krw [Sat, 12 Jul 2014 20:16:38 +0000 (20:16 +0000)]
Close connections when msgbuf_write() returns 0.
ok claudio@
mpi [Sat, 12 Jul 2014 20:13:48 +0000 (20:13 +0000)]
Protect the freelists of transfer descriptors with the appropriate spl
so that we do not end up allocating two times new descriptors.
This happens if a thread finds an empty list, start allocating, got
interrupted and the interrupt also finds an empty list.
Fix an issue reported by Nils Frohberg.
ok yuo@, pirofti@
miod [Sat, 12 Jul 2014 20:11:45 +0000 (20:11 +0000)]
Remove private_{Camellia,RC4}_set_key FIPS indirection tentacles, as has been
done for other symmetric algorithms recently.
brad [Sat, 12 Jul 2014 20:07:34 +0000 (20:07 +0000)]
Mark the interface down and cancel the watchdog timer in imxenet_stop().
ok matthieu@ rapha@
yasuoka [Sat, 12 Jul 2014 20:07:07 +0000 (20:07 +0000)]
Fix a potential bug. privsep.c didn't check the interface name
correctly if it's pppx.
espie [Sat, 12 Jul 2014 19:58:20 +0000 (19:58 +0000)]
oh well, remove -Q entirely... I'm probably the only one who ever used that.
henning [Sat, 12 Jul 2014 19:58:17 +0000 (19:58 +0000)]
ewps, that giant table has -inet6 twice, for SMALL and !SMALL
no breakage involved, but wasn't correct in the SMALL case either
pirofti [Sat, 12 Jul 2014 19:54:17 +0000 (19:54 +0000)]
Whitespace
espie [Sat, 12 Jul 2014 19:54:15 +0000 (19:54 +0000)]
security check in quirks
espie [Sat, 12 Jul 2014 19:53:43 +0000 (19:53 +0000)]
undocument -Q
espie [Sat, 12 Jul 2014 19:50:43 +0000 (19:50 +0000)]
finish killing old experiment, less confusing code
jasper [Sat, 12 Jul 2014 19:47:38 +0000 (19:47 +0000)]
rename variable to better indicate it's meaning
jsing [Sat, 12 Jul 2014 19:45:53 +0000 (19:45 +0000)]
Provide ssl_version_string() function, which uses one of those modern C
constructs (a switch statement) and returns the appropriate string defined
by SSL_TXT_* for the given version, including support for DTLSv1 and
DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print().
ok beck@
espie [Sat, 12 Jul 2014 19:44:54 +0000 (19:44 +0000)]
@endfake died a while ago
espie [Sat, 12 Jul 2014 19:39:09 +0000 (19:39 +0000)]
so, pkg_check can now troll thru the whole file system. Either use
a full pkglocatedb, or the system locate dbs...
yasuoka [Sat, 12 Jul 2014 19:34:31 +0000 (19:34 +0000)]
Fix error in previous.
jsing [Sat, 12 Jul 2014 19:31:21 +0000 (19:31 +0000)]
In openssl_startup(), call SSL_library_init() and SSL_load_error_strings().
This allows us to remove the ERR_load_crypto_strings() call, along with
the various SSL_load_error_strings() and OpenSSL_add_ssl_algorithms()
calls scattered around the place.
ok beck@
miod [Sat, 12 Jul 2014 19:31:03 +0000 (19:31 +0000)]
Make the BLOCK_CIPHER_{generic,custom} macros expand to more readable struct
definitions using C99 field initializers. No functional change.
krw [Sat, 12 Jul 2014 19:22:32 +0000 (19:22 +0000)]
msgbuf_write() <= 0 for a few more daemons.
ok claudio@
deraadt [Sat, 12 Jul 2014 19:20:12 +0000 (19:20 +0000)]
sync
tedu [Sat, 12 Jul 2014 19:14:59 +0000 (19:14 +0000)]
guenther (who also should have been credited in previous free size commits)
noticed that i missed committing one file.
