tobhe [Wed, 10 Feb 2021 22:25:54 +0000 (22:25 +0000)]
Delay deletion of IKE SAs on rekey when stickyaddress is enabled to make
sure peers can keep their previously assigned addresses.
ok patrick@
espie [Wed, 10 Feb 2021 22:04:14 +0000 (22:04 +0000)]
rephrase example in a more consistent way
kettenis [Wed, 10 Feb 2021 20:51:27 +0000 (20:51 +0000)]
Add a instruction barrier between writing CCSELR_EL1 and reading CCSIDR_EL1
to guarantee that we read the cache parameters of the cache we just selected.
The required ISB instruction is present in the examples in the ARM ARM.
Fixes the the report on the cores in Apple's M1 SoC.
ok patrick@
bluhm [Wed, 10 Feb 2021 18:28:06 +0000 (18:28 +0000)]
If pf changes the routing table when sending packets, the kernel
could get stuck in an endless recursion during TCP path MTU discovery.
Create a dynamic host route in ip_output() that can be used by
tcp_mtudisc() to store the MTU.
Reported by Peter Mueller and Sebastian Sturm
OK claudio@
claudio [Wed, 10 Feb 2021 16:37:29 +0000 (16:37 +0000)]
Add med test, this no longer fails in -current
bluhm [Wed, 10 Feb 2021 14:45:27 +0000 (14:45 +0000)]
Use the same check in kernel and ifconfig for group names. ifconfig
delete group does not need name sanitation. The kernel will just
report that it does not exist.
OK deraadt@ gnezdo@ anton@ mvs@ claudio@
bluhm [Wed, 10 Feb 2021 14:41:53 +0000 (14:41 +0000)]
Interface group names must fit into IFNAMSIZ and be unique. But
the kernel made the unique check before trunkating with strlcpy().
So there could be two interface groups with the same name. The kif
is created by a name lookup. The trunkated names are equal, so
there was only one kif owned by both groups. When the groups got
destroyed, the single kif was removed twice from the RB tree.
Check length of group name before doing the unique check.
The empty group name was allowed and is now invalid.
Reported-by: syzbot+f47e8296ebd559f9bbff@syzkaller.appspotmail.com
OK deraadt@ gnezdo@ anton@ mvs@ claudio@
mvs [Wed, 10 Feb 2021 13:38:46 +0000 (13:38 +0000)]
Remove `sc_dead' logic from pppac(4). It is used to prevent
pppac_ioctl() be called on dying pppac(4) interface. But now if_detach()
makes dying `ifp' inaccessible and waits for references which are in-use
in ioctl(2) path. This logic is not required anymore. Also if_detach()
was moved before klist_invalidate() to prevent the case while
pppac_qstart() bump `sc_rsel'.
ok yasuoka@
espie [Wed, 10 Feb 2021 12:44:13 +0000 (12:44 +0000)]
as usual, stuff got removed without updating the documentation
GC www/drupal7 description
mvs [Wed, 10 Feb 2021 08:20:09 +0000 (08:20 +0000)]
Move UNIX domain sockets out of kernel lock. The new `unp_lock' rwlock(9)
used as solock()'s backend to protect the whole layer.
With feedback from mpi@.
ok bluhm@ claudio@
nicm [Wed, 10 Feb 2021 07:17:07 +0000 (07:17 +0000)]
Use ~/.tmux.conf as an example rather than /etc/passwd, suggested by
deraadt@.
jmc [Wed, 10 Feb 2021 06:52:05 +0000 (06:52 +0000)]
some spacing/grammar fixes from dave voutila;
deraadt [Wed, 10 Feb 2021 02:53:43 +0000 (02:53 +0000)]
only amd64 & arm64 lldb work at the moment
deraadt [Wed, 10 Feb 2021 00:34:57 +0000 (00:34 +0000)]
cast large to reduce warning on 32-bit machines (an ELF type is printed with %ll)
kettenis [Tue, 9 Feb 2021 23:58:33 +0000 (23:58 +0000)]
Make sure that switching the console from serial to framebuffer works
for framebuffer nodes under / and /chosen.
ok patrick@
patrick [Tue, 9 Feb 2021 23:37:54 +0000 (23:37 +0000)]
pfsync_state_import() must not be called with the pf state lock held,
since the actual modification of the state table is done by a call to
pf_state_insert(), which takes the pf state lock itself. Other calls
to pfsync_state_import() also only have the pf lock.
