openbsd
9 years agodefine BYTEORDER so the endian tests will work
jsg [Sat, 23 May 2015 00:53:25 +0000 (00:53 +0000)]
define BYTEORDER so the endian tests will work
ok deraadt@ miod@

9 years agoAdd tests for relayd TLS inspection with plain SSL and HTTPS.
bluhm [Fri, 22 May 2015 19:09:18 +0000 (19:09 +0000)]
Add tests for relayd TLS inspection with plain SSL and HTTPS.

9 years agosync
deraadt [Fri, 22 May 2015 15:10:13 +0000 (15:10 +0000)]
sync

9 years agoCut down on if statements around pf_icmp_state_lookup
mikeb [Fri, 22 May 2015 14:18:55 +0000 (14:18 +0000)]
Cut down on if statements around pf_icmp_state_lookup

Checked with blambert@, OK millert, henning

9 years agoCleanup leftover PF_ICMP_MULTI_* code that is not needed anymore.
mikeb [Fri, 22 May 2015 14:16:09 +0000 (14:16 +0000)]
Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore.

ok henning

9 years agobe pedantic with sizeof use
jsg [Fri, 22 May 2015 13:48:25 +0000 (13:48 +0000)]
be pedantic with sizeof use
no change in behaviour as sizeof(char **) is the same as sizeof(char *)
ok otto@ guenther@

9 years agoDon't use an uninitialised softc pointer in midiread/midiwrite.
jsg [Fri, 22 May 2015 12:52:00 +0000 (12:52 +0000)]
Don't use an uninitialised softc pointer in midiread/midiwrite.
ok ratchov@

9 years agoLITTE_ENDIAN -> LITTLE_ENDIAN
jsg [Fri, 22 May 2015 12:46:38 +0000 (12:46 +0000)]
LITTE_ENDIAN -> LITTLE_ENDIAN
ok ratchov@

9 years agoLimit the number of dma segments used for transmitting packets to
kettenis [Fri, 22 May 2015 06:50:54 +0000 (06:50 +0000)]
Limit the number of dma segments used for transmitting packets to
IWM_NUM_OF_TBS - 2.  We have IWM_NUM_OF_TBS slots, but use two of those
for sending commands to the firmware.  Hopefully fixes the

  iwm0: hardware error, stopping device

errors I've seen somewhat regularly.

ok claudio@, deraadt@

9 years agomention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332
djm [Fri, 22 May 2015 05:28:45 +0000 (05:28 +0000)]
mention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332

9 years agoReorder EscapeChar option parsing to avoid a single-byte out-
djm [Fri, 22 May 2015 04:45:52 +0000 (04:45 +0000)]
Reorder EscapeChar option parsing to avoid a single-byte out-
of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@

9 years agoadd knob to relax GSSAPI host credential check for multihomed hosts
djm [Fri, 22 May 2015 03:50:02 +0000 (03:50 +0000)]
add knob to relax GSSAPI host credential check for multihomed hosts
bz#928, patch by Simon Wilkinson; ok dtucker
(kerberos/GSSAPI is not compiled by default on OpenBSD)

9 years agoUpdate DH groups
dtucker [Fri, 22 May 2015 02:45:42 +0000 (02:45 +0000)]
Update DH groups

9 years agoRemove 6k and 8k bit moduli fragments since they are now kept in
dtucker [Fri, 22 May 2015 02:43:59 +0000 (02:43 +0000)]
Remove 6k and 8k bit moduli fragments since they are now kept in
usr.bin/ssh/moduli-gen.

9 years agoUpdate DH groups
dtucker [Fri, 22 May 2015 02:34:53 +0000 (02:34 +0000)]
Update DH groups

9 years agosync
deraadt [Fri, 22 May 2015 01:48:21 +0000 (01:48 +0000)]
sync

9 years agosync
deraadt [Fri, 22 May 2015 01:46:31 +0000 (01:46 +0000)]
sync

9 years agofix a non safe use of TAILQ_FOREACH with TAILQ_REMOVE
jsg [Fri, 22 May 2015 01:34:13 +0000 (01:34 +0000)]
fix a non safe use of TAILQ_FOREACH with TAILQ_REMOVE
ok reyk@

9 years agofix a non safe use of LIST_FOREACH with LIST_REMOVE
jsg [Fri, 22 May 2015 01:30:27 +0000 (01:30 +0000)]
fix a non safe use of LIST_FOREACH with LIST_REMOVE
ok claudio@ kettenis@ reyk@

