openbsd
8 years agoConvert ifq_deq_{begin,rollback,commit} dance to a single ifq_dequeue
mikeb [Thu, 28 Jul 2016 12:08:14 +0000 (12:08 +0000)]
Convert ifq_deq_{begin,rollback,commit} dance to a single ifq_dequeue

8 years agofirmware is the plural;
jmc [Thu, 28 Jul 2016 09:21:01 +0000 (09:21 +0000)]
firmware is the plural;

8 years agoRMD160Update actually takes size_t length
tedu [Thu, 28 Jul 2016 03:52:41 +0000 (03:52 +0000)]
RMD160Update actually takes size_t length

8 years agobetter bounds check on iovcnt (we only ever use fixed, positive values)
djm [Wed, 27 Jul 2016 23:18:12 +0000 (23:18 +0000)]
better bounds check on iovcnt (we only ever use fixed, positive values)

8 years agoGet interrupts going for the Allwinner-R8 chip.
mglocker [Wed, 27 Jul 2016 22:03:52 +0000 (22:03 +0000)]
Get interrupts going for the Allwinner-R8 chip.

ok kettenis@, patrick@

8 years agoRemove a feature to re-use existing early bootstrap mappings. This
patrick [Wed, 27 Jul 2016 21:25:25 +0000 (21:25 +0000)]
Remove a feature to re-use existing early bootstrap mappings. This
allowed you to pass a virtual address, which you received from an
early bootstrap mapping, as physical address to bus_space_map(9).

It breaks bus_space_map(9) for peripherals that are after 0xC0000000,
as it assumes that everything after that address cannot be a real
peripheral.  But that's wrong.  It does not make sense to pass a
virtual address to bus_space_map(9) anyway, so just get rid of this
whole "feature".

ok kettenis@

8 years agoAdd interface to facilitate iterating over gpios.
kettenis [Wed, 27 Jul 2016 21:13:49 +0000 (21:13 +0000)]
Add interface to facilitate iterating over gpios.

ok patrick@

8 years agoimprove comments a bit. ok mlarkin tom
tedu [Wed, 27 Jul 2016 21:13:39 +0000 (21:13 +0000)]
improve comments a bit. ok mlarkin tom

8 years agoWhen pmap_page_remove() is called by UVM, a physical page is to be
patrick [Wed, 27 Jul 2016 21:12:49 +0000 (21:12 +0000)]
When pmap_page_remove() is called by UVM, a physical page is to be
removed from pmaps it currently is in.  To check if a virtual address
pointing to that physical page has been mapped, the code uses
the l2pte_valid() function.  Unfortunately there is a difference
between being valid and the PTE being zero.  If a page is mapped
but has never been accessed, it will be non-zero but invalid.

In that case the PTE for that virtual address will not be zeroed
and the virtual address will be removed from the vm page struct.

The next time someone tries to map a page to that virtual address,
other pmap code will consider the virtual address to be already
mapped, even though that assumption is completely wrong.

To make sure this does not happen, check the PTE for zero.  This way
the PTE will be zeroed correctly.  The check for zero is how other
ARM pmap code also handles this issue.

ok kettenis@ tom@

8 years agoit should not be necessary for yacc to use TMPDIR, /tmp is good enough.
tedu [Wed, 27 Jul 2016 20:53:47 +0000 (20:53 +0000)]
it should not be necessary for yacc to use TMPDIR, /tmp is good enough.
ok beck deraadt guenther

8 years agocorrect syntax for baddynamic example. from Holger Mikolon
tedu [Wed, 27 Jul 2016 20:51:46 +0000 (20:51 +0000)]
correct syntax for baddynamic example. from Holger Mikolon

8 years agoansify mem.c to the latest fashion. with a fix from mike burns. ok deraadt
tedu [Wed, 27 Jul 2016 15:12:36 +0000 (15:12 +0000)]
ansify mem.c to the latest fashion. with a fix from mike burns. ok deraadt

