summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* In ipw(4), ensure that net80211 is in ASSOC state while we are expectingstsp2021-03-121-1/+7
| | | | | | | | an assoc response from the AP during the association sequence. Otherwise net80211 would ignore the auth response, resulting in a state mismatch between firmware and net80211. A symptom of this was that WPA didn't work. Problem reported and fix tested by Ricardo Mottola
* Add deprecation warning for autoconfprivacy.florian2021-03-121-5/+27
| | | | | | While here check address family for 'temporary' option, only inet6 is allowed. OK kn
* Use RA instead of MiRA in iwn(4).stsp2021-03-122-191/+129
| | | | | | | Tested by: iwn 6200: stsp iwn 6205: cwen, Jeremy O'Brien iwn 6300: okan
* Use RA instead of MiRA in iwm(4).stsp2021-03-122-49/+66
| | | | | | | | | | | Tested by: iwm 7260: florian iwm 7265: TronDD, Aaron Miller, stsp iwm 8260: bket iwm 8265: matthieu, tracey, naddy, Dave Voutila, jcs, Mathieu Kerjouan, Matthias Schmidt, stsp iwm 9260: matthieu, phessler, Darren VanBuren iwm 9560: Uwe Werler
* Add RA, a new 11n Tx rate adaptation module for net80211.stsp2021-03-123-1/+785
| | | | | | | | | | | | | | | | | | | | | | | | | Written by Christian Ehrhardt and myself, based on ieee80211_mira.c but with significant changes. The main difference is that RA does not attempt to precisely measure actual throughput but simply deducts a loss percentage from the theoretical throughput which can be achieved by a given MCS. Unlike MiRa, RA does not use timeouts to trigger probing. Probing is triggered only by changes in measured throughput. Unlike MiRA, RA doesn't care whether a frame was part of an A-MPDU. RA simply collects statistics for individual subframes. This makes reporting very easy for drivers and seems to work well enough in practice. Another difference is that drivers can report multi-rate retries properly via ieee80211_ra_add_stats_ht(mcs, total, fail) which can be called several times before ieee80211_ra_choose() selects a new Tx rate. There is no reason any issues could not be fixed in ieee8011_mira.c but I felt it was a good moment to burn the house down and start over. And since this code diverges from how MiRA is described in the research paper applying the "MiRA" label becomes inappropriate.
* Zap a useless variable.tb2021-03-121-4/+2
| | | | suggested by jsing
* Missing void in function definitiontb2021-03-121-2/+2
| | | | ok jsing
* Fix checks of memory caps of constraints namestb2021-03-123-20/+32
| | | | | | | | | | | | | | | x509_internal.h defines caps on the number of name constraints and other names (such as subjectAltNames) that we want to allocate per cert chain. These limits are checked too late. In a particularly silly cert that jan found on ugos.ugm.ac.id 443, we ended up allocating six times 2048 x509_constraint_name structures before deciding that these are more than 512. Fix this by adding a names_max member to x509_constraints_names which is set on allocation against which each addition of a name is checked. cluebat/ok jsing ok inoguchi on earlier version
* Update Spleen kernel fonts to version 1.9.0, bringing the followingfcambus2021-03-122-27/+1691
| | | | | | | improvements: - Enlarge vertical line for consistency with other small sizes (5x8 version) - Add full support for the Latin-1 Supplement Unicode block (6x12 version)
* spellingjsg2021-03-1211-27/+27
| | | | ok mpi@
* Emulate "[inet] autoconf" hostname.if(5) lines with "dhcp"kn2021-03-121-1/+9
| | | | | | | | | | | | | | | | | | | | | With dhcpleased(8) in base, netstart(8) and ifconfig(8) understand both "autoconf" and "inet autoconf" lines in hostname.if(5) files to signal the new daemon. The installer however currently has only dhclient(8), hence manual upgrades with "[inet] autoconf" instead of "dhcp" in hostname.if files would fail to establish IPv4 connectivity. Make install.sub's netstart clone treat autoconf lines like old fashioned dhcp lines such users^Wearly testers of the new approach don't get stuck in nyetwork land. Note that this is only relevant for manual upgrades; installation always creates working hostname.if files and automated upgrades with sysupgrade(8) do not care about network/hostname.if files. Idea from deraadt OK deraadt krw ajacoutot
* spellingjsg2021-03-1212-27/+27
|
* Kill SINGLE_PTRACE and use SINGLE_SUSPEND which has almost the same semanticmpi2021-03-124-17/+12
| | | | | | | | single_thread_set() is modified to explicitly indicated when waiting until sibling threads are parked is required. This is obviously not required if a traced thread is switching away from a CPU after handling a STOP signal. ok claudio@
* Fix so tmux correctly sends the cvvis (cursor very visible) capabilitynicm2021-03-122-16/+30
| | | | | rather than sending it and then immediately undoing it with cnorm. Also turn it off when the cursor shape is changed like xterm.
