claudio [Wed, 23 Feb 2022 11:20:35 +0000 (11:20 +0000)]
Make it possible to bind and connect to non-default ports. This is mainly
for testing. Using alternate ports does not work for session using ipsec.
OK tb@ deraadt@
djm [Wed, 23 Feb 2022 11:18:13 +0000 (11:18 +0000)]
avoid integer overflow of auth attempts (harmless, caught by monitor)
djm [Wed, 23 Feb 2022 11:17:10 +0000 (11:17 +0000)]
randomise the password used in fakepw
djm [Wed, 23 Feb 2022 11:15:57 +0000 (11:15 +0000)]
use asprintf to construct .rhosts paths
djm [Wed, 23 Feb 2022 11:07:09 +0000 (11:07 +0000)]
openssh-8.9
martijn [Wed, 23 Feb 2022 10:28:05 +0000 (10:28 +0000)]
Interface index 1 doesn't need to have an lladdr.
Found by anton@ who has enc0 on index 1 on his arm64 regress machine.
with and OK anton@
jsg [Wed, 23 Feb 2022 07:16:26 +0000 (07:16 +0000)]
unifdef __ELF__
ok guenther@
tb [Tue, 22 Feb 2022 23:25:44 +0000 (23:25 +0000)]
whitespace
tb [Tue, 22 Feb 2022 23:24:09 +0000 (23:24 +0000)]
Check asprintf() return to avoid crashing in strcmp().
ok deraadt millert
kettenis [Tue, 22 Feb 2022 20:37:19 +0000 (20:37 +0000)]
Fix thinko in construction of SMC key for the targeted GPIO pin.
visa@
deraadt [Tue, 22 Feb 2022 20:00:11 +0000 (20:00 +0000)]
sync
millert [Tue, 22 Feb 2022 17:42:52 +0000 (17:42 +0000)]
Use sizeof() instead of KI_MAXCOMLEN and KI_WMESGLEN in structs.
This way we keep the size of the strings in the private struct in
sync with what the kernel gives us. OK deraadt@
deraadt [Tue, 22 Feb 2022 17:35:01 +0000 (17:35 +0000)]
MAXCOMLEN is no longer needed in these programs, so remove the annotation
from sys/param.h include lines, or remove the include lines entirely if
it this was the least requirement.
ok millert
deraadt [Tue, 22 Feb 2022 17:31:31 +0000 (17:31 +0000)]
Since ktr_comm is now a string, we do not need MAXCOMLEN to limit printf.
And thus, sys/param.h is not needed either.
ok millert
deraadt [Tue, 22 Feb 2022 17:30:07 +0000 (17:30 +0000)]
Instead of using MAXCOMLEN from sys/param.h, use KI_MAXCOMLEN as width,
from sysctl.h. This isn't a perfect transition, still thinking about
other ways to do it.
ok millert
deraadt [Tue, 22 Feb 2022 17:26:04 +0000 (17:26 +0000)]
Since other exported commandnames were increased to 24 and graduated into
proper strings, adapt dt's exported string in the same way.
Old/new files/tools will not work the same way.
That this interface needs to also change was pointed out by jsg
claudio [Tue, 22 Feb 2022 17:24:12 +0000 (17:24 +0000)]
Convert parse.y to use stdint.h types uintX_t instead of u_intX_t
OK tb@
deraadt [Tue, 22 Feb 2022 17:22:28 +0000 (17:22 +0000)]
Since other exported commandnames were increased to 24 and graduated into
proper strings, adapt struct acct's ac_comm similarily. While here increase
ac_mem to 32-bits, increase ac_flag from 8 to 32 bits for future extensions,
add ac_pid for forensics, and reorder the structure to avoid compiler pads.
More work remains in the sa(8) command to use ac_pid better.