9 years agoUse m_defrag(9) instead of rolling our own version of it.
kettenis [Thu, 21 May 2015 22:13:55 +0000 (22:13 +0000)]
Use m_defrag(9) instead of rolling our own version of it.

ok jca@

9 years agosync
deraadt [Thu, 21 May 2015 22:00:36 +0000 (22:00 +0000)]
sync

9 years agoEstablish interrupts for both keyboard and mouse slots at pckbc attach time,
miod [Thu, 21 May 2015 19:32:29 +0000 (19:32 +0000)]
Establish interrupts for both keyboard and mouse slots at pckbc attach time,
rather than lazily from pckbc when slots are discovered. This is consistent
with what other isa devices (and pckbc on non-isa busses) do, and as a side
effect, this makes the dmesg output shorter.

This will also let us get rid of pckbc's intr_establish() callback in a
later diff.

Prompted by krw@ noticing ugly kernel output in a configuration with the
mouse slot left empty. ok krw@ mpi@

9 years agoReport all valid interrupt locators in isaprint() - although config(8) stanzas
miod [Thu, 21 May 2015 19:29:31 +0000 (19:29 +0000)]
Report all valid interrupt locators in isaprint() - although config(8) stanzas
only allow one irq for isa devices, there is actually support for more since
we got isapnp(4) support, and upcoming changes will actually have regular isa(4)
devices claim more than one irq in their indirect match function.

9 years agono such thing as mips64le
miod [Thu, 21 May 2015 19:26:34 +0000 (19:26 +0000)]
no such thing as mips64le

9 years agoSwitch amd64, hppa, mips64, mips64le and powerpc to binutils 2.17.
kettenis [Thu, 21 May 2015 19:13:59 +0000 (19:13 +0000)]
Switch amd64, hppa, mips64, mips64le and powerpc to binutils 2.17.

ok deraadt@

9 years agoNo need to call tzset() and log_init() in the forked constraint
reyk [Thu, 21 May 2015 14:24:43 +0000 (14:24 +0000)]
No need to call tzset() and log_init() in the forked constraint
handler.  It is run in a chroot, so tzset() wouldn't even succeed to
open the zone file.  Found with tame.

OK deraadt@

9 years agoRename caddr_t p to cp in an inner block to avoid aliasing the outer
nicm [Thu, 21 May 2015 13:35:15 +0000 (13:35 +0000)]
Rename caddr_t p to cp in an inner block to avoid aliasing the outer
struct proc *p, ok deraadt

9 years agoSupport "ssh-keygen -lF hostname" to find search known_hosts and
djm [Thu, 21 May 2015 12:01:19 +0000 (12:01 +0000)]
Support "ssh-keygen -lF hostname" to find search known_hosts and
print key hashes. Already advertised by ssh-keygen(1), but not
delivered by code; ok dtucker@

9 years agosome fixes from pjanzen;
jmc [Thu, 21 May 2015 10:42:30 +0000 (10:42 +0000)]
some fixes from pjanzen;

9 years agoNo need for ifp since we do not set "rcvif".
mpi [Thu, 21 May 2015 09:44:32 +0000 (09:44 +0000)]
No need for ifp since we do not set "rcvif".

9 years agoNo need to set "rcvif", if_input() does it for you.
mpi [Thu, 21 May 2015 09:36:20 +0000 (09:36 +0000)]
No need to set "rcvif", if_input() does it for you.

9 years agotedu commented out xl_testpacket(), remove one of the IFQ_ENQUEUE()
mpi [Thu, 21 May 2015 09:25:18 +0000 (09:25 +0000)]
tedu commented out xl_testpacket(), remove one of the IFQ_ENQUEUE()
in the tree.

9 years agoConvert to if_output().
mpi [Thu, 21 May 2015 09:22:39 +0000 (09:22 +0000)]
Convert to if_output().

9 years agoCorrectly state the link state to INVALID when creating a carp interface.
mpi [Thu, 21 May 2015 09:17:53 +0000 (09:17 +0000)]
Correctly state the link state to INVALID when creating a carp interface.

Since vhe are allocated with M_ZERO and INIT is also defined to be 0,
carp_set_state() would result in a no-op because of the state check.

So explicitly initialize the state of a vhe to INIT and move the state
check in carp_set_state_all() to prevent similar issues in the future.

