
ajacoutot [Tue, 6 Jan 2015 14:48:59 +0000 (14:48 +0000)]
Simplify special vars argument checking; invalidating some bogus constructs
in the process.
reyk [Tue, 6 Jan 2015 14:07:48 +0000 (14:07 +0000)]
Only open a socket once for each unique "listen on" statement. This
prevents running out of file descriptors when loading a configuration
with many aliases.
OK florian@
reyk [Tue, 6 Jan 2015 13:48:15 +0000 (13:48 +0000)]
Instead of calling free(line) in each error case, call it once in fail:.
From Fabian Raetz at gmail
reyk [Tue, 6 Jan 2015 13:38:59 +0000 (13:38 +0000)]
Return "400 Bad Request" instead of "500 Internal Server Error" for
unknown/invalid HTTP requests.
From Fabian Raetz at gmail
dlg [Tue, 6 Jan 2015 12:50:47 +0000 (12:50 +0000)]
when we're entering an interrupt handler, record its ipl so splassert
can check if we're entering code we think should only be used from
lower ipls.
modelled a bit on how sparc64 does things.
with help from and ok kettenis@
ajacoutot [Tue, 6 Jan 2015 12:49:55 +0000 (12:49 +0000)]
While on death-row, 'rcctl status' still is still allowed for now -- so
make its output match the older one.
ajacoutot [Tue, 6 Jan 2015 12:28:56 +0000 (12:28 +0000)]
Sync with new rcctl usage. Will get some much needed love within the next
few days.
ajacoutot [Tue, 6 Jan 2015 12:27:42 +0000 (12:27 +0000)]
Rename some internal variables (flag and flags is way too error-prone):
flag -> var
flags -> args
deraadt [Tue, 6 Jan 2015 11:58:29 +0000 (11:58 +0000)]
sync
ajacoutot [Tue, 6 Jan 2015 11:47:50 +0000 (11:47 +0000)]
Major rcctl(8) rewrite to simplify it and add new features. It can now
configure "user" and "timeout". Committing now because there's been no
release yet including rcctl(8) so it's easier to modify its usage.
Usage extended (*retaining full backward compatibility for now*) to:
rcctl set|get|getdef foobar [flags|user|timeout|status]
The followings will be dropped soon but not right now to give people
time to adjust:
rcctl enable sshd flags # 'enable' takes no flags, use 'rcctl set ...'
rcctl status sshd # use 'rcctl get sshd [flags|status|timeout|user]'
rcctl default sshd # use 'rcctl getdef sshd [flags|status|timeout|user]'
rcctl status # use 'rcctl getall'
Man page changes will come soon. Make sure you have an up-to-date rc.subr.
discussed with schwarze@ robert@ jasper@ sthen@
"love the idea" jasper@
ok schwarze@
bluhm [Tue, 6 Jan 2015 11:42:37 +0000 (11:42 +0000)]
Apply commit
e0e6958aa074a7714cd7c4aa779a1dfede3a03b1 from upstream.
- Avoid deadlock when activating signals. Fixes bug
3048812.
Based on patch by Nicholas Marriott.
The deadlock was ultimately fixed in a different way (by disabling
reinit - see event.c r1.25). Add it now for consistency but without
the Windows compatibility code. Convert the fnctl() calls to
SOCK_CLOEXEC | SOCK_NONBLOCK to simplify the code.
OK nicm@
bluhm [Tue, 6 Jan 2015 11:27:35 +0000 (11:27 +0000)]
Apply commit
2d8cf0b720cdd5f9f292f174a10ff74e62a380ec from upstream.
- Defensive programming to prevent (hopefully impossible) stack-stomping
OK nicm@
mpi [Tue, 6 Jan 2015 10:42:16 +0000 (10:42 +0000)]
Support for MEDION S4222 which needs another funky umass quirk. From
Ingo Feinerer.
mpi [Tue, 6 Jan 2015 10:39:06 +0000 (10:39 +0000)]
regen
mpi [Tue, 6 Jan 2015 10:38:36 +0000 (10:38 +0000)]
MediaTek Inc. from Ingo Feinerer.
gilles [Tue, 6 Jan 2015 10:31:09 +0000 (10:31 +0000)]
move the message parser init earlier to avoid a possible use after free in
an unlikely error code path
gilles [Tue, 6 Jan 2015 09:32:13 +0000 (09:32 +0000)]
fix whitespace and indentation, by Kyle Milz
nicm [Tue, 6 Jan 2015 09:12:53 +0000 (09:12 +0000)]
Unzoom before kill, from Thomas Adam.
nicm [Tue, 6 Jan 2015 09:12:02 +0000 (09:12 +0000)]
Add missing default bindings, from Theo Buehler.
brad [Tue, 6 Jan 2015 04:05:43 +0000 (04:05 +0000)]
Always enable the receive filter. It was being enabled via sis_init()
but not if calling sis_iff() via sis_ioctl().
jsg [Tue, 6 Jan 2015 01:49:45 +0000 (01:49 +0000)]
init a potentially uninitialised var in pf_postprocess_addr
ok mikeb@ henning@
dlg [Tue, 6 Jan 2015 00:38:32 +0000 (00:38 +0000)]
implement atomic_swap_{uint,ulong,ptr) and some md variants. use these
to replace x86_atomic_testset_{u32,u64}.
