IABSD.fr/src/usr.sbin

Branch :


Log

Author Commit Date CI Message
c1a524bc 2020-08-09 14:35:31 Some times ago we disabled in-kernel timeout for pppx(4) related pipex(4) sessions. We did this for prevent use after free issue caused by pipex_timer(). By default "idle-timeout" is not set in npppd.conf(5) and I guess this is reason for we forgot to describe this exception in npppd.conf(5). Since it's pppx(4) related bug description was added to BUGS section of pppx(4) man page. npppd.conf(5) has this exception described in "idle-timeout" section. ok jmc@ yasuoka@
a395eaf7 2020-08-08 13:39:57 Greatly simplify snmpe_parsevarbinds. except for some minor changes in the handling of snmp_intotal{req,set}vars no functional changes intended. OK jan@
42858fb0 2020-08-07 14:04:59 Do not hardcode the key length.
442ef12c 2020-08-05 13:56:06 Get the default values for font height and width in wsfontload(8) using the WSDISPLAYIO_GETSCREENTYPE ioctl. This ensures that they always match the currently loaded font metrics. Previously, wsfontload(8) hardcoded the default height and width values for the font to be loaded as 12x22 when using framebuffer consoles, and as 8x16 when in text mode. The 12x22 value wasn't correct in case we felt back to the smaller 8x16 font for screen widths smaller than 960px, and wasn't valid anymore since we replaced Gallant 12x22 by Spleen 12x24 on all architectures but sparc64. OK jcs@, mpi@
f41f8039 2020-08-03 11:05:24 remove unused functions from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@
b19a8c1e 2020-08-03 10:59:53 remove another tautology from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@
46b94b0c 2020-08-03 10:58:38 remove unused assignment from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@
6ab3e2c7 2020-08-03 10:57:21 remove tautological condition from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@
d8e56de2 2020-08-03 10:55:58 remove dead assignments from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@
a1610264 2020-07-31 09:57:38 Replace warnc() with warnx() + strerror() since the first is less portable. Should hopefully fix an issue seen by Robert Scheck OK deraadt@
8e304376 2020-07-30 21:06:19 Remove the unused function canonicalize_host(), it was copied from relayd. Found by Ross L Richardson, Thanks.
d818f5be 2020-07-28 13:52:18 -Separate out the adding of trust anchors into a separate function than what is used for adding other certificates. -Don't call X509_verify on trust anchors for no reason. -Add basic checks for TA certificate (subject can parse, cert is not expired) -Add some useful error reporting if the TA cert we fetched is no good. ok claudio@
3d81c3df 2020-07-28 07:35:04 One tiny step towards adding RRDP support in rpki-client. Extract the notify URL from the cert if it is available and pass it back to the parent process. The parent process can then use this info to load the repo via RRDP instead of rsync. OK benno@ (some long time ago)
f929d3af 2020-07-27 14:29:45 Fix return value check for openssl API. Do not return success if pkey is NULL. Feedback and ok cladio@ ok patrick@, tb@
8ae2ff80 2020-07-25 21:12:49 remove unsused enum key_type, copied initialy from relays. found by Ross L Richardson, thanks! ok deraadt@
735d7ac9 2020-07-25 15:45:44 Add a EXIT STATUS section "no objection" ajacoutot@
d60dd69d 2020-07-25 12:14:16 More DESC -> DESCR; spotted by espie@
11680267 2020-07-25 12:08:17 tyop: DESC -> DESCR ok landry@ robert@
a0b034c4 2020-07-24 16:40:47 fix sentence grammar in AUTHORS;
f5b217e8 2020-07-24 16:33:42 make it a bit clearer that -p is a path to a package repository, not just a regular file path; patient explanation (neccessary) and eventual ok espie
97f343bd 2020-07-23 14:34:55 Fix strlcpy() usage. The size argument should be the full size of the buffer, not the number of bytes to copy. The strlcpy() return value should be checked to verify that truncation did not occur. OK florian@
ac5517e4 2020-07-23 13:54:07 Update to 4.3.2.