Problem and initial diff from Johan Ymerson, thanks!

ok henning@

9 years agoAccess to uninitialized variable fixed.
gerhard [Thu, 21 May 2015 07:39:52 +0000 (07:39 +0000)]
Access to uninitialized variable fixed.

ok mikeb@

9 years agoregress test for AuthorizedPrincipalsCommand
djm [Thu, 21 May 2015 06:44:25 +0000 (06:44 +0000)]
regress test for AuthorizedPrincipalsCommand

9 years agoadd AuthorizedPrincipalsCommand that allows getting authorized_principals
djm [Thu, 21 May 2015 06:43:30 +0000 (06:43 +0000)]
add AuthorizedPrincipalsCommand that allows getting authorized_principals
from a subprocess rather than a file, which is quite useful in
deployments with large userbases

feedback and ok markus@

9 years agoregress test for AuthorizedKeysCommand arguments
djm [Thu, 21 May 2015 06:40:02 +0000 (06:40 +0000)]
regress test for AuthorizedKeysCommand arguments

9 years agosupport arguments to AuthorizedKeysCommand
djm [Thu, 21 May 2015 06:38:35 +0000 (06:38 +0000)]
support arguments to AuthorizedKeysCommand

bz#2081 loosely based on patch by Sami Hartikainen
feedback and ok markus@

9 years agorefactor: split base64 encoding of pubkey into its own
djm [Thu, 21 May 2015 04:55:51 +0000 (04:55 +0000)]
refactor: split base64 encoding of pubkey into its own
sshkey_to_base64() function and out of sshkey_write();
ok markus@

9 years agoRe-remove extra perl utils, patch lost in 5.20.2 update
afresh1 [Thu, 21 May 2015 03:58:09 +0000 (03:58 +0000)]
Re-remove extra perl utils, patch lost in 5.20.2 update

pointed out by miod@

9 years agoRemove clauses 3 and 4 from Christos Zoulas' BSD license.
schwarze [Wed, 20 May 2015 23:39:55 +0000 (23:39 +0000)]
Remove clauses 3 and 4 from Christos Zoulas' BSD license.
This is safe because Christos did that himself in NetBSD in 2008.
No code change.

9 years agoRemove function argument name from posix_spawnattr_getsigmask()
millert [Wed, 20 May 2015 22:50:07 +0000 (22:50 +0000)]
Remove function argument name from posix_spawnattr_getsigmask()
prototype to match other prototypes in the file.  OK guenther@ deraadt@

9 years agoFix sign compare bug introduced when rnum() was redefined to use
millert [Wed, 20 May 2015 20:26:00 +0000 (20:26 +0000)]
Fix sign compare bug introduced when rnum() was redefined to use
arc4random_uniform().  From pjanzen@, OK deraadt@

9 years agoMerge the get_drive() function with install_disk(), which is the
rpe [Wed, 20 May 2015 19:14:35 +0000 (19:14 +0000)]
Merge the get_drive() function with install_disk(), which is the
only remaining consumer.

OK krw@

9 years agoSigned types are bad array indicies - let it panic instead.
pelikan [Wed, 20 May 2015 15:21:57 +0000 (15:21 +0000)]
Signed types are bad array indicies - let it panic instead.

ok deraadt krw millert

9 years agoscrap unused ixgbe_get_link_capabilities_X540
mikeb [Wed, 20 May 2015 14:34:27 +0000 (14:34 +0000)]
scrap unused ixgbe_get_link_capabilities_X540

9 years agoRemove hotplug(4) sensor support: the code has been disabled by
reyk [Wed, 20 May 2015 13:32:39 +0000 (13:32 +0000)]
Remove hotplug(4) sensor support: the code has been disabled by
henning@ 9 years ago because of an issue with the /dev/hotplug device
- it does not support multiple readers opening it.  Nobody ever cared
enough to fix it so it is time to sent the dead code to the Attic.

OK henning@ (feeling sad about it), mpi@ and others

9 years agoUse off_t instead of size_t to pass file size and print it using %lld when
kettenis [Wed, 20 May 2015 09:28:47 +0000 (09:28 +0000)]
Use off_t instead of size_t to pass file size and print it using %lld when
constructing the Content-Length header field.  Should fix some, but probably
not all, problems with serving files bigger than 2G on 32-bit architectures.

ok reyk@, florian@

9 years agoKeep track of the ifih corresponding to a vlan instance to ease its
mpi [Wed, 20 May 2015 08:54:37 +0000 (08:54 +0000)]
Keep track of the ifih corresponding to a vlan instance to ease its
removal.

