openbsd
6 years agosync icmp_mtudisc_clone() with icmp6_mtudisc_clone(); prompted by bluhm@
miko [Thu, 6 Sep 2018 03:42:21 +0000 (03:42 +0000)]
sync icmp_mtudisc_clone() with icmp6_mtudisc_clone(); prompted by bluhm@

6 years agoMove AF-specific mask logic from callers into set_ipmask()
kn [Wed, 5 Sep 2018 21:16:26 +0000 (21:16 +0000)]
Move AF-specific mask logic from callers into set_ipmask()

Instead of doing the same dance with every caller, check for user provided
mask or address familiy specific maximum inside the function itself.

Feedback and OK claudio

6 years agosynchronize resolver code with smtpd
eric [Wed, 5 Sep 2018 17:32:56 +0000 (17:32 +0000)]
synchronize resolver code with smtpd

6 years agoImplement most prefixlen operations as OP_RANGE (prefixlen A - B).
claudio [Wed, 5 Sep 2018 17:32:43 +0000 (17:32 +0000)]
Implement most prefixlen operations as OP_RANGE (prefixlen A - B).
Simplify the RDE logic this way and make it possible to load such ranges
into a much faster lookup trie for prefix-sets.
When printing the config bgpd tries to use the nices way to express the rule:
e.g.    match from any prefix 18.0.0.0/8 prefixlen 8 - 32
becomes match from any prefix 18.0.0.0/8 or-longer
Apart from that there is no user visible change because of this.
OK sthen@

6 years agoUse the newer/more sensible names for EVP_MD_CTX_* functions.
jsing [Wed, 5 Sep 2018 16:58:59 +0000 (16:58 +0000)]
Use the newer/more sensible names for EVP_MD_CTX_* functions.

 EVP_MD_CTX_create -> EVP_MD_CTX_new
 EVP_MD_CTX_destroy -> EVP_MD_CTX_free

This should make the intent more obvious and reduce head scratching during
code reviews.

Raised by tb@

6 years agoCorrectly clear the current cipher state, when changing cipher state.
jsing [Wed, 5 Sep 2018 16:48:11 +0000 (16:48 +0000)]
Correctly clear the current cipher state, when changing cipher state.

When a renegotiation results in a change of cipher suite, the renegotation
would fail if it switched from AEAD to non-AEAD or vice versa. This is due
to the fact that the previous EVP_AEAD or EVP_CIPHER state remained,
resulting in incorrect logic that caused MAC failures.

Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it
into separate read/write components, then call these functions from the
appropriate places when a ChangeCipherSpec message is being processed.
Also, remove the separate ssl_clear_hash_ctx() calls and fold these into
the ssl_clear_cipher_{read,write}_state() functions.

Issue reported by Bernard Spil, who also tested this diff.

ok tb@

6 years agoBack out 1.4, it broke things
jcs [Wed, 5 Sep 2018 16:34:58 +0000 (16:34 +0000)]
Back out 1.4, it broke things

6 years agoSerialize synchronous commands with a rwlock.
mpi [Wed, 5 Sep 2018 14:03:28 +0000 (14:03 +0000)]
Serialize synchronous commands with a rwlock.

Prevent triggering an assert if two drivers try to submit a command
at the same time.

Issue reported by Tom Murphy.

6 years agorename flag
eric [Wed, 5 Sep 2018 10:15:41 +0000 (10:15 +0000)]
rename flag

ok gilles@

6 years agoAdjust after change of struct filter_as.
claudio [Wed, 5 Sep 2018 09:50:43 +0000 (09:50 +0000)]
Adjust after change of struct filter_as.
OK phessler@

6 years agoChange the way as_compare() and aspath_match() handle 'neighbor-as'. Instead
claudio [Wed, 5 Sep 2018 09:49:57 +0000 (09:49 +0000)]
Change the way as_compare() and aspath_match() handle 'neighbor-as'. Instead
of doing the condition before calling aspath_match() just pass the neighbor-as
down to as_compare() which then has all needed data for the lookup. While
doing this also remove one of the as fields in struct filter_as since the
min/max fields can be reused for unary operations.
OK denis@ phessler@

6 years agofactor error code in icmp6_mtudisc_clone(); ok kn@ florian@
miko [Wed, 5 Sep 2018 09:47:18 +0000 (09:47 +0000)]
factor error code in icmp6_mtudisc_clone(); ok kn@ florian@

