deraadt [Mon, 30 Jul 2018 15:19:12 +0000 (15:19 +0000)]
sync
deraadt [Mon, 30 Jul 2018 15:16:27 +0000 (15:16 +0000)]
rename 2nd argument of unveil from vague "flags" to "permissions";
man page change will follow
kettenis [Mon, 30 Jul 2018 14:19:12 +0000 (14:19 +0000)]
Use the MI interrupt enable/distable API instead of the MD one on i386 and
remove the MD API.
ok deraadt@
espie [Mon, 30 Jul 2018 14:13:08 +0000 (14:13 +0000)]
Tweak history
Document that LOCALBASE changes may not work.
Be less dramatic about it, as it doesn't appear to be *that* bad.
espie [Mon, 30 Jul 2018 12:47:12 +0000 (12:47 +0000)]
byebye fake.mtree
mpi [Mon, 30 Jul 2018 12:22:14 +0000 (12:22 +0000)]
Use FNONBLOCK instead of SS_NBIO to check/indicate that the I/O mode
for sockets is non-blocking.
This allows us to G/C SS_NBIO. Having to keep the two flags in sync
in a mp-safe way is complicated.
This change introduce a behavior change in sosplice(), it can now
always block. However this should not matter much due to the socket
lock being taken beforhand.
ok bluhm@, benno@, visa@
ratchov [Mon, 30 Jul 2018 11:51:42 +0000 (11:51 +0000)]
Inline trivial uaudio_id_name(). From Michael Bombardieri, thanks.
"looks good" kn@
nicm [Mon, 30 Jul 2018 11:24:55 +0000 (11:24 +0000)]
Remove a leftover unused struct.
stsp [Mon, 30 Jul 2018 11:09:17 +0000 (11:09 +0000)]
Don't ask drivers to join a wifi network before an AP has been chosen.
Should fix a panic with bwfm(4) reported by mlarkin@
ok phessler@
kettenis [Mon, 30 Jul 2018 10:56:00 +0000 (10:56 +0000)]
Add support for the GIC v3 ITS and use it to implement MSI support for
rkpcie(4).
ok patrick@
benno [Mon, 30 Jul 2018 09:59:03 +0000 (09:59 +0000)]
cleanup initialization of chngdir. inspired by Ross L Richardson.
ok tb@
benno [Mon, 30 Jul 2018 09:56:50 +0000 (09:56 +0000)]
replace exit() with return(), from Ross L Richardson.
ok tb@ (previous 3 commits to main.c as well)
benno [Mon, 30 Jul 2018 09:54:35 +0000 (09:54 +0000)]
replace warn() + exit() with err()
From Ross L Richardson.
benno [Mon, 30 Jul 2018 09:53:14 +0000 (09:53 +0000)]
line too long and whitespace. From Ross L Richardson.
benno [Mon, 30 Jul 2018 09:51:49 +0000 (09:51 +0000)]
reorder option parsing to be alphabetical/same order as usage and
manpage. From Ross L Richardson.
jmatthew [Mon, 30 Jul 2018 09:04:52 +0000 (09:04 +0000)]
When converting the bios memory map to memory clusters, clip segments at
the 512GB mark as the direct map cannot address memory past that point.
ok kettenis@ (quite a while ago)
florian [Mon, 30 Jul 2018 08:57:09 +0000 (08:57 +0000)]
update to nsd 4.1.23, from the release notes:
------------------------------------------------------------------------
NSD versions 4.1.22 and before are vulnerable in comparing TSIG
information and this can be used to discover a TSIG secret.
NSD uses TSIG to protect zone transfers. The TSIG code uses a secret
key to protect the data. The secret key is shared with both sides of
the zone transfer connection. The comparison code in NSD was not time
insensitive, causing the potential for an attacker to use timing
information to discover data about the key contents.
NSD versions from 2.2.0 to 4.1.22 are vulnerable. Upgrade to 4.1.23 or
newer to get the fix.
It was reported by Ondrej Sury (ISC).
------------------------------------------------------------------------
OK tb, sthen
kn [Mon, 30 Jul 2018 08:28:40 +0000 (08:28 +0000)]
Simplify host()
Get rid of the `cont' flag, zap obvious comments, add error label.