This is a flag day for the acct file format, new/old files/tools are incompatible.
ok bluhm millert
deraadt [Tue, 22 Feb 2022 17:14:13 +0000 (17:14 +0000)]
Start using new _MAXCOMLEN (a proper string expanded to 24 bytes
including the NUL), in all internal interafaces, and expose this
in ktrace, core, or proc.h visibility.
ok millert
deraadt [Tue, 22 Feb 2022 17:05:51 +0000 (17:05 +0000)]
sysctl already passed the commandname as a 24-byte string KI_MAXCOMLEN
because it was padded. Define it in terms of _MAXCOMLEN from syslimits.h
ok millert
deraadt [Tue, 22 Feb 2022 17:04:29 +0000 (17:04 +0000)]
Define MAXCOMLEN in terms of _MAXCOMLEN (-1, because MAXCOMLEN does not
have the terminating NUL). In the near future, fewer programs will use
this yucky non-string, some kernel:userland interfaces will to change to
pass a proper string.
ok millert
deraadt [Tue, 22 Feb 2022 16:58:08 +0000 (16:58 +0000)]
Add _MAXCOMLEN to syslimits, it is 24, and includes the NUL. Following
commits will change sys/param.h MAXCOMLEN, sys/sysctl.h KI_MAXCOMLEN,
sys/acct.h ac_comm[], dev/ic/dtvar.h DTMAXCOMLEN to use this, and also
adapt most to the included NUL correctly. This will allow us to remove
sys/param.h include from userland base.
sys/syslimits.h is chosen as the best place for this define because it
has very small namespace which is already pulled in often.
ok millert
rob [Tue, 22 Feb 2022 16:14:38 +0000 (16:14 +0000)]
Pledge stdio.
Ok millert@
rob [Tue, 22 Feb 2022 16:08:59 +0000 (16:08 +0000)]
Remove -v option from usage.
Ok millert@
martijn [Tue, 22 Feb 2022 15:59:13 +0000 (15:59 +0000)]
requestid is a 32 bit integer, make sure that we request that with
ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald
<dot> de
OK tb
millert [Tue, 22 Feb 2022 15:15:34 +0000 (15:15 +0000)]
Add a seq(1) command, similar to what is present in GNU and Plan9.
Adapted from the NetBSD version with some changes from FreeBSD.
OK gnezdo@
claudio [Tue, 22 Feb 2022 13:47:21 +0000 (13:47 +0000)]
The fuzzer logs everything to syslog, this is not what we want.
Call log_init() and set debug but clear verbose afterwards with
log_setverbose(0) still the fuzzer is very verbose.
OK millert@ some time ago
tb [Tue, 22 Feb 2022 13:45:09 +0000 (13:45 +0000)]
Plug leak in ec_key_create()
EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be
freed at the end of keyproc() or acctproc(), which means that secrets
aren't wiped. Move EC_KEY_free() to the out label, so that the refcount
is decremented or the key freed, as appropriate.
tested/ok claudio
visa [Tue, 22 Feb 2022 13:34:23 +0000 (13:34 +0000)]
Remove extra ;
No functional change.
nicm [Tue, 22 Feb 2022 13:31:18 +0000 (13:31 +0000)]
Do not attempt to update focus (and crash) when there is no previous window.
tb [Tue, 22 Feb 2022 12:38:30 +0000 (12:38 +0000)]
whitespace/KNF
tb [Tue, 22 Feb 2022 12:36:17 +0000 (12:36 +0000)]
acme-client: only warn on PEM_write_ECPrivateKey() failure instead
of everytime ec_create_key() is called.
From wolf at wolfsden dot cz
ok florian
job [Tue, 22 Feb 2022 12:08:22 +0000 (12:08 +0000)]
Clarify RTR and roa-set sections
OK claudio@
nicm [Tue, 22 Feb 2022 11:10:41 +0000 (11:10 +0000)]
Add next_session_id format with the next session ID, GitHub issue 3078.
nicm [Tue, 22 Feb 2022 11:07:25 +0000 (11:07 +0000)]
Initialize copy_width before adjusting it, GitHub issue 3079.
nicm [Tue, 22 Feb 2022 11:01:57 +0000 (11:01 +0000)]
Use correct size for screen when popup is created without borders.
nicm [Tue, 22 Feb 2022 10:53:34 +0000 (10:53 +0000)]
Add window-resized hook to man page, from Thomas Adam.
bluhm [Tue, 22 Feb 2022 10:53:10 +0000 (10:53 +0000)]
Update libexpat to 2.4.6. This fixes CVE-2022-25235, CVE-2022-25236
CVE-2022-25313, CVE-2022-25314, and CVE-2022-25315. Relevant for
OpenBSD are security fixes #558 #559 #560 #561 #562 and bug fixes
#566. No library bump necessary.
