dlg [Fri, 9 Jan 2015 11:25:05 +0000 (11:25 +0000)]
document the chips we support. lots of raid controllers use them
and im too lazy to find out what they are or list them all.
stsp [Fri, 9 Jan 2015 11:19:12 +0000 (11:19 +0000)]
Document that ftp-proxy breaks explicit RFC4217 FTP TLS. While here,
chroot and privdrop is a feature, not a bug, so move it out of CAVEATS.
ok sthen
yasuoka [Fri, 9 Jan 2015 11:17:29 +0000 (11:17 +0000)]
Add support DIOC{G,S}CACHE to mfi(4). Cache of disk on mfi(4) will
be enabled by default. Also if the controller doesn't have any RAM,
the cache on the physical disk will be enabled.
discuss with jsg tsubai
ok dlg
jsg [Fri, 9 Jan 2015 09:35:20 +0000 (09:35 +0000)]
regen
jsg [Fri, 9 Jan 2015 09:34:07 +0000 (09:34 +0000)]
add rate matching hubs seen on a C610 system
gilles [Fri, 9 Jan 2015 08:28:02 +0000 (08:28 +0000)]
rename a variable to avoid a warning
spotted by deraadt@
henning [Fri, 9 Jan 2015 08:09:39 +0000 (08:09 +0000)]
move the ignore-microsec-timestamp bit from mrt_parse to mrt_parse_dump_mp
fixes a coredump reachable via show mrt file
From: Benjamin Baier <programmer at netzbasis dot de>, ok claudio
deraadt [Fri, 9 Jan 2015 07:35:37 +0000 (07:35 +0000)]
remove excessive/wrong use of sys/param.h
peanuts -- but all work has to start somewhere.
jsg [Fri, 9 Jan 2015 07:29:45 +0000 (07:29 +0000)]
match on C610
jsg [Fri, 9 Jan 2015 07:28:14 +0000 (07:28 +0000)]
regen
jsg [Fri, 9 Jan 2015 07:27:25 +0000 (07:27 +0000)]
Add some Intel Xeon E5 v3 and C610/X99 ids.
tedu [Fri, 9 Jan 2015 05:04:22 +0000 (05:04 +0000)]
save the bufq pointer from the buf before we turn it loose so it won't
change on us. also, remove unused second arg to bufq_wait.
from pedro at bitrig via david hill.
ok beck kettenis
tedu [Fri, 9 Jan 2015 05:01:56 +0000 (05:01 +0000)]
rename desiredvnodes to initialvnodes. less of a lie. ok beck deraadt
tedu [Fri, 9 Jan 2015 04:59:54 +0000 (04:59 +0000)]
correctly handle no timeouts and make timeout handling in general better.
problem reported by Mages Simon
ok guenther
mlarkin [Fri, 9 Jan 2015 03:43:52 +0000 (03:43 +0000)]
Cleanup some macros and #defines in i386 pmap. Previously committed and
backed out because of libkvm breakage, recommitting now with libkvm fix.
ok deraadt@
dlg [Fri, 9 Jan 2015 03:34:40 +0000 (03:34 +0000)]
implement mfii_scsi_cmd_io for handling actual io. previously i got
away with being lazy and just passing everything to the vanilla
scsi cdb path.
sending io via the cdb path with chained sgls seems to trigger a
firmware fault on the new invader boards. sending the same io via
the ldio path works fine though.
tested on invader and thunderbolt boards:
mfii0 at pci1 dev 0 function 0 "Symbios Logic MegaRAID SAS3108" rev 0x02: msi
mfii0: "PERC H730 Mini", firmware 25.2.1.0037, 1024MB cache
mfii0 at pci1 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi
mfii0: "PERC H710 Mini", firmware 21.3.0-0009, 512MB cache
ok jmatthew@
lteo [Fri, 9 Jan 2015 03:32:58 +0000 (03:32 +0000)]
Add test suites for SHA-224 and SHA-384.
Relevant lines from testsuite.sha224 were verified against the test vectors in
RFC 3874, while testsuite.384 was verified against
https://www.cosic.esat.kuleuven.be/nessie/testvectors/hash/sha/Sha-2-384.unverified.test-vectors
ok millert@
millert [Thu, 8 Jan 2015 22:10:08 +0000 (22:10 +0000)]
Avoid a crash (free of bogus pointer) when there is a syntax error
reading the config socket by clearing the entire blacklist struct
instead of just the tag string. Also avoid holes in the blacklist
array on error since the code can't cope with them. OK beck@
bluhm [Thu, 8 Jan 2015 20:22:47 +0000 (20:22 +0000)]
Use the field f_file also for the forwarding file descriptor. Remove
the special f_fd field. Also remove an useless F_FORWUDP case.
test and OK jasper@
tedu [Thu, 8 Jan 2015 18:07:35 +0000 (18:07 +0000)]
increase namecache size to follow maxvnodes. seems better than desiredvnodes.
