naddy [Fri, 14 Sep 2018 13:49:01 +0000 (13:49 +0000)]
add gapdummy.c to the "clean" target like other generated files
ok visa@ jsg@ phessler@
naddy [Fri, 14 Sep 2018 13:44:18 +0000 (13:44 +0000)]
Pass -L/usr/lib to the linker in preparation for switching to lld, which
does not have a default search path. ok kettenis@ jsg@
naddy [Fri, 14 Sep 2018 13:37:52 +0000 (13:37 +0000)]
Pass CC/CFLAGS/LDFLAGS to the configure script. ok millert@
bluhm [Fri, 14 Sep 2018 12:55:17 +0000 (12:55 +0000)]
In general it is a bad idea to use one random secret for two things.
The inet PCB uses one hash with local and foreign addresses, and
one with local port numbers. Give both hashes separate keys. Also
document the struct fields.
OK visa@
florian [Fri, 14 Sep 2018 10:28:55 +0000 (10:28 +0000)]
No longer needed since the ping/ping6 unification.
Pointed out by Clemens Goessnitzer (clemens AT goessnitzer.info), thanks!
claudio [Fri, 14 Sep 2018 10:23:42 +0000 (10:23 +0000)]
Adjust and extend unit test for as_set after last bgpd commit
OK benno@
claudio [Fri, 14 Sep 2018 10:22:55 +0000 (10:22 +0000)]
Adjust the dummy as_set_match function to new prototype after last bgpd commit
OK benno@
claudio [Fri, 14 Sep 2018 10:22:11 +0000 (10:22 +0000)]
Extend as_set to allow for different sized objects to be added. The only
requirement is that the first value of the struct is a 32bit ID which is
used in the bsearch. This allows to add more than just as numbers to a
set. as_set_match now returns a pointer to this data or NULL if not found.
OK benno@
miko [Fri, 14 Sep 2018 08:45:46 +0000 (08:45 +0000)]
ansify auich_trigger_input() and remove #ifdef around DPRINTF(); ok ratchov@
miko [Fri, 14 Sep 2018 08:37:34 +0000 (08:37 +0000)]
mark some suspend/resume functions always returning zero as void; ok ratchov@
jsg [Fri, 14 Sep 2018 07:25:02 +0000 (07:25 +0000)]
unbreak userland uses of in_pcb.h by including sys/refcnt.h
ok visa@
djm [Fri, 14 Sep 2018 05:26:27 +0000 (05:26 +0000)]
second try, deals properly with missing and private-only keys:
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains (where available) the key filename, its type and fingerprint,
and whether the key is hosted in an agent or a token.
djm [Fri, 14 Sep 2018 04:44:04 +0000 (04:44 +0000)]
revert following; deals badly with agent keys
revision 1.285
date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK;
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
djm [Fri, 14 Sep 2018 04:17:44 +0000 (04:17 +0000)]
garbage-collect moribund ssh_new_private() API.
djm [Fri, 14 Sep 2018 04:17:12 +0000 (04:17 +0000)]
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
bluhm [Thu, 13 Sep 2018 19:53:58 +0000 (19:53 +0000)]
Add reference counting for inet pcb, this will be needed when we
start locking the socket. An inp can be referenced by the PCB queue
and hashes, by a pf mbuf header, or by a pf state key.
OK visa@
jmc [Thu, 13 Sep 2018 16:50:54 +0000 (16:50 +0000)]
missing comma in previous;
sthen [Thu, 13 Sep 2018 16:34:33 +0000 (16:34 +0000)]
Unbreak ramdisks by catching up with the change to use the new libc
uid_from_user() and gid_from_group() instead of the pax-specific
functions in cache.c.
sthen [Thu, 13 Sep 2018 16:19:26 +0000 (16:19 +0000)]
oops, missed the libc.so.XX.a relink file
millert [Thu, 13 Sep 2018 15:23:32 +0000 (15:23 +0000)]
Fix warnings caused by user_from_uid() and group_from_gid() now
returning const char *.
sthen [Thu, 13 Sep 2018 13:59:49 +0000 (13:59 +0000)]
sync
millert [Thu, 13 Sep 2018 12:33:43 +0000 (12:33 +0000)]
Use the new libc uid_from_user() and gid_from_group() instead of
the pax-specific functions in cache.c. OK guenther@
millert [Thu, 13 Sep 2018 12:31:15 +0000 (12:31 +0000)]
Add uid_from_user() and gid_from_group(), derived from pax's cache.c.