Reported-by: syzbot+d6ea8620b43dc69ecbc6@syzkaller.appspotmail.com
ok bluhm@
patrick [Tue, 9 Feb 2021 21:58:46 +0000 (21:58 +0000)]
sync
patrick [Tue, 9 Feb 2021 21:57:25 +0000 (21:57 +0000)]
Build and install lldb.
Discussed with deraadt@
naddy [Tue, 9 Feb 2021 21:42:04 +0000 (21:42 +0000)]
rc: ensure that vfs.mounts.nfs check works without NFS
If NFS isn't compiled into the kernel, sysctl -n vfs.mounts.nfs
will produce no numerical output. Make sure that we always have
a valid arithmetic expression.
Reported by and ok patrick@
tobhe [Tue, 9 Feb 2021 21:35:48 +0000 (21:35 +0000)]
Add optional 'group none' transform for child SAs and fix handling of
'group none'. We currently send no transform of type DH by default,
which should be equivalent to explicitly sending a single DH transform
of type 'none'. However, the proposal matching logic had a bug where
these two would not match, effectively breaking the ability to negotiate
optional PFS. This commit fixes the bug but continues to send
no DH proposal by default to remain backwards compatible with older
versions.
ok patrick@
mortimer [Tue, 9 Feb 2021 21:35:45 +0000 (21:35 +0000)]
Fix lldb.
Map deliberately invalid signal to zero when passing to PT_STEP and P_CONTINUE.
Also clean up getting Environment so setting LLDB_DEBUGSERVER env vars works again.
ok patrick@
claudio [Tue, 9 Feb 2021 17:00:30 +0000 (17:00 +0000)]
These regress tests expect coredumps to be written so run them with
ulimit -c unlimited. Also simplify the logic a bit as requested by bluhm@.
OK bluhm@ deraadt@
claudio [Tue, 9 Feb 2021 16:58:00 +0000 (16:58 +0000)]
These regress test expect coredumps as an effect of the test so run
the tests with ulimit -c unlimited to make sure coredumps are written.
OK bluhm@ deraadt@
claudio [Tue, 9 Feb 2021 16:55:51 +0000 (16:55 +0000)]
Walk over all results from getaddrinfo() instead of giving up after the
first entry. This way ocspcheck will try all returned IPs to contact
the OCSP server. Found by the regress test and a resolv.conf file with
'family inet6 inet4'.
OK kn@ deraadt@
deraadt [Tue, 9 Feb 2021 14:49:22 +0000 (14:49 +0000)]
sync
jcs [Tue, 9 Feb 2021 14:37:13 +0000 (14:37 +0000)]
ddb: when a new wsdisplay console attaches, resize ddb cols/rows to it
ok visa
nicm [Tue, 9 Feb 2021 14:25:40 +0000 (14:25 +0000)]
Do not expand times and #() inside #().
patrick [Tue, 9 Feb 2021 14:06:19 +0000 (14:06 +0000)]
Activate use of PF_LOCK() by removing the WITH_PF_LOCK ifdefs.
Silence from the network group
ok sashan@
deraadt [Tue, 9 Feb 2021 07:12:20 +0000 (07:12 +0000)]
sync
jmatthew [Tue, 9 Feb 2021 01:50:10 +0000 (01:50 +0000)]
Add a barrier between reading the cqe flags and the command ID, which
should ensure that we don't read a stale command ID and complete the
wrong scsi io. powerpc64 base builds were crashing like this fairly
regularly.
ok deraadt@ dlg@
sthen [Mon, 8 Feb 2021 22:18:21 +0000 (22:18 +0000)]
7.0 firmware key
naddy [Mon, 8 Feb 2021 22:09:57 +0000 (22:09 +0000)]
7.0 packages key
jmc [Mon, 8 Feb 2021 20:32:07 +0000 (20:32 +0000)]
correct return type for compressBound();
from pedro martelletto
stsp [Mon, 8 Feb 2021 20:07:04 +0000 (20:07 +0000)]
change discipline name from "RAID1C" to "RAID 1C" to match the man pages
stsp [Mon, 8 Feb 2021 20:05:20 +0000 (20:05 +0000)]
add RAID 1C to the list of supported softraid(4) disciplines
jan [Mon, 8 Feb 2021 19:37:15 +0000 (19:37 +0000)]
Remove maxburst feature from tcp_output
OK bluhm@, claudio@, deraadt@
deraadt [Mon, 8 Feb 2021 19:09:05 +0000 (19:09 +0000)]
sync
stsp [Mon, 8 Feb 2021 19:05:05 +0000 (19:05 +0000)]
Make bioctl properly verify raidlevels specified via the -c option.