8 years agocheck flags with mask instead of equality, in case we decide to mix
tedu [Wed, 27 Jul 2016 14:48:56 +0000 (14:48 +0000)]
check flags with mask instead of equality, in case we decide to mix
another flag in at some point. ok stefan

8 years agoincrease the size of forkstat fields to accomodate large values
tedu [Wed, 27 Jul 2016 14:44:59 +0000 (14:44 +0000)]
increase the size of forkstat fields to accomodate large values

8 years agodocument the so_upcall option to socreate
phessler [Wed, 27 Jul 2016 13:02:50 +0000 (13:02 +0000)]
document the so_upcall option to socreate

8 years agochecking for firmware works better if I pass thru all options
espie [Wed, 27 Jul 2016 13:02:03 +0000 (13:02 +0000)]
checking for firmware works better if I pass thru all options

8 years agodon't include firmwares in the fuzzy auto-reinstall list
espie [Wed, 27 Jul 2016 12:58:21 +0000 (12:58 +0000)]
don't include firmwares in the fuzzy auto-reinstall list

8 years agohunting around for some sporadic error message. Removing the hash entry
espie [Wed, 27 Jul 2016 12:57:10 +0000 (12:57 +0000)]
hunting around for some sporadic error message. Removing the hash entry
entirely is slightly better.

noticed by sthen@

8 years agoMissing word ("no").
jca [Wed, 27 Jul 2016 12:55:41 +0000 (12:55 +0000)]
Missing word ("no").

8 years agoInstead of passing the raw reg property to simplebus nodes,
patrick [Wed, 27 Jul 2016 11:45:02 +0000 (11:45 +0000)]
Instead of passing the raw reg property to simplebus nodes,
pass a pre-processed array of fdt_reg structs.  This means
that the drivers don't have to understand the cell properties
themselves but can rely on the 64-bit addr/size pairs.

ok kettenis@

8 years agoRemove unnecessary remapping of registers.
visa [Wed, 27 Jul 2016 11:28:40 +0000 (11:28 +0000)]
Remove unnecessary remapping of registers.

ok jasper@

8 years agoAccording to RFC 7231 4.3.7, OPTIONS may have body. "Although this
reyk [Wed, 27 Jul 2016 11:02:41 +0000 (11:02 +0000)]
According to RFC 7231 4.3.7, OPTIONS may have body. "Although this
specification does not define any use for such a payload, future
extensions to HTTP might use the OPTIONS body to make more detailed
queries about the target resource." The future has arrived.

Found and tested by Michael Lechtermann
OK benno@

8 years agoImprove parsing of the Host by following RFC 7230 Section 5.4 more strictly:
reyk [Wed, 27 Jul 2016 06:55:44 +0000 (06:55 +0000)]
Improve parsing of the Host by following RFC 7230 Section 5.4 more strictly:

- Respond with a 400 (Bad Request) if there is more than one Host:
header to prevent ambiguities.

- Make sure that the host in the optional absolute form of
request-target (eg. GET http://www.target.com/ HTTP/1.1) matches the
Host: value.  Proxies are supposed to ignore the Host: value if the
request-target exists, but relayd used to ignore the absolute
request-target form instead.  In HTTP terminology, relayd is a gateway
and not a proxy, but it has to make sure that the host is validated
consistently.

OK benno@ bluhm@

8 years agoafter system resume, re-write backlight level
jcs [Wed, 27 Jul 2016 02:26:26 +0000 (02:26 +0000)]
after system resume, re-write backlight level

8 years agofix signed char extension bugs. from fade@cock.li. ok guenther.
tedu [Wed, 27 Jul 2016 01:52:03 +0000 (01:52 +0000)]
fix signed char extension bugs. from fade@cock.li. ok guenther.
As a personal remark, I'll add that it's not necessary to cast a value
to a function's return type. The compiler is happy to do that for you.
But such casts can hide warnings and bugs.

