espie [Fri, 17 Jan 2014 11:09:36 +0000 (11:09 +0000)]
tweak documentation to match what's going on
espie [Fri, 17 Jan 2014 10:59:18 +0000 (10:59 +0000)]
as requested by theo, invoke signify in the EXAMPLE order.
espie [Fri, 17 Jan 2014 10:55:01 +0000 (10:55 +0000)]
default signer less picky, just select by function, e.g., *pkg or *fw.
espie [Fri, 17 Jan 2014 10:54:14 +0000 (10:54 +0000)]
tweak the interface to generating signatures yet again.
- assume key names match, deduce signer from sec key.
e.g., -s signify -s 55pkg.sec
will set signer to 55pkg and look for a pubkey named 55pkg.pub,
either besides 55pkg.sec or in /etc/signify.
- verify there's no mismatch, if possible, by verifying the first package
signed.
- also build a SHA256 on the fly while signing.
dtucker [Fri, 17 Jan 2014 06:23:24 +0000 (06:23 +0000)]
fix log message statvfs. ok djm
dtucker [Fri, 17 Jan 2014 05:26:41 +0000 (05:26 +0000)]
remove unused includes. ok djm@
lteo [Fri, 17 Jan 2014 03:38:12 +0000 (03:38 +0000)]
Add a new example showing how to verify bsd.rd with signify and the new
sha256 -C option.
suggested by deraadt@
help/OK jmc@ tedu@
halex [Fri, 17 Jan 2014 01:15:27 +0000 (01:15 +0000)]
add signature checking and make checksum procedure more robust by
prefetching sets to a temporary directory within /home, iff it is a
separate mount point
with rpe@ and deraadt@, "ffiinaallllyyy .... OK" rpe@ (r.i.p. progress bars)
djm [Fri, 17 Jan 2014 00:21:06 +0000 (00:21 +0000)]
signed/unsigned comparison warning fix; from portable
tobias [Thu, 16 Jan 2014 21:45:33 +0000 (21:45 +0000)]
Avoid size_t overflow in apprentice_map.
ok millert
tobias [Thu, 16 Jan 2014 21:41:22 +0000 (21:41 +0000)]
Avoid size_t overflow while reading /etc/resolv.conf.tail.
ok krw
brad [Thu, 16 Jan 2014 19:32:26 +0000 (19:32 +0000)]
Appease LLVM's integrated assembler. Matches the same code as it exists
for i386.
error: ambiguous instructions require an explicit suffix (could be 'cmpb', 'cmpw', 'cmpl', or 'cmpq')
ok mlarkin@
syl [Thu, 16 Jan 2014 10:36:33 +0000 (10:36 +0000)]
Remove an infinite loop in fuse_device_cleanup().
Spotted by pelikan@
Some input from stsp@
OK stsp@, pelikan@
mpi [Thu, 16 Jan 2014 10:26:21 +0000 (10:26 +0000)]
Replaces a lookup to find the link-layer address by accessing the if_sadl
member directly.
ok mikeb@
syl [Thu, 16 Jan 2014 09:31:44 +0000 (09:31 +0000)]
Add support for mknod in fuse.
OK tedu@
"it looks good to me" from guenther@
djm [Thu, 16 Jan 2014 07:32:00 +0000 (07:32 +0000)]
openssh-6.5
djm [Thu, 16 Jan 2014 07:31:09 +0000 (07:31 +0000)]
needless and incorrect cast to size_t can break resumption of
large download; patch from tobias@
jmc [Wed, 15 Jan 2014 16:07:27 +0000 (16:07 +0000)]
add -C to the man page, and adjust usage();
ok lteo
jmc [Wed, 15 Jan 2014 15:09:19 +0000 (15:09 +0000)]
for STANDARDS, not that the ability to specify a month name as a single
argument is also an extension;
ok sobrado
jmc [Wed, 15 Jan 2014 15:06:17 +0000 (15:06 +0000)]
fix SEE ALSO;
nicm [Wed, 15 Jan 2014 11:46:28 +0000 (11:46 +0000)]
Do not attempt to read .tmux.conf if we can't figure out a home
directory, from Tiago Cunha.
nicm [Wed, 15 Jan 2014 11:44:18 +0000 (11:44 +0000)]
Couple of fixes from cppcheck via Tiago Cunha.
aoyama [Wed, 15 Jan 2014 11:13:53 +0000 (11:13 +0000)]
Add WSDISPLAYIO_SETGFXMODE ioctl on LUNA's frame buffer.
