tim [Tue, 5 Jul 2016 11:43:02 +0000 (11:43 +0000)]
Hook up the pcfrtc(4) manual; OK kettenis@
mpi [Tue, 5 Jul 2016 10:17:14 +0000 (10:17 +0000)]
Expand IN6_IFF_NOTREADY, ok bluhm@
sthen [Tue, 5 Jul 2016 09:45:02 +0000 (09:45 +0000)]
sync
mpi [Tue, 5 Jul 2016 09:17:10 +0000 (09:17 +0000)]
Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic
addresses set on p2p interfaces.
Found the hardway by naddy@
jsg [Tue, 5 Jul 2016 05:06:27 +0000 (05:06 +0000)]
Modify code added in rev 1.30 to use the correct variable instead of a
different uninitialised one.
ok martijn@
bcook [Tue, 5 Jul 2016 03:55:34 +0000 (03:55 +0000)]
remove extra assignment of s from 1.11, fix regression test
beck [Tue, 5 Jul 2016 03:24:38 +0000 (03:24 +0000)]
remove unneeded duplicate call - spotted by jsing@
bcook [Tue, 5 Jul 2016 02:54:35 +0000 (02:54 +0000)]
On systems where we do not have BN_ULLONG defined (most 64-bit systems),
BN_mod_word() can return incorrect results if the supplied modulus is
too big, so we need to fall back to BN_div_word.
Now that BN_mod_word may fail, handle errors properly update the man page.
Thanks to Brian Smith for pointing out these fixes from BoringSSL:
https://boringssl.googlesource.com/boringssl/+/
67cb49d045f04973ddba0f92fe8a8ad483c7da89
https://boringssl.googlesource.com/boringssl/+/
44bedc348d9491e63c7ed1438db100a4b8a830be
ok beck@
guenther [Tue, 5 Jul 2016 00:44:41 +0000 (00:44 +0000)]
Missed a reference to dl_prebind.h
problem noted by Andrew Ngo (andrew.ngo (at) gmail.com)
tedu [Tue, 5 Jul 2016 00:35:09 +0000 (00:35 +0000)]
remove some casts that aren't necessary.
beck [Tue, 5 Jul 2016 00:21:47 +0000 (00:21 +0000)]
Add several fixes from OpenSSL to make OCSP work with intermediate
certificates provided in the response. - makes our newly added
ocsp regress test pass too..
ok bcook@
beck [Tue, 5 Jul 2016 00:16:23 +0000 (00:16 +0000)]
make less awful.. test against cloudflare too
beck [Mon, 4 Jul 2016 23:43:30 +0000 (23:43 +0000)]
Add a nasty little ocsp regress test in the hope pedants will make it better.
mlarkin [Mon, 4 Jul 2016 23:03:52 +0000 (23:03 +0000)]
limit each viornd request to 64KB.
kettenis [Mon, 4 Jul 2016 21:51:40 +0000 (21:51 +0000)]
Add nep(4).
guenther [Mon, 4 Jul 2016 21:15:06 +0000 (21:15 +0000)]
Remove prebind support: binding to symbol table indices is too fragile
for our development process.
ok kettenis@ deraadt@
kettenis [Mon, 4 Jul 2016 20:56:50 +0000 (20:56 +0000)]
Nuke prebind support; it's unworkable and we're never going to finish it.
ok guenther@, deraadt@
natano [Mon, 4 Jul 2016 18:34:03 +0000 (18:34 +0000)]
Add missing vput() in error path to prevent a vnode getting stuck with a
stale reference and lock, while it shouldn't hold either.
"makes sense to me" beck@
guenther [Mon, 4 Jul 2016 18:01:44 +0000 (18:01 +0000)]
DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS
contains -g by default anyway
problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
ok millert@ kettenis@ deraadt@
guenther [Mon, 4 Jul 2016 17:56:54 +0000 (17:56 +0000)]
gcc's -fvisibility=hidden isn't the behavior we wanted when cleaning up
symbol exports, so delete ${VISIBILITY_HIDDEN} as unused
ok kettenis@ deraadt@
tedu [Mon, 4 Jul 2016 16:12:52 +0000 (16:12 +0000)]
switch calculuated thrsleep timeout to unsigned to prevent overflow
into negative values, which later causes a panic.
reported by Tim Newsham at NCC.
ok guenther
mpi [Mon, 4 Jul 2016 09:30:18 +0000 (09:30 +0000)]
On Quad-G5 make hpb(4) attach first when iterating PCI buses.
