mpi [Wed, 24 Jun 2015 09:40:53 +0000 (09:40 +0000)]
Increment if_ipackets in if_input().
Note that pseudo-drivers not using if_input() are not affected by this
conversion.
ok mikeb@, kettenis@, claudio@, dlg@
kettenis [Wed, 24 Jun 2015 08:32:39 +0000 (08:32 +0000)]
Introduce Linux work queue APIs and use them. As a side-effect, this will
move some of the work from the system task queue to the driver-specific
task queue.
ok jsg@
mlarkin [Wed, 24 Jun 2015 07:18:13 +0000 (07:18 +0000)]
Remove a couple of unused and old #defines that discussed phys and virt
address widths in 1st-gen amd64 cpus.
ok kettenis, deraadt, guenther
yasuoka [Wed, 24 Jun 2015 05:20:16 +0000 (05:20 +0000)]
Fix npppd to terminate all PPP sessions properly even in case the
sending window for L2TP control is full when the control is terminating
(by a L2TP keepalive failure or other reasons). In that case, if the
L2TP peer didn't respond at all, npppd had kept some PPP sessions
forever.
deraadt [Wed, 24 Jun 2015 05:18:19 +0000 (05:18 +0000)]
sync
yasuoka [Wed, 24 Jun 2015 04:57:55 +0000 (04:57 +0000)]
Use the return value of event_loop() properly. Also abort(3) if
event_loop() returns abnormally which is unexpected.
diff from Yuuichi Someya
yasuoka [Wed, 24 Jun 2015 04:45:20 +0000 (04:45 +0000)]
Improve and fix typo in the comment.
yasuoka [Wed, 24 Jun 2015 04:34:31 +0000 (04:34 +0000)]
Mention that pipex should be also configured by sysctl.
dlg [Wed, 24 Jun 2015 03:42:08 +0000 (03:42 +0000)]
reenable the pool gc task.
the problems it tickled by working outside the biglock on archs
with mutex and clock interaction have been fixed, as evidenced by
the softnet taskq.
ok deraadt@
guenther [Wed, 24 Jun 2015 03:38:51 +0000 (03:38 +0000)]
Apply normal handling to atfd+path args to chflagsat(2)
Problem noted by patrick keshishian (sidster (at) boxsoft.com)
ok deraadt@
dtucker [Wed, 24 Jun 2015 01:49:19 +0000 (01:49 +0000)]
Revert previous commit. We still want to call setgroups in the case where
there are zero groups to remove any that we might otherwise inherit (as
pointed out by grawity at gmail.com) and since the 2nd argument to
setgroups is always a static global it's always valid to dereference in
this case. ok deraadt@ djm@
millert [Tue, 23 Jun 2015 22:53:14 +0000 (22:53 +0000)]
Add regress test for multiple negation characters.
millert [Tue, 23 Jun 2015 22:52:55 +0000 (22:52 +0000)]
POSIX specifies that that multiple '!' characters preceding a
function should be treated as a single negation. From FreeBSD
via Liviu Daia.
miod [Tue, 23 Jun 2015 19:50:48 +0000 (19:50 +0000)]
Disable some of the pmap_emulate_reference() DEBUG checks if option
MULTIPROCESSOR, and quote the alpha ARM to explain why; while there, make the
failure messages a bit more detailed.
miod [Tue, 23 Jun 2015 19:49:41 +0000 (19:49 +0000)]
In the copy(9) function, make sure to remember curproc accross the bcopy()
call, instead of &curproc. The copy routine may sleep and we may resume on
a different processor. This has been plaguing the alpha MULTIPROCESSOR kernels
since the very beginning; it's amazing this did not cause more havoc.
Joint debugging and hair pulling with dlg@ and deraadt@; ok dlg@
reyk [Tue, 23 Jun 2015 19:33:06 +0000 (19:33 +0000)]
Fix the optional lua patterns test with obj and different versions.
semarie [Tue, 23 Jun 2015 18:04:29 +0000 (18:04 +0000)]
add httpd regress
semarie [Tue, 23 Jun 2015 18:03:09 +0000 (18:03 +0000)]
add regress tests for httpd
- this testsuite covers patterns
jmc [Tue, 23 Jun 2015 17:29:19 +0000 (17:29 +0000)]
various tweaks;
semarie [Tue, 23 Jun 2015 17:25:01 +0000 (17:25 +0000)]
escape the matched substrings before using it in expansion.
ok reyk@
semarie [Tue, 23 Jun 2015 15:35:20 +0000 (15:35 +0000)]
remove a deprecated character class.
it was deprecated in lua code, but here the code is new. The documentation
don't mention it either.
ok reyk@
bentley [Tue, 23 Jun 2015 15:31:02 +0000 (15:31 +0000)]
Add STANDARDS section; isblank(3) was specified in C99.
ok jung@ jmc@
reyk [Tue, 23 Jun 2015 15:23:14 +0000 (15:23 +0000)]
Add initial support for pattern matching using Lua's pattern matching code.