* fix previousjsg2021-03-121-2/+2
|
* spelling: refenece -> referencejmc2021-03-121-3/+3
|
* spellingjsg2021-03-1221-65/+65
|
* Add ModuliFile keyword to sshd_config to specify the location of thedtucker2021-03-126-12/+49
| | | | | | "moduli" file containing the groups for DH-GEX. This will allow us to run tests against arbitrary moduli files without having to install them. ok djm@
* pwcopy() struct passwd that we're going to reuse across a bunch ofdjm2021-03-121-1/+2
| | | | library calls; bz3273 ok dtucker@
* Provide definition of CTRL in vi.c like we do for emacs.c.millert2021-03-121-1/+4
| | | | Fixes a portability issue. From Benjamin Baier
* quiz: handle line continuation in data files correctly, switch to getline(3)naddy2021-03-111-40/+24
| | | | | | | | | | | | Specifically, the following quiz.db line foo:\ bar was parsed into "foo:bar\n", which made it impossible to answer correctly. Bug reported and inital fix from Alex Karle, partially reworked by yours truly, further input from millert@
* fix a double space and a macro error;jmc2021-03-111-3/+3
|
* When RFC 8981 obsoleted RFC 4941 the terminology changed fromflorian2021-03-114-17/+20
| | | | | | | | | | | | | | | | | | | "privacy extensions" to "temporary address extensions" Change ifconfig(8) to output temporary after temporary addresses and add "temporary" option which is an alias for autoconfprivacy for now. Also make AUTOCONF6TEMP a positiv flag that is set by default. Previously the negative flag "INET6_NOPRIVACY" was set when privacy addresses were disabled. This makes the flags output less ugly and will allow us to disable autoconf addresses while having temporary addresses enabled in the future. More work is needed in slaacd. input benno, jmc, deraadt previous verison OK benno OK jmc, kn
* Use unveil(2)kn2021-03-111-1/+6
| | | | | | | | | | | | | Pledge is not possible due to the ioctls, but as apmd hoists both the control socket and apm device early at startup and only ever possibly executes scripts under /etc/apm/, hiding the rest of the filesystem becomes easy. Technically, only "x" is required to traverse the directory and run scripts, but apmd carefully access(2) each script, which requires the read bit regardless of the permission bits being tested. OK mestre
* Remove ssl_downgrade_max_version().jsing2021-03-115-54/+15
| | | | | | | Now that we store our maximum TLS version at the start of the handshake, we can check against that directly. ok inoguchi@ tb@
* There is no need to try to attach IPv6 to an interface when theflorian2021-03-111-2/+3
| | | | | | | | AUTOCONF6 flag is already set. This is likely a leftover from when we sent router solicitations from the kernel. This was a way to trigger sending a solicitation from userland. OK kn
* If the AUTOCONF4 or AUTOCONF6 flags get enabled, force the interface up.deraadt2021-03-111-23/+34
| | | | ok florian claudio
* Use timespec timers to determine when select-timeout and timeout intervalskrw2021-03-112-14/+35
| | | | | | are exceeded. Feedback from otto@, cheloha@
* spellingjsg2021-03-1117-42/+42
|
* Revert rev 1.116claudio2021-03-111-37/+43
| | | | | | The repo structs are reallocated during runtime and so the back pointers to the head element of the TAILQ get corrupted. Noticed by tb@
* Check for the existence of p5-IO-Socket-SSL by checking for its SSL.pmtb2021-03-111-3/+4
| | | | | | | instead of running pkg_add which may block due to its locking mechanism. Precise file to check for suggested by sthen ok kn deraadt on previous version