This allows openpic(4) to properly map interrupt for the devices
instead of possibly dereferencing garbage.
Found the hardway by and ok jmatthew@
mpi [Mon, 4 Jul 2016 08:11:48 +0000 (08:11 +0000)]
Use the _SAFE_ version of SRPL_FOREACH() in rtable_walk_helper() to
prevent an off-by-one when removing entries from the mpath list.
Fix a regression introduced by the refactoring needed to serialize
rtable_walk() with create/delete.
ok jca@
guenther [Mon, 4 Jul 2016 04:33:35 +0000 (04:33 +0000)]
The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT
in snaps for a week, ok deraadt@
guenther [Mon, 4 Jul 2016 04:05:29 +0000 (04:05 +0000)]
Drop support for the undocumented second argument (same as -N option)
ok deraadt@
guenther [Mon, 4 Jul 2016 03:24:48 +0000 (03:24 +0000)]
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
millert [Mon, 4 Jul 2016 01:39:12 +0000 (01:39 +0000)]
The -I flag is documented but not implemented. This fixes that and
also honors the -I flag from ci/co when prompting like GNU RCS.
OK jca@
deraadt [Mon, 4 Jul 2016 00:40:17 +0000 (00:40 +0000)]
sync
mglocker [Sun, 3 Jul 2016 20:05:44 +0000 (20:05 +0000)]
Move videovar.h in to video.c since it isn't used anywhere else.
Suggested by mpi@ diff from Patrick Keshishian.
ok mpi
gilles [Sun, 3 Jul 2016 14:30:33 +0000 (14:30 +0000)]
add -r option to enqueuer as compat interface for mailx
diff by Richard <richard@aaazen.com>
semarie [Sun, 3 Jul 2016 04:36:08 +0000 (04:36 +0000)]
introduces new promise "chown" to allow changing owner/group with *chown(2) family
it splits PLEDGE_FATTR in two ("fattr" stills grant the 2 flags, so no functional changes):
- PLEDGE_CHOWN : to be able to call *chown(2) syscalls
- PLEDGE_FATTR : the rest
it introduces "chown" which grant:
- PLEDGE_CHOWN : be able to call *chown(2)
- PLEDGE_CHOWNUID : be able to modifying owner/group
ok deraadt@ tedu@
deraadt [Sun, 3 Jul 2016 03:19:02 +0000 (03:19 +0000)]
sync
afresh1 [Sun, 3 Jul 2016 01:07:47 +0000 (01:07 +0000)]
Update to perl 5.20.3
OK bluhm@
tedu [Sat, 2 Jul 2016 17:09:09 +0000 (17:09 +0000)]
check cache tree for collisions when inserting replies.
if two identical requests are sent out, the first will create a cache
entry. the second will not go into the cache tree, but will linger around,
causing a crash when we free it and try to remove from the tree. instead,
give up if insert fails.
diagnosis and initial patch from Duncan.
mglocker [Sat, 2 Jul 2016 16:28:50 +0000 (16:28 +0000)]
Get 'AOAShasta' soundchip working found on PowerMac9,1.
ok deraadt
eric [Sat, 2 Jul 2016 09:32:30 +0000 (09:32 +0000)]
remove misleading comment. it's not true anymore.
ok gilles@
eric [Sat, 2 Jul 2016 08:47:30 +0000 (08:47 +0000)]
datain counter is part of the transaction state
ok gilles@
eric [Sat, 2 Jul 2016 07:55:59 +0000 (07:55 +0000)]
set the msgid on the transaction
ok gilles@ jung@
jmc [Sat, 2 Jul 2016 05:58:00 +0000 (05:58 +0000)]
do not uppercase "hop limit";
renato [Fri, 1 Jul 2016 23:36:38 +0000 (23:36 +0000)]
More renaming and whitespace cleanup.
No binary change after "strip -s".
renato [Fri, 1 Jul 2016 23:33:46 +0000 (23:33 +0000)]
Be more compliant with RFC 4447.
When sending a label withdraw during the pseudowire Control Word
negotiation, append a "Wrong C-bit" status TLV after the FEC TLV (in
conformance to RFC 4447 section 6.2). Apparently this has no use other
than aiding in troubleshooting.
Also, extend the recv_labelmessage() function to accept Status TLVs and
ignore them instead of shutting down the session.
renato [Fri, 1 Jul 2016 23:29:55 +0000 (23:29 +0000)]
Several minor tweaks.
renato [Fri, 1 Jul 2016 23:22:42 +0000 (23:22 +0000)]
Decrease the initialization FSM timeout.
