openbsd
6 years agosync
deraadt [Fri, 10 Aug 2018 20:27:18 +0000 (20:27 +0000)]
sync

6 years agocrank to 6.4-beta
deraadt [Fri, 10 Aug 2018 20:27:01 +0000 (20:27 +0000)]
crank to 6.4-beta

6 years agoSimplify server key exchange signature verification.
jsing [Fri, 10 Aug 2018 17:52:35 +0000 (17:52 +0000)]
Simplify server key exchange signature verification.

Everything can go through the EVP_Verify* code path.

ok inoguchi@ tb@

6 years agoSimplify server kex exchange signature generation.
jsing [Fri, 10 Aug 2018 17:44:16 +0000 (17:44 +0000)]
Simplify server kex exchange signature generation.

Everything can go through the single EVP_Sign* code path.

ok inoguchi@ tb@

6 years agoAdd glue to EVP_md5_sha1() so that it can be used with EVP_Sign* and
jsing [Fri, 10 Aug 2018 17:30:29 +0000 (17:30 +0000)]
Add glue to EVP_md5_sha1() so that it can be used with EVP_Sign* and
EVP_Verify*.

ok tb@

6 years agoAdd missing include to X25519 synopsis.
jsing [Fri, 10 Aug 2018 17:28:48 +0000 (17:28 +0000)]
Add missing include to X25519 synopsis.

6 years agoIn typical swiss-army style, various modes and options cause
deraadt [Fri, 10 Aug 2018 17:15:22 +0000 (17:15 +0000)]
In typical swiss-army style, various modes and options cause
different unveils.  Joint work with beck and florian.
Let us know if you hit any corner cases.

6 years agodelete volatile intended to silence whiny old compilers around vfork.
deraadt [Fri, 10 Aug 2018 17:03:26 +0000 (17:03 +0000)]
delete volatile intended to silence whiny old compilers around vfork.
This variable is only used in the parent context so there is no issue.
ok kettenis

6 years agoBump boot loader versions for softraid passphrase handling change.
jsing [Fri, 10 Aug 2018 16:43:54 +0000 (16:43 +0000)]
Bump boot loader versions for softraid passphrase handling change.

6 years agoRetry on incorrect passphrase for softraid crypto boot.
jsing [Fri, 10 Aug 2018 16:41:35 +0000 (16:41 +0000)]
Retry on incorrect passphrase for softraid crypto boot.

Historically, the softraid crypto support in the boot loaders has only
given one attempt to provide the correct passphrase. There were a
few reasons for this, including the fact that pkcs5_pbkdf2() allows an
empty passphrase and that returning EPERM allowed for another attempt.

With the event of KARL and the need for bsd.booted with hibernate resumption,
this becomes much more of an issue - if you get the passphrase wrong you
fail to resume. There are also other situations like using /etc/boot.conf
to switch serial console, but an incorrect passphrase results in the config
not being read. Also, bcrypt_pbkdf() does not permit empty passphrases.

This reworks the softraid crypto support in the boot loaders so that it
loops requesting a valid passphrase until one is provided, or an empty
passphrase is entered (at which point it will abort).

ok mortimer@ tb@

6 years agoRun the wycheproof ECDSA test vectors against libcrypto.
jsing [Fri, 10 Aug 2018 16:22:58 +0000 (16:22 +0000)]
Run the wycheproof ECDSA test vectors against libcrypto.

Skip the ecdsa_webcrypto_test.json vectors for the time being, as these
likely need some extra glue.

6 years agoRun the X25519 wycheproof test vectors against libcrypto.
jsing [Fri, 10 Aug 2018 16:18:55 +0000 (16:18 +0000)]
Run the X25519 wycheproof test vectors against libcrypto.

6 years agoRework regress so that it is easier to add additional test types.
jsing [Fri, 10 Aug 2018 16:14:40 +0000 (16:14 +0000)]
Rework regress so that it is easier to add additional test types.

6 years agoUse a table rather than a switch when converting strings to NIDs.
jsing [Fri, 10 Aug 2018 16:12:19 +0000 (16:12 +0000)]
Use a table rather than a switch when converting strings to NIDs.

This will make it easier to extend.