(accuracy of variable names, aside)
ok kettenis
florian [Thu, 8 Jan 2015 17:21:01 +0000 (17:21 +0000)]
Clear autoconf6 flag after autoconf6 cleanup happened, not before.
Otherwise clean up code will never run.
OK mpi@, benno@, henning@
mpi [Thu, 8 Jan 2015 15:05:44 +0000 (15:05 +0000)]
Include the Routing Table ID in "struct rtentry" and reorder the fields
such that there's no size change on, at least, amd64.
This will allow us to simplify some APIs and deprecate the remaining
flavors of "struct route".
ok claudio@, phessler@
mpi [Thu, 8 Jan 2015 14:29:18 +0000 (14:29 +0000)]
Factorize various duplicated chunks of (old and horrible) code, checking
for the validity of a given outgoing route entry into a single function.
This change is inspired from FreeBSD r111767. The function introduced
here, rt_checkgate(), should hopefully die in a near future. Why should
it die? Well, it is way too late to do such validity checks: if your
kernel can ends up in ether_output() with an invalid route, please do
not let it try to find a new one that might do the job.
Go read this function if you're wondering why you're getting messages
like:
"arpresolve: X.X.X.X: route without link local address"
Since this horrible logic has survived 20 years of copy & past and small
modifications for workarounds without a single clear commit message, let's
assume it is full of dragons and try to play safe. This factorization is
not intended to change any behavior.
With much inputs from bluhm@, tested by weerd@ and florian@ on setups
with p2p IPv6 interfaces.
ok bluhm@, benno@, florian@
djm [Thu, 8 Jan 2015 13:44:36 +0000 (13:44 +0000)]
fix ssh_config FingerprintHash evaluation order; from Petr Lautrbach
ajacoutot [Thu, 8 Jan 2015 13:29:34 +0000 (13:29 +0000)]
"default" is gone.
djm [Thu, 8 Jan 2015 13:10:58 +0000 (13:10 +0000)]
adjust for sshkey_load_file() API change
doug [Thu, 8 Jan 2015 11:08:50 +0000 (11:08 +0000)]
Convert spkac.c to the new option handling code.
input + ok jsing@
doug [Thu, 8 Jan 2015 11:06:12 +0000 (11:06 +0000)]
Convert pkcs8.c to the new option handling code.
Minor KNF in a few places too.
input + ok jsing@
doug [Thu, 8 Jan 2015 11:00:12 +0000 (11:00 +0000)]
Convert asn1pars.c to the new option handling.
Also, removed a few useless if null checks.
input from bcook@
input + ok jsing@
mpi [Thu, 8 Jan 2015 10:55:45 +0000 (10:55 +0000)]
Do not unconditionally set a link-local address.
carp(4) has a hack to update its Ethernet address which was also
generating the corresponding IPv6 link-local address. Since the
removal of the NOINET6 flag, this link-local address was generated
even if no IPv6 address has been configured on the interface.
This unbreak carp setup without v6 addresses, found the hard way by
sebastia@.
ok sebastia@, benno@, stsp@, @phessler
djm [Thu, 8 Jan 2015 10:15:45 +0000 (10:15 +0000)]
reorder hostbased key attempts to better match the default
hostkey algorithms order in myproposal.h; ok markus@
djm [Thu, 8 Jan 2015 10:14:08 +0000 (10:14 +0000)]
deprecate key_load_private_pem() and sshkey_load_private_pem()
interfaces. Refactor the generic key loading API to not require
pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes
ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
ajacoutot [Thu, 8 Jan 2015 09:03:26 +0000 (09:03 +0000)]
Clarify and simplify.
yasuoka [Thu, 8 Jan 2015 07:34:05 +0000 (07:34 +0000)]
Count number of sessions correctly.
bcook [Thu, 8 Jan 2015 05:34:21 +0000 (05:34 +0000)]
log as LOG_DAEMON in log_init again.
