openbsd
9 years agoExtend the libsa loadfile(9) granularity to tell apart randomness from the rest
miod [Tue, 19 May 2015 20:39:12 +0000 (20:39 +0000)]
Extend the libsa loadfile(9) granularity to tell apart randomness from the rest
of the kernel, and extend the array filled by loadfile to report the location
of the randomness area.

This doesn't introduce any change for bootblocks (save for a slightly larger
stack usage due to the larger array), for the new {LOAD,COUNT}_RANDOM bits
are included in the {LOAD,COUNT}_ALL masks everything uses or computes from.

9 years agoMove acquisition of the kernel lock deeper in the interrupt path, and make
miod [Tue, 19 May 2015 20:28:14 +0000 (20:28 +0000)]
Move acquisition of the kernel lock deeper in the interrupt path, and make
sure clock interrupts do not attempt to acquire it.
This will also eventually allow for IPL_MPSAFE interrupts on alpha.

Tested by dlg@ and I.

9 years agoFix installing sets from cdrom if more than one drive is present.
rpe [Tue, 19 May 2015 20:12:29 +0000 (20:12 +0000)]
Fix installing sets from cdrom if more than one drive is present.
Run makedev in install_cdrom() to create the necessary device nodes,
which got lost in a recent change.

Found by James Hartley, thanks for the bug report!
OK krw@

9 years agoimprove spacing in disklabel template.
sobrado [Tue, 19 May 2015 18:50:39 +0000 (18:50 +0000)]
improve spacing in disklabel template.

9 years agobetter spacing in media types.
sobrado [Tue, 19 May 2015 18:16:32 +0000 (18:16 +0000)]
better spacing in media types.

ok reyk@

9 years agosort media type extensions for text/html and image/jpeg as given in
sobrado [Tue, 19 May 2015 18:12:58 +0000 (18:12 +0000)]
sort media type extensions for text/html and image/jpeg as given in
/usr/share/misc/mime.types; do not include shtml as it is for Server
Side Includes (SSI) -- we will never do SSI.

joint work with reyk@

ok reyk@

9 years agodrop comment about being possible to include /etc/nginx/mime.types,
sobrado [Tue, 19 May 2015 18:03:32 +0000 (18:03 +0000)]
drop comment about being possible to include /etc/nginx/mime.types,
we do not have to care about nginx anymore.

ok jmc@ (who thinks previously suggested removing it), and reyk@

9 years agoTest divert-to rules' address handling (pfctl/parse.y -r1.648)
mikeb [Tue, 19 May 2015 17:16:20 +0000 (17:16 +0000)]
Test divert-to rules' address handling (pfctl/parse.y -r1.648)

9 years agoGet the rdomain from the newly exposed ifi_rdomain field in if_data
reyk [Tue, 19 May 2015 16:07:38 +0000 (16:07 +0000)]
Get the rdomain from the newly exposed ifi_rdomain field in if_data
instead of calling the SIOCGIFRDOMAIN ioctl for every single address.

OK deraadt@

9 years agoWhen a user is specified via the -u flag, use setusercontext() to
millert [Tue, 19 May 2015 16:05:12 +0000 (16:05 +0000)]
When a user is specified via the -u flag, use setusercontext() to
setup (most of) the execution environment.  We still have to defer
setting the actual uid until after we change root.  OK deraadt@

9 years agoAdd -c flag to display the user's login class. OK espie@
millert [Tue, 19 May 2015 16:03:19 +0000 (16:03 +0000)]
Add -c flag to display the user's login class.  OK espie@

9 years agosplx should also be called in the error case, fix a regression
mpi [Tue, 19 May 2015 15:10:59 +0000 (15:10 +0000)]
splx should also be called in the error case, fix a regression
introduced during the if_output() conversion.

Found by jsg@

9 years agoDo not leak a rtentry if it is unusable.
mpi [Tue, 19 May 2015 14:16:35 +0000 (14:16 +0000)]
Do not leak a rtentry if it is unusable.