6 years agoAdd a regress test that checks file descriptor allocation across fork.
jsing [Fri, 10 Aug 2018 15:58:16 +0000 (15:58 +0000)]
Add a regress test that checks file descriptor allocation across fork.

In particular, this checks the behaviour of kqueue fds being closed and
reallocated across a fork.

6 years agoUpdate fd_freefile when filtering/closing kqueue descriptors in fdcopy().
jsing [Fri, 10 Aug 2018 15:53:49 +0000 (15:53 +0000)]
Update fd_freefile when filtering/closing kqueue descriptors in fdcopy().

Prior to r1.153 of kern_descrip.c, the kqueue descriptors were removed
using fdremove(), which reset fd_freefile as appropriate. The new code
simply avoids adding the descriptor to the new table, however this means
that fd_freefile can be left with an incorrect value, resulting in a file
descriptor allocation "hole". Restore the previous behavour by lowering
fd_freefile as appropriate when dropping descriptors.

Issue found via golang regress tests.

ok deraadt@ mpi@ visa@

6 years agoAnother place where we should handle AS_SET better. aspath_lenmatch()
claudio [Fri, 10 Aug 2018 11:15:53 +0000 (11:15 +0000)]
Another place where we should handle AS_SET better. aspath_lenmatch()
should count through AS_SET boundaries, in other words the path
1 2 3 { 4 3 5 } 3 3 7 has an as-seq count of 4, before it was just 2.
OK benno@

6 years agoMake the AS_SET handling for source-as even simpler. It is enough to only
claudio [Fri, 10 Aug 2018 11:13:01 +0000 (11:13 +0000)]
Make the AS_SET handling for source-as even simpler. It is enough to only
extract the rightmost AS of a segment if the segment is not an AS_SET.
Then if we hit the final segment as will contain the last aggregator AS.
This fixes a possible issue with a path like 1 2 3 { 4 5 } { 6 7 } which
should match for source-as 3.
OK benno@

6 years agoZap bits in host_v4(), use mask parameter
kn [Fri, 10 Aug 2018 09:54:06 +0000 (09:54 +0000)]
Zap bits in host_v4(), use mask parameter

This avoids a duplicate strrchr() call and makes the function consistent
with host_v6() regarding mask handling.

While here, use the destination's size in memcpy instead of hardcoding its
type.

OK sashan

6 years agoImplement the roff(7) .nop (no operation) request.
schwarze [Fri, 10 Aug 2018 04:41:21 +0000 (04:41 +0000)]
Implement the roff(7) .nop (no operation) request.
Examples of manual pages (ab)using it
include groff(7), chem(1), groff_mom(7), and groff_hdtbl(7).

6 years agoThe script that cooks up PuTTY format host keys does not understand
dtucker [Fri, 10 Aug 2018 01:35:49 +0000 (01:35 +0000)]
The script that cooks up PuTTY format host keys does not understand
the new key format so convert back to old format to create the PuTTY
key and remove it once done.

6 years agoimprove
djm [Fri, 10 Aug 2018 00:44:01 +0000 (00:44 +0000)]
improve

6 years agoDescribe pubkey format, prompted by bz#2853
djm [Fri, 10 Aug 2018 00:42:29 +0000 (00:42 +0000)]
Describe pubkey format, prompted by bz#2853

While I'm here, describe and link to the remaining local PROTOCOL.*
docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and
PROTOCOL.mux)

6 years agofix numbering
djm [Fri, 10 Aug 2018 00:27:15 +0000 (00:27 +0000)]
fix numbering

6 years agoImprove handling of source-as when an AS_SET is rightmost. In that case
claudio [Thu, 9 Aug 2018 21:12:33 +0000 (21:12 +0000)]
Improve handling of source-as when an AS_SET is rightmost. In that case
use the rightmost AS from the previous AS path segment. As suggested in
rfc6472. Also fix a long standing bug of AS 42 >< 4242 matching 43 - 4241
instead of 1-41 and 4243 and upwards. Last but not least pass the filter_as
struct to as_compare since that will make it easier to implement as-sets.
OK benno@, OK job@ on a previous version

6 years agoDrop support for guessing an old-style class A, B, or C netmask from
schwarze [Thu, 9 Aug 2018 19:48:44 +0000 (19:48 +0000)]
Drop support for guessing an old-style class A, B, or C netmask from
a bare dot-notation IP address by counting trailing zero octets.
Instead, assume -host when neither -net nor -netmask nor -prefixlen is
given.  Error out when -net is requested but no netmask is specified.
This removes the last use of the IN_CLASS* macros from this program.
OK claudio@ kn@, and many agreed with the general direction during g2k18.