OK tb@
dlg [Tue, 22 Feb 2022 09:55:54 +0000 (09:55 +0000)]
don't hide the mtu on "bridge" interfaces.
interfaces like vxlan and nvgre have bridges inside them and respond
to bridge ioctls, but they are still interfaces that handle l3
traffic so the mtu means something on them. if we don't want bridge
to show an mtu, that can be done by bridge(4) instead of having
ifconfig make assumptions like this.
noticed by jason tubnor
ok deraadt@ claudio@
mestre [Tue, 22 Feb 2022 08:20:35 +0000 (08:20 +0000)]
disable further calls to unveil(2)
pointed out by brynet@
visa [Tue, 22 Feb 2022 07:47:46 +0000 (07:47 +0000)]
Clear frame pointer in cpu_fork() on riscv64
This ensures the chain of call frames is terminated properly, preventing
errors when unwinding kernel stacks.
OK miod@ kettenis@
visa [Tue, 22 Feb 2022 07:46:04 +0000 (07:46 +0000)]
ddb: Improve stack unwinding on riscv64
Add logic to navigate across trapframes. Stop unwinding if the frame
pointer is clearly bad. Adjust output, and tweak details.
OK miod@ kettenis@
visa [Tue, 22 Feb 2022 07:34:06 +0000 (07:34 +0000)]
Make audio(4) event filters MP-safe
Add f_modify and f_process callbacks, and initialize the knote lists
to use audio_lock. This makes audio_lock cover the device's knote
processing.
OK mpi@
dlg [Tue, 22 Feb 2022 06:44:40 +0000 (06:44 +0000)]
add some more tunnels to the list of interfaces that rely on routing.
anton [Tue, 22 Feb 2022 06:04:46 +0000 (06:04 +0000)]
Bump the number of wait_until iterations, in the hopes of making the
tests less flaky.
deraadt [Tue, 22 Feb 2022 03:40:55 +0000 (03:40 +0000)]
repair sys/param.h namespace list
deraadt [Tue, 22 Feb 2022 03:35:36 +0000 (03:35 +0000)]
The include of sys/ktrace.h will require sys/types.h, so document this.
deraadt [Tue, 22 Feb 2022 03:34:51 +0000 (03:34 +0000)]
The FILL_KPROC() macro should be useable in situations where sys/param.h
hasn't been included, so the use of MIN() is not legit, and a local
version is required.
deraadt [Tue, 22 Feb 2022 03:33:12 +0000 (03:33 +0000)]
need a local nitems() definition
deraadt [Tue, 22 Feb 2022 03:31:50 +0000 (03:31 +0000)]
need a local nitems() definition
guenther [Tue, 22 Feb 2022 01:35:40 +0000 (01:35 +0000)]
Delete unnecessary #includes of <netinet6/ip6protosw.h>: some never
needed it and some no longer need it after moving the externs from
there to <sys/protosw.h>
ok jsg@
guenther [Tue, 22 Feb 2022 01:15:01 +0000 (01:15 +0000)]
Delete unnecessary #includes of <sys/domain.h> and/or <sys/protosw.h>
net/if_pppx.c pointed out by jsg@
ok gnezdo@ deraadt@ jsg@ mpi@ millert@
guenther [Tue, 22 Feb 2022 01:02:57 +0000 (01:02 +0000)]
Move declarations of ip6_protox[] and inet6sw[] to <sys/protosw.h>
where the IPv4 versions have been forever
ok gnezdo@ deraadt@ jsg@ mpi@ millert@
guenther [Tue, 22 Feb 2022 01:01:02 +0000 (01:01 +0000)]
pfctlinput() is already declared in <sys/protosw.h>, which is
more specific and appropriate, so delete it here
ok gnezdo@ deraadt@ jsg@ mpi@ millert@
mestre [Mon, 21 Feb 2022 19:49:46 +0000 (19:49 +0000)]
unveil(2) "/dev" read-only instead of using chroot(2)/chdir(2). after calling
the latter the program then also calls stat(2) and therefore it never actually
worked correctly since they were added almost 20 years now.
while here remove an implementation detail from the manpage which covered the
chroot part.
pointed out by and ok deraadt@
kettenis [Mon, 21 Feb 2022 19:22:21 +0000 (19:22 +0000)]
Convert KVA allocation to km_alloc(9).
ok mpi@
kettenis [Mon, 21 Feb 2022 19:18:52 +0000 (19:18 +0000)]
Convert KVA allocation to km_alloc(9).
ok mpi@
kettenis [Mon, 21 Feb 2022 19:17:51 +0000 (19:17 +0000)]
Convert KVA allocation to km_alloc(9).
ok gkoehler@
kettenis [Mon, 21 Feb 2022 19:15:58 +0000 (19:15 +0000)]
Convert KVA allocation to km_alloc(9).
ok mpi@
jsing [Mon, 21 Feb 2022 18:22:20 +0000 (18:22 +0000)]
Factor out alert handing code in the legacy stack.