I mirrored from smtpd a little too literally.
deraadt [Thu, 8 Jan 2015 03:41:14 +0000 (03:41 +0000)]
missing , found by Dongsheng Song
doug [Thu, 8 Jan 2015 01:44:29 +0000 (01:44 +0000)]
Avoid a double-free in an error path.
ok jsing@ beck@
deraadt [Thu, 8 Jan 2015 01:28:56 +0000 (01:28 +0000)]
declare a local version of MIN(), call it MINIMUM()
(sorry, my other changes were accidentally premature)
brad [Thu, 8 Jan 2015 00:49:18 +0000 (00:49 +0000)]
Use the correct config registers for the RTL8139 family. Unlike the RTL8169
and RTL8168 family, the RTL8139 has different register map for config registers.
From FreeBSD
WoL bits reviewed and tested by stsp@
bcook [Thu, 8 Jan 2015 00:30:08 +0000 (00:30 +0000)]
sync log.c from smtpd.
Reduces the number of log.c snowflakes by a little, and gives ntpd a
variadic fatal() function to be used later.
ok deraadt@
deraadt [Thu, 8 Jan 2015 00:30:07 +0000 (00:30 +0000)]
declare a local version of MIN(), call it MINIMUM()
bcook [Thu, 8 Jan 2015 00:25:47 +0000 (00:25 +0000)]
use the correct format string for refid
ok deraadt@
deraadt [Wed, 7 Jan 2015 21:34:23 +0000 (21:34 +0000)]
Do not need sys/param.h
tedu [Wed, 7 Jan 2015 19:53:34 +0000 (19:53 +0000)]
bcallah noticed the ifndef guard for headers was wrong. don't fix, just
remove it, and put these includes up with their friends.
rpe [Wed, 7 Jan 2015 19:31:51 +0000 (19:31 +0000)]
Cleanup network config after fetching the responsefile. This enables
automatic upgrades on systems with trunk interfaces.
OK krw@
rpe [Wed, 7 Jan 2015 19:20:53 +0000 (19:20 +0000)]
Fix get_ifdevs() - don't filter vlan interfaces.
OK krw@
gilles [Wed, 7 Jan 2015 18:28:12 +0000 (18:28 +0000)]
fix ctype casting bug spotted by Jonas 'Sortie' Termansen
tedu [Wed, 7 Jan 2015 18:15:07 +0000 (18:15 +0000)]
workaround for the Meyer, et al, Bleichenbacher Side Channel Attack.
fake up a bignum key before RSA decryption.
discussed/ok djm markus
ajacoutot [Wed, 7 Jan 2015 17:15:47 +0000 (17:15 +0000)]
Tweaks from jmc@
millert [Wed, 7 Jan 2015 17:08:21 +0000 (17:08 +0000)]
It is the copy command that is abbreviated as 'c', not chdir.
Also document that cd is an alias for chdir. From Kaspars Bankovskis.
millert [Wed, 7 Jan 2015 17:01:39 +0000 (17:01 +0000)]
Document the '=' command; from trondd at gmail
reyk [Wed, 7 Jan 2015 16:57:17 +0000 (16:57 +0000)]
SVG is common enough to add it to the default types.
dcoppa [Wed, 7 Jan 2015 16:52:05 +0000 (16:52 +0000)]
Sync rxvt-unicode's terminfo entry with rxvt-unicode-9.21:
- Updated: Marc Lehmann <schmorp@schmorp.de>, 24 Nov 2014: implement cvvis as blinking cursor
- Updated: Marc Lehmann <schmorp@schmorp.de>, 13 Dec 2014: removed superfluous 0 from sgr
ok nicm@
naddy [Wed, 7 Jan 2015 16:08:50 +0000 (16:08 +0000)]
updates for Serbia and Montenegro, from Zeljko Jovanovic
tedu [Wed, 7 Jan 2015 16:05:28 +0000 (16:05 +0000)]
stupid me. need errno.h
tedu [Wed, 7 Jan 2015 15:46:23 +0000 (15:46 +0000)]
set errno = EINVAL for invalid salts and hashes in most functions.
remember to set EACCES in bcrypt_checkpass for hash differences.
the higher level crypt_checkpass function will reset errno to EACCES in
all cases, which is probably the right behavior, but this change gives code
working with the lower level functions the correct errno if they care.
deraadt [Wed, 7 Jan 2015 15:44:47 +0000 (15:44 +0000)]
sync
naddy [Wed, 7 Jan 2015 15:41:48 +0000 (15:41 +0000)]
5.8 packages key
schwarze [Wed, 7 Jan 2015 12:19:17 +0000 (12:19 +0000)]
Bugfix: When the invocation of a user-defined macro follows a roff
conditional request on the same input line, don't skip the first few
bytes of its content.
reyk [Wed, 7 Jan 2015 11:04:29 +0000 (11:04 +0000)]
Relax configuration list parsing to allow multi-line blocks for tls,
root, tcp etc.
