eric [Sat, 6 Apr 2019 10:35:48 +0000 (10:35 +0000)]
do not call freeaddrinfo() on a NULL pointer.
krw [Sat, 6 Apr 2019 08:25:05 +0000 (08:25 +0000)]
Don't mangle command line arguments with strsep(). Mangle
a strdup()'d copy and throw it away when done.
cluebat from deraadt@
jsg [Sat, 6 Apr 2019 02:56:16 +0000 (02:56 +0000)]
unbreak make includes on non-clang archs after libobjc removal
found the hard way by nayden@ ok deraadt@
schwarze [Fri, 5 Apr 2019 21:44:32 +0000 (21:44 +0000)]
insert a missing .El and fix a typo
deraadt [Fri, 5 Apr 2019 21:09:02 +0000 (21:09 +0000)]
sync
deraadt [Fri, 5 Apr 2019 21:08:00 +0000 (21:08 +0000)]
Use new rdsetroot.
deraadt [Fri, 5 Apr 2019 21:07:11 +0000 (21:07 +0000)]
take elfrdsetroot, clean it up for regular usage, and make it a full
citizen of base.
push from benno, ok mortimer ingo others
nicm [Fri, 5 Apr 2019 20:32:31 +0000 (20:32 +0000)]
Fix some warnings, from Thomas Adam.
tb [Fri, 5 Apr 2019 20:27:45 +0000 (20:27 +0000)]
sync
tb [Fri, 5 Apr 2019 20:25:42 +0000 (20:25 +0000)]
whitespace consistency
tb [Fri, 5 Apr 2019 20:25:25 +0000 (20:25 +0000)]
Add SERVER_HELLO_RETRY state
tb [Fri, 5 Apr 2019 20:23:38 +0000 (20:23 +0000)]
By design, our state machine is a DAG contrary to the state machine in
the spec. To avoid the obvious loop in the RFC's state machine, we added
a CLIENT_HELLO_RETRY state which is a second ClientHello with special
rules. There is, however, no state to react to this second client hello.
This adds a matching SERVER_HELLO_RETRY state to the handshakes table.
This means in particular that the WITH_HRR state cannot be set in
tls13_server_hello_recv(), so remove this now dead check.
ok jsing
schwarze [Fri, 5 Apr 2019 18:29:43 +0000 (18:29 +0000)]
Import SSL_CTX_add1_chain_cert(3) from OpenSSL branch 1.1.1, which is still
under a free license, omitting functions we don't have and tweaked by me;
the functions were provided by jsing@ in ssl.h rev. 1.166.
While here, also document SSL_CTX_get_extra_chain_certs(3) because
it is closely related to companion functions are already documented
and the API is kind of incomplete without it.
sthen [Fri, 5 Apr 2019 14:56:48 +0000 (14:56 +0000)]
fix link URL; pointed out by "openbsduser <at> airmail.cc"
bluhm [Fri, 5 Apr 2019 14:42:06 +0000 (14:42 +0000)]
In debug mode print TCP flag names to console correctly.
from Mitchell Krome
bluhm [Fri, 5 Apr 2019 12:58:34 +0000 (12:58 +0000)]
Broken userland software sets address bit in routing message without
providing a corresponding socket address. A stricter kernel check
returns EINVAL and the software does not work anymore. Relax the
check for OpenBSD 6.5 release so we have more time to find and fix
bugs in ports afterwards. This is a temporary workaround.
analysis sthen@; OK claudio@ jca@
deraadt [Fri, 5 Apr 2019 09:06:31 +0000 (09:06 +0000)]
it is POOL_DEBUG disable time
bentley [Fri, 5 Apr 2019 09:02:27 +0000 (09:02 +0000)]
Fix hack(6).
- Write savegames and scorefiles to the current directory instead of /var
- Save oc_name and oc_descr alongside oc_uname in all situations
- When a levitation potion times out, explicitly float down
These patches were contributed last year by "tonypony76"; thanks!
ok deraadt@, with added enthusiasm from tedu@
ratchov [Fri, 5 Apr 2019 06:14:13 +0000 (06:14 +0000)]
Try to start playback after play buffer pointers are advanced.
