Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 8bc1a323 | 2020-02-07 02:27:37 | Remove backward compatibility for obsolete -H flag. The -H flag was deprecated in 1998. OK jung@ | ||
| 32a20e26 | 2020-02-07 00:57:49 | update to upstream libfido2 780ad3c25 (20120123) install manual pages crank major feedback & ok jmc@ and naddy@ | ||
| 70bdf492 | 2020-02-06 22:48:23 | When using HostkeyAlgorithms to merely append or remove algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the default behaviour of preferring those algorithms that have existing keys in known_hosts; ok markus | ||
| 60da7224 | 2020-02-06 22:46:31 | expand HostkeyAlgorithms prior to config dump, matching other algorithm lists; ok markus@ | ||
| b89bcff9 | 2020-02-06 22:34:58 | Add Include to the list of permitted keywords after a Match keyword. ok markus@ | ||
| 5f47a660 | 2020-02-06 22:30:54 | Replace "security key" with "authenticator" in program messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ | ||
| 4674773e | 2020-02-06 21:06:15 | Try to reduce the lying, hyperbolic or obsolete commentary on the relationships between various scsi structs. | ||
| b3eeebc7 | 2020-02-06 19:41:34 | Make sure that -l always causes -w to be ignored, as documented in the man(1) manual page. This bugfix is needed to prevent the command "man -lw" from dereferencing a NULL pointer. | ||
| cd3edfc4 | 2020-02-06 19:17:54 | Remove pointless intermediate scsi_adapter field of softc by pointing sc_link.adapter at trm_switch directly. | ||
| 7a8c3d64 | 2020-02-06 18:18:51 | Delete unused scsi_adapter fields of softc's. | ||
| b7ca6301 | 2020-02-06 17:35:22 | Re-enable the TLSv1.3 client since the known issues have been addressed. ok tb@ | ||
| 2be83379 | 2020-02-06 17:24:18 | Eliminate use of 'migration aids' #define scsipi_<blah> and just use the real names. | ||
| da308e26 | 2020-02-06 16:05:58 | Add a workaround to make SSL_set_session() work with TLSv1.3. While we do not currently do session resumption, just return the TLS_client_method() or TLS_server_method() when asked for a method that does TLSv1.3. ok tb@ (who also arrived at the same diff) | ||
| 51407a81 | 2020-02-06 15:56:36 | Soooooo much eye-searing trailing whitespace. | ||
| 6f5906fa | 2020-02-06 15:34:29 | So much eye-searing trailing whitespace. | ||
| cb3167a9 | 2020-02-06 15:08:19 | Whitespace tweak. | ||
| 9b437883 | 2020-02-06 13:19:18 | Add support for handling hello retry requests in the TLSv1.3 client. In the case of a hello retry request, we need to replace the client hello with a synthetic handshake message, switch key share to that selected by the server, build and send a new client hello, then process the resulting server hello. ok tb@ | ||
| e0404061 | 2020-02-06 13:14:17 | Correctly handle key share extensions in a hello retry request. In a hello retry request the server will only send the selected group and not actually provide a key exchange. In this case we need to store the server selected group for further processing. ok tb@ | ||
| 41a5d32e | 2020-02-06 05:40:02 | mention cbor fido llvm and llvm-c top level include directories | ||
| 2ee00db3 | 2020-02-06 03:13:45 | Instead of opting in to futexes on archs with atomics opt out on archs without atomics, a smaller list. ok mpi@ visa@ | ||
| ca82ddf5 | 2020-02-05 21:50:41 | Ooops. Missed a file in nuke of scsi_minphys. mpath_minphys() needs to check dev_minphys for NULL before calling it. | ||
| 78e2db9e | 2020-02-05 18:06:42 | Reset the key share so that we do not have an existing peer public key. | ||