8 years agozero sizeof a struct not sizeof the pointer to it
jsg [Wed, 27 Jul 2016 01:36:37 +0000 (01:36 +0000)]
zero sizeof a struct not sizeof the pointer to it
ok mikeb@

8 years agoRename struct fdt_memory to fdt_reg to match the member name
patrick [Tue, 26 Jul 2016 22:10:10 +0000 (22:10 +0000)]
Rename struct fdt_memory to fdt_reg to match the member name
used in the fdt attach args and the device tree.

ok kettenis@

8 years agoWrap fpgetround() so internal calls to it (seen on arm, powerpc, and sh)
guenther [Tue, 26 Jul 2016 19:07:09 +0000 (19:07 +0000)]
Wrap fpgetround() so internal calls to it (seen on arm, powerpc, and sh)
go direct instead of through the PLT.

ok millert@ kettenis@

8 years agopool debug dance, part deux
tedu [Tue, 26 Jul 2016 18:27:42 +0000 (18:27 +0000)]
pool debug dance, part deux

8 years agoIn rsu(4), put code that twiddles HT data in the ic under #ifdef notyet.
stsp [Tue, 26 Jul 2016 18:18:04 +0000 (18:18 +0000)]
In rsu(4), put code that twiddles HT data in the ic under #ifdef notyet.
Some code paths in this driver peek at ic_htcaps and act upon it, so let's
play it safe until this driver gets its 11n support enabled on purpose.
Spotted while investigating the bug fixed in r1.35.

8 years agoRemove the restriction that the kernel needs to be loaded at the bottom of
kettenis [Tue, 26 Jul 2016 18:09:07 +0000 (18:09 +0000)]
Remove the restriction that the kernel needs to be loaded at the bottom of
physical memory.  This makes it possible to boot OpenBSD on platforms that
have physical memory start at address 0x00000000 as the EFI bootloader will
only attempt to load kernels at address 0x10000000 and above to work around
a bug in the u-boot EFI API layer.

ok patrick@

8 years agoWelcome to 6.0-current.
kettenis [Tue, 26 Jul 2016 17:57:14 +0000 (17:57 +0000)]
Welcome to 6.0-current.

ok deraadt@

8 years agoUnbreak rsu(4) which was broken since r1.32. Reported by Jake Swensen.
stsp [Tue, 26 Jul 2016 15:37:12 +0000 (15:37 +0000)]
Unbreak rsu(4) which was broken since r1.32. Reported by Jake Swensen.
ok deraadt@

8 years agoFix byteswap errors in rtwn(4) and urtwn(4) introduced by me on June 17.
stsp [Tue, 26 Jul 2016 13:00:28 +0000 (13:00 +0000)]
Fix byteswap errors in rtwn(4) and urtwn(4) introduced by me on June 17.
Repairs urtwn(4) on macppc. Problem reported by juanfra@.
ok millert@ deraadt@

8 years agoMake sure there's space for the PT_OPENBSD_WXNEEDED segment, if requested
guenther [Tue, 26 Jul 2016 02:38:12 +0000 (02:38 +0000)]
Make sure there's space for the PT_OPENBSD_WXNEEDED segment, if requested

problem noted by Juan Francisco Cantero Hurtado (iam (at) juanfra.info)
ok deraadt@

8 years agoadd new mirror in Lithuania to examples/pkg.conf, ok deraadt
sthen [Mon, 25 Jul 2016 22:49:05 +0000 (22:49 +0000)]
add new mirror in Lithuania to examples/pkg.conf, ok deraadt

8 years agodisable tmpfs because it receives zero maintainance.
deraadt [Mon, 25 Jul 2016 19:52:56 +0000 (19:52 +0000)]
disable tmpfs because it receives zero maintainance.