Found by The Brainy Code Scanner from Maxime Villard.

9 years agoKeep visibility information for references to discarded sections.
kettenis [Tue, 19 May 2015 13:38:29 +0000 (13:38 +0000)]
Keep visibility information for references to discarded sections.

9 years agoIncrease a maximum firmware handshake timeout to 10s
mikeb [Tue, 19 May 2015 12:50:53 +0000 (12:50 +0000)]
Increase a maximum firmware handshake timeout to 10s

BCM5718 Programmers Guide in chapter 7 "Device Control", section
"Device Reset Procedure" states that SEEPROM chips need a larger
timeout than Flash ones.

ok reyk

9 years agoConvert to if_input().
mpi [Tue, 19 May 2015 11:34:30 +0000 (11:34 +0000)]
Convert to if_input().

ok dlg@

9 years agoConvert to if_input().
mpi [Tue, 19 May 2015 11:24:01 +0000 (11:24 +0000)]
Convert to if_input().

ok dlg@

9 years agoWe cannot check for M_BCAST or M_MCAST now that vlan_input() is ran
mpi [Tue, 19 May 2015 11:21:42 +0000 (11:21 +0000)]
We cannot check for M_BCAST or M_MCAST now that vlan_input() is ran
before ether_input().

9 years agoTake vlan(4) out of ether_input().
mpi [Tue, 19 May 2015 11:09:24 +0000 (11:09 +0000)]
Take vlan(4) out of ether_input().

To keep the list of input handlers short, multiple vlans share the
same ifih.

if_input_process() now looks if the interface of a mbuf changed to
make sure the corresponding handlers are executed.  This is a hack
and will be improved later.

ok dlg@

9 years agoIn terminfo, sometimes cvvis implies cnorm and sometimes it doesn't, so
nicm [Tue, 19 May 2015 08:48:37 +0000 (08:48 +0000)]
In terminfo, sometimes cvvis implies cnorm and sometimes it doesn't, so
don't assume it does. Fixes missing cursor with emacs-in-tmux-in-tmux.

9 years agochange names to not conflict with omap intc
jsg [Tue, 19 May 2015 06:09:35 +0000 (06:09 +0000)]
change names to not conflict with omap intc
From Patrick Wildt in bitrig

9 years agorename global variables to not conflict with gptimer
jsg [Tue, 19 May 2015 06:04:26 +0000 (06:04 +0000)]
rename global variables to not conflict with gptimer

9 years agoAbstract the soc_machdep.c functions to allow a kernel to be built for
jsg [Tue, 19 May 2015 03:30:54 +0000 (03:30 +0000)]
Abstract the soc_machdep.c functions to allow a kernel to be built for
multiple socs.

From Patrick Wildt in bitrig with some additional changes.

9 years agouse the same va entry point on all armv7 socs
jsg [Tue, 19 May 2015 00:05:59 +0000 (00:05 +0000)]
use the same va entry point on all armv7 socs
Similiar changes were made in bitrig by Patrick Wildt.

As part of this change the physical load address for imx and sunxi have
changed.  Any u-boot settings that include it will need to be modified.

imx: 0x10800000 -> 0x10300000
sunxi: 0x40800000 -> 0x40300000

Tested by bmercer, canacar and myself.
ok bmercer@

9 years agoMake armv7 startup PIC. From Dale Rahn in bitrig.
jsg [Mon, 18 May 2015 23:56:47 +0000 (23:56 +0000)]
Make armv7 startup PIC. From Dale Rahn in bitrig.
Tested by bmercer, canacar and myself.
ok bmercer@

9 years agoMake TAPE=- mean stdout in tar
czarkoff [Mon, 18 May 2015 20:26:16 +0000 (20:26 +0000)]
Make TAPE=- mean stdout in tar

Some scripts and GUI ssh clients assume that tar writes to standard output by
default.  This changes allows enforcing such behavior by setting TAPE="-" in
user profile.

Also, this makes parsing argument to "-f" option and contents of TAPE
environment variable consistent.

