Commit Graph

232808 Commits

Author SHA1 Message Date
nonaka
c78b078a2a Replace if_attach with if_initialize and if_register. 2015-01-16 05:50:15 +00:00
nonaka
1296cd7938 Use IFQ_* macro instead of IF_*. 2015-01-16 05:36:47 +00:00
christos
bb54e0e08c PR/39371: Tobias Nygren: Don't fail mounting root if WAPBL log is corrupt.
Patch from Sergio L. Pascual.
XXX: pullup-7
2015-01-16 03:57:52 +00:00
christos
2975c78d57 Restore previous behavior: "boot -s" == "boot netbsd -s"
Instead of ignoring the flags and doing the default boot. Merge some
extraneous code.
XXX: Find the PR for this, close it and pullup to -7
2015-01-16 03:45:53 +00:00
mrg
68c85a9f21 regen. 2015-01-15 22:29:52 +00:00
christos
3eceacff0e rename variable to avoid conflict with "div" 2015-01-15 16:31:05 +00:00
skrll
02519d1330 Add a reminder about tools/gcc/gcc-version.mk 2015-01-15 08:50:36 +00:00
skrll
b4b886e5d8 Fix gcc PR target/64479 [SH] wrong optimization delayed-branch 2015-01-15 08:42:14 +00:00
christos
7e4263ceda cast and mask is overkill. 2015-01-14 22:57:27 +00:00
christos
629020497c add vnode kqueue test from PR/48958 2015-01-14 22:25:05 +00:00
christos
d0b8ae57c5 bump warns. 2015-01-14 22:22:32 +00:00
christos
f7afbc7f00 PR/48958: rudolf: EVFILT_VNODE filter miscounting hardlinks (add test) 2015-01-14 22:22:14 +00:00
christos
4075d124b6 make unsigned constants that. 2015-01-14 22:21:00 +00:00
christos
9861bac74f cast to destination type. 2015-01-14 22:16:04 +00:00
tron
00203d2bfc Fix build with "USE_SSP" set to "yes". 2015-01-14 20:26:41 +00:00
pooka
547f1a3188 Execute softints in the order in which they are scheduled (per level). 2015-01-14 18:51:56 +00:00
pooka
e82a50e44e Implement softint_schedule_cpu() for rump kernels.
While distributing processing all over the place is not relevant for
high-performance rump kernel I/O stacks (and downright counterproductive),
the mechanism is used e.g. to reach a quiescent state when detaching
an interface, and therefore a semantically correct implementation is
required.

Fixes at least an uncommon race in the ifconfig destroy case.
reported & patch tested by Justin Cormack.
2015-01-14 18:46:38 +00:00
chs
b4b3a81a2a remove BIOS-mapping code that was #if-0'd in the previous commit. 2015-01-14 17:45:27 +00:00
msaitoh
3d12c324ea regen. 2015-01-14 15:28:18 +00:00
msaitoh
e62cfb1b0b Sort VIATECH's entries in the device ID's order. 2015-01-14 15:26:08 +00:00
hannken
2547f8421a Change mfs to use an anonymous vnode obtained with bdevvp()
for the specdev it mounts on.
2015-01-14 11:21:31 +00:00
martin
015ca5a910 Add missing break, following upstream.
Reported by Henning Petersen in PR bin/49567.
2015-01-14 09:29:27 +00:00
manu
575ae72270 Fix atime update
FUSE filesystems assume that SETATTR with atime is the result of utiimes()
being called. As a result, atime and mtime will be updated.  This happens
with MooseFS and glusterFS. atime is supposed to be updated by the
filesystem itself when it gets read operations.

We fix the problem in SETATTR operations by
1) do not create a mtime update when we have an atime update (and vice
   versa), just fill the fields to avoid the filesystem restting the
   missing field to Epoch, but do not pretend we want to update it.
2) If the change is limited to atime, iscard it, as updates should be
   done by READ operations
3) Kernel part of PUFFS has been fixed to make sure reads on empty file
   are sent to the filesystem:
   http://mail-index.netbsd.org/source-changes/2015/01/13/msg062364.html

Thanks to Tom Ivar Helbekkmo for reporting this issue.
2015-01-13 16:51:30 +00:00
manu
5fc94787c1 Make sure reads on empty files reach PUFFS filesystems
Sending a read through the page cache will get the operation
short-circuited. This is a problem with some filesystems that
expect to receive the read operation in order to update atime.

