Makefile.${MACHINE_ARCH} and remove the now-empty files. Generate the
*32 directories on the necessary architectures (well, currently only
amd64) on the fly. Remove LOADER_EFI variable and co-locate it with
EFI.
Differential Review: https://reviews.freebsd.org/D14546
Two PRs (152084 & 210187) request allowing the "@" and/or "!"
characters in the passwd file GECOS field. The man page for pw does
not mention that those characters are disallowed, Linux supports those
characters in this field, and the "@" character in particular would be
useful for storing email addresses in that field.
PR: 152084, 210187
Submitted by: jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reported by: jschauma@netmeister.org, Dave Cottlehuber <dch@freebsd.org>
Reviewed by: delphij (secteam), vangyzen
MFC after: 1 week
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D14519
Add I2C OPAL driver and a set of dummy-ones to allow
all I2C things on Power8 to attach.
TODO: better async token management
Submitted by: Wojciech Macek <wma@semihalf.com>
Obtained from: Semihalf
Sponsored by: IBM, QCM Technologies
Many licenses on Linuxolator files contained small variations from the
standard FreeBSD license text. To avoid license proliferation switch to
the standard 2-clause FreeBSD license for those files where I have
permission from each of the listed copyright holders. Additional files
still waiting on permission from others are listed in review D14210.
Approved by: dchagin, rdivacky, sos
MFC after: 1 week
MFC with: r329370
Sponsored by: The FreeBSD Foundation
LinuxKPI to comply more with Linux. This fixes an issue when these functions
are used in waiting loops.
MFC after: 1 week
Sponsored by: Mellanox Technologies
Rather than hardcoding these things. This could lead to some form of loader
localization later, but the main goal at the moment is to get a clear view
of the strings we're outputting and strive to use more string.format() and
less wild concatenation all over the place.
In the weird case where the user-provided buffer was zero bytes, we could break
out of PCIOCGETCONF and return without initializing error. In this case,
initialize error to zero -- we successfully did nothing, as requested.
Reported by: Coverity
Sponsored by: Dell EMC Isilon
'status' array passed to get_mouse_status() is usually uninitialized by
callers.
Fully populating it with values in get_mouse_status() can fail due to
read_aux_data().
Additionally, nothing in API constrains 'len' to be >= 3. In practice,
every caller passes three, so perhaps that argument should just be removed.
Refactoring is a larger change, though.
Remove use of potentially uninitialized values by:
1. Only printing 3 debug statuses if the passed array was at least
'len' >= 3;
2. Populating 'status' array up to first three elements, if read_aux_data()
failed.
No functional change intended.
Reported by: Coverity
Sponsored by: Dell EMC Isilon
Coverity cannot determine that handle_written_indirdep() does not access
uninitialized 'sbp' when flags argument is zero.
So, simply move the initialization slightly sooner to silence the warning.
No functional change.
Reported by: Coverity
Sponsored by: Dell EMC Isilon
(Due to some misconfiguration) I ended up with _mask set to
"-v<something>", and /etc/rc.d/jail then failed with
"expr: illegal option -- v".
Use "expr --" so that variable content is never interpreted as an
option.
Reviewed by: jamie
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14535
6.0 spec 6.4.3.5 bit 0 is ignored on QWord, DWord, and Word Address Space
Descriptors, but not Extended Address Space Descriptors.
Reviewed by: jhb
Sponsored by: DARPA, AFRL
Sponsored by: Cavium (Hardware)
Differential Revision: https://reviews.freebsd.org/D14516
It calls OF_* functions to check if it needs to implement workarounds.
This may not be the case on arm64 where we support both FDT and ACPI.
Fix this by checking if we are booting on FDT before calling these checks.
Reviewed by: ian
Sponsored by: DARPA, AFRL
Sponsored by: Cavium (Hardware)
Differential Revision: https://reviews.freebsd.org/D14515
Retpoline is a compiler-based mitigation for CVE-2017-5715, also known
as Spectre V2, that protects against speculative execution branch target
injection attacks.
In this commit it is disabled by default, but will be changed in a
followup commit.
Reviewed by: bdrewery (previous version)
MFC after: 3 days
Security: CVE-2017-5715
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14242
When checking the validity of the pf.conf file also include the user supplied
pf_flags. These flags might overrule macros or specify anchors, which we will
apply when actually applying the pf.conf file, so we must also take them into
account when verifying the validity.