OK guenther@, jmc@ and sthen@

9 years agoDo lazy update/reset of the FS.base and %[def]s segment registers: reseting
guenther [Mon, 18 May 2015 19:59:27 +0000 (19:59 +0000)]
Do lazy update/reset of the FS.base and %[def]s segment registers: reseting
segment registers in cpu_switchto if the old thread had made it to userspace
and restoring FS.base only on first return to userspace since context switch.

ok mlarkin@

9 years agoFor each file in sysctl(KERN_FILE_BYFILE), FILLIT() calls fill_file(),
bluhm [Mon, 18 May 2015 19:10:35 +0000 (19:10 +0000)]
For each file in sysctl(KERN_FILE_BYFILE), FILLIT() calls fill_file(),
which calls VOP_GETATTR().  For NFS, that leads to nfs_getattr().
If the node's attributes are not in NFS's cache, nfs_getattr() will
invoke nfs_request() and the latter will sleep, allowing the file
pointer to disappear while we traverse the list.
This results in kernel crashes while running netstat or pstat -f.
Grab a reference to the file descriptor before calling FILLIT(),
and release it afterwards.  This way the file descriptor cannot
disappear while we sleep in nfs_getattr().
Analysis and fix from Pedro Martelletto; input and OK guenther@ mpi@

9 years agoMake the compiler emit visibility information for (undefined) references with
kettenis [Mon, 18 May 2015 18:38:49 +0000 (18:38 +0000)]
Make the compiler emit visibility information for (undefined) references with
non-default visibility.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=20218 for details.

This version comes from FreeBSD and has been made available under the GPLv2
license.  It has some additional bits thrown in from me to make it work in
mips64 too, and another bit to stop the C++ compiler to randomly emit
visibility information for C++ symbols that in the end aren't referenced.

ok guenther@

9 years agoidentical common code -> refactor
espie [Mon, 18 May 2015 18:25:13 +0000 (18:25 +0000)]
identical common code -> refactor

9 years agobetter error in case we can't create tempfiles
espie [Mon, 18 May 2015 18:17:27 +0000 (18:17 +0000)]
better error in case we can't create tempfiles

9 years agoTweak parsing so that hostnames starting with 0-9 are accepted.
krw [Mon, 18 May 2015 17:51:21 +0000 (17:51 +0000)]
Tweak parsing so that hostnames starting with 0-9 are accepted.

Reported long ago by matthieu@. Also Jacob Berkman via the lists.

Tests and suggestions from Jacob and Matthieu.

9 years agoFix a crash reported and analyzed by Bertrand PROVOST. When a HTTP
bluhm [Mon, 18 May 2015 16:57:20 +0000 (16:57 +0000)]
Fix a crash reported and analyzed by Bertrand PROVOST.  When a HTTP
client or server writes multiple requests or chunks in a single
transfer, relayd invokes the libevent callback manually for the
next data.  If the callback closes the session, this resulted in
an use after free.
Instead of the more complicated fix suggested by Bertrand PROVOST,
just move the invocation of the callback to the end of the function.
So in case the callback frees any structures, they are not accessed.
OK benno@ reyk@

9 years agoThe first line of a HTTP request is the method-url-version. The
bluhm [Mon, 18 May 2015 16:45:16 +0000 (16:45 +0000)]
The first line of a HTTP request is the method-url-version.  The
second line is a key-value header.  So you cannot append to the
previous key-value before line three.  Also reset the last header
when all headers are purged to avoid a use after free.
OK benno@ reyk@

9 years agoChange spamd to use divert-to instead of rdr-to.
reyk [Mon, 18 May 2015 16:04:21 +0000 (16:04 +0000)]
Change spamd to use divert-to instead of rdr-to.

divert-to has many advantages over rdr-to for proxies.  For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.

Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to.  spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.

Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)

Tested by many
With help from okan@
OK okan@ beck@ millert@

9 years agoPut ntpd.conf in MUTABLE so it's installed with 0644 mode.
ajacoutot [Mon, 18 May 2015 15:17:29 +0000 (15:17 +0000)]
Put ntpd.conf in MUTABLE so it's installed with 0644 mode.

discussed by deraadt@

9 years agogetentropy() and sendsyslog() have been around long enough.
deraadt [Mon, 18 May 2015 15:06:05 +0000 (15:06 +0000)]
getentropy() and sendsyslog() have been around long enough.
openssh-portable may want the #ifdef's but not base.
discussed with djm few weeks back

9 years agoStop rejecting leases with a subnet that overlaps a subnet already
krw [Mon, 18 May 2015 14:59:42 +0000 (14:59 +0000)]
Stop rejecting leases with a subnet that overlaps a subnet already
present. The latest routing stack code can now handle these situations.

Much requested by beck@ and others. Detailed discussion at s2k15
identified required routing changes.

ok claudio@

9 years agoCurrently, after 4 failed constraint checks, we suspect the constraint
reyk [Mon, 18 May 2015 14:19:23 +0000 (14:19 +0000)]
Currently, after 4 failed constraint checks, we suspect the constraint
of being wrong, not the NTP responses, reset it and query it from all
the constraint servers all over again.  This is turned out to be a bit
aggressive because it could get triggered with just a few bad NTP
peers in a larger pool.  To avoid constant reconnections, scale the
error margin with the number of resolved NTP peers using peer_cnt * 4.
This way a single or a few outliers in a NTP pool cannot trigger
reconnecting to the constraint servers immediately.  More NTP peers,
less reason to mistrust the constraint.

Found by dtucker@
OK deraadt@

9 years agoswap calloc() arguments for clarity
deraadt [Mon, 18 May 2015 13:57:34 +0000 (13:57 +0000)]
swap calloc() arguments for clarity

9 years agoenable ntpd by default at install time. We use pools and a reliable
deraadt [Mon, 18 May 2015 13:48:37 +0000 (13:48 +0000)]
enable ntpd by default at install time.  We use pools and a reliable
constraint to keep them in check.  in the worst case of being on a
dark net, nothing changes.

this is being enabled by default to allow gathering of more operational
information from users.  and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future.  if not, ntpd
will become even more awesome along the way.

with reyk rpe

9 years agoMove the rdomain from struct ifnet into struct if_data. This way it
reyk [Mon, 18 May 2015 13:32:28 +0000 (13:32 +0000)]
Move the rdomain from struct ifnet into struct if_data.  This way it
will be exported to userland with the existing sysctl, getifaddrs()
and routing socket (if_msghdr.ifm_data) interfaces that expose
if_data.  All programs and daemons - Apps - that call the
SIOCGIFRDOMAIN ioctl in a getifaddrs() loop or after receiving an
interface message on the routing socket can now remove the pointless
additional ioctl.  In base, that could be: dhclient, isakmpd, dhcpd,
dhcrelay, ntpd, ospfd, ripd, ifconfig.

No ABI breakage because it uses a previously unused pad field in if_data.

OK mpi@ deraadt@

9 years agoPrevent splassert from firing during sd_flush which runs "cold"
mikeb [Mon, 18 May 2015 12:21:04 +0000 (12:21 +0000)]
Prevent splassert from firing during sd_flush which runs "cold"

While mfi(4) should pass SCSI transfer flags (e.g. SCSI_POLL and
SCSI_NOSLEEP) down to the management function, make it at least
use "cold" consistently for now.

ok dlg

9 years agoNo longer need tricks with setvbuf(). Instead, we just give permission
deraadt [Mon, 18 May 2015 11:57:52 +0000 (11:57 +0000)]
No longer need tricks with setvbuf().  Instead, we just give permission
to call fstat() and fcntl().
ok nicm

9 years agoDo not change "rcvif" without goint through if_input() again otherwise
mpi [Mon, 18 May 2015 11:43:57 +0000 (11:43 +0000)]
Do not change "rcvif" without goint through if_input() again otherwise
the handlers on the new interface won't be executed.

