millert [Wed, 29 Apr 2015 00:13:26 +0000 (00:13 +0000)]
Add missing #include <stdint.h> for SIZE_MAX
doug [Wed, 29 Apr 2015 00:11:12 +0000 (00:11 +0000)]
Add missing BN_CTX_end() calls.
After calling BN_CTX_start(), there must be a BN_CTX_end() before
returning. There were missing BN_CTX_end() calls in error paths. One diff
chunk was simply removing redundant code related to this.
ok deraadt@
halex [Wed, 29 Apr 2015 00:10:44 +0000 (00:10 +0000)]
VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still
worth noting
"go ahead" schwarze@
kettenis [Tue, 28 Apr 2015 22:29:24 +0000 (22:29 +0000)]
Explicitly include .codepatch and .codepatchend in .rodata such that
the binutils 2.17 linker doesn't make them disappear.
ok deraadt@, guenther@
sthen [Tue, 28 Apr 2015 21:41:40 +0000 (21:41 +0000)]
ajacoutot spotted a problem with the new sshd logic (to disable root logins
by default completely in most cases, except where a public ssh key was provided
to autoinstall) - in the case where a (non-root) account was created, sshd
was being disabled; this diff fixes it. Looks good ajacoutot, OK djm@,
extensive testing+OK rpe@,
kettenis [Tue, 28 Apr 2015 20:54:18 +0000 (20:54 +0000)]
Protect the per-process itimerval structs with a mutex. We update these
from hardclock() which runs without grabbing the kernel lock. This means
that two threads could concurrently update the struct which could lead to
corruption of the value which in turn could stop the timer. It could also
result in getitimer(2) returning a non-normalized value.
With help from guenther@.
ok deraadt@, guenther@
kettenis [Tue, 28 Apr 2015 18:39:13 +0000 (18:39 +0000)]
Don't grab the kernel lock for clock interrupts. The way we use mutexes
these days is incompatible with that practice and leads to deadlocks.
ok jsing@
mpi [Tue, 28 Apr 2015 14:51:50 +0000 (14:51 +0000)]
Make sure to overwrite sdl_type after calling ether_ifattach().
Fix a problem found by Johan Huldtgren, ok phessler@
jsg [Tue, 28 Apr 2015 14:07:47 +0000 (14:07 +0000)]
Fix a memory leak in an error path found by Maxime Villard's
Brainy Code Scanner.
jmc [Tue, 28 Apr 2015 14:07:16 +0000 (14:07 +0000)]
tidy up the prebind text; prompted by zhuk
jmc [Tue, 28 Apr 2015 13:47:38 +0000 (13:47 +0000)]
enviroment -> environment: apologies to darren for not spotting that first
time round...
nicm [Tue, 28 Apr 2015 12:09:24 +0000 (12:09 +0000)]
If looking for an index, don't fill in window when given a session.
nicm [Tue, 28 Apr 2015 11:57:20 +0000 (11:57 +0000)]
Do not do a search for the tty path if there isn't one.
nicm [Tue, 28 Apr 2015 11:33:17 +0000 (11:33 +0000)]
If can't find pane as a pane, try as a window; likewise if can't find
window as a session.
nicm [Tue, 28 Apr 2015 10:43:13 +0000 (10:43 +0000)]
Add select-layout -o to undo the last layout change (apply the previously
set layout).
dtucker [Tue, 28 Apr 2015 10:25:15 +0000 (10:25 +0000)]
Fix typo in previous
dtucker [Tue, 28 Apr 2015 10:17:58 +0000 (10:17 +0000)]
Document that the TERM environment variable is not subject to SendEnv
and AcceptEnv. bz#2386, based loosely on a patch from jjelen at redhat,
help and ok jmc@
stsp [Tue, 28 Apr 2015 07:55:13 +0000 (07:55 +0000)]
In rtsx(4), condense the list of support chips in a comment, remove the unused
F_5227 flag, sort PCI IDs, and fix a typo in a comment. No functional change.
from brad
mlarkin [Tue, 28 Apr 2015 05:54:31 +0000 (05:54 +0000)]
Someone went to the trouble of vertically aligning a set of parameters but
missed one. This diff is only a spacing change.
lteo [Tue, 28 Apr 2015 02:26:43 +0000 (02:26 +0000)]
Add a missing free in the error path.
