ajacoutot [Mon, 18 May 2015 15:17:29 +0000 (15:17 +0000)]
Put ntpd.conf in MUTABLE so it's installed with 0644 mode.
discussed by deraadt@
deraadt [Mon, 18 May 2015 15:06:05 +0000 (15:06 +0000)]
getentropy() and sendsyslog() have been around long enough.
openssh-portable may want the #ifdef's but not base.
discussed with djm few weeks back
krw [Mon, 18 May 2015 14:59:42 +0000 (14:59 +0000)]
Stop rejecting leases with a subnet that overlaps a subnet already
present. The latest routing stack code can now handle these situations.
Much requested by beck@ and others. Detailed discussion at s2k15
identified required routing changes.
ok claudio@
reyk [Mon, 18 May 2015 14:19:23 +0000 (14:19 +0000)]
Currently, after 4 failed constraint checks, we suspect the constraint
of being wrong, not the NTP responses, reset it and query it from all
the constraint servers all over again. This is turned out to be a bit
aggressive because it could get triggered with just a few bad NTP
peers in a larger pool. To avoid constant reconnections, scale the
error margin with the number of resolved NTP peers using peer_cnt * 4.
This way a single or a few outliers in a NTP pool cannot trigger
reconnecting to the constraint servers immediately. More NTP peers,
less reason to mistrust the constraint.
Found by dtucker@
OK deraadt@
deraadt [Mon, 18 May 2015 13:57:34 +0000 (13:57 +0000)]
swap calloc() arguments for clarity
deraadt [Mon, 18 May 2015 13:48:37 +0000 (13:48 +0000)]
enable ntpd by default at install time. We use pools and a reliable
constraint to keep them in check. in the worst case of being on a
dark net, nothing changes.
this is being enabled by default to allow gathering of more operational
information from users. and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future. if not, ntpd
will become even more awesome along the way.
with reyk rpe
reyk [Mon, 18 May 2015 13:32:28 +0000 (13:32 +0000)]
Move the rdomain from struct ifnet into struct if_data. This way it
will be exported to userland with the existing sysctl, getifaddrs()
and routing socket (if_msghdr.ifm_data) interfaces that expose
if_data. All programs and daemons - Apps - that call the
SIOCGIFRDOMAIN ioctl in a getifaddrs() loop or after receiving an
interface message on the routing socket can now remove the pointless
additional ioctl. In base, that could be: dhclient, isakmpd, dhcpd,
dhcrelay, ntpd, ospfd, ripd, ifconfig.
No ABI breakage because it uses a previously unused pad field in if_data.
OK mpi@ deraadt@
mikeb [Mon, 18 May 2015 12:21:04 +0000 (12:21 +0000)]
Prevent splassert from firing during sd_flush which runs "cold"
While mfi(4) should pass SCSI transfer flags (e.g. SCSI_POLL and
SCSI_NOSLEEP) down to the management function, make it at least
use "cold" consistently for now.
ok dlg
deraadt [Mon, 18 May 2015 11:57:52 +0000 (11:57 +0000)]
No longer need tricks with setvbuf(). Instead, we just give permission
to call fstat() and fcntl().
ok nicm
mpi [Mon, 18 May 2015 11:43:57 +0000 (11:43 +0000)]
Do not change "rcvif" without goint through if_input() again otherwise
the handlers on the new interface won't be executed.
Tested by < mxb AT alumni.chalmers DOT se>
ok dlg@
dtucker [Mon, 18 May 2015 11:10:03 +0000 (11:10 +0000)]
Simplify example constraints URL to reduce load on the server side.
ok henning@, reyk@
espie [Mon, 18 May 2015 10:41:19 +0000 (10:41 +0000)]
simplify progressmeter calls to visit_and: we retrieve the state from the
progressmeter object
espie [Mon, 18 May 2015 10:37:12 +0000 (10:37 +0000)]
have visit_with_count and visit_with_size use the same parameter conventions.