Pull out the code that processes incoming alerts - a chunk of the
complexity is due to the fact that in TLSv1.2 and earlier, alerts can be
fragmented across multiple records or multiple alerts can be delivered
in a single record.
In DTLS there is no way that we can reassemble fragmented alerts (although
the RFC is silent on this), however we could have multiple alerts in the
same record. This change means that we will handle this situation more
appropriately and if we encounter a fragmented alert we will now treat this
as a decode error (instead of silently ignoring it).
ok beck@ tb@
kn [Mon, 21 Feb 2022 16:08:36 +0000 (16:08 +0000)]
Grab vmobjlocks with RW_DUPOK in vm_obj_wire() to silence WITNESS
The drm subsystem implements graphics buffers as uvm objects backed by
anonymous memory, thus drm locks and aobj locks share the same "vmobjlock"
type.
uvm_obj_wire() is only called from sys/dev/pci/drm/, so instead of changing
drm's lock init/alloc routines to mark allow duplicate locks in general,
enter uvm's vmobjlock with RW_DUPOK in this function to allow duplicate
lock types per thread in this specific call path alone.
Fixes the following WITNESS report when booting/starting X (as seen already
in other unrelated bugs@ reports):
wsdisplay0: screen 1-5 added (std, vt100 emulation)
witness: acquiring duplicate lock of same type: "&uobj->vmobjlock"
1st uobjlk
2nd uobjlk
Starting stack trace...
witness_checkorder(
fffffd83b625f9b0,9,0) at witness_checkorder+0x8ac
rw_enter(
fffffd83b625f9a0,1) at rw_enter+0x68
uvm_obj_wire(
fffffd843c39e948,0,40000,
ffff800033b70428) at uvm_obj_wire+0x46
shmem_get_pages(
ffff800008008500) at shmem_get_pages+0xb8
__i915_gem_object_get_pages(
ffff800008008500) at __i915_gem_object_get_pages+0x6d
i915_gem_fault(
ffff800008008500,
ffff800033b707c0,
10009b000,
a43d6b1c000,
ffff800033b70740,1,
35ba896911df1241,
ffff8000000aa078,
ffff8000000aa178) at i915_gem_fault+0x203
drm_fault(
ffff800033b707c0,
a43d6b1c000,
ffff800033b70740,1,0,0,
7eca45006f70ee0,
ffff800033b707c0) at drm_fault+0x156
uvm_fault(
fffffd843a7cf480,
a43d6b1c000,0,2) at uvm_fault+0x179
upageflttrap(
ffff800033b70920,
a43d6b1c000) at upageflttrap+0x62
usertrap(
ffff800033b70920) at usertrap+0x129
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffdc7c0, count: 246
End of stack trace.