It replaces the existing pwcache.c functions user_from_uid(3) and
group_from_gid(3) with the pax equivalents. Adapted from NetBSD
(mycroft) changes from our own pax's cache.c. OK guenther@
mpi [Thu, 13 Sep 2018 12:29:43 +0000 (12:29 +0000)]
Include the size of IPCOMP header when checking for compression.
Problem found and anaylyzed by Romain Gabet, ok markus@
claudio [Thu, 13 Sep 2018 11:25:41 +0000 (11:25 +0000)]
Noticed that the equal case is a bit wrong while adjusting the regress tests.
This is better. There is no need to check for the prefix length p->len.
claudio [Thu, 13 Sep 2018 11:24:30 +0000 (11:24 +0000)]
Adjust after introduction of maxlen
claudio [Thu, 13 Sep 2018 11:18:18 +0000 (11:18 +0000)]
Similar to as-set factor out the code to create a prefix-set into a function.
Makes all a bit nicer and as an added bonus fixes a memory leak.
OK phessler@
claudio [Thu, 13 Sep 2018 11:16:21 +0000 (11:16 +0000)]
ROA entires are allowing to define a prefix with a maxlen.
In the end this is just another way to specify a prefixlen range
and kind of an or-longer case with an upper limit.
So these two prefix statements are equivalent:
prefix 10.0.0.0/8 prefixlen 8 - 24
prefix 10.0.0.0/8 maxlen 24
While there also make 'prefixlen = 17' a OP_RANGE and because of that also
usable in prefix-set tables. Finally adjust printconf.c for those to
changes to print them nicely.
OK phessler@
kettenis [Thu, 13 Sep 2018 09:32:27 +0000 (09:32 +0000)]
In drm_wait_one_vblank() add a delay when we're "cold". Interrupts aren't
enabled at that point, so we cannot wait for one to happen. But having no
delay at all breaks detection of some output connectors.
Thanks to Philippe Meunier for tracking down the issue.
ok millert@, jsg@
kevlo [Thu, 13 Sep 2018 09:28:07 +0000 (09:28 +0000)]
- There's no need to set R92C_HSSI_PARAM2_READ_EDGE for R92C_HSSI_PARAM2(0)
for rtl8188eu
- Fix typo in structure r92c_rom in comment: s/0x8192/0x8129/
- Add id member to struct r88e_rom which identifies eeprom
- Replace magic numbers with something more readable
- Cosmetic tweaking
ok stsp@
djm [Thu, 13 Sep 2018 09:03:20 +0000 (09:03 +0000)]
missed a bit of openssl-1.0.x API in this unittest
mestre [Thu, 13 Sep 2018 07:49:33 +0000 (07:49 +0000)]
When unveil(2) was introduced one break from SYS_access case was removed
here, this adds it back. Noticed by Coverity
1471854.
feedback from semarie@ OK deraadt@
kn [Thu, 13 Sep 2018 06:03:27 +0000 (06:03 +0000)]
Avoid unneeded variable in gen_dynnode()
OK bluhm
djm [Thu, 13 Sep 2018 05:06:51 +0000 (05:06 +0000)]
use only openssl-1.1.x API here too
pd [Thu, 13 Sep 2018 04:23:36 +0000 (04:23 +0000)]
vmd: set irq and vm_id in virtio dev structs on restore
This unbreaks vmctl receive.
ok ccardenas@
miko [Thu, 13 Sep 2018 04:07:20 +0000 (04:07 +0000)]
clarify that config_activate_children() is called unconditionally in *activate().
ok ratchov@
jsg [Thu, 13 Sep 2018 03:55:17 +0000 (03:55 +0000)]
drm/drivers: add support for using the arch wc mapping API.
From Dave Airlie
c59fdc4cfbda52ce081c59540762185d765c3369 in linux 4.4.y/4.4.155
7cf321d118a825c1541b43ca45294126fd474efa in mainline linux
ccardenas [Thu, 13 Sep 2018 03:53:33 +0000 (03:53 +0000)]
Add initial set of unveil's to vmctl.
Was in snaps for a while.
