openbsd
6 years agoSplit the pf(4) fragment reassembly queue into smaller parts.
bluhm [Sat, 8 Sep 2018 13:16:58 +0000 (13:16 +0000)]
Split the pf(4) fragment reassembly queue into smaller parts.
Remember 16 entry points based on the fragment offset.  Instead of
a worst case of 8196 list traversals we now check a maximum of 512
list entries or 16 array elements.
discussed with claudio@ and sashan@; OK sashan@

6 years agoRegress tests for as-set and prefix-set blocks
claudio [Sat, 8 Sep 2018 13:10:55 +0000 (13:10 +0000)]
Regress tests for as-set and prefix-set blocks

6 years agoAdd some additional config regress tests. Testing neighbor, group and rdomain.
claudio [Sat, 8 Sep 2018 12:32:01 +0000 (12:32 +0000)]
Add some additional config regress tests. Testing neighbor, group and rdomain.

6 years agoMore BGPD_OPT_NOACTION checking to make regress happier.
claudio [Sat, 8 Sep 2018 12:29:19 +0000 (12:29 +0000)]
More BGPD_OPT_NOACTION checking to make regress happier.

6 years agoIf BGPD_OPT_NOACTION is set don't check that the rdomain exists.
claudio [Sat, 8 Sep 2018 12:18:51 +0000 (12:18 +0000)]
If BGPD_OPT_NOACTION is set don't check that the rdomain exists.
This makes it possible to use bgpd -nv in regress with unknown rdomains.

6 years agoFix indent and adjust line fit to 80 columns.
inoguchi [Sat, 8 Sep 2018 11:12:27 +0000 (11:12 +0000)]
Fix indent and adjust line fit to 80 columns.

6 years agoindent labels
tb [Sat, 8 Sep 2018 10:31:24 +0000 (10:31 +0000)]
indent labels

6 years agomissing word & a couple of typos
tb [Sat, 8 Sep 2018 10:20:33 +0000 (10:20 +0000)]
missing word & a couple of typos

6 years agouse symbolic integer values for the different tls options when relaying,
eric [Sat, 8 Sep 2018 10:05:07 +0000 (10:05 +0000)]
use symbolic integer values for the different tls options when relaying,
rather than a confusing set of flags.

ok gilles@

6 years agoSplit test blocks into a function. Test contents are not changed.
inoguchi [Sat, 8 Sep 2018 09:34:12 +0000 (09:34 +0000)]
Split test blocks into a function. Test contents are not changed.

6 years agoChange the way we parse prefix-sets so that newlines are allowed in more
claudio [Sat, 8 Sep 2018 09:33:54 +0000 (09:33 +0000)]
Change the way we parse prefix-sets so that newlines are allowed in more
places and so prefix-sets look a lot better. Currently commas are not allowed
but they will come back soon.
OK benno@

6 years agoFix print_as_sets() a bit.
claudio [Sat, 8 Sep 2018 09:29:25 +0000 (09:29 +0000)]
Fix print_as_sets() a bit.
OK benno@

6 years agoadd a check for curly braces in a macro being used inside a filter
benno [Sat, 8 Sep 2018 09:18:34 +0000 (09:18 +0000)]
add a check for curly braces in a macro being used inside a filter
rule with curly braces

6 years agoRemove optional commas from example config. In the future these optional
claudio [Sat, 8 Sep 2018 08:00:21 +0000 (08:00 +0000)]
Remove optional commas from example config. In the future these optional
commas may become a syntax error.