Allows playback to start automatically as soon as there's enough data,
even if the AUDIO_START ioctl is not called. This is mainly useful to
quickly test & debug low level drivers with simple shell commands.
tb [Fri, 5 Apr 2019 05:13:12 +0000 (05:13 +0000)]
Zap two dead #defines that were unused since jsing deleted the
record_type member of the tls13_handshake_action struct.
ok jsing
dlg [Fri, 5 Apr 2019 00:59:24 +0000 (00:59 +0000)]
print the gre protocol number as hex when vflag is enabled
this is useful for telling the MPLSes apart, and generally understanding
what you're seeing.
dlg [Fri, 5 Apr 2019 00:57:59 +0000 (00:57 +0000)]
support printing cdp over gre and ppp
ok deraadt@ mpi@ sthen@
edd [Thu, 4 Apr 2019 22:20:28 +0000 (22:20 +0000)]
Make tpm(4) attach to MSFT0101 chips.
I found this chip in my Lenovo Thinkpad X1 (5th gen):
tpm0 at acpi0: TPM_ addr 0xfed40000/0x5000: device 0x001b15d1 rev 0x10
"Yes, please commit this" deraadt@. Thanks.
tb [Thu, 4 Apr 2019 21:29:27 +0000 (21:29 +0000)]
I forgot to mark some targets as .PHONY
remi [Thu, 4 Apr 2019 19:57:08 +0000 (19:57 +0000)]
RFC 2328 mandates in 12.4.1.1 that the Link ID of the Type 3 link has to
be set to the subnet's IP address and not the interface address.
Bug report and fix from Mitchell Krome.
OK claudio@
eric [Thu, 4 Apr 2019 19:25:45 +0000 (19:25 +0000)]
accept the NULL string in the proc message formatting api and simplify
code accordingly.
jsing [Thu, 4 Apr 2019 16:53:57 +0000 (16:53 +0000)]
Implement legacy fallback for the TLS 1.3 client.
If the Server Hello received indicates that the server did not negotiate
TLS 1.3, fallback to the original TLS client implementation.
ok bcook@, tb@
jsing [Thu, 4 Apr 2019 16:44:24 +0000 (16:44 +0000)]
Clean up the cipher/digest table mess.
The original implementation allows for libcrypto to be compiled without a
given algorithm and libssl then detects that ciphers or digests are
unavailable so that it can disable the associated cipher suites.
This is unnecessary since we do not compile out algorithms.
ok beck@, tb@ (a while back)
jsing [Thu, 4 Apr 2019 15:47:15 +0000 (15:47 +0000)]
Use correct define.
jsing [Thu, 4 Apr 2019 15:10:10 +0000 (15:10 +0000)]
Only assign destlen when src is non-NULL.
This avoids ever having a non-zero len with a NULL pointer.
jsing [Thu, 4 Apr 2019 15:09:09 +0000 (15:09 +0000)]
Switch to pthread_mutex_init().
While PTHREAD_MUTEX_INITIALIZER can be used on OpenBSD, some other
platforms do not like it.
Noted by bcook@
jsing [Thu, 4 Apr 2019 15:04:26 +0000 (15:04 +0000)]
Sync.
jsing [Thu, 4 Apr 2019 15:04:03 +0000 (15:04 +0000)]
Bump libssl/libtls minors due to symbol addition.
jsing [Thu, 4 Apr 2019 15:03:21 +0000 (15:03 +0000)]
Provide SSL chain/cert chain APIs.
These allow for chains to be managed on a per-certificate basis rather than
as a single "extra certificates" list. Note that "chain" in this context
does not actually include the leaf certificate however, unlike
SSL_CTX_use_certificate_chain_{file,mem}().
Thanks to sthen@ for running this through a bulk ports build.
ok beck@ tb@
jsing [Thu, 4 Apr 2019 14:32:49 +0000 (14:32 +0000)]
This case also needs to be fatal.
sthen [Thu, 4 Apr 2019 12:42:01 +0000 (12:42 +0000)]
update root CAs in cert.pem in sync with Mozilla
ok millert@
bluhm [Thu, 4 Apr 2019 12:03:09 +0000 (12:03 +0000)]
Add an update target to regenerate the expected results.
OK krw@
nicm [Thu, 4 Apr 2019 10:25:35 +0000 (10:25 +0000)]
Fix size check for splitw -f and top level pane size for tiled layout,
problems reported by Thomas Sattler.
ratchov [Thu, 4 Apr 2019 09:23:36 +0000 (09:23 +0000)]
Simplify underruns handling: just copy silence produced by upper layer.