OK benno sashan
patrick [Mon, 30 Jul 2018 08:14:45 +0000 (08:14 +0000)]
Add ssdfb(4), a driver for the SSD1309 controller that drives an
128x64 OLED display. With the typical 8x16 font we get 4 rows with
16 characters each on it. The controller can be driven using I2C,
3-wire and 4-wire SPI. This commit includes support for the 4-wire
protocol.
ok deraadt@
ajacoutot [Mon, 30 Jul 2018 08:05:06 +0000 (08:05 +0000)]
Add colon for clarity.
ok espie@
jmatthew [Mon, 30 Jul 2018 07:34:37 +0000 (07:34 +0000)]
apply the loop settle delay to handling of loop up and loop reset events,
so hotplug can be more reliable too.
jmatthew [Mon, 30 Jul 2018 07:30:54 +0000 (07:30 +0000)]
extend the loop settle time to 200ms, and adjust the check so that we'll
actually break out once the loop has been up for that long.
jmc [Mon, 30 Jul 2018 05:23:00 +0000 (05:23 +0000)]
tweak previous;
deraadt [Mon, 30 Jul 2018 00:34:57 +0000 (00:34 +0000)]
KNF
beck [Mon, 30 Jul 2018 00:30:15 +0000 (00:30 +0000)]
document the current limitation (we don't yet find an above covering
unveil for relative operations) that I am working on in BUGS
beck [Mon, 30 Jul 2018 00:16:59 +0000 (00:16 +0000)]
Allow for us to do a CREATE style lookup on a read only filesystem
if and only if we are unveil doing it. Fixes an issue noticed
by kn@ where unveil would fail with EROFS on a read only filesystem
deraadt [Mon, 30 Jul 2018 00:11:04 +0000 (00:11 +0000)]
activate unveil for testing
ok kibbles and bits
beck [Sun, 29 Jul 2018 23:53:04 +0000 (23:53 +0000)]
revert accidentally changed prototype
beck [Sun, 29 Jul 2018 23:11:02 +0000 (23:11 +0000)]
Don't exceed UNVEIL_MAX_VNODES with a long path now that we save
the traversed vnodes - noticed and fixed by semarie@
beck [Sun, 29 Jul 2018 22:53:39 +0000 (22:53 +0000)]
Make sure we don't count looking at .. as a component
as a descending match.
Noticed by Stuart Cassoff <3d0g@bell.net>
beck [Sun, 29 Jul 2018 22:30:32 +0000 (22:30 +0000)]
Add regress for ensuring .. is appropriately *not* used as a
descending match
tb [Sun, 29 Jul 2018 20:29:32 +0000 (20:29 +0000)]
Document that X509_{NAME,REQ,REQ_INFO}_free() are all NULL safe.
From Ross L. Richardson
tb [Sun, 29 Jul 2018 20:22:02 +0000 (20:22 +0000)]
Remove NULL checks before X509_{REQ,NAME}_free() and zap an unnecessary
pair of parens.
From Ross L. Richardson
benno [Sun, 29 Jul 2018 20:15:23 +0000 (20:15 +0000)]
replace hand-rolled tmp files with mkstemp()
ok florian@ back in april, reminded by theo.
deraadt [Sun, 29 Jul 2018 19:40:41 +0000 (19:40 +0000)]
Add _PATH_AUTHPROGDIR = "/usr/libexec/auth", this path will be used
to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG =
"/usr/libexec/auth/login_", which it auth-program is appended to -- a
rather gross idea which now shows lack of wisdom.
anton [Sun, 29 Jul 2018 14:11:05 +0000 (14:11 +0000)]
add missing markup and some minor tweaks; ok jmc@
deraadt [Sun, 29 Jul 2018 13:34:26 +0000 (13:34 +0000)]
After "termcap" initilization is finished, top appears to not open any
files ever again, so we can re-pledge tighter.
schwarze [Sun, 29 Jul 2018 13:27:44 +0000 (13:27 +0000)]
garbage collect old "manpages-check" target
which has been broken for years with nobody complaining;
OK espie@ kn@
deraadt [Sun, 29 Jul 2018 13:02:01 +0000 (13:02 +0000)]
mestre and i both concluded pledge can be tightened, "unix" handles the
coming code and "rpath wpath" isn't needed
ok claudio
deraadt [Sun, 29 Jul 2018 12:46:31 +0000 (12:46 +0000)]
remove extra space in output; from Ross L Richardson
schwarze [Sun, 29 Jul 2018 11:27:14 +0000 (11:27 +0000)]
UTF-8 support: use wcwidth(3) when calculating column widths;
written during g218; no objection when shown on tech@
bluhm [Sun, 29 Jul 2018 09:25:58 +0000 (09:25 +0000)]
New scapy 2.4.0 buffers packets at the bfp layer. Call sniff() to
clear this list when starting the sniffer thread. The TCP sequence
number check in sr1() became more strict. Use the sniffer thread
to capture retransmitted packetes which the new TCP answers() check
ignores now.