6 years agoThe game is playable without the need to access any files therefore we can
mestre [Thu, 9 Aug 2018 17:51:22 +0000 (17:51 +0000)]
The game is playable without the need to access any files therefore we can
effectively disable all fs access by dropping "rpath wpath cpath" from
pledge(2) right at the beginning of the program.

"looks right" tb@

6 years agoIf somebody asks "man 3 chmod",
schwarze [Thu, 9 Aug 2018 17:23:21 +0000 (17:23 +0000)]
If somebody asks "man 3 chmod",
don't respond with the lie: "No entry for chmod in the manual."
Instead, say "No entry for chmod in section 3 of the manual."
Came up after a question from kn@; OK kn@.

6 years agoRemove redundant "kq == kn->kn_kq" checks. The lists kq_knhash and
visa [Thu, 9 Aug 2018 15:02:45 +0000 (15:02 +0000)]
Remove redundant "kq == kn->kn_kq" checks. The lists kq_knhash and
kq_knlist are dedicated to a single kqueue instance, which makes
the filtering by kn_kq unnecessary.

OK kettenis@, mpi@

6 years agoHook up the rasops text emulation functions so we only write out
patrick [Thu, 9 Aug 2018 14:43:17 +0000 (14:43 +0000)]
Hook up the rasops text emulation functions so we only write out
the characters that changed, and only when they change.  This
replaces writing out the whole framebuffer every 100ms with a
partial update mechanism.  Now the system stays responsive and
does not slow down anymore due to the periodic update.

6 years agocorrect sizeof to use correct buffer, rather than another buffer (which
deraadt [Thu, 9 Aug 2018 14:30:28 +0000 (14:30 +0000)]
correct sizeof to use correct buffer, rather than another buffer (which
was the same size)

6 years agoImplement out-of-band interrupt support in the bwfm(4) SDIO backend.
patrick [Thu, 9 Aug 2018 14:23:50 +0000 (14:23 +0000)]
Implement out-of-band interrupt support in the bwfm(4) SDIO backend.

6 years agoMake imxesdhc(4) pass per-function cookies to the SD/MMC bus.
patrick [Thu, 9 Aug 2018 13:53:30 +0000 (13:53 +0000)]
Make imxesdhc(4) pass per-function cookies to the SD/MMC bus.

ok kettenis@

6 years agoAllow passing per-function cookies through the SD/MMC bus to SDIO
patrick [Thu, 9 Aug 2018 13:52:36 +0000 (13:52 +0000)]
Allow passing per-function cookies through the SD/MMC bus to SDIO
devices.  This allows SDIO device drivers to read information from
the ACPI or FDT tables.

ok kettenis@

6 years agoCorrect the bitmask that returns the function count. We missed a bit
patrick [Thu, 9 Aug 2018 13:50:15 +0000 (13:50 +0000)]
Correct the bitmask that returns the function count.  We missed a bit
and thus only supported 4 functions instead of 8.

ok kettenis@

6 years agoWhile softreconfig is running set the poll timeout to 0 so that the
claudio [Thu, 9 Aug 2018 12:54:06 +0000 (12:54 +0000)]
While softreconfig is running set the poll timeout to 0 so that the
runner makes progress and does not get hold back by poll sleeping at
the same time fds are still serviced first if they have data pending.

6 years agoSynopsys Designeware PCIe IP isn't 100% ECAM compliant. It doesn't handle
kettenis [Thu, 9 Aug 2018 12:25:38 +0000 (12:25 +0000)]
Synopsys Designeware PCIe IP isn't 100% ECAM compliant.  It doesn't handle
type 0 configuration requests correctly which results in devices on bus 0
appearing multiple times.  Fix this by adding a quirk and match the
appropriate compatible string.

ok jsg@, patrick@

6 years agoMake two very internal functions static. They are used to merge an
claudio [Thu, 9 Aug 2018 12:21:03 +0000 (12:21 +0000)]
Make two very internal functions static. They are used to merge an
AS_PATH with a AS4_PATH and are therefor fairly special.

