FreshBSD

update the VLAN doco.

the parameters are parent and vnetid, not vlandev and vlan. svlan(4) is
also a thing.

ok jmc@

X is not restricted to just the + operator;

diff from klemens nanni
confirmed by otto

htpasswd: use crypt_newhash instead of the bcrypt API

man bcrypt states:
     These functions are deprecated in favor of crypt_checkpass(3) and
     crypt_newhash(3).

hence with this change we move htpasswd to the new API, while here
also change the rounds from a hardcoded 8 to automatic selection based
on system performance.

OK florian@

The \h escape sequence provides another method for moving backwards,
and after that, previously written output gets overwritten, but
overwriting with blanks does *not* erase previously written content.
Yes, manual pages exist that are crazy enough to rely on that...

unbreak after sshv1 purge

Implement the roff(7) .rn (rename macro or string) request.
Renaming a user-defined macro is very simple: just copy
the definition to the new name and delete the old name.
Renaming high-level macros is a bit tricky: use a dedicated
key-value-table, with non-standard names as keys and standard
names as values.  When a macro is found that is not user-defined,
look it up in the "renamed" table and translate it back to the
standard name before passing it on to the high-level parsers.

Set the weak variant of hysteresis as default.

Rewrite the driver to handle 64kb transfers

Although several codepaths in the kernel such as coredump
and buffercache read-ahead feature assume that underlying
hardware is capable of handling 64kb transfers without any
issues, xbf was setup to rely on a single descriptor per
transfer which limited the maximum size of an individual
transfer to 11 4k segments amounting to 44k bytes.

To avoid overbooking, a metadata object is allocated for
each transfer to keep track of associated descriptors
limiting the maximum amount of outstanding transfers to
half the ring size.

The issue was reported by Dan Cross <crossd at gmail.com>,
thanks!

Don't patch(1) as the 'build' user; it has no right over the src tree.
That bug was hidden because patch(1) returns '0' on that particular case.
To be fixed...

ok robert@

Call xbf_intr for polled transfers that can't sleep

Add support for tap gestures.

Provide sufficient info in error messages to identify
softraid volume and backing disk when i/o errors occur.

Original issue reported by Paul de Weerd.

Suggestions from jsing@.

ok deraadt@ mikeb@

Continue and pass keys through if they are repeated keys, so that the
first key after a repeated key doesn't get lost.

Do not pass a state into commands when fired on individual items in tree
mode, rely on the %% target substitution in the command for the chosen
pane and leave the default target as the current pane (where the mode
is). Otherwise, joinp and similar end up with -t and -s the
same. Reported by Jacob Niehus in GitHub issue 960.

Minimal implementation of the roff(7) .ce request (center a number
of input lines without filling).
Contrary to groff, high-level macros abort .ce mode for now.

Delete input event when evbuffer_read() fails to avoid just spinning
around a dead file descriptor. Seems to fix a problem reported by Greg
Hurrell in GitHub issue 941.

Remove code that is not needed right now.

Implement startup smashing in C. The code should be moved
under arch/mips64 once loongson and sgi have gap.o.

Discussed with deraadt@

start slaacd as early as possible, right after pf and sysctl.conf are
setup.
Input & OK deraadt@

We are going to start slaacd(8) much earlier, before /var is even
mounted. Move control socket to /dev for now.
Input & OK deraadt@

Update stubs to work with radix tree.

Update panic strings, pipex no longer use rn_inithead0().

Do not rely on <net/rtable.h> beeing included by other headers.

Fix build without PF, PIPEX nor IPSEC.

Fix build without PF.

mention -fwrapv being on by default

Enable -fwrapv by default with clang to treat signed integer overflows
as defined.  This is done to prevent dangerous optimisations which could
remove security critical overflow checks.

Base gcc has -fno-strict-overflow by default, with clang this is
identical to -fwrapv.

Prompted by naddy@ discovering a hang with a clang compiled i386 kernel
that was resolved with -fwrapv.

ok kettenis@ pascal@

Fix compression output stats broken in rev 1.201.  Patch originally by
Russell Coker via Debian bug #797964 and Christoph Biedl.  ok djm@

regen

Mention that the special files are created in the current working
directory. Suggested by Scott Cheloha.

discussed with jmc

Test insertion of unmatched meta sequence.

make vnetid and parent commands available in SMALL ifconfigs.

the code behind the commands has been built on SMALL forever, this just
moves it available in the cmd table. the binary doesnt change size.

correct the depend list of a target introduced in rev 1.9
from deraadt@

Regen.

Sort DLINK section and add USB device ID of D-Link DWA-131 rev E1.

ok stsp@

Show usage of sysmerge and MAKEDEV instead of just mentioning them.
From Scott Cheloha, thanks.

ok jmc and positive feedback from several

- let's add PF_LOCK()
  to enable PF_LOCK(), you must add 'option WITH_PF_LOCK' to your kernel
  configuration. The code does not do much currently it's just the very
  small step towards MP.

O.K. henning@, mikeb@, mpi@

initial docs for COMPILER_WRAPPER and COMPILER_LINKS

Split early startup code out of locore.S into locore0.S.  Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.

The bootstrap code will need smashing because it is mapped by BLTB,
but this is a bit involved so not done yet.

As a result, the internal layout of every newly build bsd kernel is
different from past kernels.  Internal relative offsets are not known
to an outside attacker.  The only known offsets are in the startup code
(which will be gone when it is smashed).

Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.

Increase kernel size, by pushing rodata 1MB forward, from 5MB to 6MB.
This seems to satisfy the BTLB granularity.  Good enough for now.
ok kettenis

Temporarily disable the second call to rc_check until I figure out what
is going on. Should fix another case of false negative reported by sthen
(redis).

Split early startup code out of locore.S into locore0.S.  Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.

Late during kernel boot, smash the startup code with traps so that
it does not point to the other randomly placed code.  It has be smashed,
because alpha (insecurely in my view) runs in the KSEG0 space.

As a result, the internal layout of every newly build bsd kernel is
different from past kernels.  Internal relative offsets are not known
to an outside attacker.  The only known offsets are in the startup code,
which is gone.

Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.

include machine/param.h before machine.asm.h because uhm alpha.

Test insertion of non-ASCII characters, in particular making sure
that valid input does not cause writing invalid intermediate states
to the terminal, and that invalid input is not delayed waiting for
more input, but written through right away.

Currently failing, but expected to be fixed shortly.

track permissions of original file

use same idiom as other Makefiles

Fix logic in _rc_wait to properly cope with setproctitle(3) daemons. It was a
regression from my recent rc.subr changes.

reported by deraadt@ and naddy@ : pflogd was marked as failed during boot while
it was properly running

Randomize the link order of .o files in the kernel on octeon.
Unlike on some other architectures, it is not possible to unmap
the early boot code. Instead, the code is smashed during boot.

Input from deraadt@

explicitly pass -w since clang -M doesn't imply it.

okay millert@

Add new edit regress files.

Absent from my previous commit.

Rewrite ksh edit mode regression tests.

Instead of calling x_vi() directly, run ksh in a pseudo tty.
This makes the process of adding tests for emacs mode simpler since the code can
be shared.

With feedback and help from millert@ and schwarze@