kn [Sat, 28 Jul 2018 23:36:54 +0000 (23:36 +0000)]
Use strtonum in host()
This is simpler than checking three cases for `q' and gives nicer error
messages. While here, use `v6mask' as maximum netmask instead of hardcoding
it.
OK sashan
deraadt [Sat, 28 Jul 2018 22:57:27 +0000 (22:57 +0000)]
k&r -> ansi function headers in this file, 'cause clang complained about one.
mortimer [Sat, 28 Jul 2018 21:43:21 +0000 (21:43 +0000)]
Add -fno-ret-protector for arm64.
Prompted by deraadt
schwarze [Sat, 28 Jul 2018 18:32:30 +0000 (18:32 +0000)]
Issue a STYLE message when normalizing the date format in .Dd/.TH.
Leah Neukirchen pointed out that mdoclint(1) used to warn about a
leading zero before the day number, so we know that both NetBSD and
Void Linux want the message. It does no harm on OpenBSD because
Mdocdate always does the right thing anyway.
jmc@ agrees that it makes sense in contexts not using Mdocdate.
deraadt [Sat, 28 Jul 2018 18:07:26 +0000 (18:07 +0000)]
delete unused ps_uvactive, since active checks are done against the ptr
from semarie
deraadt [Sat, 28 Jul 2018 18:06:30 +0000 (18:06 +0000)]
re-ordering for sensibility, by semarie; ok jmc
kettenis [Sat, 28 Jul 2018 15:28:51 +0000 (15:28 +0000)]
Add function to convert a PCI device "tag" into a PCIe requester ID.
ok patrick@, mlarkin@, deraadt@
tb [Sat, 28 Jul 2018 15:25:23 +0000 (15:25 +0000)]
Remove NULL checks before (most) libcrypto *_free() functions.
From Ross L. Richardson, thanks!
ok deraadt
kettenis [Sat, 28 Jul 2018 13:59:08 +0000 (13:59 +0000)]
Make use of PCI_FLAGS_MSI_ENABLED such that drivers for hardware with broken
MSI support can selectively disable the use of MSI.
ratchov [Sat, 28 Jul 2018 09:11:55 +0000 (09:11 +0000)]
Move libsndio session cookie in its own $HOME/.sndio/ directory to
make libsndio easier to use with unveil(2).
"make sense" deraadt
ratchov [Sat, 28 Jul 2018 09:07:48 +0000 (09:07 +0000)]
Rename the sndiod unix domain socket to /tmp/sndio/sockN to avoid
wondering what are these "aucat" files in /tmp.
"make sense" deraadt
ratchov [Sat, 28 Jul 2018 08:11:08 +0000 (08:11 +0000)]
sync
ratchov [Sat, 28 Jul 2018 08:09:50 +0000 (08:09 +0000)]
Remove unused /dev/audio and /dev/audioctl symlinks.
ok deraadt
kettenis [Fri, 27 Jul 2018 21:11:31 +0000 (21:11 +0000)]
Use the MI interrupt enable/distable API instead of the MD one on amd64 and
remove the MD API.
ok guenther@, deraadt@, mpi@
rob [Fri, 27 Jul 2018 19:14:45 +0000 (19:14 +0000)]
Full stop.
schwarze [Fri, 27 Jul 2018 17:47:05 +0000 (17:47 +0000)]
garbage collect the unused "#define INDENT"
deraadt [Fri, 27 Jul 2018 16:29:36 +0000 (16:29 +0000)]
sync
deraadt [Fri, 27 Jul 2018 14:14:40 +0000 (14:14 +0000)]
sync
claudio [Fri, 27 Jul 2018 12:03:17 +0000 (12:03 +0000)]
log_info -> log_debug since this is debug noise.
markus [Fri, 27 Jul 2018 12:03:17 +0000 (12:03 +0000)]
avoid expensive channel_open_message() calls; ok djm@
bket [Fri, 27 Jul 2018 06:26:38 +0000 (06:26 +0000)]
Enable slaacctl(8) to print information on an advertised MTU.