6 years agoAdd "op" column for CP_SPIN. Diff from fukaumi at soum.co.jp
yasuoka [Wed, 5 Sep 2018 09:35:49 +0000 (09:35 +0000)]
Add "op" column for CP_SPIN.  Diff from fukaumi at soum.co.jp

ok solene

6 years agorename token to match naming convention
gilles [Wed, 5 Sep 2018 08:47:34 +0000 (08:47 +0000)]
rename token to match naming convention

ok eric@

6 years agoUse error label in host_if()
kn [Wed, 5 Sep 2018 08:47:21 +0000 (08:47 +0000)]
Use error label in host_if()

This brings it in line with host() and host_dns().

OK sashan miko

6 years agoChange verification of communities a bit. Move the flag checking first since
claudio [Wed, 5 Sep 2018 07:31:29 +0000 (07:31 +0000)]
Change verification of communities a bit. Move the flag checking first since
it is currently terminal and then do the length check. If that one triggers
do a treat-as-withdraw but at the same time drop the bad attribute since it
is better to not have invalid attributes in the Adj-RIB-In since most code
does not expect that.
OK benno@

6 years agosome text improvements from matt schwartz; ok gilles
jmc [Wed, 5 Sep 2018 07:19:35 +0000 (07:19 +0000)]
some text improvements from matt schwartz; ok gilles

6 years agodo not use the literal string "label" as our example label; ok gilles
jmc [Wed, 5 Sep 2018 07:16:08 +0000 (07:16 +0000)]
do not use the literal string "label" as our example label; ok gilles

6 years agorework the text about "label" somewhat for clarity; ok eric
jmc [Wed, 5 Sep 2018 05:58:49 +0000 (05:58 +0000)]
rework the text about "label" somewhat for clarity; ok eric

6 years agoAdd defines for dealing with PCID support in cr3
guenther [Wed, 5 Sep 2018 04:23:18 +0000 (04:23 +0000)]
Add defines for dealing with PCID support in cr3

ok mlarkin@

6 years agouse timing-safe compares for checking results in signature verification
djm [Wed, 5 Sep 2018 00:55:33 +0000 (00:55 +0000)]
use timing-safe compares for checking results in signature verification
(there are no known attacks, this is just inexpensive prudence)

feedback and ok tb@ jsing@

6 years agoForgot to rename pf_frent_holes() prototype in previous commit.
bluhm [Tue, 4 Sep 2018 20:34:10 +0000 (20:34 +0000)]
Forgot to rename pf_frent_holes() prototype in previous commit.

6 years agoAvoid traversing the list of fragment entris to check whether the
bluhm [Tue, 4 Sep 2018 19:09:39 +0000 (19:09 +0000)]
Avoid traversing the list of fragment entris to check whether the
pf(4) reassembly is complete.  Instead count the holes that are
created when inserting a fragment.  If there are no holes left, the
fragments are continuous.
idea from claudio@; OK claudio@ sashan@

6 years agoremove useless session flag
eric [Tue, 4 Sep 2018 17:19:00 +0000 (17:19 +0000)]
remove useless session flag

ok gilles@

6 years agomove readmes detection to find_extractible, so that only changed/new readmes
espie [Tue, 4 Sep 2018 14:46:12 +0000 (14:46 +0000)]
move readmes detection to find_extractible, so that only changed/new readmes
are recorded.

Be more specific and list those readmes in alphabetic order at end.

6 years agodocument PKGSTEM changes
espie [Tue, 4 Sep 2018 13:57:46 +0000 (13:57 +0000)]
document PKGSTEM changes

6 years agoupon mda failure, smtpd would assume tempfail and retry. this is at odds
gilles [Tue, 4 Sep 2018 13:04:42 +0000 (13:04 +0000)]
upon mda failure, smtpd would assume tempfail and retry. this is at odds
with the other MTA which assume a permfail unless the exit status is one
of a specific set. make smtpd honour the same exit statuses as postfix.

note that all errors that occur before the user mda is executed (fork, pipe
and related) are still considered tempfail, only errors coming from the mda
itself are handled as permfail.

this commit is a temporary solution as i believe the SIGCHLD handler is way
more complex than it should be and we'll simplify it after 6.4 is out.

ok eric@

6 years agoCorrect usbd_abort_pipe() signature.
mpi [Tue, 4 Sep 2018 12:46:32 +0000 (12:46 +0000)]
Correct usbd_abort_pipe() signature.