| 2d2ee2e9 | 2020-02-05 17:30:30 | Refactor the server hello processing code in the TLSv1.3 client. Use flags to signal the need to switch to the legacy client and to identify a hello retry request. This allows the caller to take appropriate action, rather than trying to do this in the parsing/processing code. Split the key deriviation and record protection engagement code into a separate function, both for readability and reuse. Change handshake states outside of the processing code. ok tb@ | ||
| e0b6964f | 2020-02-05 17:03:13 | Move kernel locking inside knote_fdclose() from finishdup() and fdrelease(). This makes the upper layer of file descriptor closing free of KERNEL_LOCK() when the process does not use kqueue. The kernel locking around fdremove() and knote_fdclose() is no longer needed because kqueue_register() checks if there has been a race with file descriptor close. Moreover, the locking became ineffective against these races when filterops callbacks were allowed to sleep. OK anton@, mpi@ | ||
| 390a99a6 | 2020-02-05 17:01:43 | Remove the hello retry request processing code that was previously added. This got added to the wrong functions (server side, not client) - swap the now unimplemented send/recv functions between client and server. ok tb@ | ||
| 3213f5ab | 2020-02-05 16:47:34 | Provide tls1_transcript_unfreeze() to avoid the need for manual flags mangling. ok tb@ | ||
| 5559e140 | 2020-02-05 16:42:29 | Pull the handshake message transcript code into its own function. This is soon going to be used in the TLSv1.3 client code. ok tb@ | ||
| 21ceeee0 | 2020-02-05 16:29:29 | Nuke unnecessary abstraction 'scsi_minphys()' which just calls 'minphys()'. Just use & check for NULL instead, since 'minphys()' is always called on the code path ([cd|sd|st]minphys) that calls physio(). | ||
| 83739621 | 2020-02-05 16:01:32 | Very old firmware umsm devices don't work as umb(4), so I made them work as umsm(4). But the discrimination in the driver match functions is obviously weak in some way, so skip this for now. We need to figure out how to identify the retrogrades better. | ||
| a0a043be | 2020-02-05 14:51:29 | regen | ||
| ef369ecd | 2020-02-05 14:50:57 | Add some more Apollo Lake PCI IDs. | ||
| c2ed1e85 | 2020-02-05 14:26:26 | Fix confusion between minimum and maximum samples-per-frame. This may fix rare stuttering caused by underruns in case device clock drifts with respect to the bus clock. | ||
| 69b8accd | 2020-02-05 13:06:49 | Make list-keys description clearer in tmux.1 and remove an unused variable. | ||
| f9f64f7b | 2020-02-05 12:35:19 | More precision regarding the openlog(3) *ident argument; direction suggested by Laurence Tratt <laurie at tratt dot net>, part of the wording from deraadt@. While here, add the missing STANDARDS section, correct HISTORY, drop redundant verbiage from RETURN VALUES, and garbage collect .Tn. OK sthen@ jmc@ millert@ and Laurence Tratt, and deraadt@ likes one line of the patch in particular. | ||
| d3462bd9 | 2020-02-05 11:27:06 | regen | ||
| abe3b7ad | 2020-02-05 11:26:52 | Add some more Apollo Lake PCI IDs. | ||
| c244ee1b | 2020-02-05 10:44:25 | Mention AUDIO_MIXER_{DEVINFO,READ,WRITE} in the "audio" section | ||
| 9dc2590b | 2020-02-05 10:40:37 | Allow programs with the "audio" promise to use the AUDIO_MIXER_xxx ioctls. ok semarie, deraadt | ||
| 4d6a222d | 2020-02-05 10:34:01 | regen | ||
| 2777f970 | 2020-02-05 10:33:20 | Add Pericom PI7C9X2G404EL PCIe Packet Switch | ||