We fix that by bypassing the page cache when reading a file
wich a size known to be zero.
2015-01-13 16:39:51 +00:00
martin
f91d4e28bb Simplify, now that rounding mode defines match the hardware bits. 2015-01-13 11:16:06 +00:00
martin
5b588e717d Properly separate fenv.h and ieeefp.h by moving all fenv defines
over to the former.
Now that they are decoupled, make rounding modes match the hardware bits.
2015-01-13 11:15:29 +00:00
jmcneill
d5776d8163 From FUKAUMI Naoki <naobsd@gmail.com>:
sdmmc0 is unstable at 48MHz with default 4mA on some boards.
12mA is stable, it's used in Rockchip Linux 3.0 kernel too.
2015-01-13 10:37:38 +00:00
jmcneill
f15d48f45c one more segment can be queued, from FUKAUMI Naoki <naobsd@gmail.com> 2015-01-13 10:36:15 +00:00
spz
3d5100eac1 Update of OpenSSL to 1.0.1k part 3:
- bump the shared library versions
- adjust set lists
- regenerate man pages
- note the import in doc/3RDPARTY and doc/CHANGES

there were no changes in asm parts
2015-01-13 09:14:57 +00:00
msaitoh
453034ecde As I wrote in the last commit, The PMBASE and GPIOBASE registers are not
compltible with the PCI spec and the map sizes are fixed to 128bytes. The
pci_mapreg_submap() function has a code to check the range of the BAR. The
PCI_MAPREG_IO_SIZE() macro returns lower than 128bytes on some machines.
It makes impossible to use pci_mapreg_submap(). Use pci_conf_read() and
bus_space_map() directly. Observed and tested with my Thinkpad X61.
2015-01-13 08:57:02 +00:00
spz
805debc41a merge OpenSSL 1.0.1k import 2015-01-13 08:16:08 +00:00
spz
05304d4329 Import of OpenSSL 1.0.1k. Upstream log:
Changes between 1.0.1j and 1.0.1k [8 Jan 2015]

  *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
     message can cause a segmentation fault in OpenSSL due to a NULL pointer
     dereference. This could lead to a Denial Of Service attack. Thanks to
     Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
     (CVE-2014-3571)
     [Steve Henson]

  *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
     dtls1_buffer_record function under certain conditions. In particular this
     could occur if an attacker sent repeated DTLS records with the same
     sequence number but for the next epoch. The memory leak could be exploited
     by an attacker in a Denial of Service attack through memory exhaustion.
     Thanks to Chris Mueller for reporting this issue.
     (CVE-2015-0206)
     [Matt Caswell]

  *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
     built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
     method would be set to NULL which could later result in a NULL pointer
     dereference. Thanks to Frank Schmirler for reporting this issue.
     (CVE-2014-3569)
     [Kurt Roeckx]

  *) Abort handshake if server key exchange message is omitted for ephemeral
     ECDH ciphersuites.

     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
     reporting this issue.
     (CVE-2014-3572)
     [Steve Henson]

  *) Remove non-export ephemeral RSA code on client and server. This code
     violated the TLS standard by allowing the use of temporary RSA keys in
     non-export ciphersuites and could be used by a server to effectively
     downgrade the RSA key length used to a value smaller than the server
     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
     INRIA or reporting this issue.
     (CVE-2015-0204)
     [Steve Henson]

  *) Fixed issue where DH client certificates are accepted without verification.
     An OpenSSL server will accept a DH certificate for client authentication
     without the certificate verify message. This effectively allows a client to
     authenticate without the use of a private key. This only affects servers
     which trust a client certificate authority which issues certificates
     containing DH keys: these are extremely rare and hardly ever encountered.
     Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
     this issue.
     (CVE-2015-0205)
     [Steve Henson]

  *) Ensure that the session ID context of an SSL is updated when its
     SSL_CTX is updated via SSL_set_SSL_CTX.

     The session ID context is typically set from the parent SSL_CTX,
     and can vary with the CTX.
     [Adam Langley]

  *) Fix various certificate fingerprint issues.

     By using non-DER or invalid encodings outside the signed portion of a
     certificate the fingerprint can be changed without breaking the signature.
     Although no details of the signed portion of the certificate can be changed
     this can cause problems with some applications: e.g. those using the
     certificate fingerprint for blacklists.

     1. Reject signatures with non zero unused bits.

     If the BIT STRING containing the signature has non zero unused bits reject
     the signature. All current signature algorithms require zero unused bits.

     2. Check certificate algorithm consistency.

     Check the AlgorithmIdentifier inside TBS matches the one in the
     certificate signature. NB: this will result in signature failure
     errors for some broken certificates.

     Thanks to Konrad Kraszewski from Google for reporting this issue.

     3. Check DSA/ECDSA signatures use DER.

     Reencode DSA/ECDSA signatures and compare with the original received
     signature. Return an error if there is a mismatch.

     This will reject various cases including garbage after signature
     (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
     program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
     (negative or with leading zeroes).

     Further analysis was conducted and fixes were developed by Stephen Henson
     of the OpenSSL core team.

