Now
MAIN commitmail json YAML
src/common/lib/libc/string/consttime_memequal.c@1.5
/
diff
/
nxr@1.5
src/common/lib/libc/string/explicit_memset.c@1.4 / diff / nxr@1.4
src/common/lib/libc/string/explicit_memset.c@1.4 / diff / nxr@1.4
add a public domain notice
MAIN commitmail json YAML
fix memory allocation, and an off-by-one
MAIN commitmail json YAML
play the addref/delref game on suspend, prevents crash if the disk/CF Card
is eg. in a PCMCIA adapter and not mounted
is eg. in a PCMCIA adapter and not mounted
MAIN commitmail json YAML
src/distrib/utils/sysinst/disks.c@1.129
/
diff
/
nxr@1.129
src/sbin/atactl/atactl.c@1.72 / diff / nxr@1.72
src/sys/dev/ata/atareg.h@1.43 / diff / nxr@1.43
src/sys/dev/usb/umass_isdata.c@1.29 / diff / nxr@1.29
src/sbin/atactl/atactl.c@1.72 / diff / nxr@1.72
src/sys/dev/ata/atareg.h@1.43 / diff / nxr@1.43
src/sys/dev/usb/umass_isdata.c@1.29 / diff / nxr@1.29
-recognize CF cards by the magic value in inquiry data
-kill CFG_ATAPI_MASK, didn't see anything in the specs supporting
that it exists
-kill CFG_ATAPI_MASK, didn't see anything in the specs supporting
that it exists
MAIN commitmail json YAML
src/sys/arch/amd64/amd64/fpu.c@1.41
/
diff
/
nxr@1.41
src/sys/arch/amd64/amd64/genassym.cf@1.53 / diff / nxr@1.53
src/sys/arch/amd64/amd64/locore.S@1.74 / diff / nxr@1.74
src/sys/arch/amd64/amd64/machdep.c@1.197 / diff / nxr@1.197
src/sys/arch/amd64/amd64/netbsd32_machdep.c@1.82 / diff / nxr@1.82
src/sys/arch/amd64/amd64/process_machdep.c@1.22 / diff / nxr@1.22
src/sys/arch/amd64/include/fpu.h@1.8 / diff / nxr@1.8
src/sys/arch/amd64/include/pcb.h@1.19 / diff / nxr@1.19
src/sys/arch/amd64/include/proc.h@1.16 / diff / nxr@1.16
src/sys/arch/amd64/include/types.h@1.42 / diff / nxr@1.42
src/sys/arch/i386/i386/compat_16_machdep.c@1.23 / diff / nxr@1.23
src/sys/arch/i386/i386/genassym.cf@1.95 / diff / nxr@1.95
src/sys/arch/i386/i386/locore.S@1.107 / diff / nxr@1.107
src/sys/arch/i386/i386/machdep.c@1.735 / diff / nxr@1.735
src/sys/arch/i386/i386/process_machdep.c@1.73 / diff / nxr@1.73
src/sys/arch/i386/include/pcb.h@1.49 / diff / nxr@1.49
src/sys/arch/i386/include/proc.h@1.39 / diff / nxr@1.39
src/sys/arch/i386/include/types.h@1.75 / diff / nxr@1.75
src/sys/arch/i386/isa/npx.c@1.144 / diff / nxr@1.144
src/sys/arch/x86/acpi/acpi_wakeup.c@1.33 / diff / nxr@1.33
:
(more 10 files)
src/sys/arch/amd64/amd64/genassym.cf@1.53 / diff / nxr@1.53
src/sys/arch/amd64/amd64/locore.S@1.74 / diff / nxr@1.74
src/sys/arch/amd64/amd64/machdep.c@1.197 / diff / nxr@1.197
src/sys/arch/amd64/amd64/netbsd32_machdep.c@1.82 / diff / nxr@1.82
src/sys/arch/amd64/amd64/process_machdep.c@1.22 / diff / nxr@1.22
src/sys/arch/amd64/include/fpu.h@1.8 / diff / nxr@1.8
src/sys/arch/amd64/include/pcb.h@1.19 / diff / nxr@1.19
src/sys/arch/amd64/include/proc.h@1.16 / diff / nxr@1.16
src/sys/arch/amd64/include/types.h@1.42 / diff / nxr@1.42
src/sys/arch/i386/i386/compat_16_machdep.c@1.23 / diff / nxr@1.23
src/sys/arch/i386/i386/genassym.cf@1.95 / diff / nxr@1.95
src/sys/arch/i386/i386/locore.S@1.107 / diff / nxr@1.107
src/sys/arch/i386/i386/machdep.c@1.735 / diff / nxr@1.735
src/sys/arch/i386/i386/process_machdep.c@1.73 / diff / nxr@1.73
src/sys/arch/i386/include/pcb.h@1.49 / diff / nxr@1.49
src/sys/arch/i386/include/proc.h@1.39 / diff / nxr@1.39
src/sys/arch/i386/include/types.h@1.75 / diff / nxr@1.75
src/sys/arch/i386/isa/npx.c@1.144 / diff / nxr@1.144
src/sys/arch/x86/acpi/acpi_wakeup.c@1.33 / diff / nxr@1.33
:
(more 10 files)
Use the MI "pcu" framework for bookkeeping of npx/fpu states on x86.
This reduces the amount of MD code enormously, and makes it easier
to implement support for newer CPU features which require more fpu
state, or for fpu usage by the kernel.
For access to FPU state across CPUs, an xcall kthread is used now
rather than a dedicated IPI.
No user visible changes intended.
This reduces the amount of MD code enormously, and makes it easier
to implement support for newer CPU features which require more fpu
state, or for fpu usage by the kernel.
For access to FPU state across CPUs, an xcall kthread is used now
rather than a dedicated IPI.
No user visible changes intended.
MAIN commitmail json YAML
tyop in comment, from Eivind Evensen via OpenBSD
MAIN commitmail json YAML
add a patch from upstream, fixing a regression which obstructed link
status detection on BSD virtual interfaces (observed with xennet)
status detection on BSD virtual interfaces (observed with xennet)
MAIN commitmail json YAML
src/sys/arch/alpha/include/alpha.h@1.32
/
diff
/
nxr@1.32
src/sys/arch/arm/vfp/vfp_init.c@1.24 / diff / nxr@1.24
src/sys/arch/mips/mips/mips_dsp.c@1.3 / diff / nxr@1.3
src/sys/arch/mips/mips/mips_fpu.c@1.11 / diff / nxr@1.11
src/sys/arch/powerpc/include/altivec.h@1.16 / diff / nxr@1.16
src/sys/arch/powerpc/include/fpu.h@1.20 / diff / nxr@1.20
src/sys/arch/powerpc/oea/altivec.c@1.27 / diff / nxr@1.27
src/sys/arch/powerpc/powerpc/fpu.c@1.33 / diff / nxr@1.33
src/sys/kern/kern_cpu.c@1.60 / diff / nxr@1.60
src/sys/kern/subr_pcu.c@1.15 / diff / nxr@1.15
src/sys/sys/pcu.h@1.11 / diff / nxr@1.11
src/sys/arch/arm/vfp/vfp_init.c@1.24 / diff / nxr@1.24
src/sys/arch/mips/mips/mips_dsp.c@1.3 / diff / nxr@1.3
src/sys/arch/mips/mips/mips_fpu.c@1.11 / diff / nxr@1.11
src/sys/arch/powerpc/include/altivec.h@1.16 / diff / nxr@1.16
src/sys/arch/powerpc/include/fpu.h@1.20 / diff / nxr@1.20
src/sys/arch/powerpc/oea/altivec.c@1.27 / diff / nxr@1.27
src/sys/arch/powerpc/powerpc/fpu.c@1.33 / diff / nxr@1.33
src/sys/kern/kern_cpu.c@1.60 / diff / nxr@1.60
src/sys/kern/subr_pcu.c@1.15 / diff / nxr@1.15
src/sys/sys/pcu.h@1.11 / diff / nxr@1.11
-extend the pcu(9) API by a function which saves all context on the
current CPU, and use it if a CPU is taken offline
-add a bool argument to pcu_discard which tells whether the internal
"LWP has used the coprocessor" flag should be set or reset. The flag
is reported by pcu_used_p(). If set, future accesses should use the
state stored in the PCB. If reset, it should be reset to default.
The former case is useful for setmcontext().
With that, it should not be necessary anymore to manage the "FPU used"
state by an additional MD variable.
approved by matt
current CPU, and use it if a CPU is taken offline
-add a bool argument to pcu_discard which tells whether the internal
"LWP has used the coprocessor" flag should be set or reset. The flag
is reported by pcu_used_p(). If set, future accesses should use the
state stored in the PCB. If reset, it should be reset to default.
The former case is useful for setmcontext().
With that, it should not be necessary anymore to manage the "FPU used"
state by an additional MD variable.
approved by matt
MAIN commitmail json YAML
pass HOST_SH to the build, to keep it from picking up a "bash"
from $PATH
from $PATH
MAIN commitmail json YAML
src/external/gpl3/binutils/dist/ld/configdoc.texi deleted
src/gnu/dist/gmake/doc/make.info deleted
src/gnu/dist/gmake/doc/make.info-1 deleted
src/gnu/dist/gmake/doc/make.info-10 deleted
src/gnu/dist/gmake/doc/make.info-11 deleted
src/gnu/dist/gmake/doc/make.info-2 deleted
src/gnu/dist/gmake/doc/make.info-3 deleted
src/gnu/dist/gmake/doc/make.info-4 deleted
src/gnu/dist/gmake/doc/make.info-5 deleted
src/gnu/dist/gmake/doc/make.info-6 deleted
src/gnu/dist/gmake/doc/make.info-7 deleted
src/gnu/dist/gmake/doc/make.info-8 deleted
src/gnu/dist/gmake/doc/make.info-9 deleted
src/gnu/dist/gmake/doc/make.info deleted
src/gnu/dist/gmake/doc/make.info-1 deleted
src/gnu/dist/gmake/doc/make.info-10 deleted
src/gnu/dist/gmake/doc/make.info-11 deleted
src/gnu/dist/gmake/doc/make.info-2 deleted
src/gnu/dist/gmake/doc/make.info-3 deleted
src/gnu/dist/gmake/doc/make.info-4 deleted
src/gnu/dist/gmake/doc/make.info-5 deleted
src/gnu/dist/gmake/doc/make.info-6 deleted
src/gnu/dist/gmake/doc/make.info-7 deleted
src/gnu/dist/gmake/doc/make.info-8 deleted
src/gnu/dist/gmake/doc/make.info-9 deleted
remove some files which will be regenerated during build, avoids
writes into $BSDSRCDIR
writes into $BSDSRCDIR
MAIN commitmail json YAML
src/external/bsd/file/lib/Makefile@1.4
/
diff
/
nxr@1.4
src/external/gpl3/binutils/lib/libbfd/Makefile@1.10 / diff / nxr@1.10
src/external/gpl3/binutils/usr.bin/ld/Makefile@1.18 / diff / nxr@1.18
src/external/gpl3/gcc/usr.bin/libcpp/Makefile@1.4 / diff / nxr@1.4
src/external/gpl3/gdb/lib/libbfd/Makefile@1.4 / diff / nxr@1.4
src/external/gpl3/binutils/lib/libbfd/Makefile@1.10 / diff / nxr@1.10
src/external/gpl3/binutils/usr.bin/ld/Makefile@1.18 / diff / nxr@1.18
src/external/gpl3/gcc/usr.bin/libcpp/Makefile@1.4 / diff / nxr@1.4
src/external/gpl3/gdb/lib/libbfd/Makefile@1.4 / diff / nxr@1.4
add to CLEANFILES at some places, for generated files
MAIN commitmail json YAML
add feature flag definitions for the last round of Intel instruction
set extensions (AVX512 et al.)
set extensions (AVX512 et al.)
MAIN commitmail json YAML
In unp_externalize, don't do anything if an SCM_RIGHTS control message
was sent with zero file descriptors in it. Otherwise, a zero-length
temporary storage would be allocated which triggers panic on DIAGNOSTIC
kernels (but is harmless for release kernels).
reviewed by Taylor R Campbell
was sent with zero file descriptors in it. Otherwise, a zero-length
temporary storage would be allocated which triggers panic on DIAGNOSTIC
kernels (but is harmless for release kernels).
reviewed by Taylor R Campbell
MAIN commitmail json YAML
src/external/lgpl3/gmp/lib/libgmp/Makefile@1.14
/
diff
/
nxr@1.14
src/external/lgpl3/gmp/lib/libgmp/arch/alpha/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/arm/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/armeb/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/earm/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/hppa/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/i386/Makefile.inc@1.6 / diff / nxr@1.6
src/external/lgpl3/gmp/lib/libgmp/arch/m68000/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/m68k/Makefile.inc@1.3 / diff / nxr@1.3
src/external/lgpl3/gmp/lib/libgmp/arch/mips64eb/Makefile.inc@1.3 / diff / nxr@1.3
src/external/lgpl3/gmp/lib/libgmp/arch/mips64el/Makefile.inc@1.3 / diff / nxr@1.3
src/external/lgpl3/gmp/lib/libgmp/arch/mipseb/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/mipsel/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/powerpc/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/powerpc64/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/sh3eb/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/sh3el/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/sparc/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/sparc64/Makefile.inc@1.3 / diff / nxr@1.3
src/external/lgpl3/gmp/lib/libgmp/arch/vax/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/x86_64/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/alpha/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/arm/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/armeb/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/earm/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/hppa/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/i386/Makefile.inc@1.6 / diff / nxr@1.6
src/external/lgpl3/gmp/lib/libgmp/arch/m68000/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/m68k/Makefile.inc@1.3 / diff / nxr@1.3
src/external/lgpl3/gmp/lib/libgmp/arch/mips64eb/Makefile.inc@1.3 / diff / nxr@1.3
src/external/lgpl3/gmp/lib/libgmp/arch/mips64el/Makefile.inc@1.3 / diff / nxr@1.3
src/external/lgpl3/gmp/lib/libgmp/arch/mipseb/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/mipsel/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/powerpc/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/powerpc64/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/sh3eb/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/sh3el/Makefile.inc@1.2 / diff / nxr@1.2
src/external/lgpl3/gmp/lib/libgmp/arch/sparc/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/sparc64/Makefile.inc@1.3 / diff / nxr@1.3
src/external/lgpl3/gmp/lib/libgmp/arch/vax/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/gmp/lib/libgmp/arch/x86_64/Makefile.inc@1.4 / diff / nxr@1.4
collect common rules in the shared Makefile, this propagates the .OBJDIR
fix done for i386 last year to all other ports
fix done for i386 last year to all other ports
MAIN commitmail json YAML
allow to enable ffs "discard" by update mounts, make the flag visible
to userland
to userland
MAIN commitmail json YAML
src/external/gpl3/binutils/dist/include/objalloc.h@1.2
/
diff
/
nxr@1.2
src/external/gpl3/binutils/dist/libiberty/objalloc.c@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/dist/include/objalloc.h@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/dist/libiberty/objalloc.c@1.2 / diff / nxr@1.2
src/external/gpl3/binutils/dist/libiberty/objalloc.c@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/dist/include/objalloc.h@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/dist/libiberty/objalloc.c@1.2 / diff / nxr@1.2
pull in upstream rev. 191413 to fix integer overflow in objalloc_alloc
(CVE-2012-3509)
(CVE-2012-3509)
MAIN commitmail json YAML
mention "discard" (ATA "TRIM") support
MAIN commitmail json YAML
src/include/mntopts.h@1.15
/
diff
/
nxr@1.15
src/sbin/atactl/atactl.c@1.67 / diff / nxr@1.67
src/sbin/mount/mount.8@1.78 / diff / nxr@1.78
src/sbin/mount_ffs/mount_ffs.c@1.28 / diff / nxr@1.28
src/sys/dev/ata/atareg.h@1.41 / diff / nxr@1.41
src/sys/dev/ata/wd.c@1.401 / diff / nxr@1.401
src/sys/sys/dkio.h@1.18 / diff / nxr@1.18
src/sys/sys/fstypes.h@1.31 / diff / nxr@1.31
src/sys/ufs/ffs/ffs_alloc.c@1.131 / diff / nxr@1.131
src/sys/ufs/ffs/ffs_extern.h@1.79 / diff / nxr@1.79
src/sys/ufs/ffs/ffs_vfsops.c@1.279 / diff / nxr@1.279
src/sys/ufs/ufs/ufsmount.h@1.39 / diff / nxr@1.39
src/sbin/atactl/atactl.c@1.67 / diff / nxr@1.67
src/sbin/mount/mount.8@1.78 / diff / nxr@1.78
src/sbin/mount_ffs/mount_ffs.c@1.28 / diff / nxr@1.28
src/sys/dev/ata/atareg.h@1.41 / diff / nxr@1.41
src/sys/dev/ata/wd.c@1.401 / diff / nxr@1.401
src/sys/sys/dkio.h@1.18 / diff / nxr@1.18
src/sys/sys/fstypes.h@1.31 / diff / nxr@1.31
src/sys/ufs/ffs/ffs_alloc.c@1.131 / diff / nxr@1.131
src/sys/ufs/ffs/ffs_extern.h@1.79 / diff / nxr@1.79
src/sys/ufs/ffs/ffs_vfsops.c@1.279 / diff / nxr@1.279
src/sys/ufs/ufs/ufsmount.h@1.39 / diff / nxr@1.39
Implement experimental support to pass notifications that a file
was deleted from the filesystem to the disk driver, commonly
known as "discard" or "trim".
fs/driver support is in ffs and ata wd for now.