8 years agofix revision 1.290 of sys/netinet/ip_carp.c.
benno [Mon, 25 Jul 2016 16:44:04 +0000 (16:44 +0000)]
fix revision 1.290 of sys/netinet/ip_carp.c.

diff from jsg@
ok deraadt@, benno@

8 years agoFix rarpd hang. The receive buffer of a route socket can become full
visa [Mon, 25 Jul 2016 16:28:06 +0000 (16:28 +0000)]
Fix rarpd hang. The receive buffer of a route socket can become full
while rarpd process is idle. To avoid getting stuck in rtmsg(),
the process has to clear the buffer and retry.

ok benno@ deraadt@ millert@

8 years agoRevert change to density calculation. David Vasek points out this
krw [Mon, 25 Jul 2016 15:30:36 +0000 (15:30 +0000)]
Revert change to density calculation. David Vasek points out this
is a more complicated problem than it appears.

ok deraadt@

8 years agoInitialize the log subsytem in the SE like it is done in the RDE. Without
claudio [Mon, 25 Jul 2016 14:29:28 +0000 (14:29 +0000)]
Initialize the log subsytem in the SE like it is done in the RDE. Without
this all logging is going via stderr to /dev/null which is not helpful.
OK deraadt@ phessler@

8 years agoMake sure closed bpf devices are removed from bpf_d_list to free the
natano [Mon, 25 Jul 2016 13:19:32 +0000 (13:19 +0000)]
Make sure closed bpf devices are removed from bpf_d_list to free the
minor number for reuse by the device cloning code. This fixes a panic
reported by bluhm@.

initial diff from tedu
ok deraadt

8 years agoPatch perl CVE-2016-1238
afresh1 [Mon, 25 Jul 2016 10:53:00 +0000 (10:53 +0000)]
Patch perl CVE-2016-1238

The problem relates to Perl 5 ("perl") loading modules from the
includes directory array ("@INC") in which the last element is the
current directory (".").  That means that, when "perl" wants to
load a module (during first compilation or during lazy loading of
a module in run-time), perl will look for the module in the current
directory at the end, since '.' is the last include directory in
its array of include directories to seek. The issue is with requiring
libraries that are in "." but are not otherwise installed.

The major problem with this behavior is that it unexpectedly puts
a user at risk whenever they execute any Perl scripts from a directory
that is writable by other accounts on the system. For instance, if
a user is logged in as root and changes directory into /tmp or an
account's home directory, it is possible to now run any shell
commands that are written in C, Python or Ruby without fear.

The same isn't true for any shell commands that are written in Perl,
since a significant proportion of Perl scripts will execute code
in the current working directory whenever they are run. For example,
if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm,
and then I log in as root, change directory to /tmp, and run "perldoc
perlrun", it will execute the code they have placed in the file.

ok deraadt@

8 years agoerr() instead of errx(); noted by tim
deraadt [Mon, 25 Jul 2016 02:35:26 +0000 (02:35 +0000)]
err() instead of errx(); noted by tim

8 years agoSplit the root vs not-root cases better with regards to chroot setup.
deraadt [Sun, 24 Jul 2016 22:46:32 +0000 (22:46 +0000)]
Split the root vs not-root cases better with regards to chroot setup.
ok kettenis benno tedu canacar

8 years agobump version
gilles [Sun, 24 Jul 2016 16:04:53 +0000 (16:04 +0000)]
bump version

ok deraadt@

8 years agoopenssh-7.3
djm [Sun, 24 Jul 2016 11:45:36 +0000 (11:45 +0000)]
openssh-7.3

8 years agosync
deraadt [Sun, 24 Jul 2016 02:43:20 +0000 (02:43 +0000)]
sync

8 years agoadd chvgpio.4 overlooked when the file was added
jsg [Sun, 24 Jul 2016 02:03:04 +0000 (02:03 +0000)]
add chvgpio.4 overlooked when the file was added
ok deraadt@

8 years agorework crl2pkcs7; with help from jsing
jmc [Sat, 23 Jul 2016 19:31:35 +0000 (19:31 +0000)]
rework crl2pkcs7; with help from jsing

8 years agono quirks in FwUpdate.
espie [Sat, 23 Jul 2016 18:09:47 +0000 (18:09 +0000)]
no quirks in FwUpdate.

okay theo

8 years agoBack out the automatic pkg.conf installpath changes; because pkg_add has
deraadt [Sat, 23 Jul 2016 17:55:45 +0000 (17:55 +0000)]
Back out the automatic pkg.conf installpath changes; because pkg_add has
an immature heuristic for "what is a release and what is a snapshot".
This change maybe improved the post-release experience, but it damages the
pre-release experience, which may result in less effective pre-release
testing, which risks creating poor releases, which may result in poor
post-release experiences.
Specific case: subtle breakage to fw_update.

