deraadt [Wed, 17 Jun 2015 03:59:12 +0000 (03:59 +0000)]
stray char jumped in
deraadt [Wed, 17 Jun 2015 03:49:29 +0000 (03:49 +0000)]
delete completely bogus (floating? was there an old variable decl
in the past?) comment about FILEC
noted by Peter Brottveit Bock
deraadt [Wed, 17 Jun 2015 03:48:21 +0000 (03:48 +0000)]
remove -DFILEC; code does not compile for the -UFILEC case, and anyways,
who wants csh without FILEC??
from Peter Brottveit Bock, but redone using unifdef
uebayasi [Wed, 17 Jun 2015 03:04:50 +0000 (03:04 +0000)]
Set FUNC symbol sizes of auto-generated and hand-written syscall wrappers.
Original diff from guenther@, adjusted by me.
OK guenther@
miod [Tue, 16 Jun 2015 20:30:24 +0000 (20:30 +0000)]
Typos in comments; Ville Valkonen
miod [Tue, 16 Jun 2015 20:25:35 +0000 (20:25 +0000)]
Do not provide extra _fdata and __data_start symbols; nothing in the non-mips32
world uses them.
miod [Tue, 16 Jun 2015 18:28:51 +0000 (18:28 +0000)]
alloc_contiguous_pages() is supposed to round the allocation size to a page
boundary, not to an u area boundary. Oops.
miod [Tue, 16 Jun 2015 18:24:38 +0000 (18:24 +0000)]
Clear the PIC `write request' memory at initialization time. There is
apparently a risk of spurious parity errors if we don't.
mpi [Tue, 16 Jun 2015 11:17:02 +0000 (11:17 +0000)]
Sync with recent changes.
mpi [Tue, 16 Jun 2015 11:09:39 +0000 (11:09 +0000)]
Store a unique ID, an interface index, rather than a pointer to the
receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
doug [Tue, 16 Jun 2015 06:37:58 +0000 (06:37 +0000)]
Be more strict about BER and DER terminology.
bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like
encoding with one violation (indefinite form) to strict DER. Rename
the functions to reflect this.
ok miod@ jsing@
doug [Tue, 16 Jun 2015 06:11:39 +0000 (06:11 +0000)]
Simplify cbs_get_any_asn1_element_internal based on comments from jsing@
jsg [Tue, 16 Jun 2015 05:08:55 +0000 (05:08 +0000)]
Add a uslcom id for the Netgear M7100 console from Andrew Daugherity.
Add some additional uslcom ids found in the Linux driver while here.
jsg [Tue, 16 Jun 2015 05:07:54 +0000 (05:07 +0000)]
regen
jsg [Tue, 16 Jun 2015 05:07:25 +0000 (05:07 +0000)]
Add a uslcom id for the Netgear M7100 console from Andrew Daugherity.
Add some additional uslcom ids found in the Linux driver while here.
doug [Tue, 16 Jun 2015 02:27:24 +0000 (02:27 +0000)]
Add support for OPTION_DISCARD.
ok jsing@
jmc [Mon, 15 Jun 2015 22:39:14 +0000 (22:39 +0000)]
put -F before -f in the options list;
bluhm [Mon, 15 Jun 2015 21:44:57 +0000 (21:44 +0000)]
Rework how fstat and ktrace pattern are specified in the test
arguments. Add tests to check wether syslogd privsep works. This
is done for debug and foreground and daemon mode. Fstat is checked
for chroot and sockets. Ktrace dump is grepped for setting uid and
gid.
bluhm [Mon, 15 Jun 2015 21:42:15 +0000 (21:42 +0000)]
Implement a -F switch, that tells syslogd to stay in foreground.
OK benno@; input millert@; no objections deraadt@
jsing [Mon, 15 Jun 2015 18:44:22 +0000 (18:44 +0000)]
If AuthorizedPrincipalsCommand is specified, however
AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
potentially fail due to key_cert_check_authority() failing to locate a
principal that matches the username, even though an authorized principal
has already been matched in the output of the subprocess. Fix this by using
the same logic to determine if pw->pw_name should be passed, as is used to
determine if a authorized principal must be matched earlier on.
ok djm@
jsing [Mon, 15 Jun 2015 18:42:19 +0000 (18:42 +0000)]
Make the arguments to match_principals_command() similar to
match_principals_file(), by changing the last argument a
struct sshkey_cert * and dereferencing key->cert in the caller.