Ok mlarkin@ and reyk@
jsg [Thu, 13 Sep 2018 03:45:08 +0000 (03:45 +0000)]
drm/i915/userptr: reject zero user_size
From Matthew Auld
182e963432d867384f2e55487ec60ca7a9f99cd1 in linux 4.4.y/4.4.155
c11c7bfd213495784b22ef82a69b6489f8d0092f in mainline linux
jsg [Thu, 13 Sep 2018 03:38:15 +0000 (03:38 +0000)]
avoid sequence-point warning with gcc 4.9
ok kettenis@
djm [Thu, 13 Sep 2018 02:08:33 +0000 (02:08 +0000)]
hold our collective noses and use the openssl-1.1.x API in OpenSSH;
feedback and ok tb@ jsing@ markus@
sthen [Wed, 12 Sep 2018 22:17:08 +0000 (22:17 +0000)]
sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=
1439127)
ok danj guenther millert
jmc [Wed, 12 Sep 2018 15:09:22 +0000 (15:09 +0000)]
tweak previous;
kettenis [Wed, 12 Sep 2018 11:59:40 +0000 (11:59 +0000)]
Make this work on arm64.
kettenis [Wed, 12 Sep 2018 11:58:28 +0000 (11:58 +0000)]
Make pmap_protect(9) actually remove exec permission if the new permissions
include PROT_READ but not PROT_EXEC.
ok patrick@
mpi [Wed, 12 Sep 2018 11:24:38 +0000 (11:24 +0000)]
Stop exporting TDB counters to userland, this change introduced a
regression with iked(8).
Reported by Mark Patruck.
krw [Wed, 12 Sep 2018 09:20:34 +0000 (09:20 +0000)]
Fix obvious cut&pasto in comment (ifa_msghdr -> if_announcemsghdr).
ok claudio@
guenther [Wed, 12 Sep 2018 07:00:51 +0000 (07:00 +0000)]
Whitespace fixes
djm [Wed, 12 Sep 2018 06:37:23 +0000 (06:37 +0000)]
sync for libcrypto/libssl/libtls minor bumps; from tb@
djm [Wed, 12 Sep 2018 06:36:15 +0000 (06:36 +0000)]
crank to follow minor crank in libcrypto; ok tb@ jsing@
djm [Wed, 12 Sep 2018 06:35:38 +0000 (06:35 +0000)]
Add some accessor functions:
RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()
feedback and ok jsing@ tb@
djm [Wed, 12 Sep 2018 06:18:59 +0000 (06:18 +0000)]
fix edit mistake; spotted by jmc@
guenther [Wed, 12 Sep 2018 06:12:59 +0000 (06:12 +0000)]
Now that the pmap is more paranoid about some shootdowns (pmap.c rev 1.119),
avoid some TLB flushes by not reloading %cr3 when the value isn't changing.
original diff by and ok mlarkin@
guenther [Wed, 12 Sep 2018 06:09:39 +0000 (06:09 +0000)]
When shooting pages in the KVA range, all pmaps have the page mapped,
not just pmap_kernel() and this CPUs pmap. Meanwhile, when mapping
another pmap's tables, order the locking so that we don't need IPIs
specific to the temp pmap.
tested in snaps for a bit
ok mlarkin@
jsg [Wed, 12 Sep 2018 04:34:59 +0000 (04:34 +0000)]
Move -Wno-address-of-packed-member to the clang block as well and sync
armv7 and i386 with amd64.
ok guenther@
djm [Wed, 12 Sep 2018 01:36:45 +0000 (01:36 +0000)]
Include certs with multiple RSA signature variants in test data
Ensure that cert->signature_key is populated correctly
djm [Wed, 12 Sep 2018 01:34:02 +0000 (01:34 +0000)]
add SSH_ALLOWED_CA_SIGALGS - the default list of signature algorithms
that are allowed for CA signatures. Notably excludes ssh-dsa.