8 years agoSome armv7 machines are shipped with linux images that run USB OTG ports
jsg [Sat, 23 Jul 2016 16:22:17 +0000 (16:22 +0000)]
Some armv7 machines are shipped with linux images that run USB OTG ports
in client mode and provide serial access to a getty and networking.

Make it clear that a real serial console that can interact with the
firmware is required.

Suggested by and wording tweaks from ian@

8 years agoBack out the dhclient BPF change. There are DHCP servers out there which
stsp [Sat, 23 Jul 2016 15:53:19 +0000 (15:53 +0000)]
Back out the dhclient BPF change. There are DHCP servers out there which
send frames to the ethernet broadcast address, so this will need some more
thought and it's too late for 6.0.
Problem reported by Holger Mikolon.
ok mpi@

8 years agoPreviously the uarts attached in order, so that the first attached uart
patrick [Sat, 23 Jul 2016 15:02:08 +0000 (15:02 +0000)]
Previously the uarts attached in order, so that the first attached uart
is always the serial console.  With device tree enumeration, this order
is not given anymore.  The serial console might now attach with a
different minor and has to be updated, otherwise there will be no
further output on the serial.  Thus, re-create the i.MX6 console with
the correct minor number on attach.

ok jsg@, kettenis@

8 years agodo the pool debug release dance. ok deraadt
tedu [Sat, 23 Jul 2016 14:52:39 +0000 (14:52 +0000)]
do the pool debug release dance. ok deraadt

8 years agoThe linux kernel treated the "phy-reset-gpio" as active-low regardless of what
kettenis [Sat, 23 Jul 2016 14:39:10 +0000 (14:39 +0000)]
The linux kernel treated the "phy-reset-gpio" as active-low regardless of what
the device tree says.  As a result many device trees encode it as active-high
when active-low is needed.  For now just override the device tree.

ok jsg@, patrick@

8 years agoAt n2k16 David Vasek pointed out that FFS partitions on 4K disks are
krw [Sat, 23 Jul 2016 09:12:33 +0000 (09:12 +0000)]
At n2k16 David Vasek pointed out that FFS partitions on 4K disks are
created with far fewer inodes than DEV_BSIZE devices.

Scale the default 'density' value by (sector size)/DEV_BSIZE to
create the same number of inodes. Obviously a NO-OP on DEV_BSIZE
devices.

Thanks David!

ok deraadt@

8 years agoBefore terminal characteristics are displayed, stty(1) activates
bluhm [Sat, 23 Jul 2016 08:57:18 +0000 (08:57 +0000)]
Before terminal characteristics are displayed, stty(1) activates
pledge(2).  Then the values cannot be modified anymore.  Let stty
error out if the display and modify mode are combined on the command
line to avoid a pledge violation later on.
OK deraadt@

8 years agoFix a few CPUID emulation issues:
mlarkin [Sat, 23 Jul 2016 07:25:29 +0000 (07:25 +0000)]
Fix a few CPUID emulation issues:

Don't advertise a hyperthreaded CPU. This doesn't make a lot of sense now
as we only provide UP guest support. This, combined with the other CPUID
issues fixed, fooled NetBSD's topology enumeration code into thinking we
had an unsupportable core/thread/package configuration.

Also fixed the unsupported CPUID functions by returning 0 in the return
registers instead of leaving whatever trash happened to be there before
the call was made.

8 years agoDump vcpu state on unknown exit type, and add a diagnostic message
mlarkin [Sat, 23 Jul 2016 07:17:21 +0000 (07:17 +0000)]
Dump vcpu state on unknown exit type, and add a diagnostic message
(including vcpu state dump) on failure to enter due to an incorrect
guest state.