29688a32 2020-07-22 15:33:49 sensorsd(8) reported an unveil failure due to chdir / . Call chdir(2) before unveil(2). Use absolute config path after chdir, also necessary for SIGHUP. /etc/sensorsd.conf.db must be unveiled, cgetent(3) tries to open it. OK beck@
d160f728 2020-07-22 05:06:38 force long-names on msdos filenames, so that folk can see pretty names later. ok kettenis gkoehler
5157c9d7 2020-07-21 01:09:03 Avoid integer underflow due to tiny snaplen For DLT_NULL and DLT_LOOP interfaces, print-null.c passes `caplen - NULL_HDRLEN' as length to default_print() which takes an unsigned integer, hence if caplen is smaller than the header itself (four octets), this difference wraps around. Exit early in such cases and print the expected truncation marker "[|null]" instead. Feedback OK dlg
b2f1acdf 2020-07-20 14:09:24 Add a new column to wsfontload -l output, to report the number of characters contained in a loaded font. It's especially useful with user loaded fonts as they can contain more than 256 characters. OK sthen@
bea29582 2020-07-20 02:24:24 Remove unused variable "caplen" No object change.
86850af8 2020-07-19 15:23:08 Should use ufs_args here after all. While here, make messages more correct.
a1ee4d86 2020-07-18 16:42:00 use correct structure for mounting, duh ok visa kettenis
45126b27 2020-07-18 15:28:38 Create grub.cfg file as required ok kettenis
dee18dcc 2020-07-18 14:08:07 set -/+o pipefail around the magic loop in ls_missing() so that we can properly error out if ftp(1) or tar(1) fails; this happened to swarte@ a few months (something to do with /home on NFS without -maproot IIRC). Check that the signature file is at least 3 lines long (meaning that it contains at least 1 syspatch) before entering the magic loop otherwise `grep -q' will abort the script due to pipefail. While here, revove a useless use of sort(1).
c25120af 2020-07-17 08:03:56 Add powerpc64 support; straight copy from octeon. ok deraadt@
e44adad9 2020-07-15 22:46:51 powerpc64 has the sysctl's for power control, so it can use the apmd/apm combo for -L/-H and such. (it gets all the rest of the mess too) ok kettenis
1a802015 2020-07-15 14:47:41 Remove unused variables
9c84395d 2020-07-11 14:52:14 Implement linear and power-of-two histograms: hist() and lhist() keywords. This is built on top of maps which are currently built on top of RB-trees. Improvements are welcome! For example the use of a hashing table as pointed by espie@. The following one-liner produce an histogram of power-of-two values returned by the read(2) syscall: btrace 'syscall:read:return { @bytes = hist(retval); }' ^C @bytes: [0] 19 |@@@@@@@@@@@@@@@@@@@@@@@@@@ | [1] 26 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | [1, 2) 1 |@ | [2, 4) 13 |@@@@@@@@@@@@@@@@@@ | [4, 8) 4 |@@@@@ | [8, 16) 3 |@@@@ | [16, 32) 1 |@ | [32, 64) 8 |@@@@@@@@@@@ | [64, 128) 14 |@@@@@@@@@@@@@@@@@@@ | [128, 256) 7 |@@@@@@@@@ | [256, 512) 37 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@| [512, 1K) 1 |@ | [1K, 2K) 10 |@@@@@@@@@@@@@@ | [2K, 4K) 11 |@@@@@@@@@@@@@@@ | [8K, 16K) 1 |@ |
512df21d 2020-07-04 18:30:46 Our old ksh(1) bug where eval()uating a || compound list would terminate the shell has been fixed by benno@; remove workaround. ok naddy@
474af46f 2020-07-04 14:08:27 Small XXX.
405649c2 2020-07-04 10:16:15 Print the correct register for syscall return value. While here make it possible to store syscall return values in maps.
e9c69d2b 2020-07-03 17:58:09 Increment line number when skipping multi-line comments.