The previous value of 180 was just too long. If a neighbor get stuck in
the initialization FSM for more than 15 seconds, then there's certainly
something wrong and the session should be dropped.
A potential case of a neighbor getting stuck in the initialization
FSM is when both the local and the remote LSRs disable the LDPv4 GTSM
negotiation and there's a mismatch in their GTSM configuration (one is
enabled for GTSM while the other is not).
In this case, a smaller timeout allows for a quicker recovery of the
session when the configuration is fixed on either side.
renato [Fri, 1 Jul 2016 23:18:24 +0000 (23:18 +0000)]
Rename hello flags to keep consistent with the rest of the code.
Flag constants should start with F_.
renato [Fri, 1 Jul 2016 23:14:31 +0000 (23:14 +0000)]
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
schwarze [Fri, 1 Jul 2016 22:40:44 +0000 (22:40 +0000)]
For -be, indent the $ on blank lines.
Patch from Giles Lean (NetBSD PR bin/4841), tweaked by kleink at
NetBSD (rev. 1.17 1998-01-27), version for OpenBSD sent in by Sevan
Janiyan <venture37 at geeklan dot co dot uk>.
OK deraadt@
schwarze [Fri, 1 Jul 2016 20:23:29 +0000 (20:23 +0000)]
Update and simplify the documentation of the -s option,
which was forgotten when implementing the new man.conf(5) format.
The outdated information was originally pointed out
by Andy Bradford <amb dash openbsd at bradfords dot org> on misc@.
OK jmc@
eric [Fri, 1 Jul 2016 19:52:31 +0000 (19:52 +0000)]
always refer to the helo string stored on the session
ok gilles@
jca [Fri, 1 Jul 2016 18:37:15 +0000 (18:37 +0000)]
Make accepted sockets inherit IP_TTL from the listening socket.
This is consistent with the IPV6_UNICAST_HOPS behavior, and is the only
way to allow applications to completely control the TTL of outgoing
packets (else an application could temporariy send packets with the
default TTL, until it sets again IP_TTL ; this is harmful eg for GTSM).
ok bluhm@
jca [Fri, 1 Jul 2016 18:28:58 +0000 (18:28 +0000)]
Allow resetting the IP_TTL and IP_MINTTL sockopts
IP_TTL can be reset by passing -1, IP_MINTTL can be reset by passing 0.
This is consistent with what Linux does and
IPV6_UNICAST_HOPS/IPV6_MINHOPCOUNT.
ok bluhm@
jca [Fri, 1 Jul 2016 18:18:57 +0000 (18:18 +0000)]
Unbreak getsockopt(IPV6_MINHOPCOUNT)
ok bluhm@
eric [Fri, 1 Jul 2016 17:53:23 +0000 (17:53 +0000)]
flag the local socket listener as local.
clarify check for local listeners.
ok gilles@ millert@
millert [Fri, 1 Jul 2016 15:47:15 +0000 (15:47 +0000)]
Avoid printing f->f_lasttime and/or f->f_prevhost if they are empty.
This fixes a long-standing issue where syslogd would print 15 NUL
bytes followed by two blank spaces before the log message for
warnings generated while parsing syslog.conf. OK bluhm@
bluhm [Fri, 1 Jul 2016 15:30:46 +0000 (15:30 +0000)]
Timing changed, now a syslogd test may get EPIPE instead of
ECONNREFUSED error.
visa [Fri, 1 Jul 2016 15:12:37 +0000 (15:12 +0000)]
Add fdt init for octeon.
jcs [Fri, 1 Jul 2016 15:02:49 +0000 (15:02 +0000)]
add a simple keyboard backlight driver for some chromebooks,
adjustable with wsconsctl keyboard.backlight
ok bmercer, kettenis
millert [Fri, 1 Jul 2016 15:00:48 +0000 (15:00 +0000)]
Include errno string in log message when we fail to open a file.
The privileged process sends the errno value back when it cannot
open a file. OK gilles@
patrick [Fri, 1 Jul 2016 09:34:39 +0000 (09:34 +0000)]
SolidRun's HummingBoards and CuBoxes are also available with
the i.MX6 Solo and DualLite SoCs. Those are slightly different
to the bigger versions and thus have a different FDT compatible
name. To be able for us to boot on those machines, add those
compatible names to the list and re-use the board ids.
ok kettenis@
jmc [Fri, 1 Jul 2016 07:00:02 +0000 (07:00 +0000)]
update currency exchange rates;
bcook [Fri, 1 Jul 2016 00:29:14 +0000 (00:29 +0000)]
Simplify IP proto-specific sockopt error handling.