OK florian@
bket [Fri, 27 Jul 2018 06:23:08 +0000 (06:23 +0000)]
Have slaacd(8) share information on receiving a MTU advertisement with
slaacctl(8).
OK florian@
bket [Fri, 27 Jul 2018 06:20:01 +0000 (06:20 +0000)]
Enable slaacd(8) to set MTU on an interface.
If a router advertisement message with the MTU option is received on an
interface slaacd will set the specified MTU on that interface.
Lots of help from florian@. Thank you!
OK florian@
bket [Fri, 27 Jul 2018 06:15:10 +0000 (06:15 +0000)]
Add SIOCSIFMTU to the wroute pledge.
This is required by, for example, slaacd(8) (which has been pledged) to
set MTU on an interface.
OK florian@, deraadt@
ratchov [Fri, 27 Jul 2018 05:48:59 +0000 (05:48 +0000)]
No need to test if pointer is NULL to call free(9). From
Michael W. Bombardieri. Thanks!
dtucker [Fri, 27 Jul 2018 05:34:42 +0000 (05:34 +0000)]
Now that ssh can't be setuid, remove the original_real_uid and
original_effective_uid globals and replace with calls to plain getuid().
ok djm@
jmc [Fri, 27 Jul 2018 05:23:24 +0000 (05:23 +0000)]
remove errant Ed added in previous;
dtucker [Fri, 27 Jul 2018 05:13:02 +0000 (05:13 +0000)]
Remove uid checks from low port binds. Now that ssh cannot be
setuid and sshd always has privsep on, we can remove the uid checks
for low port binds and just let the system do the check. We leave
a sanity check for the !privsep case so long as the code is stil
there. with & ok djm@
jmatthew [Fri, 27 Jul 2018 04:57:45 +0000 (04:57 +0000)]
hds arrays can have more ports now, apparently; this lets theo use 4 paths
to his array rather than just 2.
ok dlg@
dtucker [Fri, 27 Jul 2018 03:55:22 +0000 (03:55 +0000)]
ssh(1) no longer supports being setuid root. Remove reference to crc32
which went with protocol 1. Pointed out by deraadt@.
beck [Fri, 27 Jul 2018 01:44:19 +0000 (01:44 +0000)]
Don't double vput and panic after looking up "."
beck [Fri, 27 Jul 2018 01:41:39 +0000 (01:41 +0000)]
add regress for unveil of "." now that I fixed this
beck [Fri, 27 Jul 2018 01:38:02 +0000 (01:38 +0000)]
Make the BYPASSUNVEIL test actually test BYPASSUNVEIL with tmppath
benno [Thu, 26 Jul 2018 22:03:19 +0000 (22:03 +0000)]
note under which circumstances ospfd uses the route priofilter
to not receive all route messages, thus saving cpu time.
wording as suggested by jmc@
ok remi@ jmc@ claudio@
jmc [Thu, 26 Jul 2018 20:36:10 +0000 (20:36 +0000)]
Xr make-plist -> update-plist;
jmc [Thu, 26 Jul 2018 20:18:11 +0000 (20:18 +0000)]
zap a dot;
mestre [Thu, 26 Jul 2018 19:33:20 +0000 (19:33 +0000)]
zap whitespaces
mestre [Thu, 26 Jul 2018 19:32:52 +0000 (19:32 +0000)]
reduce pledge(2) to the bare minimum:
after dbopen(3) occurs then all operations are on fds which don't need
rpath/wpath and therefore spamdb(8) only needs stdio at all times after the DB
was already open(2)ed
great input from semarie@ OK deraadt@
deraadt [Thu, 26 Jul 2018 14:49:35 +0000 (14:49 +0000)]
sync
mestre [Thu, 26 Jul 2018 13:37:40 +0000 (13:37 +0000)]
add pledge(2) to quot(8):
- rpath to traverse the filesystem(s)
- getpw to figure out who owns what
OK tb@ deraadt@
kettenis [Thu, 26 Jul 2018 13:20:53 +0000 (13:20 +0000)]
Add infrastructure to install lld as the default linker. The old GNU linker
will be installed as /usr/bin/ld.bfd on supported systems. This allows
users to fall back on the old linker by using the -fuse-ld=bfd option on
systems where lld is the default linker.