Tested by < mxb AT alumni.chalmers DOT se>

ok dlg@

9 years agoSimplify example constraints URL to reduce load on the server side.
dtucker [Mon, 18 May 2015 11:10:03 +0000 (11:10 +0000)]
Simplify example constraints URL to reduce load on the server side.
ok henning@, reyk@

9 years agosimplify progressmeter calls to visit_and: we retrieve the state from the
espie [Mon, 18 May 2015 10:41:19 +0000 (10:41 +0000)]
simplify progressmeter calls to visit_and: we retrieve the state from the
progressmeter object

9 years agohave visit_with_count and visit_with_size use the same parameter conventions.
espie [Mon, 18 May 2015 10:37:12 +0000 (10:37 +0000)]
have visit_with_count and visit_with_size use the same parameter conventions.
In particular, pass state before the other method parameters.

9 years agosince the progressmeter is always tied to a state, store the state always,
espie [Mon, 18 May 2015 10:25:10 +0000 (10:25 +0000)]
since the progressmeter is always tied to a state, store the state always,
and not just in the Term case.

allows passing less parameters around.

9 years agoAdd -d flag and dc capability to open devices non-blocking, used for the
nicm [Mon, 18 May 2015 09:35:05 +0000 (09:35 +0000)]
Add -d flag and dc capability to open devices non-blocking, used for the
few drivers that do not support cua* so tty* must be used.

ok miod millert

9 years agoReenable the page zeroing thread on MP m88k kernels.
miod [Mon, 18 May 2015 04:07:26 +0000 (04:07 +0000)]
Reenable the page zeroing thread on MP m88k kernels.

9 years agoMove the logic deciding whether to grab the kernel lock or not, deeper in the
miod [Mon, 18 May 2015 04:06:37 +0000 (04:06 +0000)]
Move the logic deciding whether to grab the kernel lock or not, deeper in the
interrupt logic, making sure the lock is not taken for clock interrupts.
Tested on aviion and luna88k.

9 years agoAdd test cases for a crash reported by Bertrand PROVOST. When a
bluhm [Sun, 17 May 2015 22:49:03 +0000 (22:49 +0000)]
Add test cases for a crash reported by Bertrand PROVOST.  When a
HTTP client writes multiple requests or chunks in a single transfer,
relayd invokes the libevent callback manually for the next data.
If the callback closes the session, this results in an use after
free.
Test an invalid second request method, test an invalid header line
in the second PUT request, test an invalid second chunked length
for a PUT request.  Also test multiple valid HTTP 1.1 PUT requests
with chunked body.
To detect crashes of relayd, start it with "prefork 1" and grep for
"lost child" log messages.  Unfortunately only the first child is
monitored by the parent.

9 years agoRecord inter-library dependencies between libcrypto, libssl and libtls
kettenis [Sun, 17 May 2015 22:39:39 +0000 (22:39 +0000)]
Record inter-library dependencies between libcrypto, libssl and libtls

9 years agoAdd 'D' to usage optstring. Prodded by jmc@
guenther [Sun, 17 May 2015 21:41:50 +0000 (21:41 +0000)]
Add 'D' to usage optstring.  Prodded by jmc@

9 years agoAdd -D option for displaying the dynamic symbol table
guenther [Sun, 17 May 2015 20:19:08 +0000 (20:19 +0000)]
Add -D option for displaying the dynamic symbol table

ok miod@

9 years agoWhen resolving the "constraint" (singular), store all returned IP
reyk [Sun, 17 May 2015 18:31:32 +0000 (18:31 +0000)]
When resolving the "constraint" (singular), store all returned IP
addresses and try one after another until the connection succeeded -
based on the existing mechanism of "server".  "constraint" previously
only tried to connect to the first returned address, aborted and
skipped the constraint on failure.  In difference to "constraints"
(plural), it still only connects to one address at a time and not to
all of them at once.