This makes error messages more specific and simplifies
masking compatible sections for the portable version.
ok beck@
ratchov [Thu, 30 Jun 2016 21:37:29 +0000 (21:37 +0000)]
Use CLOCK_UPTIME instead of CLOCK_MONOTONIC, as the later makes jumps
during suspend/resume cycles which triggers watchdog time-outs and
in turn prevents sndiod from resuming.
afresh1 [Thu, 30 Jun 2016 21:16:13 +0000 (21:16 +0000)]
Update perl Time::HiRes to 1.9739
Which provides hires `utime`
requested by espie@ OK millert@
mglocker [Thu, 30 Jun 2016 19:54:13 +0000 (19:54 +0000)]
Also mention the term 'USB device' in the title to make clear that the
reference count is on a device level.
ok jmc
gilles [Thu, 30 Jun 2016 18:41:39 +0000 (18:41 +0000)]
update aliases documentation to reflect reality
tedu [Thu, 30 Jun 2016 15:59:30 +0000 (15:59 +0000)]
don't need the .xr to sysctl now either
tedu [Thu, 30 Jun 2016 15:58:06 +0000 (15:58 +0000)]
nptys sysctls were removed
tedu [Thu, 30 Jun 2016 15:56:59 +0000 (15:56 +0000)]
ntpys sysctl was removed
tedu [Thu, 30 Jun 2016 15:54:53 +0000 (15:54 +0000)]
992 ptys is the hard max.
mpi [Thu, 30 Jun 2016 12:36:27 +0000 (12:36 +0000)]
Use ``rt_addr'' rather than ``rt_ifa'' to get the source address
corresponding to a route.
ok florian@ on a previous version, input and ok bluhm@
bcook [Thu, 30 Jun 2016 12:19:51 +0000 (12:19 +0000)]
Tighten behavior of _rs_allocate failure for portable arc4random implementations.
In the event of a failure in _rs_allocate for rsx, we still have a reference to
freed memory for rs on return. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
ok deraadt@
bcook [Thu, 30 Jun 2016 12:17:29 +0000 (12:17 +0000)]
Tighten behavior of _rs_allocate on Windows.
For Windows, we are simply using calloc, which has two annoyances:
the memory has more permissions than needed by default, and it comes
from the process heap, which looks like a memory leak since this memory
is rightfully never freed.
This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the
memory to READ|WRITE and keeps the memory out of the process heap.
ok deraadt@
bcook [Thu, 30 Jun 2016 11:10:29 +0000 (11:10 +0000)]
bump to 2.4.2
florian [Thu, 30 Jun 2016 10:17:18 +0000 (10:17 +0000)]
Prevent NULL deref, pointed out by llvm's scan-build.
OK jca, millert
otto [Thu, 30 Jun 2016 09:00:48 +0000 (09:00 +0000)]
adapt S option: add C, rm F (not relevant with 0 cache and disables
chunk rnd), rm P: is default
mpi [Thu, 30 Jun 2016 08:19:03 +0000 (08:19 +0000)]
Restore the automagically added /64 route on p2p interfaces in order to
send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
dtucker [Thu, 30 Jun 2016 05:17:05 +0000 (05:17 +0000)]
Explicitly check for 100% completion to avoid potential floating point
rounding error, which could cause progressmeter to report 99% on completion.
While there invert the test so the 100% case is clearer. with & ok djm@
mlarkin [Thu, 30 Jun 2016 02:29:22 +0000 (02:29 +0000)]
remove some unused variables (that were commented out anyway)
bcook [Thu, 30 Jun 2016 02:02:06 +0000 (02:02 +0000)]
Remove flags for disabling constant-time operations.
This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.