As soon as carp(4) will be converted to the new if_input() API it
will be possible to add multiple vlan(4) and carp(4) pseudo-ifps on
top of the same parent interface.  When such thing happens we can no
longer assume that the first pseudo-ifp to be destroyed will be the
last configured.

ok dlg@

9 years agoDo not increment if_opackets in if_output(). It might make sense to do
mpi [Wed, 20 May 2015 08:28:54 +0000 (08:28 +0000)]
Do not increment if_opackets in if_output().  It might make sense to do
that later but all drivers should be adapated.

Should fix a double output packet accounting, reported by Hrvoje Popovski.

9 years agoReturn empty string if format is empty rather than attempting to
nicm [Wed, 20 May 2015 06:39:02 +0000 (06:39 +0000)]
Return empty string if format is empty rather than attempting to
allocate zero bytes.

9 years agoNo need to check the return value of memcpy() if you actually checked this
miod [Wed, 20 May 2015 04:33:35 +0000 (04:33 +0000)]
No need to check the return value of memcpy() if you actually checked this
pointer for NULL the line above; ok doug@

9 years agoRemove cubieboard specific gpio led setting.
jsg [Wed, 20 May 2015 03:49:23 +0000 (03:49 +0000)]
Remove cubieboard specific gpio led setting.
From Artturi Alm in bitrig.

9 years agoNow all the socs use the same va entry point and don't have any
jsg [Wed, 20 May 2015 01:44:20 +0000 (01:44 +0000)]
Now all the socs use the same va entry point and don't have any
conflicting symbols we can combine the configs.

Multiple umg files are still required however.  The bsd.umg target in
the kernel is replaced by targets for bsd.IMX.umg, bsd.OMAP.umg and
bsd.SUNXI.umg.

9 years agoARM L2C driver is only relevant on Cortex-A9 machines.
jsg [Wed, 20 May 2015 00:39:16 +0000 (00:39 +0000)]
ARM L2C driver is only relevant on Cortex-A9 machines.
From Patrick Wildt in bitrig.

9 years agoadd per soc match functions instead of using armv7_match
jsg [Wed, 20 May 2015 00:14:55 +0000 (00:14 +0000)]
add per soc match functions instead of using armv7_match

9 years agoInstead of testing for __ELF__ and/or vax, leave out the bits for interfacing
guenther [Tue, 19 May 2015 20:50:06 +0000 (20:50 +0000)]
Instead of testing for __ELF__ and/or vax, leave out the bits for interfacing
with ld.so locking whenever building NOPIC

pointless use of __ELF__ noted by brad@
ok miod@

9 years agoOnly attempt to load /etc/random.seed from the boot device after the kernel
miod [Tue, 19 May 2015 20:42:11 +0000 (20:42 +0000)]
Only attempt to load /etc/random.seed from the boot device after the kernel
image has been succesfully loaded (with the recent loadfile changes allowing
us to know where the randomness needs to be loaded). While there, don't
bother doing this when booting from tape.

This works around the sun4e PROM 1.6, which gets confused by PROM open() -
close() sequences without any I/O happening in between.

Crank boot blocks version to 2.11.

9 years agoExtend the libsa loadfile(9) granularity to tell apart randomness from the rest
miod [Tue, 19 May 2015 20:39:12 +0000 (20:39 +0000)]
Extend the libsa loadfile(9) granularity to tell apart randomness from the rest
of the kernel, and extend the array filled by loadfile to report the location
of the randomness area.

This doesn't introduce any change for bootblocks (save for a slightly larger
stack usage due to the larger array), for the new {LOAD,COUNT}_RANDOM bits
are included in the {LOAD,COUNT}_ALL masks everything uses or computes from.

9 years agoMove acquisition of the kernel lock deeper in the interrupt path, and make
miod [Tue, 19 May 2015 20:28:14 +0000 (20:28 +0000)]
Move acquisition of the kernel lock deeper in the interrupt path, and make
sure clock interrupts do not attempt to acquire it.
This will also eventually allow for IPL_MPSAFE interrupts on alpha.

Tested by dlg@ and I.