Submitted by: Andreas Longwitz <longwitz at incore.de>
MFC after: 3 weeks
pfctl only takes the last '-F' argument into account, so this never did what
was intended.
Moreover, there is no reason to flush rules before reloading, because pf keeps
track of the rule which created a given state. That means that existing
connections will keep being processed according to the rule which originally
created them. Simply reloading the (new) rules suffices. The new rules will
apply to new connections.
PR: 127814
Submitted by: Andreas Longwitz <longwitz at incore.de>
MFC after: 3 weeks
We've included an extra '0' in there (which might get removed later, but
it's maintained for the moment for legacy purposes) which oftentimes
indicate that the following number should be treated as octal. This is not
the case, so note that to prevent future confusion (of myself and others).
Our module bits ended up more stable than I anticipated, so this turns out
to be no longer useful.
If things like this need to come back, we should do it in a separate 'debug'
module to serve as a collection of debugging aides. As a rule, this 'debug'
module would *not* be allowed as a requirement of any other modules in-tree.
- Add screen.default_x and screen.default_y to determine where
screen.defcursor resets the cursor to.
- Use screen.setcursor in screen.defcursor instead of rewriting the escape
sequence.
- Use screen.default_y when resetting the cursor after writing the new
twiddle character, add a comment verbally describing the position just in
case.
It worked on my test setup, but is clearly non-functional on others.
Further examination of check-password.4th showed that it actually reset the
cursor to 0,25 every time and overwrote the previous password prompt. Do
that, and also clear the "Incorrect Password" text if the correct password
gets entered.
Revert r314685, and add a comment describing the original
behavior and the intent.
Reviewed by: dab@ vangyzen@ jhb@
Differential Revision: https://reviews.freebsd.org/D14530
for the minimum length.
This fixes a bug where cookies of length 2 bytes (which is smaller
than the minimum length of 4) is provided by the server.
Sponsored by: Netflix, Inc.
The source of error is a rounded increment being too large and thus the loop
steps slightly past 'last'. Perform a final comparison using the formatted
string values (truncated precision) to determine if we still need to print
the 'last' value.
PR: 217149
Submitted by: Fernando Apesteguía <fernando.apesteguia AT gmail.com>,
Yuri Pankov <yuripv AT icloud.com> (earlier version)
Reported by: Martijn Dekker <mcdutchie AT hotmail.com>
Sponsored by: Dell EMC Isilon
When dhclient first starts, if an old IP address exists in the
dhclient.leases file, dhclient(8) sends early DHCPREQUEST message(s)
in an attempt to re-obtain the old IP address again. These messages
contain the old IP as a requested-IP-address option in the message
body (correct) but also use the old IP address as the packet's source
IP (incorrect).
RFC2131 sec 4.1 states:
DHCP messages broadcast by a client prior to that client obtaining
its IP address must have the source address field in the IP header
set to 0.
The use of the old IP as the packet's source address is incorrect if
(a) the computer is now on a different network or (b) it is on the
same network, but the old IP has been reallocated to another host.
Fix dhclient to use 0.0.0.0 as the source IP in this circumstance
without removing any existing functionality. Any previously-used old
IP is still requested in the body of an early DHCPREQUEST message.
PR: 199378
Submitted by: J.R. Oldroyd <fbsd@opal.com>
Reported by: J.R. Oldroyd <fbsd@opal.com>
Reviewed by: cem, asomers, vangyzen
MFC after: 1 week
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D14527
twiddle_pos didn't need to be a module-scope local, since it's going to get
reset with every read anyways- it was left-over from other things.
screen.movecursor with a y=-1 setting was from a test of movecursor,
resulting in the twiddle characters being drawn going up the console and
looking quite funky.
This gives some form of feedback while typing, and matches-(ish*) Forth
behavior. The cursor generally rests two column after the password prompt,
then the twiddle is drawn three columns later and the cursor reset to
resting position after being drawn.
I've removed the note about re-evaluating it for security considerations and
instead set it up as a module-local variable that we can set later depending
on environment or something. It's set to false with no chance of changing at
the moment.
*As close as I can tell from reading check-password.4th, because I don't
have an easy test (or deployed) setup for forth loader to check how close
it is. Please do mention if it's not close enough.