* spellingjsg2021-03-11140-331/+331
|
* Add SMP support.kettenis2021-03-111-14/+99
| | | | ok patrick@
* Remove unhelpful sentence from TPMRkn2021-03-111-3/+1
| | | | with dlg
* Document veb(4)kn2021-03-111-2/+99
| | | | | | | | | | | | | | | | All text is copied from other already existing sections, i.e. link flag handling from TPMR and the rest from BIDGE. Contrary to BRIDGE, add a synopsis for VEB such that there's a simple overwiew, especially since veb(4) currently does not explain *how* to use the described features. NB: While TPMR and VEB use the same wording for link flags, their semantics are different, i.e. both different flags and swapped polarity for those flags. Feedback jmc dlg OK dlg
* Link to sh(1) and use the same wording and markup for EXTRACT_CASES codekn2021-03-111-3/+6
| | | | "good idea" sthen
* There is no need to revisit a file in the repo, so if the RB_INSERT failsclaudio2021-03-111-4/+10
| | | | | just drop the entity queue element. OK benno@ tb@
* There is no need for a global enity queue, instead use per repo queues.claudio2021-03-111-43/+37
| | | | | Simplifies the code a fair bit. OK tb@
* Make sure to skip attaching disabled I2C devices. This can happen onpatrick2021-03-115-10/+35
| | | | | | hardware which include a common parent block in their device trees and only enable the components that were actually implemented, as seen on e.g. the NanoPi R4S.
* Make sure to skip attaching disabled I2C devices. This can happen onpatrick2021-03-111-2/+7
| | | | | | | | hardware which include a common parent block in their device trees and only enable the components that were actually implemented, as seen on e.g. the NanoPi R4S. ok kettenis@
* grow media a littlederaadt2021-03-112-6/+6
|
* that 0 should be NULLderaadt2021-03-111-2/+2
|
* Tidy old jobs every hour instead of every 30 seconds.nicm2021-03-113-28/+36
|
* groff complains about the word "An" in an Rs/Re block, believing it a macro,jmc2021-03-111-3/+3
| | | | so escape it;
* Add an "absolute-centre" alignment to use the centre of the total spacenicm2021-03-115-36/+204
| | | | instead of only the available space. From Magnus Gross in GitHub issue 2578.
* Add split-window -Z to start the pane zoomed, GitHub issue 2591.nicm2021-03-1114-52/+66
|
* Build install media with -fno-asynchronous-unwind-tables to furtherjsg2021-03-102-2/+4
| | | | | | | reduce size. Allows a clang 11 amd64 release to complete without overflowing the floppy image. ok kettenis@ deraadt@
* Handle named references in acpi_getdevlist(). Fixes a regression in acpitztobhe2021-03-101-1/+11
| | | | | | caused by the reference handling change from December. ok kettenis@ patrick@
* zlib functions take a gzFile not gzFile * (gzFile is already a pointer).millert2021-03-103-7/+7
| | | | From Josh Rickmar.
* Our ACPI namerefs are pointers to the byte structures for ACPI names.patrick2021-03-106-15/+20
| | | | | | | | | | | | These are not in a printable format, hence printing them as string is wrong. Additionally, aml_searchrel()/aml_searchname() expect the name to be passed in a printable format as well. Passing a nameref can lead to an out-of-bounds read, and the comparison can fail. Hence make sure that namerefs are passed to aml_getname() first, which returns printable strings. Note that aml_getname() uses a static buffer, so there are a few restrictions how the string can be used. ok kettenis@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.