No functional change.
ok djm@
miod [Mon, 15 Jun 2015 17:01:04 +0000 (17:01 +0000)]
Don't error out when an existing typedef is redefined with the same definition;
this is allowed in C11 and 3rd-party software is relying upon this to be
accepted by the compiler.
Nevertheless warn about this if -pedantic.
ok ajacoutot@ deraadt@ millert@
mpi [Mon, 15 Jun 2015 16:46:21 +0000 (16:46 +0000)]
Bring back r1.78 and r1.79, now that ajactouto@'s regression has
been found: it was a hardware failure.
When a bus is explored, do not probe the ports which status hasn't
changed. This saves a lot of I/O when attaching/detaching devices
and might help with some timing related problems.
mpi [Mon, 15 Jun 2015 15:55:08 +0000 (15:55 +0000)]
Fix a double free in the destroy path triggered when a second process,
in my case dhclient(8), races with ifconfig(8) to free the descriptors
of the joined multicast groups.
While here reduce the difference with carp(4).
ok dms@
mpi [Mon, 15 Jun 2015 15:45:28 +0000 (15:45 +0000)]
Set the length of isochronous transfers as the sum of the frames lengths.
This reduces differences between non-isoch and isoch transfers submissions,
makes the generic DMA buffer overrun check work with isoch transfers and
will allow some code simplifications in HC drivers.
Since short-transfers were never checked for isoch transfers, we now need to
pass the USBD_SHORT_XFER_OK flag to not change this behavior. This might be
revisited later.
ok ratchov@
millert [Mon, 15 Jun 2015 15:38:04 +0000 (15:38 +0000)]
Update to tzdata2015e from ftp.iana.org
millert [Mon, 15 Jun 2015 14:29:52 +0000 (14:29 +0000)]
get_val() already frees the buffer passed to it so we don't need to
do it in the caller.
mikeb [Mon, 15 Jun 2015 13:26:48 +0000 (13:26 +0000)]
Use proper argument type for crp_callback functions; no functional change.
mikeb [Mon, 15 Jun 2015 12:59:37 +0000 (12:59 +0000)]
No need for an extra local variable; no functional change.
mikeb [Mon, 15 Jun 2015 12:37:37 +0000 (12:37 +0000)]
Use proper argument type for crp_callback functions; no functional change.
nicm [Mon, 15 Jun 2015 10:58:01 +0000 (10:58 +0000)]
Add window_activity format, from Thomas Adam based on a diff originally
from propos6 at gmail dot com.
florian [Mon, 15 Jun 2015 09:25:22 +0000 (09:25 +0000)]
hook up chmod
florian [Mon, 15 Jun 2015 09:24:49 +0000 (09:24 +0000)]
oops
florian [Mon, 15 Jun 2015 09:23:12 +0000 (09:23 +0000)]
First stab at regression test for chmod (and chflags, chgrp and chown
which are the same binary). This is supposed to exercise all syscalls
paths through those tools and not a comprehensive regression test.
sthen [Mon, 15 Jun 2015 08:48:23 +0000 (08:48 +0000)]
document pfctl -ss -R <rule>, ok mikeb@
stsp [Mon, 15 Jun 2015 08:06:11 +0000 (08:06 +0000)]
Remove comments referring to Linux iwlwifi source filenames from iwm(4).
Linux is a moving target so these comments provide little value.
Discussed with kettenis and deraadt.
stsp [Mon, 15 Jun 2015 07:50:44 +0000 (07:50 +0000)]
Make the wifi LED work with iwm(4).
The bad news: Many laptops sold with iwm(4) cards don't have a wifi LED :-(
The good news: Laptops with LEDs and no wifi device white-list in BIOS
actually exist! Tested in one such machine.
ok kettenis@ deraadt@
doug [Mon, 15 Jun 2015 07:35:49 +0000 (07:35 +0000)]
Make CBS_get_any_asn1_element() more compliant with DER encoding.
CBS_get_any_asn1_element violates DER encoding by allowing indefinite
form. All callers except bs_ber.c expect DER encoding. The callers
must check to see if it was indefinite or not.
Rather than exposing all callers to this behavior,
cbs_get_any_asn1_element_internal() allows specifying whether you want to
allow the normally forbidden indefinite form. This is used by
CBS_get_any_asn1_element() for strict DER encoding and by a new static
function in bs_ber.c for the relaxed version.
