Commit Graph

260884 Commits

Author SHA1 Message Date
christos 78a9456a0a Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format. The OpenSSH format,
   supported in OpenSSH releases since 2014 and described in the
   PROTOCOL.key file in the source distribution, offers substantially
   better protection against offline password guessing and supports
   key comments in private keys. If necessary, it is possible to write
   old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
   when generating or updating a key.

 * sshd(8): remove internal support for S/Key multiple factor
   authentication. S/Key may still be used via PAM or BSD auth.

 * ssh(1): remove vestigal support for running ssh(1) as setuid. This
   used to be required for hostbased authentication and the (long
   gone) rhosts-style authentication, but has not been necessary for
   a long time. Attempting to execute ssh as a setuid binary, or with
   uid != effective uid will now yield a fatal error at runtime.

 * sshd(8): the semantics of PubkeyAcceptedKeyTypes and the similar
   HostbasedAcceptedKeyTypes options have changed. These now specify
   signature algorithms that are accepted for their respective
   authentication mechanism, where previously they specified accepted
   key types. This distinction matters when using the RSA/SHA2
   signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their
   certificate counterparts. Configurations that override these
   options but omit these algorithm names may cause unexpected
   authentication failures (no action is required for configurations
   that accept the default for these options).

 * sshd(8): the precedence of session environment variables has
   changed. ~/.ssh/environment and environment="..." options in
   authorized_keys files can no longer override SSH_* variables set
   implicitly by sshd.

 * ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed.
   They will now use DSCP AF21 for interactive traffic and CS1 for
   bulk.  For a detailed rationale, please see the commit message:
   https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284
2018-08-26 07:39:56 +00:00
wiz f9e13d680e Fix Dd. New line after macro argument end. 2018-08-26 06:47:27 +00:00
rin 7815eac2f9 Add mue(4). 2018-08-25 21:01:28 +00:00
rin 21fe791a2f Set mac-address property to mue(4). 2018-08-25 20:55:15 +00:00
rin 46f2680da4 Add (commented out) mue(4) to where appropriate.
Also add MII/PHY drivers for USB NICs if missing.
2018-08-25 20:52:40 +00:00
rin 559388397c Add mue(4), driver for Microchip LAN75xx/LAN78xx known as internal NIC of
Raspberry Pi 3 B+, from OpenBSD.

Tested on Raspberry Pi 3 B+ (LAN7800) and Z-TEK ZE582 (LAN7500).

* BUGS/TODO

- If the media type is set to something other than 1000baseT-FDX, data
  transmission becomes quite unstable. Also, ukphy(4) recognize 1000baseT as
  a supported media type, but it is not in fact.

- Catch up with changes made to usmsc(4) in nick-nhusb branch, i.e.,
  make the driver MP-safe.

- Support RX/VLAN/TX chekcsum offloading.
2018-08-25 20:12:21 +00:00
dholland 6f6568e389 typo 2018-08-25 19:38:37 +00:00
kre b92473bc91 PR bin/48875
Add a paragraph (briefer than previously posted to mailing lists)
to explain that there is no guarantee that the results of a command
substitution will be available before all commands started by the
cmdsub have completed.

Include the original proposed text (much longer) as *roff comments, so
it will at least be available to those who browse the man page sources.

While here, clean up the existing text about command substitutions to
make it a little more accurate (and to advise against using the `` form).
2018-08-25 17:35:31 +00:00
martin 8e689328db obsolete ndiscvt 2018-08-25 11:10:52 +00:00
martin 1ebe46fcad Remove userland part of ndis 2018-08-25 11:06:00 +00:00
maxv 2ce97679ef Add KAUTH_REQ_PROCESS_CANSEE_EPROC, and use it for the kern.proc node.
Same permission as before, so no functional change.
2018-08-25 09:54:37 +00:00
maxv 7c68bf2efd Belatedly note the removal of vm86 (me, one year ago), and n8 (maya, two
weeks ago).
2018-08-25 08:12:28 +00:00
maxv b68213b897 Note removal of NDIS. 2018-08-25 08:08:26 +00:00
maxv 2ec2a169a3 Retire NDIS. It appears that it has never worked, after 13 years it was
still marked as "experimental", and nowadays it may be one more obstacle
to MPification of the network stack.

