Age | Commit message (Collapse) | Author |
|
chdir(2) before unveil(2). Use absolute config path after chdir,
also necessary for SIGHUP. /etc/sensorsd.conf.db must be unveiled,
cgetent(3) tries to open it.
OK beck@
|
|
later.
ok kettenis gkoehler
|
|
For DLT_NULL and DLT_LOOP interfaces, print-null.c passes
`caplen - NULL_HDRLEN' as length to default_print() which takes an unsigned
integer, hence if caplen is smaller than the header itself (four octets),
this difference wraps around.
Exit early in such cases and print the expected truncation marker "[|null]"
instead.
Feedback OK dlg
|
|
characters contained in a loaded font.
It's especially useful with user loaded fonts as they can contain
more than 256 characters.
OK sthen@
|
|
No object change.
|
|
While here, make messages more correct.
|
|
ok visa kettenis
|
|
ok kettenis
|
|
error out if ftp(1) or tar(1) fails; this happened to swarte@ a few months
(something to do with /home on NFS without -maproot IIRC).
Check that the signature file is at least 3 lines long (meaning that it contains
at least 1 syspatch) before entering the magic loop otherwise `grep -q' will
abort the script due to pipefail.
While here, revove a useless use of sort(1).
|
|
ok deraadt@
|
|
apmd/apm combo for -L/-H and such. (it gets all the rest of the mess too)
ok kettenis
|
|
|
|
This is built on top of maps which are currently built on top of RB-trees.
Improvements are welcome! For example the use of a hashing table as pointed
by espie@.
The following one-liner produce an histogram of power-of-two values returned
by the read(2) syscall:
btrace 'syscall:read:return { @bytes = hist(retval); }'
^C
@bytes:
[0] 19 |@@@@@@@@@@@@@@@@@@@@@@@@@@ |
[1] 26 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ |
[1, 2) 1 |@ |
[2, 4) 13 |@@@@@@@@@@@@@@@@@@ |
[4, 8) 4 |@@@@@ |
[8, 16) 3 |@@@@ |
[16, 32) 1 |@ |
[32, 64) 8 |@@@@@@@@@@@ |
[64, 128) 14 |@@@@@@@@@@@@@@@@@@@ |
[128, 256) 7 |@@@@@@@@@ |
[256, 512) 37 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@|
[512, 1K) 1 |@ |
[1K, 2K) 10 |@@@@@@@@@@@@@@ |
[2K, 4K) 11 |@@@@@@@@@@@@@@@ |
[8K, 16K) 1 |@ |
|
|
shell has been fixed by benno@; remove workaround.
ok naddy@
|
|
|
|
While here make it possible to store syscall return values in maps.
|
|
|
|
INT32_MAX by increasing the hrStorageAllocationUnits value until they fit.
Original patch from Johan Huldtgren (johan+openbsd-tech <at> huldtgren <dot> com)
OK sthen@
|
|
|
|
Prodded by and OK jmc@
|
|
snmpctl has been removed two releases ago, which makes the control
interface obsolete.
agentx support has always been quirky at best, but got completely broken
with the BER_MAX_OID_LEN increase in ber.h. This change resulted in the
oid length on the snmp side being left uninitialized because of size
difference, resulting in weird behaviour. No one reported the breakage,
even after 6.7 was released.
This change requires users to remove the socket keyword from their
snmpd.conf.
OK denis@
|
|
agentx header.
OK denis@
|
|
The -f option existed for some initial debugging work.
Thanks Weerd for review
OK claudio@
|
|
Contrary to other (single CPU) machines, the Oracle SPARC T4-2 machines
come with two CPUs/two PCIe root complexes instead of one.
ldomctl already accounts for this and interates over them but lacked a skip
condition when iterating over subdevices to avoid linking devices in one
complex to those in another.
This fixes a NULL dereference in "init-system" on T4-2 machines and makes
it produce working machine descriptions (.md files).