While I was here, I added comments to differentiate between ASN.1
restrictions and CBS limitations.
ok miod@
djm [Mon, 15 Jun 2015 06:38:50 +0000 (06:38 +0000)]
turn SSH1 back on to match src/usr.bin/ssh being tested
doug [Mon, 15 Jun 2015 05:32:58 +0000 (05:32 +0000)]
Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days.
This commit matches the OpenSSL removal in commit
3c33c6f6b10864355553961e638514a6d1bb00f6.
ok deraadt@
doug [Mon, 15 Jun 2015 05:16:56 +0000 (05:16 +0000)]
Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG.
This was imported into OpenSSL from SSLeay. It was recently deleted
in OpenSSL commit
7a4dadc3a6a487db92619622b820eb4f7be512c9
doug [Mon, 15 Jun 2015 03:32:59 +0000 (03:32 +0000)]
Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG.
This is a hack for an old version of SSLeay which predates OpenSSL.
doug [Mon, 15 Jun 2015 02:57:05 +0000 (02:57 +0000)]
Update SSL_OP_* to remove ancient hacks that are no longer enabled.
djm [Mon, 15 Jun 2015 01:32:50 +0000 (01:32 +0000)]
return failure on RSA signature error; reported by Albert S
deraadt [Mon, 15 Jun 2015 01:10:19 +0000 (01:10 +0000)]
fix regress fallout due to CFLAGS vs CXXFLAGS
deraadt [Sun, 14 Jun 2015 21:50:43 +0000 (21:50 +0000)]
sync
miod [Sun, 14 Jun 2015 19:37:11 +0000 (19:37 +0000)]
Bring a few routines from libkern in order to avoid linking against libgcc.
miod [Sun, 14 Jun 2015 19:08:59 +0000 (19:08 +0000)]
Build required bits from libkern rather than importing them from libgcc.
miod [Sun, 14 Jun 2015 18:33:53 +0000 (18:33 +0000)]
Build __moddi3, __muldi3 and __qdivrem from libkern, and built no-pie, instead
of getting them from libgcc.a, built pie.
This repairs boot blocks operation on sparc, as found the hard way by sebastia@
jsg [Sun, 14 Jun 2015 13:53:49 +0000 (13:53 +0000)]
add some initial vexpress man pages
miod [Sun, 14 Jun 2015 10:55:50 +0000 (10:55 +0000)]
Fix 1.26; kdoprnt() should not attempt to invoke va_end() at all, it's the
caller's responsibility to do so.
nicm [Sun, 14 Jun 2015 10:07:44 +0000 (10:07 +0000)]
Add a format for client PID (client_pid) and server PID (pid). Diff for
client_pid from Thomas Adam.
stsp [Sun, 14 Jun 2015 08:02:47 +0000 (08:02 +0000)]
Implement IQ calibration support for rtwn(4). Lots of black magic involved.
jsg [Sun, 14 Jun 2015 07:34:57 +0000 (07:34 +0000)]
correct the uart irq numbers
ok bmercer@
jsg [Sun, 14 Jun 2015 05:01:31 +0000 (05:01 +0000)]
add a driver for the ARM PrimeCell PL031 RTC
guenther [Sat, 13 Jun 2015 21:41:42 +0000 (21:41 +0000)]
Parse _CST objects and use the C-states they describe when they're sane.
testing by many, particularly krw@ and jcs@
tweaks by kettenis@
ok deraadt@
stsp [Sat, 13 Jun 2015 21:15:23 +0000 (21:15 +0000)]
Busy-wait a short while after sending a command to rtwn(4) firmware.
Fixes selection of initial TX rate. We're not stuck at 1Mbit/s anymore.
nicm [Sat, 13 Jun 2015 20:15:21 +0000 (20:15 +0000)]
Convert xfree to free. From Fritjof Bornebusch. ok deraadt
jasper [Sat, 13 Jun 2015 18:22:57 +0000 (18:22 +0000)]
add miniroot to MDEXT
deraadt [Sat, 13 Jun 2015 16:57:04 +0000 (16:57 +0000)]
in glob() initialize the glob_t before the first failure check.
from j@pureftpd.org
ok millert stsp
jsg [Sat, 13 Jun 2015 09:37:13 +0000 (09:37 +0000)]
Add more encodings of options for the armv7 barrier instructions and
allow non "sy"/0xf options for dmb. This omits the *ld options
available in armv8 running in a32 mode. Similiar changes made in
freebsd.
ok miod@
doug [Sat, 13 Jun 2015 09:24:12 +0000 (09:24 +0000)]
Split up the logic in CBB_flush to separately handle the lengths.