This is what was posted here:
http://mail-index.netbsd.org/tech-kern/2012/02/28/msg012813.html
with minor cleanup, and the global switch replaced by a mount option.
was deleted from the filesystem to the disk driver, commonly
known as "discard" or "trim".
fs/driver support is in ffs and ata wd for now.
This is what was posted here:
http://mail-index.netbsd.org/tech-kern/2012/02/28/msg012813.html
with minor cleanup, and the global switch replaced by a mount option.
MAIN commitmail json YAML
avoid dummy structure definition, include a system header instead,
looks just cleaner
looks just cleaner
MAIN commitmail json YAML
src/sys/arch/x86/include/cpu_ucode.h@1.3
/
diff
/
nxr@1.3
src/sys/arch/x86/x86/cpu_ucode.c@1.3 / diff / nxr@1.3
src/sys/arch/x86/x86/cpu_ucode_amd.c@1.5 / diff / nxr@1.5
src/sys/arch/x86/x86/cpu_ucode_intel.c@1.2 / diff / nxr@1.2
src/sys/arch/xen/xen/xen_ucode.c@1.3 / diff / nxr@1.3
src/sys/kern/kern_cpu.c@1.59 / diff / nxr@1.59
src/sys/sys/cpu.h@1.37 / diff / nxr@1.37
src/sys/arch/x86/x86/cpu_ucode.c@1.3 / diff / nxr@1.3
src/sys/arch/x86/x86/cpu_ucode_amd.c@1.5 / diff / nxr@1.5
src/sys/arch/x86/x86/cpu_ucode_intel.c@1.2 / diff / nxr@1.2
src/sys/arch/xen/xen/xen_ucode.c@1.3 / diff / nxr@1.3
src/sys/kern/kern_cpu.c@1.59 / diff / nxr@1.59
src/sys/sys/cpu.h@1.37 / diff / nxr@1.37
put binary compatibility support for the old AMD-only CPU microcode
update API inside COMPAT_60
update API inside COMPAT_60
MAIN commitmail json YAML
defopt COMPAT_60, it is already being used
MAIN commitmail json YAML
recognize the P1GB and RDTSCP which were AMD-only on Intel HW too
MAIN commitmail json YAML
fix trivial typo in warning msg
MAIN commitmail json YAML
Align the stack to a 16-byte boundary on LWP creation.
This is more than required by the ABI, but it makes programs using SSE
in a thread work without extra compiler flags or performance hit.
This is more than required by the ABI, but it makes programs using SSE
in a thread work without extra compiler flags or performance hit.
MAIN commitmail json YAML
fix for archs w/o cpu ucode driver: add dummy definition
MAIN commitmail json YAML
src/common/lib/libc/string/consttime_bcmp.c@1.1
/
diff
/
nxr@1.1
src/common/lib/libc/string/explicit_bzero.c@1.1 / diff / nxr@1.1
src/include/string.h@1.41 / diff / nxr@1.41
src/lib/libc/string/Makefile.inc@1.76 / diff / nxr@1.76
src/lib/libcrypt/bcrypt.c@1.17 / diff / nxr@1.17
src/lib/libcrypt/crypt-sha1.c@1.5 / diff / nxr@1.5
src/lib/libcrypt/md5crypt.c@1.12 / diff / nxr@1.12
src/sys/dev/cgd_crypto.c@1.10 / diff / nxr@1.10
src/sys/lib/libkern/Makefile.libkern@1.18 / diff / nxr@1.18
src/sys/lib/libkern/libkern.h@1.106 / diff / nxr@1.106
src/sys/netipsec/key.c@1.78 / diff / nxr@1.78
src/sys/netipsec/xform_ah.c@1.38 / diff / nxr@1.38
src/sys/netipsec/xform_esp.c@1.41 / diff / nxr@1.41
src/sys/opencrypto/cryptosoft.c@1.40 / diff / nxr@1.40
src/common/lib/libc/string/explicit_bzero.c@1.1 / diff / nxr@1.1
src/include/string.h@1.41 / diff / nxr@1.41
src/lib/libc/string/Makefile.inc@1.76 / diff / nxr@1.76
src/lib/libcrypt/bcrypt.c@1.17 / diff / nxr@1.17
src/lib/libcrypt/crypt-sha1.c@1.5 / diff / nxr@1.5
src/lib/libcrypt/md5crypt.c@1.12 / diff / nxr@1.12
src/sys/dev/cgd_crypto.c@1.10 / diff / nxr@1.10
src/sys/lib/libkern/Makefile.libkern@1.18 / diff / nxr@1.18
src/sys/lib/libkern/libkern.h@1.106 / diff / nxr@1.106
src/sys/netipsec/key.c@1.78 / diff / nxr@1.78
src/sys/netipsec/xform_ah.c@1.38 / diff / nxr@1.38
src/sys/netipsec/xform_esp.c@1.41 / diff / nxr@1.41
src/sys/opencrypto/cryptosoft.c@1.40 / diff / nxr@1.40
Add "consttime_bcmp" and "explicit_bzero" functions for both kernel
abd userland, as proposed on tech-security, with explicit_bzero using
a volatile function pointer as suggested by Alan Barrett.
Both do what the name says. For userland, both are prefixed by "__"
to keep them out of the user namespace.
Change some memset/memcmp uses to the new functions where it makes
sense -- these are just some examples, more to come.
abd userland, as proposed on tech-security, with explicit_bzero using
a volatile function pointer as suggested by Alan Barrett.
Both do what the name says. For userland, both are prefixed by "__"
to keep them out of the user namespace.
Change some memset/memcmp uses to the new functions where it makes
sense -- these are just some examples, more to come.
MAIN commitmail json YAML
g/c unused struct member
MAIN commitmail json YAML
src/distrib/sets/lists/comp/md.amd64@1.176
/
diff
/
nxr@1.176
src/distrib/sets/lists/comp/md.i386@1.127 / diff / nxr@1.127
src/sys/arch/x86/conf/files.x86@1.79 / diff / nxr@1.79
src/sys/arch/x86/include/Makefile@1.17 / diff / nxr@1.17
src/sys/arch/x86/include/cpu_ucode.h@1.2 / diff / nxr@1.2
src/sys/arch/x86/x86/cpu_ucode.c@1.2 / diff / nxr@1.2
src/sys/arch/x86/x86/cpu_ucode_amd.c@1.4 / diff / nxr@1.4
src/sys/arch/x86/x86/cpu_ucode_intel.c@1.1 / diff / nxr@1.1
src/sys/arch/xen/conf/files.xen@1.128 / diff / nxr@1.128
src/sys/arch/xen/xen/xen_ucode.c@1.2 / diff / nxr@1.2
src/sys/compat/sys/cpuio.h@1.4 / diff / nxr@1.4
src/sys/kern/kern_cpu.c@1.57 / diff / nxr@1.57
src/sys/sys/cpu.h@1.36 / diff / nxr@1.36
src/sys/sys/cpuio.h@1.8 / diff / nxr@1.8
src/usr.sbin/cpuctl/arch/i386.c@1.32 / diff / nxr@1.32
src/usr.sbin/cpuctl/arch/noarch.c@1.3 / diff / nxr@1.3
src/usr.sbin/cpuctl/cpuctl.c@1.21 / diff / nxr@1.21
src/usr.sbin/cpuctl/cpuctl.h@1.4 / diff / nxr@1.4
src/distrib/sets/lists/comp/md.i386@1.127 / diff / nxr@1.127
src/sys/arch/x86/conf/files.x86@1.79 / diff / nxr@1.79
src/sys/arch/x86/include/Makefile@1.17 / diff / nxr@1.17
src/sys/arch/x86/include/cpu_ucode.h@1.2 / diff / nxr@1.2
src/sys/arch/x86/x86/cpu_ucode.c@1.2 / diff / nxr@1.2
src/sys/arch/x86/x86/cpu_ucode_amd.c@1.4 / diff / nxr@1.4
src/sys/arch/x86/x86/cpu_ucode_intel.c@1.1 / diff / nxr@1.1
src/sys/arch/xen/conf/files.xen@1.128 / diff / nxr@1.128
src/sys/arch/xen/xen/xen_ucode.c@1.2 / diff / nxr@1.2
src/sys/compat/sys/cpuio.h@1.4 / diff / nxr@1.4
src/sys/kern/kern_cpu.c@1.57 / diff / nxr@1.57
src/sys/sys/cpu.h@1.36 / diff / nxr@1.36
src/sys/sys/cpuio.h@1.8 / diff / nxr@1.8
src/usr.sbin/cpuctl/arch/i386.c@1.32 / diff / nxr@1.32
src/usr.sbin/cpuctl/arch/noarch.c@1.3 / diff / nxr@1.3
src/usr.sbin/cpuctl/cpuctl.c@1.21 / diff / nxr@1.21
src/usr.sbin/cpuctl/cpuctl.h@1.4 / diff / nxr@1.4
Extend the CPU microcode update framework to support Intel x86 CPUs.
Contrary to the AMD implementation, it doesn't use xcalls to distribute
the update to all CPUs but relies on cpuctl(8) to bind itself to the
right CPU -- to keep it simple and avoid possible problems with
hyperthreading.
Also, it doesn't parse the vendor supplied file to pick the right
part for the present CPU model but relies on userland to prepare
files with specific filenames. I'll commit a pkg for this in a minute
(pkgsrc/sysutils/intel-microcode).
The ioctl interface changed; compatibility is provided (should be
limited to COMPAT_NETBSD6 as soon as this is available).
Contrary to the AMD implementation, it doesn't use xcalls to distribute
the update to all CPUs but relies on cpuctl(8) to bind itself to the
right CPU -- to keep it simple and avoid possible problems with
hyperthreading.
Also, it doesn't parse the vendor supplied file to pick the right
part for the present CPU model but relies on userland to prepare
files with specific filenames. I'll commit a pkg for this in a minute
(pkgsrc/sysutils/intel-microcode).
The ioctl interface changed; compatibility is provided (should be
limited to COMPAT_NETBSD6 as soon as this is available).
MAIN commitmail json YAML
src/sys/dev/usb/umass.c@1.146
/
diff
/
nxr@1.146
src/sys/dev/usb/umass_quirks.c@1.94 / diff / nxr@1.94
src/sys/dev/usb/umassvar.h@1.34 / diff / nxr@1.34
src/sys/dev/usb/umass_quirks.c@1.94 / diff / nxr@1.94
src/sys/dev/usb/umassvar.h@1.34 / diff / nxr@1.34
Another contribution to PR kern/42225 which will hopefully
bring the story to an end:
Always ignore the residue from the CSW, just use the real
transfer length counted by the USB stack. This was first
proposed by Markus Kilbinger but unfortunately ignored
later. (Too many cooks...)
According to Matthias Kretschmer, Darwin and Haiku do
the same.
Remove the "UMASS_QUIRK_IGNORE_RESIDUE" quirk which was
just for the one "SuperTop" device mentioned in the PR.
This device was successfully tested by Matthias Kretschmer /
Ignatios Souvatzis.
I've tested the patch with various other devices and
didn't find regressions.
bring the story to an end:
Always ignore the residue from the CSW, just use the real
transfer length counted by the USB stack. This was first
proposed by Markus Kilbinger but unfortunately ignored
later. (Too many cooks...)
According to Matthias Kretschmer, Darwin and Haiku do
the same.
Remove the "UMASS_QUIRK_IGNORE_RESIDUE" quirk which was
just for the one "SuperTop" device mentioned in the PR.
This device was successfully tested by Matthias Kretschmer /
Ignatios Souvatzis.
I've tested the patch with various other devices and
didn't find regressions.
MAIN commitmail json YAML
src/sbin/brconfig/brconfig.c@1.14
/
diff
/
nxr@1.14
src/sys/net/if_bridgevar.h@1.15 / diff / nxr@1.15
src/sys/net/if_bridgevar.h@1.15 / diff / nxr@1.15
the address expire counter is just a time difference; it can turn
negative after the timer expired until the entry is deleted.
make it signed, so that we don't get output like
"00:1b:78:12:50:46 wm0 18446744073709551349 flags=0<>"
negative after the timer expired until the entry is deleted.
make it signed, so that we don't get output like
"00:1b:78:12:50:46 wm0 18446744073709551349 flags=0<>"
MAIN commitmail json YAML
fix some signatures
MAIN commitmail json YAML
For devices which don't claim SPC-3, don't request 32 bytes of sense
data but just 18. Some devices signal an error if the transfer length
is not exactly what the device expects, and it is hard to deal with
these errors afterwards.
This makes a number of USB memory sticks and SD card readers work
which were not usable before.
data but just 18. Some devices signal an error if the transfer length
is not exactly what the device expects, and it is hard to deal with
these errors afterwards.
This makes a number of USB memory sticks and SD card readers work
which were not usable before.
