openbsd
6 years agoIn x509_vfy.h rev. 1.22 2018/02/22 17:15:09, jsing@ provided
schwarze [Sun, 25 Feb 2018 17:46:38 +0000 (17:46 +0000)]
In x509_vfy.h rev. 1.22 2018/02/22 17:15:09, jsing@ provided
X509_STORE_up_ref(3).  X509_STORE_new(3) and X509_STORE_free(3)
have already been available earlier.  Import the documentation from
OpenSSL, adding some precision.

6 years agoBunch of whitespace fixes.
krw [Sun, 25 Feb 2018 17:24:44 +0000 (17:24 +0000)]
Bunch of whitespace fixes.

ok otto@

6 years agoIn x509_vfy.h rev. 1.21 2018/02/22 17:11:30, jsing@ provided
schwarze [Sun, 25 Feb 2018 16:26:15 +0000 (16:26 +0000)]
In x509_vfy.h rev. 1.21 2018/02/22 17:11:30, jsing@ provided
X509_STORE_CTX_get0_store(3).  It is undocumented in OpenSSL,
so write some documentation from scratch.

6 years agoIn x509_vfy.h rev. 1.21 2018/02/22 17:11:30, jsing@ provided
schwarze [Sun, 25 Feb 2018 16:04:07 +0000 (16:04 +0000)]
In x509_vfy.h rev. 1.21 2018/02/22 17:11:30, jsing@ provided
X509_STORE_CTX_get0_chain(3).  Adapt the documentation.

It is absurd that OpenSSL documents the two almost identical functions
X509_STORE_CTX_get0_chain(3) and X509_STORE_CTX_get1_chain(3) in
two different manual pages, with quite different wordings, and without
even referencing each other.  It is very obvious that they have
lost their way in their own mire of functions.

6 years agomuch better checks
espie [Sun, 25 Feb 2018 14:47:21 +0000 (14:47 +0000)]
much better checks
- add an explicit dir thingy so that we don't look for /var/db/pkg/+CONTENTS
- actually prepend dir name to info name, oops
- also check for files/dirs that do not belong to root:wheel or have too
lax permissions.

6 years agoadd explicit permission checks.
espie [Sun, 25 Feb 2018 14:20:39 +0000 (14:20 +0000)]
add explicit permission checks.
pkg_check is most often run as root. In case of a garbled file systems
it won't notice when permissions are completely wrong.

6 years agosprinkle quite a few more calls to safe
espie [Sun, 25 Feb 2018 14:19:26 +0000 (14:19 +0000)]
sprinkle quite a few more calls to safe

6 years agoRK3328 support.
kettenis [Sun, 25 Feb 2018 13:26:44 +0000 (13:26 +0000)]
RK3328 support.

6 years agoInitial RK3328 clocks.
kettenis [Sun, 25 Feb 2018 13:25:57 +0000 (13:25 +0000)]
Initial RK3328 clocks.

6 years agoDon't pass our configured SSID to iwm(4) firmware during a background scan.
stsp [Sun, 25 Feb 2018 12:40:51 +0000 (12:40 +0000)]
Don't pass our configured SSID to iwm(4) firmware during a background scan.
Apparently this can cause a firmware crash during a TX command on 7265 devices.
Why this happens is unclear.

Problem reported and workaround tested by trondd on bugs@
I have verified that hidden SSID APs still work, though we won't be able to
seamlessly roam between them anymore. Seems like a fair trade-off for now.

6 years agoMy previous commit to iwn(4) broke the scan loop.
stsp [Sun, 25 Feb 2018 12:40:06 +0000 (12:40 +0000)]
My previous commit to iwn(4) broke the scan loop.

The problem happened if we didn't find an AP to connect to after one scan
iteration. The net80211 stack then performs a SCAN -> SCAN transition to
kick off another scan, but the driver treated this transition as a no-op
and remained in SCAN state doing nothing.

