jmc [Fri, 10 Jan 2014 20:14:08 +0000 (20:14 +0000)]
catch up to the fact that md5/sha* got merged, and document -c consistently;
some style and cleanup tweaks while here
ok deraadt
lteo [Fri, 10 Jan 2014 18:52:22 +0000 (18:52 +0000)]
Add MISSING to the list of possible results of a checklist comparison.
lteo [Fri, 10 Jan 2014 18:51:05 +0000 (18:51 +0000)]
When using a checklist, print MISSING for non-existent files.
Based on an earlier diff by tedu@
Requested by deraadt@
OK deraadt@
deraadt [Fri, 10 Jan 2014 17:52:50 +0000 (17:52 +0000)]
sort options
deraadt [Fri, 10 Jan 2014 17:47:44 +0000 (17:47 +0000)]
tedu merged the hash manual pages back together. This goes even further,
repairing the documentation for the -c option.
sthen [Fri, 10 Jan 2014 17:41:39 +0000 (17:41 +0000)]
Remove unnecessary rc_post from rc.d/nsd.
It was there to try and ensure that failure was reported if nsd stopped
shortly after startup (as it used to do if the address was in use, etc),
but this is no longer the case with nsd 4 which returns a failure at
startup in these cases, and having it there breaks properly printing
"(ok)" when stopping.
tedu [Fri, 10 Jan 2014 17:38:24 +0000 (17:38 +0000)]
-c comment, for people who don't like the default. ok deraadt
jsing [Fri, 10 Jan 2014 16:34:25 +0000 (16:34 +0000)]
Use arc4random instead of random in the flock regress tests.
ok deraadt@
espie [Fri, 10 Jan 2014 16:09:08 +0000 (16:09 +0000)]
likewise. this is useless
espie [Fri, 10 Jan 2014 16:05:31 +0000 (16:05 +0000)]
by popular demand, remove excessive paranoia
espie [Fri, 10 Jan 2014 14:34:02 +0000 (14:34 +0000)]
signify silent by default, don't bother working around stdout.
tedu [Fri, 10 Jan 2014 14:29:08 +0000 (14:29 +0000)]
replace the rest of the obsolete radix macros
sprinkle 0 -> NULL where obvious
ok millert mpi
jsing [Fri, 10 Jan 2014 14:16:42 +0000 (14:16 +0000)]
Make this work on hppa.
deraadt [Fri, 10 Jan 2014 14:06:18 +0000 (14:06 +0000)]
be a bit more careful
jsing [Fri, 10 Jan 2014 13:45:00 +0000 (13:45 +0000)]
Do not include MD assembly code in a sys regress test. Untested on alpha,
however it has a much better chance of compiling than it did previously.
sobrado [Fri, 10 Jan 2014 12:07:19 +0000 (12:07 +0000)]
Using random-id is recommended in combination with no-df to ensure
unique IP identifiers.
ok henning@
sthen [Fri, 10 Jan 2014 11:19:31 +0000 (11:19 +0000)]
revert previous; height is never changed, but top is changed.
ok espie@ who saw intermittent sigbus in ports/math/hc with this.
deraadt [Fri, 10 Jan 2014 07:57:24 +0000 (07:57 +0000)]
remove md5 after installing it (with the links to the sha256/512 commands).
this is because the md5/sha256/sha512 are in the same binary, found in the
md5 directory, but the version on the media lacks md5 support. Understand?
jmc [Fri, 10 Jan 2014 07:53:04 +0000 (07:53 +0000)]
no Pp before or after Sh;
brad [Fri, 10 Jan 2014 06:18:40 +0000 (06:18 +0000)]
Fix a bug found in ping6 when rebuilding with stack protector strong.
rtableid is unitialized; the stack protector strong binary would fail
to set the routing table id. Copy the rtableid initialization over to
ping to keep what is essentially similar code in sync.
ok deraadt@
djm [Fri, 10 Jan 2014 05:59:19 +0000 (05:59 +0000)]
the /etc/ssh/ssh_host_ed25519_key is loaded by default too
tedu [Fri, 10 Jan 2014 05:34:46 +0000 (05:34 +0000)]
the -c option is really a mode change, incompatible with other options.