Based on a diff from Nathanael Rensen.
OK florian@
ajacoutot [Wed, 7 Jan 2015 10:44:14 +0000 (10:44 +0000)]
Start tweaking a bit.
mpi [Wed, 7 Jan 2015 10:32:13 +0000 (10:32 +0000)]
Only MS IntelliMouse have a Z axis, prevent a false positive triggered
by -Wuninitialized reported by jsg@.
ok stsp@
florian [Wed, 7 Jan 2015 10:29:22 +0000 (10:29 +0000)]
Bump example pubkey filenames for 5.7
OK benno@
dlg [Wed, 7 Jan 2015 10:26:48 +0000 (10:26 +0000)]
use the same trick as mpii for posting the request descriptor with
a single 64bit write on lp64 archs, instead of two sequenced 32bit
writes. cos the 64bit store is atomic, we dont need the mutex
around it either.
yasuoka [Wed, 7 Jan 2015 07:49:18 +0000 (07:49 +0000)]
Fix impi(4) to make watchdog work and not to panic.
diff from uebayasi jsg
ok uebayasi
dlg [Wed, 7 Jan 2015 04:56:56 +0000 (04:56 +0000)]
replace bcopy with memcpy. still cant see the bug im looking for.
dlg [Wed, 7 Jan 2015 04:46:18 +0000 (04:46 +0000)]
i may as well turn bzero into memset while i am busy not having
luck finding my bug.
bcook [Wed, 7 Jan 2015 01:15:57 +0000 (01:15 +0000)]
mix in more virtual memory and process information
deraadt [Wed, 7 Jan 2015 00:40:57 +0000 (00:40 +0000)]
sync
bluhm [Tue, 6 Jan 2015 23:11:23 +0000 (23:11 +0000)]
Backout revision 1.37. Setting ev->ev_pncalls to NULL results in
a use after free if the callback has freed the ev. With F in
malloc.conf both tmux and the regression tests triggered a segmentation
fault.
OK nicm@
deraadt [Tue, 6 Jan 2015 22:19:36 +0000 (22:19 +0000)]
mips64 architectures moving to static PIE
deraadt [Tue, 6 Jan 2015 22:14:53 +0000 (22:14 +0000)]
add 5.8 base key
sthen [Tue, 6 Jan 2015 22:05:51 +0000 (22:05 +0000)]
firmware key for 5.8
sthen [Tue, 6 Jan 2015 21:34:27 +0000 (21:34 +0000)]
add Medion Mobile S4222; Ingo Feinerer
stsp [Tue, 6 Jan 2015 21:26:46 +0000 (21:26 +0000)]
Remove the NOINET6 interface flag, a left-over from the times when IPv6
was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable
an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment
still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet.
ok stsp, benno, mpi
nicm [Tue, 6 Jan 2015 21:14:42 +0000 (21:14 +0000)]
Revert to r1.16 since this is still clearly broken and I can't see how
right now.
bcook [Tue, 6 Jan 2015 21:08:11 +0000 (21:08 +0000)]
add initial HP-UX getentropy/arc4random support.
patch from Kinichiro Inoguchi, tested on HP-UX 11.31
ok deraadt@
stsp [Tue, 6 Jan 2015 17:55:28 +0000 (17:55 +0000)]
Make httpd return "404 not found" if an intermediate component of a requested
file path does not exist rather than returning "500 internal server error".
ok reyk
reyk [Tue, 6 Jan 2015 17:48:04 +0000 (17:48 +0000)]
I missed one goto abort instead of free(line).
Found by Fabian Raetz at gmail
armani [Tue, 6 Jan 2015 17:27:58 +0000 (17:27 +0000)]
We do not support freeing memory using reqbufs with a zero size so
return EINVAL in this case.
Also change an easily triggerable panic by a printf and return EINVAL.
Reminded by brad@, one typo spotted by sthen@ and ok mpi@
ajacoutot [Tue, 6 Jan 2015 14:48:59 +0000 (14:48 +0000)]
Simplify special vars argument checking; invalidating some bogus constructs
in the process.
reyk [Tue, 6 Jan 2015 14:07:48 +0000 (14:07 +0000)]
Only open a socket once for each unique "listen on" statement. This
prevents running out of file descriptors when loading a configuration
with many aliases.