ok markus@
djm [Wed, 12 Sep 2018 01:32:54 +0000 (01:32 +0000)]
add sshkey_check_cert_sigtype() that checks a cert->signature_type
against a supplied whitelist; ok markus
djm [Wed, 12 Sep 2018 01:31:30 +0000 (01:31 +0000)]
add cert->signature_type field and keep it in sync with certificate
signature wrt loading and certification operations; ok markus@
djm [Wed, 12 Sep 2018 01:30:10 +0000 (01:30 +0000)]
Add "ssh -Q sig" to allow listing supported signature algorithms
ok markus@
djm [Wed, 12 Sep 2018 01:23:48 +0000 (01:23 +0000)]
test revocation by explicit hash and by fingerprint
djm [Wed, 12 Sep 2018 01:22:43 +0000 (01:22 +0000)]
s/sshkey_demote/sshkey_from_private/g
djm [Wed, 12 Sep 2018 01:21:34 +0000 (01:21 +0000)]
allow key revocation by SHA256 hash and allow ssh-keygen to create KRLs
using SHA256/base64 key fingerprints; ok markus@
djm [Wed, 12 Sep 2018 01:19:12 +0000 (01:19 +0000)]
log certificate fingerprint in authentication success/failure message
(previously we logged only key ID and CA key fingerprint).
ok markus@
bluhm [Tue, 11 Sep 2018 21:04:03 +0000 (21:04 +0000)]
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also
what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap.
OK mpi@
kettenis [Tue, 11 Sep 2018 20:25:58 +0000 (20:25 +0000)]
Only look for acpi tables if acpi(4) attached. Fixes radeondrm(4) crash
on arm64 when using a device tree.
sthen [Tue, 11 Sep 2018 19:43:15 +0000 (19:43 +0000)]
sync (libc++/libc++abi update)
phessler [Tue, 11 Sep 2018 19:25:54 +0000 (19:25 +0000)]
ues the format string for signed ints, for signed ints
reminded by stsp@
robert [Tue, 11 Sep 2018 18:36:58 +0000 (18:36 +0000)]
define _LIBCXXABI_BUILDING_LIBRARY to avoid the same issues as in libcxx
robert [Tue, 11 Sep 2018 18:32:56 +0000 (18:32 +0000)]
add -Wall to CFLAGS
robert [Tue, 11 Sep 2018 18:31:58 +0000 (18:31 +0000)]
instead of defining _LIBCPP_DEBUG in debug.cpp which enables some debug
code which breaks quiet a few things, define _LIBCPP_BUILDING_LIBRARY
for the complete build to get the needed definitions in debug.cpp without
enabling debug code
robert [Tue, 11 Sep 2018 18:29:53 +0000 (18:29 +0000)]
merge libc++ 6.0.0 (bump lib major); ok patrick@, kettenis@
robert [Tue, 11 Sep 2018 18:18:58 +0000 (18:18 +0000)]
import of libc++ 6.0.0
krw [Tue, 11 Sep 2018 18:16:26 +0000 (18:16 +0000)]
Nuke unused LIST() ieee80211com_head.
ok stsp@
robert [Tue, 11 Sep 2018 18:12:06 +0000 (18:12 +0000)]
merge libc++abi 6.0.0 and bump lib minor; ok patrick@, kettenis@
robert [Tue, 11 Sep 2018 18:06:31 +0000 (18:06 +0000)]
import of libc++abi 6.0.0
robert [Tue, 11 Sep 2018 18:03:05 +0000 (18:03 +0000)]
merge libunwind 6.0.0; ok patrick@, kettenis@
robert [Tue, 11 Sep 2018 17:41:23 +0000 (17:41 +0000)]
import of libunwind 6.0.0
nicm [Tue, 11 Sep 2018 17:31:01 +0000 (17:31 +0000)]
The cursor position is limited to the margins for CUF and CUB, so turn
margins off for printing cells (like most everything else already
does). Problem reported by Thomas Sattler.
guenther [Tue, 11 Sep 2018 15:52:00 +0000 (15:52 +0000)]
Put clang-specific options behind conditionals to reduce meta-warnings
ok mpi@
bluhm [Tue, 11 Sep 2018 14:34:49 +0000 (14:34 +0000)]
Make the distribution of in_ and in6_ functions in in_pcb.c and
in6_pcb.c consistent, to ease comparing the code. Move all inet6
functions to in6_. Bring functions in both source files in same
order. Cleanup the include section. Now in_pcb.c is a superset
of in6_pcb.c. The latter contains all the special implementations.
Just moving arround, no code change intended.