(there are some others too, but -c is particularly misleading.) split it
out in synopsis and usage.
ok deraadt
guenther [Fri, 10 Jan 2014 04:54:35 +0000 (04:54 +0000)]
ddpcb and unixsw symbols are no longer used with kvm_read
ok deraadt@
guenther [Fri, 10 Jan 2014 04:53:35 +0000 (04:53 +0000)]
Copy changes from ls -l to find -ls: print future times with year and use
strftime() instead of parsing ctime()'s output.
ok millert@
tedu [Fri, 10 Jan 2014 04:49:35 +0000 (04:49 +0000)]
quiet time. printing verified was an artifact of development, to be sure
we didn't accidentally fall through main without doing anything, but tools
should be quiet unless there's an error.
tedu [Fri, 10 Jan 2014 04:36:58 +0000 (04:36 +0000)]
use a single positional argument instead of a creeping list of __progname
tedu [Fri, 10 Jan 2014 04:34:24 +0000 (04:34 +0000)]
a little more consistent with names, notably call signature files sigfiles
for short, instead of output.
tedu [Fri, 10 Jan 2014 04:28:57 +0000 (04:28 +0000)]
base64.c workaround keeps sneaking back in
deraadt [Fri, 10 Jan 2014 04:24:18 +0000 (04:24 +0000)]
provide a small (very very) practical example for using signify
ok tedu
deraadt [Fri, 10 Jan 2014 04:23:37 +0000 (04:23 +0000)]
change the listing of the options, because there is way too much
befuddlement.
sorry jmc
ok tedu
tedu [Fri, 10 Jan 2014 04:15:38 +0000 (04:15 +0000)]
at least for now, we're going to need some -Inspector magic
lteo [Fri, 10 Jan 2014 04:02:15 +0000 (04:02 +0000)]
Check the return values of the strdup() calls.
OK deraadt@
deraadt [Fri, 10 Jan 2014 03:53:44 +0000 (03:53 +0000)]
be forceful with removing the SHA256 file
deraadt [Fri, 10 Jan 2014 03:52:03 +0000 (03:52 +0000)]
a new key. Once again, this is still testing time.
krw [Fri, 10 Jan 2014 01:38:15 +0000 (01:38 +0000)]
Yet another annoyingly long line.
krw [Fri, 10 Jan 2014 01:25:03 +0000 (01:25 +0000)]
skip_to_semi() is gilding the lily when the next statement breaks out
of the loop and closes the file being parsed. And the previous
statement warns the user the leases file being parsed has been
determined to be corrupt. Eliminate further gilding in the form of an
'else' after the same 'if' clause includes the 'break'.
krw [Fri, 10 Jan 2014 01:07:58 +0000 (01:07 +0000)]
KNF (UNF?). Split annoying long line.
bluhm [Fri, 10 Jan 2014 00:47:17 +0000 (00:47 +0000)]
Let "ddb show mbuf" print all mbuf fields in a consistent way. Move
bit field names into the header file below the definitions to keep
them in sync.
OK mikeb@ mpi@
djm [Thu, 9 Jan 2014 23:26:48 +0000 (23:26 +0000)]
ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
deranged and might make some attacks on KEX easier; ok markus@
djm [Thu, 9 Jan 2014 23:20:00 +0000 (23:20 +0000)]
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@
millert [Thu, 9 Jan 2014 23:07:50 +0000 (23:07 +0000)]
Remove useless variable "height" in function traverse(). It is
assigned the value of "top" but never changed so just use top instead.
From Michael W. Bombardieri
tedu [Thu, 9 Jan 2014 21:57:51 +0000 (21:57 +0000)]
replace Bcopy macro with memmove and memcpy. ok mpi
jmc [Thu, 9 Jan 2014 21:22:49 +0000 (21:22 +0000)]
flesh out some details in STANDARDS regarding timespec;
ok sobrado millert
nicm [Thu, 9 Jan 2014 21:20:45 +0000 (21:20 +0000)]
Fix a memory/fd leak reported by Tiago Cunha.
jmc [Thu, 9 Jan 2014 21:19:38 +0000 (21:19 +0000)]
sync usage();
brad [Thu, 9 Jan 2014 20:54:10 +0000 (20:54 +0000)]
Add DHCPv6.
ok deraadt@
deraadt [Thu, 9 Jan 2014 20:39:29 +0000 (20:39 +0000)]
sync
espie [Thu, 9 Jan 2014 20:37:25 +0000 (20:37 +0000)]
revert to O_EXCL for generating keys, so we don't erase them by accident.
internal code a bit yucky, can be fixed some more later.
okay tedu@
sthen [Thu, 9 Jan 2014 20:30:00 +0000 (20:30 +0000)]
Install our third key. NOTE that this is a TEST KEY for use as we improve
our processes.