This ioctl changes `pseudo' frame buffer depth, in order to use color
wscons and monochrome X server both. Also need to some
luna88k-specific initialization in
xenocara/driver/xf86-video-wsfb/src/wsfb_driver.c.
mpi [Wed, 15 Jan 2014 11:10:40 +0000 (11:10 +0000)]
Remove a hack to update the address and packet length for every device
request and instead re-open the default pipe with updated values when
attaching a new device, adapted from FreeBSD r162977.
This fixes a problem where the controller could have cached the previous
values and would fail to get the device descriptor, leaving the device
unrecognized with a message like: "device problem, disabling port n".
pirofti [Wed, 15 Jan 2014 11:01:46 +0000 (11:01 +0000)]
Add documentation for the octrtc driver.
pirofti [Wed, 15 Jan 2014 10:36:10 +0000 (10:36 +0000)]
Enable by default the DS1337 TOD clock.
pirofti [Wed, 15 Jan 2014 10:29:45 +0000 (10:29 +0000)]
Add support for the DS1337 TOD clocks found on some of the octeon models.
This is a very low resolution clock (1 second) that some models seem
to be blessed with.
Found at least on CAM-100 and DSR-500 models.
It seems the EdgeRouter doesn't have support for this.
Tested by jmatthew@ and bcallah@.
Okay miod@, bcallah@
mpi [Wed, 15 Jan 2014 09:25:38 +0000 (09:25 +0000)]
Remove assigned but never read value.
ok stsp@
deraadt [Wed, 15 Jan 2014 05:31:51 +0000 (05:31 +0000)]
remove functions that were uses by other (non-linux) compat; and
convert to ANSI protos while here
lteo [Wed, 15 Jan 2014 04:43:36 +0000 (04:43 +0000)]
Add support for a -C option. It works on a checklist like -c but only
does the checksum comparison for selected files that are specified on
the command line.
idea discussed with deraadt@ and tedu@
manpage feedback jmc@
feedback/OK deraadt@ millert@
sthen [Wed, 15 Jan 2014 02:25:34 +0000 (02:25 +0000)]
Initialise _res.nsaddr_list in res_init(), fixing some programs which depend
on bind resolver internals. Note, the list will not be updated if resolv.conf
is changed while the program runs unless the caller resets the RES_INIT flag.
Approach suggested by otto@, original diff from Kapetanakis Giannis, fix
suggested by tedu@ and dug up again by Riccardo Mottola. Looks ok to eric@.
rpe [Wed, 15 Jan 2014 00:55:21 +0000 (00:55 +0000)]
Since we now show the installer output we want that new line back.
OK halex@
espie [Wed, 15 Jan 2014 00:31:34 +0000 (00:31 +0000)]
pipes mean read/write may short out.
okay tedu@
martynas [Tue, 14 Jan 2014 22:26:30 +0000 (22:26 +0000)]
Add wcstring attribute support for Wbounded. To be used for wchar.h
which operates on element counts rather than buffer sizes. I'll start
annotating headers in a few weeks, after the hackathon. OK millert@.
tedu [Tue, 14 Jan 2014 21:34:30 +0000 (21:34 +0000)]
most common pbkdf failure is no password, so check that first.