With important help on the pattern matcher from semarie@
OK semarie@
semarie [Tue, 23 Jun 2015 15:16:34 +0000 (15:16 +0000)]
This patch ensure that when an error is detected, the freed variables in
elf_symloadx() are reinitialised.
Else show_file() in nm.c will used these variables, even if they has
just been freed. (nm.c +689).
Problem found by afl.
ok miod@
semarie [Tue, 23 Jun 2015 15:13:29 +0000 (15:13 +0000)]
This patch ensure that e_shentsize (sections header's size in bytes) is
big enough to fill at least one Elf_Shdr.
While here, inverts calloc() arguments to be calloc(nmemb, size),
according to fread() call after.
This problem was found with afl, with e_shentsize=1.
ok miod@
semarie [Tue, 23 Jun 2015 15:02:58 +0000 (15:02 +0000)]
corrects a read after bound that occurs in strcmp (line just
after the added bound check).
Found with afl.
ok miod@
bluhm [Tue, 23 Jun 2015 14:19:21 +0000 (14:19 +0000)]
If the kernel symbols fit completely into the 2 MB alignment hole
after kernel bss but before end of the image, the page tables used
the read-only mapping of the hole. When booting a small non-generic
kernel, this resulted in a crash, while writing to the page tables
later.
Make sure that the page tables are created after esym and after
end.
OK mlarkin@ deraadt@
semarie [Tue, 23 Jun 2015 13:43:08 +0000 (13:43 +0000)]
add some check before accessing data:
- if section header table is be present
- consistency of section header table size
ok miod@
mpi [Tue, 23 Jun 2015 13:20:17 +0000 (13:20 +0000)]
Pass a "struct ifnet *" instead of a "struct arpcom *" to arpresolve().
Most of the ARP layer already take an ifp pointer and this makes clear
wich chunks of code are messing with ac_enaddr.
Note that our Ethernet code assume that these pointer are interchangeable
since the first element of the "struct arpcom" is a "struct ifnet".
giovanni [Tue, 23 Jun 2015 13:11:27 +0000 (13:11 +0000)]
fix emacs pkg names
deraadt [Tue, 23 Jun 2015 12:29:46 +0000 (12:29 +0000)]
delete more p==NULL checks; discussed with miod, kettenis, dlg before
mpi [Tue, 23 Jun 2015 09:42:23 +0000 (09:42 +0000)]
Adapt bridge(4) to the new if_input() framework.
Move bridge_input() outside of ether_input() in order to duplicate packets
flowing through a bridge port before applying any transformation on mbufs.
This saves a various m_adj(9)/M_PREPEND(9) dances and remove the bridge(4)
hack from vlan(4).
Tested by mxb <mxb AT alumni DOT chalmers DOT se> and kettenis@
ok bluhm@
yasuoka [Tue, 23 Jun 2015 07:07:33 +0000 (07:07 +0000)]
Fix npppd to check the size of received GRE packets properly.
yasuoka [Tue, 23 Jun 2015 06:59:54 +0000 (06:59 +0000)]
Fix the problem when npppd receives a zero length 1701/udp packet. If
it receives such packets when the errno is not EAGAIN or EINTR, it had
closed all L2TP sessions and stoppped the L2TP server. Also fix the
receiving GRE packet since it potentially has the same problem.
yasuoka [Tue, 23 Jun 2015 06:21:53 +0000 (06:21 +0000)]
Fix the links to pppx(4).
diff from Fabian Raetz.
doug [Tue, 23 Jun 2015 05:58:28 +0000 (05:58 +0000)]
Change CBS_dup() to also sync the offset.
Previously, CBS_dup() had its own offset. However, it is more consistent
to copy everything.
ok miod@ jsing@
doug [Tue, 23 Jun 2015 01:20:24 +0000 (01:20 +0000)]
Convert bytestringtest to individual checks and don't short circuit.
The statements were chained together with OR which makes it more annoying
to debug. Also, it was short circuiting all tests as soon as one function
failed. Since the functions are independent, they should each run until
error.