To fix this, introduce a flag which keeps track of whether a firmware
scan command is in progress, and start another scan during a SCAN->SCAN
transition if no scan is in progress. Matches what iwm(4) does.
Note that previously (i.e. in 6.2), iwn(4) would always try to start
a new scan regardless of what the firmware was currently doing.

Problem noticed by myself and also by deraadt@
test & ok tb@

6 years agosync
tb [Sun, 25 Feb 2018 12:14:59 +0000 (12:14 +0000)]
sync

6 years agoIn x509.h rev. 1.37 2018/02/22 17:01:44, jsing@ provided
schwarze [Sun, 25 Feb 2018 10:53:16 +0000 (10:53 +0000)]
In x509.h rev. 1.37 2018/02/22 17:01:44, jsing@ provided
X509_CRL_set1_lastUpdate(3) and X509_CRL_set1_nextUpdate(3) and
in rev. 1.39 2018/02/22 17:06:42 X509_set1_notBefore(3) and
X509_set1_notAfter(3).  Document them, again from scratch
because what OpenSSL provides is slightly confusing.

6 years agoCorrect the description of ASN1_item_free(3) with respect to
schwarze [Sun, 25 Feb 2018 10:07:34 +0000 (10:07 +0000)]
Correct the description of ASN1_item_free(3) with respect to
optional reference counting.  ETOOMUCHMAGIC.  By the way, this
public hellhole is still undocumented in OpenSSL.

6 years agoIn x509.h rev. 1.35 2018/02/22 16:53:42, jsing@ provided
schwarze [Sun, 25 Feb 2018 09:49:08 +0000 (09:49 +0000)]
In x509.h rev. 1.35 2018/02/22 16:53:42, jsing@ provided
X509_CRL_up_ref(3).  Since it is undocumented in OpenSSL,
write some documentation from scratch.  While here, also
correct the description of X509_CRL_free(3) and mention
X509_CRL_dup(3), too.

6 years agoPp useless before/after S{h,s};
jmc [Sun, 25 Feb 2018 07:22:22 +0000 (07:22 +0000)]
Pp useless before/after S{h,s};

6 years agoset NCPU so the install script will use bsd.mp when hw.ncpufound > 1
jsg [Sun, 25 Feb 2018 01:53:29 +0000 (01:53 +0000)]
set NCPU so the install script will use bsd.mp when hw.ncpufound > 1
ok kettenis@

6 years agodefault the nvgre vnetid to the first valid value according to the rfc
dlg [Sun, 25 Feb 2018 01:52:25 +0000 (01:52 +0000)]
default the nvgre vnetid to the first valid value according to the rfc

6 years agoTypo: auxilliary -> auxiliary
guenther [Sun, 25 Feb 2018 01:45:01 +0000 (01:45 +0000)]
Typo: auxilliary -> auxiliary

6 years agogive egre an example
dlg [Sun, 25 Feb 2018 01:16:12 +0000 (01:16 +0000)]
give egre an example

nvgre had an example of joining nvgre networks together over the
internet with egre. this takes it away and reworks it for an egre
example.

while here, get rid of the hostnames in the shell prompts so things
are more consistent, which jmc and i discussed.

6 years agoIn x509.h rev. 1.34 2018/02/22 16:50:30, jsing@ provided
schwarze [Sat, 24 Feb 2018 23:42:40 +0000 (23:42 +0000)]
In x509.h rev. 1.34 2018/02/22 16:50:30, jsing@ provided
X509_REQ_get_signature_nid(3), in rev. 1.36 2018/02/22 16:58:45
X509_CRL_get_signature_nid(3), and in rev. 1.40 2018/02/22 17:09:28
X509_get0_tbs_sigalg(3).  Merge the documentation from OpenSSL.

6 years agoRK3328 support.
kettenis [Sat, 24 Feb 2018 22:28:08 +0000 (22:28 +0000)]
RK3328 support.