MAIN commitmail json YAML
return errno if pthread_create hits the system limit, not just -1
(this is not entirely correct because it can return ENOMEM which is
not mentioned in the spec, but there are other places in pthread_create
whete ENOMEM is returned -- it at all, this should be fixed everywhere)
(this is not entirely correct because it can return ENOMEM which is
not mentioned in the spec, but there are other places in pthread_create
whete ENOMEM is returned -- it at all, this should be fixed everywhere)
MAIN commitmail json YAML
mention switch to FAST_IPSEC in January
MAIN commitmail json YAML
src/distrib/sets/lists/comp/md.amd64@1.174
/
diff
/
nxr@1.174
src/distrib/sets/lists/comp/md.i386@1.126 / diff / nxr@1.126
src/sys/arch/amd64/include/Makefile@1.14 / diff / nxr@1.14
src/sys/arch/i386/include/Makefile@1.40 / diff / nxr@1.40
src/distrib/sets/lists/comp/md.i386@1.126 / diff / nxr@1.126
src/sys/arch/amd64/include/Makefile@1.14 / diff / nxr@1.14
src/sys/arch/i386/include/Makefile@1.40 / diff / nxr@1.40
on x86, <machine/cpufunc.h> only pulls in <x86/cpufunc.h>. The latter
is not installed to userland and noone missed it, so the former ones
can not be useful either. Don't install them.
is not installed to userland and noone missed it, so the former ones
can not be useful either. Don't install them.
MAIN commitmail json YAML
build fix for gcc -fno-common, from Radoslaw Kujawa
MAIN commitmail json YAML
src/sys/arch/i386/i386/machdep.c@1.730
/
diff
/
nxr@1.730
src/sys/fs/udf/udf.h@1.45 / diff / nxr@1.45
src/sys/fs/udf/udf.h@1.45 / diff / nxr@1.45
gcc -fno-common fallout
MAIN commitmail json YAML
lua is at 5.2.1 upstream
MAIN commitmail json YAML
mention new upstream OpenPAM release
MAIN commitmail json YAML
fix pci id for the Intel H61 LPC bridge to fit actual hardware (and
the chipset's documentation), and add some PCI-to-legacy bridges
found on recent boards
the chipset's documentation), and add some PCI-to-legacy bridges
found on recent boards
MAIN commitmail json YAML
stopgap fix for recursive locking on suspend/resume
(This can be simplified imo because interrupts should be disabled
at this point.)
(This can be simplified imo because interrupts should be disabled
at this point.)
MAIN commitmail json YAML
src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c@1.2
/
diff
/
nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c@1.4 / diff / nxr@1.4
src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c@1.4 / diff / nxr@1.4
pull in upstream rev.22547:
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1
and DTLS to fix DoS attack.
(CVE-2012-2333)
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1
and DTLS to fix DoS attack.
(CVE-2012-2333)
MAIN commitmail json YAML
minor mostly cosmetical fixes: use designated type for device major
numbers, typo in comment, misuse of minor()
(the latter one is not cosmetical, but would only affect systems
with more than 256 disk wedges)
numbers, typo in comment, misuse of minor()
(the latter one is not cosmetical, but would only affect systems
with more than 256 disk wedges)
MAIN commitmail json YAML
fix access permission check which got broken by some kauth rework
in March, affected mostly systems with NFS root fs
in March, affected mostly systems with NFS root fs
MAIN commitmail json YAML
fix for previous fix: correct error code (upstream rev.22474)
MAIN commitmail json YAML
print correct link speed for PCIexpress Gen2+
(the decoding code needs to be rewritten, sorry for only adding to
the mess)
(the decoding code needs to be rewritten, sorry for only adding to
the mess)
MAIN commitmail json YAML
everywhere else it is assumed that the filesystem block size fits into
a 32-bit "int" -- do the cast to quell a compiler warning in a more
sensible way
a 32-bit "int" -- do the cast to quell a compiler warning in a more
sensible way
MAIN commitmail json YAML
src/crypto/external/bsd/openssl/dist/crypto/asn1/a_d2i_fp.c@1.2
/
diff
/
nxr@1.2
src/crypto/external/bsd/openssl/dist/crypto/buffer/buffer.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/crypto/mem.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/crypto/buffer/buffer.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/crypto/mem.c@1.2 / diff / nxr@1.2
pull in upstream SVN rev. 22439:
check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean. (CVE-2012-2110)
check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean. (CVE-2012-2110)
MAIN commitmail json YAML
reorder initialization to improve error handling in case the system
runs out of file descriptors, avoids LOCKDEBUG panic due to double
mutex initialization
runs out of file descriptors, avoids LOCKDEBUG panic due to double
mutex initialization
MAIN commitmail json YAML
obsolete kame_ipsec(4)
MAIN commitmail json YAML
src/sbin/mount_kernfs/mount_kernfs.8@1.17
/
diff
/
nxr@1.17
src/share/man/man4/Makefile@1.582 / diff / nxr@1.582
src/share/man/man4/fast_ipsec.4@1.13 / diff / nxr@1.13
src/share/man/man4/ipsec.4@1.38 / diff / nxr@1.38
src/share/man/man4/kame_ipsec.4 deleted
src/share/man/man4/options.4@1.415 / diff / nxr@1.415
src/sys/conf/files@1.1046 / diff / nxr@1.1046
src/sys/dist/ipf/netinet/ip_fil_netbsd.c@1.62 / diff / nxr@1.62
src/sys/dist/pf/net/if_pfsync.c@1.9 / diff / nxr@1.9
src/sys/dist/pf/net/pf.c@1.69 / diff / nxr@1.69
src/sys/miscfs/kernfs/kernfs.h@1.37 / diff / nxr@1.37
src/sys/miscfs/kernfs/kernfs_subr.c@1.25 / diff / nxr@1.25
src/sys/miscfs/kernfs/kernfs_vnops.c@1.146 / diff / nxr@1.146
src/sys/netinet/in_pcb.c@1.141 / diff / nxr@1.141
src/sys/netinet/in_proto.c@1.103 / diff / nxr@1.103
src/sys/netinet/ip_icmp.c@1.129 / diff / nxr@1.129
src/sys/netinet/ip_input.c@1.299 / diff / nxr@1.299
src/sys/netinet/ip_mroute.c@1.123 / diff / nxr@1.123
src/sys/netinet/ip_output.c@1.214 / diff / nxr@1.214
src/sys/netinet/raw_ip.c@1.114 / diff / nxr@1.114
:
(more 52 files)
src/share/man/man4/Makefile@1.582 / diff / nxr@1.582
src/share/man/man4/fast_ipsec.4@1.13 / diff / nxr@1.13
src/share/man/man4/ipsec.4@1.38 / diff / nxr@1.38
src/share/man/man4/kame_ipsec.4 deleted
src/share/man/man4/options.4@1.415 / diff / nxr@1.415
src/sys/conf/files@1.1046 / diff / nxr@1.1046
src/sys/dist/ipf/netinet/ip_fil_netbsd.c@1.62 / diff / nxr@1.62
src/sys/dist/pf/net/if_pfsync.c@1.9 / diff / nxr@1.9
src/sys/dist/pf/net/pf.c@1.69 / diff / nxr@1.69
src/sys/miscfs/kernfs/kernfs.h@1.37 / diff / nxr@1.37
src/sys/miscfs/kernfs/kernfs_subr.c@1.25 / diff / nxr@1.25
src/sys/miscfs/kernfs/kernfs_vnops.c@1.146 / diff / nxr@1.146
src/sys/netinet/in_pcb.c@1.141 / diff / nxr@1.141
src/sys/netinet/in_proto.c@1.103 / diff / nxr@1.103
src/sys/netinet/ip_icmp.c@1.129 / diff / nxr@1.129
src/sys/netinet/ip_input.c@1.299 / diff / nxr@1.299
src/sys/netinet/ip_mroute.c@1.123 / diff / nxr@1.123
src/sys/netinet/ip_output.c@1.214 / diff / nxr@1.214
src/sys/netinet/raw_ip.c@1.114 / diff / nxr@1.114
:
(more 52 files)
remove KAME IPSEC, replaced by FAST_IPSEC
MAIN commitmail json YAML
don't reuse a dynamically allocated stack if a fixed one is requested
MAIN commitmail json YAML
fix a path
MAIN commitmail json YAML
-fix initial stacksize rounding
-minor indentation fix
-minor indentation fix
MAIN commitmail json YAML
apply upstream rev.22146: Tolerate bad MIME headers in parser.
avoids possible NULL dereference (CVE-2006-7248)
avoids possible NULL dereference (CVE-2006-7248)
MAIN commitmail json YAML
add "Location" tags which tell where the source lives in the NetBSD
tree, and fix some paths in "Notes" sections
tree, and fix some paths in "Notes" sections
MAIN commitmail json YAML
remove stale entries: libcdk was removed 5 years ago, termcap.src between
netbsd-5 and netbsd-6
netbsd-5 and netbsd-6
MAIN commitmail json YAML
mention esp-udp
MAIN commitmail json YAML
src/sys/dev/cardbus/if_ral_cardbus.c@1.23
/
diff
/
nxr@1.23
src/sys/dev/ic/rt2560.c@1.25 / diff / nxr@1.25
src/sys/dev/ic/rt2560var.h@1.9 / diff / nxr@1.9
src/sys/dev/ic/rt2661.c@1.29 / diff / nxr@1.29
src/sys/dev/ic/rt2661var.h@1.11 / diff / nxr@1.11
src/sys/dev/pci/if_ral_pci.c@1.20 / diff / nxr@1.20
src/sys/dev/ic/rt2560.c@1.25 / diff / nxr@1.25
src/sys/dev/ic/rt2560var.h@1.9 / diff / nxr@1.9
src/sys/dev/ic/rt2661.c@1.29 / diff / nxr@1.29
src/sys/dev/ic/rt2661var.h@1.11 / diff / nxr@1.11
src/sys/dev/pci/if_ral_pci.c@1.20 / diff / nxr@1.20
split device_t/softc
MAIN commitmail json YAML
fix for IPSEC tunnel + NAT-T + esp_frag:
Output packets larger than "esp_frag" are fragmented first
and then reinjected into ip_output for encapsulation
and transfer. The problem was that each packet got a new
ip_id value assigned, so that fragments couldn't be matched
by the receiver. Offset information was overwritten too.
approved by releng
Output packets larger than "esp_frag" are fragmented first
and then reinjected into ip_output for encapsulation
and transfer. The problem was that each packet got a new
ip_id value assigned, so that fragments couldn't be matched
by the receiver. Offset information was overwritten too.
approved by releng
MAIN commitmail json YAML
fix incomplete device_t/softc split which led to crash on attachment,
closes PR kern/45874 by Hauke Fath
approved by releng
closes PR kern/45874 by Hauke Fath
approved by releng
MAIN commitmail json YAML
align allocations >=pagesize at a page boundary, to preserve traditional
malloc(9) semantics
fixes dri mappings shared per mmap (at least on i945)
approved by releng
malloc(9) semantics
fixes dri mappings shared per mmap (at least on i945)
approved by releng
MAIN commitmail json YAML
fill in timestamps in outgoing data buffers
MAIN commitmail json YAML
delete virtual screens on detach - this allows to hot-unplug
a udl@usb monitor without crash
a udl@usb monitor without crash
MAIN commitmail json YAML
tell the compiler that the i387 runs in double-rounding mode, so it
doesn't need to issue memory store-read sequences to kill excess
precision. makes code smaller and faster, depending on optimization
flags
(as tests on Linux have shown, the compiler doesn't even succeed in
avoiding excess precision)
doesn't need to issue memory store-read sequences to kill excess
precision. makes code smaller and faster, depending on optimization
flags
(as tests on Linux have shown, the compiler doesn't even succeed in
avoiding excess precision)
MAIN commitmail json YAML
src/sys/arch/x86/pci/pchb.c@1.33
/
diff
/
nxr@1.33
src/sys/arch/x86/pci/pcib.c@1.14 / diff / nxr@1.14
src/sys/dev/pci/ahcisata_pci.c@1.27 / diff / nxr@1.27
src/sys/dev/pci/amdpm.c@1.35 / diff / nxr@1.35
src/sys/dev/pci/auixp.c@1.38 / diff / nxr@1.38
src/sys/dev/pci/autri.c@1.49 / diff / nxr@1.49
src/sys/dev/pci/btvmei.c@1.28 / diff / nxr@1.28
src/sys/dev/pci/chipsfb.c@1.31 / diff / nxr@1.31
src/sys/dev/pci/cmpci.c@1.45 / diff / nxr@1.45
src/sys/dev/pci/coram.c@1.10 / diff / nxr@1.10
src/sys/dev/pci/cs4280.c@1.64 / diff / nxr@1.64
src/sys/dev/pci/cs4281.c@1.47 / diff / nxr@1.47
src/sys/dev/pci/cxdtv.c@1.11 / diff / nxr@1.11
src/sys/dev/pci/ehci_pci.c@1.54 / diff / nxr@1.54
src/sys/dev/pci/emuxki.c@1.62 / diff / nxr@1.62
src/sys/dev/pci/esa.c@1.58 / diff / nxr@1.58
src/sys/dev/pci/esm.c@1.56 / diff / nxr@1.56
src/sys/dev/pci/fwohci_pci.c@1.40 / diff / nxr@1.40
src/sys/dev/pci/genfb_pci.c@1.33 / diff / nxr@1.33
src/sys/dev/pci/gtp.c@1.18 / diff / nxr@1.18
:
(more 53 files)
src/sys/arch/x86/pci/pcib.c@1.14 / diff / nxr@1.14
src/sys/dev/pci/ahcisata_pci.c@1.27 / diff / nxr@1.27
src/sys/dev/pci/amdpm.c@1.35 / diff / nxr@1.35
src/sys/dev/pci/auixp.c@1.38 / diff / nxr@1.38
src/sys/dev/pci/autri.c@1.49 / diff / nxr@1.49
src/sys/dev/pci/btvmei.c@1.28 / diff / nxr@1.28
src/sys/dev/pci/chipsfb.c@1.31 / diff / nxr@1.31
src/sys/dev/pci/cmpci.c@1.45 / diff / nxr@1.45
src/sys/dev/pci/coram.c@1.10 / diff / nxr@1.10
src/sys/dev/pci/cs4280.c@1.64 / diff / nxr@1.64
src/sys/dev/pci/cs4281.c@1.47 / diff / nxr@1.47
src/sys/dev/pci/cxdtv.c@1.11 / diff / nxr@1.11
src/sys/dev/pci/ehci_pci.c@1.54 / diff / nxr@1.54
src/sys/dev/pci/emuxki.c@1.62 / diff / nxr@1.62
src/sys/dev/pci/esa.c@1.58 / diff / nxr@1.58
src/sys/dev/pci/esm.c@1.56 / diff / nxr@1.56
src/sys/dev/pci/fwohci_pci.c@1.40 / diff / nxr@1.40
src/sys/dev/pci/genfb_pci.c@1.33 / diff / nxr@1.33
src/sys/dev/pci/gtp.c@1.18 / diff / nxr@1.18
:
(more 53 files)
Use pci_aprint_devinfo(9) instead of pci_devinfo+aprint_{normal,naive}
where it looks straightforward, and pci_aprint_devinfo_fancy in a few
others where drivers want to supply their own device names instead
of the pcidevs generated one. More complicated cases, where names
are composed at runtime, are left alone for now. It certainly makes
sense to simplify the drivers here rather than inventing a catch-all API.
This should serve as as example for new drivers, and also ensure
consistent output in the AB_QUIET ("boot -q") case. Also, it avoids
excessive stack usage where drivers attach child devices because the
buffer for the device name is not kept on the local stack anymore.
where it looks straightforward, and pci_aprint_devinfo_fancy in a few
others where drivers want to supply their own device names instead
of the pcidevs generated one. More complicated cases, where names
are composed at runtime, are left alone for now. It certainly makes
sense to simplify the drivers here rather than inventing a catch-all API.