0994484c 2020-07-01 16:41:43 Allow hrStorageSize and hrStorageUsed to cope with sizes larger then INT32_MAX by increasing the hrStorageAllocationUnits value until they fit. Original patch from Johan Huldtgren (johan+openbsd-tech <at> huldtgren <dot> com) OK sthen@
0cad9ced 2020-07-01 13:00:51 Remove control socket reference
05f78f28 2020-07-01 06:47:18 Remove references to snmpd(8) now that agentx support has been removed. Prodded by and OK jmc@
62153df3 2020-06-30 17:11:49 Remove agentx and control socket support. snmpctl has been removed two releases ago, which makes the control interface obsolete. agentx support has always been quirky at best, but got completely broken with the BER_MAX_OID_LEN increase in ber.h. This change resulted in the oid length on the snmp side being left uninitialized because of size difference, resulting in weird behaviour. No one reported the breakage, even after 6.7 was released. This change requires users to remove the socket keyword from their snmpd.conf. OK denis@
0d0fa0ed 2020-06-30 16:59:38 Allow relayd to compile without reaching back into snmpd directory for agentx header. OK denis@
91da860a 2020-06-30 12:52:44 Remove -f (force) option. The -f option existed for some initial debugging work. Thanks Weerd for review OK claudio@
1f4256da 2020-06-29 18:25:26 Fix "init-system" with multiple PCIe root complexes Contrary to other (single CPU) machines, the Oracle SPARC T4-2 machines come with two CPUs/two PCIe root complexes instead of one. ldomctl already accounts for this and interates over them but lacked a skip condition when iterating over subdevices to avoid linking devices in one complex to those in another. This fixes a NULL dereference in "init-system" on T4-2 machines and makes it produce working machine descriptions (.md files). Testing and confirmation on a T4-1 that single PCIe root complex machines still produce identical MDs with this from tracey, thanks! Reminded by a report on bugs@ from Kokuma who also confirmed this fix on their T4-2.
ae0acb23 2020-06-29 17:58:58 Reject vdisk, vnet and iodevice parameters for primary domain In analogy to guest domains requiring vcpu, memory and at least one bootable device (vdisk, vnet or iodevice), the primary domain must not be configured with vdisk, vnet or iodevice parameters; it does not make sense to provide virtual disks or interfaces to it and PCIe devices not assigned to guest domains automatically end up in the primary domain. ldom.conf(5) also documents those explicitly for guest domains only. OK tracey
83fd2a22 2020-06-29 15:34:07 Build on powerpc64.
3bf4b771 2020-06-28 19:11:53 Fix build error ok tb
08fd0ce3 2020-06-28 16:52:45 vmd(8): Eliminate libevent state corruption libevent functions for com, pic and rtc are now only called on event_thread. vcpu exit handlers send messages on a dev pipe and callbacks on these events do the event management (event_add, evtimer_add, etc). Previously, libevent state was mutated by two threads, event_thread, that runs all the callbacks and the vcpu thread when running exit handlers. This could have lead to libevent state corruption. Patch from Dave Voutila <dave@sisu.io> ok claudio@ tested by abieber@ and brynet@
e1715668 2020-06-28 15:25:22 obviously powerpc64 will want pcidump
a284d5af 2020-06-27 15:35:27 convert macppc, octeon, and loongson to use MI installboot, removing special case scripting in install.md. (macppc still requires manual steps for HFS bootmode) tested by krw, visa, gkoehler
dbf2cc62 2020-06-27 07:24:42 Replace TAILQ concatenation loop with TAILQ_CONCAT OK claudio@
61b37dc2 2020-06-26 19:06:52 Replace SIMPLEQ concatenation loop with SIMPLEQ_CONCAT OK florian@, millert@, kn@
a12804d6 2020-06-26 19:04:38 Replace SIMPLEQ concatenation loop with SIMPLEQ_CONCAT OK florian@, millert@, kn@
4bf8a5d4 2020-06-26 19:00:08 Replace SIMPLEQ concatenation loops with SIMPLEQ_CONCAT As a result *ra_rdnss and *ra_dnssl are not used any more, and can be removed. While here remove spurious space. OK florian@, millert@
74f3d152 2020-06-24 14:39:21 Stop using rsync --delete when syncing up with the CA repos. Instead use the files referenced in the manifests to build up a list of files to keep and remove anything that is not in the list after doing the full computation. OK job@ benno@
bf448d9d 2020-06-24 07:20:47 Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation. This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf. tested by abieber. inoguchi agrees with the direction. ok beck
7e30acb4 2020-06-22 18:18:20 Remove unused variable
b0e92afd 2020-06-22 15:09:34 On my previous commit I made the wrong assumption that the control socket was being unlink(2)ed from the main proc so I removed "cpath" from the pledge(2) on the ldpe proc but actually the socket was unlink(2)ed from here, this means the daemon would crash on exit due to pledge(2) not having "cpath" permissions anymore. Finish the job by just not deleting the socket at all during control_cleanup(), which keeps the control program still working without issues but more importantly prevents the crash during exit, sorry about that. Crash reported by wlund at iki.fi OK deraadt@ claudio@ remi@
89643495 2020-06-22 13:21:29 add missing .Pp
2579caaf 2020-06-22 13:14:47 Fix "the symbol HZ is undefined" yacc warning OK mpi
b4cf6692 2020-06-22 09:28:04 Install npppd.conf(5) with mode 0600 instead of 0640. npppd.conf(5) can store radius passwords and nothing requires it to be group readable. ok yasuoka@
b4844efe 2020-06-22 06:11:34 When the main process exits, it closes the pipe so a read 0 occurs. Move log level to debug for that case and while there correct the string, we're reding, not writing.
