IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
29c3eac4 2019-11-27 00:58:59 unifdef: hppa does HAVE_JMPREL and does not have DT_PROCNUM
4411ad54 2019-11-27 00:11:49 armv7 and aarch64 specify GLOB_DAT as having an addend, so treat it exactly like the ABS{32,64} relocation there. noted by and ok kettenis@
89458272 2019-11-26 23:46:18 Add support for TLS 1.3 post handshake messages and key updating. tested against openssl 1.1's server. ok jsing@ tb@
2a103fde 2019-11-26 23:43:10 test FIDO2/U2F key types; ok markus@
a424da88 2019-11-26 23:41:23 add dummy security key middleware based on work by markus@ This will allow us to test U2F/FIDO2 support in OpenSSH without requiring real hardware. ok markus@
0e51d825 2019-11-26 23:38:52 Clean up _dl_md_reloc(): instead of having tables and piles of conditionals that handle a dozen relocation types for each, just have a nice little switch for the four specific relocations that actually occur. Besides being smaller and easier to understand, this fixes the COPY relocation handling to only do one symbol lookup, instead of looking up the symbol and then immediately looking it up again (with the correct flags to find the instance it needs). ok kettenis@
bb907956 2019-11-26 23:04:28 When there is no network around the state timeout fires over and over again. Change the printf into a log and only under IFF_DEBUG to reduce dmesg spam. Loudly requested by beck@ OK deraadt@
c6b77f58 2019-11-26 22:49:01 some corrections to CDPATH; from chohag
bffdb0b7 2019-11-26 22:42:26 tweak previous;
250a5edc 2019-11-26 22:39:04 remove stray Oc;
56ce827e 2019-11-26 20:51:20 Reinitialize 'err' to ensure we are not checking a stale value. Discovered by and ok tim@
ac47be6b 2019-11-26 20:48:03 Don't zero existing values for density, block_count and block_size in scsi_do_mode_sense(). Just update the values when valid data is available. Initialize the variables passed to scsi_do_mode_sense() in the one instance where they weren't already set. Fixes issue with softraid crypto volumes on 4K-sector disks. Found, fix tested, and ok tim@
919b4666 2019-11-26 20:42:35 document that listen on socket can have filters attached original diff from Ryan Kavanagh <rak@debian.org>, slightly rearranged
9d327827 2019-11-26 20:26:22 in mail.lmtp.c, split LMTP connection fd into two FILE * streams diff from fgma on github
4dd3b935 2019-11-26 20:14:38 make implicit "listen on socket" explicit, the default config no longer has any implicit behavior ok eric@, kn@
ad87be15 2019-11-26 19:57:52 Use proper NUL byte not zero with strings No object change OK sashan
572e5ac0 2019-11-26 19:35:13 Improve previous Avoid an extra parameter and set NULL initialised conffile conditionally. From Matthew Martin <phy1729 at gmail dot com>, thanks!
80968ff8 2019-11-26 19:08:01 Several functions expect that bootdev_dip is not NULL and can be dereferenced. But there is no boot disk when EFI bootloader has been received via TFPT. Fake a disk info that never maches a real disk. Fixes a hang in run_loadfile() during HP Elitebook UEFI boot. OK patrick@
f6949e64 2019-11-26 18:50:29 fix kernel crash in pf_ioctl with WITH_PF_LOCK and NET_TASKQ > 1 the problem was introduced with a "mechanical" patch, which replaced all "breaks;" with "PF_UNLOCK(); break;" This is wrong for case of DIOCGETRULESETS. issue analyzed and patch created by Joerg Goltermann <jg@osn.de> OK tb@
6f9573e7 2019-11-26 18:23:48 Fix a panic string that had the wrong function name and an improperly wrapped line. No code change.