In particular, pass state before the other method parameters.
espie [Mon, 18 May 2015 10:25:10 +0000 (10:25 +0000)]
since the progressmeter is always tied to a state, store the state always,
and not just in the Term case.
allows passing less parameters around.
nicm [Mon, 18 May 2015 09:35:05 +0000 (09:35 +0000)]
Add -d flag and dc capability to open devices non-blocking, used for the
few drivers that do not support cua* so tty* must be used.
ok miod millert
miod [Mon, 18 May 2015 04:07:26 +0000 (04:07 +0000)]
Reenable the page zeroing thread on MP m88k kernels.
miod [Mon, 18 May 2015 04:06:37 +0000 (04:06 +0000)]
Move the logic deciding whether to grab the kernel lock or not, deeper in the
interrupt logic, making sure the lock is not taken for clock interrupts.
Tested on aviion and luna88k.
bluhm [Sun, 17 May 2015 22:49:03 +0000 (22:49 +0000)]
Add test cases for a crash reported by Bertrand PROVOST. When a
HTTP client writes multiple requests or chunks in a single transfer,
relayd invokes the libevent callback manually for the next data.
If the callback closes the session, this results in an use after
free.
Test an invalid second request method, test an invalid header line
in the second PUT request, test an invalid second chunked length
for a PUT request. Also test multiple valid HTTP 1.1 PUT requests
with chunked body.
To detect crashes of relayd, start it with "prefork 1" and grep for
"lost child" log messages. Unfortunately only the first child is
monitored by the parent.
kettenis [Sun, 17 May 2015 22:39:39 +0000 (22:39 +0000)]
Record inter-library dependencies between libcrypto, libssl and libtls
guenther [Sun, 17 May 2015 21:41:50 +0000 (21:41 +0000)]
Add 'D' to usage optstring. Prodded by jmc@
guenther [Sun, 17 May 2015 20:19:08 +0000 (20:19 +0000)]
Add -D option for displaying the dynamic symbol table
ok miod@
reyk [Sun, 17 May 2015 18:31:32 +0000 (18:31 +0000)]
When resolving the "constraint" (singular), store all returned IP
addresses and try one after another until the connection succeeded -
based on the existing mechanism of "server". "constraint" previously
only tried to connect to the first returned address, aborted and
skipped the constraint on failure. In difference to "constraints"
(plural), it still only connects to one address at a time and not to
all of them at once.
Pointed out by rpe@
OK rpe@ deraadt@
deraadt [Sun, 17 May 2015 16:55:51 +0000 (16:55 +0000)]
for decades, wsdisplay has acted in one way like it is not a tty
jsg [Sun, 17 May 2015 12:28:03 +0000 (12:28 +0000)]
Checking the dts files turned up some more imx sdhc problems.
- use the correct CD gpios on phyflex and wandboard usdhc3 (unit 2)
- udoo has just the one sd slot with no CD
jsg [Sun, 17 May 2015 11:18:05 +0000 (11:18 +0000)]
add missing calls to set the gpio direction before reading the
card detect gpio on phyflex/sabre lite/wandboard
czarkoff [Sun, 17 May 2015 06:37:36 +0000 (06:37 +0000)]
Montenegrin holidays
OK jmc@, sthen@ (same for previous comment)
czarkoff [Sun, 17 May 2015 06:34:37 +0000 (06:34 +0000)]
New Year's Day
canacar [Sun, 17 May 2015 02:44:38 +0000 (02:44 +0000)]
Read ethernet address from EEPROM on AX88772B based on FreeBSD
ok djm@ jsg@
chris [Sun, 17 May 2015 02:33:09 +0000 (02:33 +0000)]
We don't need KERNEL_LOCK() around if_input() anymore, as if_input() has
appropriate locking around bpf now.
ok dlg@
deraadt [Sun, 17 May 2015 01:56:02 +0000 (01:56 +0000)]
Of course, fcntl errno case returns -1, which must be converted to 0
with guenther
deraadt [Sun, 17 May 2015 01:22:01 +0000 (01:22 +0000)]
isatty() is used by stdio to determine the buffering mode. Add a F_ISATTY
option to fcntl(), so that isatty() can use this rather than than the bloated
ioctl() interface. Reducing uses of ioctl() by libc makes it easier to
constrain programs with various kinds of systrace sandboxes.
