openbsd
10 years agosimplify code: always extract, then install, so that initial installations
espie [Sat, 11 Jan 2014 11:54:43 +0000 (11:54 +0000)]
simplify code: always extract, then install, so that initial installations
and updates are more similar.

10 years agoa bit of spring cleanup in advance: scrape old stuff that's not really
espie [Sat, 11 Jan 2014 11:51:01 +0000 (11:51 +0000)]
a bit of spring cleanup in advance: scrape old stuff that's not really
used.

10 years agooptarg/optind are declared in <unistd.h>, so kill the externs here
guenther [Sat, 11 Jan 2014 06:28:46 +0000 (06:28 +0000)]
optarg/optind are declared in <unistd.h>, so kill the externs here

10 years agoregen
brad [Sat, 11 Jan 2014 05:44:11 +0000 (05:44 +0000)]
regen

10 years agoadd some more Realtek Card Reader chipsets.
brad [Sat, 11 Jan 2014 05:43:33 +0000 (05:43 +0000)]
add some more Realtek Card Reader chipsets.

10 years agoNo need for a bin/cpio link on the media, because the pax|tar binary does
deraadt [Sat, 11 Jan 2014 05:40:14 +0000 (05:40 +0000)]
No need for a bin/cpio link on the media, because the pax|tar binary does
not support cpio anymore.

10 years agoButcher a smaller tar/pax here, which has no cpio support
deraadt [Sat, 11 Jan 2014 05:37:16 +0000 (05:37 +0000)]
Butcher a smaller tar/pax here, which has no cpio support
ok guenther

10 years agoAdd -DNOCPIO option for use by distrib/special
deraadt [Sat, 11 Jan 2014 05:36:26 +0000 (05:36 +0000)]
Add -DNOCPIO option for use by distrib/special
ok guenther tedu

10 years agoSync the comments for the M_ICMP_CSUM_* flags with their descriptions in
lteo [Sat, 11 Jan 2014 04:46:15 +0000 (04:46 +0000)]
Sync the comments for the M_ICMP_CSUM_* flags with their descriptions in
the mbuf(9) man page.

10 years agoCreate cleaner & less noisy makefiles, now that we've been using
deraadt [Sat, 11 Jan 2014 04:44:15 +0000 (04:44 +0000)]
Create cleaner & less noisy makefiles, now that we've been using
this for 20 years.  We don't need to see the splatter as much anymore.

10 years agojust a little TLC
deraadt [Sat, 11 Jan 2014 04:43:00 +0000 (04:43 +0000)]
just a little TLC

10 years agoLet tcpdump detect bad ICMPv6 checksums with the -v flag.
lteo [Sat, 11 Jan 2014 04:41:08 +0000 (04:41 +0000)]
Let tcpdump detect bad ICMPv6 checksums with the -v flag.

Tested on amd64, i386, loongson, and macppc.

OK florian@

10 years agoLet tcpdump detect bad ICMP checksums with the -v flag.
lteo [Sat, 11 Jan 2014 04:40:45 +0000 (04:40 +0000)]
Let tcpdump detect bad ICMP checksums with the -v flag.

Tested on amd64, i386, loongson, and macppc.

OK florian@

10 years agoMake icmp_print() accept the length variable, which is the length of the
lteo [Sat, 11 Jan 2014 04:35:52 +0000 (04:35 +0000)]
Make icmp_print() accept the length variable, which is the length of the
packet without the IP header.  This is needed by the next commit that
will allow tcpdump to detect bad ICMP checksums.

Related functions like {tcp,udp,icmp6}_print() already accept this
length variable, so this change makes icmp_print() consistent with
them as well.

This commit makes no functional change to tcpdump itself.

OK florian@

10 years agoCheck the return value of fstat() in readmsg().
lteo [Sat, 11 Jan 2014 04:29:07 +0000 (04:29 +0000)]
Check the return value of fstat() in readmsg().