6 years agoDefine __HAVE_ACPI on arm64 and __HAVE_FDT on arm64, armv7 and octeon
patrick [Thu, 9 Aug 2018 12:19:32 +0000 (12:19 +0000)]
Define __HAVE_ACPI on arm64 and __HAVE_FDT on arm64, armv7 and octeon
so that we can include firmware-dependant code in generic drivers to be
able to extract metadata information like MAC addresses and out-of-band
interrupts from the ACPI/FDT tables.

ok kettenis@

6 years agoWhoops, didn't mean to commit this.
nicm [Thu, 9 Aug 2018 09:54:22 +0000 (09:54 +0000)]
Whoops, didn't mean to commit this.

6 years agoBump the UTF-8 character array up to 18 to allow for more combining
nicm [Thu, 9 Aug 2018 09:53:44 +0000 (09:53 +0000)]
Bump the UTF-8 character array up to 18 to allow for more combining
characters (some languages use up to five). This size doesn't make as
much difference now that UTF-8 goes into an extended cell. GitHub issue
1430.

6 years agoregen
kettenis [Thu, 9 Aug 2018 09:03:54 +0000 (09:03 +0000)]
regen

6 years agoASMedia ASM1184e PCIe switch.
kettenis [Thu, 9 Aug 2018 09:03:12 +0000 (09:03 +0000)]
ASMedia ASM1184e PCIe switch.

6 years agoCurrently, attempting to move an immovable lo(4) to a new rdomain will fail
akoshibe [Thu, 9 Aug 2018 03:35:19 +0000 (03:35 +0000)]
Currently, attempting to move an immovable lo(4) to a new rdomain will fail
with an EPERM, but the target rdomain will still be created.

Move the check for an lo(4)'s if_index/if_rdomain to before the creation of a
nonexisting target routing table.

ok benno@ claudio@ mpi@

6 years agoRemove the port id check entirely. We don't do anything with the port
jmatthew [Thu, 9 Aug 2018 01:41:48 +0000 (01:41 +0000)]
Remove the port id check entirely.  We don't do anything with the port
id after that, so it seems like a silly reason to reject a target.

ok dlg@ deraadt@

6 years agolockspool only plays with files in _PATH_MAILDIR, so unveil that path.
deraadt [Wed, 8 Aug 2018 22:59:33 +0000 (22:59 +0000)]
lockspool only plays with files in _PATH_MAILDIR, so unveil that path.

6 years agomestre and I can find no reason why the pledge has "unix". Disable
deraadt [Wed, 8 Aug 2018 22:57:12 +0000 (22:57 +0000)]
mestre and I can find no reason why the pledge has "unix".  Disable
that and start listening for failure reports.

6 years agontpd unveils the cert.pem "r" file (which is passed-over-socket to the
deraadt [Wed, 8 Aug 2018 22:56:42 +0000 (22:56 +0000)]
ntpd unveils the cert.pem "r" file (which is passed-over-socket to the
constraints process), and /usr/sbin/ntpd "x" to perform fork+exec operations.

6 years agopledge with "unveil" at the top, so that the various modes can unveil
deraadt [Wed, 8 Aug 2018 22:55:14 +0000 (22:55 +0000)]
pledge with "unveil" at the top, so that the various modes can unveil
the files they inspect a little later.

6 years agoUse unveil(2) in the helper process to disallow access to other files
ratchov [Wed, 8 Aug 2018 22:31:43 +0000 (22:31 +0000)]
Use unveil(2) in the helper process to disallow access to other files
than the devices specified with -f and -q options.

ok deraadt@

6 years agoSupport DMA coherent devices that attach to mainbus(4) as well.
kettenis [Wed, 8 Aug 2018 20:57:53 +0000 (20:57 +0000)]
Support DMA coherent devices that attach to mainbus(4) as well.

ok patrick@

6 years agoFix the ITLinesNumber mask and bump the number of supprted redistributors
kettenis [Wed, 8 Aug 2018 20:56:49 +0000 (20:56 +0000)]
Fix the ITLinesNumber mask and bump the number of supprted redistributors
up to 24.

ok patrick@

6 years agoadd unveil(2) to ctfconv(1)
mestre [Wed, 8 Aug 2018 20:15:17 +0000 (20:15 +0000)]
add unveil(2) to ctfconv(1)

Once we know what the input file is, usually /bsd.gdb, we can unveil it in read
mode. If we also define as argument an output file we can additionally unveil
that one with write/create permissions.