help from guenther@ kettenis@
ok kettenis@
dlg [Mon, 5 Jan 2015 23:54:18 +0000 (23:54 +0000)]
splassert on some archs (or just sparc64) check that you're not in
an interrupt handler at an ipl level higher than what you're
splasserting you should be at. if you think code should be protected
by IPL_BIO and its entered from an interrupt handler established
at IPL_NET, you have a bug.
add some asserts to gets and puts so we can pick those cases up.
dlg [Mon, 5 Jan 2015 23:18:36 +0000 (23:18 +0000)]
there's already three different types of chips in this family of
controllers. the flags used in sgls on the first gen (thunderbolt)
are different to the ones used on the second and third gens (fury
and invader).
this creates an mfii_iop struct to store differences between these
chips, and uses them to set the flags on the sgls we generate for
the chip.
this solves lockups caused by stuck io on the following chips:
mfii0 at pci1 dev 0 function 0 "Symbios Logic MegaRAID SAS3108" rev 0x02: msi
mfii0: "PERC H730 Mini", firmware 25.2.1.0037, 1024MB cache
and
mfii0 at pci1 dev 0 function 0 "Symbios Logic MegaRAID SAS3008" rev 0x02: msi
mfii0: "PERC H330 Mini", firmware 25.2.1.0037
ive also tested this diff on:
mfii0 at pci10 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi
mfii0: "PERC H810 Adapter", firmware 21.2.0-0007, 1024MB cache
and
mfii0 at pci1 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi
mfii0: "PERC H710 Mini", firmware 21.3.0-0009, 512MB cache
Hrvoje Popovski reported the bug and verified the fix on his hardware.
bluhm [Mon, 5 Jan 2015 23:14:36 +0000 (23:14 +0000)]
Fix CVE-2014-6272 in Libevent 1.4 from upstream:
- https://github.com/libevent/libevent/commit/
7b21c4eabf1f3946d3f63cce1319c490caab8ecf
- For this fix, we need to make sure that passing too-large inputs to
the evbuffer functions can't make us do bad things with the heap.
On top of that do:
- Update libevent version to 1.4.15-stable.
- Use SIZE_MAX from limits.h instead of a private define.
- Do not declare 'size_t need' twice to avoid a compiler warning.
OK sthen
bluhm [Mon, 5 Jan 2015 22:41:37 +0000 (22:41 +0000)]
Fix relayd http regression tests. If http response is not ok, the
response's content length may be an unexpected value as an error
page is shown.
millert [Mon, 5 Jan 2015 21:58:52 +0000 (21:58 +0000)]
Remove #ifdef notdef bits--we are not going to change the fgetln()
API to NUL-terminate the buffer.
lum [Mon, 5 Jan 2015 21:45:10 +0000 (21:45 +0000)]
As pointed out by Kaspars Bankovskis on tech@, there is no ifdef for
STARTUP.
tedu [Mon, 5 Jan 2015 21:04:04 +0000 (21:04 +0000)]
rename kern enter/exit macros to malloc enter/leave to better reflect
what's going on.
gilles [Mon, 5 Jan 2015 21:00:36 +0000 (21:00 +0000)]
some third-party mda require a prepended From separator line, so remove the
prepending from delivery_filename backend and prepend conditionally earlier
in the code path if delivery method is through mda or filename.
ok eric@
millert [Mon, 5 Jan 2015 20:09:25 +0000 (20:09 +0000)]
Add SORTPROG environment variable to test a different sort program.
Replace -y with -S (supported by GNU and FreeBSD sorts).
uaa [Mon, 5 Jan 2015 19:59:40 +0000 (19:59 +0000)]
fix .Nd line
ok by deraadt@
bluhm [Mon, 5 Jan 2015 18:48:31 +0000 (18:48 +0000)]
Make syslogd TCP tests more reliable. Increase timeouts, shutdown
write to trigger connection close, allow errors EPIPE or ECONNRESET.
espie [Mon, 5 Jan 2015 16:32:28 +0000 (16:32 +0000)]
a few tweaks to match the old script better (for now)
- progress meter set like the old script
- path to firmware printed
- update both needed and installed drivers
- coda when we don't find anything to install/delete
- error out if @ARGV is not a possible driver
jsing [Mon, 5 Jan 2015 15:25:39 +0000 (15:25 +0000)]
Convert openssl(1) passwd to new option handling.
ok doug@
tedu [Mon, 5 Jan 2015 14:07:12 +0000 (14:07 +0000)]
encrypt can use the scrypt scaling code in libc now via crypt_newhash
tedu [Mon, 5 Jan 2015 13:52:47 +0000 (13:52 +0000)]
use the correct read count when determining how swabbing is necessary.
bug report from Martin Wolters
sthen [Mon, 5 Jan 2015 13:29:34 +0000 (13:29 +0000)]
zap file which is unused and already removed upstream
sthen [Mon, 5 Jan 2015 13:28:44 +0000 (13:28 +0000)]
use new ub_conf_dir to set the directory for keys and certificates
ok brad@, committed upstream (r3297)