summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2020-07-22sensorsd(8) reported an unveil failure due to chdir / . CallAlexander Bluhm
chdir(2) before unveil(2). Use absolute config path after chdir, also necessary for SIGHUP. /etc/sensorsd.conf.db must be unveiled, cgetent(3) tries to open it. OK beck@
2020-07-22force long-names on msdos filenames, so that folk can see pretty namesTheo de Raadt
later. ok kettenis gkoehler
2020-07-21Avoid integer underflow due to tiny snaplenkn
For DLT_NULL and DLT_LOOP interfaces, print-null.c passes `caplen - NULL_HDRLEN' as length to default_print() which takes an unsigned integer, hence if caplen is smaller than the header itself (four octets), this difference wraps around. Exit early in such cases and print the expected truncation marker "[|null]" instead. Feedback OK dlg
2020-07-20Add a new column to wsfontload -l output, to report the number ofFrederic Cambus
characters contained in a loaded font. It's especially useful with user loaded fonts as they can contain more than 256 characters. OK sthen@
2020-07-20Remove unused variable "caplen"kn
No object change.
2020-07-19Should use ufs_args here after all.Visa Hankala
While here, make messages more correct.
2020-07-18use correct structure for mounting, duhTheo de Raadt
ok visa kettenis
2020-07-18Create grub.cfg file as requiredTheo de Raadt
ok kettenis
2020-07-18set -/+o pipefail around the magic loop in ls_missing() so that we can properlyAntoine Jacoutot
error out if ftp(1) or tar(1) fails; this happened to swarte@ a few months (something to do with /home on NFS without -maproot IIRC). Check that the signature file is at least 3 lines long (meaning that it contains at least 1 syspatch) before entering the magic loop otherwise `grep -q' will abort the script due to pipefail. While here, revove a useless use of sort(1).
2020-07-17Add powerpc64 support; straight copy from octeon.Mark Kettenis
ok deraadt@
2020-07-15powerpc64 has the sysctl's for power control, so it can use theTheo de Raadt
apmd/apm combo for -L/-H and such. (it gets all the rest of the mess too) ok kettenis
2020-07-15Remove unused variablesdenis
2020-07-11Implement linear and power-of-two histograms: hist() and lhist() keywords.Martin Pieuchot
This is built on top of maps which are currently built on top of RB-trees. Improvements are welcome! For example the use of a hashing table as pointed by espie@. The following one-liner produce an histogram of power-of-two values returned by the read(2) syscall: btrace 'syscall:read:return { @bytes = hist(retval); }' ^C @bytes: [0] 19 |@@@@@@@@@@@@@@@@@@@@@@@@@@ | [1] 26 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | [1, 2) 1 |@ | [2, 4) 13 |@@@@@@@@@@@@@@@@@@ | [4, 8) 4 |@@@@@ | [8, 16) 3 |@@@@ | [16, 32) 1 |@ | [32, 64) 8 |@@@@@@@@@@@ | [64, 128) 14 |@@@@@@@@@@@@@@@@@@@ | [128, 256) 7 |@@@@@@@@@ | [256, 512) 37 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@| [512, 1K) 1 |@ | [1K, 2K) 10 |@@@@@@@@@@@@@@ | [2K, 4K) 11 |@@@@@@@@@@@@@@@ | [8K, 16K) 1 |@ |
2020-07-04Our old ksh(1) bug where eval()uating a || compound list would terminate theAntoine Jacoutot
shell has been fixed by benno@; remove workaround. ok naddy@
2020-07-04Small XXX.Antoine Jacoutot
2020-07-04Print the correct register for syscall return value.Martin Pieuchot
While here make it possible to store syscall return values in maps.
2020-07-03Increment line number when skipping multi-line comments.Martin Pieuchot
2020-07-01Allow hrStorageSize and hrStorageUsed to cope with sizes larger thenMartijn van Duren
INT32_MAX by increasing the hrStorageAllocationUnits value until they fit. Original patch from Johan Huldtgren (johan+openbsd-tech <at> huldtgren <dot> com) OK sthen@
2020-07-01Remove control socket referenceMartijn van Duren
2020-07-01Remove references to snmpd(8) now that agentx support has been removed.Martijn van Duren
Prodded by and OK jmc@
2020-06-30Remove agentx and control socket support.Martijn van Duren
snmpctl has been removed two releases ago, which makes the control interface obsolete. agentx support has always been quirky at best, but got completely broken with the BER_MAX_OID_LEN increase in ber.h. This change resulted in the oid length on the snmp side being left uninitialized because of size difference, resulting in weird behaviour. No one reported the breakage, even after 6.7 was released. This change requires users to remove the socket keyword from their snmpd.conf. OK denis@
2020-06-30Allow relayd to compile without reaching back into snmpd directory forMartijn van Duren
agentx header. OK denis@
2020-06-30Remove -f (force) option.job
The -f option existed for some initial debugging work. Thanks Weerd for review OK claudio@
2020-06-29Fix "init-system" with multiple PCIe root complexeskn
Contrary to other (single CPU) machines, the Oracle SPARC T4-2 machines come with two CPUs/two PCIe root complexes instead of one. ldomctl already accounts for this and interates over them but lacked a skip condition when iterating over subdevices to avoid linking devices in one complex to those in another. This fixes a NULL dereference in "init-system" on T4-2 machines and makes it produce working machine descriptions (.md files). Testing and confirmation on a T4-1 that single PCIe root complex machines still produce identical MDs with this from tracey, thanks! Reminded by a report on bugs@ from Kokuma who also confirmed this fix on their T4-2.