Based on the original patch by César Pereid. ok beck@
tb [Wed, 29 Jun 2016 20:38:39 +0000 (20:38 +0000)]
If /tmp/vi.recover doesn't exist, don't create it. Warn once
that it doesn't exist, afterwards fail silently.
ok millert
chris [Wed, 29 Jun 2016 17:54:08 +0000 (17:54 +0000)]
Document arptimeout, arpdown. Prodded by and ok jmc@
jmc [Wed, 29 Jun 2016 17:14:28 +0000 (17:14 +0000)]
sort the -o list;
jca [Wed, 29 Jun 2016 14:19:38 +0000 (14:19 +0000)]
Spring cleanup
- pointless casts, kill caddr_t or replace it with char *
- signed counters
- simplify if_getmtu, only one method is needed and SIOCGIFMTU is the
cheapest
- we no longer have drivers for IFT_FDDI
- hide details of iflist management
- if (dflag) log_debug -> log_debug
- dead code and comments
- etc etc
Input from and ok florian@
visa [Wed, 29 Jun 2016 13:39:03 +0000 (13:39 +0000)]
Make the fdt parser skip nop tokens. This is needed on some
octeon boards.
Feedback and ok kettenis@
eric [Wed, 29 Jun 2016 06:46:06 +0000 (06:46 +0000)]
Explicitely enclose SMTP transactions between BEGIN and COMMIT/ROLLBACK
filter events. Bump filter API version.
ok gilles@ jung@
mlarkin [Wed, 29 Jun 2016 06:05:15 +0000 (06:05 +0000)]
Don't write a 1 to the RIRR bit in the IOAPIC redirection register. This bit
is R/O, and although it should not matter what value is written there,
Hyper-V's emulated IOAPIC interprets a write of 1 in some unexpected way and
subsequently blocks interrupt delivery. This primarily manifests itself as
de(4) timeouts when using Hyper-V VMs with the "Legacy Network Adapter"
interface.
This diff has been in snaps for almost a month with no reported fallout.
Based on an idea originally from mikeb with further input from kettenis and
deraadt.
jca [Tue, 28 Jun 2016 19:45:53 +0000 (19:45 +0000)]
Add missing words to help the reader.
ok mikeb@
jca [Tue, 28 Jun 2016 18:22:50 +0000 (18:22 +0000)]
whitespace nit
tedu [Tue, 28 Jun 2016 18:00:59 +0000 (18:00 +0000)]
revert previous. better fix applied to fts_open.
espie [Tue, 28 Jun 2016 17:35:34 +0000 (17:35 +0000)]
oops, $pkg can be more than a pkgname. We have the right information
in the plist, so use it instead.
jca [Tue, 28 Jun 2016 17:35:14 +0000 (17:35 +0000)]
Add -M and -m options to specify the outgoing and incoming minimum TTL
Req by and ok blumh@
jca [Tue, 28 Jun 2016 17:32:58 +0000 (17:32 +0000)]
IP_MINTTL and IPV6_MINHOPCOUNT work on TCP and UDP sockets
Input from and ok bluhm@
millert [Tue, 28 Jun 2016 17:25:08 +0000 (17:25 +0000)]
For the EINVAL case there can be more than a single option.
millert [Tue, 28 Jun 2016 17:21:48 +0000 (17:21 +0000)]
fts_open() requires that the list passed as argument to contain at least
one path. When the list is empty (contain only a NULL pointer), return
EINVAL instead of pretending to succeed, which will cause a NULL pointer
deference in a later fts_read() call. From FreeBSD.
chris [Tue, 28 Jun 2016 17:18:24 +0000 (17:18 +0000)]
Add sysctl for arp timers: net.inet.ip.arptimeout (expire timer for resolved
entries) and net.inet.ip.arpdown (expire timer for unresolved entries)
ok mpi@
millert [Tue, 28 Jun 2016 17:12:29 +0000 (17:12 +0000)]
Do not return an error in fts_open(3) if one of the paths in argv
is empty. Otherwise, programs using fts(3) will report an error
if one of the paths is empty instead of just treating it as a
non-existent file. OK guenther@
jca [Tue, 28 Jun 2016 16:59:14 +0000 (16:59 +0000)]
Use IPV6_MINHOPCOUNT to finish implementing ttl-security for IPv6.
ok renato@ deraadt@
espie [Tue, 28 Jun 2016 15:38:36 +0000 (15:38 +0000)]
option -z that uses is-branch info to produce "complete"
stem--[flavor][%branch] listing.
feedback and suggestions semarie@
espie [Tue, 28 Jun 2016 15:30:29 +0000 (15:30 +0000)]
document is-branch
tedu [Tue, 28 Jun 2016 15:20:13 +0000 (15:20 +0000)]
don't report errors for 'rm -rf ""'. report by rkitover.
ok benno deraadt
tedu [Tue, 28 Jun 2016 14:47:00 +0000 (14:47 +0000)]
introduce rwlock for socketbuf instead of the old flag and tsleep dance.
ok mikeb bluhm