From Artturi Alm.

6 years agoIntroduce inet4applymask() which does the same as inet6applymask() and
claudio [Tue, 4 Sep 2018 12:00:29 +0000 (12:00 +0000)]
Introduce inet4applymask() which does the same as inet6applymask() and
can be used instead of doing direct fiddling around with struct in_addr.
Use it in a few cases where it makes the code more similar between INET
and INET6 case.
OK denis@

6 years agoInstead of bzero() use an assinment to zero struct in_addr.
claudio [Tue, 4 Sep 2018 10:48:39 +0000 (10:48 +0000)]
Instead of bzero() use an assinment to zero struct in_addr.

6 years agoremove unused flags
eric [Tue, 4 Sep 2018 10:08:22 +0000 (10:08 +0000)]
remove unused flags

6 years agokevent: Don't poll for nonzero timeouts < 1us.
cheloha [Tue, 4 Sep 2018 02:38:25 +0000 (02:38 +0000)]
kevent: Don't poll for nonzero timeouts < 1us.

Instead of truncating nanosecond timeouts to zero here and polling, we
should round up to a delay of at least a tick, just like all the other
timespec syscalls.

Fixed in NetBSD kern_event.c v1.62 and FreeBSD r247804.

ok millert@ visa@

6 years agoRemove bits about MODMONO_NANT in the lang/mono section; devel/nant does
bcallah [Mon, 3 Sep 2018 22:12:37 +0000 (22:12 +0000)]
Remove bits about MODMONO_NANT in the lang/mono section; devel/nant does
not exist anymore.
ok jca@ daniel@

6 years agoregen
jcs [Mon, 3 Sep 2018 19:52:51 +0000 (19:52 +0000)]
regen

6 years agoadd another toshiba nvme
jcs [Mon, 3 Sep 2018 19:51:48 +0000 (19:51 +0000)]
add another toshiba nvme

6 years agosimplify the smtp_command() function by splitting cmd handlers into
gilles [Mon, 3 Sep 2018 19:01:29 +0000 (19:01 +0000)]
simplify the smtp_command() function by splitting cmd handlers into
two sets of functions smtp_check_<verb> and smtp_proceed_<verb>. we
use the check functions to validate that verb is acceptable at this
point of a session and proceed to actually move the session forward

ok eric@

6 years agoStop using composite EVP_CIPHER AEADs.
jsing [Mon, 3 Sep 2018 18:00:50 +0000 (18:00 +0000)]
Stop using composite EVP_CIPHER AEADs.

The composite AEADs are "stitched" mode ciphers, that are only supported on
some architectures/CPUs and are designed to be faster than a separate
EVP_CIPHER and EVP_MD implementation. The three AEADs are used for less
than ideal cipher suites (if you have hardware support that these use
there are better cipher suite options), plus continuing to support AEADs
via EVP_CIPHER is creating additional code complexity.

ok inoguchi@ tb@

6 years agoStop handling AES-GCM via ssl_cipher_get_evp().
jsing [Mon, 3 Sep 2018 17:45:24 +0000 (17:45 +0000)]
Stop handling AES-GCM via ssl_cipher_get_evp().

All of the AES-GCM ciphersuites use the EVP_AEAD interface, so there is no
need to support them via EVP_CIPHER.

ok inoguchi@ tb@

6 years agobump max line size
gilles [Mon, 3 Sep 2018 17:41:55 +0000 (17:41 +0000)]
bump max line size

ok eric@

6 years agoClean up SSL_DES and SSL_IDEA remnants.
jsing [Mon, 3 Sep 2018 17:41:13 +0000 (17:41 +0000)]
Clean up SSL_DES and SSL_IDEA remnants.