6 years agoIn x509.h rev. 1.33 2018/02/22 16:47:50, jsing@ provided
schwarze [Sat, 24 Feb 2018 21:39:29 +0000 (21:39 +0000)]
In x509.h rev. 1.33 2018/02/22 16:47:50, jsing@ provided
X509_REVOKED_get0_serialNumber(3) and X509_REVOKED_get0_revocationDate(3).
Merge the documentation from OpenSSL, but put it into X509_REVOKED_new(3)
rather than into X509_CRL_get0_by_serial(3) because it fits better there.

6 years agoRemove obsolete www/drupal6, www/horde and www/zope.
kn [Sat, 24 Feb 2018 21:22:44 +0000 (21:22 +0000)]
Remove obsolete www/drupal6, www/horde and www/zope.

Prompted by sthen.

6 years agoDocument MODCARO_RUSTFLAGS.
kn [Sat, 24 Feb 2018 21:05:57 +0000 (21:05 +0000)]
Document MODCARO_RUSTFLAGS.

ok sthen

6 years agoIf you can modify p_cpg in when 'm'odifying a partition, you should be
krw [Sat, 24 Feb 2018 21:00:00 +0000 (21:00 +0000)]
If you can modify p_cpg in when 'm'odifying a partition, you should be
able to do the same when 'a'dding a partition. Only in 'X'pert mode
of course.

ok otto@

6 years agoIn x509.h rev. 1.33 2018/02/22 16:47:50, jsing@ provided
schwarze [Sat, 24 Feb 2018 20:57:49 +0000 (20:57 +0000)]
In x509.h rev. 1.33 2018/02/22 16:47:50, jsing@ provided
X509_REVOKED_get0_extensions(3) and in rev. 1.36 2018/02/22 16:58:45
X509_CRL_get0_extensions(3).  Merge the documentation from OpenSSL
and fix a few minor typos while here.

6 years agoReplace popen/setjmp/pclose with a manual pipe/fork/exec/wait.
cheloha [Sat, 24 Feb 2018 20:00:07 +0000 (20:00 +0000)]
Replace popen/setjmp/pclose with a manual pipe/fork/exec/wait.

We can limit the time we wait on wall(1) without the complexity
inherent to setjmp.

Actually wait (instead of waitpid) to pick up any straggler wall
processes from prior timewarn() calls.

With a tweak from millert@ to ensure we don't accidentally close
stdin before we exec wall.

ok millert@ tb@

6 years agoIn ssl.h rev. 1.141 2018/02/20 18:07:11, tb@ provided
schwarze [Sat, 24 Feb 2018 19:24:09 +0000 (19:24 +0000)]
In ssl.h rev. 1.141 2018/02/20 18:07:11, tb@ provided
SSL_SESSION_get_protocol_version(3).
Import the documentation form OpenSSL, tweaked by me, OK tb@.

6 years agoIn bio.h rev. 1.39 2018/02/22 16:38:43, jsing@ provided BIO_up_ref(3).
schwarze [Sat, 24 Feb 2018 19:17:10 +0000 (19:17 +0000)]
In bio.h rev. 1.39 2018/02/22 16:38:43, jsing@ provided BIO_up_ref(3).
Merge the documentation from OpenSSL, tweaked by me.  While here,
fix the in parts imprecise, in parts incorrect descriptions of
BIO_new(3), BIO_set(3), BIO_free(3), and BIO_free_all(3).

6 years agoIn evp.h rev. 1.58 2018/02/20 18:05:28, tb@ provided
schwarze [Sat, 24 Feb 2018 17:11:20 +0000 (17:11 +0000)]
In evp.h rev. 1.58 2018/02/20 18:05:28, tb@ provided
EVP_PKEY_get0_EC_KEY(3).  Merge the documentation from OpenSSL.

6 years agoIn dh.h rev. 1.23 2018/02/20 17:59:31, tb@ provided DH_bits(3).
schwarze [Sat, 24 Feb 2018 15:18:47 +0000 (15:18 +0000)]
In dh.h rev. 1.23 2018/02/20 17:59:31, tb@ provided DH_bits(3).
Merge the documentation from OpenSSL, tweaked by me.