ok nicm@
djm [Mon, 27 Apr 2015 23:17:11 +0000 (23:17 +0000)]
Rework sshd enable root login questions in light of sshd PermitRootLogin
default change. The new default is not to ask to enable root logins
when a non-root user has been addedi. There is some additional sublety
for auto-installs that provide root ssh keys.
patch by myself and rpe@ with feedback from sthen@;
ok rpe@ deraadt@ sthen@
nicm [Mon, 27 Apr 2015 22:58:58 +0000 (22:58 +0000)]
Do not include unattached clients when trying to find one for target.
nicm [Mon, 27 Apr 2015 22:50:35 +0000 (22:50 +0000)]
Reset cfg_ncauses to 0 as well or we could allocate the wrong size if
called again.
nicm [Mon, 27 Apr 2015 22:42:10 +0000 (22:42 +0000)]
Assign to the right variable when comparing clients.
djm [Mon, 27 Apr 2015 21:42:48 +0000 (21:42 +0000)]
Make sshd default to PermitRootLogin=no;
ok deraadt@ rpe@
bluhm [Mon, 27 Apr 2015 20:01:59 +0000 (20:01 +0000)]
Let the HTTP client close the connection within an incomplete header
line. Check that the session in relayd gets closes and it does not
result in a file descriptor leak.
Bug in relayd found by claudio@.
nicm [Mon, 27 Apr 2015 19:12:27 +0000 (19:12 +0000)]
Simplify remote(5) example file and remove stuff not supported by cu(1).
some tweaks from sobrado@, ok deraadt@
nicm [Mon, 27 Apr 2015 16:25:57 +0000 (16:25 +0000)]
Rewrite of the target resolution internals to be simpler and more
consistent but with much less duplication, but keeping the same internal
API. Also adds more readable aliases for some of the special tokens used
in targets (eg "{start}" instead of "^"). Some behaviours may have
changed, for example prefix matches now happen before fnmatch.
mpi [Mon, 27 Apr 2015 14:51:44 +0000 (14:51 +0000)]
Do not call nd6_purge() before purging the IPv6 addresses of a detached
interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently
exposed by a crazy pool/malloc damage finder being currently refined by
dlg@ and deraadt@.
ok mikeb@, henning@
nicm [Mon, 27 Apr 2015 13:52:17 +0000 (13:52 +0000)]
Use a systrace(4) sandbox with a short whitelist of allowed syscalls for
the file(1) child process. Based on similar code in ssh sandbox-systrace.c.
Idea and help from deraadt@.
nicm [Mon, 27 Apr 2015 13:48:06 +0000 (13:48 +0000)]
Add a _file user and use for privsep, ok deraadt
nicm [Mon, 27 Apr 2015 13:41:45 +0000 (13:41 +0000)]
Add simple privilege separation to file(1). Two processes, file
descriptors and a few other bits are opened in parent and passed to
child using imsg. Child currently drops to "nobody" but this will change.
kettenis [Mon, 27 Apr 2015 13:25:10 +0000 (13:25 +0000)]
Adjust ld semantics to make static PIE the default. Forgotten by pascal@.
Original commit message:
Change gcc and ld semantics to make static PIE the default when invoking
'cc -static'. To explicitly request the legacy behaviour, use -nopie.
For the few port affected by this, bumps will follow shortly.
looks good to kettenis@, ok kurt@
jmc [Mon, 27 Apr 2015 11:12:49 +0000 (11:12 +0000)]
remove some extraneous text; ok nicm
benno [Mon, 27 Apr 2015 09:54:04 +0000 (09:54 +0000)]
sync with rev 1.99 of sbin/route/show.c
requested by claudio@ and mpi@
benno [Mon, 27 Apr 2015 09:51:58 +0000 (09:51 +0000)]
route show does not need to filter unwanted af itself, the sysctl does
that for us.
approach seems sound deraadt@
ok claudio@ mpi@ henning@ phessler@
mpi [Mon, 27 Apr 2015 09:14:45 +0000 (09:14 +0000)]
Since upd(4) currently supports a known but limited number of sensors,
parse the HID descriptor multiple times to find them.
This logic is necessary to later create a tree of sensors in order to
avoid lookups in the hot path for sensors that depend on the value of
others.
From David Higgs.
stsp [Mon, 27 Apr 2015 09:07:49 +0000 (09:07 +0000)]
Update list of card readers supported by rtsx(4). From brad.
nicm [Mon, 27 Apr 2015 07:49:36 +0000 (07:49 +0000)]
If the requested pane is already active, do not unzoom the window (or do
anything else). Prevents mouse clicking when zoomed causing unzoom,
reported by Jose Antonio Delgado Alfonso (with a different fix).
mpi [Mon, 27 Apr 2015 07:41:41 +0000 (07:41 +0000)]
with more unit convertion when new sensors will appear.