All ciphersuites that used these encryption algorithms were removed some
time ago.

ok bcook@ inoguchi@ tb@

6 years agodocument "wrapper" in the local section; from matt schwartz
jmc [Mon, 3 Sep 2018 13:27:43 +0000 (13:27 +0000)]
document "wrapper" in the local section; from matt schwartz
ok gilles

while here, fix some spelling at eol whitespace introduced in previous;

6 years agouse new smarthost syntax in log message
eric [Mon, 3 Sep 2018 11:48:27 +0000 (11:48 +0000)]
use new smarthost syntax in log message

6 years agoUpdate and document syntax for smarthost string in smtpd.conf:
eric [Mon, 3 Sep 2018 11:30:14 +0000 (11:30 +0000)]
Update and document syntax for smarthost string in smtpd.conf:

- the +auth specifier is removed: it is implied by the presence of an
  auth label in the rest of the string
- secure:// is removed: use smtp+tls:// or smtps://
- tls:// is replaced by smtp+tls://
- smtp:// becomes SMTP with opportunistic STARTTLS
- smtp+tls:// becomes SMTP with mandatory STARTTLS

Adjust your config file accordingly.

ok gilles@

6 years agoAllow a large line number to go to the end with goto-line, from Mark
nicm [Mon, 3 Sep 2018 08:51:43 +0000 (08:51 +0000)]
Allow a large line number to go to the end with goto-line, from Mark
Kelly in GitHub issue 1460.

6 years agoFix selection test, from Takeshi Banse.
nicm [Mon, 3 Sep 2018 08:47:27 +0000 (08:47 +0000)]
Fix selection test, from Takeshi Banse.

6 years agoRemove round_buffersize function from drivers using the default buffersize
miko [Mon, 3 Sep 2018 05:37:32 +0000 (05:37 +0000)]
Remove round_buffersize function from drivers using the default buffersize
provided by the upper layer audio driver.

ok ratchov@

6 years agomailaddr matching was working for the exact and domain match, but not when
gilles [Sun, 2 Sep 2018 21:06:44 +0000 (21:06 +0000)]
mailaddr matching was working for the exact and domain match, but not when
only a user-part was supplied.

ok millert@ and eric@

6 years agoRemove a few unnecessary casts
tb [Sun, 2 Sep 2018 20:29:01 +0000 (20:29 +0000)]
Remove a few unnecessary casts

6 years agoPrint SKIPPED if package wycheproof-testvectors is missing. This
bluhm [Sun, 2 Sep 2018 20:09:29 +0000 (20:09 +0000)]
Print SKIPPED if package wycheproof-testvectors is missing.  This
is the magic string that is recognized by my test framework.
OK tb@

6 years agoRemove ECDH from TODO list. Done!
tb [Sun, 2 Sep 2018 17:29:17 +0000 (17:29 +0000)]
Remove ECDH from TODO list. Done!

6 years agoUnify FAIL printfs.
tb [Sun, 2 Sep 2018 17:28:01 +0000 (17:28 +0000)]
Unify FAIL printfs.

6 years agoAfter libcrypto/ecdh/ech_key.c -r1.8 fixed the failing test cases, remove
tb [Sun, 2 Sep 2018 17:24:02 +0000 (17:24 +0000)]
After libcrypto/ecdh/ech_key.c -r1.8 fixed the failing test cases, remove
two noisy INFO and reorder things a bit.

6 years agoElliptic curve arithmetic only makes sense between points that belong to
tb [Sun, 2 Sep 2018 17:20:31 +0000 (17:20 +0000)]
Elliptic curve arithmetic only makes sense between points that belong to
the same curve. Some Wycheproof tests violate this assumption, making
ECDH_compute_key() compute and return garbage. Check that pub_key lies
on the curve of the private key so that the calculations make sense.
Most paths that get here have this checked (in particular those from
OpenSSH and libssl), but one might get here after using d2i_* or manual
computation.

discussed with & ok jsing;
"good catch!" markus

6 years agoRun Wycheproof ECDH tests against libcrypto. Some tests currently fail,
tb [Sun, 2 Sep 2018 17:12:01 +0000 (17:12 +0000)]
Run Wycheproof ECDH tests against libcrypto. Some tests currently fail,
will be fixed with the next commit to libcrypto.

6 years agoUse a Boolean rather than repeated string comparison.
tb [Sun, 2 Sep 2018 17:05:51 +0000 (17:05 +0000)]
Use a Boolean rather than repeated string comparison.