This should serve as as example for new drivers, and also ensure
consistent output in the AB_QUIET ("boot -q") case. Also, it avoids
excessive stack usage where drivers attach child devices because the
buffer for the device name is not kept on the local stack anymore.
MAIN commitmail json YAML
document pci_aprint_devinfo(9) (not the _fancy variant yet because
it is still experimental)
it is still experimental)
MAIN commitmail json YAML
remove incomplete conversion to kmem_alloc -- inconsistent use
leads at least to diagnostic panics
leads at least to diagnostic panics
MAIN commitmail json YAML
don't mess with the PDP pool cache before it is initialized,
prevents at least LOCKDEBUG panics
prevents at least LOCKDEBUG panics
MAIN commitmail json YAML
src/sys/dev/pci/pci_subr.c@1.90
/
diff
/
nxr@1.90
src/sys/dev/pci/pcivar.h@1.98 / diff / nxr@1.98
src/sys/dev/pci/ppb.c@1.49 / diff / nxr@1.49
src/sys/dev/pci/pcivar.h@1.98 / diff / nxr@1.98
src/sys/dev/pci/ppb.c@1.49 / diff / nxr@1.49
extend the pci_aprint_devinfo slightly to cover the cases commonly
used by drivers: a short name for the quiet/naive case and a string
to override the "pcidevs" based name by one provided by the driver,
ride on yesterday's kernel minor version bump
used by drivers: a short name for the quiet/naive case and a string
to override the "pcidevs" based name by one provided by the driver,
ride on yesterday's kernel minor version bump
MAIN commitmail json YAML
src/sys/dev/pci/pci_subr.c@1.89
/
diff
/
nxr@1.89
src/sys/dev/pci/pcivar.h@1.97 / diff / nxr@1.97
src/sys/dev/pci/ppb.c@1.48 / diff / nxr@1.48
src/sys/dev/pci/pcivar.h@1.97 / diff / nxr@1.97
src/sys/dev/pci/ppb.c@1.48 / diff / nxr@1.48
put printing of the pci_devinfo into its own function (not inlined
by purpose) - this is a stack hog, and with this change my uTCA amd64
system boots again
a lot of similar code can be eliminated from pci device drivers this way,
but before doing so (and making the new function part of the module API)
I'd like to consider a modification to make it work with drivers which
prefer to print names from other sources (like pciide)
by purpose) - this is a stack hog, and with this change my uTCA amd64
system boots again
a lot of similar code can be eliminated from pci device drivers this way,
but before doing so (and making the new function part of the module API)
I'd like to consider a modification to make it work with drivers which
prefer to print names from other sources (like pciide)
MAIN commitmail json YAML
also mention the aes-gcm ESP variants
MAIN commitmail json YAML
remove some DPRINTFs which are not just diagnostics but cause noise
even on regular operation
even on regular operation
MAIN commitmail json YAML
After IPSEC input processing, pass a decoded/authenticated IPv4 packet
to upper layers through the IP protosw, as done for IPv6.
Before it was reinjected into the IP netisr queue which caused more
overhead and caused artefacts like double IP option processing.
Works well for me, should get more testing and review.
to upper layers through the IP protosw, as done for IPv6.
Before it was reinjected into the IP netisr queue which caused more
overhead and caused artefacts like double IP option processing.
Works well for me, should get more testing and review.
MAIN commitmail json YAML
src/sys/netipsec/xform_ah.c@1.36
/
diff
/
nxr@1.36
src/sys/netipsec/xform_esp.c@1.40 / diff / nxr@1.40
src/sys/netipsec/xform_ipcomp.c@1.29 / diff / nxr@1.29
src/sys/netipsec/xform_esp.c@1.40 / diff / nxr@1.40
src/sys/netipsec/xform_ipcomp.c@1.29 / diff / nxr@1.29
Make sure the mbufs in the input path (only the parts which we are going
to modify in the AH case) are writable/non-shared.
This addresses PR kern/33162 by Jeff Rizzo, and replaces the insufficient
patch from that time by a radical solution.
(The PR's problem had been worked around by rev.1.3 of xennetback_xenbus.c,
so it needs a network driver modification to reproduce it.)
Being here, clarify a bit of ipcomp -- uncompression is done in-place,
the header must be removed explicitly.
to modify in the AH case) are writable/non-shared.
This addresses PR kern/33162 by Jeff Rizzo, and replaces the insufficient
patch from that time by a radical solution.
(The PR's problem had been worked around by rev.1.3 of xennetback_xenbus.c,
so it needs a network driver modification to reproduce it.)
Being here, clarify a bit of ipcomp -- uncompression is done in-place,
the header must be removed explicitly.
MAIN commitmail json YAML
fix pointer/offset mistakes in handling of IPv4 options
MAIN commitmail json YAML
let one bit more through to SSE, to make FP_X_IMP work
MAIN commitmail json YAML
also remove unnecessary "needs-flag" for firmload, from Paul Goyette
MAIN commitmail json YAML
revert previous, the assumption "all buses 1 and up must be subordinate
to pci0" doesn't even hold on i386 -- there are server-class chipsets
with multiple primary PCI buses, see arch/x86/pci/pchb.c for examples
to pci0" doesn't even hold on i386 -- there are server-class chipsets
with multiple primary PCI buses, see arch/x86/pci/pchb.c for examples
MAIN commitmail json YAML
get the logics straight: CPU_UCODE requires "firmload" as a dependency
MAIN commitmail json YAML
pull in rev.22050 from upstream CVS, following secadv_20120118.txt:
Fix for DTLS DoS issue introduced by fix for CVE-2011-4108 (CVE-2012-0050)
Fix for DTLS DoS issue introduced by fix for CVE-2011-4108 (CVE-2012-0050)
MAIN commitmail json YAML
src/share/man/man4/ipsec.4@1.35
/
diff
/
nxr@1.35
src/share/man/man4/kame_ipsec.4@1.2 / diff / nxr@1.2
src/share/man/man4/kame_ipsec.4@1.2 / diff / nxr@1.2
move kame_ipsec.4 almost completely into ipsec.4 because it is valid
for fast_ipsec as well
for fast_ipsec as well
MAIN commitmail json YAML
src/sys/netinet/tcp_input.c@1.321
/
diff
/
nxr@1.321
src/sys/netipsec/xform_tcp.c@1.8 / diff / nxr@1.8
src/sys/netipsec/xform_tcp.c@1.8 / diff / nxr@1.8
fix build in the (FAST_)IPSEC & TCP_SIGNATURE case
MAIN commitmail json YAML
protect "union sockaddr_union" from being defined twice by a CPP symbol
(copied from FreeBSD), allows coexistence of (FAST_)IPSEC and pf
(copied from FreeBSD), allows coexistence of (FAST_)IPSEC and pf
MAIN commitmail json YAML
remove conditionals which can't succeed, and also shouldn't because
one would get a kernel NULL dereference immediately
one would get a kernel NULL dereference immediately
MAIN commitmail json YAML
src/sys/netinet6/ip6_input.c@1.136
/
diff
/
nxr@1.136
src/sys/netinet6/ip6_output.c@1.143 / diff / nxr@1.143
src/sys/netinet6/ip6_var.h@1.57 / diff / nxr@1.57
src/sys/netipsec/ipsec_output.c@1.38 / diff / nxr@1.38
src/sys/netipsec/xform_ah.c@1.34 / diff / nxr@1.34
src/sys/netinet6/ip6_output.c@1.143 / diff / nxr@1.143
src/sys/netinet6/ip6_var.h@1.57 / diff / nxr@1.57
src/sys/netipsec/ipsec_output.c@1.38 / diff / nxr@1.38
src/sys/netipsec/xform_ah.c@1.34 / diff / nxr@1.34
add patch from Arnaud Degroote to handle IPv6 extended options with
(FAST_)IPSEC, tested lightly with a DSTOPTS header consisting
of PAD1
(FAST_)IPSEC, tested lightly with a DSTOPTS header consisting
of PAD1
MAIN commitmail json YAML
src/share/man/man4/fast_ipsec.4@1.11
/
diff
/
nxr@1.11
src/share/man/man4/ipsec.4@1.33 / diff / nxr@1.33
src/share/man/man4/ipsec.4@1.33 / diff / nxr@1.33
fix confusing references, from wiz
MAIN commitmail json YAML
allow the ESP fragment length in the NAT-T case to be reported back
through the pfkey interface, kernel part of PR kern/44952
by Wolfgang Stukenbrock
through the pfkey interface, kernel part of PR kern/44952
by Wolfgang Stukenbrock
MAIN commitmail json YAML
src/crypto/dist/ipsec-tools/src/libipsec/key_debug.c@1.10
/
diff
/
nxr@1.10
src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c@1.23 / diff / nxr@1.23
src/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c@1.20 / diff / nxr@1.20
src/crypto/dist/ipsec-tools/src/setkey/parse.y@1.15 / diff / nxr@1.15
src/crypto/dist/ipsec-tools/src/setkey/setkey.8@1.29 / diff / nxr@1.29
src/crypto/dist/ipsec-tools/src/setkey/token.l@1.17 / diff / nxr@1.17
src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c@1.23 / diff / nxr@1.23
src/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c@1.20 / diff / nxr@1.20
src/crypto/dist/ipsec-tools/src/setkey/parse.y@1.15 / diff / nxr@1.15
src/crypto/dist/ipsec-tools/src/setkey/setkey.8@1.29 / diff / nxr@1.29
src/crypto/dist/ipsec-tools/src/setkey/token.l@1.17 / diff / nxr@1.17
allow setkey(8) set and display the ESP fragment size in the NAT-T case,
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)
MAIN commitmail json YAML
src/distrib/sets/lists/man/mi@1.1364
/
diff
/
nxr@1.1364
src/share/man/man4/Makefile@1.577 / diff / nxr@1.577
src/share/man/man4/fast_ipsec.4@1.10 / diff / nxr@1.10
src/share/man/man4/ipsec.4@1.32 / diff / nxr@1.32
src/share/man/man4/kame_ipsec.4@1.1 / diff / nxr@1.1
src/share/man/man4/options.4@1.410 / diff / nxr@1.410
src/sys/netinet6/files.ipsec@1.8 / diff / nxr@1.8
src/sys/netipsec/files.netipsec@1.9 / diff / nxr@1.9
src/share/man/man4/Makefile@1.577 / diff / nxr@1.577
src/share/man/man4/fast_ipsec.4@1.10 / diff / nxr@1.10
src/share/man/man4/ipsec.4@1.32 / diff / nxr@1.32
src/share/man/man4/kame_ipsec.4@1.1 / diff / nxr@1.1
src/share/man/man4/options.4@1.410 / diff / nxr@1.410
src/sys/netinet6/files.ipsec@1.8 / diff / nxr@1.8
src/sys/netipsec/files.netipsec@1.9 / diff / nxr@1.9
Make FAST_IPSEC the default IPSEC implementation which is built
into the kernel if the "IPSEC" kernel option is given.
The old implementation is still available as KAME_IPSEC.
Do some minimal manpage adjustment -- kame_ipsec(4) is a copy
of the old ipsec(4) and the latter is now a copy of fast_ipsec(4).
into the kernel if the "IPSEC" kernel option is given.
The old implementation is still available as KAME_IPSEC.
Do some minimal manpage adjustment -- kame_ipsec(4) is a copy
of the old ipsec(4) and the latter is now a copy of fast_ipsec(4).
MAIN commitmail json YAML
src/usr.bin/netstat/Makefile@1.37
/
diff
/
nxr@1.37
src/usr.bin/netstat/ipsec.c@1.16 / diff / nxr@1.16
src/usr.bin/netstat/pfkey.c@1.1 / diff / nxr@1.1
src/usr.bin/netstat/ipsec.c@1.16 / diff / nxr@1.16
src/usr.bin/netstat/pfkey.c@1.1 / diff / nxr@1.1
split the ipsec.c source file into the pfkey part which is shared
with FAST_IPSEC and KAME specific IPSEC statistics
with FAST_IPSEC and KAME specific IPSEC statistics
MAIN commitmail json YAML
src/distrib/sets/lists/comp/mi@1.1723
/
diff
/
nxr@1.1723
src/sys/netinet6/Makefile@1.8 / diff / nxr@1.8
src/sys/netinet6/ipsec.h@1.53 / diff / nxr@1.53
src/sys/netipsec/Makefile@1.5 / diff / nxr@1.5
src/sys/netipsec/ipsec.h@1.31 / diff / nxr@1.31
src/sys/netkey/Makefile@1.5 / diff / nxr@1.5
src/sys/netkey/keysock.h@1.16 / diff / nxr@1.16
src/usr.bin/netstat/fast_ipsec.c@1.18 / diff / nxr@1.18
src/sys/netinet6/Makefile@1.8 / diff / nxr@1.8
src/sys/netinet6/ipsec.h@1.53 / diff / nxr@1.53
src/sys/netipsec/Makefile@1.5 / diff / nxr@1.5
src/sys/netipsec/ipsec.h@1.31 / diff / nxr@1.31
src/sys/netkey/Makefile@1.5 / diff / nxr@1.5
src/sys/netkey/keysock.h@1.16 / diff / nxr@1.16
src/usr.bin/netstat/fast_ipsec.c@1.18 / diff / nxr@1.18
more IPSEC header cleanup: don't install unneeded headers to userland,
and remove some differences berween KAME and FAST_IPSEC
and remove some differences berween KAME and FAST_IPSEC
MAIN commitmail json YAML
src/usr.bin/systat/Makefile@1.37
/
diff
/
nxr@1.37
src/usr.bin/systat/cmdtab.c@1.24 / diff / nxr@1.24
src/usr.bin/systat/extern.h@1.42 / diff / nxr@1.42
src/usr.bin/systat/ipsec.c deleted
src/usr.bin/systat/systat.1@1.41 / diff / nxr@1.41
src/usr.bin/systat/cmdtab.c@1.24 / diff / nxr@1.24
src/usr.bin/systat/extern.h@1.42 / diff / nxr@1.42
src/usr.bin/systat/ipsec.c deleted
src/usr.bin/systat/systat.1@1.41 / diff / nxr@1.41
kill ipsec support which hasn't been working for a long time
(neither for KAME nor for FAST_IPSEC)
(neither for KAME nor for FAST_IPSEC)
MAIN commitmail json YAML
pull in from FreeBSD rev.1.41: Narrow the use of user credentials.