Trailing characters in the option argument were ignored, such that
-cC1 (typo of -c1C) was interpreted as -cC instead of being rejected.
ok jsing@
jsing [Mon, 8 Feb 2021 17:21:50 +0000 (17:21 +0000)]
Update DTLS client hello due to ECC changes.
jsing [Mon, 8 Feb 2021 17:20:47 +0000 (17:20 +0000)]
Remove bogus DTLS checks to disable ECC and OCSP.
ECC and OCSP can be used with DTLS, so remove bogus checks that currently
prevent it. These are long lasting remnants from the original OpenSSL code.
ok tb@
jsing [Mon, 8 Feb 2021 17:18:39 +0000 (17:18 +0000)]
Enforce read ahead with DTLS.
DTLS is largely broken/useless without read ahead being enabled, so enforce
it for DTLS. This behaviour matches both our documentation and OpenSSL.
ok tb@
jsing [Mon, 8 Feb 2021 17:17:02 +0000 (17:17 +0000)]
Use dtls1_retrieve_buffered_record() to load buffered application data.
Replace the current copy of dtls1_retrieve_buffered_record() with a call
to it instead.
ok tb@
deraadt [Mon, 8 Feb 2021 16:15:06 +0000 (16:15 +0000)]
add future 7.0 base key
tobhe [Mon, 8 Feb 2021 16:13:58 +0000 (16:13 +0000)]
Clean up kernel IPsec flows and security associations on shutdown.
Discussed with sthen@
ok patrick@
nicm [Mon, 8 Feb 2021 14:46:53 +0000 (14:46 +0000)]
Add "pipe" variants of the "copy-pipe" commands which do not copy, from
Christian Zangl.
bluhm [Mon, 8 Feb 2021 12:30:10 +0000 (12:30 +0000)]
Start refcounting interface groups with 1. if_creategroup() returns
a new object that is already refcounted, so carp attach does not
reach into internal structures. Add kasserts to detect counter
overflow or underflow.
OK mvs@
stsp [Mon, 8 Feb 2021 11:21:53 +0000 (11:21 +0000)]
Add a RAID1C (raid1 + crypto) softraid(8) discipline.
The RAID1C discipline encrypts data like the CRYPTO discipline, and accepts
multiple chunks during creation and assembly like the RAID1 discipline.
To deal with failing disks a RAID1C volume may be assembled with a smaller
number of chunks than the volume was created with. The volume will then come
up in degraded state. If the volume is now detached and assembled again with
the correct number of chunks, any re-added chunks will require a rebuild.
Consequently, assembling RAID1C volumes requires careful attention to the
chunks passed via 'bioctl -l'. If a chunk is accidentally omitted from the
command line during volume assembly, then this chunk will need to be rebuilt.
At least one known-good chunk is required in order to assemble the volume.
Like CRYPTO, RAID1C supports passphrase and key-disk authentication.
Key-disk based volumes are assembled automatically if the key disk is present
while the system is booting up.
Unlike CRYPTO and RAID1, there is no boot support for RAID1C yet.
RAID1C largely reuses existing code of RAID1 and CRYPTO disciplines.
At present RAID1C's discipline-specific data structure is shared with that
of the CRYPTO discipline to allow re-use of existing CRYPTO code. A custom
RAID1C data structure would require CRYPTO code to access struct sr_crypto
via a pointer instead of via a member field of struct sr_discipline.
ok jsing@
stsp [Mon, 8 Feb 2021 11:20:03 +0000 (11:20 +0000)]
Add a RAID1C (raid1 + crypto) softraid(8) discipline.
The RAID1C discipline encrypts data like the CRYPTO discipline, and accepts
multiple chunks during creation and assembly like the RAID1 discipline.
To deal with failing disks a RAID1C volume may be assembled with a smaller
number of chunks than the volume was created with. The volume will then come
up in degraded state. If the volume is now detached and assembled again with
the correct number of chunks, any re-added chunks will require a rebuild.
Consequently, assembling RAID1C volumes requires careful attention to the
chunks passed via 'bioctl -l'. If a chunk is accidentally omitted from the
command line during volume assembly, then this chunk will need to be rebuilt.
At least one known-good chunk is required in order to assemble the volume.