requested by espie@
espie [Thu, 9 Jan 2014 20:20:01 +0000 (20:20 +0000)]
bump copyright to 2014
deraadt [Thu, 9 Jan 2014 20:15:55 +0000 (20:15 +0000)]
remove the SHA256 file as soon as we start creating sets
miod [Thu, 9 Jan 2014 19:44:49 +0000 (19:44 +0000)]
Mention that T5120/T5220 systems require an OBP update if they are below 4.28
level (matching the stealth commit to sparc64.html years ago); and update the
OBP update section to point to the current Oracle ``Firmware Domwnloads'' page.
espie [Thu, 9 Jan 2014 19:32:15 +0000 (19:32 +0000)]
Install our second key. NOTE that this is a TEST KEY for use as we improve
our processes.
prodded by deraadt@
tedu [Thu, 9 Jan 2014 19:05:43 +0000 (19:05 +0000)]
oops
tedu [Thu, 9 Jan 2014 19:05:21 +0000 (19:05 +0000)]
change O_EXCL to O_TRUNC before deraadt kills me.
deraadt [Thu, 9 Jan 2014 19:02:02 +0000 (19:02 +0000)]
copy the relevant key for the release onto the media
tedu [Thu, 9 Jan 2014 18:59:56 +0000 (18:59 +0000)]
update for sig comments
tedu [Thu, 9 Jan 2014 18:59:35 +0000 (18:59 +0000)]
copy secret key comment into signature. requested by deraadt
deraadt [Thu, 9 Jan 2014 18:51:38 +0000 (18:51 +0000)]
sync
deraadt [Thu, 9 Jan 2014 18:51:30 +0000 (18:51 +0000)]
install signify keys
deraadt [Thu, 9 Jan 2014 18:51:14 +0000 (18:51 +0000)]
Install our first key. NOTE that this is a TEST KEY for use as we improve
our processes.
ok tedu
espie [Thu, 9 Jan 2014 17:51:56 +0000 (17:51 +0000)]
if we're re-signing, check old sig first. shouldn't sign stuff we don't
trust.
espie [Thu, 9 Jan 2014 17:41:41 +0000 (17:41 +0000)]
with the intermediate gunzip gone, this is a simple pipe. No need for
separate handles to tweak.
deraadt [Thu, 9 Jan 2014 17:13:36 +0000 (17:13 +0000)]
oops, re-adapt for the install media
tedu [Thu, 9 Jan 2014 16:22:04 +0000 (16:22 +0000)]
test signing too
tedu [Thu, 9 Jan 2014 16:17:37 +0000 (16:17 +0000)]
signify subdir
tedu [Thu, 9 Jan 2014 16:13:44 +0000 (16:13 +0000)]
regress signify
deraadt [Thu, 9 Jan 2014 15:43:16 +0000 (15:43 +0000)]
ramdisks need a /etc/signify directory
tedu [Thu, 9 Jan 2014 15:36:40 +0000 (15:36 +0000)]
-e embedded signatures. ok deraadt
deraadt [Thu, 9 Jan 2014 15:02:50 +0000 (15:02 +0000)]
we need to build a ztscale stub for zaurus media.
nicm [Thu, 9 Jan 2014 14:28:14 +0000 (14:28 +0000)]
Similar to attach-session, make switch-client -t accept a window and
pane. From Johannes Jakobsson.
nicm [Thu, 9 Jan 2014 14:20:55 +0000 (14:20 +0000)]
Allow attach-session -t to accept a window and pane to select them on
attach. Based on a diff from J Raynor.
nicm [Thu, 9 Jan 2014 14:05:55 +0000 (14:05 +0000)]
Three small changes from Tiago Cunha:
- Check for truncation when copying path.
- Don't need to use a temporary buffer in screen_set_title.
- Include strerror in output when connecting to server fails.
nicm [Thu, 9 Jan 2014 13:58:06 +0000 (13:58 +0000)]
Style and comment fixes from Tiago Cunha.
nicm [Thu, 9 Jan 2014 13:51:57 +0000 (13:51 +0000)]
Simplify args_set, from Tiago Cunha.
nicm [Thu, 9 Jan 2014 13:46:12 +0000 (13:46 +0000)]
Remove unnecessary calls to va_start/va_end, from Tiago Cunha.
mpi [Thu, 9 Jan 2014 13:42:57 +0000 (13:42 +0000)]
Fix the burner method, here the cookie is a pointer to rasops_info.