Switch armv7 to use lld as the default linker. On arm64 we already use lld
as the default linker. Other platforms will keep using the GNU linker for
now.
ok patrick@, deraadt@, phessler@
rob [Thu, 26 Jul 2018 12:50:04 +0000 (12:50 +0000)]
Mention some missing libevent macros.
ok jmc@, benno@, "yes" deraadt@
patrick [Thu, 26 Jul 2018 10:59:07 +0000 (10:59 +0000)]
Add imxspi(4), a driver for the i.MX SPI controller. This is the first
SPI controller in our tree. Add a basic generic SPI infrastructure as
well.
ok kettenis@
patrick [Thu, 26 Jul 2018 10:55:26 +0000 (10:55 +0000)]
Implement calculating the SPI controller frequency in imxccm(4).
ok kettenis@
job [Thu, 26 Jul 2018 10:05:02 +0000 (10:05 +0000)]
Remove CPUID insn_length check
Don't allow unprivileged users to crash things from ring 3
Thanks to William McCall for the patch!
OK mlarkin@
jmc [Thu, 26 Jul 2018 06:49:08 +0000 (06:49 +0000)]
tweak previous; ok espie
jmatthew [Thu, 26 Jul 2018 04:56:57 +0000 (04:56 +0000)]
don't dump status iocbs twice
jmatthew [Thu, 26 Jul 2018 04:26:30 +0000 (04:26 +0000)]
remove "bad startup mboxes" printf - it never indicates a real problem,
and it always happens on 25xx controllers.
patrick [Wed, 25 Jul 2018 20:47:45 +0000 (20:47 +0000)]
Implement a MSGBUF control packet mechanism based on the command
request ids. So far we were only able to have one command in flight
at a time and race conditions could easily lead to unexpected
behaviour. With this rework we send and enqueue a control packet
command and wait for replies to happen. Thus we can have multiple
control packets in flight and a reply with the correct id will wake
us up.
patrick [Wed, 25 Jul 2018 20:37:11 +0000 (20:37 +0000)]
On authentication we don't need to create the node before calling
the network stack since the stack will create the node for us if we
pass the ibss stack. On assocation request the node already has to
exist, so we error out if we don't have a record of the node. Fixes
hostap on 5 GHz channels, since now the node's channel is recorded
correctly.
jsing [Wed, 25 Jul 2018 18:04:09 +0000 (18:04 +0000)]
Provide a harness that runs test vectors from Project Wycheproof against
libcrypto. Initially this just covers RSA signatures, but can be extended
to cover other cryptographic algorithms.
This regress requires the go and wycheproof-testvector packages to be
installed, with the regress being skipped otherwise.
Discussed with beck@ and tb@
bluhm [Wed, 25 Jul 2018 17:24:14 +0000 (17:24 +0000)]
Document the spinning time of the CPU in systat(1) and top(1).
from Marcus MERIGHI; OK deraadt@ jmc@
deraadt [Wed, 25 Jul 2018 17:12:35 +0000 (17:12 +0000)]
Don't redefine Makefile choices which come correct from bsd.*.mk
ok markus
eric [Wed, 25 Jul 2018 16:00:48 +0000 (16:00 +0000)]
Implement a generic interface to forward resolver queries to the lka
process. Use it for the reverse lookups required by smtp and mta.
Until now, DNS-related lookups were implemented using ad-hoc IMSGs
between the lka and other processes. It turns out to be confusing and
difficult to maintain/extend. So we want to replace this with a better
set of IMSGs matching the standard resolver interface.
ok gilles@
gilles [Wed, 25 Jul 2018 15:24:26 +0000 (15:24 +0000)]
qmail advertizes a size of 0 as "no limit on data", fix SIZE handling in
mta_session.c
spotted by deraadt@ and benno@
cheloha [Wed, 25 Jul 2018 15:09:48 +0000 (15:09 +0000)]
Free operand copies after parsing.
We strdup operands before destructively parsing them to keep w(1) output
looking nice and neat, but after parsing we ought to free them.
We do need to keep copies for file paths, though, so add additional strdups
for operands if and of.
While here, use the preferred err(1, NULL) for an allocation failure. Also
while here, don't assign `oper' to a copy of itself because it looks strange.
"sure." deraadt
deraadt [Wed, 25 Jul 2018 13:56:23 +0000 (13:56 +0000)]
fix indent; Clemens Goessnitzer
deraadt [Wed, 25 Jul 2018 13:19:28 +0000 (13:19 +0000)]
sync