     (CVE-2014-8275)
     [Steve Henson]

   *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
      results on some platforms, including x86_64. This bug occurs at random
      with a very low probability, and is not known to be exploitable in any
      way, though its exact impact is difficult to determine. Thanks to Pieter
      Wuille (Blockstream) who reported this issue and also suggested an initial
      fix. Further analysis was conducted by the OpenSSL development team and
      Adam Langley of Google. The final fix was developed by Andy Polyakov of
      the OpenSSL core team.
      (CVE-2014-3570)
      [Andy Polyakov]

   *) Do not resume sessions on the server if the negotiated protocol
      version does not match the session's version. Resuming with a different
      version, while not strictly forbidden by the RFC, is of questionable
      sanity and breaks all known clients.
      [David Benjamin, Emilia Käsper]

   *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
      early CCS messages during renegotiation. (Note that because
      renegotiation is encrypted, this early CCS was not exploitable.)
      [Emilia Käsper]

   *) Tighten client-side session ticket handling during renegotiation:
      ensure that the client only accepts a session ticket if the server sends
      the extension anew in the ServerHello. Previously, a TLS client would
      reuse the old extension state and thus accept a session ticket if one was
      announced in the initial ServerHello.

      Similarly, ensure that the client requires a session ticket if one
      was advertised in the ServerHello. Previously, a TLS client would
      ignore a missing NewSessionTicket message.
      [Emilia Käsper]
2015-01-13 07:59:08 +00:00
msaitoh
14ce3e3f34 Fix a legacy interrupt problem. If the INTx line was shared with another
device, the ixgbe_legacy_irq() enabled the interrupt even if the interface
was down. Check the interface state and call functions appropriately.
2015-01-13 03:11:34 +00:00
mrg
a1b1261ab6 do not use directory paths present in gzip files with the -N flag,
similar to the problem reported in pigz.
2015-01-13 02:37:20 +00:00
mrg
1170f5637d merge fdad1406b3
--
When decompressing with -N or -NT, strip any path from header name.

This uses the path of the compressed file combined with the name
from the header as the name of the decompressed output file.  Any
path information in the header name is stripped.  This avoids a
possible vulnerability where absolute or descending paths are put
in the gzip header.
--
2015-01-13 02:36:22 +00:00
christos
e701837bc1 reflect reality about filesystems supported. 2015-01-12 19:50:47 +00:00
christos
d79005d78a PR/49559: Christian Brueffer: Fix typo maxbpf instead of maxbpg. 2015-01-12 19:50:25 +00:00
snj
3158ea9ed8 Restore unintentionally deleted file, which prevented building of any
install media.  PR port-amd64/49558.
2015-01-12 19:40:48 +00:00
christos
1bbf03e8f8 PR/49104: Jarle Greipsland: Don't touch cr4 in cpus that don't have it.
XXX: pullup-7
2015-01-12 16:34:39 +00:00
christos
eea786b46d Increase the buffer limit; otherwise files in:
http://www.taxdetective.ca/Samples/sampledatafiles.html

fail.
2015-01-12 14:17:08 +00:00
wiz
4b1166b37c Fix table. Based on diff by Henning Petersen in PR 49514. 2015-01-12 09:51:26 +00:00
mrg
28972076a1 use unsigned over uint32_t so that this file works without stdint.h
being included before hand.

fixes mknative-gcc problems, and likely others.
2015-01-12 09:14:45 +00:00
dennis
75a496875b Replace the branch to __cerror() in powerpc64 syscall stubs
with inline code which does what __cerror() was doing.  #ifdef
that code (i.e. all code) out of cerror.S; __cerror() is no more.
This seems to be necessary to fix the link of rescue/rescue, and
should have the pleasant side effect of making all other workarounds
done to keep the 'b __cerror' working unnecessary.
2015-01-12 02:48:20 +00:00
dennis
54a863e31a Name the offsets to the remaining fields in the ppc64
stack frame header.  Add a stack frame alignment macro
to avoid hard-coding that.
2015-01-12 02:32:33 +00:00
jakllsch
d9f0fccb91 use IPL_NONE for CPU attach message serialization mutex 2015-01-12 01:18:38 +00:00
jakllsch
c47cc771c2 spell "regulator" correctly 2015-01-12 01:02:35 +00:00
joerg
d40a88a875 sizeof doesn't evaluate the expression, so increment of rxd doesn't
happen. Move it out.
2015-01-11 22:59:57 +00:00
martin
0ad84ca589 Strip debug symbols from ofwboot.
The forth bootsector loading this file when booting from disk is
"simplistic" and does not skip non loadable sections. The five times
bigger file with debug info overruns some important memory contents
with some firmware versions otherwise.
2015-01-11 22:59:25 +00:00
joerg
d342bce1ef ARM has deprecated using both PC and LR in the register list of pop with
ARMv6T2, so split the instructions up.
2015-01-11 20:52:57 +00:00
is
f15c72f671 Add support for the (cobalt) nullcons to amd64 and i386. 2015-01-11 19:54:23 +00:00