6 years agoTest more ciphers and randomize the order in regress appstest.sh
inoguchi [Sat, 8 Sep 2018 03:39:51 +0000 (03:39 +0000)]
Test more ciphers and randomize the order in regress appstest.sh

- change test target ciphers
- randomize the test ciphers order
- display test cipher count

6 years agoblkfree() takes no action for NULL pointer so callers can avoid checking.
miko [Sat, 8 Sep 2018 01:28:39 +0000 (01:28 +0000)]
blkfree() takes no action for NULL pointer so callers can avoid checking.

ok jca@

6 years agoDon't cause an error when setting the same rdomain.
yasuoka [Sat, 8 Sep 2018 01:03:59 +0000 (01:03 +0000)]
Don't cause an error when setting the same rdomain.
Found by asou at soum.co.jp.

ok claudio mpi akoshibe benno

6 years agoMore __func__ to fix error messages
kn [Fri, 7 Sep 2018 21:37:03 +0000 (21:37 +0000)]
More __func__ to fix error messages

6 years agoMake host_*() AF-agnostic
kn [Fri, 7 Sep 2018 20:31:39 +0000 (20:31 +0000)]
Make host_*() AF-agnostic

Merge host_v{4,6}() into much simpler host_ip() using just getaddrinfo().

host_dns() uses the same procedure.

OK naddy

6 years agoThe debug function trie_dump() should use stderr since that does not case
claudio [Fri, 7 Sep 2018 20:26:30 +0000 (20:26 +0000)]
The debug function trie_dump() should use stderr since that does not case
that much problem with the regress test which writes its stuff on stdout.

6 years agoFix function name in error messages by using __func__
kn [Fri, 7 Sep 2018 19:56:07 +0000 (19:56 +0000)]
Fix function name in error messages by using __func__

6 years agofix badly broken reload of filter rules that use prefix-sets. debugged
benno [Fri, 7 Sep 2018 16:45:23 +0000 (16:45 +0000)]
fix badly broken reload of filter rules that use prefix-sets. debugged
and fixed with/by claudio@

6 years agoNot adding ::1 on non-default lo(4) broke regress/sbin/route.
bluhm [Fri, 7 Sep 2018 16:26:21 +0000 (16:26 +0000)]
Not adding ::1 on non-default lo(4) broke regress/sbin/route.
Adjust test's expected output files.
OK mpi@

6 years agoRegress test for rde_trie should cover some basics for now.
claudio [Fri, 7 Sep 2018 16:10:42 +0000 (16:10 +0000)]
Regress test for rde_trie should cover some basics for now.

6 years agofgetln(3) -> getline(3); from Lauri Tirkkonen; ok millert@
cheloha [Fri, 7 Sep 2018 14:54:49 +0000 (14:54 +0000)]
fgetln(3) -> getline(3); from Lauri Tirkkonen; ok millert@

6 years agoRemove wildcard address on loopack remnants
kn [Fri, 7 Sep 2018 14:16:22 +0000 (14:16 +0000)]
Remove wildcard address on loopack remnants

henning@ removed this functionality years ago, see the share/man/man4/lo.4
revision 1.27.

OK jca claudio

6 years agotests all available TLSv1.2 ciphers
inoguchi [Fri, 7 Sep 2018 14:11:39 +0000 (14:11 +0000)]
tests all available TLSv1.2 ciphers

6 years agoRevert earlier revert.
martijn [Fri, 7 Sep 2018 13:46:33 +0000 (13:46 +0000)]
Revert earlier revert.
It turned out the issue was a badly applied diff on stsp@'s machine.

OK stsp@

6 years agoAdd missing htonl() else matching does not really work.
claudio [Fri, 7 Sep 2018 13:25:36 +0000 (13:25 +0000)]
Add missing htonl() else matching does not really work.

6 years agoremove some unused variables and otherwise tidy up a bit.
jmatthew [Fri, 7 Sep 2018 13:18:06 +0000 (13:18 +0000)]
remove some unused variables and otherwise tidy up a bit.

6 years agoFragment one large 64k IP ping packet into 155 fragments, each with
bluhm [Fri, 7 Sep 2018 13:10:38 +0000 (13:10 +0000)]
Fragment one large 64k IP ping packet into 155 fragments, each with
424 bytes payload.  Send them in random order.  Expect a fragment
with matching echo reply header.

6 years agoDocument the spin CPU state column
solene [Fri, 7 Sep 2018 12:54:44 +0000 (12:54 +0000)]
Document the spin CPU state column

ok yasuoka@ jca@

6 years agoRemove unnused af argument from unmask(), sync with pfctl
kn [Fri, 7 Sep 2018 12:43:30 +0000 (12:43 +0000)]
Remove unnused af argument from unmask(), sync with pfctl

Noted by jca, thanks.

