guenther [Wed, 19 Sep 2018 05:23:16 +0000 (05:23 +0000)]
Delete checks of the CST bit_width ('vendor') field, as new Ryzen machines
are showing up with vendor 2 and it doesn't seem to mean anything: Linux
doesn't check it at all, so this exhibits all the normal ACPI spec lossage
tested in snaps for a few weeks
shrug kettenis@
ccardenas [Wed, 19 Sep 2018 04:29:21 +0000 (04:29 +0000)]
Various clean up items for disks.
- qcow2: general cleanup
- vioraw: check malloc
- virtio: add function to sync disks
- vm: call virtio_shutdown to sync disks when vm is finished executing
Thanks to Ori Bernstein.
Ok miko@
djm [Wed, 19 Sep 2018 02:03:02 +0000 (02:03 +0000)]
Make "ssh-add -q" do what it says on the tin: silence output from
successful operations.
Based on patch from Thijs van Dijk; ok dtucker@ deraadt@
bluhm [Tue, 18 Sep 2018 20:47:11 +0000 (20:47 +0000)]
Updating time counters without memory barriers is wrong. Put
membar_producer() into tc_windup() and membar_consumer() into the
uptime functions. They order the visibility of the time and
generation number updates.
This is a combination of what NetBSD and FreeBSD do.
OK kettenis@
patrick [Tue, 18 Sep 2018 20:21:40 +0000 (20:21 +0000)]
Update to compiler-rt 6.0.0.
tested by naddy@
ok kettenis@
deraadt [Tue, 18 Sep 2018 19:40:15 +0000 (19:40 +0000)]
sync
naddy [Tue, 18 Sep 2018 19:15:40 +0000 (19:15 +0000)]
6.5 packages key
deraadt [Tue, 18 Sep 2018 18:48:16 +0000 (18:48 +0000)]
6.5 base key
anton [Tue, 18 Sep 2018 18:36:27 +0000 (18:36 +0000)]
whitespace fix; no binary change
anton [Tue, 18 Sep 2018 18:25:31 +0000 (18:25 +0000)]
Backport support for option -a to addr2line, which will display each address
given as input before the resolved source location. This change was introduced
to bintutils after the switch from GPLv2 but the author Tristan Gingold granted
me permission relicense the diff under GPLv2; thanks!
Taken as is from binutils commit
be6f64938f985dfb0eaa2107b99f193bb865ce04
This option is used by the syzkaller kernel fuzzer to produce a human readable
representation of the coverage collected by kcov.
ok deraadt@ jca@ visa@
millert [Tue, 18 Sep 2018 17:48:22 +0000 (17:48 +0000)]
Restore the xmalloc(), xcalloc(), xreallocarray() and xstrdup() changes.
OK deraadt@
naddy [Tue, 18 Sep 2018 17:43:40 +0000 (17:43 +0000)]
The dmesg buffer is sufficiently large now that using the accumulated
output from several boots in the dmesg listener can overflow the
ramdisk, so use only one boot's worth of dmesg in the listener.
sed(1) expression from kn@. ok deraadt@
sthen [Tue, 18 Sep 2018 16:54:01 +0000 (16:54 +0000)]
s/mulitprotocol/multiprotocol/ in error text
mlarkin [Tue, 18 Sep 2018 16:02:08 +0000 (16:02 +0000)]
vmm(4): Reset host LDTR on exit for SVM
For SVM machines, the LDT content remains set to that of the guest VM on
exit (as compared to Intel/VMX which resets the LDTR to 0). This fix
ensures the LDT is reset to 0 on SVM exits.
Leaving the LDT set to the guest's choice could allow a malicious process
to escalate its privileges with the help of a malicious VM that they
also are able to run on the machine.
This was reported by Maxime Villard; thanks!
claudio [Tue, 18 Sep 2018 15:15:32 +0000 (15:15 +0000)]
Start testing the roa backend (test 5) and cleanup tool in general.
claudio [Tue, 18 Sep 2018 15:14:07 +0000 (15:14 +0000)]
Backend for roa-sets. This combines as_sets and prefix-set tries to do
proper ROA checking. There is a new match function trie_roa_check which
does a trie traversal and looks for candidates and matches. If prefix
is not covered then ROA_UNKNOWN is returned, if prefix is covered by an
entry it will return ROA_INVALID unless the source-as / maxlen combo is
matching (ROA_VALID).