Discussed with miod@ and jsing@
doug [Tue, 23 Jun 2015 00:02:01 +0000 (00:02 +0000)]
Remove unnecessary regress target.
djm [Mon, 22 Jun 2015 23:42:16 +0000 (23:42 +0000)]
Don't count successful partial authentication as failures in monitor;
this may have caused the monitor to refuse multiple authentications
that would otherwise have successfully completed; ok markus@
bluhm [Mon, 22 Jun 2015 20:06:11 +0000 (20:06 +0000)]
Add an #ifdef HIBERNATE to allow to build a kernel without hibernate but
with acpi.
OK mlarkin@
kettenis [Mon, 22 Jun 2015 18:57:26 +0000 (18:57 +0000)]
Make it possible to create write combing mappings through /dev/mem. This is
done by introducining a magic offset. Pages below this offset are mapped
with default memory attributes. Above this offset pages are mapped write
combining.
ok mlarkin@
jmc [Mon, 22 Jun 2015 18:31:48 +0000 (18:31 +0000)]
document that boot.conf can contain comments;
from tilo stritzky
thanks miod for help with the diff, and who also noted that
leading whitespace gets stripped too;
mikeb [Mon, 22 Jun 2015 15:58:23 +0000 (15:58 +0000)]
Increment rule counters only after successful state insertion
Do rule counter increments after state has been successfully
installed. This has an additional benefit of making error
handling a bit simpler.
OK mpi, bluhm
kettenis [Mon, 22 Jun 2015 15:20:43 +0000 (15:20 +0000)]
Flush out another small diff to reduce the diffs with Linux.
jmc [Mon, 22 Jun 2015 14:46:59 +0000 (14:46 +0000)]
theo buehler points out that posix specifies a prompt defined using -p
be reinstated when toggled off then on again; this seems to make sense,
but posix is not explicit.
we know that gnu ed and freebsd do reinstate the user defined prompt, but
we do not. no one has yet stepped up to change this, so i'm adding a note
to this effect until such a time as we do/
i have not tweaked the text for -p or "P" to allow for an easy back out
if behaviour does change;
mpi [Mon, 22 Jun 2015 12:56:55 +0000 (12:56 +0000)]
Do not update frame lengths to reflect what has really been transfered
when an isochronous transfer is done.
Frame lengths are just input values and no driver mess with them.
ok ratchov@, jmatthew@
dtucker [Mon, 22 Jun 2015 12:29:57 +0000 (12:29 +0000)]
Don't call setgroups if we have zero groups; there's no guarantee that it
won't try to deref the pointer. Based on a patch from mail at quitesimple.org,
ok djm deraadt
reyk [Mon, 22 Jun 2015 11:46:06 +0000 (11:46 +0000)]
After the last change, we also have to url_encode $SERVER_NAME and
$REMOTE_USER before using them in the Location.
From Sebastien Marie (semarie)
mpi [Mon, 22 Jun 2015 10:29:18 +0000 (10:29 +0000)]
Make xhci(4)'s root hub report the same status bits as physical USB3 hubs.
There's not bit to indicate the speed of a USB3.0 device attached to a hub
port so do not abuse the PORT_TEST bit. Instead make the xhci(4) root hub
report the PORT_POWER_SS bit when appropriate and use it to determin the
speed of a new device.
While here make the root hub report the link state and config error, from
FreeBSD.
mpi [Mon, 22 Jun 2015 09:07:11 +0000 (09:07 +0000)]
rtrequest1(9) error code path cleanup.
Pass the length to free(9), do not violate the radix/route layer and
set the gateway of a route a bit later to simplify error code path.
ok claudio@
mpi [Mon, 22 Jun 2015 08:43:27 +0000 (08:43 +0000)]
Apparently some BIOSes not supporting xHCI natively switch USB ports
back to EHCI at suspend. So route the ports back to xHCI at resume.
Problem reported by Adam Wolk, thanks!
krw [Sun, 21 Jun 2015 21:22:27 +0000 (21:22 +0000)]
Don't use uninitialized data as a return value.
From Brainy via Maxime Villard via tech@.
ok kettenis@
jca [Sun, 21 Jun 2015 20:49:18 +0000 (20:49 +0000)]
Don't leak mem if wsfont_rotate() fails.
Problem reported by Maxime Villard, ok miod@
kettenis [Sun, 21 Jun 2015 20:04:30 +0000 (20:04 +0000)]
Count transmitted packets.
deraadt [Sun, 21 Jun 2015 18:13:11 +0000 (18:13 +0000)]
sync
deraadt [Sun, 21 Jun 2015 18:11:58 +0000 (18:11 +0000)]
sync
deraadt [Sun, 21 Jun 2015 18:10:02 +0000 (18:10 +0000)]
5.9 base key
doug [Sun, 21 Jun 2015 16:10:45 +0000 (16:10 +0000)]
Check for failure with CBB_init() in bs_ber.c.