OK deraadt@ tedu@

10 years agouse -DSHA2_ONLY to be more clear about what we are butchering
deraadt [Sat, 11 Jan 2014 04:01:13 +0000 (04:01 +0000)]
use -DSHA2_ONLY to be more clear about what we are butchering
idea from tedu

10 years agouse NOMAN=1 for all directories
deraadt [Sat, 11 Jan 2014 03:35:57 +0000 (03:35 +0000)]
use NOMAN=1 for all directories

10 years agounify with other Makefiles around here
deraadt [Sat, 11 Jan 2014 03:35:14 +0000 (03:35 +0000)]
unify with other Makefiles around here

10 years agoUse strtoul() to do octal and hex character conversion instead of
millert [Fri, 10 Jan 2014 23:01:29 +0000 (23:01 +0000)]
Use strtoul() to do octal and hex character conversion instead of
custom code.

10 years agoimprove ntpctl usage so that the manual page does not need to be read
deraadt [Fri, 10 Jan 2014 22:54:12 +0000 (22:54 +0000)]
improve ntpctl usage so that the manual page does not need to be read
every time
ok jmc

10 years agoDon't overwrite the regress target, provide a test target instead. This allows
tobiasu [Fri, 10 Jan 2014 22:52:50 +0000 (22:52 +0000)]
Don't overwrite the regress target, provide a test target instead.  This allows
the test target to fail without terminating overall regression tests. Clean up
a little.

Also adjust orders.txt.sig comment to new reality, making the test pass again.

Looks ok to sthen@

10 years agoregen
brad [Fri, 10 Jan 2014 22:34:48 +0000 (22:34 +0000)]
regen

10 years agoResurrect the "park APs in realmode" idea that we explored back at t2k13
mlarkin [Fri, 10 Jan 2014 22:34:41 +0000 (22:34 +0000)]
Resurrect the "park APs in realmode" idea that we explored back at t2k13
(and which didn't work at that time due to a bug which has since been
fixed). The APs are now demoted to real mode and placed in a HLT loop
while the hibernated image is being unpacked.

Helps my x230 significantly, no more spurious reboots on resume.

ok deraadt

10 years agoAdd the ULT Haswell host bridge id.
brad [Fri, 10 Jan 2014 22:34:17 +0000 (22:34 +0000)]
Add the ULT Haswell host bridge id.

Was intending to add this but also reminded by mark rowland

10 years agoAdd MSI support.
brad [Fri, 10 Jan 2014 22:01:30 +0000 (22:01 +0000)]
Add MSI support.

Tested by comete@daknet.org and vigdis+obsd@chown.me.

10 years agoFix the unitialized rtableid bug discovered and fixed in the previous
florian [Fri, 10 Jan 2014 21:57:44 +0000 (21:57 +0000)]
Fix the unitialized rtableid bug discovered and fixed in the previous
commit by brad@ by calling setsockopt SO_RTABLE only when -V is
present. As a bonus drop privileges very early in main, before option
parsing.
This brings ping6 more in line with what ping does and will make
eventual unification easier.

OK deraadt@
"works for me" brad@

10 years agodepluralize
deraadt [Fri, 10 Jan 2014 21:45:04 +0000 (21:45 +0000)]
depluralize
ok jmc

10 years agomatch what hppa is doing now (not tested, but should be right)
deraadt [Fri, 10 Jan 2014 20:53:45 +0000 (20:53 +0000)]
match what hppa is doing now (not tested, but should be right)
ok miod jsing

10 years agocorrect argument handling; this has been broken since to beginning
deraadt [Fri, 10 Jan 2014 20:53:19 +0000 (20:53 +0000)]
correct argument handling; this has been broken since to beginning
and was writing to wrong memory.
ok jsing miod guenther

10 years agodo not list sha1 and sha256 in SEE ALSO, since md5 is already there, and
jmc [Fri, 10 Jan 2014 20:20:34 +0000 (20:20 +0000)]
do not list sha1 and sha256 in SEE ALSO, since md5 is already there, and
they're one and the same page now;

10 years agocatch up to the fact that md5/sha* got merged, and document -c consistently;
jmc [Fri, 10 Jan 2014 20:14:08 +0000 (20:14 +0000)]
catch up to the fact that md5/sha* got merged, and document -c consistently;
some style and cleanup tweaks while here

ok deraadt

10 years agoAdd MISSING to the list of possible results of a checklist comparison.
lteo [Fri, 10 Jan 2014 18:52:22 +0000 (18:52 +0000)]
Add MISSING to the list of possible results of a checklist comparison.