6 years agoDocument how SIGHUP and log rotation works with syslogd(8). Do not
bluhm [Sun, 2 Sep 2018 14:32:12 +0000 (14:32 +0000)]
Document how SIGHUP and log rotation works with syslogd(8).  Do not
mention the PID file.  While there, use .Nm consistently.
wording from schwarze@; deraadt@ cheloha@ millert@ agree

6 years agoupdate tradcpp to 0.5.2
jsg [Sun, 2 Sep 2018 08:28:05 +0000 (08:28 +0000)]
update tradcpp to 0.5.2
ok miko@ bcallah@ deraadt@

6 years agoUpdate nmea(4) wrt talker ids.
landry [Sun, 2 Sep 2018 08:14:25 +0000 (08:14 +0000)]
Update nmea(4) wrt talker ids.

Prodded by semarie@, reworded by jmc@

6 years agoproperly deal with MAILER-DAEMON sender in LMTP
gilles [Sat, 1 Sep 2018 21:20:32 +0000 (21:20 +0000)]
properly deal with MAILER-DAEMON sender in LMTP

reported and fix tested by Mark Kane

6 years agoMatch on interfaces with Digitizers/Touchscreen collections, as long
jcs [Sat, 1 Sep 2018 20:50:16 +0000 (20:50 +0000)]
Match on interfaces with Digitizers/Touchscreen collections, as long
as they have an X usage.

Should get basic touchscreen functionality on some common
HID-over-i2c devices like laptops.

6 years agoFor touchscreen devices, use the first HUG_X/Y usage pages found
jcs [Sat, 1 Sep 2018 20:48:00 +0000 (20:48 +0000)]
For touchscreen devices, use the first HUG_X/Y usage pages found
when looking for logical min/max of screen.

ok kettenis

6 years agoclarify the forward-only delivery action
gilles [Sat, 1 Sep 2018 19:56:28 +0000 (19:56 +0000)]
clarify the forward-only delivery action

6 years agoPrevent ospf6d from starting when another process is listening on the
remi [Sat, 1 Sep 2018 19:21:10 +0000 (19:21 +0000)]
Prevent ospf6d from starting when another process is listening on the
control socket.

ok florian@

6 years agoAccidentally relayd(8) closed file descriptor 0 in the pfe child
bluhm [Sat, 1 Sep 2018 18:09:14 +0000 (18:09 +0000)]
Accidentally relayd(8) closed file descriptor 0 in the pfe child
process.  If env->sc_snmp is initialized with 0, snmp_init() closes
it.  Set it to -1 to prevent the close(2).
OK reyk@ benno@ millert@

6 years agoFix errno for post-lock unveil calls
deraadt [Sat, 1 Sep 2018 17:02:12 +0000 (17:02 +0000)]
Fix errno for post-lock unveil calls
from Jan Klemkow

6 years agoRemove 'overlap_allowance' parameter from bootstrap().
krw [Sat, 1 Sep 2018 16:55:29 +0000 (16:55 +0000)]
Remove 'overlap_allowance' parameter from bootstrap().

It was added to support Vax. Vax is dead Jim.

ok deraadt@

6 years agoTweak comment.
tb [Sat, 1 Sep 2018 16:23:15 +0000 (16:23 +0000)]
Tweak comment.

6 years agosync fatalx() message between smtp_client_{state,response}; ok stsp@ gilles@
miko [Sat, 1 Sep 2018 12:03:31 +0000 (12:03 +0000)]
sync fatalx() message between smtp_client_{state,response}; ok stsp@ gilles@

6 years agoMake 'ifconfig nwid' override 'ifconfig join'.
stsp [Sat, 1 Sep 2018 08:20:56 +0000 (08:20 +0000)]
Make 'ifconfig nwid' override 'ifconfig join'.

There was no way to override a decision made by join's network
selection algorithm (apart from disabling the feature by clearing
the join list). Automatic selection is based on heuristics which
cannot always guess correctly so we need to provide an override.

One specific problem was that if 'nwid foo' and 'nwid bar' were
both visible in the scan and only 'nwid foo' was a member of the
join list, then there was no way at all to connect to 'nwid bar'.
The wireless stack would keep selecting 'nwid foo' instead.