From BoringSSL commit
3fa65f0f05f67615d9daf48940e07f84d094ac6e.
reyk [Sun, 21 Jun 2015 13:08:36 +0000 (13:08 +0000)]
When encoding the Location url, only encode the query and path
elements from the user input and not the constants from the
configuration. This makes it possible to specify chars like '?' in
the uri.
OK Sebastien Marie
claudio [Sun, 21 Jun 2015 12:16:29 +0000 (12:16 +0000)]
There is a race between sending notifications to the SE and getting a new
peer_up event in the RDE. This can be triggered by graceful restart. So
remove the panic and replace it with roughly what peer_down does.
OK phessler and henning
reyk [Sun, 21 Jun 2015 12:15:09 +0000 (12:15 +0000)]
Add .mkv (video/x-matroska).
From David Hill
ok halex@
claudio [Sun, 21 Jun 2015 12:11:13 +0000 (12:11 +0000)]
There is no need to include sys/ucred.h. Only sys/file.h is needed for the
DTYPE defines.
millert [Sun, 21 Jun 2015 03:20:56 +0000 (03:20 +0000)]
Just return if nmemb is 0. Avoids a NULL dereference and is
consistent with the behavior of the other libc sort functions.
OK deraadt@
deraadt [Sun, 21 Jun 2015 00:15:12 +0000 (00:15 +0000)]
memory leak on failure; from Maxime Villard
kettenis [Sat, 20 Jun 2015 20:20:08 +0000 (20:20 +0000)]
Fix a bug that causes uvm_pmr_get1page() to fail for allocations that
specify an address constraint even when free pages that meet the constraint
are still available. This happens because the old code was using the root
of the size tree as a starting point for a search down the address tree.
This meant only part of the address tree was searched, and that part could
very well not contain any of the pages that met the constraint. Instead,
always walk the address tree from its root if the list of single pages is
empty and the root of the size tree doesn't meet our constraints.
From Visa Hankala.
ok deraadt@
doug [Sat, 20 Jun 2015 18:19:56 +0000 (18:19 +0000)]
Convert ssl3_get_new_session_ticket to CBS.
tweak + ok miod@ jsing@
doug [Sat, 20 Jun 2015 17:04:07 +0000 (17:04 +0000)]
Convert ssl3_get_next_proto to CBS.
tweak + ok miod@ jsing@
doug [Sat, 20 Jun 2015 16:42:48 +0000 (16:42 +0000)]
Convert ssl_parse_serverhello_renegotiate_ext to CBS.
ok miod@ jsing@
jsing [Sat, 20 Jun 2015 14:24:49 +0000 (14:24 +0000)]
Handle NIST curve names in openssl(1) ecparam.
From OpenSSL.
jsing [Sat, 20 Jun 2015 14:19:39 +0000 (14:19 +0000)]
Handle NIST curve names.
From OpenSSL.
ok miod@ (a while ago)
jsing [Sat, 20 Jun 2015 14:17:07 +0000 (14:17 +0000)]
Have ECPKParameters_print() include the NIST curve name, if known.
From OpenSSL.
ok miod@ (a while ago).
jsing [Sat, 20 Jun 2015 13:51:52 +0000 (13:51 +0000)]
Less mdc2.
jsing [Sat, 20 Jun 2015 13:26:08 +0000 (13:26 +0000)]
Provide EC_curve_nid2nist() and EC_curve_nist2nid().
From OpenSSL.
Rides libcrypto bump.
ok miod@ (a while ago)
jsing [Sat, 20 Jun 2015 12:29:39 +0000 (12:29 +0000)]
Make SSL_OP_ALL readable.
ok deraadt@ doug@ millert@ miod@ sthen@
jsing [Sat, 20 Jun 2015 12:01:54 +0000 (12:01 +0000)]
Put CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL.
ok doug@ deraadt@
jsing [Sat, 20 Jun 2015 12:01:14 +0000 (12:01 +0000)]
Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().
ok doug@ deraadt@
mpi [Sat, 20 Jun 2015 11:35:27 +0000 (11:35 +0000)]
Only match devices with a valid configuration.
ok uaa@
jca [Sat, 20 Jun 2015 10:57:42 +0000 (10:57 +0000)]
sort +0n -> sort -n, the former is historical
doug [Sat, 20 Jun 2015 04:04:35 +0000 (04:04 +0000)]
Convert ssl_parse_clienthello_renegotiate_ext to CBS.
ok miod@, tweak + ok jsing@
deraadt [Sat, 20 Jun 2015 01:45:17 +0000 (01:45 +0000)]
sync
doug [Sat, 20 Jun 2015 01:21:51 +0000 (01:21 +0000)]
Replace internal call to CRYPTO_memcmp with timingsafe_memcmp.