We don't need to care about calling unveil(NULL, NULL) since we can call
pledge(2) and reduce the permissions down the road depending on the code path.

"reads OK" jasper@, "put it in if works" mpi@
prodded by deraadt@

6 years agoadd unveil(2) to mixerctl(1)
mestre [Wed, 8 Aug 2018 19:35:47 +0000 (19:35 +0000)]
add unveil(2) to mixerctl(1)

after we know what is the mixer device to be used, either through MIXERDEVICE
env var, the argument passed or by default /dev/mixer then we can unveil it in
read/write mode, then if opening fails we reduce unveil to only read mode.

Once open(2) succeeds then we can disable fs access by calling unveil(NULL, NULL)
since all further operations occur on fds.

A cleaner solution would be to just call pledge("audio") after open(2) but
currently the ioctls used are not whitelisted in pledge(2), ratchov@ will
investigate a better way to do this

OK ratchov@

6 years agoSome unsigned long to unsigned int cleanup from recent ber (type) changes.
rob [Wed, 8 Aug 2018 18:50:38 +0000 (18:50 +0000)]
Some unsigned long to unsigned int cleanup from recent ber (type) changes.

ok claudio@

6 years agoUnveil the special files needed for reading AML tables, and the
deraadt [Wed, 8 Aug 2018 18:46:04 +0000 (18:46 +0000)]
Unveil the special files needed for reading AML tables, and the
directory for placement.  We can only protect the directory case,
since the file_prefix+sig+id case is too large to enumerate.

6 years agoAfter authentication is complete, unveil login.conf "r" (to discover
deraadt [Wed, 8 Aug 2018 18:32:51 +0000 (18:32 +0000)]
After authentication is complete, unveil login.conf "r" (to discover
login tweaks), and walk the path (would could be $PATH, or not) adding
an unveil "x" to each possible executable which execvpe() could later
be tried by execvpe.
It would be great if we could do some unveil before authentication, but
I failed to determine all the possibilities.
Some problem reports by bluhm, tb, florian, and others during development
In snaps for about 3 weeks.
ok florian

6 years agotypo: macro-generates wrappers -> macro-generated wrappers
tb [Wed, 8 Aug 2018 18:21:02 +0000 (18:21 +0000)]
typo: macro-generates wrappers -> macro-generated wrappers

6 years agoAn early pledge takes away many risk factors during spool opening/parsing.
deraadt [Wed, 8 Aug 2018 17:52:46 +0000 (17:52 +0000)]
An early pledge takes away many risk factors during spool opening/parsing.
This is worthwhile keeping, so add "unveil" to defer unveil(2) calls.
After various special cases are handled (including files which are anywhere
in the filesystem), unveil() to the specific file only.

6 years agoIn netproc process, unveil to only expose the CA file.
deraadt [Wed, 8 Aug 2018 17:47:44 +0000 (17:47 +0000)]
In netproc process, unveil to only expose the CA file.
ok florian

6 years agoifconfig cannot be pledged because of its overwhelming amount of
florian [Wed, 8 Aug 2018 17:26:52 +0000 (17:26 +0000)]
ifconfig cannot be pledged because of its overwhelming amount of
used ioctls. Furthermore due to the way the command line parser is
written it is difficult to apply the traditional first initialize then
pledge pattern.

unveil(2) gives us a different approach:
By veiling everything with unveil("/", "") and then locking down
unveil with unveil(NULL, NULL) we remove all filesystem access from
ifconfig kind of like giving a regular user a chroot without any
files.

OK deraadt

6 years agotabs are ok at start of line, but internally space seperation is the norm
deraadt [Wed, 8 Aug 2018 15:30:29 +0000 (15:30 +0000)]
tabs are ok at start of line, but internally space seperation is the norm

6 years agounveil dev.db "r" for devname(), /dev "r", and in the non-sysctl case
deraadt [Wed, 8 Aug 2018 14:38:31 +0000 (14:38 +0000)]
unveil dev.db "r" for devname(), /dev "r", and in the non-sysctl case
some kernel memory/symbol files.