'ifconfig iwm0 nwid bar' command will now disable automatic
network selection and force the use of ESSID 'bar'.
Any of these commands will re-enable automatic network selection:
   ifconfig iwm0 -nwid
   ifconfig iwm0 nwid ''
   ifconfig iwm0 join some-network-id

ok phessler@ deraadt@

6 years agoupdate currency exchange rates;
jmc [Sat, 1 Sep 2018 06:27:32 +0000 (06:27 +0000)]
update currency exchange rates;

6 years agoRecognize more talker IDs when parsing NMEA RMC messages
landry [Sat, 1 Sep 2018 06:09:26 +0000 (06:09 +0000)]
Recognize more talker IDs when parsing NMEA RMC messages

The NMEA 0183 standard says that the first two chars correspond to the
'source' of the message, right now we were only looking for 'GP' prefix
for 'GPS', but this can also be 'GL' for Glonass, 'BD' for BeiDou, 'GA'
for Galileo, or 'GN' for a generic GNSS source.

Match the RMC messages from all those variants, with this i'm able to
use my navilock nl-8002u (which uses GNRMC) as a timedelta sensor for
ntpd, and i have my GPS position in the nmea(4) sensors.

ok deraadt@

6 years agoRemove RSA-PSS from todo-list
tb [Sat, 1 Sep 2018 05:57:23 +0000 (05:57 +0000)]
Remove RSA-PSS from todo-list

6 years agoRun Wycheproof RSASSA-PSS testvectors against libcrypto.
tb [Sat, 1 Sep 2018 05:56:24 +0000 (05:56 +0000)]
Run Wycheproof RSASSA-PSS testvectors against libcrypto.

6 years agojmc points out that the Nd should match the description in pci(4)
jmatthew [Fri, 31 Aug 2018 22:35:01 +0000 (22:35 +0000)]
jmc points out that the Nd should match the description in pci(4)

6 years agoUnsetting Initialized during syslogd die() is a relic from the time
bluhm [Fri, 31 Aug 2018 19:06:08 +0000 (19:06 +0000)]
Unsetting Initialized during syslogd die() is a relic from the time
when we had real signal handlers.  But now we use libevent, so
remove the old logic.
OK deraadt@ millert@

6 years agothe main process must chdir to /, since it cannot have daemon() do the
deraadt [Fri, 31 Aug 2018 18:45:02 +0000 (18:45 +0000)]
the main process must chdir to /, since it cannot have daemon() do the
job at startup.  After much anguish I accept dlg's solution of chdir
for the problem ("starting ntpd on a filesystem I want to unmount"),
but we cannot change the main-process daemon() call.  Why?  Because
the ntpd privsep design predates more modern designs where the config
file is parsed once, and configuration marshalled to the fork+exec
children.  Instead each ntpd process re-parses the config, and if
we chdir before fork+exec startup, it will move the basedir causing
-f "relativepath" to fail.

discussed with florian

6 years agoRemove unused argument to tls1_change_cipher_state_cipher().
jsing [Fri, 31 Aug 2018 18:31:34 +0000 (18:31 +0000)]
Remove unused argument to tls1_change_cipher_state_cipher().

6 years agoInstead of enumerating the files to clean by hand, set PROGS=${TESTS}.
tb [Fri, 31 Aug 2018 17:35:21 +0000 (17:35 +0000)]
Instead of enumerating the files to clean by hand, set PROGS=${TESTS}.

Suggested by jsing

6 years agoremove shadow variables for 'error' in usbioctl(); ok mpi@ ratchov@
miko [Fri, 31 Aug 2018 16:32:31 +0000 (16:32 +0000)]
remove shadow variables for 'error' in usbioctl(); ok mpi@ ratchov@

6 years agoclarify that patterns are extended regular expressions; ok millert@ phessler@
naddy [Fri, 31 Aug 2018 15:56:42 +0000 (15:56 +0000)]
clarify that patterns are extended regular expressions; ok millert@ phessler@

6 years agoDont print "default" for "0.0.0.0" if it is a host route.
yasuoka [Fri, 31 Aug 2018 15:18:02 +0000 (15:18 +0000)]
Dont print "default" for "0.0.0.0" if it is a host route.
diff from asou at soum.co.jp

ok claudio kn

6 years agoCadd a TDB `tdb' instead of `sa'.
mpi [Fri, 31 Aug 2018 12:55:46 +0000 (12:55 +0000)]
Cadd a TDB `tdb' instead of `sa'.