This makes the code less bug prone as the "rare" underruns
conditions are handled by the main non-underrun code.
kettenis [Thu, 4 Apr 2019 07:10:05 +0000 (07:10 +0000)]
Avoid potential null-pointer dereference. Found by Kent R. Spillner.
ok deraadt@, jsg@
jmc [Thu, 4 Apr 2019 06:58:56 +0000 (06:58 +0000)]
patrick confirms that this driver does not support powersave;
kettenis [Thu, 4 Apr 2019 06:33:10 +0000 (06:33 +0000)]
The ASUS E200HA reads the register at "address" 0x00 instead of 0x18.
deraadt [Thu, 4 Apr 2019 05:53:27 +0000 (05:53 +0000)]
frame-pointer elimination has encountered some resistance in ports but we
are close to release, so punt the change till after-release
easier for everyoned and especially naddy
ok tedu
deraadt [Thu, 4 Apr 2019 05:35:10 +0000 (05:35 +0000)]
sync
kettenis [Thu, 4 Apr 2019 04:49:16 +0000 (04:49 +0000)]
Add bwfm(4) such that we can use bsd.rd to update over wireless.
bket [Thu, 4 Apr 2019 04:19:54 +0000 (04:19 +0000)]
Add support for not crossing filesystem boundaries (-x) to Option
and behaviour is the same as GPL rsync.
Initial diff received feedback from benno@, schwarze@, deraadt@ and
florian@. Thanks!
OK deraadt@
naddy [Thu, 4 Apr 2019 02:28:23 +0000 (02:28 +0000)]
Remove CONFIGURE_STYLE=autoupdate setting.
Running autoupdate is not useful in a port context. No port uses this and
it appears none ever has.
ok kn@
benno [Wed, 3 Apr 2019 19:58:04 +0000 (19:58 +0000)]
YUL - Montreal Dorval International has been renamed Montreal-Pierre
Elliott Trudeau International on January 1, 2004.
anton [Wed, 3 Apr 2019 16:23:20 +0000 (16:23 +0000)]
document BIOCSRTIMEOUT errors; ok deraadt@ millert@
anton [Wed, 3 Apr 2019 16:20:23 +0000 (16:20 +0000)]
Reject negative and too large timeouts passed to BIOCSRTIMEOUT. Since
the timeout converted to ticks is later passed timeout_add(), it could
cause a panic if the timeout is negative.
ok deraadt@ millert@
Reported-by: syzbot+82cb4dfe6a1fc3d8b490@syzkaller.appspotmail.com
djm [Wed, 3 Apr 2019 15:48:45 +0000 (15:48 +0000)]
openssh-8.0
tb [Wed, 3 Apr 2019 15:33:37 +0000 (15:33 +0000)]
Avoid some out of bound accesses in aesni_cbc_hmac_sha1_cipher().
The plen variable can be NO_PAYLOAD_LENGTH == (size_t)-1, so doing
tls_aad[plen-4] is no good. Also check that the length of the AAD
set via the control interface is equal to 13 since the whole file
is written with that case in mind.
Note that we no longer use this code in LibreSSL/OpenBSD. We
eliminated the use of these control interfaces and stitched cipher
modes in libssl a while ago.
Problem found by Guido Vranken with his cryptofuzz - thanks!
input & ok beck, jsing
jca [Wed, 3 Apr 2019 14:59:34 +0000 (14:59 +0000)]
Don't test the behavior of ^L as it depends on $TERM
Suggested by anton@
jca [Wed, 3 Apr 2019 14:55:12 +0000 (14:55 +0000)]
Bind ^L (C-l) to clear-screen instead of redraw
Slightly more useful for some, same defaults as bash.
No objection deraadt@ phessler@, ok tb@ kn@ benno@
krw [Wed, 3 Apr 2019 12:57:56 +0000 (12:57 +0000)]
Take the length of an initialized string, not a
soon-but-not-yet-initialized string.
Should fix "Segmentation fault" reported by Raf
Czlonka.
yasuoka [Wed, 3 Apr 2019 11:54:56 +0000 (11:54 +0000)]
Fix the bug that radius module didn't work when the size of radius message
changes.
jmc [Wed, 3 Apr 2019 10:31:18 +0000 (10:31 +0000)]
spelling mistake in previous - sorry, klemens!
jsg [Wed, 3 Apr 2019 10:31:10 +0000 (10:31 +0000)]
Correct access to doorbell. In radeondrm this is only present and used
with gfx7/sea islands hardware. Fixes ring 2 test failure on
carrizo-l/mullins.
Problem found by kettenis@ in a different part of the drm 4.19 tree.
kn [Wed, 3 Apr 2019 08:56:00 +0000 (08:56 +0000)]
Recommend ROUTE_TABLEFILTER over SO_RTABLE
SO_TABLE is not applicable to AF_ROUTE, ROUTE_TABLEFILTER works across all
families and goes well in line with the other ROUTE_* macros.
While here, document RTABLE_ANY and mention rtable(4).