OK and input sthen@
tb [Tue, 18 Sep 2018 15:14:06 +0000 (15:14 +0000)]
Fix typo in previous: group_from_gid(st->st_gid, 1), not st_uid.
This broke the chmod regression test, as noted and tracked down
by bluhm.
ok millert
denis [Tue, 18 Sep 2018 13:55:28 +0000 (13:55 +0000)]
fix a crash when prefix length is not specified
bluhm [Tue, 18 Sep 2018 13:53:09 +0000 (13:53 +0000)]
Increase minimum size for /usr/obj partition to 5 Gig. This allows
to run make build and make regress after a default install.
OK deraadt@
deraadt [Tue, 18 Sep 2018 13:45:09 +0000 (13:45 +0000)]
grow arm64 ramdisk
kn [Tue, 18 Sep 2018 12:55:19 +0000 (12:55 +0000)]
fix table commands under anchors
With r1.358 I simplified anchor handling but also broke semantics with
regard to tables:
# pfctl -a aname -t tname -T show
pfctl: anchors apply to -f, -F and -s only
Unbreak this by checking for table commands as well.
OK bluhm
espie [Tue, 18 Sep 2018 12:49:10 +0000 (12:49 +0000)]
document parallel2
jmatthew [Tue, 18 Sep 2018 07:21:49 +0000 (07:21 +0000)]
cast HWRM_NA_SIGNATURE when shortening it to keep gcc happy, prodded by jsg@
deraadt [Tue, 18 Sep 2018 06:56:09 +0000 (06:56 +0000)]
backout last week of csh diffs. They are disasterously broken, on i386
it becomes entirely unusable.
mestre [Tue, 18 Sep 2018 06:36:18 +0000 (06:36 +0000)]
fix memory leak in ieee80211_end_scan()
OK phessler@ jsg@
miko [Tue, 18 Sep 2018 06:21:45 +0000 (06:21 +0000)]
ellapsed -> elapsed; ok jmc@
miko [Tue, 18 Sep 2018 06:05:45 +0000 (06:05 +0000)]
i forgot to sync sndiod with aucat/dsp.c rev 1.12
miko [Tue, 18 Sep 2018 04:29:58 +0000 (04:29 +0000)]
clear p->ctx array with memset(); ok ratchov@
millert [Tue, 18 Sep 2018 03:10:53 +0000 (03:10 +0000)]
Use user_from_uid(3) if getlogin(2) fails, storing the uid as a
string if there is no passwd entry. OK tb@
millert [Tue, 18 Sep 2018 03:09:55 +0000 (03:09 +0000)]
Use user_from_uid(3) instead of getpwuid(3) and keep the passwd
file open. OK tb@
millert [Tue, 18 Sep 2018 03:05:42 +0000 (03:05 +0000)]
Account from the fact that we store ech entry three times when
estimating the number of hash table elements. Also set the bucket
size to be the optimal file system block size instead of hard-coding
to 4096. OK tb@
miko [Tue, 18 Sep 2018 02:29:10 +0000 (02:29 +0000)]
remove macros for xmalloc(), xcalloc() & xreallocarray() and just name the
functions that.
ok millert@ martijn@
tb [Tue, 18 Sep 2018 01:05:37 +0000 (01:05 +0000)]
fix order of arguments in fmt.Printf()
tb [Mon, 17 Sep 2018 18:18:01 +0000 (18:18 +0000)]
Simplify initialization of asn1_cb; use correct spelling of NULL.
sthen [Mon, 17 Sep 2018 17:06:33 +0000 (17:06 +0000)]
typo in comment
martijn [Mon, 17 Sep 2018 16:00:19 +0000 (16:00 +0000)]
Replace any() with strchr(3).
OK millert@ and miko@
jmc [Mon, 17 Sep 2018 15:46:37 +0000 (15:46 +0000)]
update the installed path for sendmail: from matt schwartz
trim the comment - it is just repeating info
ok benno
jmc [Mon, 17 Sep 2018 15:44:16 +0000 (15:44 +0000)]
clean up the amount of printf in usage(): from sascha paunovic
move the descriptive text in usage() to the man page: from robert klein
millert [Mon, 17 Sep 2018 15:41:17 +0000 (15:41 +0000)]
Use the strict pragma for better warnings.
millert [Mon, 17 Sep 2018 15:40:14 +0000 (15:40 +0000)]
When choosing a prime from the moduli file, avoid re-using the
linenum variable for something that is not a line number to avoid
the confusion that resulted in the bug in rev. 1.64. This also
lets us pass the actual linenum to parse_prime() so the error
messages include the correct line number. OK markus@ some time ago.
cheloha [Mon, 17 Sep 2018 15:37:35 +0000 (15:37 +0000)]
Move tally mark printing out of the main benchmark loop; ok tb@
visa [Mon, 17 Sep 2018 14:56:37 +0000 (14:56 +0000)]
Simplify VFS initialization.