2020-06-29Reject vdisk, vnet and iodevice parameters for primary domainkn
In analogy to guest domains requiring vcpu, memory and at least one bootable device (vdisk, vnet or iodevice), the primary domain must not be configured with vdisk, vnet or iodevice parameters; it does not make sense to provide virtual disks or interfaces to it and PCIe devices not assigned to guest domains automatically end up in the primary domain. ldom.conf(5) also documents those explicitly for guest domains only. OK tracey
2020-06-29Build on powerpc64.Mark Kettenis
2020-06-28Fix build errorDale Rahn
ok tb
2020-06-28vmd(8): Eliminate libevent state corruptionpd
libevent functions for com, pic and rtc are now only called on event_thread. vcpu exit handlers send messages on a dev pipe and callbacks on these events do the event management (event_add, evtimer_add, etc). Previously, libevent state was mutated by two threads, event_thread, that runs all the callbacks and the vcpu thread when running exit handlers. This could have lead to libevent state corruption. Patch from Dave Voutila <dave@sisu.io> ok claudio@ tested by abieber@ and brynet@
2020-06-28obviously powerpc64 will want pcidumpTheo de Raadt
2020-06-27convert macppc, octeon, and loongson to use MI installboot, removingTheo de Raadt
special case scripting in install.md. (macppc still requires manual steps for HFS bootmode) tested by krw, visa, gkoehler
2020-06-27Replace TAILQ concatenation loop with TAILQ_CONCATbket
OK claudio@
2020-06-26Replace SIMPLEQ concatenation loop with SIMPLEQ_CONCATbket
OK florian@, millert@, kn@
2020-06-26Replace SIMPLEQ concatenation loop with SIMPLEQ_CONCATbket
OK florian@, millert@, kn@
2020-06-26Replace SIMPLEQ concatenation loops with SIMPLEQ_CONCATbket
As a result *ra_rdnss and *ra_dnssl are not used any more, and can be removed. While here remove spurious space. OK florian@, millert@
2020-06-24Stop using rsync --delete when syncing up with the CA repos. InsteadClaudio Jeker
use the files referenced in the manifests to build up a list of files to keep and remove anything that is not in the list after doing the full computation. OK job@ benno@
2020-06-24Using the "ldaps" or "tls" keywords in ldapd.conf currently enables allTheo Buehler
protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation. This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf. tested by abieber. inoguchi agrees with the direction. ok beck
2020-06-22Remove unused variabledenis
2020-06-22On my previous commit I made the wrong assumption that the control socket wasRicardo Mestre
being unlink(2)ed from the main proc so I removed "cpath" from the pledge(2) on the ldpe proc but actually the socket was unlink(2)ed from here, this means the daemon would crash on exit due to pledge(2) not having "cpath" permissions anymore. Finish the job by just not deleting the socket at all during control_cleanup(), which keeps the control program still working without issues but more importantly prevents the crash during exit, sorry about that. Crash reported by wlund at iki.fi OK deraadt@ claudio@ remi@
2020-06-22add missing .PpLandry Breuil
2020-06-22Fix "the symbol HZ is undefined" yacc warningkn
OK mpi
2020-06-22Install npppd.conf(5) with mode 0600 instead of 0640. npppd.conf(5) canmvs
store radius passwords and nothing requires it to be group readable. ok yasuoka@
2020-06-22When the main process exits, it closes the pipe so a read 0 occurs.Otto Moerbeek
Move log level to debug for that case and while there correct the string, we're reding, not writing.
2020-06-22a first cut at requesting and parsing vpd info.David Gwynne
reading vpd stuff is useful when you're trying to get support information about a pci device, eg, if you want a serial number, or firmware versions, or specific part name or number, it's likely available via vpd. also, im sick of having the diff in my tree. this relies on the new PCIOCGETVPD ioctl i just committed to the kernel. it's a very quick and dirty implementation, hopefully someone will pick it up and polish it a bit. tested by hrvoje popovski on a variety of cards ok jmatthew@
2020-06-21vmd(8): fix ns8250 lockup due to race conditionpd
Inject a pending interrupt even if the rcv_pending flag is set to avoid the endless EV_READ loop where a byte lingers read to be read but the vcpu never gets the interrupt to read it. (e.g. the result of spamming RETURN via the serial console) Also, protect com ratelimit handler with mutexes to avoid corruption of the device state. These changes help preventing linux vm crashes when the return key is held on boot. Discovered by and patch from Dave Voutila <dave@sisu.io> ok tb@
2020-06-21Add RCS markerTheo Buehler
2020-06-21wire the wireguard packet printer into tcpdump.David Gwynne
from Matt Dunwoodie and Jason A. Donenfeld
2020-06-21don't claim packets as wg if there's not enough captured bytes to read.David Gwynne
2020-06-21cope with a truncated capture of a packet. this avoids reading invalid mem.David Gwynne
2020-06-21add a printer for wireguard messages, but not hooked up just yet.David Gwynne
from Matt Dunwoodie and Jason A. Donenfeld
2020-06-18Apply rules to the number of events returned by the last read(2).Martin Pieuchot
Fix a corner case where old events could be re-evaluated. From Yuichiro NAITO.