Like CRYPTO, RAID1C supports passphrase and key-disk authentication.
Key-disk based volumes are assembled automatically if the key disk is present
while the system is booting up.
Unlike CRYPTO and RAID1, there is no boot support for RAID1C yet.
RAID1C largely reuses existing code of RAID1 and CRYPTO disciplines.
At present RAID1C's discipline-specific data structure is shared with that
of the CRYPTO discipline to allow re-use of existing CRYPTO code. A custom
RAID1C data structure would require CRYPTO code to access struct sr_crypto
via a pointer instead of via a member field of struct sr_discipline.
ok jsing@
mpi [Mon, 8 Feb 2021 10:51:01 +0000 (10:51 +0000)]
Revert the convertion of per-process thread into a SMR_TAILQ.
We did not reach a consensus about using SMR to unlock single_thread_set()
so there's no point in keeping this change.
mpi [Mon, 8 Feb 2021 09:46:45 +0000 (09:46 +0000)]
Extend binary operators support, required for more filter features.
Improve debugging of filters and print operator names in debug output.
claudio [Mon, 8 Feb 2021 09:28:58 +0000 (09:28 +0000)]
Also print the recently added caRepository URI alongside rpkiManifest
and rpkiNotify SIA.
claudio [Mon, 8 Feb 2021 09:22:53 +0000 (09:22 +0000)]
Extract the 1.3.6.1.5.5.7.48.5 (caRepository) SIA from the certificate.
Make sure that the caRepository matches the start of the URI of rpkiManifest.
The MFT must be a file inside the caRepository.
OK tb@
claudio [Mon, 8 Feb 2021 09:18:30 +0000 (09:18 +0000)]
Do not hold onto the fdplock longer then needed. Release the lock after
the initial falloc() calls and then regrab it for the fdinsert() or
fdremove() calls respectiviely. Also move closef() outside of the lock.
This replaces the previously reverted lock order change that was reverted.
OK mvs@ visa@
nicm [Mon, 8 Feb 2021 08:33:54 +0000 (08:33 +0000)]
Include "focused" in client flags, from Dan Aloni in GitHub issue 2558.
mpi [Mon, 8 Feb 2021 08:18:45 +0000 (08:18 +0000)]
Simplify sleep_setup API to two operations in preparation for splitting
the SCHED_LOCK().
Putting a thread on a sleep queue is reduce to the following:
sleep_setup();
/* check condition or release lock */
sleep_finish();
Previous version ok cheloha@, jmatthew@, ok claudio@
dlg [Sun, 7 Feb 2021 23:53:46 +0000 (23:53 +0000)]
route-to rules take ips, not interfaces with optional ips.
another gentle reminder by bluhm@ who pointed out i missed some
dlg [Sun, 7 Feb 2021 23:53:00 +0000 (23:53 +0000)]
i missed a dup-to when tweaking route-to things to takes ips, not ifaces.
gentle reminded by bluhm@
jsing [Sun, 7 Feb 2021 15:26:32 +0000 (15:26 +0000)]
Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().
The mess that is ssl_get_algorithm2() only exists to upgrade the handshake
MAC of a pre-TLSv1.2 cipher suite to SHA256 when used with TLSv1.2. We can
readily do this in ssl_get_handshake_evp_md(), which is far more readable.
ok tb@
jsing [Sun, 7 Feb 2021 15:12:52 +0000 (15:12 +0000)]
Correct handshake MAC/PRF for various TLSv1.2 cipher suites.
For some reason various TLSv1.2 cipher suites were added with the default
handshake MAC and PRF, rather than the SHA256 handshake MAC and PRF. This
gets patched up in ssl3_get_algorithm2(), hence goes unnoticed.
ok tb@
jsing [Sun, 7 Feb 2021 15:04:10 +0000 (15:04 +0000)]
Factor out the legacy stack version checks.
Also check for explicit version numbers, rather than just the major version
value.
ok tb@
jsing [Sun, 7 Feb 2021 14:52:17 +0000 (14:52 +0000)]
Enable auto DHE and disable session tickets for some tests.
This allows us to drop the server messages that we intend on dropping.
florian [Sun, 7 Feb 2021 13:35:41 +0000 (13:35 +0000)]
Only probe for DNS64 presence when we know that we can talk to the slaacd
provided nameservers, i.e. the stub resolver check succeeded.
Previously we would only probe DNS64 on network change but would not
reschedule when it failed. Sometimes (most of the time?) this failes
because our address is still tentative or a default route has
not yet been installed.