Because loadable kernel modules are no longer, there is no need to
register or unregister filesystem implementations at runtime. Remove
vfs_register() and vfs_unregister(), and make vfsinit() call vfs_init
routines directly. Replace the linked list of vfsconf structs with
the vfsconflist[] array.
OK mpi@ bluhm@
mestre [Mon, 17 Sep 2018 14:14:39 +0000 (14:14 +0000)]
unveil(2) "path" (/dev/audioctl0 by default, or changed via args) with rw
access and disable further calls to unveil(2) with unveil(NULL, NULL).
OK ratchov@
friehm [Mon, 17 Sep 2018 14:07:48 +0000 (14:07 +0000)]
Do not acknowledge a received ack-only tcp packet that we would drop due to
PAWS. Otherwise we could trigger a retransmit of the opposite party with another
wrong timestamp and produce loop. I have seen this with a buggy server which
messed up tcp timestamps.
Suggested by Prof. Jacobson for FreeBSD.
ok krw, bluhm, henning, mpi
claudio [Mon, 17 Sep 2018 13:35:36 +0000 (13:35 +0000)]
Rename struct as_set to struct irr_as_set to not conflict with bgpd.
OK $CC
espie [Mon, 17 Sep 2018 12:39:46 +0000 (12:39 +0000)]
avoid calling make_full for determining special file status, since we
can rely on is_info_name + cwd == '.'
eric [Mon, 17 Sep 2018 12:16:27 +0000 (12:16 +0000)]
simplify code path for backup relay and remove useless flag
ok gilles@
sthen [Mon, 17 Sep 2018 10:00:41 +0000 (10:00 +0000)]
remove binary doc files that aren't really useful to have in-tree
sthen [Mon, 17 Sep 2018 09:46:12 +0000 (09:46 +0000)]
merge conflicts
sthen [Mon, 17 Sep 2018 09:43:42 +0000 (09:43 +0000)]
import unbound 1.7.3, testing from benno@ and Brad.
jsg [Mon, 17 Sep 2018 02:34:16 +0000 (02:34 +0000)]
fix memory leaks in ieee80211_add_ess()
ok stsp@ phessler@
stsp [Sun, 16 Sep 2018 19:41:45 +0000 (19:41 +0000)]
Fix length checks in the receive path of iwm(4).
Prompted by a panic reported by Xavier Guerin on bugs@
ok tb@
bluhm [Sun, 16 Sep 2018 19:36:33 +0000 (19:36 +0000)]
The kernel does not set the address family for the socket addresses
that are used for netmask, broadcast, and destination address. In
pfctl(8) take the family of the interface address and write it to
the other addresses. This fixes some bugs when copy_satopfaddr()
copied only part of IPv6 addresses. Print a warning if the address
family is unknown.
OK kn@
tb [Sun, 16 Sep 2018 19:22:50 +0000 (19:22 +0000)]
add missing default case to switch
bluhm [Sun, 16 Sep 2018 18:58:36 +0000 (18:58 +0000)]
If a prefix without length was specifed in the config file, then
128 was used. This does not make much sense for rad(8). Change
the default prefixlen to 64.
OK florian@
tb [Sun, 16 Sep 2018 18:44:33 +0000 (18:44 +0000)]
EVP_aead_chacha20_poly1305() can't actually fail.
krw [Sun, 16 Sep 2018 17:37:11 +0000 (17:37 +0000)]
Unbreak tree with 'char *' -> 'const char *' for
userid().
kettenis [Sun, 16 Sep 2018 14:27:32 +0000 (14:27 +0000)]
Add support for setting NVRAM variables.
millert [Sun, 16 Sep 2018 12:43:40 +0000 (12:43 +0000)]
Add missing includes for setpassent() and setgroupent().
kettenis [Sun, 16 Sep 2018 12:26:06 +0000 (12:26 +0000)]
Adjust sparc64 bits after libunwind 6.0.0 update.
ok visa@
kettenis [Sun, 16 Sep 2018 12:17:05 +0000 (12:17 +0000)]
Various improvements to generate logical domain configurations that are
accepted by more modern firmwares. In particular on SPARC T3 machines.