(call pam_get_authtok() with caller's rights rather than user's)
(call pam_get_authtok() with caller's rights rather than user's)
MAIN commitmail json YAML
src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c@1.2
/
diff
/
nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/d1_srvr.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c@1.7 / diff / nxr@1.7
src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c@1.10 / diff / nxr@1.10
src/crypto/external/bsd/openssl/dist/ssl/d1_srvr.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c@1.7 / diff / nxr@1.7
src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c@1.10 / diff / nxr@1.10
also pull in patches for older security problems (secadv_20110906.txt):
-rev.21358 for CRL verification vulnerability in OpenSSL (CVE-2011-3207)
-rev.21336 for TLS ephemeral ECDH crashes in OpenSSL (CVE-2011-3210)
-rev.21358 for CRL verification vulnerability in OpenSSL (CVE-2011-3207)
-rev.21336 for TLS ephemeral ECDH crashes in OpenSSL (CVE-2011-3210)
MAIN commitmail json YAML
src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c@1.2
/
diff
/
nxr@1.2
src/crypto/external/bsd/openssl/dist/engines/ccgost/gost2001_keyx.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/engines/ccgost/gost94_keyx.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c@1.4 / diff / nxr@1.4
src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c@1.9 / diff / nxr@1.9
src/crypto/external/bsd/openssl/dist/ssl/ssl.h@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/ssl3.h@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/engines/ccgost/gost2001_keyx.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/engines/ccgost/gost94_keyx.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c@1.4 / diff / nxr@1.4
src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c@1.9 / diff / nxr@1.9
src/crypto/external/bsd/openssl/dist/ssl/ssl.h@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/ssl3.h@1.2 / diff / nxr@1.2
src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c@1.2 / diff / nxr@1.2
pull in some patches from upstream CVS, following secadv_20120104.txt:
-rev.21964 for DTLS Plaintext Recovery Attack (CVE-2011-4108)
-rev.21961 for Uninitialized SSL 3.0 Padding (CVE-2011-4576)
-rev.21456+21954 for Malformed RFC 3779 Data Can Cause Assertion Failures
(CVE-2011-4577)
(rev.21456 is not mentioned in the advisory, but there is code overlap)
-rev.21958 for SGC Restart DoS Attack (CVE-2011-4619)
-rev.21956 for Invalid GOST parameters DoS Attack (CVE-2012-0027)
-rev.21964 for DTLS Plaintext Recovery Attack (CVE-2011-4108)
-rev.21961 for Uninitialized SSL 3.0 Padding (CVE-2011-4576)
-rev.21456+21954 for Malformed RFC 3779 Data Can Cause Assertion Failures
(CVE-2011-4577)
(rev.21456 is not mentioned in the advisory, but there is code overlap)
-rev.21958 for SGC Restart DoS Attack (CVE-2011-4619)
-rev.21956 for Invalid GOST parameters DoS Attack (CVE-2012-0027)
MAIN commitmail json YAML
src/usr.bin/cdplay/cdplay.1@1.24
/
diff
/
nxr@1.24
src/usr.bin/cdplay/cdplay.c@1.46 / diff / nxr@1.46
src/usr.bin/cdplay/cdplay.c@1.46 / diff / nxr@1.46
-make digital mode work in non-interactive mode (init sighandler
earlier, sleep(3) until playing finished)
-also switch to digital mode if an audio device is given on the
cmd line, or the (new) "CDPLAY_DIGITAL" env var is set
(The latter can be used to make digital mode default per system.
As I see it, analog mode is not dead yet - two of three external
DVD drives I looked at have a speaker output.)
earlier, sleep(3) until playing finished)
-also switch to digital mode if an audio device is given on the
cmd line, or the (new) "CDPLAY_DIGITAL" env var is set
(The latter can be used to make digital mode default per system.
As I see it, analog mode is not dead yet - two of three external
DVD drives I looked at have a speaker output.)
MAIN commitmail json YAML
kill unnecessary srandom() call which crept in in rev. 1.33
MAIN commitmail json YAML
src/crypto/dist/ipsec-tools/src/libipsec/ipsec_set_policy.3@1.17
/
diff
/
nxr@1.17
src/crypto/dist/ipsec-tools/src/libipsec/ipsec_strerror.3@1.11 / diff / nxr@1.11
src/dist/dhcp/includes/dhcpd.h@1.10 / diff / nxr@1.10
src/distrib/sets/lists/comp/mi@1.1721 / diff / nxr@1.1721
src/lib/libipsec/config.h@1.7 / diff / nxr@1.7
src/sbin/ping/ping.c@1.102 / diff / nxr@1.102
src/sbin/ping6/ping6.c@1.80 / diff / nxr@1.80
src/sbin/sysctl/sysctl.c@1.139 / diff / nxr@1.139
src/sys/netipsec/Makefile@1.4 / diff / nxr@1.4
src/usr.bin/telnet/externs.h@1.35 / diff / nxr@1.35
src/usr.sbin/inetd/inetd.c@1.120 / diff / nxr@1.120
src/usr.sbin/inetd/ipsec.c@1.4 / diff / nxr@1.4
src/usr.sbin/mountd/mountd.c@1.124 / diff / nxr@1.124
src/usr.sbin/traceroute/traceroute.c@1.80 / diff / nxr@1.80
src/usr.sbin/traceroute6/traceroute6.c@1.42 / diff / nxr@1.42
src/crypto/dist/ipsec-tools/src/libipsec/ipsec_strerror.3@1.11 / diff / nxr@1.11
src/dist/dhcp/includes/dhcpd.h@1.10 / diff / nxr@1.10
src/distrib/sets/lists/comp/mi@1.1721 / diff / nxr@1.1721
src/lib/libipsec/config.h@1.7 / diff / nxr@1.7
src/sbin/ping/ping.c@1.102 / diff / nxr@1.102
src/sbin/ping6/ping6.c@1.80 / diff / nxr@1.80
src/sbin/sysctl/sysctl.c@1.139 / diff / nxr@1.139
src/sys/netipsec/Makefile@1.4 / diff / nxr@1.4
src/usr.bin/telnet/externs.h@1.35 / diff / nxr@1.35
src/usr.sbin/inetd/inetd.c@1.120 / diff / nxr@1.120
src/usr.sbin/inetd/ipsec.c@1.4 / diff / nxr@1.4
src/usr.sbin/mountd/mountd.c@1.124 / diff / nxr@1.124
src/usr.sbin/traceroute/traceroute.c@1.80 / diff / nxr@1.80
src/usr.sbin/traceroute6/traceroute6.c@1.42 / diff / nxr@1.42
include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
MAIN commitmail json YAML
src/crypto/dist/ipsec-tools/src/libipsec/ipsec_set_policy.3@1.16
/
diff
/
nxr@1.16
src/crypto/dist/ipsec-tools/src/libipsec/libpfkey.h@1.19 / diff / nxr@1.19
src/crypto/dist/ipsec-tools/src/libipsec/policy_token.l@1.8 / diff / nxr@1.8
src/lib/libipsec/Makefile@1.18 / diff / nxr@1.18
src/lib/libipsec/config.h@1.6 / diff / nxr@1.6
src/sbin/ping6/ping6.c@1.79 / diff / nxr@1.79
src/sbin/setkey/Makefile@1.13 / diff / nxr@1.13
src/sys/netinet6/Makefile@1.7 / diff / nxr@1.7
src/sys/netinet6/ipsec.h@1.52 / diff / nxr@1.52
src/sys/netipsec/Makefile@1.3 / diff / nxr@1.3
src/sys/netipsec/ipsec.h@1.30 / diff / nxr@1.30
src/usr.sbin/racoon/Makefile@1.24 / diff / nxr@1.24
src/crypto/dist/ipsec-tools/src/libipsec/libpfkey.h@1.19 / diff / nxr@1.19
src/crypto/dist/ipsec-tools/src/libipsec/policy_token.l@1.8 / diff / nxr@1.8
src/lib/libipsec/Makefile@1.18 / diff / nxr@1.18
src/lib/libipsec/config.h@1.6 / diff / nxr@1.6
src/sbin/ping6/ping6.c@1.79 / diff / nxr@1.79
src/sbin/setkey/Makefile@1.13 / diff / nxr@1.13
src/sys/netinet6/Makefile@1.7 / diff / nxr@1.7
src/sys/netinet6/ipsec.h@1.52 / diff / nxr@1.52
src/sys/netipsec/Makefile@1.3 / diff / nxr@1.3
src/sys/netipsec/ipsec.h@1.30 / diff / nxr@1.30
src/usr.sbin/racoon/Makefile@1.24 / diff / nxr@1.24
-consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC
MAIN commitmail json YAML
allow kernels w/o COMPAT_50 to build
MAIN commitmail json YAML
note new OpenPAM release
MAIN commitmail json YAML
src/sys/conf/files@1.1034
/
diff
/
nxr@1.1034
src/sys/dist/ipf/netinet/ip_fil_netbsd.c@1.57 / diff / nxr@1.57
src/sys/dist/pf/net/if_pfsync.c@1.8 / diff / nxr@1.8
src/sys/dist/pf/net/pf.c@1.68 / diff / nxr@1.68
src/sys/dist/ipf/netinet/ip_fil_netbsd.c@1.57 / diff / nxr@1.57
src/sys/dist/pf/net/if_pfsync.c@1.8 / diff / nxr@1.8
src/sys/dist/pf/net/pf.c@1.68 / diff / nxr@1.68
do missing ipsec->kame_ipsec renames
MAIN commitmail json YAML
src/sys/netinet/in_pcb.c@1.140
/
diff
/
nxr@1.140
src/sys/netinet/in_proto.c@1.102 / diff / nxr@1.102
src/sys/netinet/ip_icmp.c@1.126 / diff / nxr@1.126
src/sys/netinet/ip_input.c@1.297 / diff / nxr@1.297
src/sys/netinet/ip_mroute.c@1.122 / diff / nxr@1.122
src/sys/netinet/ip_output.c@1.211 / diff / nxr@1.211
src/sys/netinet/raw_ip.c@1.113 / diff / nxr@1.113
src/sys/netinet/tcp_input.c@1.319 / diff / nxr@1.319
src/sys/netinet/tcp_output.c@1.172 / diff / nxr@1.172
src/sys/netinet/tcp_subr.c@1.245 / diff / nxr@1.245
src/sys/netinet/tcp_usrreq.c@1.161 / diff / nxr@1.161
src/sys/netinet/udp_usrreq.c@1.184 / diff / nxr@1.184
src/sys/netinet6/files.ipsec@1.7 / diff / nxr@1.7
src/sys/netinet6/icmp6.c@1.158 / diff / nxr@1.158
src/sys/netinet6/in6_pcb.c@1.117 / diff / nxr@1.117
src/sys/netinet6/in6_proto.c@1.94 / diff / nxr@1.94
src/sys/netinet6/ip6_forward.c@1.69 / diff / nxr@1.69
src/sys/netinet6/ip6_input.c@1.134 / diff / nxr@1.134
src/sys/netinet6/ip6_output.c@1.141 / diff / nxr@1.141
src/sys/netinet6/ipsec.c@1.144 / diff / nxr@1.144
:
(more 4 files)
src/sys/netinet/in_proto.c@1.102 / diff / nxr@1.102
src/sys/netinet/ip_icmp.c@1.126 / diff / nxr@1.126
src/sys/netinet/ip_input.c@1.297 / diff / nxr@1.297
src/sys/netinet/ip_mroute.c@1.122 / diff / nxr@1.122
src/sys/netinet/ip_output.c@1.211 / diff / nxr@1.211
src/sys/netinet/raw_ip.c@1.113 / diff / nxr@1.113
src/sys/netinet/tcp_input.c@1.319 / diff / nxr@1.319
src/sys/netinet/tcp_output.c@1.172 / diff / nxr@1.172
src/sys/netinet/tcp_subr.c@1.245 / diff / nxr@1.245
src/sys/netinet/tcp_usrreq.c@1.161 / diff / nxr@1.161
src/sys/netinet/udp_usrreq.c@1.184 / diff / nxr@1.184
src/sys/netinet6/files.ipsec@1.7 / diff / nxr@1.7
src/sys/netinet6/icmp6.c@1.158 / diff / nxr@1.158
src/sys/netinet6/in6_pcb.c@1.117 / diff / nxr@1.117
src/sys/netinet6/in6_proto.c@1.94 / diff / nxr@1.94
src/sys/netinet6/ip6_forward.c@1.69 / diff / nxr@1.69
src/sys/netinet6/ip6_input.c@1.134 / diff / nxr@1.134
src/sys/netinet6/ip6_output.c@1.141 / diff / nxr@1.141
src/sys/netinet6/ipsec.c@1.144 / diff / nxr@1.144
:
(more 4 files)
rename the IPSEC in-kernel CPP variable and config(8) option to
KAME_IPSEC, and make IPSEC define it so that existing kernel
config files work as before
Now the default can be easily be changed to FAST_IPSEC just by
setting the IPSEC alias to FAST_IPSEC.
KAME_IPSEC, and make IPSEC define it so that existing kernel
config files work as before
Now the default can be easily be changed to FAST_IPSEC just by
setting the IPSEC alias to FAST_IPSEC.
MAIN commitmail json YAML
as in netkey/key.c, just use cprng_fast() to get a random number
(which is used to choose an SPI), kill the dummy seeding code
(which is used to choose an SPI), kill the dummy seeding code
MAIN commitmail json YAML
make this build with RND_DEBUG
MAIN commitmail json YAML
src/lib/libpam/modules/pam_ssh/pam_ssh.8@1.6
/
diff
/
nxr@1.6
src/lib/libpam/modules/pam_ssh/pam_ssh.c@1.20 / diff / nxr@1.20
src/lib/libpam/modules/pam_ssh/pam_ssh.c@1.20 / diff / nxr@1.20
support ECDSA keys used by recent ssh
MAIN commitmail json YAML
disallow empty passphrases per default, and implement the "nullok"
option to allow it if the administator wishes, from FreeBSD
option to allow it if the administator wishes, from FreeBSD
MAIN commitmail json YAML
-remove remainders of the misguided changes in revs 1.5-1.9
-iron out more unnecessary differences to FreeBSD
-iron out more unnecessary differences to FreeBSD
MAIN commitmail json YAML
sys/pcq.h isn't installed to userland, so only include it ifdef _KERNEL,
fixes glitch in kdump build
fixes glitch in kdump build
MAIN commitmail json YAML
remove the option to build this against openssl - this hasn't been used
in the NetBSD build
since the libc version of MD5Final zeroes out the context, replace
the bzero introduced in the previous commit by comments telling that
in the NetBSD build
since the libc version of MD5Final zeroes out the context, replace
the bzero introduced in the previous commit by comments telling that
MAIN commitmail json YAML
zero out hash context after use, to avoid traces in RAM
(hint from "Solar Designer")
(hint from "Solar Designer")
MAIN commitmail json YAML
fix minor typo
MAIN commitmail json YAML
make "rs" static -- this name is too unspecific for the global namespace
MAIN commitmail json YAML
add missing rnd_extract->cprng_fast conversion, fixes build of
FAST_IPSEC kernels
FAST_IPSEC kernels
MAIN commitmail json YAML
stopgap fix to avoid panic due to recursive locking if the keyboard beep
is activated through a tty (which it usually is)
IMO it was no good idea to abuse tty_lock here - it is already
problematic in the tty subsystem
is activated through a tty (which it usually is)
IMO it was no good idea to abuse tty_lock here - it is already
problematic in the tty subsystem
MAIN commitmail json YAML
Don't allow '/' characters in the "service" argument to pam_start()
The "service" is blindly appended to config directories ("/etc/pam.d/"),
and if a user can control the "service" it can get PAM to read config
files from any location.
This is not a problem with most software because the "service" is
usually a constant string. The check protects 3rd party software
from being abused.
(CVE-2011-4122)
The "service" is blindly appended to config directories ("/etc/pam.d/"),
and if a user can control the "service" it can get PAM to read config
files from any location.
This is not a problem with most software because the "service" is
usually a constant string. The check protects 3rd party software
from being abused.