prompted by fritjof
tedu [Tue, 14 Jan 2014 21:33:10 +0000 (21:33 +0000)]
rearrange the bottom of main so it is less of a "zoo". ok deraadt
miod [Tue, 14 Jan 2014 18:21:37 +0000 (18:21 +0000)]
build crt*S with -fPIC instead of -fpic
jmc [Tue, 14 Jan 2014 17:52:15 +0000 (17:52 +0000)]
add /etc/signify; description supplied by tedu
jmc [Tue, 14 Jan 2014 17:49:24 +0000 (17:49 +0000)]
stick that last example in a display, and avoid linewrap;
tedu [Tue, 14 Jan 2014 17:25:06 +0000 (17:25 +0000)]
this can be static
tedu [Tue, 14 Jan 2014 17:15:12 +0000 (17:15 +0000)]
stdlib.h for malloc. from Fritjof
naddy [Tue, 14 Jan 2014 13:59:45 +0000 (13:59 +0000)]
use a pipe, as intended, in the example
naddy [Tue, 14 Jan 2014 13:57:20 +0000 (13:57 +0000)]
fix public key names
espie [Tue, 14 Jan 2014 10:05:58 +0000 (10:05 +0000)]
reorder signature checks, we can do much more upfront.
clean up temp files always.
use a regexp for allowed keys, put default key up in front still.
mlarkin [Tue, 14 Jan 2014 09:57:51 +0000 (09:57 +0000)]
Typo in a printf, should be 'bytes' not 'blocks'
jmc [Tue, 14 Jan 2014 07:42:42 +0000 (07:42 +0000)]
update references to posix-2008, and point STANDARDS to some of the extension
notes listed in DESCRIPTION, for completeness sake;
ok otto sobrado
jmc [Tue, 14 Jan 2014 07:40:29 +0000 (07:40 +0000)]
sundry tweaks;
guenther [Tue, 14 Jan 2014 02:55:09 +0000 (02:55 +0000)]
No exception is made for symlinks in the spec, so use
fchmodat(AT_SYMLINK_NOFOLLOW) to set the mode on symlinks, pass
AT_SYMLINK_NOFOLLOW to utimensat(), and then let those be called
on symlinks by dropping the test that skipped them. Eliminate
set_lids() by changing set_ids() to use fchownat(AT_SYMLINK_NOFOLLOW)
and delete a redundant conditional in each of set_ftime()/fset_ftime().
suggested by espie@
ok millert@
guenther [Tue, 14 Jan 2014 02:44:57 +0000 (02:44 +0000)]
getnstr() returns KEY_RESIZE if there was a pending resize event, so loop
until it stops returning that, resetting the cursor position each time.
hint from Gregor Best (gbe (at) ring0.de)
problem noted by and ok sthen@
martynas [Tue, 14 Jan 2014 02:03:57 +0000 (02:03 +0000)]
Add a new option "-fstack-protector-strong" for GCC4. This includes
additional functions to be protected --- those that have local array
definitions, or have references to local frame addresses.
Note 1: Han explicitly licensed this under GPLv2 for us.
Note 2: Do *not* use this anywhere in "src" Makefiles, as the other
GCC doesn't have this option yet (but I'm working on it).
jeremy [Tue, 14 Jan 2014 01:02:46 +0000 (01:02 +0000)]
Add information on the new ruby21 FLAVOR, and add text about manually
checking PLISTs for gem ports with C extensions.
krw [Mon, 13 Jan 2014 23:42:18 +0000 (23:42 +0000)]
peek_token() a bit more to replace a bunch of manual checks with
the perfectly adequate parse_semi(). And some blocks didn't even
need to peek.
millert [Mon, 13 Jan 2014 23:18:57 +0000 (23:18 +0000)]
Add the "next" keyword as an alias for "+ 1" for relative times.
Also support "months" and "years" keywords when specified as relative
time units. All as per POSIX. Man page changes OK jmc@ sobrado@
millert [Mon, 13 Jan 2014 23:14:17 +0000 (23:14 +0000)]
Callers of get_state() and sole_reduction() always store the result
as a short so make the return value match the type of the value we
are returning. From Michael W. Bombardieri
bluhm [Mon, 13 Jan 2014 23:03:52 +0000 (23:03 +0000)]
Call all local valiables of type struct in6_ifaddr "ia6". This is
consistent with struct ifaddr "ifa" and struct in_ifaddr "ia".