Tested on a t1k and t5120.
tb [Sun, 16 Sep 2018 11:45:08 +0000 (11:45 +0000)]
Rename *AesCcmOrGcm* into the slightly less ugly *AesAead*.
visa [Sun, 16 Sep 2018 11:41:44 +0000 (11:41 +0000)]
Move vfsconf lookup code into dedicated functions.
OK bluhm@
bluhm [Sun, 16 Sep 2018 08:53:02 +0000 (08:53 +0000)]
With prefixlen 128, mask_prefix() in rad(8) caused a stack overflow
in the config parser. Add an out of bounds check for the in6_addr.
OK florian@
millert [Sun, 16 Sep 2018 02:44:06 +0000 (02:44 +0000)]
Use uid_from_user(3) and gid_from_group(3) in utilities that
do repeated lookups. OK tb@
millert [Sun, 16 Sep 2018 02:43:11 +0000 (02:43 +0000)]
Use user_from_uid(3) and group_from_gid(3) in a few more places
that do repeated lookups. OK tb@
millert [Sun, 16 Sep 2018 02:42:19 +0000 (02:42 +0000)]
Use user_from_uid(3) and group_from_gid(3) to avoid extra passwd
and group file lookups. This required a bit of reordering of the
file mode handling bits to deal with the const char *. OK tb@
millert [Sun, 16 Sep 2018 02:41:16 +0000 (02:41 +0000)]
Use user_from_uid(3), group_from_gid(3), uid_from_user(3) and
gid_from_group(3) to avoid repeatedly looking up the same user/group.
Also keep the passwd and group files open to avoid opening and
closing them all the time. OK tb@
millert [Sun, 16 Sep 2018 02:38:57 +0000 (02:38 +0000)]
Replace the local getname() and getuserid() functions with calls
to user_from_uid(3) and uid_from_user(3). This requires sprinkling
const in a few places to match the return value of user_from_uid(3).
OK tb@
tb [Sat, 15 Sep 2018 22:09:08 +0000 (22:09 +0000)]
another typo. time to sleep
tb [Sat, 15 Sep 2018 22:07:52 +0000 (22:07 +0000)]
typos
tb [Sat, 15 Sep 2018 22:03:28 +0000 (22:03 +0000)]
add a brief comment on the acceptable AES CCM and AES GCM cases
tb [Sat, 15 Sep 2018 19:12:31 +0000 (19:12 +0000)]
Also exercise EVP_aead_aes_128_gcm() and EVP_aead_aes_256_gcm().
tb [Sat, 15 Sep 2018 19:09:07 +0000 (19:09 +0000)]
rename checkChaCha20Poly1305{Open,Seal}() into checkAead{Open,Seal}().
tb [Sat, 15 Sep 2018 19:06:47 +0000 (19:06 +0000)]
Merge AES CCM, AES GCM and ChaCha20 data structures into
single AEAD types. Will be used in upcoming commits.
tb [Sat, 15 Sep 2018 16:05:17 +0000 (16:05 +0000)]
Add missing conversion specifier
inoguchi [Sat, 15 Sep 2018 13:26:13 +0000 (13:26 +0000)]
Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x
- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable
kettenis [Sat, 15 Sep 2018 13:20:16 +0000 (13:20 +0000)]
Add support for version 2.0 of the mdstore protocol.
miko [Sat, 15 Sep 2018 12:15:32 +0000 (12:15 +0000)]
strsave() is hard-fail strdup() so simplify and rename to xstrdup().
with help from martijn@.
ok millert@ martijn@
bentley [Sat, 15 Sep 2018 09:44:19 +0000 (09:44 +0000)]
Fix fortune underlines and use the right number of underscores in Notes.
ok sthen@
mestre [Fri, 14 Sep 2018 23:40:10 +0000 (23:40 +0000)]
Initialize the TDB to NULL in ipsec_common_input() and
ipsec_{input,output}_cb() so that in the case of sending or receiving a bogus
mbuf (NULL) we don't end up trying to dereference the TDB, while being an
uninitialized pointer, to increase the drops.
Coverity IDs
1473312,
1473313 and
1473317.