10 years agoWhen using a checklist, print MISSING for non-existent files.
lteo [Fri, 10 Jan 2014 18:51:05 +0000 (18:51 +0000)]
When using a checklist, print MISSING for non-existent files.

Based on an earlier diff by tedu@
Requested by deraadt@
OK deraadt@

10 years agosort options
deraadt [Fri, 10 Jan 2014 17:52:50 +0000 (17:52 +0000)]
sort options

10 years agotedu merged the hash manual pages back together. This goes even further,
deraadt [Fri, 10 Jan 2014 17:47:44 +0000 (17:47 +0000)]
tedu merged the hash manual pages back together.  This goes even further,
repairing the documentation for the -c option.

10 years agoRemove unnecessary rc_post from rc.d/nsd.
sthen [Fri, 10 Jan 2014 17:41:39 +0000 (17:41 +0000)]
Remove unnecessary rc_post from rc.d/nsd.

It was there to try and ensure that failure was reported if nsd stopped
shortly after startup (as it used to do if the address was in use, etc),
but this is no longer the case with nsd 4 which returns a failure at
startup in these cases, and having it there breaks properly printing
"(ok)" when stopping.

10 years ago-c comment, for people who don't like the default. ok deraadt
tedu [Fri, 10 Jan 2014 17:38:24 +0000 (17:38 +0000)]
-c comment, for people who don't like the default. ok deraadt

10 years agoUse arc4random instead of random in the flock regress tests.
jsing [Fri, 10 Jan 2014 16:34:25 +0000 (16:34 +0000)]
Use arc4random instead of random in the flock regress tests.

ok deraadt@

10 years agolikewise. this is useless
espie [Fri, 10 Jan 2014 16:09:08 +0000 (16:09 +0000)]
likewise. this is useless

10 years agoby popular demand, remove excessive paranoia
espie [Fri, 10 Jan 2014 16:05:31 +0000 (16:05 +0000)]
by popular demand, remove excessive paranoia

10 years agosignify silent by default, don't bother working around stdout.
espie [Fri, 10 Jan 2014 14:34:02 +0000 (14:34 +0000)]
signify silent by default, don't bother working around stdout.

10 years agoreplace the rest of the obsolete radix macros
tedu [Fri, 10 Jan 2014 14:29:08 +0000 (14:29 +0000)]
replace the rest of the obsolete radix macros
sprinkle 0 -> NULL where obvious
ok millert mpi

10 years agoMake this work on hppa.
jsing [Fri, 10 Jan 2014 14:16:42 +0000 (14:16 +0000)]
Make this work on hppa.

10 years agobe a bit more careful
deraadt [Fri, 10 Jan 2014 14:06:18 +0000 (14:06 +0000)]
be a bit more careful

10 years agoDo not include MD assembly code in a sys regress test. Untested on alpha,
jsing [Fri, 10 Jan 2014 13:45:00 +0000 (13:45 +0000)]
Do not include MD assembly code in a sys regress test. Untested on alpha,
however it has a much better chance of compiling than it did previously.

10 years agoUsing random-id is recommended in combination with no-df to ensure
sobrado [Fri, 10 Jan 2014 12:07:19 +0000 (12:07 +0000)]
Using random-id is recommended in combination with no-df to ensure
unique IP identifiers.

ok henning@

10 years agorevert previous; height is never changed, but top is changed.
sthen [Fri, 10 Jan 2014 11:19:31 +0000 (11:19 +0000)]
revert previous; height is never changed, but top is changed.
ok espie@ who saw intermittent sigbus in ports/math/hc with this.