9 years agoFix installing sets from cdrom if more than one drive is present.
rpe [Tue, 19 May 2015 20:12:29 +0000 (20:12 +0000)]
Fix installing sets from cdrom if more than one drive is present.
Run makedev in install_cdrom() to create the necessary device nodes,
which got lost in a recent change.

Found by James Hartley, thanks for the bug report!
OK krw@

9 years agoimprove spacing in disklabel template.
sobrado [Tue, 19 May 2015 18:50:39 +0000 (18:50 +0000)]
improve spacing in disklabel template.

9 years agobetter spacing in media types.
sobrado [Tue, 19 May 2015 18:16:32 +0000 (18:16 +0000)]
better spacing in media types.

ok reyk@

9 years agosort media type extensions for text/html and image/jpeg as given in
sobrado [Tue, 19 May 2015 18:12:58 +0000 (18:12 +0000)]
sort media type extensions for text/html and image/jpeg as given in
/usr/share/misc/mime.types; do not include shtml as it is for Server
Side Includes (SSI) -- we will never do SSI.

joint work with reyk@

ok reyk@

9 years agodrop comment about being possible to include /etc/nginx/mime.types,
sobrado [Tue, 19 May 2015 18:03:32 +0000 (18:03 +0000)]
drop comment about being possible to include /etc/nginx/mime.types,
we do not have to care about nginx anymore.

ok jmc@ (who thinks previously suggested removing it), and reyk@

9 years agoTest divert-to rules' address handling (pfctl/parse.y -r1.648)
mikeb [Tue, 19 May 2015 17:16:20 +0000 (17:16 +0000)]
Test divert-to rules' address handling (pfctl/parse.y -r1.648)

9 years agoGet the rdomain from the newly exposed ifi_rdomain field in if_data
reyk [Tue, 19 May 2015 16:07:38 +0000 (16:07 +0000)]
Get the rdomain from the newly exposed ifi_rdomain field in if_data
instead of calling the SIOCGIFRDOMAIN ioctl for every single address.

OK deraadt@

9 years agoWhen a user is specified via the -u flag, use setusercontext() to
millert [Tue, 19 May 2015 16:05:12 +0000 (16:05 +0000)]
When a user is specified via the -u flag, use setusercontext() to
setup (most of) the execution environment.  We still have to defer
setting the actual uid until after we change root.  OK deraadt@

9 years agoAdd -c flag to display the user's login class. OK espie@
millert [Tue, 19 May 2015 16:03:19 +0000 (16:03 +0000)]
Add -c flag to display the user's login class.  OK espie@

9 years agosplx should also be called in the error case, fix a regression
mpi [Tue, 19 May 2015 15:10:59 +0000 (15:10 +0000)]
splx should also be called in the error case, fix a regression
introduced during the if_output() conversion.

Found by jsg@

9 years agoDo not leak a rtentry if it is unusable.
mpi [Tue, 19 May 2015 14:16:35 +0000 (14:16 +0000)]
Do not leak a rtentry if it is unusable.

Found by The Brainy Code Scanner from Maxime Villard.

9 years agoKeep visibility information for references to discarded sections.
kettenis [Tue, 19 May 2015 13:38:29 +0000 (13:38 +0000)]
Keep visibility information for references to discarded sections.

9 years agoIncrease a maximum firmware handshake timeout to 10s
mikeb [Tue, 19 May 2015 12:50:53 +0000 (12:50 +0000)]
Increase a maximum firmware handshake timeout to 10s

BCM5718 Programmers Guide in chapter 7 "Device Control", section
"Device Reset Procedure" states that SEEPROM chips need a larger
timeout than Flash ones.

ok reyk

9 years agoConvert to if_input().
mpi [Tue, 19 May 2015 11:34:30 +0000 (11:34 +0000)]
Convert to if_input().

ok dlg@

9 years agoConvert to if_input().
mpi [Tue, 19 May 2015 11:24:01 +0000 (11:24 +0000)]
Convert to if_input().

ok dlg@

9 years agoWe cannot check for M_BCAST or M_MCAST now that vlan_input() is ran
mpi [Tue, 19 May 2015 11:21:42 +0000 (11:21 +0000)]
We cannot check for M_BCAST or M_MCAST now that vlan_input() is ran
before ether_input().

9 years agoTake vlan(4) out of ether_input().
mpi [Tue, 19 May 2015 11:09:24 +0000 (11:09 +0000)]
Take vlan(4) out of ether_input().