4a73082e 2019-11-26 18:21:50 Nuke trailing whitespace that is annoying before changing things in here
63229b9f 2019-11-26 18:19:40 Fix a bunch of lines that had trailing whitespace. No code change.
bc2eeb96 2019-11-26 18:09:15 Fail on nonexistent config file iff -c is given Default /etc/unwind.conf is optional and may be missing, but explicitly specified files should exist. OK florian
9b3d3828 2019-11-26 17:51:33 Prevent divide-by zero in tcpbench(1). Found while testing iwm(4). #0 0x000004c27b9051a9 in udp_process_slice (fd=<optimized out>, event=<optimized out>, v_sc=0x4c55279f500) at /usr/src/usr.bin/tcpbench/tcpbench.c:606 606 pps = (sc->udp_slice_pkts * 1000) / since_last; (gdb) p since_last $1 = 0 ok benno@
8c2c375c 2019-11-26 17:16:19 Fix previous: Don't use an uninitialized variable in iwm_rx_frame().
f8e2c642 2019-11-26 16:14:45 Eliminate some code duplication in iwm(4) 7k/8k vs. 9k Rx code paths. Tested by mlarkin@ on 9560 and myself on 8265. ok mlarkin@
7f0389c5 2019-11-26 15:35:56 Add default # and * binding with vi(1) keys.
4b479330 2019-11-26 15:27:08 timeout(9): switch to tickless backend Rebase the timeout wheel on the system uptime clock. Timeouts are now set to run at or after an absolute time as returned by nanouptime(9). Timeouts are thus "tickless": they expire at a real time on that clock instead of at a particular value of the global "ticks" variable. To facilitate this change the timeout struct's .to_time member becomes a timespec. Hashing timeouts into a bucket on the wheel changes slightly: we build a 32-bit hash with 25 bits of seconds (.tv_sec) and 7 bits of subseconds (.tv_nsec). 7 bits of subseconds means the width of the lowest wheel level is now 2 seconds on all platforms and each bucket in that lowest level corresponds to 1/128 seconds on the uptime clock. These values were chosen to closely align with the current 100hz hardclock(9) typical on almost all of our platforms. At 100hz a bucket is currently ~1/100 seconds wide on the lowest level and the lowest level itself is ~2.56 seconds wide. Not a huge change, but a change nonetheless. Because a bucket no longer corresponds to a single tick more than one bucket may be dumped during an average timeout_hardclock_update() call. On 100hz platforms you now dump ~2 buckets. On 64hz machines (sh) you dump ~4 buckets. On 1024hz machines (alpha) you dump only 1 bucket, but you are doing extra work in softclock() to reschedule timeouts that aren't due yet. To avoid changing current behavior all timeout_add*(9) interfaces convert their timeout interval into ticks, compute an equivalent timespec interval, and then add that interval to the timestamp of the most recent timeout_hardclock_update() call to determine an absolute deadline. So all current timeouts still "use" ticks, but the ticks are faked in the timeout layer. A new interface, timeout_at_ts(9), is introduced here to bypass this backwardly compatible behavior. It will be used in subsequent diffs to add absolute timeout support for userland and to clean up some of the messier parts of kernel timekeeping, especially at the syscall layer. Because timeouts are based against the uptime clock they are subject to NTP adjustment via adjtime(2) and adjfreq(2). Unless you have a crazy adjfreq(2) adjustment set this will not change the expiration behavior of your timeouts. Tons of design feedback from mpi@, visa@, guenther@, and kettenis@. Additional amd64 testing from anton@ and visa@. Octeon testing from visa@. macppc testing from me. Positive feedback from deraadt@, ok visa@
64ad38d2 2019-11-26 10:58:23 Revert previous "honour DEBUG", otherwise clang uses -g resulting in huge objects and it running out of memory in the "building shared LLVM library" stage (at least on i386). building standard LLVM library building shared LLVM library (version 1.0) cc -shared -Wl,-soname,libLLVM.so.1.0 -fpic -o libLLVM.so.1.0 `echo AMDGPUAsmParser.so AMDGPUInstPrinter.so AMDGPUAliasAnalysis.so AMDGPUAlwaysInlinePass.so AMDGPUAnnotateKernelFeatures.so AMDGPUAnnotateUniformValues.so AMDGPUArgumentUsageInfo.so [...snip lots of .so...] ThinLTOBitcodeWriter.so WholeProgramDevirt.so | tr ' ' '\n' | sort -R` -Wl,--start-group -Wl,--end-group LLVM ERROR: out of memory cc: error: unable to execute command: Abort trap cc: error: linker command failed due to signal (use -v to see invocation) ar: libLLVM.a: No space left on device *** Error 1 in gnu/usr.bin/clang/libLLVM (<bsd.lib.mk>:193 'libLLVM.a': @ar cqD libLLVM.a `lorder AMDGPUAsmParser.o AMDGPUIn stPrinter.o AMDG...) *** Error 254 (<bsd.lib.mk>:225 'libLLVM.so.1.0')