(CVE-2011-4122)
MAIN commitmail json YAML
remove duplicated #defines (in a usually unused part of the code)
MAIN commitmail json YAML
for the *xattr() calls, return ENOTSUP rather than EOPNOTSUPP if
the filesystem doesn't support extended attributes -- this is how
it is documented in Linux manpages
(on Linux itself, ENOTSUP and EOPNOTSUPP are the same value)
approved by Emmanuel Dreyfus
the filesystem doesn't support extended attributes -- this is how
it is documented in Linux manpages
(on Linux itself, ENOTSUP and EOPNOTSUPP are the same value)
approved by Emmanuel Dreyfus
MAIN commitmail json YAML
src/sys/dev/cardbus/adv_cardbus.c@1.28
/
diff
/
nxr@1.28
src/sys/dev/cardbus/ahc_cardbus.c@1.35 / diff / nxr@1.35
src/sys/dev/cardbus/cardbus.c@1.108 / diff / nxr@1.108
src/sys/dev/cardbus/cardbusreg.h@1.7 / diff / nxr@1.7
src/sys/dev/cardbus/cardbusvar.h@1.55 / diff / nxr@1.55
src/sys/dev/cardbus/com_cardbus.c@1.30 / diff / nxr@1.30
src/sys/dev/cardbus/ehci_cardbus.c@1.31 / diff / nxr@1.31
src/sys/dev/cardbus/fwohci_cardbus.c@1.34 / diff / nxr@1.34
src/sys/dev/cardbus/if_ath_cardbus.c@1.44 / diff / nxr@1.44
src/sys/dev/cardbus/if_atw_cardbus.c@1.36 / diff / nxr@1.36
src/sys/dev/cardbus/if_ex_cardbus.c@1.55 / diff / nxr@1.55
src/sys/dev/cardbus/if_fxp_cardbus.c@1.48 / diff / nxr@1.48
src/sys/dev/cardbus/if_ral_cardbus.c@1.22 / diff / nxr@1.22
src/sys/dev/cardbus/if_re_cardbus.c@1.27 / diff / nxr@1.27
src/sys/dev/cardbus/if_rtk_cardbus.c@1.46 / diff / nxr@1.46
src/sys/dev/cardbus/if_rtw_cardbus.c@1.42 / diff / nxr@1.42
src/sys/dev/cardbus/if_tlp_cardbus.c@1.70 / diff / nxr@1.70
src/sys/dev/cardbus/njata_cardbus.c@1.15 / diff / nxr@1.15
src/sys/dev/cardbus/njs_cardbus.c@1.17 / diff / nxr@1.17
src/sys/dev/cardbus/ohci_cardbus.c@1.39 / diff / nxr@1.39
:
(more 5 files)
src/sys/dev/cardbus/ahc_cardbus.c@1.35 / diff / nxr@1.35
src/sys/dev/cardbus/cardbus.c@1.108 / diff / nxr@1.108
src/sys/dev/cardbus/cardbusreg.h@1.7 / diff / nxr@1.7
src/sys/dev/cardbus/cardbusvar.h@1.55 / diff / nxr@1.55
src/sys/dev/cardbus/com_cardbus.c@1.30 / diff / nxr@1.30
src/sys/dev/cardbus/ehci_cardbus.c@1.31 / diff / nxr@1.31
src/sys/dev/cardbus/fwohci_cardbus.c@1.34 / diff / nxr@1.34
src/sys/dev/cardbus/if_ath_cardbus.c@1.44 / diff / nxr@1.44
src/sys/dev/cardbus/if_atw_cardbus.c@1.36 / diff / nxr@1.36
src/sys/dev/cardbus/if_ex_cardbus.c@1.55 / diff / nxr@1.55
src/sys/dev/cardbus/if_fxp_cardbus.c@1.48 / diff / nxr@1.48
src/sys/dev/cardbus/if_ral_cardbus.c@1.22 / diff / nxr@1.22
src/sys/dev/cardbus/if_re_cardbus.c@1.27 / diff / nxr@1.27
src/sys/dev/cardbus/if_rtk_cardbus.c@1.46 / diff / nxr@1.46
src/sys/dev/cardbus/if_rtw_cardbus.c@1.42 / diff / nxr@1.42
src/sys/dev/cardbus/if_tlp_cardbus.c@1.70 / diff / nxr@1.70
src/sys/dev/cardbus/njata_cardbus.c@1.15 / diff / nxr@1.15
src/sys/dev/cardbus/njs_cardbus.c@1.17 / diff / nxr@1.17
src/sys/dev/cardbus/ohci_cardbus.c@1.39 / diff / nxr@1.39
:
(more 5 files)
remove some bloat:
-cardbus doesn't use multiple interrupt lines like PCI, and it doesn't
use machanisms like interrupt line register and swizzling -- no need
to carry around dummy information, this is all dealt with by the
bridge
(I'm asking myself how "rbus_ppb" can work -- a bridge attached to
cardbus just can't work like a normal PCI bridge as far as interrupts
are concerned. I thing that should be a hardware specific driver
because behavior is not covered by a standard.)
-cardbus always uses 3.3V -- no need for a variable to keep track
of the voltage
-cardbus doesn't use multiple interrupt lines like PCI, and it doesn't
use machanisms like interrupt line register and swizzling -- no need
to carry around dummy information, this is all dealt with by the
bridge
(I'm asking myself how "rbus_ppb" can work -- a bridge attached to
cardbus just can't work like a normal PCI bridge as far as interrupts
are concerned. I thing that should be a hardware specific driver
because behavior is not covered by a standard.)
-cardbus always uses 3.3V -- no need for a variable to keep track
of the voltage
MAIN commitmail json YAML
src/sys/arch/x86/include/pci_machdep_common.h@1.7
/
diff
/
nxr@1.7
src/sys/arch/x86/pci/pci_intr_machdep.c@1.20 / diff / nxr@1.20
src/sys/arch/x86/pci/pci_intr_machdep.c@1.20 / diff / nxr@1.20
add an experimental implementation of PCI MSIs (Message Signaled
Interrupts). Successfully tested with hdaudio and "wpi" wireless
ethernet.
notes:
-There seem to be buggy chips around which announce MSI support
but don't correctly implement it. Thus the final word whether MSIs
can be used should be by the driver.
-Only a single vector is supported. For multiple vectors, the IDT
allocation code would have to be changed. (And we would possibly
run into problems due to the limited number of vectors supported
by the current code.)
-The code is "#if NIOAPIC > 0" because it uses the ioapic_edge
interrupt stubs. These actually don't touch any ioapic, so this
is somewhat a misnomer.
-MSIs can't be identified by a "pin" but only by a cpu/vector
pair. Common intr code soesn't deal well with this yet.
-Drivers need to take care of saving/restoring MSI data in the device's
config space on suspend/resume.
Interrupts). Successfully tested with hdaudio and "wpi" wireless
ethernet.
notes:
-There seem to be buggy chips around which announce MSI support
but don't correctly implement it. Thus the final word whether MSIs
can be used should be by the driver.
-Only a single vector is supported. For multiple vectors, the IDT
allocation code would have to be changed. (And we would possibly
run into problems due to the limited number of vectors supported
by the current code.)
-The code is "#if NIOAPIC > 0" because it uses the ioapic_edge
interrupt stubs. These actually don't touch any ioapic, so this
is somewhat a misnomer.
-MSIs can't be identified by a "pin" but only by a cpu/vector
pair. Common intr code soesn't deal well with this yet.
-Drivers need to take care of saving/restoring MSI data in the device's
config space on suspend/resume.
MAIN commitmail json YAML
src/sys/arch/x86/include/intr.h@1.43
/
diff
/
nxr@1.43
src/sys/arch/x86/x86/intr.c@1.72 / diff / nxr@1.72
src/sys/arch/x86/x86/intr.c@1.72 / diff / nxr@1.72
if checking whether an interrupt is shared, don't compare pin numbers
if it is "-1" -- this is a hack to allow MSIs which don't have a concept
of pin numbers, and are generally not shared
(This doesn't give us sensible event names for statistics display. The
whole abstraction has more exceptions than regular cases, it should
be redesigned imho.)
if it is "-1" -- this is a hack to allow MSIs which don't have a concept
of pin numbers, and are generally not shared
(This doesn't give us sensible event names for statistics display. The
whole abstraction has more exceptions than regular cases, it should
be redesigned imho.)
MAIN commitmail json YAML
modify parsing of device names so that it can deal with names which
have numbers is it, eg "i915drm*"
have numbers is it, eg "i915drm*"
MAIN commitmail json YAML
src/external/gpl3/gcc/dist/gcc/config.gcc@1.10
/
diff
/
nxr@1.10
src/external/gpl3/gcc/dist/gcc/config/t-netbsd@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/dist/gcc/crtstuff.c@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/dist/gcc/unwind-dw2-fde-glibc.c@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/lib/crtstuff/arch/i386.mk@1.3 / diff / nxr@1.3
src/external/gpl3/gcc/lib/libgcc/arch/i386.mk@1.3 / diff / nxr@1.3
src/external/gpl3/gcc/usr.bin/gcc/arch/i386/configargs.h@1.4 / diff / nxr@1.4
src/external/gpl3/gcc/usr.bin/gcc/arch/i386/defs.mk@1.3 / diff / nxr@1.3
src/external/gpl3/gcc/dist/gcc/config/t-netbsd@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/dist/gcc/crtstuff.c@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/dist/gcc/unwind-dw2-fde-glibc.c@1.2 / diff / nxr@1.2
src/external/gpl3/gcc/lib/crtstuff/arch/i386.mk@1.3 / diff / nxr@1.3
src/external/gpl3/gcc/lib/libgcc/arch/i386.mk@1.3 / diff / nxr@1.3
src/external/gpl3/gcc/usr.bin/gcc/arch/i386/configargs.h@1.4 / diff / nxr@1.4
src/external/gpl3/gcc/usr.bin/gcc/arch/i386/defs.mk@1.3 / diff / nxr@1.3
let gcc-4.5 use dl_iterate_phdr (which has been present for a while)
for exception handling rather than register_frame_info -- this is
what other OSes are doing, and what is supposedly more efficient.
committed generated files for i386 only
for exception handling rather than register_frame_info -- this is
what other OSes are doing, and what is supposedly more efficient.
committed generated files for i386 only
MAIN commitmail json YAML
src/sys/kern/init_sysent.c@1.256
/
diff
/
nxr@1.256
src/sys/kern/syscalls.c@1.247 / diff / nxr@1.247
src/sys/rump/include/rump/rump_syscalls.h@1.51 / diff / nxr@1.51
src/sys/rump/librump/rumpkern/rump_syscalls.c@1.73 / diff / nxr@1.73
src/sys/sys/syscall.h@1.243 / diff / nxr@1.243
src/sys/sys/syscallargs.h@1.226 / diff / nxr@1.226
src/sys/kern/syscalls.c@1.247 / diff / nxr@1.247
src/sys/rump/include/rump/rump_syscalls.h@1.51 / diff / nxr@1.51
src/sys/rump/librump/rumpkern/rump_syscalls.c@1.73 / diff / nxr@1.73
src/sys/sys/syscall.h@1.243 / diff / nxr@1.243
src/sys/sys/syscallargs.h@1.226 / diff / nxr@1.226
regen after *setxattr constification
MAIN commitmail json YAML
make the data arguments of *setxattr(2) const, as in Linux
(is this an official NetBSD API or should it be COMPAT_LINUX only?)
(is this an official NetBSD API or should it be COMPAT_LINUX only?)
MAIN commitmail json YAML
back out previous - this should be unnecessary on NetBSD due to
the extra validation introduced in rev.1.42 (and pulled up to netbsd-5)
the extra validation introduced in rev.1.42 (and pulled up to netbsd-5)
MAIN commitmail json YAML
clear the packet filter's scratch memory before running the filter
program, otherwise kernel memory can be leaked, from Guy Harris
per PR kern/45142
program, otherwise kernel memory can be leaked, from Guy Harris
per PR kern/45142
MAIN commitmail json YAML
src/external/bsd/libarchive/dist/libarchive/archive.h@1.2
/
diff
/
nxr@1.2
src/external/bsd/libarchive/dist/libarchive/archive_read_support_format_iso9660.c@1.2 / diff / nxr@1.2
src/external/bsd/libarchive/dist/libarchive/archive_write_disk.c@1.2 / diff / nxr@1.2
src/external/bsd/libarchive/dist/libarchive/archive_write_set_format_ar.c@1.2 / diff / nxr@1.2
src/external/bsd/libarchive/dist/libarchive/archive_write_set_format_ustar.c@1.2 / diff / nxr@1.2
src/external/bsd/libarchive/dist/libarchive/archive_read_support_format_iso9660.c@1.2 / diff / nxr@1.2
src/external/bsd/libarchive/dist/libarchive/archive_write_disk.c@1.2 / diff / nxr@1.2
src/external/bsd/libarchive/dist/libarchive/archive_write_set_format_ar.c@1.2 / diff / nxr@1.2
src/external/bsd/libarchive/dist/libarchive/archive_write_set_format_ustar.c@1.2 / diff / nxr@1.2
minor printf format fixes
MAIN commitmail json YAML
src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c@1.6
/
diff
/
nxr@1.6
src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c@1.9 / diff / nxr@1.9
src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c@1.8 / diff / nxr@1.8
src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h@1.4 / diff / nxr@1.4
src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c@1.9 / diff / nxr@1.9
src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c@1.8 / diff / nxr@1.8
src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h@1.4 / diff / nxr@1.4
remove SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION -- openssl uses
another mechanism now, and these remainders break renogotiation with
(at least) tor and postgres
another mechanism now, and these remainders break renogotiation with
(at least) tor and postgres
MAIN commitmail json YAML
ignore error of "rmdir", to let "make clean" succeed in an already
clean directory
clean directory
MAIN commitmail json YAML
src/external/lgpl3/mpfr/dist/PATCHES@1.2
/
diff
/
nxr@1.2
src/external/lgpl3/mpfr/dist/VERSION@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/asin.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/atan.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/mpfr.h@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/rec_sqrt.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/tests/tasin.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/tests/tatan.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/tests/texp.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/version.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/VERSION@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/asin.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/atan.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/mpfr.h@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/rec_sqrt.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/tests/tasin.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/tests/tatan.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/tests/texp.c@1.2 / diff / nxr@1.2
src/external/lgpl3/mpfr/dist/version.c@1.2 / diff / nxr@1.2
update mpfr to PL4 (minor fixes)
MAIN commitmail json YAML
src/external/lgpl2/mpc/lib/libmpc/Makefile@1.3
/
diff
/
nxr@1.3
src/external/lgpl3/gmp/lib/libgmp/arch/i386/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/mpfr/lib/libmpfr/Makefile@1.6 / diff / nxr@1.6
src/external/lgpl3/gmp/lib/libgmp/arch/i386/Makefile.inc@1.4 / diff / nxr@1.4
src/external/lgpl3/mpfr/lib/libmpfr/Makefile@1.6 / diff / nxr@1.6
cleanup:
-fix for OBJDIR
-link mpfr against gmp, and mpc against gmp+mpfr
-clean up generated files
-fix for OBJDIR
-link mpfr against gmp, and mpc against gmp+mpfr
-clean up generated files
MAIN commitmail json YAML
catch a case where an ip6 address with scope embedded was compared with
one without -- interestingly this didn't break the connection but just
caused a useless encapsulation
(this code needs to be rearranged to get it clean)
one without -- interestingly this didn't break the connection but just
caused a useless encapsulation
(this code needs to be rearranged to get it clean)
MAIN commitmail json YAML
src/sys/net/pfkeyv2.h@1.30
/
diff
/
nxr@1.30
src/sys/netipsec/ipsec.c@1.55 / diff / nxr@1.55
src/sys/netipsec/ipsec.h@1.29 / diff / nxr@1.29
src/sys/netipsec/ipsec6.h@1.13 / diff / nxr@1.13
src/sys/netipsec/key.c@1.73 / diff / nxr@1.73
src/sys/netipsec/key.h@1.11 / diff / nxr@1.11
src/sys/netipsec/ipsec.c@1.55 / diff / nxr@1.55
src/sys/netipsec/ipsec.h@1.29 / diff / nxr@1.29
src/sys/netipsec/ipsec6.h@1.13 / diff / nxr@1.13
src/sys/netipsec/key.c@1.73 / diff / nxr@1.73
src/sys/netipsec/key.h@1.11 / diff / nxr@1.11
more "const"
MAIN commitmail json YAML
use 64-bit integers for GF128 multiplication on LP64 CPUs
MAIN commitmail json YAML
src/sys/opencrypto/crypto.c@1.41
/
diff
/
nxr@1.41
src/sys/opencrypto/cryptodev.c@1.67 / diff / nxr@1.67
src/sys/opencrypto/cryptodev.h@1.25 / diff / nxr@1.25
src/sys/opencrypto/cryptodev.c@1.67 / diff / nxr@1.67
src/sys/opencrypto/cryptodev.h@1.25 / diff / nxr@1.25
-if an opencrypto(9) session is allocated, the driver is refcounted
and can not disappear -- no need to hold crypto_mtx to check the
driver list
(the whole check is questionable)
-crp->crp_cv (the condition variable) is used by userland cryptodev
exclusively -- move its initialization there, no need to waste
cycles of in-kernel callers
-add a comment which members of "struct cryptop" are used
by opencrypto(9) and which by crypto(4)
(this should be split, no need to waste memory for in-kernel callers)
and can not disappear -- no need to hold crypto_mtx to check the
driver list
(the whole check is questionable)
-crp->crp_cv (the condition variable) is used by userland cryptodev
exclusively -- move its initialization there, no need to waste
cycles of in-kernel callers
-add a comment which members of "struct cryptop" are used
by opencrypto(9) and which by crypto(4)
(this should be split, no need to waste memory for in-kernel callers)
MAIN commitmail json YAML
src/sys/dev/ic/vga.c@1.107
/
diff
/
nxr@1.107
src/sys/dev/wscons/wsconsio.h@1.96 / diff / nxr@1.96
src/usr.sbin/wsfontload/wsfontload.8@1.25 / diff / nxr@1.25
src/usr.sbin/wsfontload/wsfontload.c@1.15 / diff / nxr@1.15
src/sys/dev/wscons/wsconsio.h@1.96 / diff / nxr@1.96
src/usr.sbin/wsfontload/wsfontload.8@1.25 / diff / nxr@1.25
src/usr.sbin/wsfontload/wsfontload.c@1.15 / diff / nxr@1.15
add support for the interesting parts of ISO-2 and KOI8-R fonts
to the vga(4) driver
to the vga(4) driver
MAIN commitmail json YAML
reduce typecasts and byte swapping
MAIN commitmail json YAML
src/sys/opencrypto/cryptosoft.c@1.38
/
diff
/
nxr@1.38
src/sys/opencrypto/cryptosoft_xform.c@1.24 / diff / nxr@1.24
src/sys/opencrypto/cryptosoft_xform.c@1.24 / diff / nxr@1.24
use a simple counter as IV for AES-GMAC as suggested in RFC4543
MAIN commitmail json YAML
fix tunnel encapsulation in ipsec6_process_packet() -- it is not
completely clean yet, but at least a v6-in-v6 tunnel works now
completely clean yet, but at least a v6-in-v6 tunnel works now
MAIN commitmail json YAML
reindent ipsec6_process_packet() - whitespace changes only
MAIN commitmail json YAML
src/lib/libc/arch/i386/gen/infinityl.c@1.4
/
diff
/
nxr@1.4
src/lib/libc/arch/x86_64/gen/infinityl.c@1.4 / diff / nxr@1.4
src/lib/libc/arch/x86_64/gen/infinityl.c@1.4 / diff / nxr@1.4
make sure the infinity returned by HUGE_VALL has the "implicit"
bit set, otherwise it is invalid
This code is unlikely to be hit because gcc (and clang) use
their builtins for these special values.