Pointed out by rpe@
OK rpe@ deraadt@

9 years agofor decades, wsdisplay has acted in one way like it is not a tty
deraadt [Sun, 17 May 2015 16:55:51 +0000 (16:55 +0000)]
for decades, wsdisplay has acted in one way like it is not a tty

9 years agoChecking the dts files turned up some more imx sdhc problems.
jsg [Sun, 17 May 2015 12:28:03 +0000 (12:28 +0000)]
Checking the dts files turned up some more imx sdhc problems.
- use the correct CD gpios on phyflex and wandboard usdhc3 (unit 2)
- udoo has just the one sd slot with no CD

9 years agoadd missing calls to set the gpio direction before reading the
jsg [Sun, 17 May 2015 11:18:05 +0000 (11:18 +0000)]
add missing calls to set the gpio direction before reading the
card detect gpio on phyflex/sabre lite/wandboard

9 years agoMontenegrin holidays
czarkoff [Sun, 17 May 2015 06:37:36 +0000 (06:37 +0000)]
Montenegrin holidays

OK jmc@, sthen@ (same for previous comment)

9 years agoNew Year's Day
czarkoff [Sun, 17 May 2015 06:34:37 +0000 (06:34 +0000)]
New Year's Day

9 years agoRead ethernet address from EEPROM on AX88772B based on FreeBSD
canacar [Sun, 17 May 2015 02:44:38 +0000 (02:44 +0000)]
Read ethernet address from EEPROM on AX88772B based on FreeBSD
ok djm@ jsg@

9 years agoWe don't need KERNEL_LOCK() around if_input() anymore, as if_input() has
chris [Sun, 17 May 2015 02:33:09 +0000 (02:33 +0000)]
We don't need KERNEL_LOCK() around if_input() anymore, as if_input() has
appropriate locking around bpf now.

ok dlg@

9 years agoOf course, fcntl errno case returns -1, which must be converted to 0
deraadt [Sun, 17 May 2015 01:56:02 +0000 (01:56 +0000)]
Of course, fcntl errno case returns -1, which must be converted to 0
with guenther

9 years agoisatty() is used by stdio to determine the buffering mode. Add a F_ISATTY
deraadt [Sun, 17 May 2015 01:22:01 +0000 (01:22 +0000)]
isatty() is used by stdio to determine the buffering mode.  Add a F_ISATTY
option to fcntl(), so that isatty() can use this rather than than the bloated
ioctl() interface.  Reducing uses of ioctl() by libc makes it easier to
constrain programs with various kinds of systrace sandboxes.
ok guenther, previously discussed as a concept with nicm

9 years agoUse fcntl() to set non-blocking-mode, rather ioctl(). This has a better
deraadt [Sun, 17 May 2015 01:15:44 +0000 (01:15 +0000)]
Use fcntl() to set non-blocking-mode, rather ioctl().  This has a better
chance of working in systrace restricted environments.
ok guenther

9 years agonope, ioctl has not been used for a while
deraadt [Sun, 17 May 2015 00:08:35 +0000 (00:08 +0000)]
nope, ioctl has not been used for a while

9 years agoCall slot_stop() after the play buffer is drained to properly cleanup
ratchov [Sat, 16 May 2015 19:27:53 +0000 (19:27 +0000)]
Call slot_stop() after the play buffer is drained to properly cleanup
the slot. Fixes periodic glitches occurring after eof is reached, and
then playback restarted with a MMC-relocate and MMC-start.

9 years agoDisplay simply "play" when play mode is set (furthermore, "playsync",
ratchov [Sat, 16 May 2015 12:51:24 +0000 (12:51 +0000)]
Display simply "play" when play mode is set (furthermore, "playsync",
aka PLAY_ALL mode is not used anymore)

9 years agoremove reference to encodings the kernel doesn't expose anymore
ratchov [Sat, 16 May 2015 12:48:50 +0000 (12:48 +0000)]
remove reference to encodings the kernel doesn't expose anymore

9 years agomention CuBox-i4Pro, Utilite and Novena
jsg [Sat, 16 May 2015 10:44:44 +0000 (10:44 +0000)]
mention CuBox-i4Pro, Utilite and Novena