8625808f 2019-11-26 09:43:49 kdump reads /etc/protocols to translate proto numbers into names; ok sthen@ gilles@
06ded0c1 2019-11-26 07:50:01 allow using 'auth' as an origin: match from auth [...] will match any authenticated session, disregarding where it comes from
30289eba 2019-11-26 07:37:50 Add support for MSI-X. MSI-X allows establishing a number of interrupt vectors and mapping events (RX on queues, commands, mgmt frames) to those vectors. For now we keep the existing behaviour, establish a single vector and map all events to it. Makes my Intel NUC 8i5BEH 9560 work Tested by jcs@ on a 9560 (w/ MSI-X) Tested by deraadt@ on a 9260 (w/ MSI-X) Tested by phessler@ on a 8260 (w/o MSI-X) ok stsp@
34fd57f9 2019-11-26 07:28:37 whitespaces
b73522d5 2019-11-26 06:23:30 s/sc_arpcom/sc_ac/ to be consistent with other drivers. no functional change
0f0b1c9e 2019-11-26 06:10:20 mail-from and rcpt-to already carry origin and destination, so we can make them a "for" and "from" parameter and allow grammar to express: match from mail-from gilles@openbsd.org for rcpt-to eric@openbsd.org rather than: match from any mail-from gilles@openbsd.org \ for domain openbsd.org rcpt-to eric@openbsd.org [...] ok eric@, jung@, millert@
bf3c3252 2019-11-26 05:39:11 vmm(4): fix pvclock accuracy issues Shift math error discovered by George Koehler. Also, fix the error in tsc multiplier which was correct only if the host timecounter was tsc. ok mlarkin@
f64dc48e 2019-11-26 04:14:13 Add bits to allow lldb to find lldb-server. lldb likes to look at argv[0] to figure out where it might find lldb-server, but when we invoke lldb via $PATH this doesn't work, so fill in some helpers to tell it where to look. ok millert@
e0c20608 2019-11-26 04:03:48 use "sc" as the name of tun_softc variables, not "tp". this makes the driver more like the rest of the tree. no functional change.
584bea6c 2019-11-26 03:04:27 more debugging; behind DEBUG_SK
51a0cd2b 2019-11-26 02:50:11 Make aarch64, amd64, arm, and i386 more like sparc64: move non-lazy relocation from _dl_md_reloc() to _dl_md_reloc_all_plt() which has the minimal code to do it. Also, avoid division on PLTRELSZ; just use it to offset to the end. ok kettenis@
a317344c 2019-11-26 02:20:50 When deciding if a pci device is 'primary' test if the efi fb memory range is contained in a pci bar instead of only testing if the start address of the efi fb is non zero. Corrects a problem reported by Brennan Vincent on a Dell XPS 9575 with amdgpu and inteldrm booted via efi. amdgpu would wrongly decide it was primary on probe and as a result when encountering an unrelated error efifb would reattach when amdgpu detached. When inteldrm would latter attach an assert would trigger as efifb had already claimed the console. ok kettenis@
5f0b500e 2019-11-26 00:36:32 Compute RSSI on 9k iwm(4) devices in the same way we do for previous hardware generations. Fixes spurious > 100% signal strength values. reported by and ok mlarkin@
0eff3f09 2019-11-26 00:26:36 Don't use LOCKPARENT on namei calls for realpath(). We don't require this anymore since we now behave like posix. Fixes a problem where a symlink to / would return ENOTDIR because the parent could not be locked - noticed by Raimo Niskanen <raimo@erlang.org> ok guenther@ deraadt@
a9e0c523 2019-11-26 00:12:50 Do not process 0 size DT_PLTRELSZ sections. Fixes an assert when running lldb with DEBUG. ok patrick@
2e1fffa8 2019-11-25 23:59:57 Honour DEBUG OK mortimer
fb832af5 2019-11-25 22:57:28 gcc3, like clang and unlike our gcc4, doesn't support redirecting builtins like mem{set,cpy,move} or __stack_smash_handler using asm() renaming. So treat gcc3 like clang and mark such functions as protected instead. ok ayoma@
39b935c5 2019-11-25 22:52:13 Honour DEBUG OK claudio dlg
e104123d 2019-11-25 22:38:36 Don't use motion flag uninitialized.