lteo [Sat, 12 Jul 2014 19:05:45 +0000 (19:05 +0000)]
Remove the redundant csum_flag variable and just set the checksum flag
in the pkthdr directly.
ok henning@
lteo [Sat, 12 Jul 2014 19:04:29 +0000 (19:04 +0000)]
Protocol checksums have been recalculated on reinjection for a while
now, so there is no need to calculate them before sending them to
userspace.
ok henning@
tedu [Sat, 12 Jul 2014 19:01:49 +0000 (19:01 +0000)]
revert bogus free changes in not kernel files. got a little trigger happy.
deraadt [Sat, 12 Jul 2014 18:57:41 +0000 (18:57 +0000)]
Wrap "thread_private.h" with #ifdef __OpenBSD__ so that other systems
can copy this file (plus chacha_private.h) directly and reuse it
trivially. Well, as long as they have a getentropy() as well..
ok beck
tedu [Sat, 12 Jul 2014 18:51:10 +0000 (18:51 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:50:41 +0000 (18:50 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:50:25 +0000 (18:50 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:50:00 +0000 (18:50 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:48:51 +0000 (18:48 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:48:17 +0000 (18:48 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:44:40 +0000 (18:44 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:44:22 +0000 (18:44 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:44:01 +0000 (18:44 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:43:52 +0000 (18:43 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
tedu [Sat, 12 Jul 2014 18:43:32 +0000 (18:43 +0000)]
add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.
jsing [Sat, 12 Jul 2014 18:37:28 +0000 (18:37 +0000)]
Remove extra parenthesis.
jsing [Sat, 12 Jul 2014 18:10:21 +0000 (18:10 +0000)]
need_cert is now always true, so remove the variable and associated
conditionals.
ok miod@
jsing [Sat, 12 Jul 2014 18:09:21 +0000 (18:09 +0000)]
More KNF.
schwarze [Sat, 12 Jul 2014 18:05:50 +0000 (18:05 +0000)]
No need for run-time configuration, add minimal compile-time
configuration facilities, just two paths and two HTML strings.
Show the title on all pages, not just the index page.
jsing [Sat, 12 Jul 2014 18:00:20 +0000 (18:00 +0000)]
Remove #ifndefs for OPENSSL_NO_DH, OPENSSL_NO_ECDH and
OPENSSL_NO_X509_VERIFY. We're not going to build with these and the same
removal has already been done for libssl.
mpi [Sat, 12 Jul 2014 17:57:26 +0000 (17:57 +0000)]
No INET6 in ramdisk, fix the tree.
jsing [Sat, 12 Jul 2014 17:54:31 +0000 (17:54 +0000)]
openssl(1) is only built as a single monolithic binary, so just call
load_config() once when we start.
ok miod@
pirofti [Sat, 12 Jul 2014 17:53:45 +0000 (17:53 +0000)]
Fix root hub descriptors by matching ehci(4)'s descriptors.
Reminded by mpi@, thanks!
On a side note usb sticks don't get fried anymore, they "just"
freeze the system.
jsing [Sat, 12 Jul 2014 17:50:36 +0000 (17:50 +0000)]
Remove the temporary dospartoff work around.
From Markus Mueller.
ok krw@ miod@ tedu@
yuo [Sat, 12 Jul 2014 17:38:51 +0000 (17:38 +0000)]
To enable Intel XHCI host controller, re-route all of usb port to xhci
instead of connected to ehci.
ok mpi@
jmc [Sat, 12 Jul 2014 17:38:19 +0000 (17:38 +0000)]
provide a missing rfc number;
From: Josh Grosse
i've actually just whacked the titles to keep it brief
and avoid the mess of the punctuation added by these macros.
deraadt [Sat, 12 Jul 2014 17:35:23 +0000 (17:35 +0000)]
jsing and I are investigating removal of all? most? 'getenv from library'
instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first,
especially since it had this special comment:
/* A hack to keep people who don't want to modify their software happy */
ok beck jsing
jmc [Sat, 12 Jul 2014 17:26:20 +0000 (17:26 +0000)]
more accept_rtadv removal;
schwarze [Sat, 12 Jul 2014 17:18:13 +0000 (17:18 +0000)]
Simplify: Delete 74 lines of code including one enum type, one
global lookup table, two functions, two function arguments, one
struct member, one local variable, and the "search/" and "show/"
part of the URIs, all without losing functionality.