Discussed on tech-net@.
2018-08-25 07:48:56 +00:00
maxv b73bad40c3 Disable POOL_REDZONE until we figure out what's wrong. There must be a dumb
problem, that is not triggerable on amd64.
2018-08-25 05:56:24 +00:00
kre ce53a30d9a PR bin/53548
Deal with the new shell internal exit reason EXEXIT in the case of
a shell which has vfork()'d.   It takes a peculiar set of circumstances
to get into a situation where this is ever relevant, but it can be
done.   See the PR for details.
2018-08-25 02:42:49 +00:00
jmcneill 06e9775296 arm: Add UEFI boot loader for ARM64 platforms. 2018-08-25 00:09:12 +00:00
jmcneill a9f28bb9e9 Build and install bootaa64.efi on 64-bit evbarm 2018-08-25 00:07:09 +00:00
jmcneill 3eca809508 Use absolute paths for default kernel filenames 2018-08-24 23:22:10 +00:00
jmcneill dfd0f7e2ac If we could not query the DevicePathProtocol handle, just select no default boot device instead of exiting. 2018-08-24 23:21:56 +00:00
jmcneill f429f9ea3b Sanitize the memory map passed to the kernel. 2018-08-24 23:20:41 +00:00
jmcneill 3233c35926 If the boot device could not be determined, use the first one found as
the default. While here, remove unnecessary calls to LibFileSystemInfo().
2018-08-24 23:19:42 +00:00
ryo decc510df4 /cpus node may have any nodes except cpu. count only nodes of device_type "cpu" 2018-08-24 21:56:13 +00:00
jmcneill dbc328ce52 Start counting down at 5 instead of 4 2018-08-24 20:55:20 +00:00
jmcneill f91ef45e92 EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL.Reset() may not be supported. Failing to reset is not a fatal error, so ignore the status. 2018-08-24 20:51:15 +00:00
sevan 3cf3cde809 OpenSSH 7.8 is out 2018-08-24 20:26:03 +00:00
ryo f7af07ffb9 set correctly TCR_EL1 for inner shareable when MULTIPROCESSOR 2018-08-24 19:06:30 +00:00
maxv 313154072c mark one entry as done 2018-08-24 17:09:30 +00:00
maxv a8a3fd3cca Use a random hunique, instead of sending the pointer of the interface.
Tested via ATF.
2018-08-24 17:06:29 +00:00
riastradh de83ca4c98 <sys/queue.h> for TAILQ_*. Parenthesize macro arguments. 2018-08-24 16:37:19 +00:00
abhinav 50d4d47f30 Adjust makemandb for the latest mandoc
ok christos@
2018-08-24 16:01:57 +00:00
wiz 2aa6701c2b Remove trailing whitespace. 2018-08-24 14:24:50 +00:00
maxv d4063f3687 Use __predict_false to optimize, and also replace panic->printf. 2018-08-24 14:04:27 +00:00
martin 48f4f2396c Bump date 2018-08-24 11:43:13 +00:00
martin bf2f242dcd Add support for remapping requested paths via a .bzredirect file.
Fixes PR 52772. Ok: mrg@
2018-08-24 11:41:16 +00:00
mrg 05225295cb fix output since protocol agnostic change went in.
XXX: i thought someone hooked this into atf already, please do :)
2018-08-24 10:04:41 +00:00
maxv 9533071f67 Note kASan support. 2018-08-24 05:39:04 +00:00
riastradh ab7ebb91dd opt_dtrace.h for KDTRACE_HOOKS. Use __nothing for empty expansion. 2018-08-24 03:25:01 +00:00
jmcneill fd68eca2c7 Remove unused file. 2018-08-24 02:10:46 +00:00
jmcneill 36105be28c Add MI EFI bootloader and AArch64 glue. 2018-08-24 02:01:06 +00:00
jmcneill c0afa15f08 Sprinkle __unused 2018-08-24 01:59:40 +00:00
jmcneill 1228fccb09 Deal with reserved memory ranges that start before mem start 2018-08-23 22:34:03 +00:00
skrll b080f9c147 Whitespace 2018-08-23 21:01:43 +00:00
skrll f2f585bf4c WIP checkpoint 2018-08-23 20:54:43 +00:00
jmcneill 740e40f459 Fix LOADADDR on aarch64 and use memmove for bcopy instead of memcpy 2018-08-23 19:01:22 +00:00
jmcneill b655919a97 Support loading read-only data sections. ARM64 ELF kernels need this. ok skrll@ 2018-08-23 17:35:42 +00:00
snj 101004f6a9 mark netbsd-6* as Terminated 2018-08-23 16:25:37 +00:00
jmcneill 8256152684 Add of_getprop_uint64 2018-08-23 13:24:44 +00:00
maxv 177c084b60 Add kASan redzones on pools and pool_caches. Also enable POOL_REDZONE
on DIAGNOSTIC.
2018-08-23 12:18:02 +00:00
maxv 3fc5b07399 Improve the detection on global variables, no need to round up. 2018-08-23 11:56:10 +00:00