| 512ae95b | 2020-02-05 10:21:17 | Detach timeouts and the softint handler before freeing memory. As more and more teardown functions include barriers, or any kind of context change, it is unsafe to continue to assume that such code paths are atomic. So a good practise is to only free descriptor when we're sure that no other context can access them. Found while looking at visa@'s ttkqflush() replacement diff. The same pattern is present in many USB drivers as found with Peter Stuge. ok visa@ | ||
| 273d195e | 2020-02-05 10:19:34 | regen | ||
| 3ad6036a | 2020-02-05 10:19:19 | Add some more Gemini Lake IDs. from James Hastings | ||
| 55e608a4 | 2020-02-05 10:12:38 | Remove dead store, from Amit Kulkarni. | ||
| 371cec60 | 2020-02-05 06:41:46 | Replace atoi with strtonum for stricter and safer integer parsing. -N ndots: 0, INT_MAX The upper limit is a bit silly, everything bigger than a small number will force domain names to be interpretet as relative. -R retries INT_MIN, INT_MAX - 1 Specifically documented to accept negative numbers. -W wait 0, INT_MAX One could interpret the documentation as meaning that it accepts negative numbers but that failes later on with an error message from the timer code.. with deraadt, OK kn, input & OK tedu | ||
| 753de96b | 2020-02-05 06:12:43 | Rework tls13_legacy_handshake_message_{recv,sent}_cb() to use their own CBS as a preparation for upcoming HRR diffs. ok jsing | ||
| 1189ea33 | 2020-02-04 19:42:25 | iterated_hash is unused | ||
| 19783156 | 2020-02-04 19:41:10 | bit.h and events.h are unused. | ||
| 200e61a4 | 2020-02-04 19:40:01 | lwres no longer deals with lists. | ||
| a0dd80fd | 2020-02-04 19:38:54 | Nothing sets DNS_RDATASETATTR_NEGATIVE; remove code dealing with that and then remove ncache.c. | ||
| 8275d75e | 2020-02-04 19:34:39 | dig is not generating DS records. | ||
| 060f58f2 | 2020-02-04 19:33:48 | keydata.c is unused. | ||
| 0e5fb1b4 | 2020-02-04 19:30:01 | soa.c is unused. | ||
| ca6b57ac | 2020-02-04 19:27:45 | We are not going to generate nsec or nsec3 RRsets. | ||
| 7740122f | 2020-02-04 19:24:07 | dig(1) only needs tsig support so we can delete all non-HMAC crypto code. | ||
| fa00c3c6 | 2020-02-04 19:18:57 | isc/stat.h is unused | ||
| 758f105f | 2020-02-04 19:17:58 | just use netdb.h directly | ||
| 6cce272f | 2020-02-04 19:13:02 | Remove unused typedefs that got left behind in previous shreddings from types.h and get rid of offset.h while here by just using off_t in the one place where it's needed. However offset.h brought in limits.h and sys/types.h so sprinkle some includes over the tree to have various _MAX and intX_t defined. | ||
| b91cec24 | 2020-02-04 19:06:54 | Get rid of getopt(3) compat code. | ||
| 217d53ce | 2020-02-04 18:45:07 | Remove a bunch of unused functions who access the filesystem and then get rid of lib/isc/unix/dir.c | ||
| 41446d20 | 2020-02-04 18:42:51 | We are not going to generate sig0 records so we can rip out the sig0key which in turn lets us delete all of dnssec.c | ||
| 8122188b | 2020-02-04 18:41:04 | Use opendir(3) to not depend on lib/isc/unix/dir.c. No change in generated .h files in obj. | ||
| 6ad1781c | 2020-02-04 18:06:53 | unused | ||
| 9b242555 | 2020-02-04 18:06:26 | Add support for TLSv1.3 key shares with secp256r1 and secp384r1 groups. ok inoguchi@ tb@ | ||
| 4ffeaa56 | 2020-02-04 18:02:31 | We are not using aes. | ||
| daaa2dc5 | 2020-02-04 18:00:30 | Free the transcript as soon as we initialise the transcript hash. Unlike TLSv1.2 there is only a single hash in use, hence as soon as we know what the hash is and have initialised the transcript hash, we can free the transcript buffers. ok inoguchi@ tb@ | ||