6 years agoIn bio.h rev. 1.35 2018/02/20 17:55:26, tb@ provided BIO_set_shutdown(3)
schwarze [Sat, 24 Feb 2018 15:03:35 +0000 (15:03 +0000)]
In bio.h rev. 1.35 2018/02/20 17:55:26, tb@ provided BIO_set_shutdown(3)
and BIO_get_shutdown(3).  Write the documentation from scratch because
what OpenSSL provides doesn't explain the difference to BIO_set_close(3)
and is also worded in a rather confusing way.

6 years agosync
sthen [Sat, 24 Feb 2018 14:28:58 +0000 (14:28 +0000)]
sync

6 years agobcmrng(4)
kettenis [Sat, 24 Feb 2018 14:10:36 +0000 (14:10 +0000)]
bcmrng(4)

6 years agoIn dsa.h rev. 1.28 2018/02/20 17:48:35, tb@ provided
schwarze [Sat, 24 Feb 2018 13:51:50 +0000 (13:51 +0000)]
In dsa.h rev. 1.28 2018/02/20 17:48:35, tb@ provided
DSA_SIG_get0(3) and DSA_SIG_set0(3).
Merge the documentation from OpenSSL, tweaked by me.

6 years agoEnable bcmrng(4).
kettenis [Sat, 24 Feb 2018 13:46:57 +0000 (13:46 +0000)]
Enable bcmrng(4).

6 years agoAdd bcmrng(4), a driver for the random number generator on the Raspberry Pi.
kettenis [Sat, 24 Feb 2018 13:46:22 +0000 (13:46 +0000)]
Add bcmrng(4), a driver for the random number generator on the Raspberry Pi.

6 years agoI wrote this in 2018. Pointed out by jmc@
kettenis [Sat, 24 Feb 2018 13:43:33 +0000 (13:43 +0000)]
I wrote this in 2018.  Pointed out by jmc@

6 years agoIn dsa.h rev. 1.27 2018/02/20 17:45:44, tb@ provided
schwarze [Sat, 24 Feb 2018 13:25:50 +0000 (13:25 +0000)]
In dsa.h rev. 1.27 2018/02/20 17:45:44, tb@ provided
DSA_clear_flags(3), DSA_test_flags(3), and DSA_set_flags(3),
and in rev. 1.29 2018/02/20 17:52:27 DSA_get0_engine(3).
Merge the documentation from OpenSSL, tweaked by me.

6 years agofix pasto
kettenis [Sat, 24 Feb 2018 13:23:21 +0000 (13:23 +0000)]
fix pasto

6 years agosort;
jmc [Sat, 24 Feb 2018 13:14:09 +0000 (13:14 +0000)]
sort;

6 years agoIn rsa.h rev. 1.37 2018/02/20 17:42:32, tb@ provided
schwarze [Sat, 24 Feb 2018 13:04:47 +0000 (13:04 +0000)]
In rsa.h rev. 1.37 2018/02/20 17:42:32, tb@ provided
RSA_clear_flags(3), RSA_test_flags(3), and RSA_set_flags(3).
Merge the documentation, tweaked by me.

6 years agoEnable interrupts while running interrupt handlers like we do on
jsg [Sat, 24 Feb 2018 12:46:45 +0000 (12:46 +0000)]
Enable interrupts while running interrupt handlers like we do on
agintc(4) and ampintc(4).

ok kettenis@ patrick@

6 years agoDeclare ci_ipl volatile to prevent the compiler from optimizing
visa [Sat, 24 Feb 2018 11:42:30 +0000 (11:42 +0000)]
Declare ci_ipl volatile to prevent the compiler from optimizing
or reordering accesses to the variable. Assume that the assembler
preserves the correct sequence of instructions, which allows the
removal of the explicit noreorder/reorder toggles from the C code.