From David Higgs.
mpi [Mon, 27 Apr 2015 07:37:19 +0000 (07:37 +0000)]
Make use of DEVNAME(), from David Higgs.
mpi [Mon, 27 Apr 2015 07:20:57 +0000 (07:20 +0000)]
Correctly write the 64bits of the HID 1, 4 and 5 registers.
This makes the secondary cpu of my PowerMac as fast as the primary one,
and divide the build time by 3 with a GENERIC.MP kernel on MP G5s
Found thanks to MP kernel profiling.
ok dlg@, miod@
bcook [Mon, 27 Apr 2015 03:37:06 +0000 (03:37 +0000)]
Not all Linux libc's include linux/sysctl.h in sys/sysctl.h.
Include it if we have the sysctl syscall.
bcook [Mon, 27 Apr 2015 03:34:43 +0000 (03:34 +0000)]
Support AIX versions without WPAR support.
From Michael Felt.
djm [Mon, 27 Apr 2015 01:53:37 +0000 (01:53 +0000)]
more OPENSSL=no fixes; ok dtucker@
djm [Mon, 27 Apr 2015 01:52:30 +0000 (01:52 +0000)]
fix compilation with OPENSSL=no; ok dtucker@
dtucker [Mon, 27 Apr 2015 00:37:53 +0000 (00:37 +0000)]
Include stdio.h for FILE (used in sshkey.h) so it compiles with OPENSSL=no.
djm [Mon, 27 Apr 2015 00:21:21 +0000 (00:21 +0000)]
allow "sshd -f none" to skip reading the config file, much like
"ssh -F none" does. ok dtucker
nicm [Sun, 26 Apr 2015 22:51:32 +0000 (22:51 +0000)]
Don't support -s on FIFOs, it doesn't work well and the workarounds are
a bit horrible.
nicm [Sun, 26 Apr 2015 20:25:20 +0000 (20:25 +0000)]
Remove panes from layout if spawning them fails, reported by Anthony J
Bentley.
benno [Sun, 26 Apr 2015 20:12:03 +0000 (20:12 +0000)]
mlarkin asks "bgpctl checks the length of the control socket path to
make sure it fits. When browsing around last night I saw that bgpd
does not. Any reason it shouldn't? Please commit"
Add a check in parse.y to check this when reading the configuration.
ok phessler@ henning@
nicm [Sun, 26 Apr 2015 19:53:50 +0000 (19:53 +0000)]
stat() the original link path not the resolved one which may be relative.
dcoppa [Sun, 26 Apr 2015 17:26:59 +0000 (17:26 +0000)]
Fix typo in the buffer size value: 7680 in the manpage vs 7860 in
the sndiod.c code.
Initially, I thought the error was in the manpage, but Alexander
told me it was the code, so fix the code instead.
ok ratchov@
henning [Sun, 26 Apr 2015 14:49:23 +0000 (14:49 +0000)]
get_responsefile: instead of keeping the dhcp-supplied next-server where
we fetch the response file from in a local _server var, put it in an
exported AI_SERVER one. last not least that allows install.site to see it.
ok krw rpe
sf [Sun, 26 Apr 2015 12:27:29 +0000 (12:27 +0000)]
Have vio_start() check if the queue is empty.
from brad@
jmatthew [Sun, 26 Apr 2015 12:24:03 +0000 (12:24 +0000)]
Get dwc2 working on octeon.
- transplant the clock setup code from octhci
- add a bus space tag to deal with dwc2 using little endian addressing
- bump up the rx fifo size, necessary for umass/sd to work
tested on an edgerouter lite, which can almost boot by itself now
ok uebayasi@ (various parts), miod@ (bus space bits)
sf [Sun, 26 Apr 2015 12:19:24 +0000 (12:19 +0000)]
vio: Support checksum offloading for IPv4 TX
"Looks good to me" brad@
stsp [Sun, 26 Apr 2015 11:47:22 +0000 (11:47 +0000)]
regen
stsp [Sun, 26 Apr 2015 11:47:13 +0000 (11:47 +0000)]
Add IDs for RTL8188ETV and RTL8188EU. From FreeBSD via Mikhail on tech@
phessler [Sun, 26 Apr 2015 11:32:54 +0000 (11:32 +0000)]
for every policy we write out, flush the output so we don't get an
irritating partially written line
kettenis [Sun, 26 Apr 2015 11:09:32 +0000 (11:09 +0000)]
Disable PAE when switching to the hibernate resume pagetables. This involves
a slightly conmplicated dance where we stash the PAE PDPTEs into the
hibernate resume pagetables and use those before turning off PAE.