bit set, otherwise it is invalid
This code is unlikely to be hit because gcc (and clang) use
their builtins for these special values.
MAIN commitmail json YAML
make this work again after routing socket alignment changes
MAIN commitmail json YAML
src/sys/netipsec/ipsec_output.c@1.33
/
diff
/
nxr@1.33
src/sys/netipsec/key.c@1.72 / diff / nxr@1.72
src/sys/netipsec/xform_ipip.c@1.27 / diff / nxr@1.27
src/sys/netipsec/key.c@1.72 / diff / nxr@1.72
src/sys/netipsec/xform_ipip.c@1.27 / diff / nxr@1.27
remove a limitation that inner and outer IP version must be equal
for an ESP tunnel, and add some fixes which make v4-in-v6 work
(v6 as inner protocol isn't ready, even v6-in-v6 can never have worked)
being here, fix a statistics counter and kill an unused variable
for an ESP tunnel, and add some fixes which make v4-in-v6 work
(v6 as inner protocol isn't ready, even v6-in-v6 can never have worked)
being here, fix a statistics counter and kill an unused variable
MAIN commitmail json YAML
replace questionable pointer games which could cause reads of
uninitialized memory, from Wolfgang Stukenbrock per PR bin/44951
uninitialized memory, from Wolfgang Stukenbrock per PR bin/44951
MAIN commitmail json YAML
add a line "image_generator gs" to the DESC file as the original
build framework does, lets "groff -Thtml" at least start
(it seems that ghostscript is not needed at least for simple documents)
build framework does, lets "groff -Thtml" at least start
(it seems that ghostscript is not needed at least for simple documents)
MAIN commitmail json YAML
src/sys/dev/usb/ehci.c@1.175
/
diff
/
nxr@1.175
src/sys/dev/usb/uhci.c@1.236 / diff / nxr@1.236
src/sys/dev/usb/usb_subr.c@1.179 / diff / nxr@1.179
src/sys/dev/usb/usbdivar.h@1.93 / diff / nxr@1.93
src/sys/dev/usb/uhci.c@1.236 / diff / nxr@1.236
src/sys/dev/usb/usb_subr.c@1.179 / diff / nxr@1.179
src/sys/dev/usb/usbdivar.h@1.93 / diff / nxr@1.93
remember the data toggle bit per (bulk) endpoint rather than per
pipe, as required by the spec
This helps in cases where pipes are opened/closed without reconfiguring
the device in between, eg with the ugen driver.
only for UHCI/EHCI, don't have an OHCI to test
pipe, as required by the spec
This helps in cases where pipes are opened/closed without reconfiguring
the device in between, eg with the ugen driver.
only for UHCI/EHCI, don't have an OHCI to test
MAIN commitmail json YAML
add Upper Volta (Burkina Faso)
(got a nigeria-style spam mail with a phone number and was curious
where it came from)
(got a nigeria-style spam mail with a phone number and was curious
where it came from)
MAIN commitmail json YAML
allow testing of GCM/GMAC code from userland
MAIN commitmail json YAML
make the "tags" target non-.PHONY because it reflects a real file,
and remove some nonsense in libc Makefile which caused that
a "tags" file was written in my source tree
and remove some nonsense in libc Makefile which caused that
a "tags" file was written in my source tree
MAIN commitmail json YAML
src/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c@1.19
/
diff
/
nxr@1.19
src/crypto/dist/ipsec-tools/src/setkey/token.l@1.16 / diff / nxr@1.16
src/sys/net/pfkeyv2.h@1.29 / diff / nxr@1.29
src/sys/netipsec/xform_esp.c@1.38 / diff / nxr@1.38
src/sys/opencrypto/cryptodev.h@1.24 / diff / nxr@1.24
src/sys/opencrypto/cryptosoft.c@1.37 / diff / nxr@1.37
src/sys/opencrypto/cryptosoft_xform.c@1.23 / diff / nxr@1.23
src/sys/opencrypto/files.opencrypto@1.24 / diff / nxr@1.24
src/sys/opencrypto/gmac.c@1.1 / diff / nxr@1.1
src/sys/opencrypto/gmac.h@1.1 / diff / nxr@1.1
src/sys/opencrypto/xform.c@1.28 / diff / nxr@1.28
src/sys/opencrypto/xform.h@1.19 / diff / nxr@1.19
src/usr.bin/netstat/fast_ipsec.c@1.17 / diff / nxr@1.17
src/crypto/dist/ipsec-tools/src/setkey/token.l@1.16 / diff / nxr@1.16
src/sys/net/pfkeyv2.h@1.29 / diff / nxr@1.29
src/sys/netipsec/xform_esp.c@1.38 / diff / nxr@1.38
src/sys/opencrypto/cryptodev.h@1.24 / diff / nxr@1.24
src/sys/opencrypto/cryptosoft.c@1.37 / diff / nxr@1.37
src/sys/opencrypto/cryptosoft_xform.c@1.23 / diff / nxr@1.23
src/sys/opencrypto/files.opencrypto@1.24 / diff / nxr@1.24
src/sys/opencrypto/gmac.c@1.1 / diff / nxr@1.1
src/sys/opencrypto/gmac.h@1.1 / diff / nxr@1.1
src/sys/opencrypto/xform.c@1.28 / diff / nxr@1.28
src/sys/opencrypto/xform.h@1.19 / diff / nxr@1.19
src/usr.bin/netstat/fast_ipsec.c@1.17 / diff / nxr@1.17
pull in AES-GCM/GMAC support from OpenBSD
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
MAIN commitmail json YAML
fix building of a linked list if multiple algorithms are requested
in a session -- this just didn't work
in a session -- this just didn't work
MAIN commitmail json YAML
catch some corner cases of user input
MAIN commitmail json YAML
src/sys/netipsec/xform_ah.c@1.33
/
diff
/
nxr@1.33
src/sys/opencrypto/aesxcbcmac.c@1.1 / diff / nxr@1.1
src/sys/opencrypto/aesxcbcmac.h@1.1 / diff / nxr@1.1
src/sys/opencrypto/cryptodev.c@1.63 / diff / nxr@1.63
src/sys/opencrypto/cryptodev.h@1.23 / diff / nxr@1.23
src/sys/opencrypto/cryptosoft.c@1.36 / diff / nxr@1.36
src/sys/opencrypto/cryptosoft_xform.c@1.22 / diff / nxr@1.22
src/sys/opencrypto/files.opencrypto@1.23 / diff / nxr@1.23
src/sys/opencrypto/xform.c@1.27 / diff / nxr@1.27
src/sys/opencrypto/xform.h@1.18 / diff / nxr@1.18
src/usr.bin/netstat/fast_ipsec.c@1.16 / diff / nxr@1.16
src/sys/opencrypto/aesxcbcmac.c@1.1 / diff / nxr@1.1
src/sys/opencrypto/aesxcbcmac.h@1.1 / diff / nxr@1.1
src/sys/opencrypto/cryptodev.c@1.63 / diff / nxr@1.63
src/sys/opencrypto/cryptodev.h@1.23 / diff / nxr@1.23
src/sys/opencrypto/cryptosoft.c@1.36 / diff / nxr@1.36
src/sys/opencrypto/cryptosoft_xform.c@1.22 / diff / nxr@1.22
src/sys/opencrypto/files.opencrypto@1.23 / diff / nxr@1.23
src/sys/opencrypto/xform.c@1.27 / diff / nxr@1.27
src/sys/opencrypto/xform.h@1.18 / diff / nxr@1.18
src/usr.bin/netstat/fast_ipsec.c@1.16 / diff / nxr@1.16
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.
MAIN commitmail json YAML
src/sys/arch/x86/x86/via_padlock.c@1.15
/
diff
/
nxr@1.15
src/sys/opencrypto/cryptosoft.c@1.35 / diff / nxr@1.35
src/sys/opencrypto/cryptosoft_xform.c@1.21 / diff / nxr@1.21
src/sys/opencrypto/xform.c@1.26 / diff / nxr@1.26
src/sys/opencrypto/xform.h@1.17 / diff / nxr@1.17
src/sys/opencrypto/cryptosoft.c@1.35 / diff / nxr@1.35
src/sys/opencrypto/cryptosoft_xform.c@1.21 / diff / nxr@1.21
src/sys/opencrypto/xform.c@1.26 / diff / nxr@1.26
src/sys/opencrypto/xform.h@1.17 / diff / nxr@1.17
move the "context size" struct member (which is a pure software
implementation thing) from the abstract xform descriptor to
the cryptosoft implementation part -- for sanity, and now clients
of opencrypto don't depend on headers of cipher implementations anymore
implementation thing) from the abstract xform descriptor to
the cryptosoft implementation part -- for sanity, and now clients
of opencrypto don't depend on headers of cipher implementations anymore
MAIN commitmail json YAML
src/sys/opencrypto/cryptosoft.c@1.34
/
diff
/
nxr@1.34
src/sys/opencrypto/cryptosoft_xform.c@1.20 / diff / nxr@1.20
src/sys/opencrypto/cryptosoft_xform.c@1.20 / diff / nxr@1.20
Change the way the IV is generated for AES-CTR: use a simple counter
instead of arc4random(). AES-CTR is sensitive against IV recurrence
(with the same key / nonce), and a random number doesn't give that
guarantee.
This needs a little API change in cryptosoft -- I've suggested it to
Open/FreeBSD, might change it depending on feedback.
Thanks to Steven Bellovin for hints.
instead of arc4random(). AES-CTR is sensitive against IV recurrence
(with the same key / nonce), and a random number doesn't give that
guarantee.
This needs a little API change in cryptosoft -- I've suggested it to
Open/FreeBSD, might change it depending on feedback.
Thanks to Steven Bellovin for hints.
MAIN commitmail json YAML
update draft-ipsec-* -> RFC
clarify a sentence
clarify a sentence
MAIN commitmail json YAML
src/sys/conf/files@1.1015
/
diff
/
nxr@1.1015
src/sys/dev/pci/if_iwi.c@1.87 / diff / nxr@1.87
src/sys/net80211/ieee80211_crypto.c@1.15 / diff / nxr@1.15
src/sys/opencrypto/cryptodev.c@1.62 / diff / nxr@1.62
src/sys/opencrypto/cryptosoft_xform.c@1.19 / diff / nxr@1.19
src/sys/dev/pci/if_iwi.c@1.87 / diff / nxr@1.87
src/sys/net80211/ieee80211_crypto.c@1.15 / diff / nxr@1.15
src/sys/opencrypto/cryptodev.c@1.62 / diff / nxr@1.62
src/sys/opencrypto/cryptosoft_xform.c@1.19 / diff / nxr@1.19
-remove references to crypto/arc4/arc4.* -- the code isn't used
anywhere afaics
(The confusion comes probably from use of arc4random() at various places,
but this lives in libkern and doesn't share code with the former.)
-g/c non-implementation of arc4 encryption in swcrypto(4)
-remove special casing of ARC4 in crypto(4) -- the point is that it
doesn't use an IV, and this fact is made explicit by the new "ivsize"
property of xforms
anywhere afaics
(The confusion comes probably from use of arc4random() at various places,
but this lives in libkern and doesn't share code with the former.)