OK jca claudio

6 years agoremove unused function find_prefixsetitem(), ok claudio@
benno [Fri, 7 Sep 2018 11:50:32 +0000 (11:50 +0000)]
remove unused function find_prefixsetitem(), ok claudio@

6 years agoBackout recent cp(1) changes; they broke texlive's mktexlsr(1)
stsp [Fri, 7 Sep 2018 11:01:22 +0000 (11:01 +0000)]
Backout recent cp(1) changes; they broke texlive's mktexlsr(1)

6 years agoSome space fixes mentioned by benno@
claudio [Fri, 7 Sep 2018 10:59:16 +0000 (10:59 +0000)]
Some space fixes mentioned by benno@

6 years agoExplain the special case for redirect to localhost in a comment.
bluhm [Fri, 7 Sep 2018 10:55:35 +0000 (10:55 +0000)]
Explain the special case for redirect to localhost in a comment.
input and OK claudio@

6 years agoImplement a fast presix-set lookup. This magic trie is able to match a
claudio [Fri, 7 Sep 2018 10:49:22 +0000 (10:49 +0000)]
Implement a fast presix-set lookup. This magic trie is able to match a
prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a
prefix including prefixlen range). Every addr/plen pair is a node in the
trie and the prefixlen is added as a bitmask to those nodes.
For the lookup the any match is OK, there is no need to do longest or
best prefix matching.
Inspiration for this solution comes from the way bird implements this
which was done by Ondrej Zajicek santiago (at) crfreenet.org
OK benno@

6 years agoMake print_hostname() less AF-specific
kn [Fri, 7 Sep 2018 10:29:22 +0000 (10:29 +0000)]
Make print_hostname() less AF-specific

Reduce differences address families and replace strlcpy() with simpler
if/else logic as done in print_addr_str().

OK sashan

6 years agoDeclare strings passed to local_listen() as const. This makes it
bluhm [Fri, 7 Sep 2018 09:55:29 +0000 (09:55 +0000)]
Declare strings passed to local_listen() as const.  This makes it
consistent to remote_connect() and getaddrinfo(3).
from Nan Xiao

6 years agoallow as4number_any in as-sets. Otherwise you cant filter bogon as'es.
benno [Fri, 7 Sep 2018 09:38:04 +0000 (09:38 +0000)]
allow as4number_any in as-sets. Otherwise you cant filter bogon as'es.
ok claudio@

6 years agoRefactor a bit and add another test
claudio [Fri, 7 Sep 2018 09:31:14 +0000 (09:31 +0000)]
Refactor a bit and add another test

6 years agoDo not send a Content-Length header for 1xx and 204 status codes since
florian [Fri, 7 Sep 2018 09:31:13 +0000 (09:31 +0000)]
Do not send a Content-Length header for 1xx and 204 status codes since
RFC 7230 states that a server MUST NOT do so.
At least relayd chokes on this.

Pointed out & diff by Carlin Bingham (cb AT walcyrge.org), thanks!
OK benno

6 years agoAdd a basic unittest for the as_set_* functions
claudio [Fri, 7 Sep 2018 08:40:00 +0000 (08:40 +0000)]
Add a basic unittest for the as_set_* functions

6 years agoMove the config regress tests into own directory making space for additional
claudio [Fri, 7 Sep 2018 08:38:35 +0000 (08:38 +0000)]
Move the config regress tests into own directory making space for additional
unittests and maybe more. bgpd needs more test coverage.
Discussed with bluhm@

6 years agoFix the build after removing an unused af argument from unmask().
kevlo [Fri, 7 Sep 2018 07:49:43 +0000 (07:49 +0000)]
Fix the build after removing an unused af argument from unmask().

ok claudio@

6 years agoRename dne in copy_file to exists to be more consistent with the other
martijn [Fri, 7 Sep 2018 07:44:15 +0000 (07:44 +0000)]
Rename dne in copy_file to exists to be more consistent with the other
copy_* functions.