Makes (un)hibernate work with the new PAE pmap.
ok mlarkin@
stsp [Sun, 26 Apr 2015 10:22:13 +0000 (10:22 +0000)]
Add Digitus DN-7003GT to list of supported urtw(4) devices.
stsp [Sun, 26 Apr 2015 10:18:30 +0000 (10:18 +0000)]
regen
stsp [Sun, 26 Apr 2015 10:18:19 +0000 (10:18 +0000)]
Add USB device ID for RTL8812AU. Found in "TP-Link AC1200 T4U" device.
kettenis [Sun, 26 Apr 2015 09:49:42 +0000 (09:49 +0000)]
Enable NX support in the resume path. Makes suspend/resume work with the
PAE pmap.
ok deraadt@, mlarkin@
kettenis [Sun, 26 Apr 2015 09:48:29 +0000 (09:48 +0000)]
Only enable PAE if the CPU we're running on has NX support. Without NX
support we're only wasting memory on the larger PAE page tables without
any real benefit. This allows some simplifications of the low-level
assembly code.
ok mlarkin@, deraadt@
sthen [Sun, 26 Apr 2015 09:22:33 +0000 (09:22 +0000)]
bump i386 MAXDSIZ to 3GB. - "If you're running this, and presumably actually
using that much memory, go for it" tedu@ "I don't see any immediate downsides"
kettenis@
deraadt [Sun, 26 Apr 2015 07:25:10 +0000 (07:25 +0000)]
sync
jmatthew [Sun, 26 Apr 2015 06:38:04 +0000 (06:38 +0000)]
Two extra messages required after sending a baud rate update, as observed
in the linux mct_u232 driver, which apparently got them by sniffing usb
traffic from the vendor's windows 98 driver. Makes this device work at
115200:
umct0 at uhub0 port 2 "Belkin Components F5U109 Serial" rev 1.10/1.02 addr 2
ok dlg@
guenther [Sun, 26 Apr 2015 05:30:42 +0000 (05:30 +0000)]
Require a PT_LOAD segment's p_filesz to be no larger than its p_memsz.
test cases provided by Alejandro Herna'ndez (nitrousenador (at) gmail.com)
ok deraadt@ jsg@
guenther [Sun, 26 Apr 2015 01:23:19 +0000 (01:23 +0000)]
Fix glitches in previous commit: strip the \n and only complain on failure
ok deraadt@
phessler [Sat, 25 Apr 2015 21:44:26 +0000 (21:44 +0000)]
some people are capitalizing keywords, so ignore case when we test the tokens
OK henning@ benno@
miod [Sat, 25 Apr 2015 21:38:22 +0000 (21:38 +0000)]
Cut the aliases part of /etc/rpc lines before feeding them to strtonum(), for
it will fail otherwise; ok deraadt@ millert@
guenther [Sat, 25 Apr 2015 21:31:24 +0000 (21:31 +0000)]
We now following the ABI and always clear cld on function entry, so remove
the extra CLD instructions from when that wasn't true
testing miod@ krw@
guenther [Sat, 25 Apr 2015 21:21:02 +0000 (21:21 +0000)]
cpu_busy_cycle_fcn callback has never been used
nicm [Sat, 25 Apr 2015 21:17:09 +0000 (21:17 +0000)]
Only print MIME warnings when warnings are enabled.
miod [Sat, 25 Apr 2015 21:15:08 +0000 (21:15 +0000)]
Repair boot device detection when booting off the second SCSI controller on
AV530.
guenther [Sat, 25 Apr 2015 20:47:49 +0000 (20:47 +0000)]
Disable kq-tun test, as it's been broken for a while and not because of kq
afresh1 [Sat, 25 Apr 2015 19:30:14 +0000 (19:30 +0000)]
Apply pre-built unicore patch, remove excess files - perl-5.20.2
afresh1 [Sat, 25 Apr 2015 19:26:15 +0000 (19:26 +0000)]
Apply local patches, remove excess files - perl-5.20.2
afresh1 [Sat, 25 Apr 2015 19:14:36 +0000 (19:14 +0000)]
Fix merge issues, remove excess files - match perl-5.20.2 dist
afresh1 [Sat, 25 Apr 2015 19:10:05 +0000 (19:10 +0000)]
Import perl-5.20.2
nicm [Sat, 25 Apr 2015 18:56:05 +0000 (18:56 +0000)]
Get rid of window_choose_list type.