6 years agoIn the early pledge, add "unveil" to permit changes a little later on.
deraadt [Wed, 8 Aug 2018 14:35:38 +0000 (14:35 +0000)]
In the early pledge, add "unveil" to permit changes a little later on.
If kernel variables are being watched unveil /dev/mem, /dev/kmem, and
/dev/ksyms.  If testing AF_UNIX, unveil that patch.  The next pledge
removes "unveil", then tcpbench is largely filesystem restricted.

6 years agoEven though we strongly discourage escaping hyphens in manual pages
schwarze [Wed, 8 Aug 2018 14:29:42 +0000 (14:29 +0000)]
Even though we strongly discourage escaping hyphens in manual pages
in general, when introducing the *typographic* term "hyphen",
actually display a real hyphen in output modes supporting it.

6 years agoMove struct wire_largecommunity to rde_attr.c since it is only used internally
claudio [Wed, 8 Aug 2018 14:29:05 +0000 (14:29 +0000)]
Move struct wire_largecommunity to rde_attr.c since it is only used internally

6 years agoFix possible division by zero caused by bogus usb descriptors. From
ratchov [Wed, 8 Aug 2018 14:25:50 +0000 (14:25 +0000)]
Fix possible division by zero caused by bogus usb descriptors. From
Michael W. Bombardieri. Thanks.

6 years agoReorder the text in the "Dashes and Hyphens" subsection to keep the
schwarze [Wed, 8 Aug 2018 14:15:21 +0000 (14:15 +0000)]
Reorder the text in the "Dashes and Hyphens" subsection to keep the
simplest and most important instructions together and at the
beginning.  No text change.
Suggested by jmc@.

6 years agoClarify the confusing "(text)" annotation in the character lists.
schwarze [Wed, 8 Aug 2018 14:03:17 +0000 (14:03 +0000)]
Clarify the confusing "(text)" annotation in the character lists.
In some cases, it meant "render as an ASCII character in output
modes that have a notion of codepoints" (e.g. UTF-8, HTML); in other
cases, "render in the text font in output modes that also provide
a special font for mathematical symbols" (e.g. PostScript, PDF).
Also explicitly annotate the escape sequences that use a special
font if available.
OK bentley@

6 years agoAfter years of deliberation, finally provide a clear recommendation
schwarze [Wed, 8 Aug 2018 13:53:55 +0000 (13:53 +0000)]
After years of deliberation, finally provide a clear recommendation
for hyphens and minus signs in manual pages.
Since there is consensus that a typographically perfect solution is
impossible, let's KISS - just write "-", don't bother with "\-", all
currently relevant manual page formatters can handle "-" reasonably.
OK jmc@ bentley@

6 years agoMerge getcommunity() and getlargecommunity() into one function that
claudio [Wed, 8 Aug 2018 13:52:30 +0000 (13:52 +0000)]
Merge getcommunity() and getlargecommunity() into one function that
takes a flag if it is large or not. Makes code more reusable.

6 years agoMake the (non-)transitive handling of ext communities a bit more obvious.
claudio [Wed, 8 Aug 2018 13:49:20 +0000 (13:49 +0000)]
Make the (non-)transitive handling of ext communities a bit more obvious.

6 years agosync
deraadt [Wed, 8 Aug 2018 13:46:44 +0000 (13:46 +0000)]
sync

6 years agoOne ; too much
claudio [Wed, 8 Aug 2018 13:32:36 +0000 (13:32 +0000)]
One ; too much

6 years agoUpdate the RIB after a config reload in the background. This moves the
claudio [Wed, 8 Aug 2018 13:08:54 +0000 (13:08 +0000)]
Update the RIB after a config reload in the background. This moves the
heavy bits into the background and so the RDE is able to process new
messages more or less instantly after a configuration reload.
Not all cases are covered yet but the bulk is.
While the backgorund process is running no new config can be loaded.
Tested by and OK benno@

6 years agoImplement IRQ masking and unmasking in imxgpio(4).
patrick [Wed, 8 Aug 2018 11:06:47 +0000 (11:06 +0000)]
Implement IRQ masking and unmasking in imxgpio(4).

6 years agoExtend the FDT interrupt API to support masking and unmasking IRQs.
patrick [Wed, 8 Aug 2018 11:06:33 +0000 (11:06 +0000)]
Extend the FDT interrupt API to support masking and unmasking IRQs.