OK mpi@
tedu [Mon, 13 Jan 2014 22:29:32 +0000 (22:29 +0000)]
update for new options and clarify
krw [Mon, 13 Jan 2014 21:36:46 +0000 (21:36 +0000)]
Don't eat another token looking for a ';' after skip_to_semi() has
been invoked. Fixes silent loss of the statement following a broken or
inapplicable 'interface' declaration in a lease, or an unrecognized
lease attribute.
krw [Mon, 13 Jan 2014 21:04:19 +0000 (21:04 +0000)]
No need to 'clear the peek buffer' when closing a file. The next
file opener will call new_parse() to initialize that amoung
other things. Nuke extraneous blank line in passing.
krw [Mon, 13 Jan 2014 20:56:24 +0000 (20:56 +0000)]
Don't eat two tokens when encountering a non-terminal '}'. Avoids
possibly ignoring entire rest of dhclient.conf or dhclient.leases.if
looking for a mistakenly consumed '}'.
espie [Mon, 13 Jan 2014 18:44:41 +0000 (18:44 +0000)]
fix another chmod on permanent tempfile to respect umask.
espie [Mon, 13 Jan 2014 18:42:34 +0000 (18:42 +0000)]
have Ustar extract owners for symlinks, which isn't really important for
pkg_add, since it skips links and restores owners from the plist anyways.
espie [Mon, 13 Jan 2014 10:07:32 +0000 (10:07 +0000)]
say something if we sign an empty repository
tweak mode on tmp signed file
mpi [Mon, 13 Jan 2014 09:48:12 +0000 (09:48 +0000)]
Iterate over the per interface address list instead of the global one
in IFP_TO_IA().
ok bluhm@, henning@, mikeb@
espie [Mon, 13 Jan 2014 09:42:53 +0000 (09:42 +0000)]
premature, only wanted to commit n: -> n
espie [Mon, 13 Jan 2014 09:41:16 +0000 (09:41 +0000)]
duh, -n does not take args
mpi [Mon, 13 Jan 2014 09:27:39 +0000 (09:27 +0000)]
Return the poison value in poison_check() and not the modified value.
ok tedu@
krw [Mon, 13 Jan 2014 02:38:52 +0000 (02:38 +0000)]
warning(), note(), debug(), parse_warn() always return 0, which no
caller checks or saves. So just void them all.
martynas [Mon, 13 Jan 2014 01:44:31 +0000 (01:44 +0000)]
Enable Wbounded by default. Passing bound bigger than the buffer
size almost always has security implications. I think this quote
from Theo summarizes the situation best:
Which is why it is important to have at least one unforgiving
platform in the ecosystem which properly labels shit shit.
That's OpenBSD. If anyone can't handle that, they can go to platforms
which hide the reality.
tedu [Mon, 13 Jan 2014 01:41:34 +0000 (01:41 +0000)]
new signify options. from and ok espie
tedu [Mon, 13 Jan 2014 01:41:00 +0000 (01:41 +0000)]
dang it!
tedu [Mon, 13 Jan 2014 01:40:43 +0000 (01:40 +0000)]
new day, new options. -m message and -x signature.
this should be less confusing and more consistent in various modes.
also support stdin/stdout where feasible. touch up usage to be helpful.
ok deraadt
deraadt [Sun, 12 Jan 2014 21:57:59 +0000 (21:57 +0000)]
Place a SHA256 (not SHA256.sig, sorry not yet) onto the install*.iso
media to give some upcoming changes a chance of working.
Long discussions with todd and rpe
tedu [Sun, 12 Jan 2014 21:18:52 +0000 (21:18 +0000)]
we only write to writable files, so use O_WRONLY.
st_size is only meaningful for regular files, so check S_ISREG
phessler [Sun, 12 Jan 2014 20:23:29 +0000 (20:23 +0000)]
revert back to 1.97
There is a memory leak when using internal GZip, so switch back to the
external gzip for now.