ok guenther, previously discussed as a concept with nicm
deraadt [Sun, 17 May 2015 01:15:44 +0000 (01:15 +0000)]
Use fcntl() to set non-blocking-mode, rather ioctl(). This has a better
chance of working in systrace restricted environments.
ok guenther
deraadt [Sun, 17 May 2015 00:08:35 +0000 (00:08 +0000)]
nope, ioctl has not been used for a while
ratchov [Sat, 16 May 2015 19:27:53 +0000 (19:27 +0000)]
Call slot_stop() after the play buffer is drained to properly cleanup
the slot. Fixes periodic glitches occurring after eof is reached, and
then playback restarted with a MMC-relocate and MMC-start.
ratchov [Sat, 16 May 2015 12:51:24 +0000 (12:51 +0000)]
Display simply "play" when play mode is set (furthermore, "playsync",
aka PLAY_ALL mode is not used anymore)
ratchov [Sat, 16 May 2015 12:48:50 +0000 (12:48 +0000)]
remove reference to encodings the kernel doesn't expose anymore
jsg [Sat, 16 May 2015 10:44:44 +0000 (10:44 +0000)]
mention CuBox-i4Pro, Utilite and Novena
ratchov [Sat, 16 May 2015 10:04:20 +0000 (10:04 +0000)]
hide private midi_softc strucure
ratchov [Sat, 16 May 2015 09:56:10 +0000 (09:56 +0000)]
Use device_lookup() instead of digging into midi_cd.cd_devs[] and
maintaining a "dying" flag which is already present in the device
structure. As a side-effect, this adds the missing refcounting
that mididetach() was missing. With from mpi@ and dlg@
ok mpi
deraadt [Fri, 15 May 2015 23:20:25 +0000 (23:20 +0000)]
still needs kcore.h
millert [Fri, 15 May 2015 22:29:37 +0000 (22:29 +0000)]
Make index/rindex weak aliases of strchr/strrchr since they are not
part of the ISO C standard and have also been dropped from POSIX.
OK guenther@ kettenis@
jasper [Fri, 15 May 2015 21:18:53 +0000 (21:18 +0000)]
add missing placeholder so that the "UNSIGNED PACKAGES: " line actually
contains the list of packages.
ok espie@
reyk [Fri, 15 May 2015 20:40:26 +0000 (20:40 +0000)]
Fix kill'n'yank error: the port is mandatory in relay listen on statements.
Pointed out by Alex Greif
OK jmc@
jmc [Fri, 15 May 2015 19:34:31 +0000 (19:34 +0000)]
rework synopsis to be a bit less ugly; the result is quite close to the posix
spec...
jmc [Fri, 15 May 2015 19:26:37 +0000 (19:26 +0000)]
client/server mox ip;
from trondd
jmc [Fri, 15 May 2015 18:53:05 +0000 (18:53 +0000)]
spelling;
jmc [Fri, 15 May 2015 18:49:21 +0000 (18:49 +0000)]
sort;
jmc [Fri, 15 May 2015 18:47:53 +0000 (18:47 +0000)]
trailing whitespace;
jsg [Fri, 15 May 2015 17:01:18 +0000 (17:01 +0000)]
Decrement the unit numbers on the novena sdhc devices. The imx6 dts
files seem to have labels numbered one higher than the nodes they are
assigned to.
Tested by djm
jsg [Fri, 15 May 2015 15:35:43 +0000 (15:35 +0000)]
Make board attaching table driven and move it out into the soc
directories. Move the device tables while here as was done in bitrig.
With these changes the only use of the board id defines is in the soc
directories.