OK stsp@

6 years agoreplace malloc()+strlcpy() with strndup() in cmdline_symset().
miko [Fri, 7 Sep 2018 07:35:30 +0000 (07:35 +0000)]
replace malloc()+strlcpy() with strndup() in cmdline_symset().

"looks good" gilles@ halex@

6 years agoFix "_nfiles" reference for crash dump.
yasuoka [Fri, 7 Sep 2018 07:24:05 +0000 (07:24 +0000)]
Fix "_nfiles" reference for crash dump.
Diff from fukaumi at soum.co.jp

ok mpi

6 years agoAlso verify a overwrite for the copy of a fifo, link and device node.
martijn [Fri, 7 Sep 2018 07:17:14 +0000 (07:17 +0000)]
Also verify a overwrite for the copy of a fifo, link and device node.

OK stsp@

6 years agoMove the question to allow a copy to its own function.
martijn [Fri, 7 Sep 2018 07:14:25 +0000 (07:14 +0000)]
Move the question to allow a copy to its own function.

OK stsp@

6 years agoThe combination of -v and -i and the deny of a copy would cause the copy
martijn [Fri, 7 Sep 2018 07:11:16 +0000 (07:11 +0000)]
The combination of -v and -i and the deny of a copy would cause the copy
still to be printed. This fixes that edge-case.

OK stsp@

6 years agotweak previous;
jmc [Fri, 7 Sep 2018 06:33:05 +0000 (06:33 +0000)]
tweak previous;

6 years agoRemove some newlines that have gone with last commit.
claudio [Fri, 7 Sep 2018 06:10:30 +0000 (06:10 +0000)]
Remove some newlines that have gone with last commit.

6 years agoWhen parsing AS numbers set both as_min and as_max to the parsed value.
claudio [Fri, 7 Sep 2018 05:47:02 +0000 (05:47 +0000)]
When parsing AS numbers set both as_min and as_max to the parsed value.
Not strictly needed but better to have both initialized.

6 years agoAdd a dummy as_set_match() function since it is needed to link util.c now.
claudio [Fri, 7 Sep 2018 05:44:58 +0000 (05:44 +0000)]
Add a dummy as_set_match() function since it is needed to link util.c now.

6 years agoImplement as-set a fast lookup table to be used instead of long list of
claudio [Fri, 7 Sep 2018 05:43:33 +0000 (05:43 +0000)]
Implement as-set a fast lookup table to be used instead of long list of
AS numbers in source-as, AS and transit-as filterstatements. These table
use bsearch to quickly verify if an AS is in the set or not.
The filter syntax is not fully set in stone yet.
OK denis@ benno@ and previously OK deraadt@

6 years agoAdd FALLTHROUGH comments where appropriate. Patch from jjelen at redhat
dtucker [Fri, 7 Sep 2018 04:26:56 +0000 (04:26 +0000)]
Add FALLTHROUGH comments where appropriate.  Patch from jjelen at redhat
via bz#2687.

6 years agoclarify that goto error in alloc_all_endpoints_fixed_ep() always returns
miko [Fri, 7 Sep 2018 04:03:30 +0000 (04:03 +0000)]
clarify that goto error in alloc_all_endpoints_fixed_ep() always returns
USBD_INVAL.

ok mpi@

6 years agomove initial jack count to alloc_all_endpoints(), and reset count to zero
miko [Fri, 7 Sep 2018 03:54:12 +0000 (03:54 +0000)]
move initial jack count to alloc_all_endpoints(), and reset count to zero
in free_all_jacks().

ok stsp@ ratchov@

6 years agossh -MM requires confirmation for all operations that change the
djm [Fri, 7 Sep 2018 01:42:54 +0000 (01:42 +0000)]
ssh -MM requires confirmation for all operations that change the
multiplexing state, not just new sessions.

mention that confirmation is checked via ssh-askpass

6 years agoAdd retguard macros to cpu_switchto, setjmp, longjmp.
mortimer [Fri, 7 Sep 2018 01:32:01 +0000 (01:32 +0000)]
Add retguard macros to cpu_switchto, setjmp, longjmp.
ok kettenis@

6 years agoUse getline() for the network bulk code. Also make the parser better by
claudio [Thu, 6 Sep 2018 18:38:06 +0000 (18:38 +0000)]
Use getline() for the network bulk code. Also make the parser better by
doing tokenizing on spaces and correctly ignore comments.
This should make this feature in general more robust.
OK benno@

6 years agoDrop SSL_CIPHER_ALGORITHM2_AEAD flag.
jsing [Thu, 6 Sep 2018 16:40:45 +0000 (16:40 +0000)]
Drop SSL_CIPHER_ALGORITHM2_AEAD flag.