With ci_ipl being volatile, drop mips_sync() calls that follow
the accesses of the variable. The sync is redundant as a compiler
barrier. In addition, the MIPS64 CPU designs should not need the
sync for pipeline or write buffer control. According to miod@,
the use of the instruction is a carryover from code targeting
early MIPS designs that lack tight integration with the cache
and write buffer.

Discussed with and testing help from miod@.
Tested on CN5020, CN6120, CN7130, CN7360, Loongson 2F and 3A1000,
R4400, R8000, R10000 and R16000.

6 years agobcmtemp(4)
kettenis [Sat, 24 Feb 2018 11:17:00 +0000 (11:17 +0000)]
bcmtemp(4)

6 years agoEnable bcmtemp(4).
kettenis [Sat, 24 Feb 2018 11:07:40 +0000 (11:07 +0000)]
Enable bcmtemp(4).

6 years agoAdd bcmtemp(4), a driver for the temperature sensor on the Raspberry Pi.
kettenis [Sat, 24 Feb 2018 11:06:59 +0000 (11:06 +0000)]
Add bcmtemp(4), a driver for the temperature sensor on the Raspberry Pi.

6 years agoadd an alias for vmctl show, matches finger memory and the rest of the
phessler [Sat, 24 Feb 2018 10:39:35 +0000 (10:39 +0000)]
add an alias for vmctl show, matches finger memory and the rest of the
*ctl programs

OK mlarkin@ benno@ deraadt@

6 years agoMake ncpusfound count the available processors even if they don't attach.
kettenis [Sat, 24 Feb 2018 09:45:10 +0000 (09:45 +0000)]
Make ncpusfound count the available processors even if they don't attach.

ok patrick@

6 years agomake the gre flowid output always 2 chars so payloads stay lined up.
dlg [Sat, 24 Feb 2018 08:53:36 +0000 (08:53 +0000)]
make the gre flowid output always 2 chars so payloads stay lined up.

6 years agowhen comparing nvgre entries, compare a with b, not a with itself.
dlg [Sat, 24 Feb 2018 07:20:04 +0000 (07:20 +0000)]
when comparing nvgre entries, compare a with b, not a with itself.

6 years agoreturn early on some unhandled ioctls rather than err().
dlg [Sat, 24 Feb 2018 06:31:47 +0000 (06:31 +0000)]
return early on some unhandled ioctls rather than err().

6 years agoDisable mailbox interrupts on all cores upon attach instead of enabling the
kettenis [Fri, 23 Feb 2018 21:47:08 +0000 (21:47 +0000)]
Disable mailbox interrupts on all cores upon attach instead of enabling the
mailbox 0 interrupt on all cores.  Seems to make GENERIC.MP work on the rpi3.

6 years ago'partions' -> 'partitions', nuke some erroneous whitespace.
krw [Fri, 23 Feb 2018 21:39:58 +0000 (21:39 +0000)]
'partions' -> 'partitions', nuke some erroneous whitespace.

ok otto@

6 years agoAfter opening a file with gzdopen(3), we have to call gzclose(3) or
schwarze [Fri, 23 Feb 2018 21:34:37 +0000 (21:34 +0000)]
After opening a file with gzdopen(3), we have to call gzclose(3) or
we leak memory internally used by zlib to keep compression state.
Bug reported by Wolfgang Mueller <vehk at vehk dot de> who also
provided an incomplete patch, part of which i'm using in this commit.

6 years agoIn bio.h rev. 1.34 2018/02/20 17:15:27, jsing@ provided
schwarze [Fri, 23 Feb 2018 19:12:09 +0000 (19:12 +0000)]
In bio.h rev. 1.34 2018/02/20 17:15:27, jsing@ provided
BIO_get_new_index(3), in rev. 1.37 2018/02/20 18:13:31, tb@ provided
BIO_meth_get_read(3), BIO_meth_get_puts(3), BIO_meth_get_gets(3),
BIO_meth_get_ctrl(3), BIO_meth_get_create(3), and BIO_meth_get_destroy(3),
and in rev. 1.38 2018/02/20 18:17:17 BIO_meth_get_callback_ctrl(3)
and BIO_meth_set_callback_ctrl(3).
BIO_meth_get_write(3) will become public with the next minor bump.
Merge the documentation from OpenSSL, tweaked by me, OK tb@.