OK claudio jmc
ratchov [Wed, 3 Apr 2019 07:47:20 +0000 (07:47 +0000)]
Always copy data (if any) whenever a new bounce buffer is available.
ratchov [Wed, 3 Apr 2019 07:44:52 +0000 (07:44 +0000)]
Check for available space before copying data to the bounce buffers.
No behavior change as we don't call uaudio_pdata_copy() in situations
when bounce buffers may not be available.
ratchov [Wed, 3 Apr 2019 07:38:12 +0000 (07:38 +0000)]
Make the uaudio_stream->ubuf_xfer relative to current xfer number.
No behavior change. The new representation is equivalent but eases
detection of overflows and underflows.
nicm [Wed, 3 Apr 2019 06:43:19 +0000 (06:43 +0000)]
Do not load /etc/tmux.conf if given -f.
nicm [Wed, 3 Apr 2019 06:43:04 +0000 (06:43 +0000)]
screen_write_fast_copy can no longer assume the target screen is default
(it isn't for the pane status lines).
jmc [Wed, 3 Apr 2019 06:24:07 +0000 (06:24 +0000)]
tweak previous;
deraadt [Wed, 3 Apr 2019 05:48:52 +0000 (05:48 +0000)]
sync
tedu [Wed, 3 Apr 2019 04:52:26 +0000 (04:52 +0000)]
mortimer unlinked libobjc from the build, but didn't know how to cvs rm.
I don't know much about compilers, but what I do have are a very particular
set of skills. Skills I have acquired over a very long career.
florian [Wed, 3 Apr 2019 03:48:45 +0000 (03:48 +0000)]
Default to port 853 if DoT is used; pointed out by tedu
naddy [Wed, 3 Apr 2019 02:18:03 +0000 (02:18 +0000)]
Remove the CONFIGURE_STYLE=automake setting. Its semantics have been a
long-standing source of confusion and it is no longer used by any ports.
ok sthen@ kn@ ajacoutot@
krw [Wed, 3 Apr 2019 01:17:53 +0000 (01:17 +0000)]
Update *.ok files to reflect recent modifications to
the auto allocation tables.
krw [Wed, 3 Apr 2019 01:10:30 +0000 (01:10 +0000)]
Add comment to prod updates to regress/sbin/disklabel
*.ok files whenever space_allocation tables are
modified.
dlg [Wed, 3 Apr 2019 00:02:02 +0000 (00:02 +0000)]
actually use the words "split-horizon" when talking about vpls bridge setup
dlg [Tue, 2 Apr 2019 23:50:14 +0000 (23:50 +0000)]
document how to do split-horizon setups with mpw
this is needed^Wuseful since the kernel doesn't implicitly implement
split horizon in bridge for mpw anymore. it does allow the joining
of different VPLS meshes on the same bridge now though.
based on discussion with Lee Nelson and Mitchell Krome
thfr [Tue, 2 Apr 2019 20:24:32 +0000 (20:24 +0000)]
disable MSI for AMD Summit Ridge/Raven Ridge HD Audio as workaround for audio stopping after varying amounts of time. ok brynet@, deraadt@
jmc [Tue, 2 Apr 2019 19:45:23 +0000 (19:45 +0000)]
add acpipci;
jmc [Tue, 2 Apr 2019 19:41:53 +0000 (19:41 +0000)]
kettenis has written an mi page for this, so remove this one; ok kettenis (i think)
jmc [Tue, 2 Apr 2019 19:39:32 +0000 (19:39 +0000)]
spelling;
jmc [Tue, 2 Apr 2019 19:37:04 +0000 (19:37 +0000)]
be consistent with "DoT"; from raf czlonka
nicm [Tue, 2 Apr 2019 18:41:24 +0000 (18:41 +0000)]
Silence flag should use the same option as activity, reported by Thomas
Sattler.
kn [Tue, 2 Apr 2019 14:12:09 +0000 (14:12 +0000)]
Clarify preposition
Any messages sent to the kernel are returned, and copies are sent to all
interested listeners. The kernel will provide the process ID for the
sender [...]
Change the last "for" to "of", making it even clearer that the kernel tells
listeners about the sender's PID; it does not provide anything back to the
sender in particular.
"Seems right" deraadt
visa [Tue, 2 Apr 2019 13:07:28 +0000 (13:07 +0000)]
Restrict which filesystems are available for swap. This rules out
obvious misconfigurations that cannot work.