Tested by matthieu and djm on imx and myself on omap and sunxi (qemu).
ok djm@, ok jasper@ on an earlier version
jsg [Fri, 15 May 2015 13:32:08 +0000 (13:32 +0000)]
add some missing splx() calls
ok deraadt@ kettenis@ krw@
mpi [Fri, 15 May 2015 12:40:05 +0000 (12:40 +0000)]
Remove useless comments mentioning ether_output().
claudio [Fri, 15 May 2015 12:00:57 +0000 (12:00 +0000)]
Allow multiple connected/interface routes to exist at the same time.
Use the existing multipath code. Switch away from using the ifa address
when making the cloning route and instead put a dummy sockaddr_dl route
in. With this it is possible to use the same network on multiple interfaces
at the same time. So if wireless and ethernet share the same network
the system will use the wired connection as long as there is link.
Still missing is builtin proxy-arp for the other interface IPs to allow
hitless failover.
OK mpi@
claudio [Fri, 15 May 2015 11:53:06 +0000 (11:53 +0000)]
Give carp(4) interfaces their own low priority. The change should not
change behaviour for now but will allow to share the same address with
the parent interface without major hacks.
OK mpi@
mpi [Fri, 15 May 2015 11:36:30 +0000 (11:36 +0000)]
Convert to if_input().
ok dlg@
jsg [Fri, 15 May 2015 11:00:14 +0000 (11:00 +0000)]
Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.
ok doug@
dlg [Fri, 15 May 2015 10:54:26 +0000 (10:54 +0000)]
rename the probe and free members of atascsi_methods to ata_probe
and ata_free.
this makes them consistent with the rest of the members, and lets
me #define free to weird debug things in the kernel without screwing
these files up.
mpi [Fri, 15 May 2015 10:15:13 +0000 (10:15 +0000)]
Introduce if_output(), a function do to the last steps before enqueuing
a packet on the sending queue of an interface.
Tested by many, thanks a lot!
ok dlg@, claudio@
mpi [Fri, 15 May 2015 10:09:23 +0000 (10:09 +0000)]
Remove a NULL check in carp_set_ifp() as we always pass a valid ifp
pointer to this function.
ok claudio@
rpe [Fri, 15 May 2015 07:41:30 +0000 (07:41 +0000)]
Remove the 'Use DUIDs rather than device names in fstab?' question
and use DUIDs unconditionally. DUIDs in the installed /etc/fstab
has been the default for quite some time now.
OK deraadt@, krw@, guenther@, beck@
gilles [Fri, 15 May 2015 07:34:45 +0000 (07:34 +0000)]
the code to prevent AUTH PLAIN from logging credentials upon authentication
failure does not catch the AUTH LOGIN case. rework to use the session state
rather than using the session command.
spotted by pkern@debian.org
dtucker [Fri, 15 May 2015 05:44:21 +0000 (05:44 +0000)]
Use a salted hash of the lock passphrase instead of plain text and do
constant-time comparisons of it. Should prevent leaking any information about
it via timing, pointed out by Ryan Castellucci. Add a 0.1s incrementing delay
for each failed unlock attempt up to 10s. ok markus@ (earlier version), djm@
kettenis [Thu, 14 May 2015 21:40:37 +0000 (21:40 +0000)]
Use STRONG_ALIAS instead of ALTENTRY.
ok millert@
mpi [Thu, 14 May 2015 13:50:34 +0000 (13:50 +0000)]
Make the "Battery Present" sensor a depency of all the battery-related
sensors only if it is present, From David Higgs.
Fix a regression reported by and ok halex@
jsg [Thu, 14 May 2015 11:52:43 +0000 (11:52 +0000)]
rev 1.3 introduced a check to an if statement without adding braces.
Claudio points out the size is checked by an earlier test so just
remove it to restore the original handling of the partial octet case.
Discussed with claudio and gilles.
rpe [Thu, 14 May 2015 10:58:55 +0000 (10:58 +0000)]
Extend autoinstall(8) to allow for <hostname>-<mode>.conf response files
and to put response files in a subdir of the webserver's document root.
Based on diffs from Nathanael Rensen, thanks!
While here fix a buglet introduced by the $_server -> $AI_SERVER change.