-g/c non-implementation of arc4 encryption in swcrypto(4)
-remove special casing of ARC4 in crypto(4) -- the point is that it
doesn't use an IV, and this fact is made explicit by the new "ivsize"
property of xforms
MAIN commitmail json YAML
If symmetric encryption is done from userland crypto(4) and no IV
is specified, the kernel gets one from the random generator. Make sure it
is copied out to the user, otherwise the result is quite useless.
is specified, the kernel gets one from the random generator. Make sure it
is copied out to the user, otherwise the result is quite useless.
MAIN commitmail json YAML
src/sys/netipsec/key.c@1.71
/
diff
/
nxr@1.71
src/sys/netipsec/key.h@1.10 / diff / nxr@1.10
src/sys/netipsec/key_debug.c@1.11 / diff / nxr@1.11
src/sys/netipsec/keydb.h@1.10 / diff / nxr@1.10
src/sys/netipsec/xform_esp.c@1.37 / diff / nxr@1.37
src/sys/netipsec/key.h@1.10 / diff / nxr@1.10
src/sys/netipsec/key_debug.c@1.11 / diff / nxr@1.11
src/sys/netipsec/keydb.h@1.10 / diff / nxr@1.10
src/sys/netipsec/xform_esp.c@1.37 / diff / nxr@1.37
g/c remainders of IV handling in pfkey code -- this is done in
opencrypto now
opencrypto now
MAIN commitmail json YAML
report aes-ctr statistic counter by name
MAIN commitmail json YAML
allow ESP to use AES-CTR
(pfkey and userland tool support is already there because it has been
in KAME IPSEC all the time)
tested against KAME IPSEC
(pfkey and userland tool support is already there because it has been
in KAME IPSEC all the time)
tested against KAME IPSEC
MAIN commitmail json YAML
being here, export camellia-cbc through crypto(4) to allow userland tests
MAIN commitmail json YAML
src/sys/opencrypto/cryptodev.c@1.59
/
diff
/
nxr@1.59
src/sys/opencrypto/cryptodev.h@1.22 / diff / nxr@1.22
src/sys/opencrypto/cryptosoft.c@1.33 / diff / nxr@1.33
src/sys/opencrypto/cryptosoft_xform.c@1.18 / diff / nxr@1.18
src/sys/opencrypto/xform.c@1.25 / diff / nxr@1.25
src/sys/opencrypto/xform.h@1.16 / diff / nxr@1.16
src/sys/opencrypto/cryptodev.h@1.22 / diff / nxr@1.22
src/sys/opencrypto/cryptosoft.c@1.33 / diff / nxr@1.33
src/sys/opencrypto/cryptosoft_xform.c@1.18 / diff / nxr@1.18
src/sys/opencrypto/xform.c@1.25 / diff / nxr@1.25
src/sys/opencrypto/xform.h@1.16 / diff / nxr@1.16
add an AES-CTR xform, from OpenBSD
MAIN commitmail json YAML
src/share/man/man9/opencrypto.9@1.11
/
diff
/
nxr@1.11
src/sys/netipsec/xform_esp.c@1.35 / diff / nxr@1.35
src/sys/opencrypto/cryptodev.c@1.58 / diff / nxr@1.58
src/sys/opencrypto/cryptosoft.c@1.32 / diff / nxr@1.32
src/sys/opencrypto/cryptosoft_xform.c@1.17 / diff / nxr@1.17
src/sys/opencrypto/xform.c@1.24 / diff / nxr@1.24
src/sys/opencrypto/xform.h@1.15 / diff / nxr@1.15
src/sys/netipsec/xform_esp.c@1.35 / diff / nxr@1.35
src/sys/opencrypto/cryptodev.c@1.58 / diff / nxr@1.58
src/sys/opencrypto/cryptosoft.c@1.32 / diff / nxr@1.32
src/sys/opencrypto/cryptosoft_xform.c@1.17 / diff / nxr@1.17
src/sys/opencrypto/xform.c@1.24 / diff / nxr@1.24
src/sys/opencrypto/xform.h@1.15 / diff / nxr@1.15
-in the descriptor for encryption xforms, split the "blocksize" field
into "blocksize" and "IV size"
-add an "reinit" function pointer which, if set, means that the xform
does its IV handling itself and doesn't want the default CBC handling
by the framework (poor name, but left that way to avoid unecessary
differences)
This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms.
Refer to ivsize instead of blocksize where appropriate.
(At this point, blocksize and ivsize are identical.)
into "blocksize" and "IV size"
-add an "reinit" function pointer which, if set, means that the xform
does its IV handling itself and doesn't want the default CBC handling
by the framework (poor name, but left that way to avoid unecessary
differences)
This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms.
Refer to ivsize instead of blocksize where appropriate.
(At this point, blocksize and ivsize are identical.)
MAIN commitmail json YAML
sync minimum key size for AES with reality
MAIN commitmail json YAML
check key size on initialization -- othwise the rijndael code
can fail silently
can fail silently
MAIN commitmail json YAML
fix a logics bug (which has been here from the beginning) which made
that only 96 random bits were used for IV generation,
this caused eg that the last 4 bytes of the IV in ESP/AES-CBC
were constant, leaking kernel memory
affects FAST_IPSEC only
that only 96 random bits were used for IV generation,
this caused eg that the last 4 bytes of the IV in ESP/AES-CBC
were constant, leaking kernel memory
affects FAST_IPSEC only
MAIN commitmail json YAML
include the SHA2 hashs into the proposal which goes out with
SADB_ACQUIRE -- this doesn't change much because racoon ignores
the proposal from the kernel anyway and applies its own configuration,
but having MD5 and SHA1 in the list but SHA2 not looks strange
SADB_ACQUIRE -- this doesn't change much because racoon ignores
the proposal from the kernel anyway and applies its own configuration,
but having MD5 and SHA1 in the list but SHA2 not looks strange
MAIN commitmail json YAML
use monotonic time rather than wall time for lifetime related timestamps,
to make key expiration robust against time changes
to make key expiration robust against time changes
MAIN commitmail json YAML
remove unused expression
MAIN commitmail json YAML
src/sys/arch/x86/include/i82489var.h@1.13
/
diff
/
nxr@1.13
src/sys/arch/x86/x86/lapic.c@1.45 / diff / nxr@1.45
src/sys/arch/x86/x86/lapic.c@1.45 / diff / nxr@1.45
remove stale declarations / empty function
MAIN commitmail json YAML
cleanup some error handling to avoid memory leaks and doube frees,
from Wolfgang Stukenbrock per PR kern/44948, and part of kern/44952
from Wolfgang Stukenbrock per PR kern/44948, and part of kern/44952
MAIN commitmail json YAML
fix lookup of SAs for outgoing packets in the !prefered_oldsa case,
as done in KAME and FAST_IPSEC after NetBSD imported the code
(The default differs: KAME uses the oldest valid SA while FAST_IPSEC
in NetBSD uses the newest one. I'm not changing this -- there is a lack
of specification and behavior can be changed with the "oldsa" sysctl.)
For incoming packets it shouldn't matter but I made it look similar
just to avoid unnecessary differences.
as done in KAME and FAST_IPSEC after NetBSD imported the code
(The default differs: KAME uses the oldest valid SA while FAST_IPSEC
in NetBSD uses the newest one. I'm not changing this -- there is a lack
of specification and behavior can be changed with the "oldsa" sysctl.)
For incoming packets it shouldn't matter but I made it look similar
just to avoid unnecessary differences.
MAIN commitmail json YAML
fix detach() to avoid use-after-free problems:
-stop transfers before freeing data structures
(and comment out a useless delay)
-free devinfo later
Hot-unplugging an USB cam while in use doesn't crash my box anymore now.
-stop transfers before freeing data structures
(and comment out a useless delay)
-free devinfo later
Hot-unplugging an USB cam while in use doesn't crash my box anymore now.
MAIN commitmail json YAML
-fix maximum length of salt (missing prefix, rounding error)
-clip number of rounds at 31 -- this is log2 of the real number,
and anything larger would break exponentation
-catch possible atoi() error where log2(rounds) is parsed in the
salt prefix
-zero crypto state on exit
from Open/FreeBSD
-clip number of rounds at 31 -- this is log2 of the real number,
and anything larger would break exponentation
-catch possible atoi() error where log2(rounds) is parsed in the
salt prefix
-zero crypto state on exit
from Open/FreeBSD
MAIN commitmail json YAML
fix ipad/opad buffer length (was one too much), just for sanity
MAIN commitmail json YAML
src/sys/opencrypto/crypto.c@1.40
/
diff
/
nxr@1.40
src/sys/opencrypto/cryptodev.c@1.57 / diff / nxr@1.57
src/sys/opencrypto/ocryptodev.c@1.4 / diff / nxr@1.4
src/sys/opencrypto/cryptodev.c@1.57 / diff / nxr@1.57
src/sys/opencrypto/ocryptodev.c@1.4 / diff / nxr@1.4
split the "crypto_mtx" spinlock into 3: one spinlock each for
the incoming and outgoing request queues (which can be dealt with
by hardware accelerators) and an adaptive lock for "all the rest"
(mostly driver configuration, but also some unrelated stuff in
cryptodev.c which should be revisited)
The latter one seems to be uneeded at many places, but for now I've
done simple replacements only, except minor fixes (where
softint_schedule() was called without the lock held)
the incoming and outgoing request queues (which can be dealt with
by hardware accelerators) and an adaptive lock for "all the rest"
(mostly driver configuration, but also some unrelated stuff in
cryptodev.c which should be revisited)
The latter one seems to be uneeded at many places, but for now I've
done simple replacements only, except minor fixes (where
softint_schedule() was called without the lock held)
MAIN commitmail json YAML
remove redundant declarations
MAIN commitmail json YAML
remove redundant declaration
MAIN commitmail json YAML
remove a useless m_freem() call where the argument is known to be NULL
MAIN commitmail json YAML
use time_t rather than long for timestamps
MAIN commitmail json YAML
cosmetical whitespace changes
MAIN commitmail json YAML
src/sys/netinet/tcp_vtw.c@1.3
/
diff
/
nxr@1.3
src/usr.bin/netstat/inet.c@1.98 / diff / nxr@1.98
src/usr.bin/netstat/inet6.c@1.57 / diff / nxr@1.57
src/usr.bin/netstat/vtw.c@1.6 / diff / nxr@1.6
src/usr.bin/netstat/vtw.h@1.2 / diff / nxr@1.2
src/usr.bin/netstat/inet.c@1.98 / diff / nxr@1.98
src/usr.bin/netstat/inet6.c@1.57 / diff / nxr@1.57
src/usr.bin/netstat/vtw.c@1.6 / diff / nxr@1.6
src/usr.bin/netstat/vtw.h@1.2 / diff / nxr@1.2
use getmicrouptime(9) rather than microtime(9) for TIME_WAIT duration
calculation, because this doesn't get confused by system time changes,
and uses less CPU cycles
reviewed by dyoung
calculation, because this doesn't get confused by system time changes,
and uses less CPU cycles
reviewed by dyoung
MAIN commitmail json YAML
rearrange variable usage to kill __UNCONST
reviewed by sjg
reviewed by sjg
MAIN commitmail json YAML
src/sys/netipsec/xform_ah.c@1.32
/
diff
/
nxr@1.32
src/sys/netipsec/xform_esp.c@1.34 / diff / nxr@1.34
src/sys/netipsec/xform_ipcomp.c@1.28 / diff / nxr@1.28
src/sys/opencrypto/crypto.c@1.39 / diff / nxr@1.39
src/sys/opencrypto/cryptodev.c@1.56 / diff / nxr@1.56
src/sys/netipsec/xform_esp.c@1.34 / diff / nxr@1.34
src/sys/netipsec/xform_ipcomp.c@1.28 / diff / nxr@1.28
src/sys/opencrypto/crypto.c@1.39 / diff / nxr@1.39
src/sys/opencrypto/cryptodev.c@1.56 / diff / nxr@1.56
As a first step towards more fine-grained locking, don't require
crypto_{new.free}session() to be called with the "crypto_mtx"
spinlock held.
This doesn't change much for now because these functions acquire
the said mutex first on entry now, but at least it keeps the nasty
locks local to the opencrypto core.
crypto_{new.free}session() to be called with the "crypto_mtx"
spinlock held.
This doesn't change much for now because these functions acquire
the said mutex first on entry now, but at least it keeps the nasty
locks local to the opencrypto core.
MAIN commitmail json YAML
remove excess newlines in debug output
MAIN commitmail json YAML
remove an empty function
MAIN commitmail json YAML
src/sys/netipsec/xform_esp.c@1.33
/
diff
/
nxr@1.33
src/sys/netipsec/xform_ipcomp.c@1.27 / diff / nxr@1.27
src/sys/netipsec/xform_ipcomp.c@1.27 / diff / nxr@1.27
fix C&P botch in diagnostic printfs
MAIN commitmail json YAML
src/crypto/external/bsd/heimdal/dist/po/heim_com_err-1765328384/sv_SE.mo deleted
src/crypto/external/bsd/heimdal/dist/po/heimdal_krb5/sv_SE.mo deleted
src/crypto/external/bsd/heimdal/dist/po/heimdal_kuser/sv_SE.mo deleted
src/crypto/external/bsd/heimdal/dist/po/heimdal_krb5/sv_SE.mo deleted
src/crypto/external/bsd/heimdal/dist/po/heimdal_kuser/sv_SE.mo deleted
remove generated binary files
MAIN commitmail json YAML
decode camellia-cbc in stats histogram
MAIN commitmail json YAML
support camellia-cbc as ESP cipher
MAIN commitmail json YAML
add IANA number for camellia-cbc, copied from FreeBSD
MAIN commitmail json YAML
src/sys/opencrypto/cryptosoft.c@1.30
/
diff
/
nxr@1.30
src/sys/opencrypto/cryptosoft_xform.c@1.15 / diff / nxr@1.15
src/sys/opencrypto/files.opencrypto@1.22 / diff / nxr@1.22
src/sys/opencrypto/cryptosoft_xform.c@1.15 / diff / nxr@1.15
src/sys/opencrypto/files.opencrypto@1.22 / diff / nxr@1.22
support camellia-cbc by swcrypt
MAIN commitmail json YAML
src/sys/opencrypto/cryptodev.h@1.20
/
diff
/
nxr@1.20
src/sys/opencrypto/xform.c@1.22 / diff / nxr@1.22
src/sys/opencrypto/xform.h@1.14 / diff / nxr@1.14
src/sys/opencrypto/xform.c@1.22 / diff / nxr@1.22
src/sys/opencrypto/xform.h@1.14 / diff / nxr@1.14
make camellia-cbc known to the opencrypto framework
MAIN commitmail json YAML
src/sys/conf/files@1.1011
/
diff
/
nxr@1.1011
src/sys/crypto/camellia/camellia-api.c@1.1 / diff / nxr@1.1
src/sys/crypto/camellia/camellia.c@1.1 / diff / nxr@1.1
src/sys/crypto/camellia/camellia.h@1.1 / diff / nxr@1.1
src/sys/crypto/camellia/files.camellia@1.1 / diff / nxr@1.1
src/sys/crypto/camellia/camellia-api.c@1.1 / diff / nxr@1.1
src/sys/crypto/camellia/camellia.c@1.1 / diff / nxr@1.1
src/sys/crypto/camellia/camellia.h@1.1 / diff / nxr@1.1
src/sys/crypto/camellia/files.camellia@1.1 / diff / nxr@1.1
add "camellia" crypto code, copied from FreeBSD
MAIN commitmail json YAML
fix V->version flag