deraadt [Sat, 12 Jul 2014 17:15:43 +0000 (17:15 +0000)]
sync
jmc [Sat, 12 Jul 2014 17:10:51 +0000 (17:10 +0000)]
some basic formatting tweaks;
jmc [Sat, 12 Jul 2014 17:06:06 +0000 (17:06 +0000)]
tweak previous;
henning [Sat, 12 Jul 2014 17:03:47 +0000 (17:03 +0000)]
andone last (i hope) accept_rtadv sysctl remnant, also found by jmc
henning [Sat, 12 Jul 2014 17:00:43 +0000 (17:00 +0000)]
no more net.inet6.ip6.accept_rtadv
no idea how jmc finds these, but I'm very glad he does
henning [Sat, 12 Jul 2014 16:59:06 +0000 (16:59 +0000)]
jmc points out this babbled about the accept_rtadvd sysctl which is no more
pirofti [Sat, 12 Jul 2014 16:43:31 +0000 (16:43 +0000)]
Implement Set Port Feature request support.
Port reset doesn't need the spl dance, as discussed with mpi@
miod [Sat, 12 Jul 2014 16:42:47 +0000 (16:42 +0000)]
A few fixes/improvements:
- first, BN_free == BN_clear_free in our libcrypto, so we do not need to
treat CBIGNUM (crypto BN) separately from BIGNUM (regular BN).
- then, in bn_i2c(), since BN_bn2bin returns BN_num_bytes(input), take
advantage of this to avoid calling BN_num_bytes() a second time.
BN_num_bytes() is cheap, but this not a reason to perform redundant
work.
- finally, in bn_c2i, if bn_new() fails, return early. Otherwise
BN_bin2bn will try to create a BN too, and although this will probably
fail since we were already out of memory, if we are on a threaded
process and suddenly the allocation succeeds, we will leak it since it
will never be stored in *pval.
ok jsing@
matthieu [Sat, 12 Jul 2014 16:34:24 +0000 (16:34 +0000)]
Hook auxcpp
miod [Sat, 12 Jul 2014 16:33:25 +0000 (16:33 +0000)]
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against
NULL.
ok deraadt@ guenther@ jsing@
matthieu [Sat, 12 Jul 2014 16:32:58 +0000 (16:32 +0000)]
Eliminate strcpy() and sprintf() in auxcpp. ok deraadt@
matthieu [Sat, 12 Jul 2014 16:32:07 +0000 (16:32 +0000)]
Local tweaks to ucpp:
- exit on the 1st error it finds. Better than stopping processing input
- accept -P as a synonym for -l since this is what xrdb uses to
suppress #line markers.
matthieu [Sat, 12 Jul 2014 16:29:59 +0000 (16:29 +0000)]
Rename the manual page to auxcpp.1
matthieu [Sat, 12 Jul 2014 16:27:49 +0000 (16:27 +0000)]
BSD Makefile for auxcpp
ajacoutot [Sat, 12 Jul 2014 16:26:35 +0000 (16:26 +0000)]
Extend output a bit.
guenther [Sat, 12 Jul 2014 16:25:08 +0000 (16:25 +0000)]
Tackle the endian.h mess. Make it so that:
* you can #include <sys/endian.h> instead of <machine/endian.h>,
and ditto <endian.h> (fixes code that pulls in <sys/endian.h> first)
* those will always export the symbols that POSIX specified for
<endian.h>, including the new {be,le}{16,32,64}toh() set. c.f.