OK krw, halex
mpi [Thu, 14 May 2015 10:55:28 +0000 (10:55 +0000)]
Allocate the input packet handler as part of the trunk_port structure
since they have the same lifetime.
Requested by and ok dlg@
deraadt [Thu, 14 May 2015 10:30:56 +0000 (10:30 +0000)]
sync
jsg [Thu, 14 May 2015 03:13:20 +0000 (03:13 +0000)]
Remove BOARD_ID* tests that do the same thing for every imx board.
Tested by and ok djm@
jsg [Thu, 14 May 2015 02:56:01 +0000 (02:56 +0000)]
Stop including CFLAGS in CXXFLAGS it creates problems when mixing
C and C++ when wanting to pass flags to only the C compiler.
Tested in a ports bulk build by naddy and the handful of problems
found were fixed by naddy, jca and pascal.
djm [Thu, 14 May 2015 02:10:29 +0000 (02:10 +0000)]
rework imxenet hardware address setup: if COTP doesn't provide an
address, check whether the firmware/bootloader has already programmed
one. If all else fails, use ether_fakeaddr(); feedback and ok jsg@
(committed from Novena)
deraadt [Thu, 14 May 2015 00:15:30 +0000 (00:15 +0000)]
sync
bluhm [Wed, 13 May 2015 21:01:54 +0000 (21:01 +0000)]
If crypt(3) is called with an unknown setting, return NULL instead
of some undefined value.
OK tedu@
jsg [Wed, 13 May 2015 10:42:46 +0000 (10:42 +0000)]
test mbuf pointers against NULL not 0
ok krw@ miod@
mpi [Wed, 13 May 2015 08:16:01 +0000 (08:16 +0000)]
Get rid of the last "#if NTRUNK" by overwriting trunk ports' output
function.
ok claudio@, reyk@
mpi [Wed, 13 May 2015 08:01:21 +0000 (08:01 +0000)]
Remove useless "bridge.h" include.
ok miod@
gilles [Wed, 13 May 2015 07:34:49 +0000 (07:34 +0000)]
The enqueuer should never encouter the "From " separator in its headers, as
it is added by the mda. If it sees one, it means that the enqueuer was used
as the mda and it needs to strip it otherwise the message will end with two
delimiters later down the road. Same applies to "Return-Path".
bug experienced by James Turner, confirmed by Giovanni.
fix suggested by Todd Miller, diff ok eric@
uebayasi [Wed, 13 May 2015 05:29:57 +0000 (05:29 +0000)]
Define END() to set ELF symbol size.
OK miod@
jsg [Wed, 13 May 2015 02:39:28 +0000 (02:39 +0000)]
Having the same settings on the same phy across multiple boards is just
asking too much in the arm world.
Translate the fec parameters from the novena dtb to set a different clock
skew to the same micrel phy used on sabre lite. The novena dtb sets
txd[0-3]-skew-ps to 3000, the sabre lite sets them to 0. When run through
the shifting/oring process from the micrel phy driver in FreeBSD this ends
up being a write of 0xffff on the novena and 0x0000 on sabre lite when
writing to TX_DATA_PAD_SKEW.
This change resolves the stability problems djm was seeing with imxenet
on novena.
ok djm@
nicm [Tue, 12 May 2015 22:40:38 +0000 (22:40 +0000)]
To replace c0-*, add a high watermark to the pty event, and also backoff
when the any of the ttys the pane is going to write to has buffered
enough data.
kettenis [Tue, 12 May 2015 21:05:42 +0000 (21:05 +0000)]
Revert rev 1.3. While that change appears to make the behaviour similar to
binutils 2.15, it introduces bogus failures when inter-library dependencies
are present.