Input kettenis
OK mpi
jsg [Mon, 21 Feb 2022 14:26:19 +0000 (14:26 +0000)]
aligend -> aligned
jsg [Mon, 21 Feb 2022 14:21:58 +0000 (14:21 +0000)]
ambigus -> ambiguous
jsg [Mon, 21 Feb 2022 14:16:49 +0000 (14:16 +0000)]
anscestors -> ancestors
jsg [Mon, 21 Feb 2022 13:51:04 +0000 (13:51 +0000)]
consisitent -> consistent
jsg [Mon, 21 Feb 2022 13:32:45 +0000 (13:32 +0000)]
cululative -> cumulative
jsg [Mon, 21 Feb 2022 12:53:39 +0000 (12:53 +0000)]
differenent -> different
jsg [Mon, 21 Feb 2022 12:46:59 +0000 (12:46 +0000)]
disatcher -> dispatcher
jsg [Mon, 21 Feb 2022 12:41:39 +0000 (12:41 +0000)]
diviedr -> divider
jsg [Mon, 21 Feb 2022 12:36:21 +0000 (12:36 +0000)]
dmammem -> dmamem
jsg [Mon, 21 Feb 2022 12:22:21 +0000 (12:22 +0000)]
enries -> entries
jsg [Mon, 21 Feb 2022 12:18:54 +0000 (12:18 +0000)]
entried -> entries
jsg [Mon, 21 Feb 2022 12:16:55 +0000 (12:16 +0000)]
entris -> entries
jsg [Mon, 21 Feb 2022 12:09:15 +0000 (12:09 +0000)]
expliclitly -> explicitly
jsg [Mon, 21 Feb 2022 11:43:02 +0000 (11:43 +0000)]
futther -> further
jsg [Mon, 21 Feb 2022 11:20:34 +0000 (11:20 +0000)]
ignorint -> ignoring
jsg [Mon, 21 Feb 2022 11:15:09 +0000 (11:15 +0000)]
implenent -> implement
jsg [Mon, 21 Feb 2022 11:09:52 +0000 (11:09 +0000)]
independednt -> independent, let's -> lets
mpi [Mon, 21 Feb 2022 11:03:39 +0000 (11:03 +0000)]
Constify struct cfattach.
jsg [Mon, 21 Feb 2022 10:57:58 +0000 (10:57 +0000)]
initializion -> initialization
jsg [Mon, 21 Feb 2022 10:51:36 +0000 (10:51 +0000)]
initiailze -> initialize
jsg [Mon, 21 Feb 2022 10:44:58 +0000 (10:44 +0000)]
instructinos -> instructions
jsg [Mon, 21 Feb 2022 10:38:50 +0000 (10:38 +0000)]
interrunts -> interrupts
jsg [Mon, 21 Feb 2022 10:26:20 +0000 (10:26 +0000)]
interting -> inserting
mpi [Mon, 21 Feb 2022 10:24:28 +0000 (10:24 +0000)]
Constify struct cfattach.
jsg [Mon, 21 Feb 2022 10:20:51 +0000 (10:20 +0000)]
iommmu -> iommu
jsg [Mon, 21 Feb 2022 10:06:35 +0000 (10:06 +0000)]
lenghy -> lengthy
jsg [Mon, 21 Feb 2022 09:57:18 +0000 (09:57 +0000)]
mappiing -> mapping
jsg [Mon, 21 Feb 2022 08:50:18 +0000 (08:50 +0000)]
splitted -> split, necesssary -> necessary
jsg [Mon, 21 Feb 2022 08:27:51 +0000 (08:27 +0000)]
onbard -> onboard
jsg [Mon, 21 Feb 2022 08:16:08 +0000 (08:16 +0000)]
opearting -> operating
jsg [Mon, 21 Feb 2022 07:15:42 +0000 (07:15 +0000)]
receice -> receive
robert [Mon, 21 Feb 2022 06:38:57 +0000 (06:38 +0000)]
cap the daemon login class' datasize at either 1G or 4G depending on
the architecture and set the bgpd class' datasize to either 16G or 1G
ok sthen@ and discussed with many
jsg [Mon, 21 Feb 2022 05:54:35 +0000 (05:54 +0000)]
tempterature -> temperature
dlg [Mon, 21 Feb 2022 05:19:07 +0000 (05:19 +0000)]
in input, clear the address union before putting an ipv4 address in it.
the whole vxlan address is used for lookups in the RB tree, so any
garbage on the stack where the address sits could confuse the lookup.
it looks like i was lucky before, but if you receive vxlan over
ipsec you are less lucky.
found by and fix tested by jason tubnor.
jmatthew [Mon, 21 Feb 2022 03:50:46 +0000 (03:50 +0000)]
If the signature on an icmp echo reply doesn't match, don't count it as
a reply we've received, and print out the source address and sequence number
as that might help the user understand what's going on.
ok florian@ dlg@
deraadt [Mon, 21 Feb 2022 00:56:06 +0000 (00:56 +0000)]
sync
kn [Mon, 21 Feb 2022 00:37:47 +0000 (00:37 +0000)]
USE_CCACHE does not add a dependency
OK jca sthen
dlg [Mon, 21 Feb 2022 00:36:22 +0000 (00:36 +0000)]
vxlan sending to a mcast group needs an interface specified for that group
ok anton@
jsg [Mon, 21 Feb 2022 00:22:03 +0000 (00:22 +0000)]
mutibyte -> multibyte