To keep the list of input handlers short, multiple vlans share the
same ifih.

if_input_process() now looks if the interface of a mbuf changed to
make sure the corresponding handlers are executed.  This is a hack
and will be improved later.

ok dlg@

9 years agoIn terminfo, sometimes cvvis implies cnorm and sometimes it doesn't, so
nicm [Tue, 19 May 2015 08:48:37 +0000 (08:48 +0000)]
In terminfo, sometimes cvvis implies cnorm and sometimes it doesn't, so
don't assume it does. Fixes missing cursor with emacs-in-tmux-in-tmux.

9 years agochange names to not conflict with omap intc
jsg [Tue, 19 May 2015 06:09:35 +0000 (06:09 +0000)]
change names to not conflict with omap intc
From Patrick Wildt in bitrig

9 years agorename global variables to not conflict with gptimer
jsg [Tue, 19 May 2015 06:04:26 +0000 (06:04 +0000)]
rename global variables to not conflict with gptimer

9 years agoAbstract the soc_machdep.c functions to allow a kernel to be built for
jsg [Tue, 19 May 2015 03:30:54 +0000 (03:30 +0000)]
Abstract the soc_machdep.c functions to allow a kernel to be built for
multiple socs.

From Patrick Wildt in bitrig with some additional changes.

9 years agouse the same va entry point on all armv7 socs
jsg [Tue, 19 May 2015 00:05:59 +0000 (00:05 +0000)]
use the same va entry point on all armv7 socs
Similiar changes were made in bitrig by Patrick Wildt.

As part of this change the physical load address for imx and sunxi have
changed.  Any u-boot settings that include it will need to be modified.

imx: 0x10800000 -> 0x10300000
sunxi: 0x40800000 -> 0x40300000

Tested by bmercer, canacar and myself.
ok bmercer@

9 years agoMake armv7 startup PIC. From Dale Rahn in bitrig.
jsg [Mon, 18 May 2015 23:56:47 +0000 (23:56 +0000)]
Make armv7 startup PIC. From Dale Rahn in bitrig.
Tested by bmercer, canacar and myself.
ok bmercer@

9 years agoMake TAPE=- mean stdout in tar
czarkoff [Mon, 18 May 2015 20:26:16 +0000 (20:26 +0000)]
Make TAPE=- mean stdout in tar

Some scripts and GUI ssh clients assume that tar writes to standard output by
default.  This changes allows enforcing such behavior by setting TAPE="-" in
user profile.

Also, this makes parsing argument to "-f" option and contents of TAPE
environment variable consistent.

OK guenther@, jmc@ and sthen@

9 years agoDo lazy update/reset of the FS.base and %[def]s segment registers: reseting
guenther [Mon, 18 May 2015 19:59:27 +0000 (19:59 +0000)]
Do lazy update/reset of the FS.base and %[def]s segment registers: reseting
segment registers in cpu_switchto if the old thread had made it to userspace
and restoring FS.base only on first return to userspace since context switch.

ok mlarkin@

9 years agoFor each file in sysctl(KERN_FILE_BYFILE), FILLIT() calls fill_file(),
bluhm [Mon, 18 May 2015 19:10:35 +0000 (19:10 +0000)]
For each file in sysctl(KERN_FILE_BYFILE), FILLIT() calls fill_file(),
which calls VOP_GETATTR().  For NFS, that leads to nfs_getattr().
If the node's attributes are not in NFS's cache, nfs_getattr() will
invoke nfs_request() and the latter will sleep, allowing the file
pointer to disappear while we traverse the list.
This results in kernel crashes while running netstat or pstat -f.
Grab a reference to the file descriptor before calling FILLIT(),
and release it afterwards.  This way the file descriptor cannot
disappear while we sleep in nfs_getattr().
Analysis and fix from Pedro Martelletto; input and OK guenther@ mpi@

9 years agoMake the compiler emit visibility information for (undefined) references with
kettenis [Mon, 18 May 2015 18:38:49 +0000 (18:38 +0000)]
Make the compiler emit visibility information for (undefined) references with
non-default visibility.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=20218 for details.