With the binutils 2.17 behaviour restored, --as-needed will cause linker
failures when necessary inter-library dependencies are not present. This is
actually a good thing as binutils 2.15 will silently produce executables
that will fail at runtime in those cases.
ok miod@
kettenis [Tue, 12 May 2015 20:20:18 +0000 (20:20 +0000)]
Make sure the rx ring lwm is set to at least 4. As far as we know, all
hardware variants need at least 4 descriptors on the rx ring to be able to
receive packets. Should fix the issue reported by Christian Schulte on
bugs@.
ok mikeb@, sthen@
guenther [Tue, 12 May 2015 20:14:09 +0000 (20:14 +0000)]
Add dlclose(3) to SEE ALSO
ok millert@ jmc@ schwarze@
guenther [Tue, 12 May 2015 20:13:15 +0000 (20:13 +0000)]
Document pthread_atfork(3)'s interaction with dlclose(3)
Use Xr instead of Fn for functions documented on other manpages
ok millert@ jmc@ schwarze@
millert [Tue, 12 May 2015 19:38:13 +0000 (19:38 +0000)]
Race less.
nicm [Tue, 12 May 2015 19:36:08 +0000 (19:36 +0000)]
Tidy blank lines when outputting server info.
ratchov [Tue, 12 May 2015 18:39:30 +0000 (18:39 +0000)]
remove the sc->isopen flag, as sc->flags already hold the
same information.
ratchov [Tue, 12 May 2015 18:32:49 +0000 (18:32 +0000)]
store byte count in a size_t and switch from uiomovei() to uiomove()
ratchov [Tue, 12 May 2015 18:23:38 +0000 (18:23 +0000)]
Remove unused code & definitions: midi_attach(), midi_unit_count(),
midi_getinfo(), midi_writebytes(). They were "used" by the sequencer
interface which we removed years ago.
ratchov [Tue, 12 May 2015 18:05:43 +0000 (18:05 +0000)]
Don't hold the audio mutex when calling uiomove(), as uiomove()
may sleep in case of a page fault
ratchov [Tue, 12 May 2015 16:35:23 +0000 (16:35 +0000)]
Remove references to (deleted) auconv.h and mulaw.h files. Fixes
i386 build. Found by Mark Patruck <mark at wrapped.cx>, thanks!
nicm [Tue, 12 May 2015 15:29:29 +0000 (15:29 +0000)]
Add a session_alerts format which is a list of all the alerts in the
current session in symbolic form (something like "0!,4~,5!"). Use this
in the default set-titles-string. Prompted by a request from Jan ONDREJ.
nicm [Tue, 12 May 2015 15:27:46 +0000 (15:27 +0000)]
Add bell-action "other" to pass through bells in all windows except the
current, suggested by Jan ONDREJ.
mikeb [Tue, 12 May 2015 12:56:47 +0000 (12:56 +0000)]
Fixup potential use after free and a memory leak.
Found by Maxime Villard <max at m00nbsd ! net> with the Brainy Code Scanner,
thanks!
mpi [Tue, 12 May 2015 12:35:10 +0000 (12:35 +0000)]
This file is only compiled when "pseudo-device bridge" is included in
your kernel configuration, no need for a #if NBRIDGE > 0 dance.
mpi [Tue, 12 May 2015 12:27:17 +0000 (12:27 +0000)]
MPLS also needs a definition for etherip_output(), fix build without
bridge.
stsp [Tue, 12 May 2015 11:53:13 +0000 (11:53 +0000)]
Add newly matched devices to urtwn(4) hardware list.
from Mikhail mp39590@gmail on tech@
Grammar fixes by sthen@. Made mandoc -T lint clean by me (must escape 'D1').
stsp [Tue, 12 May 2015 11:46:15 +0000 (11:46 +0000)]
Merge various urtwn(4) fixes from FreeBSD:
Match additional devices (RTL8188CU_3, DWA123D1, DWA125D1).
Fix efuse reading (fixes potential error in MAC address read from efuse).
Replace some magic numbers with macros.
Based on FreeBSD r270191, r273589, r281918, r281592, r282119, and r282623
via Mikhail mp39590@gmail on tech@
ok sthen@
stsp [Tue, 12 May 2015 11:19:35 +0000 (11:19 +0000)]
Fix definition of R92C_USTIME_TSF.
from FreeBSD r282623 via Mikhail mp39590@gmail on tech@
stsp [Tue, 12 May 2015 11:15:42 +0000 (11:15 +0000)]
regen