Added as a debug facility when diagnosing interruptibility state
problems seen while testing NetBSD guest VMs.

8 years agoEnsure some undesirable entry controls are cleared, instead of relying
mlarkin [Sat, 23 Jul 2016 07:00:39 +0000 (07:00 +0000)]
Ensure some undesirable entry controls are cleared, instead of relying
on the default settings.

Noticed when booting a NetBSD guest VM.

8 years agofix pledge violation with ssh -f; reported by Valentin Kozamernik
djm [Sat, 23 Jul 2016 02:54:08 +0000 (02:54 +0000)]
fix pledge violation with ssh -f; reported by Valentin Kozamernik
ok dtucker@

8 years agohint at the default for XSRCDIR; from tim kuijsten
jmc [Sat, 23 Jul 2016 00:10:15 +0000 (00:10 +0000)]
hint at the default for XSRCDIR; from tim kuijsten
allows us to zap some verbiage from the beginning...

ok deraadt

8 years agoAttach imx(4) on i.mx6 quad plus which appears to be largely compatible
jsg [Fri, 22 Jul 2016 13:40:39 +0000 (13:40 +0000)]
Attach imx(4) on i.mx6 quad plus which appears to be largely compatible
with i.mx6 quad but with more memory bandwidth and some graphics tweaks.

ok kettenis@

8 years agoActually DECLINE and delete unused offers. Don't just say so in a comment.
krw [Fri, 22 Jul 2016 13:23:38 +0000 (13:23 +0000)]
Actually DECLINE and delete unused offers. Don't just say so in a comment.

In situations where >1 offer is received this will eliminate unbounded memory
growth and make us a more polite netizen. In some corner cases it might
prevent reuse of inappropriate older offers.

ok millert@

8 years agoFallback to the known fec irq number on imx.6 if the fdt
jsg [Fri, 22 Jul 2016 13:20:30 +0000 (13:20 +0000)]
Fallback to the known fec irq number on imx.6 if the fdt
interrupts-extended property is missing or not the size we expect.

Some dtbs implement a workaround for "ERR006687 ENET: Only the ENET
wake-up interrupt request can wake the system from Wait mode" suggested
by the IMX6DQCE errata document to set an undocumented gpio mux mode and
handle the interrupt via gpio.

We don't support gpio interrupts yet, hopefully this change is enough
to make interrupts work on wandboard and sabre lite again till we do.

Discussed with kettenis and patrick, tested on sabre lite by patrick.

8 years agoSet the vfs_systcl member of the vsfops struct to eopnotsupp. While we check
kettenis [Fri, 22 Jul 2016 13:11:01 +0000 (13:11 +0000)]
Set the vfs_systcl member of the vsfops struct to eopnotsupp.  While we check
for a null pointer now, all other filesystems fill in the complete table.

ok deraadt@, tom@

8 years agoCreate a smtp transaction context on a session only for the duration of
eric [Fri, 22 Jul 2016 12:12:29 +0000 (12:12 +0000)]
Create a smtp transaction context on a session only for the duration of
that transaction.

ok gilles@

8 years agoRevert in_selectsrc() refactoring, it breaks IPv6.
mpi [Fri, 22 Jul 2016 11:14:41 +0000 (11:14 +0000)]
Revert in_selectsrc() refactoring, it breaks IPv6.

Reported by Heiko on bugs@.

ok stsp@, claudio@

8 years agoCheck for errors when deleting routes inside rtable_walk() and abort
mpi [Fri, 22 Jul 2016 11:03:30 +0000 (11:03 +0000)]
Check for errors when deleting routes inside rtable_walk() and abort
the walk if a route cannot be deleted.

Prevent an infinite recursion reported by Dimitris Papastamos.

ok claudio@

8 years agoPrevent NULL-pointer call for filesystems that don't provide vfs_sysctl
kettenis [Fri, 22 Jul 2016 09:54:09 +0000 (09:54 +0000)]
Prevent NULL-pointer call for filesystems that don't provide vfs_sysctl
in their vfsops.