Testing and confirmation on a T4-1 that single PCIe root complex machines
still produce identical MDs with this from tracey, thanks!
Reminded by a report on bugs@ from Kokuma who also confirmed this fix on
their T4-2.
|
|
In analogy to guest domains requiring vcpu, memory and at least one
bootable device (vdisk, vnet or iodevice), the primary domain must not
be configured with vdisk, vnet or iodevice parameters; it does not make
sense to provide virtual disks or interfaces to it and PCIe devices not
assigned to guest domains automatically end up in the primary domain.
ldom.conf(5) also documents those explicitly for guest domains only.
OK tracey
|
|
|
|
ok tb
|
|
libevent functions for com, pic and rtc are now only called on event_thread.
vcpu exit handlers send messages on a dev pipe and callbacks on these events do
the event management (event_add, evtimer_add, etc). Previously, libevent state
was mutated by two threads, event_thread, that runs all the callbacks and the
vcpu thread when running exit handlers. This could have lead to libevent state
corruption.
Patch from Dave Voutila <dave@sisu.io>
ok claudio@
tested by abieber@ and brynet@
|
|
|
|
special case scripting in install.md.
(macppc still requires manual steps for HFS bootmode)
tested by krw, visa, gkoehler
|
|
OK claudio@
|
|
OK florian@, millert@, kn@
|
|
OK florian@, millert@, kn@
|
|
As a result *ra_rdnss and *ra_dnssl are not used any more, and can be removed.
While here remove spurious space.
OK florian@, millert@
|
|
use the files referenced in the manifests to build up a list of files
to keep and remove anything that is not in the list after doing the
full computation.
OK job@ benno@
|
|
protocols and ciphers. So you get a TLS server speaking TLSv1.0 and
supporting cipher suites with RC4 and 3DES encryption, all of which should
be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in
ldapd. All this is also not very clearly called out in the documentation.
This commit switches the defaults to using the libtls defaults for both
protocols and ciphers. If compatibility with the insecure legacy protocols
and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in
ldapd.conf.
tested by abieber.
inoguchi agrees with the direction.
ok beck
|
|
|
|
being unlink(2)ed from the main proc so I removed "cpath" from the pledge(2) on
the ldpe proc but actually the socket was unlink(2)ed from here, this means the
daemon would crash on exit due to pledge(2) not having "cpath" permissions
anymore. Finish the job by just not deleting the socket at all during
control_cleanup(), which keeps the control program still working without issues
but more importantly prevents the crash during exit, sorry about that.
Crash reported by wlund at iki.fi
OK deraadt@ claudio@ remi@
|
|
|
|
OK mpi
|
|
store radius passwords and nothing requires it to be group readable.
ok yasuoka@
|
|
Move log level to debug for that case and while there correct the
string, we're reding, not writing.
|
|
reading vpd stuff is useful when you're trying to get support
information about a pci device, eg, if you want a serial number,
or firmware versions, or specific part name or number, it's likely
available via vpd. also, im sick of having the diff in my tree.
this relies on the new PCIOCGETVPD ioctl i just committed to the
kernel.
it's a very quick and dirty implementation, hopefully someone will
pick it up and polish it a bit.
tested by hrvoje popovski on a variety of cards
ok jmatthew@
|
|
Inject a pending interrupt even if the rcv_pending flag is set to avoid the
endless EV_READ loop where a byte lingers read to be read but the vcpu never
gets the interrupt to read it. (e.g. the result of spamming RETURN via the
serial console)
Also, protect com ratelimit handler with mutexes to avoid corruption of the
device state.
These changes help preventing linux vm crashes when the return key is held on
boot.
Discovered by and patch from Dave Voutila <dave@sisu.io>
ok tb@
|
|
|
|
from Matt Dunwoodie and Jason A. Donenfeld
|
|
|
|
|
|
from Matt Dunwoodie and Jason A. Donenfeld
|
|
Fix a corner case where old events could be re-evaluated.
From Yuichiro NAITO.
|