All of our algorithm_mac == SSL_AEAD cipher suites use EVP_AEAD, so we can
condition on that rather than having a separate redundant flag.

ok tb@

6 years agoget rid of a temp file, noted by claudio@
benno [Thu, 6 Sep 2018 15:55:30 +0000 (15:55 +0000)]
get rid of a temp file, noted by claudio@

6 years agoIf we cannot stop the endpoint when aborting a transfer assume that
mpi [Thu, 6 Sep 2018 15:39:48 +0000 (15:39 +0000)]
If we cannot stop the endpoint when aborting a transfer assume that
the device is gone and give back the descriptor to the stack.

Without this usbd_abort_pipe() could end up in an infinite loop.

Issue reported by Tom Murphy.

6 years agowhen people update /etc/example/bgpd.conf, the forget to update the
benno [Thu, 6 Sep 2018 15:16:01 +0000 (15:16 +0000)]
when people update /etc/example/bgpd.conf, the forget to update the
regression test.

- make bgpd-example just check the config file we ship,
to make sure the config is not broken

- make bgpd-printconf checks a config file, writes the parsed output to a file
and checks if that file is parsable config, i.e. this check makes sure that
the config printer produces parsable configuration.

This way we still have to update the regression tests when the syntax
changes, and we fail if the commited example is bad, but we do not fail
just because someone forgot to update a file here.

ok claudio

6 years agoRemove unused af argument from unmask()
kn [Thu, 6 Sep 2018 15:07:33 +0000 (15:07 +0000)]
Remove unused af argument from unmask()

This has been unused for years.

While here, zap the duplicate function signature from pfctl.h (already
present in pfctl_parser.h); spotted by sashan, thanks.

OK sashan

6 years agoFill netmask AF-independently in print_host()
kn [Thu, 6 Sep 2018 14:46:36 +0000 (14:46 +0000)]
Fill netmask AF-independently in print_host()

Instead of masking the host address in two different ways, just fill it
no matter the address family. In case of AF_INET, setting the extra 96 bit
does not hurt.

While here, stop resetting `af' for no reason and move up the variable
declaration.

OK benno sashan

6 years agoDo not close the socket twice in netcat.
bluhm [Thu, 6 Sep 2018 13:23:02 +0000 (13:23 +0000)]
Do not close the socket twice in netcat.
from Nan Xiao; OK tb@

6 years agofix whitespace
jsg [Thu, 6 Sep 2018 11:50:53 +0000 (11:50 +0000)]
fix whitespace

6 years agoImplement 64-bit DMA support in sdhc(4).
patrick [Thu, 6 Sep 2018 10:15:17 +0000 (10:15 +0000)]
Implement 64-bit DMA support in sdhc(4).

tested in snaps
ok kettenis@

6 years agoexecute the same code for failure of assign_all_jacks_automatically()
miko [Thu, 6 Sep 2018 09:48:23 +0000 (09:48 +0000)]
execute the same code for failure of assign_all_jacks_automatically()
and attach_all_mididevs(). this ensures unbind_all_jacks() and
usbd_deactivate() happen for both cases.

ok ratchov@

6 years agosync icmp_mtudisc_clone() with icmp6_mtudisc_clone(); prompted by bluhm@
miko [Thu, 6 Sep 2018 03:42:21 +0000 (03:42 +0000)]
sync icmp_mtudisc_clone() with icmp6_mtudisc_clone(); prompted by bluhm@

6 years agoMove AF-specific mask logic from callers into set_ipmask()
kn [Wed, 5 Sep 2018 21:16:26 +0000 (21:16 +0000)]
Move AF-specific mask logic from callers into set_ipmask()

Instead of doing the same dance with every caller, check for user provided
mask or address familiy specific maximum inside the function itself.