6 years agoGet rid of the cpu_on_fn hook and call the psci(4) functions directly instead
kettenis [Fri, 23 Feb 2018 19:08:56 +0000 (19:08 +0000)]
Get rid of the cpu_on_fn hook and call the psci(4) functions directly instead
like we already do in the code that flushes the BTB.

ok jsg@

6 years agoclarify documentation of macro keys
schwarze [Fri, 23 Feb 2018 18:53:49 +0000 (18:53 +0000)]
clarify documentation of macro keys

6 years agoLogically, the following are are type names - just like .Vt,
schwarze [Fri, 23 Feb 2018 18:24:41 +0000 (18:24 +0000)]
Logically, the following are are type names - just like .Vt,
some of them with an optional variable name following:
- .Ft
- .Fa in the SYNOPSIS
- .Fn second and later arguments in the SYNOPSIS
So add these to the .Vt macro table in the mandoc.db(5) database.
During my LibreSSL work, i'm getting really tired of typing
$ man -k Vt,Ft,Fa=some_type_name
over and over again; now, this becomes just:
$ man -k Vt=some_type_name

6 years agoAdd experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
markus [Fri, 23 Feb 2018 15:58:37 +0000 (15:58 +0000)]
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@

6 years agoDrop redundant bzero() calls. ses_ghash is allocated with M_ZERO, so
visa [Fri, 23 Feb 2018 15:41:08 +0000 (15:41 +0000)]
Drop redundant bzero() calls. ses_ghash is allocated with M_ZERO, so
it is unnecessary to zero the struct's fields right after allocation.

OK mikeb@

6 years agoIn dh.h rev. 1.22 2018/02/20 17:38:15, tb@ provided
schwarze [Fri, 23 Feb 2018 14:50:21 +0000 (14:50 +0000)]
In dh.h rev. 1.22 2018/02/20 17:38:15, tb@ provided
DH_clear_flags(3), DH_test_flags(3), and DH_set_flags(3),
in rev. 1.24 2018/02/20 18:01:42 DH_set_length(3), and
in rev. 1.25 2018/02/22 16:41:04, jsing@ provided DH_get0_engine(3).
Merge the documentation from OpenSSL, tweaked by me.

6 years agoIn bn.h rev. 1.38 2018/02/20 17:13:14, jsing@ provided
schwarze [Fri, 23 Feb 2018 12:16:08 +0000 (12:16 +0000)]
In bn.h rev. 1.38 2018/02/20 17:13:14, jsing@ provided
BN_GENCB_new(3), BN_GENCB_free(3), and BN_GENCB_get_arg(3).
Merge the documentation from OpenSSL, verbatim.

6 years agovarious tweaks; ok dlg
jmc [Fri, 23 Feb 2018 09:50:30 +0000 (09:50 +0000)]
various tweaks; ok dlg

6 years agosome cleanup for BindInterface and ssh-keyscan;
jmc [Fri, 23 Feb 2018 07:38:09 +0000 (07:38 +0000)]
some cleanup for BindInterface and ssh-keyscan;

6 years agoregen
dlg [Fri, 23 Feb 2018 07:05:39 +0000 (07:05 +0000)]
regen

6 years agomasanobu saitoh pointed out i had the wrong id for XXV710 SFP28 devs
dlg [Fri, 23 Feb 2018 07:04:57 +0000 (07:04 +0000)]
masanobu saitoh pointed out i had the wrong id for XXV710 SFP28 devs

6 years agoAdd unsetrdomain() and option -rdomain to return an interface to routing
akoshibe [Fri, 23 Feb 2018 05:17:39 +0000 (05:17 +0000)]
Add unsetrdomain() and option -rdomain to return an interface to routing
domain 0.