99faff9b 2019-11-25 20:43:32 Fix a warning in previous.
4bd94dea 2019-11-25 20:42:18 Do not clear search marks on cursor movement with vi(1) keys, from Eric Pruitt in GitHub issue 1985.
943f8c8c 2019-11-25 18:10:42 simplify histogram code and cut off at < limit, as the histogram display in unwindctl suggests; ok florian@
b1c28262 2019-11-25 17:48:31 Use scsi_read_cap[10|16] instead of re-rolling the code. More careful initialization, better error/debug messages.
dcacc294 2019-11-25 17:36:48 Signal what happened, not what needs doing. The frontend doesn't know.
85680492 2019-11-25 17:02:56 Move struct scsi_read_cap_data and struct scsi_read_cap_data_16 to scsi_all.h. Add scsi_read_cap_10() and scsi_read_cap_16() functions to scsi_base.c, i.e. move logic to do actual READ_CAPACITY commands out of sd_read_cap() and sd_read_cap_16(). This will allow the READ_CAPACITY code to be reused by cd(4). Return -1 for errors where the error code is just discarded, reducing ENOMEM, ENXIO, EIO uses. No intentional functional change.
a318a7fa 2019-11-25 15:04:15 Add p format modifier for padding to width.
144aa191 2019-11-25 15:02:48 Allow multiple substitutions in a single format.
b1fb3ef7 2019-11-25 14:22:59 document that rules can match specific users or user lists now
7d9f71f9 2019-11-25 14:18:32 store smtp session username in envelope and allow ruleset to match specific users or mailaddr: match auth "gilles@openbsd.org" [...] match auth "@openbsd.org" [...] ok eric@
26016671 2019-11-25 13:30:04 use explicit from notation in default config ok eric@
d2427e03 2019-11-25 12:45:45 Add option for cms test in appstest.sh
5972552d 2019-11-25 12:11:26 use crlf line-ending during the internal smtp session ok gilles@ martijn@
517561b5 2019-11-25 11:33:51 Convert infinite sleeps to tsleep_nsec(9). ok bluhm@, cheloha@
b66625d1 2019-11-25 11:32:17 Convert to tsleep_nsec(9) and use the correct timeout period in msec. Tested by kevlo@, ok stsp@
760ae021 2019-11-25 10:32:35 unbreak tests for recent security key changes
a84762ce 2019-11-25 10:23:36 redundant test
502745c0 2019-11-25 06:53:04 unbreak after security key support landed
d70f2191 2019-11-25 00:57:51 document the "no-touch-required" certificate extension; ok markus, feedback deraadt
093f1094 2019-11-25 00:57:27 Print a key touch reminder when generating a security key. Most keys require a touch to authorize the operation.
40f04aad 2019-11-25 00:55:58 allow "ssh-keygen -x no-touch-required" when generating a security key keypair to request one that does not require a touch for each authentication attempt. The default remains to require touch. feedback deraadt; ok markus@
6e27da75 2019-11-25 00:54:23 add a "no-touch-required" option for authorized_keys and a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus
47ce46c8 2019-11-25 00:52:46 Add a sshd_config PubkeyAuthOptions directive This directive has a single valid option "no-touch-required" that causes sshd to skip checking whether user presence was tested before a security key signature was made (usually by the user touching the key). ok markus@
493ad5b0 2019-11-25 00:51:37 Add new structure for signature options This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
11c8e95a 2019-11-25 00:38:17 memleak in error path
9eb62517 2019-11-24 18:37:23 Only substitute patterns starting with ^ once.