4b96984b 2020-06-22 05:54:26 a first cut at requesting and parsing vpd info. reading vpd stuff is useful when you're trying to get support information about a pci device, eg, if you want a serial number, or firmware versions, or specific part name or number, it's likely available via vpd. also, im sick of having the diff in my tree. this relies on the new PCIOCGETVPD ioctl i just committed to the kernel. it's a very quick and dirty implementation, hopefully someone will pick it up and polish it a bit. tested by hrvoje popovski on a variety of cards ok jmatthew@
3862707a 2020-06-21 20:36:07 vmd(8): fix ns8250 lockup due to race condition Inject a pending interrupt even if the rcv_pending flag is set to avoid the endless EV_READ loop where a byte lingers read to be read but the vcpu never gets the interrupt to read it. (e.g. the result of spamming RETURN via the serial console) Also, protect com ratelimit handler with mutexes to avoid corruption of the device state. These changes help preventing linux vm crashes when the return key is held on boot. Discovered by and patch from Dave Voutila <dave@sisu.io> ok tb@
2338d7fc 2020-06-21 07:14:17 Add RCS marker
03d04743 2020-06-21 05:00:17 wire the wireguard packet printer into tcpdump. from Matt Dunwoodie and Jason A. Donenfeld
22b46301 2020-06-21 04:58:52 don't claim packets as wg if there's not enough captured bytes to read.
7e0f8616 2020-06-21 04:54:59 cope with a truncated capture of a packet. this avoids reading invalid mem.
96cf6233 2020-06-21 04:45:33 add a printer for wireguard messages, but not hooked up just yet. from Matt Dunwoodie and Jason A. Donenfeld
fb49df2d 2020-06-18 10:26:53 Apply rules to the number of events returned by the last read(2). Fix a corner case where old events could be re-evaluated. From Yuichiro NAITO.
0ba256e3 2020-06-17 16:29:02 We are no longer using the "keep" file as a flag. Pointed out by Martin Vahlensieck, thanks!
d1d2907d 2020-06-16 08:46:03 vmd(8): backout previous commit to ns8250.c as it reintroduced the bug where the vm would get stuck if disconnected from console and get unstuck once console is attached. Spotted by tb@
234862b9 2020-06-16 06:23:51 vmd(8): fix ns8250 lockup due to race condition Inject pending interrupt if com has receive pending. This was previously accidently checked in with an unrelated change by Mike Larkin and was backed out as it didn't fix the intended problem. Also, protect com ratelimit handler with mutexes to avoid corruption of the device state. These changes help preventing linux vm crashes when the return key is held on boot. Discovered by and patch from Dave Voutila <dave@sisu.io>
123a8328 2020-06-13 07:03:13 remove the reference to tun(4), as suggested by kaya saman, and advised by dlg;
452410f5 2020-06-10 17:44:44 Cast imsg->data to char pointer to silence GCC warning warning: format '%s' expects type 'char *', but argument 2 has type 'void *' Seen on sparc64. OK tobhe
17fabd8f 2020-06-09 20:16:12 Show a message while pkg_add updates the font cache. This occurs at the end of an install and can take quite a while if you have certain fonts installed. Before this change the cursor was left at an empty line. tweak/ok espie@
da8a8f6b 2020-06-09 06:35:17 set TLS SNI when relaying to host ok beck@ "looks reasonable" millert@
eda8c420 2020-06-09 02:39:27 Prepare buffer for both receive and transmit side so that a client can use them separately. Actually a version of CISCO does and expects the peer does the same. Also fix some typos.