Issue reported by Tim Newsham.

ok claudio@, natano@

8 years agoadd a regression test
benno [Fri, 22 Jul 2016 09:32:26 +0000 (09:32 +0000)]
add a regression test

8 years ago"wpath" is needed in the parent pledge when using the /dev/switch0 device.
reyk [Fri, 22 Jul 2016 09:31:33 +0000 (09:31 +0000)]
"wpath" is needed in the parent pledge when using the /dev/switch0 device.

8 years agofix some cases where we relay_abort_http() the connection too soon.
benno [Fri, 22 Jul 2016 09:30:36 +0000 (09:30 +0000)]
fix some cases where we relay_abort_http() the connection too soon.
instead, pass a more specific error back and handle the errors in
relay_test() instead.
reported by Arto Jonsson and Hiltjo Posthuma, thanks!
ok bluhm@ reyk@

8 years agoFix generated Perl headers.
reyk [Fri, 22 Jul 2016 09:28:59 +0000 (09:28 +0000)]
Fix generated Perl headers.

With input from bluhm@

8 years agoFix a double rtfree(9) triggered when IPSEC inserts a more specific
mpi [Fri, 22 Jul 2016 07:39:06 +0000 (07:39 +0000)]
Fix a double rtfree(9) triggered when IPSEC inserts a more specific
route because of PMTU.

otto@ reported the issue and helped me tracking it down during more
than one month, he is the man!

mikeb@ figured out the bug was in the forwarding path.

ok mikeb@, deraadt@, claudio@

8 years agoimprove wording; suggested by jmc@
djm [Fri, 22 Jul 2016 07:00:46 +0000 (07:00 +0000)]
improve wording; suggested by jmc@

8 years agoLower loglevel for "Authenticated with partial success" message similar to
dtucker [Fri, 22 Jul 2016 05:46:11 +0000 (05:46 +0000)]
Lower loglevel for "Authenticated with partial success" message similar to
other similar level.  bz#2599, patch from cgallek at gmail.com, ok markus@

8 years agoconstify a few functions' arguments; patch from Jakub Jelen bz#2581
djm [Fri, 22 Jul 2016 03:47:36 +0000 (03:47 +0000)]
constify a few functions' arguments; patch from Jakub Jelen bz#2581

8 years agomove debug("%p", key) to before key is free'd; probable undefined
djm [Fri, 22 Jul 2016 03:39:13 +0000 (03:39 +0000)]
move debug("%p", key) to before key is free'd; probable undefined
behaviour on strict compilers; reported by Jakub Jelen bz#2581

8 years agoreverse the order in which -J/JumpHost proxies are visited to be
djm [Fri, 22 Jul 2016 03:35:11 +0000 (03:35 +0000)]
reverse the order in which -J/JumpHost proxies are visited to be
more intuitive and document

reported by and manpage bits naddy@

8 years agorework DESCRIPTION a little: no-command seems clearer than no-XXX;
jmc [Thu, 21 Jul 2016 18:40:26 +0000 (18:40 +0000)]
rework DESCRIPTION a little: no-command seems clearer than no-XXX;

8 years agorename NOTES to COMMON SYNTAX (explains itself better); rework the
jmc [Thu, 21 Jul 2016 18:33:27 +0000 (18:33 +0000)]
rename NOTES to COMMON SYNTAX (explains itself better); rework the
passphrase section a little; move the DER|PEM stuff in there to help
avoid text repetition, and prefer the lowercase (less keys to press);
adjust ENVIRONMENT to format a little more nicely;

8 years agostrip back openssl crl somewhat: remove the examples
jmc [Thu, 21 Jul 2016 16:34:08 +0000 (16:34 +0000)]
strip back openssl crl somewhat: remove the examples
and move any relevant text into the main body;

8 years agoAdd basic support for OpenFlow 1.3 PACKET_IN+PACKET_OUT,
reyk [Thu, 21 Jul 2016 14:25:36 +0000 (14:25 +0000)]
Add basic support for OpenFlow 1.3 PACKET_IN+PACKET_OUT,
no FLOW_MOD yet.