http://austingroupbugs.net/view.php?id=162
if __BSD_VISIBLE then you also get the symbols that our <machine/endian.h>
currently exports (ntohs, NTOHS, dlg's bemtoh*, etc)
* when doing POSIX compiles (not __BSD_VISIBLE), then <netinet/in.h> and
<arpa/inet.h> will *stop* exporting the extra symbols like BYTE_ORDER
and betoh*
ok deraadt@
matthieu [Sat, 12 Jul 2014 16:23:43 +0000 (16:23 +0000)]
Import a copy of ucpp, lightweight cpp that doesn't depend
on the 'comp' set. Moving from xenocara with a new name.
ok deraadt@.
schwarze [Sat, 12 Jul 2014 16:13:36 +0000 (16:13 +0000)]
Start fixing issues that beck@ helped find:
Distinguish between man(1) and apropos(1) mode by adding back the classical
QUERY_STRING variable "apropos=". Change the default back to "apropos=0".
Control it by adding a HTML <SELECT> element for it.
Rename the "expr=" QUERY_STRING variable back to its classical name "query=",
i don't see how the new name is better than the classical one.
While here, drop the concept of a "legacy mode". Simply continue to
support the features, and use what we consider best.
henning [Sat, 12 Jul 2014 16:10:04 +0000 (16:10 +0000)]
/* this has no effect on IP, and will kill all ISO connections XXX */
farewell, then. has been #ifdef notyet for the last 19 years
mpi [Sat, 12 Jul 2014 16:07:06 +0000 (16:07 +0000)]
Grammar, from stsp@
miod [Sat, 12 Jul 2014 16:03:36 +0000 (16:03 +0000)]
if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
jsing [Sat, 12 Jul 2014 16:01:28 +0000 (16:01 +0000)]
Add an initial regress test for libressl, which calls ressl from Go and
makes it talk to a Go TLS server.
ajacoutot [Sat, 12 Jul 2014 16:00:27 +0000 (16:00 +0000)]
cksum -> sha256
That means sysmerge(8) may be a little more interactive the next time you
run it.
ajacoutot [Sat, 12 Jul 2014 15:58:14 +0000 (15:58 +0000)]
Use sha256(1) for compared files, just like we do for examples.
pirofti [Sat, 12 Jul 2014 15:53:44 +0000 (15:53 +0000)]
Add support for Get Port Status requests.
miod [Sat, 12 Jul 2014 15:53:34 +0000 (15:53 +0000)]
more MLINKs
benno [Sat, 12 Jul 2014 15:47:18 +0000 (15:47 +0000)]
fix relay "append header" action, add regression test for append
ok reyk
beck [Sat, 12 Jul 2014 15:43:49 +0000 (15:43 +0000)]
guard inclusion of sys/sysctl.h so we can detect at compile time and
keep linux distros happy that don't have it.
ok bcook@
ajacoutot [Sat, 12 Jul 2014 15:38:42 +0000 (15:38 +0000)]
Create the examples checksum for sysmerge at release time.
"move ahead" deraadt@
robert [Sat, 12 Jul 2014 15:32:43 +0000 (15:32 +0000)]
replace the heavy shell magic in quirks to handle backward compat with simpler
methods
ajacoutot [Sat, 12 Jul 2014 15:31:54 +0000 (15:31 +0000)]
Initial support for /etc/examples.
pirofti [Sat, 12 Jul 2014 15:30:43 +0000 (15:30 +0000)]
Add support for Get Hub Descriptor requests.
rpe [Sat, 12 Jul 2014 15:27:15 +0000 (15:27 +0000)]
xbase has its own cpp now so it doesn't depend on comp anymore.
Remove the code introduced in r1.723 to tie them together.
OK deraadt@
stsp [Sat, 12 Jul 2014 15:26:54 +0000 (15:26 +0000)]
Rework zyd(4)'s register read/write methods to eliminate race conditions.
Read commands were issued via asynchronous transfers and replies were
expected after a fixed tsleep() timeout. Upon timeout zyd simply freed
the xfer even if it was still in-flight within the USB stack. This could
cause havoc such as making all USB ports on the system unusable until reboot.
ehci_freex: xfer=0xfffffe811e63e9d8 not busy, 0x4f4e5155
("busy" here would indicate the xfer is done and marked for being freed)
To fix this, issue read commands with synchronous transfers so the xfer
can always complete. Split read/write code paths into separate methods.