| 74ec555c | 2020-02-04 11:02:16 | Remove unused files. | ||
| bc099f5f | 2020-02-04 10:59:23 | Refactoring to prepare multi-queues support, no intended behavior change: - Abstract the allocation/freeing of TX/RX ring into em_dma_malloc(). This will ease the introduction of multiple rings. - Split the 82576 variant out of 82575. The distinction is necessary when it comes to setting multiple queues. - Change multiple TX/RX related macro to take an index argument corresponding to a ring. Currently only the index 0 and 1 are used. - Gather and print more stats counters - Switch to using a function, like FreeBSD, to translate 82542 registers and get rid of a set of defines. Tested by many, thanks! ok mlarkin@, jmatthew@ | ||
| 1159b649 | 2020-02-04 10:56:15 | Replace msleep(9) by sleep_setup/setup_signal/finish() dance. This handrolled cond_wait() dealing with signals prevents a lock ordering problem when executing probes inside the scheduler code. That means we stop relying on a mutex for synchronisation and instead rely on the sleep_* internals, currently the SCHED_LOCK(). From kettenis@ | ||
| 5d6a987f | 2020-02-04 10:09:37 | allow reading of sysctl kern.somaxconn in "inet", due to operational behaviour of "go" which is not unreasonable from Jimmy Brush | ||
| 67d0e46d | 2020-02-04 09:58:04 | require FIDO application strings to start with "ssh:"; ok markus@ | ||
| 57e95379 | 2020-02-04 04:09:11 | Replace TAILQ concatenation loop with TAILQ_CONCAT OK florian@, bluhm@, visa@ | ||
| afd4461c | 2020-02-04 01:01:09 | Enable rge(4). Tested on rockpro64. ok sthen@ | ||
| 067cc469 | 2020-02-03 23:47:57 | revert enabling UpdateHostKeys by default - there are still corner cases we need to address; ok markus | ||
| 7f62056d | 2020-02-03 22:33:04 | 1. To avoid confusion, when showing a function definition, call it a definition rather than a declaration, even though every definition is of course also a declaration. 2. Prototype functions used from other files in include files; stop restricting that advice to kernel code. 3. Drop some duplicate content. OK jca@ | ||
| 2d8fd64b | 2020-02-03 15:53:52 | ORCPT addresses are prefixed with an address type, the stricter check cause the prefix to be rejected as it contains a character not allowed in address reported by Scott Vanderbilt | ||
| 68213f7b | 2020-02-03 15:41:22 | now that mail.local(8) relies on lockspool(1) for mailbox locking, have the mailbox created by smtpd for mbox before privileges are dropped then we can call mail.local(8) with the recipient privileges. ok millert@ | ||
| fe77834b | 2020-02-03 13:46:27 | Instead of passing titles through vis() which doubles backslashes, just ignore any containing control characters or invalid UTF-8. GitHub issue 2070. | ||
| 214ef3be | 2020-02-03 08:15:37 | use better markup for challenge and write-attestation, and rejig the challenge text a little; ok djm | ||
| c711e483 | 2020-02-02 23:17:09 | Allow mail.local to be run as non-root. If mail.local is invoked by a non-root user, open a pipe to lockspool(1) for file locking. It is only possible to delivery to a pre-existing mail spool when running mail.local as non-root. OK gilles@ deraadt@ | ||
| 43304138 | 2020-02-02 22:13:48 | add SENDER to mda environment and teach lmtp to use that instead of command line parameter. this allows simplifying lmtp command line and it would have prevented the unpriv command exec for LMTP in recent advisory. ok millert@ and jung@ | ||
| aae2f867 | 2020-02-02 21:01:53 | Since OpenBSD has switched to the strict host model, this regress needs IP forwarding enabled on the packet source machine. Otherwise the pf reply-to test fails. | ||