10 years agoremove md5 after installing it (with the links to the sha256/512 commands).
deraadt [Fri, 10 Jan 2014 07:57:24 +0000 (07:57 +0000)]
remove md5 after installing it (with the links to the sha256/512 commands).
this is because the md5/sha256/sha512 are in the same binary, found in the
md5 directory, but the version on the media lacks md5 support.  Understand?

10 years agono Pp before or after Sh;
jmc [Fri, 10 Jan 2014 07:53:04 +0000 (07:53 +0000)]
no Pp before or after Sh;

10 years agoFix a bug found in ping6 when rebuilding with stack protector strong.
brad [Fri, 10 Jan 2014 06:18:40 +0000 (06:18 +0000)]
Fix a bug found in ping6 when rebuilding with stack protector strong.
rtableid is unitialized; the stack protector strong binary would fail
to set the routing table id. Copy the rtableid initialization over to
ping to keep what is essentially similar code in sync.

ok deraadt@

10 years agothe /etc/ssh/ssh_host_ed25519_key is loaded by default too
djm [Fri, 10 Jan 2014 05:59:19 +0000 (05:59 +0000)]
the /etc/ssh/ssh_host_ed25519_key is loaded by default too

10 years agothe -c option is really a mode change, incompatible with other options.
tedu [Fri, 10 Jan 2014 05:34:46 +0000 (05:34 +0000)]
the -c option is really a mode change, incompatible with other options.
(there are some others too, but -c is particularly misleading.) split it
out in synopsis and usage.
ok deraadt

10 years agoddpcb and unixsw symbols are no longer used with kvm_read
guenther [Fri, 10 Jan 2014 04:54:35 +0000 (04:54 +0000)]
ddpcb and unixsw symbols are no longer used with kvm_read

ok deraadt@

10 years agoCopy changes from ls -l to find -ls: print future times with year and use
guenther [Fri, 10 Jan 2014 04:53:35 +0000 (04:53 +0000)]
Copy changes from ls -l to find -ls: print future times with year and use
strftime() instead of parsing ctime()'s output.

ok millert@

10 years agoquiet time. printing verified was an artifact of development, to be sure
tedu [Fri, 10 Jan 2014 04:49:35 +0000 (04:49 +0000)]
quiet time. printing verified was an artifact of development, to be sure
we didn't accidentally fall through main without doing anything, but tools
should be quiet unless there's an error.

10 years agouse a single positional argument instead of a creeping list of __progname
tedu [Fri, 10 Jan 2014 04:36:58 +0000 (04:36 +0000)]
use a single positional argument instead of a creeping list of __progname

10 years agoa little more consistent with names, notably call signature files sigfiles
tedu [Fri, 10 Jan 2014 04:34:24 +0000 (04:34 +0000)]
a little more consistent with names, notably call signature files sigfiles
for short, instead of output.

10 years agobase64.c workaround keeps sneaking back in
tedu [Fri, 10 Jan 2014 04:28:57 +0000 (04:28 +0000)]
base64.c workaround keeps sneaking back in

10 years agoprovide a small (very very) practical example for using signify
deraadt [Fri, 10 Jan 2014 04:24:18 +0000 (04:24 +0000)]
provide a small (very very) practical example for using signify
ok tedu

10 years agochange the listing of the options, because there is way too much
deraadt [Fri, 10 Jan 2014 04:23:37 +0000 (04:23 +0000)]
change the listing of the options, because there is way too much
befuddlement.
sorry jmc
ok tedu

10 years agoat least for now, we're going to need some -Inspector magic
tedu [Fri, 10 Jan 2014 04:15:38 +0000 (04:15 +0000)]
at least for now, we're going to need some -Inspector magic

10 years agoCheck the return values of the strdup() calls.
lteo [Fri, 10 Jan 2014 04:02:15 +0000 (04:02 +0000)]
Check the return values of the strdup() calls.