OK mpi@ visa@
bluhm [Fri, 14 Sep 2018 18:17:46 +0000 (18:17 +0000)]
Do not leak a file descriptor when opening nohup.out. Make sure
that stdout and stderr are not closed.
from Nan Xiao
claudio [Fri, 14 Sep 2018 13:58:20 +0000 (13:58 +0000)]
Unify and bump some of the NMBCLUSTERS defines. Some archs had it set to
4MB which is far too low especially when the platform is able to run MP.
New limits are, amd64 = 256M; arm64, mips64, sparc64 = 64M; alpha, arm,
hppa, i386, powerpc = 32M; m88k, sh = 8M
Still rather conservative numbers but much better than before. At least
some hangs of arm64 build boxes was caused by this.
OK kettenis@, visa@
inoguchi [Fri, 14 Sep 2018 13:54:57 +0000 (13:54 +0000)]
Add interoperability test mode for regress appstest.sh
- test s_server and s_client between different version by option -i
- indicate other version by defining OTHER_OPENSSL environment variable
- fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term
- s/SKIPPNG/SKIPPING/
naddy [Fri, 14 Sep 2018 13:49:01 +0000 (13:49 +0000)]
add gapdummy.c to the "clean" target like other generated files
ok visa@ jsg@ phessler@
naddy [Fri, 14 Sep 2018 13:44:18 +0000 (13:44 +0000)]
Pass -L/usr/lib to the linker in preparation for switching to lld, which
does not have a default search path. ok kettenis@ jsg@
naddy [Fri, 14 Sep 2018 13:37:52 +0000 (13:37 +0000)]
Pass CC/CFLAGS/LDFLAGS to the configure script. ok millert@
bluhm [Fri, 14 Sep 2018 12:55:17 +0000 (12:55 +0000)]
In general it is a bad idea to use one random secret for two things.
The inet PCB uses one hash with local and foreign addresses, and
one with local port numbers. Give both hashes separate keys. Also
document the struct fields.
OK visa@
florian [Fri, 14 Sep 2018 10:28:55 +0000 (10:28 +0000)]
No longer needed since the ping/ping6 unification.
Pointed out by Clemens Goessnitzer (clemens AT goessnitzer.info), thanks!
claudio [Fri, 14 Sep 2018 10:23:42 +0000 (10:23 +0000)]
Adjust and extend unit test for as_set after last bgpd commit
OK benno@
claudio [Fri, 14 Sep 2018 10:22:55 +0000 (10:22 +0000)]
Adjust the dummy as_set_match function to new prototype after last bgpd commit
OK benno@
claudio [Fri, 14 Sep 2018 10:22:11 +0000 (10:22 +0000)]
Extend as_set to allow for different sized objects to be added. The only
requirement is that the first value of the struct is a 32bit ID which is
used in the bsearch. This allows to add more than just as numbers to a
set. as_set_match now returns a pointer to this data or NULL if not found.
OK benno@
miko [Fri, 14 Sep 2018 08:45:46 +0000 (08:45 +0000)]
ansify auich_trigger_input() and remove #ifdef around DPRINTF(); ok ratchov@
miko [Fri, 14 Sep 2018 08:37:34 +0000 (08:37 +0000)]
mark some suspend/resume functions always returning zero as void; ok ratchov@
jsg [Fri, 14 Sep 2018 07:25:02 +0000 (07:25 +0000)]
unbreak userland uses of in_pcb.h by including sys/refcnt.h
ok visa@
djm [Fri, 14 Sep 2018 05:26:27 +0000 (05:26 +0000)]
second try, deals properly with missing and private-only keys:
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains (where available) the key filename, its type and fingerprint,
and whether the key is hosted in an agent or a token.
djm [Fri, 14 Sep 2018 04:44:04 +0000 (04:44 +0000)]
revert following; deals badly with agent keys
revision 1.285
date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK;
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
djm [Fri, 14 Sep 2018 04:17:44 +0000 (04:17 +0000)]
garbage-collect moribund ssh_new_private() API.
djm [Fri, 14 Sep 2018 04:17:12 +0000 (04:17 +0000)]
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
bluhm [Thu, 13 Sep 2018 19:53:58 +0000 (19:53 +0000)]
Add reference counting for inet pcb, this will be needed when we
start locking the socket. An inp can be referenced by the PCB queue
and hashes, by a pf mbuf header, or by a pf state key.
OK visa@