9 years agohide private midi_softc strucure
ratchov [Sat, 16 May 2015 10:04:20 +0000 (10:04 +0000)]
hide private midi_softc strucure

9 years agoUse device_lookup() instead of digging into midi_cd.cd_devs[] and
ratchov [Sat, 16 May 2015 09:56:10 +0000 (09:56 +0000)]
Use device_lookup() instead of digging into midi_cd.cd_devs[] and
maintaining a "dying" flag which is already present in the device
structure. As a side-effect, this adds the missing refcounting
that mididetach() was missing. With from mpi@ and dlg@

ok mpi

9 years agostill needs kcore.h
deraadt [Fri, 15 May 2015 23:20:25 +0000 (23:20 +0000)]
still needs kcore.h

9 years agoMake index/rindex weak aliases of strchr/strrchr since they are not
millert [Fri, 15 May 2015 22:29:37 +0000 (22:29 +0000)]
Make index/rindex weak aliases of strchr/strrchr since they are not
part of the ISO C standard and have also been dropped from POSIX.
OK guenther@ kettenis@

9 years agoadd missing placeholder so that the "UNSIGNED PACKAGES: " line actually
jasper [Fri, 15 May 2015 21:18:53 +0000 (21:18 +0000)]
add missing placeholder so that the "UNSIGNED PACKAGES: " line actually
contains the list of packages.

ok espie@

9 years agoFix kill'n'yank error: the port is mandatory in relay listen on statements.
reyk [Fri, 15 May 2015 20:40:26 +0000 (20:40 +0000)]
Fix kill'n'yank error:  the port is mandatory in relay listen on statements.

Pointed out by Alex Greif

OK jmc@

9 years agorework synopsis to be a bit less ugly; the result is quite close to the posix
jmc [Fri, 15 May 2015 19:34:31 +0000 (19:34 +0000)]
rework synopsis to be a bit less ugly; the result is quite close to the posix
spec...

9 years agoclient/server mox ip;
jmc [Fri, 15 May 2015 19:26:37 +0000 (19:26 +0000)]
client/server mox ip;
from trondd

9 years agospelling;
jmc [Fri, 15 May 2015 18:53:05 +0000 (18:53 +0000)]
spelling;

9 years agosort;
jmc [Fri, 15 May 2015 18:49:21 +0000 (18:49 +0000)]
sort;

9 years agotrailing whitespace;
jmc [Fri, 15 May 2015 18:47:53 +0000 (18:47 +0000)]
trailing whitespace;

9 years agoDecrement the unit numbers on the novena sdhc devices. The imx6 dts
jsg [Fri, 15 May 2015 17:01:18 +0000 (17:01 +0000)]
Decrement the unit numbers on the novena sdhc devices.  The imx6 dts
files seem to have labels numbered one higher than the nodes they are
assigned to.

Tested by djm

9 years agoMake board attaching table driven and move it out into the soc
jsg [Fri, 15 May 2015 15:35:43 +0000 (15:35 +0000)]
Make board attaching table driven and move it out into the soc
directories.  Move the device tables while here as was done in bitrig.
With these changes the only use of the board id defines is in the soc
directories.

Tested by matthieu and djm on imx and myself on omap and sunxi (qemu).
ok djm@, ok jasper@ on an earlier version

9 years agoadd some missing splx() calls
jsg [Fri, 15 May 2015 13:32:08 +0000 (13:32 +0000)]
add some missing splx() calls
ok deraadt@ kettenis@ krw@

9 years agoRemove useless comments mentioning ether_output().
mpi [Fri, 15 May 2015 12:40:05 +0000 (12:40 +0000)]
Remove useless comments mentioning ether_output().