nicm [Sat, 25 Apr 2015 18:49:01 +0000 (18:49 +0000)]
Fix some char* -> char *.
nicm [Sat, 25 Apr 2015 18:47:01 +0000 (18:47 +0000)]
Use a char **,u_int pair for cfg_causes.
nicm [Sat, 25 Apr 2015 18:44:28 +0000 (18:44 +0000)]
Fail if a \ appears at EOL rather than continuing off the end of the
buffer, from Sebastien Marie.
nicm [Sat, 25 Apr 2015 18:33:59 +0000 (18:33 +0000)]
Make message log a TAILQ.
nicm [Sat, 25 Apr 2015 18:09:28 +0000 (18:09 +0000)]
Move the functions to convert ids from strings into session.c and window.c.
jmc [Sat, 25 Apr 2015 16:37:17 +0000 (16:37 +0000)]
double word fix; from david vasek
brynet [Sat, 25 Apr 2015 16:35:47 +0000 (16:35 +0000)]
Switch to using the POSIX endian macros, i.e: be64toh vs. betoh64.
ok nicm@
doug [Sat, 25 Apr 2015 16:02:55 +0000 (16:02 +0000)]
Don't ignore the reference count in X509_STORE_free.
Based on this upstream commit:
bff9ce4db38b297c72a6d84617d71ae2934450f7
which didn't make it into a release until 1.0.2.
Thanks to william at 25thandclement dot com for reporting this!
ok deraadt@ jsing@ beck@
nicm [Sat, 25 Apr 2015 15:57:48 +0000 (15:57 +0000)]
Explicitly cancel mouse "button" mode, this happens implicitly with some
one of the other things we send with xterm, but not with urxvt. Reported
by sthen@.
espie [Sat, 25 Apr 2015 15:33:47 +0000 (15:33 +0000)]
add check for overflow while doubling (very unlikely in practice, but still
better style code). Problem noticed by deraadt@ in m4.
okay doug@ deraadt@
doug [Sat, 25 Apr 2015 15:28:47 +0000 (15:28 +0000)]
Check for invalid leading zeros in CBS_get_asn1_uint64.
ASN.1 integers cannot have all zeros or all ones for the first 9 bits.
This rule ensures the numbers are encoded with the smallest number of
content octets (see ITU-T Rec X.690 section 8.3.2).
Based on BoringSSL commit
5933723b7b592e9914f703d630b596e140c93e16
ok deraadt@ jsing@
phessler [Sat, 25 Apr 2015 15:28:18 +0000 (15:28 +0000)]
allow us to write rules that match directly on the peer AS
...
allow from AS 1 prefix 192.0.2.0/24
...
Also adjust the IRR ruleset output to include the declared peer AS,
instead of hoping they listed their neighbor IP address!
OK benno@
older version OK: claudio@ henning@
florian [Sat, 25 Apr 2015 14:40:35 +0000 (14:40 +0000)]
Prepend files or directories containing ":" with "./" in directory
indexes as per RFC 3986:
A path segment that contains a colon character (e.g., "this:that")
cannot be used as the first segment of a relative-path reference, as
it would be mistaken for a scheme name. Such a segment must be
preceded by a dot-segment (e.g., "./this:that") to make a relative-
path reference.
While here add a "/" to the end of directory names, this saves us one
redirect round trip.
Found the hard way & "functionality wise, OK" ajacoutot@
RFC pointer & OK benno@
phessler [Sat, 25 Apr 2015 13:23:01 +0000 (13:23 +0000)]
handle an IRR record of "export ... action X" the same way we handle
"import ... action X".
OK benno@ henning@
jturner [Sat, 25 Apr 2015 11:37:24 +0000 (11:37 +0000)]
Add quirk for Cirrus Logic CS4208 which is needed for MacBookAir6,1.
ok deraadt@ jung@ ratchov@
nicm [Fri, 24 Apr 2015 23:17:11 +0000 (23:17 +0000)]
Convert clients list into a TAILQ.
nicm [Fri, 24 Apr 2015 22:19:36 +0000 (22:19 +0000)]
Set working directory for run-shell and if-shell.