OK florian@
reyk [Tue, 6 Jan 2015 13:48:15 +0000 (13:48 +0000)]
Instead of calling free(line) in each error case, call it once in fail:.
From Fabian Raetz at gmail
reyk [Tue, 6 Jan 2015 13:38:59 +0000 (13:38 +0000)]
Return "400 Bad Request" instead of "500 Internal Server Error" for
unknown/invalid HTTP requests.
From Fabian Raetz at gmail
dlg [Tue, 6 Jan 2015 12:50:47 +0000 (12:50 +0000)]
when we're entering an interrupt handler, record its ipl so splassert
can check if we're entering code we think should only be used from
lower ipls.
modelled a bit on how sparc64 does things.
with help from and ok kettenis@
ajacoutot [Tue, 6 Jan 2015 12:49:55 +0000 (12:49 +0000)]
While on death-row, 'rcctl status' still is still allowed for now -- so
make its output match the older one.
ajacoutot [Tue, 6 Jan 2015 12:28:56 +0000 (12:28 +0000)]
Sync with new rcctl usage. Will get some much needed love within the next
few days.
ajacoutot [Tue, 6 Jan 2015 12:27:42 +0000 (12:27 +0000)]
Rename some internal variables (flag and flags is way too error-prone):
flag -> var
flags -> args
deraadt [Tue, 6 Jan 2015 11:58:29 +0000 (11:58 +0000)]
sync
ajacoutot [Tue, 6 Jan 2015 11:47:50 +0000 (11:47 +0000)]
Major rcctl(8) rewrite to simplify it and add new features. It can now
configure "user" and "timeout". Committing now because there's been no
release yet including rcctl(8) so it's easier to modify its usage.
Usage extended (*retaining full backward compatibility for now*) to:
rcctl set|get|getdef foobar [flags|user|timeout|status]
The followings will be dropped soon but not right now to give people
time to adjust:
rcctl enable sshd flags # 'enable' takes no flags, use 'rcctl set ...'
rcctl status sshd # use 'rcctl get sshd [flags|status|timeout|user]'
rcctl default sshd # use 'rcctl getdef sshd [flags|status|timeout|user]'
rcctl status # use 'rcctl getall'
Man page changes will come soon. Make sure you have an up-to-date rc.subr.
discussed with schwarze@ robert@ jasper@ sthen@
"love the idea" jasper@
ok schwarze@
bluhm [Tue, 6 Jan 2015 11:42:37 +0000 (11:42 +0000)]
Apply commit
e0e6958aa074a7714cd7c4aa779a1dfede3a03b1 from upstream.
- Avoid deadlock when activating signals. Fixes bug
3048812.
Based on patch by Nicholas Marriott.
The deadlock was ultimately fixed in a different way (by disabling
reinit - see event.c r1.25). Add it now for consistency but without
the Windows compatibility code. Convert the fnctl() calls to
SOCK_CLOEXEC | SOCK_NONBLOCK to simplify the code.
OK nicm@
bluhm [Tue, 6 Jan 2015 11:27:35 +0000 (11:27 +0000)]
Apply commit
2d8cf0b720cdd5f9f292f174a10ff74e62a380ec from upstream.
- Defensive programming to prevent (hopefully impossible) stack-stomping
OK nicm@
mpi [Tue, 6 Jan 2015 10:42:16 +0000 (10:42 +0000)]
Support for MEDION S4222 which needs another funky umass quirk. From
Ingo Feinerer.
mpi [Tue, 6 Jan 2015 10:39:06 +0000 (10:39 +0000)]
regen
mpi [Tue, 6 Jan 2015 10:38:36 +0000 (10:38 +0000)]
MediaTek Inc. from Ingo Feinerer.
gilles [Tue, 6 Jan 2015 10:31:09 +0000 (10:31 +0000)]
move the message parser init earlier to avoid a possible use after free in
an unlikely error code path
gilles [Tue, 6 Jan 2015 09:32:13 +0000 (09:32 +0000)]
fix whitespace and indentation, by Kyle Milz
nicm [Tue, 6 Jan 2015 09:12:53 +0000 (09:12 +0000)]
Unzoom before kill, from Thomas Adam.
nicm [Tue, 6 Jan 2015 09:12:02 +0000 (09:12 +0000)]
Add missing default bindings, from Theo Buehler.
brad [Tue, 6 Jan 2015 04:05:43 +0000 (04:05 +0000)]
Always enable the receive filter. It was being enabled via sis_init()
but not if calling sis_iff() via sis_ioctl().