Discussed with kettenis@

6 years agoregen
kevlo [Wed, 8 Aug 2018 09:17:45 +0000 (09:17 +0000)]
regen

6 years agoFix Realtek product name from RT8188 to RTL8188CE
kevlo [Wed, 8 Aug 2018 09:16:57 +0000 (09:16 +0000)]
Fix Realtek product name from RT8188 to RTL8188CE

ok stsp@

6 years agor1.19 removed a bunch of code, but not enough, and left dead code around.
kn [Wed, 8 Aug 2018 08:42:49 +0000 (08:42 +0000)]
r1.19 removed a bunch of code, but not enough, and left dead code around.

From Miod Vallat, "Go ahead" kettenis

6 years agohide rib[] internals in new rib_valid() function
benno [Wed, 8 Aug 2018 06:54:50 +0000 (06:54 +0000)]
hide rib[] internals in new rib_valid() function
ok claudio@

6 years agoRecognise 'Speculative Store Bypass Disable' support cpuid bit.
jsg [Wed, 8 Aug 2018 05:07:46 +0000 (05:07 +0000)]
Recognise 'Speculative Store Bypass Disable' support cpuid bit.
Documented in 'Speculative Execution Side Channel Mitigations'
revision 2.0.

6 years agoUse new private key format by default. This format is suported by
djm [Wed, 8 Aug 2018 01:16:01 +0000 (01:16 +0000)]
Use new private key format by default. This format is suported by
OpenSSH >= 6.5 (released January 2014), so it should be supported by
most OpenSSH versions in active use.

It is possible to convert new-format private keys to the older
format using "ssh-keygen -f /path/key -pm PEM".

ok deraadt dtucker

6 years agoUnveil is used at tail of initialization to allow "r" of /tftpboot
deraadt [Tue, 7 Aug 2018 18:39:56 +0000 (18:39 +0000)]
Unveil is used at tail of initialization to allow "r" of /tftpboot
(that decides whether rarpd should reply), and /etc/ethers "r" for
debug reporting.

6 years agoUnveil fits nicely into the syslogd privsep model. Unveiled files
deraadt [Tue, 7 Aug 2018 18:36:49 +0000 (18:36 +0000)]
Unveil fits nicely into the syslogd privsep model.  Unveiled files
include config file "r", utmp "r", /dev "rw", /bin/sh "x" for running
piped commands, and the syslogd binary "x" itself for HUP re-exec upon
config loads with changes.  Also unveiled in the privsep process are
the specific log files being written to.

If a config file reload changes no files, the existing privsep process
keeps running with unveil's to the relevant files (therefore it can
cope with newsyslogd taking files away).  If a new config file is loaded
which changes the output files, the privsep process is restarted with
fork+exec, and installs new unveils as needed.  The safety we gain from
unveil is that we've pigeonholed the privsep file-writer to exactly the
files required.

Help from bluhm for some edge cases.

6 years agounveil can be used to restrict access to utmp and /dev
deraadt [Tue, 7 Aug 2018 18:28:05 +0000 (18:28 +0000)]
unveil can be used to restrict access to utmp and /dev

6 years agoIgnore basic MCS set information found in association responses.
stsp [Tue, 7 Aug 2018 18:13:14 +0000 (18:13 +0000)]
Ignore basic MCS set information found in association responses.

Some APs (Aruba 105) send a bogus basic MCS set in assoc responses
which prevents us from enabling 11n support with those APs, while
these APs still behave as if were were an 11n client which renders
the association unusable.

The basic MSC set is already provided in beacons anyway, and the
802.11 2012 standard says the basic MSC set is reserved in frames
other than beacons (see Table 8-130).

ok mpi@

6 years agoUNVEIL_* flags defined elsewhere in a .h file
deraadt [Tue, 7 Aug 2018 15:07:54 +0000 (15:07 +0000)]
UNVEIL_* flags defined elsewhere in a .h file

6 years agoPost-g2k18 fix: unbreak the optional vmd-internal vmboot loader.
reyk [Tue, 7 Aug 2018 14:49:05 +0000 (14:49 +0000)]
Post-g2k18 fix: unbreak the optional vmd-internal vmboot loader.