OK deraadt@

10 years agobe forceful with removing the SHA256 file
deraadt [Fri, 10 Jan 2014 03:53:44 +0000 (03:53 +0000)]
be forceful with removing the SHA256 file

10 years agoa new key. Once again, this is still testing time.
deraadt [Fri, 10 Jan 2014 03:52:03 +0000 (03:52 +0000)]
a new key.  Once again, this is still testing time.

10 years agoYet another annoyingly long line.
krw [Fri, 10 Jan 2014 01:38:15 +0000 (01:38 +0000)]
Yet another annoyingly long line.

10 years agoskip_to_semi() is gilding the lily when the next statement breaks out
krw [Fri, 10 Jan 2014 01:25:03 +0000 (01:25 +0000)]
skip_to_semi() is gilding the lily when the next statement breaks out
of the loop and closes the file being parsed. And the previous
statement warns the user the leases file being parsed has been
determined to be corrupt. Eliminate further gilding in the form of an
'else' after the same 'if' clause includes the 'break'.

10 years agoKNF (UNF?). Split annoying long line.
krw [Fri, 10 Jan 2014 01:07:58 +0000 (01:07 +0000)]
KNF (UNF?). Split annoying long line.

10 years agoLet "ddb show mbuf" print all mbuf fields in a consistent way. Move
bluhm [Fri, 10 Jan 2014 00:47:17 +0000 (00:47 +0000)]
Let "ddb show mbuf" print all mbuf fields in a consistent way.  Move
bit field names into the header file below the definitions to keep
them in sync.
OK mikeb@ mpi@

10 years agoban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
djm [Thu, 9 Jan 2014 23:26:48 +0000 (23:26 +0000)]
ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
deranged and might make some attacks on KEX easier; ok markus@

10 years agoIntroduce digest API and use it to perform all hashing operations
djm [Thu, 9 Jan 2014 23:20:00 +0000 (23:20 +0000)]
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@

10 years agoRemove useless variable "height" in function traverse(). It is
millert [Thu, 9 Jan 2014 23:07:50 +0000 (23:07 +0000)]
Remove useless variable "height" in function traverse().  It is
assigned the value of "top" but never changed so just use top instead.
From Michael W. Bombardieri

10 years agoreplace Bcopy macro with memmove and memcpy. ok mpi
tedu [Thu, 9 Jan 2014 21:57:51 +0000 (21:57 +0000)]
replace Bcopy macro with memmove and memcpy. ok mpi

10 years agoflesh out some details in STANDARDS regarding timespec;
jmc [Thu, 9 Jan 2014 21:22:49 +0000 (21:22 +0000)]
flesh out some details in STANDARDS regarding timespec;
ok sobrado millert

10 years agoFix a memory/fd leak reported by Tiago Cunha.
nicm [Thu, 9 Jan 2014 21:20:45 +0000 (21:20 +0000)]
Fix a memory/fd leak reported by Tiago Cunha.

10 years agosync usage();
jmc [Thu, 9 Jan 2014 21:19:38 +0000 (21:19 +0000)]
sync usage();

10 years agoAdd DHCPv6.
brad [Thu, 9 Jan 2014 20:54:10 +0000 (20:54 +0000)]
Add DHCPv6.

ok deraadt@

10 years agosync
deraadt [Thu, 9 Jan 2014 20:39:29 +0000 (20:39 +0000)]
sync

10 years agorevert to O_EXCL for generating keys, so we don't erase them by accident.
espie [Thu, 9 Jan 2014 20:37:25 +0000 (20:37 +0000)]
revert to O_EXCL for generating keys, so we don't erase them by accident.
internal code a bit yucky, can be fixed some more later.
okay tedu@

10 years agoInstall our third key. NOTE that this is a TEST KEY for use as we improve
sthen [Thu, 9 Jan 2014 20:30:00 +0000 (20:30 +0000)]
Install our third key.  NOTE that this is a TEST KEY for use as we improve
our processes.
requested by espie@

10 years agobump copyright to 2014
espie [Thu, 9 Jan 2014 20:20:01 +0000 (20:20 +0000)]
bump copyright to 2014

10 years agoremove the SHA256 file as soon as we start creating sets
deraadt [Thu, 9 Jan 2014 20:15:55 +0000 (20:15 +0000)]
remove the SHA256 file as soon as we start creating sets

10 years agoMention that T5120/T5220 systems require an OBP update if they are below 4.28
miod [Thu, 9 Jan 2014 19:44:49 +0000 (19:44 +0000)]
Mention that T5120/T5220 systems require an OBP update if they are below 4.28
level (matching the stealth commit to sparc64.html years ago); and update the
OBP update section to point to the current Oracle ``Firmware Domwnloads'' page.