Suggested by jsing@.
ok jsing@ miod@
jca [Sat, 20 Jun 2015 01:17:34 +0000 (01:17 +0000)]
Bump major after {,asr_}print_sockaddr() renaming.
doug [Sat, 20 Jun 2015 01:17:27 +0000 (01:17 +0000)]
Fix warning on vax due to old gcc.
Old gcc warns when parameters have the same names as functions. Noticed
by deraadt@.
ok deraadt@ jsing@
jca [Sat, 20 Jun 2015 01:16:25 +0000 (01:16 +0000)]
Rename print_sockaddr() to avoid symbol visibility problems
print_sockaddr is internal to asr, and conflicts with ports/net/samba4.
ok eric@
doug [Sat, 20 Jun 2015 01:09:31 +0000 (01:09 +0000)]
Crank major for libcrypto, ssl and tls due to MDC-2DES removal.
ok miod@ jsing@
doug [Sat, 20 Jun 2015 01:07:24 +0000 (01:07 +0000)]
Remove obsolete MDC-2DES from libcrypto.
ok deraadt@ jsing@ miod@
jca [Fri, 19 Jun 2015 23:54:15 +0000 (23:54 +0000)]
Tweak whitespace and remove dangling, unneeded "else".
No functional change.
jmatthew [Fri, 19 Jun 2015 23:17:59 +0000 (23:17 +0000)]
remove a bit more isp(4), from brad
jmatthew [Fri, 19 Jun 2015 23:07:04 +0000 (23:07 +0000)]
isp(4) man page needs to go too, pointed out by jmc@
uaa [Fri, 19 Jun 2015 20:39:34 +0000 (20:39 +0000)]
Only match devices with a valid configuration.
ok by mpi@
millert [Fri, 19 Jun 2015 18:41:53 +0000 (18:41 +0000)]
Remove needless casts. There's no reason to cast delim to char *
when we can just make spanp const char * to match it. OK deraadt@
deraadt [Fri, 19 Jun 2015 15:57:11 +0000 (15:57 +0000)]
sync
jsing [Fri, 19 Jun 2015 15:06:51 +0000 (15:06 +0000)]
Add missing message digests to function table.
Diff from kinichiro via github.
ok doug@
phessler [Fri, 19 Jun 2015 14:54:12 +0000 (14:54 +0000)]
show the number of (currently) known prefixes and the max-prefix limit,
when we terminate the session.
since we terminate the session as soon as we go above the limit, show
'>' since there may be more that we haven't/won't process.
OK benno@
naddy [Fri, 19 Jun 2015 12:15:38 +0000 (12:15 +0000)]
add 5.9 packages key
jmatthew [Fri, 19 Jun 2015 11:12:24 +0000 (11:12 +0000)]
remove isp(4) now that the ql* family have replaced it
bcook [Fri, 19 Jun 2015 07:18:58 +0000 (07:18 +0000)]
Remove fallback dynamic engine loading support.
Since we no longer have dynamic engines, don't bother falling back to them
if a builtin engine is not found first.
Before:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:
2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
27256010481532:error:
2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic
After:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:
2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
ok doug@
bcook [Fri, 19 Jun 2015 06:32:43 +0000 (06:32 +0000)]
Return the failing engine ID in the error stack.
Noted by doug@ in an earlier revision of the dynamic engine removal patch, but
I had forgotten to include it in the latest version.
bcook [Fri, 19 Jun 2015 06:20:11 +0000 (06:20 +0000)]
Add standard headers, C++ support to tls.h.
This makes using libtls easier to include by including dependent headers,
making something like this work as expected:
#include <iostream>
#include <tls.h>
int main()
{
std::cout << "tls_init: " << tls_init() << "\n";
}
This also makes building a standalone libtls-portable simpler.
ok doug@, jsing@
bcook [Fri, 19 Jun 2015 06:05:11 +0000 (06:05 +0000)]
Disable ENGINE_load_dynamic (dynamic engine support).
We do not build, test or ship any dynamic engines, so we can remove the dynamic
engine loader as well. This leaves a stub initialization function in its place.
ok beck@, reyk@, miod@