OK phessler, henning, deraadt, stsp, benno

6 years agoAdd ssh-keyscan -D option to make it print its results in SSHFP format
djm [Fri, 23 Feb 2018 05:14:05 +0000 (05:14 +0000)]
Add ssh-keyscan -D option to make it print its results in SSHFP format
bz#2821, ok dtucker@

6 years agoAdd missing braces.
dtucker [Fri, 23 Feb 2018 04:18:46 +0000 (04:18 +0000)]
Add missing braces.
Caught by the tinderbox's -Werror=misleading-indentation,  ok djm@

6 years agolint fix
dlg [Fri, 23 Feb 2018 03:03:36 +0000 (03:03 +0000)]
lint fix

6 years agounbreak interop test after SSHv1 purge;
djm [Fri, 23 Feb 2018 03:03:00 +0000 (03:03 +0000)]
unbreak interop test after SSHv1 purge;
patch from Colin Watson via bz#2823

6 years agoadd a SECURITY CONSIDERATIONS section.
dlg [Fri, 23 Feb 2018 03:01:34 +0000 (03:01 +0000)]
add a SECURITY CONSIDERATIONS section.

mdoc(7) says that section goes last, which is where i put it. i
kind of want it before EXAMPLES though.

6 years agoprovide some (probably too many) nvgre(4) examples
dlg [Fri, 23 Feb 2018 02:52:28 +0000 (02:52 +0000)]
provide some (probably too many) nvgre(4) examples

6 years agoAdd BindInterface ssh_config directive and -B command-line argument
djm [Fri, 23 Feb 2018 02:34:33 +0000 (02:34 +0000)]
Add BindInterface ssh_config directive and -B command-line argument
to ssh(1) that directs it to bind its outgoing connection to the
address of the specified network interface.

BindInterface prefers to use addresses that aren't loopback or link-
local, but will fall back to those if no other addresses of the
required family are available on that interface.

Based on patch by Mike Manning in bz#2820, ok dtucker@

6 years agotry to fix the nvgre words a bit
dlg [Thu, 22 Feb 2018 23:03:34 +0000 (23:03 +0000)]
try to fix the nvgre words a bit

6 years agosync
naddy [Thu, 22 Feb 2018 22:43:20 +0000 (22:43 +0000)]
sync

6 years agospeeling
dlg [Thu, 22 Feb 2018 22:17:01 +0000 (22:17 +0000)]
speeling

6 years agoIn x509.h rev. 1.32 2018/02/20 17:09:20, jsing@ provided
schwarze [Thu, 22 Feb 2018 21:53:23 +0000 (21:53 +0000)]
In x509.h rev. 1.32 2018/02/20 17:09:20, jsing@ provided
X509_NAME_get0_der(3).  Document it without using anything
from the existing OpenSSL X509_NAME_get0_der(3) manual page
because that page fails to mention the similarity to i2d_X509_NAME(3)
and also fails to explain how both differ, likely causing users
to pick the wrong one for their purposes.

6 years agoSet the PG_G (global) bit on the special page table entries that are shared
guenther [Thu, 22 Feb 2018 20:36:40 +0000 (20:36 +0000)]
Set the PG_G (global) bit on the special page table entries that are shared
between the u-k and u+k tables, because they're actually in *all* tables.

ok bluhm@ kettenis@ mlarkin@

6 years agoThe compile time assertion for cpu info did not work with gcc.
bluhm [Thu, 22 Feb 2018 20:27:14 +0000 (20:27 +0000)]
The compile time assertion for cpu info did not work with gcc.
Rephrase the condition in a way that both gcc and clang accept it.
OK guenther@

6 years agoThe GNU assembler does not understand 1ULL, so replace the constant
bluhm [Thu, 22 Feb 2018 20:18:59 +0000 (20:18 +0000)]
The GNU assembler does not understand 1ULL, so replace the constant
with 1.  Then it compiles with gcc, sign and size do not matter
here.
OK mlarkin@

6 years agosync
jsing [Thu, 22 Feb 2018 17:36:55 +0000 (17:36 +0000)]
sync

6 years agoBump lib{crypto,ssl,tls} minors due to symbol additions.
jsing [Thu, 22 Feb 2018 17:34:42 +0000 (17:34 +0000)]
Bump lib{crypto,ssl,tls} minors due to symbol additions.