The new vm_checkaccess() call didn't account for the vmboot case.

OK ccardenas@ mikeb@

6 years agoFix dangling knote references.
visa [Tue, 7 Aug 2018 12:38:15 +0000 (12:38 +0000)]
Fix dangling knote references.

kqueue_close() does not take into account that the kqueue instance may
have queued knotes. This can cause a use-after-free if new knotes are
enqueued on the kqueue as a result of file closing.

Correct the error by dequeueing each knote before freeing it.
Since r1.93 of kern_event.c, each kqueue instance has its knotes
in nonshared lists kq_knhash and kq_knlist, so kqueue_close() does
not have to skip other kqueues' knotes any longer. The code can be
simplified by using knote_remove() for clearing the knote lists.
The function uses knote_drop() which takes care of knote dequeueing.

Found and initial analysis by anton@
OK anton@, mpi@

6 years agoFix paste error in "no read access to" debug message, tweak messages.
reyk [Tue, 7 Aug 2018 11:28:29 +0000 (11:28 +0000)]
Fix paste error in "no read access to" debug message, tweak messages.

Found by mikeb@

6 years agoSimilar to the ldpd.conf change don't use a macro of the secret.
claudio [Tue, 7 Aug 2018 07:06:20 +0000 (07:06 +0000)]
Similar to the ldpd.conf change don't use a macro of the secret.
Macros get sometimes logged so we should not encurage to use them for
sensitive data.

6 years agoMake it possible to build a MULTIPROCESSOR kernel on armv7. While this
kettenis [Mon, 6 Aug 2018 18:39:13 +0000 (18:39 +0000)]
Make it possible to build a MULTIPROCESSOR kernel on armv7.  While this
doesn't actually spin up any secondary CPUs, it does run.  Mostly a cleanup
of <machine/cpu.h> along the lines of what I did earlier on arm64.  Makes
armv7 use the MI mplock implementation and implements copyin32.

ok patrick@

6 years agospace required between macro args and punctuation;
jmc [Mon, 6 Aug 2018 18:26:29 +0000 (18:26 +0000)]
space required between macro args and punctuation;

6 years agoReflect reality.
espie [Mon, 6 Aug 2018 18:20:47 +0000 (18:20 +0000)]
Reflect reality.
The infrastructure no longer uses -Dunsigned, but TRUSTED_PKG_PATH,
which narrows the source of unsigned package to a single place, and
thus is less hazardous.

6 years agoreplace the current log options
benno [Mon, 6 Aug 2018 17:31:31 +0000 (17:31 +0000)]
replace the current log options

 log updates|all

with

 log state changes
 log host checks
 log connection [errors]

The first two control the logging of host check results: either changes in host state only or
all checks.

The third option controls logging of connections in relay mode:
Either log all connections, or only errors.

Additionaly, errors will be logged with LOG_WARN and good connections
will be logged with LOG_INFO, so they can be differentiated in syslog.

ok and feedback from claudio@

6 years agoCorrect example file since reserved words cannot be used as macros. Not only
mestre [Mon, 6 Aug 2018 17:26:31 +0000 (17:26 +0000)]
Correct example file since reserved words cannot be used as macros. Not only
that, the macro used was password and if we changed it to something like
pass="secret" it would log it if the daemon was ran in verbose mode.

Hint and OK claudio@

6 years agoChange manpage example for reserved words since the macro used is to replace
mestre [Mon, 6 Aug 2018 17:25:11 +0000 (17:25 +0000)]
Change manpage example for reserved words since the macro used is to replace
a password and that way it would log it when the daemon is ran in verbose mode.

Hint and OK claudio@

6 years agoValidate the prefix sent in a network delete call before trying to delete
claudio [Mon, 6 Aug 2018 15:59:01 +0000 (15:59 +0000)]
Validate the prefix sent in a  network delete call before trying to delete
it. We should not trust this input too much as found by Pierre Emeriaud.
OK benno@

6 years agoFix debug message in ieee80211_auth_open(): s/reason/status/
stsp [Mon, 6 Aug 2018 14:28:13 +0000 (14:28 +0000)]
Fix debug message in ieee80211_auth_open(): s/reason/status/
Status codes and reason codes are separate things listed in distinct tables.
This debug message made me look at the wrong table and scratch my head.