Problem noticed by Nick Gray and brett@ and analysed with mikeb@.
ok jsg@
espie [Thu, 9 Jan 2014 13:40:05 +0000 (13:40 +0000)]
-C was useless with signify, report @signer identity instead (prepend
"reportedly" to make tedu happy :) )
espie [Thu, 9 Jan 2014 13:30:46 +0000 (13:30 +0000)]
@signer makes sense only for signify, so move it there.
espie [Thu, 9 Jan 2014 13:21:03 +0000 (13:21 +0000)]
simplify a bit: pass the first SIGNER for @signer.
espie [Thu, 9 Jan 2014 10:51:51 +0000 (10:51 +0000)]
document SIGNER
espie [Thu, 9 Jan 2014 10:43:13 +0000 (10:43 +0000)]
switch to internal gzip/gunzip.
reduces the number of external processes and the complexity of the code.
tested on a few select arches by tobiasu, naddy. If it breaks somewhere,
tough. This one is simple to revert.
espie [Thu, 9 Jan 2014 10:36:52 +0000 (10:36 +0000)]
tweak signing yet again. Have pkg_create automatically add signing
identities every time, and make matching identities mandatory.
e.g., pkg_create and pkg_add must have matching -DSIGNER.
by default, signer is derived from uname -r and role (pkg_add/fw_update),
e.g., 54pkg, 54fw...
tedu [Thu, 9 Jan 2014 06:29:05 +0000 (06:29 +0000)]
bzero/bcmp -> memset/memcmp. ok matthew
tedu [Thu, 9 Jan 2014 05:39:41 +0000 (05:39 +0000)]
tiny tweak to asm. prefer memcpy and memmove, with bcopy wrapper
ok guenther
martynas [Thu, 9 Jan 2014 05:07:37 +0000 (05:07 +0000)]
Switch to string copy rather than memcpy so we stop past '\0' and
don't copy over the garbage from the source buffer (like, leaking
the canary). OK millert@.
martynas [Thu, 9 Jan 2014 05:04:03 +0000 (05:04 +0000)]
Use destination bound rather than the source bound for out_line and
out_name. OK millert@.
guenther [Thu, 9 Jan 2014 03:26:00 +0000 (03:26 +0000)]
When formating the time for "ls -l"-style output, show dates in the future
with the year, and rearrange a comparison to avoid a potentional signed
arithmetic overflow that would give the wrong result.
ok djm@
guenther [Thu, 9 Jan 2014 03:13:24 +0000 (03:13 +0000)]
Symlinks are displayed with '->', not '=>'
guenther [Thu, 9 Jan 2014 03:12:25 +0000 (03:12 +0000)]
Update pax -v format to match "ls -l": display the year for dates
in the future and include a space between the major and minor numbers
for devices. Eliminate bogus handling of LC_TIME environment variable.
Make strftime() format selection understandable by gcc -Wformat=2.
ok millert@
guenther [Thu, 9 Jan 2014 03:07:52 +0000 (03:07 +0000)]
Per POSIX, times in the future should be reported with the year
like files more than six months old. Use strftime() directly instead
of breaking down the ctime() output on character positions.
ok millert@
bluhm [Wed, 8 Jan 2014 23:42:23 +0000 (23:42 +0000)]
Fix the tests for the pf divert state and socket reuse.
bluhm [Wed, 8 Jan 2014 23:32:17 +0000 (23:32 +0000)]
Set socket buffer size to fixed value of 100000 octets. This
prevents that the socket splicing performance test interferes with
the dynamic TCP buffer size adjusting.
millert [Wed, 8 Jan 2014 23:12:57 +0000 (23:12 +0000)]
We still need to cast the resulting pointer in NEW and NEW2 as it
is used in pointer arithmetic. Otherwise we do arithmetic on void
* and corrupt the heap.
millert [Wed, 8 Jan 2014 22:55:59 +0000 (22:55 +0000)]
Add casts to unsigned char for ctype functions and other places
where a char is stored in an int. Joint work with and OK deraadt@
brad [Wed, 8 Jan 2014 22:52:54 +0000 (22:52 +0000)]
regen
brad [Wed, 8 Jan 2014 22:52:05 +0000 (22:52 +0000)]
Use the same naming scheme on both sides for the Attansic entries and
replace some tabs with spaces in between product and Intel.
bluhm [Wed, 8 Jan 2014 22:38:29 +0000 (22:38 +0000)]
Name the local variables for struct ifaddr consistently "ifa".
OK mikeb@
millert [Wed, 8 Jan 2014 22:36:37 +0000 (22:36 +0000)]
Use calloc() instead of malloc() + memset. Based on a diff from
Michael W. Bombardieri. OK deraadt@
millert [Wed, 8 Jan 2014 22:30:32 +0000 (22:30 +0000)]
Make allocate() take size_t and return void *. This lets us drop
some more useless casts. Also add missing arguments to a couple
of prototypes while here. OK matthew@ pelikan@