This version comes from FreeBSD and has been made available under the GPLv2
license.  It has some additional bits thrown in from me to make it work in
mips64 too, and another bit to stop the C++ compiler to randomly emit
visibility information for C++ symbols that in the end aren't referenced.

ok guenther@

9 years agoidentical common code -> refactor
espie [Mon, 18 May 2015 18:25:13 +0000 (18:25 +0000)]
identical common code -> refactor

9 years agobetter error in case we can't create tempfiles
espie [Mon, 18 May 2015 18:17:27 +0000 (18:17 +0000)]
better error in case we can't create tempfiles

9 years agoTweak parsing so that hostnames starting with 0-9 are accepted.
krw [Mon, 18 May 2015 17:51:21 +0000 (17:51 +0000)]
Tweak parsing so that hostnames starting with 0-9 are accepted.

Reported long ago by matthieu@. Also Jacob Berkman via the lists.

Tests and suggestions from Jacob and Matthieu.

9 years agoFix a crash reported and analyzed by Bertrand PROVOST. When a HTTP
bluhm [Mon, 18 May 2015 16:57:20 +0000 (16:57 +0000)]
Fix a crash reported and analyzed by Bertrand PROVOST.  When a HTTP
client or server writes multiple requests or chunks in a single
transfer, relayd invokes the libevent callback manually for the
next data.  If the callback closes the session, this resulted in
an use after free.
Instead of the more complicated fix suggested by Bertrand PROVOST,
just move the invocation of the callback to the end of the function.
So in case the callback frees any structures, they are not accessed.
OK benno@ reyk@

9 years agoThe first line of a HTTP request is the method-url-version. The
bluhm [Mon, 18 May 2015 16:45:16 +0000 (16:45 +0000)]
The first line of a HTTP request is the method-url-version.  The
second line is a key-value header.  So you cannot append to the
previous key-value before line three.  Also reset the last header
when all headers are purged to avoid a use after free.
OK benno@ reyk@

9 years agoChange spamd to use divert-to instead of rdr-to.
reyk [Mon, 18 May 2015 16:04:21 +0000 (16:04 +0000)]
Change spamd to use divert-to instead of rdr-to.

divert-to has many advantages over rdr-to for proxies.  For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.

Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to.  spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.

Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)

Tested by many
With help from okan@
OK okan@ beck@ millert@

9 years agoPut ntpd.conf in MUTABLE so it's installed with 0644 mode.
ajacoutot [Mon, 18 May 2015 15:17:29 +0000 (15:17 +0000)]
Put ntpd.conf in MUTABLE so it's installed with 0644 mode.

discussed by deraadt@

9 years agogetentropy() and sendsyslog() have been around long enough.
deraadt [Mon, 18 May 2015 15:06:05 +0000 (15:06 +0000)]
getentropy() and sendsyslog() have been around long enough.
openssh-portable may want the #ifdef's but not base.
discussed with djm few weeks back

9 years agoStop rejecting leases with a subnet that overlaps a subnet already
krw [Mon, 18 May 2015 14:59:42 +0000 (14:59 +0000)]
Stop rejecting leases with a subnet that overlaps a subnet already
present. The latest routing stack code can now handle these situations.

Much requested by beck@ and others. Detailed discussion at s2k15
identified required routing changes.

ok claudio@

9 years agoCurrently, after 4 failed constraint checks, we suspect the constraint
reyk [Mon, 18 May 2015 14:19:23 +0000 (14:19 +0000)]
Currently, after 4 failed constraint checks, we suspect the constraint
of being wrong, not the NTP responses, reset it and query it from all
the constraint servers all over again.  This is turned out to be a bit
aggressive because it could get triggered with just a few bad NTP
peers in a larger pool.  To avoid constant reconnections, scale the
error margin with the number of resolved NTP peers using peer_cnt * 4.
This way a single or a few outliers in a NTP pool cannot trigger
reconnecting to the constraint servers immediately.  More NTP peers,
less reason to mistrust the constraint.

Found by dtucker@
OK deraadt@

9 years agoswap calloc() arguments for clarity
deraadt [Mon, 18 May 2015 13:57:34 +0000 (13:57 +0000)]
swap calloc() arguments for clarity

9 years agoenable ntpd by default at install time. We use pools and a reliable
deraadt [Mon, 18 May 2015 13:48:37 +0000 (13:48 +0000)]
enable ntpd by default at install time.  We use pools and a reliable
constraint to keep them in check.  in the worst case of being on a
dark net, nothing changes.

this is being enabled by default to allow gathering of more operational
information from users.  and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future.  if not, ntpd
will become even more awesome along the way.

with reyk rpe