9de342e3 2020-06-08 19:17:12 Provide clear errors when trying to install oversized boot loader sparc64 installboot(8) on softraid(4) with too large files, e.g. unstripped builds, fails poorly with "installboot: softraid installboot failed". This is due to the BIOCINSTALLBOOT ioctl(2) returing the default EINVAL rather than using softraid's sr_error() interface properly; additionally, installboot does not check for such message from the bio(4) layer. Make the kernel generate "boot block too large" and "boot loader too large" messages for softraid devices and have installboot act upon them analogous to bioctl(8), by adapting its bio_status() into the new sr_status() helper. Input, reminder to look at bioctl, same kernel diff from, OK jsing
3f87ca5f 2020-06-07 13:29:52 whitespace
7f1c0488 2020-06-07 13:28:17 Swap arguments of calloc(3). While it doesn't matter for calloc, it's easier on the eyes to always list the number of elements first and then the size. From Donovan Watteau ( contrib AT dwatteau.fr), Thanks!
1185c690 2020-06-05 19:50:59 Remove redundant code Reported by Prof. Dr. Steffen Wendzel <wendzel @ hs-worms . de>, thanks! OK martijn@ sthen@
c27ed0a7 2020-06-02 14:41:37 remove useless redirections okay tb@, florian@
7ed870dc 2020-06-02 14:41:13 less convoluted Makefile, removes useless redirections okay tb@, florian@
d8fe1c91 2020-06-01 05:21:30 Run lmtp deliveries as SMTPD_USER instead of the recipient user. ok millert@
692b40d2 2020-05-28 20:38:21 Enable building wsmoused on arm64 and armv7. OK deraadt@, kettenis@
177234f7 2020-05-28 20:33:50 Enable building wsfontload on arm64 and armv7. OK deraadt@, kettenis@
725b3260 2020-05-27 09:03:56 Remove unneeded <stddef.h>
7454d7ca 2020-05-25 10:38:32 When DNS lookup of an UDP loghost failed, syslogd(8) did close the UDP sockets for sending messages. Keep the sockets open if the config allows to send UDP. Then they can be used to send if DNS is working during the next SIGHUP. bug reported and fix tested by sven falempin; OK millert@
a2ead979 2020-05-24 22:08:54 Make "init-system -n" check vcpu and memory constraints Second attempt after config.c revision 1.37, this time merely delay the "-n" test until after constraint checks have been performed such that the PRI is still read, as required in order to get the total number of VCPUs and memory. OK kmos who also tested this
b5073d68 2020-05-24 22:00:45 msg
c76b35d7 2020-05-24 16:47:43 Relax the filename checks to allow dashes as well. Starting with OpenBSD 6.9, we can use less awkward filenames. Initial diff by deraadt, ok aja
8efa5877 2020-05-23 13:19:13 Typofix
da59641d 2020-05-23 13:06:33 Fail on duplicate vcpu, memory or iodevice parameters Domains get to define their cores and memory only once unlike vnet, vdisk and variable parameters of which it makes sense to have more than one; iodevices are unique my design and may only be assigned once. OK kettenis
3247d7f3 2020-05-22 21:54:20 Revert previous Total vcpu and memory are read from the PRI so constraint checks must not be done before that, noted by kettenis. The fact that "total_cpus" as a global variable (initialized with zero) is always smaller than the total number of configured vcpus and the fact that I only tested a negative example without a positive one made me jump the trigger, sorry.
e139c7ff 2020-05-22 21:40:16 Make "init-system -n" check vcpu and memory constraints kmos noted that "-n" wouldn't bark at overallocation, only running without it would do so. Hoit setup code and delay the noaction bailout just after constraint checks such that they're always done. OK kmos
8643c0ed 2020-05-22 07:18:17 Use the simpler HTML5 idiom to declare charset in autogenerated pages. This came from a suggestion by Andras Farkas to replace use of XHTML self-closing tags. ok cwen@ danj@ florian@
671d2f92 2020-05-21 15:38:05 Correct getsockname(2)/getpeername(2) usage. Fixes an uninitialized variable and a potential stack overflow with IPv6 connections. From Leah Neukirchen; OK eric@ deraadt@