6 years agoProvide SSL_is_server().
jsing [Thu, 22 Feb 2018 17:30:25 +0000 (17:30 +0000)]
Provide SSL_is_server().

6 years agoProvide SSL_up_ref().
jsing [Thu, 22 Feb 2018 17:29:24 +0000 (17:29 +0000)]
Provide SSL_up_ref().

6 years agoProvide SSL_CTX_get_ciphers().
jsing [Thu, 22 Feb 2018 17:27:06 +0000 (17:27 +0000)]
Provide SSL_CTX_get_ciphers().

6 years agoProvide SSL_SESSION_up_ref().
jsing [Thu, 22 Feb 2018 17:25:18 +0000 (17:25 +0000)]
Provide SSL_SESSION_up_ref().

6 years agoProvide X509_chain_up_ref().
jsing [Thu, 22 Feb 2018 17:22:02 +0000 (17:22 +0000)]
Provide X509_chain_up_ref().

From BoringSSL.

6 years agoProvide X509_STORE_get0_objects(), X509_STORE_get_ex_data() and
jsing [Thu, 22 Feb 2018 17:19:31 +0000 (17:19 +0000)]
Provide X509_STORE_get0_objects(), X509_STORE_get_ex_data() and
X509_STORE_set_ex_data().

6 years agoProvide X509_OBJECT_get0_X509() and X509_OBJECT_get0_X509_CRL().
jsing [Thu, 22 Feb 2018 17:17:09 +0000 (17:17 +0000)]
Provide X509_OBJECT_get0_X509() and X509_OBJECT_get0_X509_CRL().

6 years agoProvide X509_STORE_up_ref().
jsing [Thu, 22 Feb 2018 17:15:09 +0000 (17:15 +0000)]
Provide X509_STORE_up_ref().

6 years agoProvide X509_STORE_CTX_get0_chain() and X509_STORE_CTX_get0_store().
jsing [Thu, 22 Feb 2018 17:11:30 +0000 (17:11 +0000)]
Provide X509_STORE_CTX_get0_chain() and X509_STORE_CTX_get0_store().

6 years agoIn x509.h rev. 1.30 2018/02/20 17:04:58, jsing@ provided
schwarze [Thu, 22 Feb 2018 17:10:00 +0000 (17:10 +0000)]
In x509.h rev. 1.30 2018/02/20 17:04:58, jsing@ provided
X509_CRL_get0_lastUpdate(3) and X509_CRL_get0_nextUpdate(3).
Document them.

6 years agoProvide X509_get0_tbs_sigalg().
jsing [Thu, 22 Feb 2018 17:09:28 +0000 (17:09 +0000)]
Provide X509_get0_tbs_sigalg().

6 years agoProvide X509_set1_notBefore() and X509_set1_notAfter().
jsing [Thu, 22 Feb 2018 17:06:42 +0000 (17:06 +0000)]
Provide X509_set1_notBefore() and X509_set1_notAfter().

6 years agoProvide X509_get0_pubkey().
jsing [Thu, 22 Feb 2018 17:05:35 +0000 (17:05 +0000)]
Provide X509_get0_pubkey().

6 years agoProvide X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate().
jsing [Thu, 22 Feb 2018 17:01:44 +0000 (17:01 +0000)]
Provide X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate().

6 years agoProvide X509_CRL_get0_extensions() and X509_CRL_get_signature_nid().
jsing [Thu, 22 Feb 2018 16:58:45 +0000 (16:58 +0000)]
Provide X509_CRL_get0_extensions() and X509_CRL_get_signature_nid().