| 79e9e8a1 | 2020-02-02 20:33:52 | Tweak dhclient(8) timing defaults depending on SMALL rather than using /dev/stdin to fake a dhclient.conf file during install. Simplifies and shortens install.sub code. Allows further restrictions to be applied to '-c' specified files. | ||
| 4ae13c99 | 2020-02-02 20:18:17 | Add missing new line to printf. Make clean should not require SUDO. | ||
| 0c8b720f | 2020-02-02 18:55:46 | Reapply post-svc-sled in a repaired fashion. The SYS_sigreturn-related sigcoderet label must point directly after the svc instruction, because the sigreturn() checks it as SROP mitigation, so place the sled after the label. tested by naddy | ||
| 78ec4541 | 2020-02-02 18:01:39 | Back out previous "insert two nop instructions after svc instructions for SYS_exit and SYS_sigreturn in the sigtramp"; init has trouble spawning processes. | ||
| 6aa1eb2d | 2020-02-02 09:45:34 | Output (none) in debug in the case in the CheckHostIP=no case as suggested by markus@ | ||
| adb494d5 | 2020-02-02 09:22:22 | Prevent possible null pointer deref of ip_str in debug. | ||
| 5fe3eeb1 | 2020-02-02 07:36:50 | shuffle the challenge keyword to keep the -O list sorted; | ||
| b1517c8e | 2020-02-02 05:25:41 | Drop 'mixer' variable whose value is not used. It was introduced by mistake in r1.39. | ||
| c76634e5 | 2020-02-02 05:21:15 | Rename {print,parse}_val() functions to {print,parse}_field() No object change. | ||
| c88ab7ef | 2020-02-02 03:08:37 | stop worrying about compilers that do not support ANSI C89; OK deraadt@ millert@ jung@ jca@ | ||
| c9bcb21b | 2020-02-02 00:49:06 | Fix MD in "ldomctl dump" Commit below merged duplicate code into hv_config() but forgot to call the helper function from dump(). Noticed by "ldomctl dump" returning zero, dumping both MD and PRI but leaving the former empty, sorry. revision 1.32 date: 2020/01/03 19:45:51; author: kn; state: Exp; lines: +69 -46; Move code into new hv_config(), defer to commands needing it | ||
| 884a0a9f | 2020-02-01 23:09:46 | Also insert two nop instructions after svc instructions for SYS_exit and SYS_sigreturn in the sigtramp. As these control-flow into a jump or process termination, we never do the +8 dance over the instructions, however the speculation prevention (once these nops are replaced with a speculation barrier) is required. oversight noticed by Anthony Steinhauser. | ||
| 7cd70a91 | 2020-02-01 18:07:49 | Rename print_names flag to show_names. Avoids confusion with print_xxx routines; no object change. | ||
| ae1c1eb9 | 2020-02-01 18:06:19 | Move commands processing into it's own routine. Makes the code more readable and easier to tweak; no bahavior change. | ||
| 52cbe529 | 2020-02-01 15:52:34 | Back out previous. Nothing wrong with the diff per se but I should have asked for more oks; my bad! | ||
| 18b9798e | 2020-02-01 15:33:46 | be much stricter about ORCPT, it isn't in the code path of local delivery and doesn't have an associated context variable, but let's be paranoid. ok millert@ | ||
| fec696e8 | 2020-02-01 15:06:21 | Grab the kernel lock in pgsigio() as it's strictly needed while operating on the process structure and issuing signals. This is similar to what sigio_setown() already does. With this in place, the pipe subsystem is no longer required to grab the kernel lock before calling pgsigio(). ok visa@ | ||
| f2fecb5e | 2020-02-01 15:00:20 | Use -rdomain to reset rdomain Properly reflect the "delete" semantic; better than the implicit "reassign". OK jca |