Add a flag that tells us if a reply was received in interrupt context
while the read path waited in tsleep().
With and ok mpi@
miod [Sat, 12 Jul 2014 14:58:32 +0000 (14:58 +0000)]
Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() and
X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them,
like all the other well-behaved *_CTX_free() functions do.
yasuoka [Sat, 12 Jul 2014 14:55:22 +0000 (14:55 +0000)]
Fix the sentence in the BUGS section. Colon is usable for password.
Also add a mention about the escape sequence for the password.
pointed out giovanni
ajacoutot [Sat, 12 Jul 2014 14:51:07 +0000 (14:51 +0000)]
Shuffle more stuffs around, remove most commented blocks, just sort by
number and make the file easier on the eyes.
discussed with deraadt@
deraadt [Sat, 12 Jul 2014 14:48:00 +0000 (14:48 +0000)]
remove gratuitous differences, ok beck
deraadt [Sat, 12 Jul 2014 14:46:31 +0000 (14:46 +0000)]
remove gratuitous differences, ok beck bcook
yasuoka [Sat, 12 Jul 2014 14:43:32 +0000 (14:43 +0000)]
Correct the sentence in the BUGS section. Colon chars are usable as a
string value and usage of it in type is documented in the other section.
ok jmc
stsp [Sat, 12 Jul 2014 14:39:31 +0000 (14:39 +0000)]
Fix netstart after autoconf6 change so 'rtsol' lines in hostname.if work again.
found by pelikan@; ok pelikan@ henning@
ajacoutot [Sat, 12 Jul 2014 14:38:38 +0000 (14:38 +0000)]
Sync with IANA.
"fine" claudio@ deraadt@
pirofti [Sat, 12 Jul 2014 14:37:17 +0000 (14:37 +0000)]
I don't need to treat the (half-)empty Tx and Rx FIFO cases.
Only the DMA-challenged host controllers need to, so don't panic!
While at it add some more debug messages when the interrupt returns 0.
reyk [Sat, 12 Jul 2014 14:34:13 +0000 (14:34 +0000)]
Move HTTP error codes into http.h.
ok benno@
pirofti [Sat, 12 Jul 2014 14:31:20 +0000 (14:31 +0000)]
Add support for the CLEAR FEATURE requests.
mpi [Sat, 12 Jul 2014 14:26:00 +0000 (14:26 +0000)]
Always create a local route for every configured IPv4 address on the
machine and restore the original behavior of RTM_ADD and RTM_DELETE
by always generating one message per locally configured address.
This time, make sure the local route is removed during an address change,
since at least pppoe(4) do some funky magics with wildcard addresses that
might corrupt the routing tree, as found by naddy@
Also do not add a local route if the specified address is 0.0.0.0, to
prevent a tree corruption, as found by guenther@.
Putting this in now so that it gets tested, claudio@ agrees. Please
contact me if you find any route-related regression caused by this
change.
jsg [Sat, 12 Jul 2014 14:18:06 +0000 (14:18 +0000)]
remove ifdef'd out valleyview/baytrail device lists
on linux versions before 3.11 i915_pci_probe() doesn't match valleyview
unless i915_preliminary_hw_support is specified as a module parameter.
our drm code is currently based on linux 3.8, so it seems unlikely
that the valleyview support we have works.
jasper [Sat, 12 Jul 2014 14:15:06 +0000 (14:15 +0000)]
fix annoying bug where the first character would be eaten, cnischar() was
wreaking havoc.
from miod@
reyk [Sat, 12 Jul 2014 14:15:04 +0000 (14:15 +0000)]
Sync msgbuf_write() changes from relayd.
Please note that proc.c should be kept identical in relayd, iked and
snmpd (currently without the includes).
ok benno@
jasper [Sat, 12 Jul 2014 14:12:53 +0000 (14:12 +0000)]
- fill in cninit to enable rts