Also, add comments about assuming short-form.
ok miod@, tweak + ok jsing@
doug [Sat, 13 Jun 2015 09:16:42 +0000 (09:16 +0000)]
Explain the ASN.1 restriction that requires extra logic for encoding.
ok miod@ jsing@
doug [Sat, 13 Jun 2015 09:11:57 +0000 (09:11 +0000)]
When initial capacity is 0, always use NULL buffer.
malloc(0) is implementation defined and there's no reason to introduce
that ambiguity here. Added a few cosmetic changes in sizeof and free.
ok miod@ jsing@
doug [Sat, 13 Jun 2015 09:02:45 +0000 (09:02 +0000)]
Add comments about how the CBS constants are constructed.
Also, introduce a few more #defines to make it obvious.
ok miod@ jsing@
doug [Sat, 13 Jun 2015 08:46:00 +0000 (08:46 +0000)]
Reject long-form tags in CBS_peek_asn1_tag.
Currently, CBS only handles short-form tags.
ok miod@ jsing@
doug [Sat, 13 Jun 2015 08:38:10 +0000 (08:38 +0000)]
Fix bad indenting in LibreSSL.
jsg@ noticed that some of the lines in libssl and libcrypto are not
indented properly. At a quick glance, it looks like it has a different
control flow than it really does. I checked the history in our tree and
in OpenSSL to make sure these were simple mistakes.
ok miod@ jsing@
jsg [Sat, 13 Jun 2015 07:16:36 +0000 (07:16 +0000)]
When investigating an uninitialised variable in the armv7 resettodr()
miod pointed out that time_second should be compared to 1 not 0 in the
md resettodr() functions as it is initialised to 1.
ok miod@ deraadt@
bcook [Sat, 13 Jun 2015 02:33:58 +0000 (02:33 +0000)]
Remove unneeded sys/sysctl.h on linux.
This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.
schwarze [Fri, 12 Jun 2015 20:33:06 +0000 (20:33 +0000)]
Add a missing .An macro.
Found by Enrico <Camarda at amnz dot org>
during the BSDCan Doc Sprint.
bluhm [Fri, 12 Jun 2015 19:20:43 +0000 (19:20 +0000)]
Close the lock pipe before dupping /dev/null to stdio.
This works even if the file descriptor is 0 or 1 or 2.
input and OK millert@
mikeb [Fri, 12 Jun 2015 16:10:43 +0000 (16:10 +0000)]
Allow rule ID filter to be specified for show states output
Tweak pfctl to respect the rule ID parameter (-R) specified
along with the show states (-s states) option to filter out
states that are not associated with a given rule from the
output.
ok sthen, benno
mpi [Fri, 12 Jun 2015 15:47:31 +0000 (15:47 +0000)]
Only match devices with a valid configuration.
Most of the WiFi/Ethernet USB adapter only have one configuration and always
use its first interface. In order to improve USB descriptors parsing start
by reducing the number of places where a configuration is set.
Tests & ok stsp@
mpi [Fri, 12 Jun 2015 15:40:06 +0000 (15:40 +0000)]
Remove superfluous splnet() protection.
ok lteo@
reyk [Fri, 12 Jun 2015 14:40:55 +0000 (14:40 +0000)]
To match relayd's style, use an explicit enum with prefixed names for
the states that Claudio introduced. No functional change.
OK claudio@ benno@
mikeb [Fri, 12 Jun 2015 14:18:25 +0000 (14:18 +0000)]
Perform a copy with a memmove for potentially overlapping regions.
Reported and fixed by Sergey Ryazanov <ryazanov ! s ! a at gmail ! com>,
thanks!
stsp [Fri, 12 Jun 2015 13:11:27 +0000 (13:11 +0000)]
Actually trigger iwm_init_task() from iwm_watchdog() as intended to give
recovery after device timeout a chance. Don't mess with the IFF_UP flag
in the watchdog since this isn't done anywhere except intel wifi drivers
which probably copied this pattern amongst each other.
ok kettenis@
stsp [Fri, 12 Jun 2015 09:30:05 +0000 (09:30 +0000)]
Fix rtwn(4) wifi LED support. Tested with rtwn(4) device in Thinkpad X220.
uebayasi [Fri, 12 Jun 2015 09:26:05 +0000 (09:26 +0000)]
Reuse SYSENTRY_HIDDEN() in SYSENTRY(); no functional changes.
schwarze [Fri, 12 Jun 2015 04:51:08 +0000 (04:51 +0000)]
Kill trailing blank; no text change.