OK phessler
deraadt [Sun, 7 Feb 2021 01:24:39 +0000 (01:24 +0000)]
sync
tobhe [Sun, 7 Feb 2021 00:56:06 +0000 (00:56 +0000)]
Free X509_STOREs in ca_shutdown().
tobhe [Sun, 7 Feb 2021 00:51:53 +0000 (00:51 +0000)]
Fix address leaks in expand_flows().
ok patrick@
mestre [Sat, 6 Feb 2021 21:42:30 +0000 (21:42 +0000)]
while learning (teachgammon(1)) you might want to save your game so "{w,c}path"
pledge(2) permissions are required
naddy [Sat, 6 Feb 2021 21:40:59 +0000 (21:40 +0000)]
switch clang to -fno-common by default
Common variables will be flagged as errors by default. This can
be overridden with -fcommon.
Cherry-pick this change that will be part of LLVM11. We bring it
forward so we can finish fixing the fallout in the ports tree.
ok deraadt@ sthen@ mglocker@
deraadt [Sat, 6 Feb 2021 21:26:19 +0000 (21:26 +0000)]
6.9-beta
florian [Sat, 6 Feb 2021 18:01:02 +0000 (18:01 +0000)]
Revert delayed opening of trust anchor file. The code was somewhat
ugly and the underlying problem (dhclient and unwind playing well
together) should be solved differently.
Final straw was jca reporting that it breaks his setup.
bluhm [Sat, 6 Feb 2021 13:15:37 +0000 (13:15 +0000)]
Simplex interface sends packet back without hardware checksum
offloading. The checksum must be calculated in software. Use the
same condition in ether_resolve() to send the broadcast packet back
to the stack and in in_ifcap_cksum() to force software checksumming.
This fixes regress/sys/kern/sosplice/loop.
OK procter@
nicm [Sat, 6 Feb 2021 13:02:52 +0000 (13:02 +0000)]
In the end UTF-8 did not become a terminal feature, should not be listed
in man page.
visa [Sat, 6 Feb 2021 09:33:41 +0000 (09:33 +0000)]
Mention Netgear ProSecure UTM25.
visa [Sat, 6 Feb 2021 09:31:47 +0000 (09:31 +0000)]
Revise kernel's ld.script on octeon
This allows more control over the structure of the linked kernel image.
Now the ELF .openbsd.randomdata segment can be omitted from BOOT kernel.
The segment has caused trouble with broken firmware when the firmware
tries to load it on top of the actual kernel segment.
Discussed with and OK deraadt@
jsing [Sat, 6 Feb 2021 07:34:34 +0000 (07:34 +0000)]
Only hexdump packets/messages on higher debug levels.
jsing [Sat, 6 Feb 2021 07:33:27 +0000 (07:33 +0000)]
Test reads and writes between the client and server.
tb [Sat, 6 Feb 2021 06:19:28 +0000 (06:19 +0000)]
Use message_set() instead of direct assignment to curr_message
to avoid leaking the current help text.
from Anindya Mukherjee
dtucker [Fri, 5 Feb 2021 22:03:40 +0000 (22:03 +0000)]
Roll back the hostname->uname change in rev 1.10. It turns out
uname -n doesn't do what we need for some platforms in portable,
so we'll fix the original problem (that some other platforms don't
have hostname at all) by providing wrapper function to implement
it.
jcs [Fri, 5 Feb 2021 17:59:33 +0000 (17:59 +0000)]
disable autovol by default and set default volume to 127
The previous behavior of automatically decreasing playback volume
when new programs start playing can be achieved with '-w on'.
ok ratchov, patrick
bluhm [Fri, 5 Feb 2021 16:47:48 +0000 (16:47 +0000)]
Fix whitespace.
deraadt [Fri, 5 Feb 2021 16:24:55 +0000 (16:24 +0000)]
sync
mglocker [Fri, 5 Feb 2021 14:19:21 +0000 (14:19 +0000)]
Remove the terrible_ping_kludge() workaround. We have committed a fix to
the USB stack in the meantime for uhidev(4) and ugen(4) to resolve the data
toggle issue in relation to xhci(4).
ok gnezdo@, djm@
bluhm [Fri, 5 Feb 2021 14:12:17 +0000 (14:12 +0000)]
Setup two pair(4) and one lo(4) interface in different routing
domains and with different interface MTU. Test that packet flow
and TCP path MTU discovery works.
nicm [Fri, 5 Feb 2021 12:29:18 +0000 (12:29 +0000)]
Send Unicode directional isolate characters around horizontal pane
borders if the terminal support UTF-8 and an extension terminfo(5)
capability "Bidi" is present. On terminals with BiDi support (ie, VTE)
this seems to be enough to display right-to-left text acceptably enough
to be usable (with some caveats about the mouse position). Requested by
and with help from Mahmoud Elagdar in GitHub issue 2425.
claudio [Fri, 5 Feb 2021 12:26:52 +0000 (12:26 +0000)]
Remove the not so periodic stats from rpki-client. The output is not very
useful and the way it works is a bit strange.