No functionnal change.

ok deraadt@, bluhm@, visa@

6 years agoPass the correct size to free(9) in the error path of db_ctf_decompress().
bluhm [Fri, 31 Aug 2018 11:57:04 +0000 (11:57 +0000)]
Pass the correct size to free(9) in the error path of db_ctf_decompress().
OK jasper@

6 years agoswitch to improved incoming message parser:
eric [Fri, 31 Aug 2018 07:28:27 +0000 (07:28 +0000)]
switch to improved incoming message parser:
- simpler interface not using callbacks
- no hard-coded line length
- avoid unnecessary string copy

ok gilles@

6 years agoich variable is only used in DPRINTF() and uaudio_get_cluster_nchan()
miko [Fri, 31 Aug 2018 07:18:18 +0000 (07:18 +0000)]
ich variable is only used in DPRINTF() and uaudio_get_cluster_nchan()
has no side effect, so setting value for ich can be moved under
UAUDIO_DEBUG.

ok ratchov

6 years agofix fd leak in an error path
jsg [Fri, 31 Aug 2018 05:20:36 +0000 (05:20 +0000)]
fix fd leak in an error path
ok mpi@

6 years agoMove kcov device definitions into <sys/conf.h>.
visa [Fri, 31 Aug 2018 04:20:37 +0000 (04:20 +0000)]
Move kcov device definitions into <sys/conf.h>.

OK anton@ deraadt@ kettenis@ mpi@

6 years agosync
jcs [Fri, 31 Aug 2018 02:32:57 +0000 (02:32 +0000)]
sync

6 years agoAdd more uhid devices, 8 total
jcs [Fri, 31 Aug 2018 02:32:29 +0000 (02:32 +0000)]
Add more uhid devices, 8 total

ok deraadt

6 years agomention bnxt(4)
jmatthew [Fri, 31 Aug 2018 00:10:20 +0000 (00:10 +0000)]
mention bnxt(4)

6 years agoenable bnxt(4)
jmatthew [Fri, 31 Aug 2018 00:09:13 +0000 (00:09 +0000)]
enable bnxt(4)

6 years agoUse correct environment variable to access remote machine.
bluhm [Thu, 30 Aug 2018 19:34:37 +0000 (19:34 +0000)]
Use correct environment variable to access remote machine.

6 years agoMake sure to clean up the .d files with 'make clean'
tb [Thu, 30 Aug 2018 18:36:59 +0000 (18:36 +0000)]
Make sure to clean up the .d files with 'make clean'

6 years agoNuke ssl_pending/ssl_shutdown function pointers.
jsing [Thu, 30 Aug 2018 16:56:16 +0000 (16:56 +0000)]
Nuke ssl_pending/ssl_shutdown function pointers.

ssl3_pending() is used for all protocols and dtls1_shutdown() just calls
ssl3_shutdown(), so just call the appropriate function directly instead.

ok beck@ inoguchi@ tb@

6 years agoMove .dynstr before _edata to fix image size calculation. The PE
patrick [Thu, 30 Aug 2018 14:39:46 +0000 (14:39 +0000)]
Move .dynstr before _edata to fix image size calculation.  The PE
header contains an image size field that is calculated using the
difference between the start of the header and edata.  Since we
copy out .dynstr into the EFI binary, make sure that .dynstr is
before edata so that it's included in the image size.  This makes
it consistent with efiboot on armv7.

ok kettenis@

6 years agoPractice safe free()'ing by setting alloc to NULL to
krw [Thu, 30 Aug 2018 13:07:19 +0000 (13:07 +0000)]
Practice safe free()'ing by setting alloc to NULL to
prevent double free.

Spotted by jsg@, simpler fix by myself and miko@.

ok jsg@

6 years agoNever let FS_RAID partition be named, a.k.a. given a mount point.
krw [Thu, 30 Aug 2018 12:30:08 +0000 (12:30 +0000)]
Never let FS_RAID partition be named, a.k.a. given a mount point.

Nuke pointless and inconsistant error message before one get_mp()
invocation.

ok otto@

6 years agofix double free in mib_carpgroupget() error path
jsg [Thu, 30 Aug 2018 12:25:40 +0000 (12:25 +0000)]
fix double free in mib_carpgroupget() error path
ok claudio@ miko@

6 years agofix memory leak in an error path
jsg [Thu, 30 Aug 2018 12:14:30 +0000 (12:14 +0000)]
fix memory leak in an error path
ok patrick@

6 years agofix use-after-free
eric [Thu, 30 Aug 2018 11:58:01 +0000 (11:58 +0000)]
fix use-after-free

spotted by jsg@
input from jsg@ miko@