Issue found by Tony Sim <y2s1982 at gmail dot com>
during today's BSDCan Doc Sprint.
bluhm [Fri, 12 Jun 2015 00:54:28 +0000 (00:54 +0000)]
If fork fails, print an error message before exit.
OK doug@ djm@
mikeb [Thu, 11 Jun 2015 19:57:38 +0000 (19:57 +0000)]
Remove hzto(9) manual pages and references; OK dlg
gilles [Thu, 11 Jun 2015 19:27:16 +0000 (19:27 +0000)]
local user can cause smtpd to fail by sending invalid imsg to control sock
reyk [Thu, 11 Jun 2015 19:25:53 +0000 (19:25 +0000)]
The correct semantic is to check msgbuf_write() for <= 0, not just < 0.
Fix one occurence in imsg_flush() and clarify it the man page.
Discussed with at least blambert@ jsg@ yasuoka@.
OK gilles@
reyk [Thu, 11 Jun 2015 18:49:09 +0000 (18:49 +0000)]
Use "compliant" header guards by avoiding the reserved '_' namespace.
Pointed out by Markus Elfring
OK mikeb@ millert@
deraadt [Thu, 11 Jun 2015 18:48:10 +0000 (18:48 +0000)]
sync
bluhm [Thu, 11 Jun 2015 17:33:35 +0000 (17:33 +0000)]
Fix CVE-2012-3509, an integer overflow in libiberty, leading to
heap-buffer overflow.
From Sebastian Trahm; OK deraadt@
deraadt [Thu, 11 Jun 2015 17:26:17 +0000 (17:26 +0000)]
In the copyout family of functions, if the address is out of range
ensure the register containing the proc pointer is initialized.
ok miod
mikeb [Thu, 11 Jun 2015 16:04:55 +0000 (16:04 +0000)]
Remove hzto(9) manual pages and references; OK dlg
mikeb [Thu, 11 Jun 2015 16:03:04 +0000 (16:03 +0000)]
Move hzto(9) to the attic; OK dlg
jsing [Thu, 11 Jun 2015 16:02:05 +0000 (16:02 +0000)]
Avoid an infinite loop that can occur when verifying a message with an
unknown hash function OID.
Diff based on OpenSSL.
Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL).
ok doug@ miod@
mikeb [Thu, 11 Jun 2015 16:00:36 +0000 (16:00 +0000)]
Convert from hzto(9) to tvtohz(9); OK dlg
mikeb [Thu, 11 Jun 2015 15:59:17 +0000 (15:59 +0000)]
Move away from using hzto(9); OK dlg
jsing [Thu, 11 Jun 2015 15:58:53 +0000 (15:58 +0000)]
Avoid a potential out-of-bounds read in X509_cmp_time(), due to missing
length checks.
Diff based on changes in OpenSSL.
Fixes CVE-2015-1789.
ok doug@
jsing [Thu, 11 Jun 2015 15:55:28 +0000 (15:55 +0000)]
Avoid an infinite loop that can be triggered by parsing an ASN.1
ECParameters structure that has a specially malformed binary polynomial
field.
Issue reported by Joseph Barr-Pixton and fix based on OpenSSL.
Fixes CVE-2015-1788.
ok doug@ miod@
schwarze [Thu, 11 Jun 2015 12:48:32 +0000 (12:48 +0000)]
Don't do manual whitespace adjustments inside semantic macros,
rather do it before the macros, and get rid of cargo cult escaping.
Both to make the code more robust and less ugly, no output change.
Ugly code reported by TJ at mrsk dot me.
OK jmc@
jmatthew [Thu, 11 Jun 2015 12:30:42 +0000 (12:30 +0000)]
convert sc_sendq into an mbuf_list, and use ph_cookie rather than rcvif to
store the sgl address, allowing rcvif to be removed.
ok mpi@ dlg@ uebayasi@
blambert [Thu, 11 Jun 2015 08:39:51 +0000 (08:39 +0000)]
Avoid double-free in error path by cribbing the HASBUF flag
logic from the rest of the kernel that deals with filename
lookups.
In snaps for some time.
Initially found by jsg@
Prodded by deraadt@
jsg [Thu, 11 Jun 2015 04:38:23 +0000 (04:38 +0000)]
remove uneeded pci includes
sthen [Wed, 10 Jun 2015 21:16:41 +0000 (21:16 +0000)]
breath->breadth