OK espie@
rpe [Sun, 12 Jan 2014 17:17:12 +0000 (17:17 +0000)]
add missing dash in -p option
OK tedu@ jmc@
stsp [Sun, 12 Jan 2014 15:38:06 +0000 (15:38 +0000)]
Remove no-op 'HIDE' macro from sppp code. This probably existed to allow
for easy switching to static functions. But we don't usually have static
functions in the kernel.
ok deraadt mpi mikeb
matthieu [Sun, 12 Jan 2014 15:07:47 +0000 (15:07 +0000)]
Directories updates for freetype 2.5.2
deraadt [Sun, 12 Jan 2014 11:32:47 +0000 (11:32 +0000)]
improve release directory example
deraadt [Sun, 12 Jan 2014 11:26:48 +0000 (11:26 +0000)]
plen is unsigned
deraadt [Sun, 12 Jan 2014 11:26:17 +0000 (11:26 +0000)]
sync
deraadt [Sun, 12 Jan 2014 11:26:08 +0000 (11:26 +0000)]
crank to 5.5beta
espie [Sun, 12 Jan 2014 11:18:57 +0000 (11:18 +0000)]
allow prev release keys for now, transition 5.4 -> 5.5 kindof requires
it.
jmc [Sun, 12 Jan 2014 09:33:32 +0000 (09:33 +0000)]
expand the "eval" description a little; from wiz@netbsd
djm [Sun, 12 Jan 2014 08:13:13 +0000 (08:13 +0000)]
avoid use of OpenSSL BIGNUM type and functions for KEX with
Curve25519 by adding a buffer_put_bignum2_from_string() that stores
a string using the bignum encoding rules. Will make it easier to
build a reduced-feature OpenSSH without OpenSSL in the future;
ok markus@
deraadt [Sun, 12 Jan 2014 05:46:50 +0000 (05:46 +0000)]
subtly improve an example
deraadt [Sun, 12 Jan 2014 04:37:51 +0000 (04:37 +0000)]
Also move case 'c' into the #ifdef for a smaller binary. It will fall into
default, giving a nice failure. I have not removed -c from the usage()
or getopt() because it is too much butchering...
krw [Sun, 12 Jan 2014 04:17:36 +0000 (04:17 +0000)]
Since the return value of read_client_conf() is not checked, don't
bother returning one.
deraadt [Sun, 12 Jan 2014 03:07:41 +0000 (03:07 +0000)]
update list of chips supported, Chris Hettrick
deraadt [Sun, 12 Jan 2014 01:40:12 +0000 (01:40 +0000)]
sync
halex [Sat, 11 Jan 2014 23:28:02 +0000 (23:28 +0000)]
when selecting sets to install, postpone the xbase/comp check so the
comp set does not get readded if the xbase set is being removed later
on the same input line
"nice semantics" deraadt@
naddy [Sat, 11 Jan 2014 22:26:01 +0000 (22:26 +0000)]
test pkg key for during the 5.5-beta sequence
sthen [Sat, 11 Jan 2014 22:18:06 +0000 (22:18 +0000)]
test fw key for during the 5.5-beta sequence
schwarze [Sat, 11 Jan 2014 22:16:03 +0000 (22:16 +0000)]
Remove useless use of strnlen(3).
Yuckiness pointed out by deraadt@.
deraadt [Sat, 11 Jan 2014 22:15:55 +0000 (22:15 +0000)]
test key for during the 5.5-beta sequence
espie [Sat, 11 Jan 2014 19:23:39 +0000 (19:23 +0000)]
fchownat is allowed to return EOPNOTSUPP
okay guenther@
espie [Sat, 11 Jan 2014 18:34:20 +0000 (18:34 +0000)]
typos, from Markus Lude, thx!
florian [Sat, 11 Jan 2014 14:37:51 +0000 (14:37 +0000)]
Sync description of struct pf_osfp_entry to rev 1.393 of pfvar.h
OK deraadt@
bluhm [Sat, 11 Jan 2014 14:33:48 +0000 (14:33 +0000)]
When I created UDP socket splicing, I added the goto nextpkt loop
to splice multiple UDP packets in the m_nextpkt list. Some profiling
with TCP splicing showed that checking so_rcv.sb_mb is wrong. It
causes several useless runs through the loop. Better check for
nextrecord which contains the original m_nextpkt value of the mbuf.
OK mikeb@
deraadt [Sat, 11 Jan 2014 14:28:26 +0000 (14:28 +0000)]
add a few things mumble
sthen [Sat, 11 Jan 2014 13:50:56 +0000 (13:50 +0000)]
remove extraneous D, from Markus Lude