fcf6720f 2019-11-24 14:05:39 revert previous, has not been thought through
fd2fce2e 2019-11-24 11:15:04 Show the build date of the (about to be) fetched snapshot / release. OK phessler, pamela, jung, benno
f7366501 2019-11-24 07:58:00 Add test for cms operations in appstest.sh
1fb52750 2019-11-24 07:56:03 If the RTM_PROPOSAL is a solicitation proposal forward the request to all interfaces. Most handlers will ignore it but at least umb(4) will send a response back. OK florian@
b9417f81 2019-11-24 07:54:30 Add umb_rtrequest() to handle RTM_PROPOSAL events and send back the DNS proposals in that case. Also clear the DNS proposals when the interface is deconfigured (e.g. when going down). OK florian@
5f2f0a5b 2019-11-24 07:50:55 Make it possible to call ether_rtrequest with a NULL rt argument. In that case the function can just return. Part of a larger diff to use the if_rtrequest functions for RTM_PROPOSAL info. OK florian@
978220ac 2019-11-24 02:29:43 correct return type of sign_extend64()
a5f8b6f6 2019-11-23 19:47:04 Move srtdnstosa() static inline function under #ifdef _KERNEL. This way 3rd party software stuck with c90 will still compile. Quick fix since RTM_PROPOSAL will most porbably change later on. Reported by naddy and aja
254679ff 2019-11-23 17:22:10 envy(4): *sleep(9) -> *sleep_nsec(9); ok ratchov@
c3094a8a 2019-11-23 17:10:13 Consistently use ISSET() to check for set flags.
a431dab5 2019-11-23 15:05:21 These dependon related lines fit better a bit further up. No functional change. Suggested and OK claudio@
1b9e05ce 2019-11-23 12:27:32 Consistently use !ISSET() to check for unset flags.
96dd092d 2019-11-23 08:57:52 plug memory leak
ee79b9a7 2019-11-23 08:17:39 On startup withdraw all proposals for all interfaces by sending an empty proposal with if_index 0. It is possible that the set of autoconf interfaces changed between a stop -> start transition and slaacd would never withdraw nameservers for interfaces that had the autoconf flag previously but no longer after the restart.
69c72085 2019-11-23 08:17:10 An if_index of zero signals to remove all previous proposals from a daemon. Soon to be used by slaacd(8) which handles all interfaces but can't know which interfaces had been set to autoconf before a restart.
dacf4336 2019-11-23 01:16:05 Consistently use SET() to set bits.
3d8897e7 2019-11-22 22:45:52 Polish logic talking to unwind. ok florian@
33853511 2019-11-22 20:09:09 Use a table for unbound options; ok florian@
50b44919 2019-11-22 15:59:53 Sync tests with current NetBSD. Enable t_mkfifo test. from Moritz Buhl
64e2b1d6 2019-11-22 15:34:29 Be consistent and always use CLR() to clear flags.
ffec3943 2019-11-22 15:32:42 DNS Proposals are treated as replacements in unwind now. To withdraw a proposal sent an empty list of nameservers. This one is a bit of a hack by me to keep everything in sync for now. A better version from krw is coming soon.
906bb1ca 2019-11-22 15:31:25 Treat DNS proposals as replacement of previous proposals from the same daemon and interface. An empty list is automatically a withdrawl. prodding deraadt@
fdb4a585 2019-11-22 15:30:00 Merge DNS proposals coming from the same interface. That way we no longer need to handle withdraws in unwind. A new proposal from a daemon on an interface is always a replacement. If nameservers expire or an interface goes away we sent an empty list of nameservers. pestering^Wprodding deraadt
7c9774e5 2019-11-22 15:28:05 The DNS proposal list can (soon) be empty to signal a withdraw, relax the size constraint to allow this to pass through the kernel. Looks good to deraadt@
8cd3d8c5 2019-11-22 06:50:30 Wait for FD to be readable or writeable during a nonblocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (eg multiplexers like sslh) but is also slightly quicker for other connections since, unlike ssh1, ssh2 doesn't specify that the client should parse the server banner before sending its own. Patch from mnissler@chromium.org, ok djm@
2919d9e0 2019-11-22 06:31:30 sndiod(8) reopens audio interfaces on SIGHUP, which makes a lot of sense when -F is used. Because of this allow rc.d script to reload sndiod. OK kn ratchov aja