OK mpi@ tedu@
mortimer [Tue, 2 Apr 2019 13:01:52 +0000 (13:01 +0000)]
Enable frame pointer elimination on i386, amd64 and mips64 when given
optimization flags.
ok kettenis@ visa@
jsg [Tue, 2 Apr 2019 12:59:56 +0000 (12:59 +0000)]
libLLVM.a is no longer installed
deraadt [Tue, 2 Apr 2019 12:59:34 +0000 (12:59 +0000)]
sync
deraadt [Tue, 2 Apr 2019 12:57:00 +0000 (12:57 +0000)]
Do not install libLLVM.a. At present the clang tools are either
static-linked against private copy, or dynamic tools against the *.so,
or ports use independent componented versions. Saves ~85MB in /usr.
ok jsg
deraadt [Tue, 2 Apr 2019 12:55:05 +0000 (12:55 +0000)]
new variable NOLIBSTATIC= prevents installation of a static library,
in cases where you don't want it installed, or it isn't built.
ok jsg
sthen [Tue, 2 Apr 2019 12:30:20 +0000 (12:30 +0000)]
fix broken comment
deraadt [Tue, 2 Apr 2019 11:30:07 +0000 (11:30 +0000)]
Remove commented-out historical ranlib operation, which would be
duplicate work.
deraadt [Tue, 2 Apr 2019 11:29:34 +0000 (11:29 +0000)]
only static libraries undergo ranlink
dlg [Tue, 2 Apr 2019 11:10:54 +0000 (11:10 +0000)]
print MPLS_MCAST as mpls, rather than unknown
The caveat with this is that MPLS and MPLS_MCAST look exactly the
same. I could prefix the MCAST line with "multicast" or something,
but like everything else in MPLS the meaning of that protocol type
is supposed to have changed. It's no longer meant to indicate
multicast mpls, but mpls with a label selected by an upstream. So
what's the right thing to do?
noticed by Mitchell Krome, who used this breakage to identify another
problem, which won't happen anymore.
deraadt [Tue, 2 Apr 2019 11:05:55 +0000 (11:05 +0000)]
annoying white space
deraadt [Tue, 2 Apr 2019 11:02:01 +0000 (11:02 +0000)]
BOGO_PC is an invalid userland address, which indicates kbind() is now
disabled in the process. Rather than tying it to KERNBASE, make it simply
-1, which means it even more invalid..
ok tedu
deraadt [Tue, 2 Apr 2019 11:00:22 +0000 (11:00 +0000)]
retguard has now replaced the stack protector on clang architectures,
the kernel does not need a __stack_smash_handler function.
WARNING: You need a fairly new clang, approximately > March 31.
with mortimer
dlg [Tue, 2 Apr 2019 10:52:33 +0000 (10:52 +0000)]
call pf_pkt_addr_changed on input
makes this consistent with other tunnel drivers, but mostly to avoid
having state info leak between layers of encapsulation.
yasuoka [Tue, 2 Apr 2019 10:50:20 +0000 (10:50 +0000)]
Fix ddb not to write its history to out of the region. When the
inputted line just ends at sizeof(db_history), ddb started writing the
histories to out of the region. diff from IIJ.
ok deraadt anton
dlg [Tue, 2 Apr 2019 10:50:16 +0000 (10:50 +0000)]
clear the BCAST and MCAST mbuf flags for "outgoing" packets.
if these remain set then output on the underlying interface may
mistakenly be done with the wrong protocol type (eg, MPLS_MCAST
instead of MPLS), and to the wrong link layer address.
reported by Lee Nelson
the specific problem was identified by Mitchell Krome
dlg [Tue, 2 Apr 2019 10:46:02 +0000 (10:46 +0000)]
some mbuf ph_rtableid fixes
consistently set the rtabled for "outgoing" packets to the encap
rdomain. use this for rtallocs in mpip too instead of assuming 0.
sthen [Tue, 2 Apr 2019 09:42:55 +0000 (09:42 +0000)]
When curve25519 was added to iked, it was based on the internet-draft and
used a private-use group number. Switch to the group number assigned in
RFC8031 as used in other implementations.
"this is the right time" deraadt@ "I like the idea" reyk@
If you use iked<>iked and have configured curve25519 in iked.conf (this
is not the default), you can switch to another PFS group before updating
then switch back. OpenBSD 6.3+ allows multiple "ikesa" lines so the
initiator can choose which to use.
jmc [Tue, 2 Apr 2019 09:20:52 +0000 (09:20 +0000)]
move the captive portal text into the actual block;
add an entry for /etc/example/unwind.conf;
sort;
ok florian
nicm [Tue, 2 Apr 2019 09:03:39 +0000 (09:03 +0000)]
Add an argument to copy commands to set the prefix for the buffer name,
allows buffers for different sessions to be named separately.