Feedback and OK claudio

6 years agosynchronize resolver code with smtpd
eric [Wed, 5 Sep 2018 17:32:56 +0000 (17:32 +0000)]
synchronize resolver code with smtpd

6 years agoImplement most prefixlen operations as OP_RANGE (prefixlen A - B).
claudio [Wed, 5 Sep 2018 17:32:43 +0000 (17:32 +0000)]
Implement most prefixlen operations as OP_RANGE (prefixlen A - B).
Simplify the RDE logic this way and make it possible to load such ranges
into a much faster lookup trie for prefix-sets.
When printing the config bgpd tries to use the nices way to express the rule:
e.g.    match from any prefix 18.0.0.0/8 prefixlen 8 - 32
becomes match from any prefix 18.0.0.0/8 or-longer
Apart from that there is no user visible change because of this.
OK sthen@

6 years agoUse the newer/more sensible names for EVP_MD_CTX_* functions.
jsing [Wed, 5 Sep 2018 16:58:59 +0000 (16:58 +0000)]
Use the newer/more sensible names for EVP_MD_CTX_* functions.

 EVP_MD_CTX_create -> EVP_MD_CTX_new
 EVP_MD_CTX_destroy -> EVP_MD_CTX_free

This should make the intent more obvious and reduce head scratching during
code reviews.

Raised by tb@

6 years agoCorrectly clear the current cipher state, when changing cipher state.
jsing [Wed, 5 Sep 2018 16:48:11 +0000 (16:48 +0000)]
Correctly clear the current cipher state, when changing cipher state.

When a renegotiation results in a change of cipher suite, the renegotation
would fail if it switched from AEAD to non-AEAD or vice versa. This is due
to the fact that the previous EVP_AEAD or EVP_CIPHER state remained,
resulting in incorrect logic that caused MAC failures.

Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it
into separate read/write components, then call these functions from the
appropriate places when a ChangeCipherSpec message is being processed.
Also, remove the separate ssl_clear_hash_ctx() calls and fold these into
the ssl_clear_cipher_{read,write}_state() functions.

Issue reported by Bernard Spil, who also tested this diff.

ok tb@

6 years agoBack out 1.4, it broke things
jcs [Wed, 5 Sep 2018 16:34:58 +0000 (16:34 +0000)]
Back out 1.4, it broke things

6 years agoSerialize synchronous commands with a rwlock.
mpi [Wed, 5 Sep 2018 14:03:28 +0000 (14:03 +0000)]
Serialize synchronous commands with a rwlock.

Prevent triggering an assert if two drivers try to submit a command
at the same time.

Issue reported by Tom Murphy.

6 years agorename flag
eric [Wed, 5 Sep 2018 10:15:41 +0000 (10:15 +0000)]
rename flag

ok gilles@

6 years agoAdjust after change of struct filter_as.
claudio [Wed, 5 Sep 2018 09:50:43 +0000 (09:50 +0000)]
Adjust after change of struct filter_as.
OK phessler@

6 years agoChange the way as_compare() and aspath_match() handle 'neighbor-as'. Instead
claudio [Wed, 5 Sep 2018 09:49:57 +0000 (09:49 +0000)]
Change the way as_compare() and aspath_match() handle 'neighbor-as'. Instead
of doing the condition before calling aspath_match() just pass the neighbor-as
down to as_compare() which then has all needed data for the lookup. While
doing this also remove one of the as fields in struct filter_as since the
min/max fields can be reused for unary operations.
OK denis@ phessler@

6 years agofactor error code in icmp6_mtudisc_clone(); ok kn@ florian@
miko [Wed, 5 Sep 2018 09:47:18 +0000 (09:47 +0000)]
factor error code in icmp6_mtudisc_clone(); ok kn@ florian@

6 years agoAdd "op" column for CP_SPIN. Diff from fukaumi at soum.co.jp
yasuoka [Wed, 5 Sep 2018 09:35:49 +0000 (09:35 +0000)]
Add "op" column for CP_SPIN.  Diff from fukaumi at soum.co.jp

ok solene

6 years agorename token to match naming convention
gilles [Wed, 5 Sep 2018 08:47:34 +0000 (08:47 +0000)]
rename token to match naming convention

ok eric@

6 years agoUse error label in host_if()
kn [Wed, 5 Sep 2018 08:47:21 +0000 (08:47 +0000)]
Use error label in host_if()

This brings it in line with host() and host_dns().