OK job@ tb@
nicm [Fri, 5 Feb 2021 12:23:49 +0000 (12:23 +0000)]
Add a -S flag to new-window to make it select the existing window if one
with the given name already exists rather than failing with an error.
Also add a format to check if a window or session name exists which
allows the same with other commands. Requested by and discussed with
kn@.
martijn [Fri, 5 Feb 2021 10:30:45 +0000 (10:30 +0000)]
Introduce a transaction id. This is currently mostly a dummy-variable, but
will later on be needed for when we reintroduce agentx master support.
feedback and OK dlg@, rob@
mglocker [Fri, 5 Feb 2021 08:17:22 +0000 (08:17 +0000)]
Prevent that when ugen(4) tries to set an alternative configuration
descriptor (usually doesn't happen), that we continue to use an outdated
cdesc pointer which still refers to the previous cdesc. Instead update
the cdesc pointer to the new configuration descriptor.
Reported by Thomas Jeunet <cleptho AT gmail DOT com>
ok phessler@
dtucker [Fri, 5 Feb 2021 06:01:58 +0000 (06:01 +0000)]
hostname is not specified by POSIX but uname -n is, so use the latter for
portability. Patch from Geert Hendrickx via github PR#208.
dtucker [Fri, 5 Feb 2021 02:20:23 +0000 (02:20 +0000)]
Remove debug message from sigchld handler. While this works on OpenBSD
it can cause problems on other platforms. From kircherlike at outlook.com
via bz#3259, ok djm@
patrick [Fri, 5 Feb 2021 00:42:25 +0000 (00:42 +0000)]
arm_intr_establish_fdt() has long been renamed to fdt_intr_establish().
patrick [Fri, 5 Feb 2021 00:25:19 +0000 (00:25 +0000)]
Fix CVS tag.
patrick [Fri, 5 Feb 2021 00:13:37 +0000 (00:13 +0000)]
Fix whitespace.
patrick [Fri, 5 Feb 2021 00:08:26 +0000 (00:08 +0000)]
Rename probe/attach functions to fit our regular naming scheme. Replace
&armv7_bs_tag with fdt_cons_bs_tag, which is our early console bus tag
for both arm64 and armv7. On armv7, it points to &armv7_bs_tag. With
this we can get rid of the armv7var.h include. Reduce a bit of diff to
imxuart(4).
ok kettenis@
patrick [Fri, 5 Feb 2021 00:05:20 +0000 (00:05 +0000)]
Move exuart(4) to sys/dev/fdt so it can be shared between arm64 and armv7.
ok kettenis@
patrick [Thu, 4 Feb 2021 23:36:31 +0000 (23:36 +0000)]
exuart(4) does not need to include exclockvar.h. The header seems to only
provide a function for the I2C clock frequency, used by exiic(4).
patrick [Thu, 4 Feb 2021 23:28:20 +0000 (23:28 +0000)]
Tedu exuartvar.h, which has not been needed since we switched to the "new
way" of attaching the console.
patrick [Thu, 4 Feb 2021 23:23:23 +0000 (23:23 +0000)]
Add missing CVS tag.
patrick [Thu, 4 Feb 2021 22:40:45 +0000 (22:40 +0000)]
sync
patrick [Thu, 4 Feb 2021 22:40:04 +0000 (22:40 +0000)]
Tedu unnecessary imxuartvar.h.
ok kettenis@
sthen [Thu, 4 Feb 2021 22:12:03 +0000 (22:12 +0000)]
remove the suggestion to permit pkg_add with doas "nopass" when doing
ports dev work.
if you are able to run pkg_add as root without a password, your account
is root-equivalent.
typing the password multiple times is a pain but if somebody is going to
choose to weaken their local security in this way, it should be their
own decision and not something they have read in a manpage.
ok tb@ thfr@