OK mpi@
ccardenas [Tue, 11 Sep 2018 13:54:28 +0000 (13:54 +0000)]
Include bnxt in arm64.
Tested on mcbin with Broadcom BCM57404 (Dell variant).
Ok jmatthew@ and kettenis@
ccardenas [Tue, 11 Sep 2018 13:45:29 +0000 (13:45 +0000)]
Be consistent in logging messages.
Change "fmt" to "format".
Ok kn@
kettenis [Tue, 11 Sep 2018 12:41:30 +0000 (12:41 +0000)]
We actually support 39-bit VA's in userland.
ok patrick@, jsg@
kn [Tue, 11 Sep 2018 10:42:10 +0000 (10:42 +0000)]
Fix netmask regression in get_dynnode()
I introduced this error with r1.330 while removing the af parameter from
unmask().
`pass inet from (lo0)/24' would result in `pass inet from (lo0)', sorry.
krw [Tue, 11 Sep 2018 10:23:40 +0000 (10:23 +0000)]
Nuke some trailing spaces that wandered into the
crosshairs.
phessler [Tue, 11 Sep 2018 10:21:29 +0000 (10:21 +0000)]
With the interface debug flag enabled, print a "score" for each AP we
consider during auto-join. This can help users determine why a specific
network was chosen.
OK stsp@
espie [Tue, 11 Sep 2018 09:43:08 +0000 (09:43 +0000)]
add the conflict info to what's stored in pkglocatedb, as it's meta-info
that's not readily available otherwise.
kettenis [Tue, 11 Sep 2018 09:25:56 +0000 (09:25 +0000)]
Fix --exclude-libs option. Based on code already committed upstream.
tested by naddy@
krw [Tue, 11 Sep 2018 09:13:19 +0000 (09:13 +0000)]
Tighten validation tests on an obscure corner case of
trying to align partitions to size <= 0 or past the
end of the disk. Emit error message in this case as
in other align errors.
Looks good to otto@.
kn [Tue, 11 Sep 2018 09:02:27 +0000 (09:02 +0000)]
Remove unused buffer from host()
Left-over from pre-host_ip() times. While here, use __func__.
OK henning benno
benno [Tue, 11 Sep 2018 08:55:49 +0000 (08:55 +0000)]
add files for test 4
sashan [Tue, 11 Sep 2018 07:53:38 +0000 (07:53 +0000)]
- moving state look up outside of PF_LOCK()
this change adds a pf_state_lock rw-lock, which protects consistency
of state table in PF. The code delivered in this change is guarded
by 'WITH_PF_LOCK', which is still undefined. People, who are willing
to experiment and want to run it must do two things:
- compile kernel with -DWITH_PF_LOCK
- bump NET_TASKQ from 1 to ... sky is the limit,
(just select some sensible value for number of tasks your
system is able to handle)
OK bluhm@
jsg [Tue, 11 Sep 2018 07:13:23 +0000 (07:13 +0000)]
Add defines for amd microcode msrs which appear to be present since k8
though amd only provides public redistributable updates for >= family 10h.
nicm [Tue, 11 Sep 2018 06:37:54 +0000 (06:37 +0000)]
Do not check for mouse events on pane borders when zoomed, based on a
fix from Avi Halachmi.
ccardenas [Tue, 11 Sep 2018 04:06:32 +0000 (04:06 +0000)]
Fail fast when we are unable to determine disk format.
While here, minor cleanup on logging.
ccardenas [Tue, 11 Sep 2018 04:03:16 +0000 (04:03 +0000)]
Add ability to create qcow2 disk.
vmctl create now takes an optional disk format parameter: raw or qcow2.
If format is omitted, raw is used.
Many thanks to Ori Bernstein.
bluhm [Mon, 10 Sep 2018 22:21:39 +0000 (22:21 +0000)]
Remove useless INPCBHASH() macros. Just expand them.
OK stsp@
kn [Mon, 10 Sep 2018 20:53:53 +0000 (20:53 +0000)]
Merge host_v{4,6}() into simpler host_ip()
Except for networks such as "10/8" host_ip() now handles addresses in an
AF-agnostic way with more duplicate code removed/merged.
OK sashan (as for earlier copy_satopfaddr() diff) henning
benno [Mon, 10 Sep 2018 20:51:59 +0000 (20:51 +0000)]
check orlonger option of trie_match()