9 years agoAllow multiple connected/interface routes to exist at the same time.
claudio [Fri, 15 May 2015 12:00:57 +0000 (12:00 +0000)]
Allow multiple connected/interface routes to exist at the same time.
Use the existing multipath code. Switch away from using the ifa address
when making the cloning route and instead put a dummy sockaddr_dl route
in. With this it is possible to use the same network on multiple interfaces
at the same time. So if wireless and ethernet share the same network
the system will use the wired connection as long as there is link.
Still missing is builtin proxy-arp for the other interface IPs to allow
hitless failover.
OK mpi@

9 years agoGive carp(4) interfaces their own low priority. The change should not
claudio [Fri, 15 May 2015 11:53:06 +0000 (11:53 +0000)]
Give carp(4) interfaces their own low priority. The change should not
change behaviour for now but will allow to share the same address with
the parent interface without major hacks.
OK mpi@

9 years agoConvert to if_input().
mpi [Fri, 15 May 2015 11:36:30 +0000 (11:36 +0000)]
Convert to if_input().

ok dlg@

9 years agoFix return paths with missing EVP_CIPHER_CTX_cleanup() calls.
jsg [Fri, 15 May 2015 11:00:14 +0000 (11:00 +0000)]
Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.
ok doug@

9 years agorename the probe and free members of atascsi_methods to ata_probe
dlg [Fri, 15 May 2015 10:54:26 +0000 (10:54 +0000)]
rename the probe and free members of atascsi_methods to ata_probe
and ata_free.

this makes them consistent with the rest of the members, and lets
me #define free to weird debug things in the kernel without screwing
these files up.

9 years agoIntroduce if_output(), a function do to the last steps before enqueuing
mpi [Fri, 15 May 2015 10:15:13 +0000 (10:15 +0000)]
Introduce if_output(), a function do to the last steps before enqueuing
a packet on the sending queue of an interface.

Tested by many, thanks a lot!

ok dlg@, claudio@

9 years agoRemove a NULL check in carp_set_ifp() as we always pass a valid ifp
mpi [Fri, 15 May 2015 10:09:23 +0000 (10:09 +0000)]
Remove a NULL check in carp_set_ifp() as we always pass a valid ifp
pointer to this function.

ok claudio@

9 years agoRemove the 'Use DUIDs rather than device names in fstab?' question
rpe [Fri, 15 May 2015 07:41:30 +0000 (07:41 +0000)]
Remove the 'Use DUIDs rather than device names in fstab?' question
and use DUIDs unconditionally. DUIDs in the installed /etc/fstab
has been the default for quite some time now.

OK deraadt@, krw@, guenther@, beck@

9 years agothe code to prevent AUTH PLAIN from logging credentials upon authentication
gilles [Fri, 15 May 2015 07:34:45 +0000 (07:34 +0000)]
the code to prevent AUTH PLAIN from logging credentials upon authentication
failure does not catch the AUTH LOGIN case. rework to use the session state
rather than using the session command.

spotted by pkern@debian.org

9 years agoUse a salted hash of the lock passphrase instead of plain text and do
dtucker [Fri, 15 May 2015 05:44:21 +0000 (05:44 +0000)]
Use a salted hash of the lock passphrase instead of plain text and do
constant-time comparisons of it. Should prevent leaking any information about
it via timing, pointed out by Ryan Castellucci.  Add a 0.1s incrementing delay
for each failed unlock attempt up to 10s.  ok markus@ (earlier version), djm@

9 years agoUse STRONG_ALIAS instead of ALTENTRY.
kettenis [Thu, 14 May 2015 21:40:37 +0000 (21:40 +0000)]
Use STRONG_ALIAS instead of ALTENTRY.

ok millert@

9 years agoMake the "Battery Present" sensor a depency of all the battery-related
mpi [Thu, 14 May 2015 13:50:34 +0000 (13:50 +0000)]
Make the "Battery Present" sensor a depency of all the battery-related
sensors only if it is present, From David Higgs.

Fix a regression reported by and ok halex@

9 years agorev 1.3 introduced a check to an if statement without adding braces.
jsg [Thu, 14 May 2015 11:52:43 +0000 (11:52 +0000)]
rev 1.3 introduced a check to an if statement without adding braces.
Claudio points out the size is checked by an earlier test so just
remove it to restore the original handling of the partial octet case.

Discussed with claudio and gilles.