10 years agoInstall our second key. NOTE that this is a TEST KEY for use as we improve
espie [Thu, 9 Jan 2014 19:32:15 +0000 (19:32 +0000)]
Install our second key.  NOTE that this is a TEST KEY for use as we improve
our processes.
prodded by deraadt@

10 years agooops
tedu [Thu, 9 Jan 2014 19:05:43 +0000 (19:05 +0000)]
oops

10 years agochange O_EXCL to O_TRUNC before deraadt kills me.
tedu [Thu, 9 Jan 2014 19:05:21 +0000 (19:05 +0000)]
change O_EXCL to O_TRUNC before deraadt kills me.

10 years agocopy the relevant key for the release onto the media
deraadt [Thu, 9 Jan 2014 19:02:02 +0000 (19:02 +0000)]
copy the relevant key for the release onto the media

10 years agoupdate for sig comments
tedu [Thu, 9 Jan 2014 18:59:56 +0000 (18:59 +0000)]
update for sig comments

10 years agocopy secret key comment into signature. requested by deraadt
tedu [Thu, 9 Jan 2014 18:59:35 +0000 (18:59 +0000)]
copy secret key comment into signature. requested by deraadt

10 years agosync
deraadt [Thu, 9 Jan 2014 18:51:38 +0000 (18:51 +0000)]
sync

10 years agoinstall signify keys
deraadt [Thu, 9 Jan 2014 18:51:30 +0000 (18:51 +0000)]
install signify keys

10 years agoInstall our first key. NOTE that this is a TEST KEY for use as we improve
deraadt [Thu, 9 Jan 2014 18:51:14 +0000 (18:51 +0000)]
Install our first key.  NOTE that this is a TEST KEY for use as we improve
our processes.
ok tedu

10 years agoif we're re-signing, check old sig first. shouldn't sign stuff we don't
espie [Thu, 9 Jan 2014 17:51:56 +0000 (17:51 +0000)]
if we're re-signing, check old sig first. shouldn't sign stuff we don't
trust.

10 years agowith the intermediate gunzip gone, this is a simple pipe. No need for
espie [Thu, 9 Jan 2014 17:41:41 +0000 (17:41 +0000)]
with the intermediate gunzip gone, this is a simple pipe. No need for
separate handles to tweak.

10 years agooops, re-adapt for the install media
deraadt [Thu, 9 Jan 2014 17:13:36 +0000 (17:13 +0000)]
oops, re-adapt for the install media

10 years agotest signing too
tedu [Thu, 9 Jan 2014 16:22:04 +0000 (16:22 +0000)]
test signing too

10 years agosignify subdir
tedu [Thu, 9 Jan 2014 16:17:37 +0000 (16:17 +0000)]
signify subdir

10 years agoregress signify
tedu [Thu, 9 Jan 2014 16:13:44 +0000 (16:13 +0000)]
regress signify

10 years agoramdisks need a /etc/signify directory
deraadt [Thu, 9 Jan 2014 15:43:16 +0000 (15:43 +0000)]
ramdisks need a /etc/signify directory

10 years ago-e embedded signatures. ok deraadt
tedu [Thu, 9 Jan 2014 15:36:40 +0000 (15:36 +0000)]
-e embedded signatures. ok deraadt

10 years agowe need to build a ztscale stub for zaurus media.
deraadt [Thu, 9 Jan 2014 15:02:50 +0000 (15:02 +0000)]
we need to build a ztscale stub for zaurus media.