OK sashan miko

6 years agoChange verification of communities a bit. Move the flag checking first since
claudio [Wed, 5 Sep 2018 07:31:29 +0000 (07:31 +0000)]
Change verification of communities a bit. Move the flag checking first since
it is currently terminal and then do the length check. If that one triggers
do a treat-as-withdraw but at the same time drop the bad attribute since it
is better to not have invalid attributes in the Adj-RIB-In since most code
does not expect that.
OK benno@

6 years agosome text improvements from matt schwartz; ok gilles
jmc [Wed, 5 Sep 2018 07:19:35 +0000 (07:19 +0000)]
some text improvements from matt schwartz; ok gilles

6 years agodo not use the literal string "label" as our example label; ok gilles
jmc [Wed, 5 Sep 2018 07:16:08 +0000 (07:16 +0000)]
do not use the literal string "label" as our example label; ok gilles

6 years agorework the text about "label" somewhat for clarity; ok eric
jmc [Wed, 5 Sep 2018 05:58:49 +0000 (05:58 +0000)]
rework the text about "label" somewhat for clarity; ok eric

6 years agoAdd defines for dealing with PCID support in cr3
guenther [Wed, 5 Sep 2018 04:23:18 +0000 (04:23 +0000)]
Add defines for dealing with PCID support in cr3

ok mlarkin@

6 years agouse timing-safe compares for checking results in signature verification
djm [Wed, 5 Sep 2018 00:55:33 +0000 (00:55 +0000)]
use timing-safe compares for checking results in signature verification
(there are no known attacks, this is just inexpensive prudence)

feedback and ok tb@ jsing@

6 years agoForgot to rename pf_frent_holes() prototype in previous commit.
bluhm [Tue, 4 Sep 2018 20:34:10 +0000 (20:34 +0000)]
Forgot to rename pf_frent_holes() prototype in previous commit.

6 years agoAvoid traversing the list of fragment entris to check whether the
bluhm [Tue, 4 Sep 2018 19:09:39 +0000 (19:09 +0000)]
Avoid traversing the list of fragment entris to check whether the
pf(4) reassembly is complete.  Instead count the holes that are
created when inserting a fragment.  If there are no holes left, the
fragments are continuous.
idea from claudio@; OK claudio@ sashan@

6 years agoremove useless session flag
eric [Tue, 4 Sep 2018 17:19:00 +0000 (17:19 +0000)]
remove useless session flag

ok gilles@

6 years agomove readmes detection to find_extractible, so that only changed/new readmes
espie [Tue, 4 Sep 2018 14:46:12 +0000 (14:46 +0000)]
move readmes detection to find_extractible, so that only changed/new readmes
are recorded.

Be more specific and list those readmes in alphabetic order at end.

6 years agodocument PKGSTEM changes
espie [Tue, 4 Sep 2018 13:57:46 +0000 (13:57 +0000)]
document PKGSTEM changes

6 years agoupon mda failure, smtpd would assume tempfail and retry. this is at odds
gilles [Tue, 4 Sep 2018 13:04:42 +0000 (13:04 +0000)]
upon mda failure, smtpd would assume tempfail and retry. this is at odds
with the other MTA which assume a permfail unless the exit status is one
of a specific set. make smtpd honour the same exit statuses as postfix.

note that all errors that occur before the user mda is executed (fork, pipe
and related) are still considered tempfail, only errors coming from the mda
itself are handled as permfail.

this commit is a temporary solution as i believe the SIGCHLD handler is way
more complex than it should be and we'll simplify it after 6.4 is out.

ok eric@