8 years agozap trailing whitespace;
jmc [Thu, 21 Jul 2016 10:42:49 +0000 (10:42 +0000)]
zap trailing whitespace;

8 years agoRemove a few debugging leftovers
mikeb [Thu, 21 Jul 2016 10:21:00 +0000 (10:21 +0000)]
Remove a few debugging leftovers

8 years agoRemove a fatal() in peer_up when the local addrs of a peer can't be figured out.
claudio [Thu, 21 Jul 2016 10:13:58 +0000 (10:13 +0000)]
Remove a fatal() in peer_up when the local addrs of a peer can't be figured out.
Instead bring the session down and wait for admin help.
OK henning@, benno@, phessler@

8 years agoAdd AF_UNIX support to tcpbench and also make it possible to randomize the
claudio [Thu, 21 Jul 2016 10:11:11 +0000 (10:11 +0000)]
Add AF_UNIX support to tcpbench and also make it possible to randomize the
write size in the client. pledge setup can be made tighter but that will be
done in a second step.
OK benno@, henning@, markus@ and some man page input by jmc@

8 years agoUse explicit idiom when testing the result of strcmp() and strncmp().
krw [Thu, 21 Jul 2016 09:58:55 +0000 (09:58 +0000)]
Use explicit idiom when testing the result of strcmp() and strncmp().
i.e. == 0 and != 0 as appropriate. No intentional functional change.

Suggested by & ok tom@

8 years agolong to uint32_t port
reyk [Thu, 21 Jul 2016 08:40:14 +0000 (08:40 +0000)]
long to uint32_t port

8 years agoWith uint32_t ports, we cannot sneak the port into an int anymore
reyk [Thu, 21 Jul 2016 08:39:23 +0000 (08:39 +0000)]
With uint32_t ports, we cannot sneak the port into an int anymore

8 years agoMake rtwn(4) and urtwn(4) respect the RTS threshold set by net80211.
stsp [Thu, 21 Jul 2016 08:38:33 +0000 (08:38 +0000)]
Make rtwn(4) and urtwn(4) respect the RTS threshold set by net80211.
ok mpi@

8 years agoTurn ofp*_debug functions into ofp*_validate functions to follow a
reyk [Thu, 21 Jul 2016 07:58:44 +0000 (07:58 +0000)]
Turn ofp*_debug functions into ofp*_validate functions to follow a
similar approach like iked: first validate the packet, then parse it,
and execute actions.  debug logging is a side effect of validation.

8 years ago2004 privsep caused "tcpdump -r" to became a priviledged operation because
deraadt [Thu, 21 Jul 2016 07:22:38 +0000 (07:22 +0000)]
2004 privsep caused "tcpdump -r" to became a priviledged operation because
we felt chroot-containment was also necessary for off-line analysis.  Today
use of pledge "stdio" for the packet parser acts as an even better sandbox.
We can therefore silently ignore chroot setup failure, and regain tcpdump -r
support.

Result of a discussion with tedu -- which probably happened because we
became aware of the laughable retarded -Z option in upstream tcpdump.
ok tedu sthen guenther stsp

8 years agoset and clear the 10baseT bit in statchg
jsg [Thu, 21 Jul 2016 02:32:23 +0000 (02:32 +0000)]
set and clear the 10baseT bit in statchg
ok patrick@

8 years agoSkip passwords longer than 1k in length so clients can't easily DoS sshd
dtucker [Thu, 21 Jul 2016 01:39:35 +0000 (01:39 +0000)]
Skip passwords longer than 1k in length so clients can't easily DoS sshd
by sending very long passwords, causing it to spend CPU hashing them.
feedback djm@, ok markus@.

Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org

8 years agofix typos in comments
reyk [Wed, 20 Jul 2016 21:06:09 +0000 (21:06 +0000)]
fix typos in comments

8 years agopledge switchctl
reyk [Wed, 20 Jul 2016 21:04:44 +0000 (21:04 +0000)]
pledge switchctl