espie [Mon, 13 Jan 2014 09:42:53 +0000 (09:42 +0000)]
premature, only wanted to commit n: -> n
espie [Mon, 13 Jan 2014 09:41:16 +0000 (09:41 +0000)]
duh, -n does not take args
mpi [Mon, 13 Jan 2014 09:27:39 +0000 (09:27 +0000)]
Return the poison value in poison_check() and not the modified value.
ok tedu@
krw [Mon, 13 Jan 2014 02:38:52 +0000 (02:38 +0000)]
warning(), note(), debug(), parse_warn() always return 0, which no
caller checks or saves. So just void them all.
martynas [Mon, 13 Jan 2014 01:44:31 +0000 (01:44 +0000)]
Enable Wbounded by default. Passing bound bigger than the buffer
size almost always has security implications. I think this quote
from Theo summarizes the situation best:
Which is why it is important to have at least one unforgiving
platform in the ecosystem which properly labels shit shit.
That's OpenBSD. If anyone can't handle that, they can go to platforms
which hide the reality.
tedu [Mon, 13 Jan 2014 01:41:34 +0000 (01:41 +0000)]
new signify options. from and ok espie
tedu [Mon, 13 Jan 2014 01:41:00 +0000 (01:41 +0000)]
dang it!
tedu [Mon, 13 Jan 2014 01:40:43 +0000 (01:40 +0000)]
new day, new options. -m message and -x signature.
this should be less confusing and more consistent in various modes.
also support stdin/stdout where feasible. touch up usage to be helpful.
ok deraadt
deraadt [Sun, 12 Jan 2014 21:57:59 +0000 (21:57 +0000)]
Place a SHA256 (not SHA256.sig, sorry not yet) onto the install*.iso
media to give some upcoming changes a chance of working.
Long discussions with todd and rpe
tedu [Sun, 12 Jan 2014 21:18:52 +0000 (21:18 +0000)]
we only write to writable files, so use O_WRONLY.
st_size is only meaningful for regular files, so check S_ISREG
phessler [Sun, 12 Jan 2014 20:23:29 +0000 (20:23 +0000)]
revert back to 1.97
There is a memory leak when using internal GZip, so switch back to the
external gzip for now.
OK espie@
rpe [Sun, 12 Jan 2014 17:17:12 +0000 (17:17 +0000)]
add missing dash in -p option
OK tedu@ jmc@
stsp [Sun, 12 Jan 2014 15:38:06 +0000 (15:38 +0000)]
Remove no-op 'HIDE' macro from sppp code. This probably existed to allow
for easy switching to static functions. But we don't usually have static
functions in the kernel.
ok deraadt mpi mikeb
matthieu [Sun, 12 Jan 2014 15:07:47 +0000 (15:07 +0000)]
Directories updates for freetype 2.5.2
deraadt [Sun, 12 Jan 2014 11:32:47 +0000 (11:32 +0000)]
improve release directory example
deraadt [Sun, 12 Jan 2014 11:26:48 +0000 (11:26 +0000)]
plen is unsigned
deraadt [Sun, 12 Jan 2014 11:26:17 +0000 (11:26 +0000)]
sync
deraadt [Sun, 12 Jan 2014 11:26:08 +0000 (11:26 +0000)]
crank to 5.5beta
espie [Sun, 12 Jan 2014 11:18:57 +0000 (11:18 +0000)]
allow prev release keys for now, transition 5.4 -> 5.5 kindof requires
it.
jmc [Sun, 12 Jan 2014 09:33:32 +0000 (09:33 +0000)]
expand the "eval" description a little; from wiz@netbsd
djm [Sun, 12 Jan 2014 08:13:13 +0000 (08:13 +0000)]
avoid use of OpenSSL BIGNUM type and functions for KEX with
Curve25519 by adding a buffer_put_bignum2_from_string() that stores
a string using the bignum encoding rules. Will make it easier to
build a reduced-feature OpenSSH without OpenSSL in the future;
ok markus@
deraadt [Sun, 12 Jan 2014 05:46:50 +0000 (05:46 +0000)]
subtly improve an example
deraadt [Sun, 12 Jan 2014 04:37:51 +0000 (04:37 +0000)]
Also move case 'c' into the #ifdef for a smaller binary. It will fall into
default, giving a nice failure. I have not removed -c from the usage()
or getopt() because it is too much butchering...
krw [Sun, 12 Jan 2014 04:17:36 +0000 (04:17 +0000)]
Since the return value of read_client_conf() is not checked, don't
bother returning one.
deraadt [Sun, 12 Jan 2014 03:07:41 +0000 (03:07 +0000)]
update list of chips supported, Chris Hettrick
deraadt [Sun, 12 Jan 2014 01:40:12 +0000 (01:40 +0000)]
sync
halex [Sat, 11 Jan 2014 23:28:02 +0000 (23:28 +0000)]
when selecting sets to install, postpone the xbase/comp check so the
comp set does not get readded if the xbase set is being removed later
on the same input line
"nice semantics" deraadt@
naddy [Sat, 11 Jan 2014 22:26:01 +0000 (22:26 +0000)]
test pkg key for during the 5.5-beta sequence
sthen [Sat, 11 Jan 2014 22:18:06 +0000 (22:18 +0000)]
test fw key for during the 5.5-beta sequence
schwarze [Sat, 11 Jan 2014 22:16:03 +0000 (22:16 +0000)]
Remove useless use of strnlen(3).
Yuckiness pointed out by deraadt@.
deraadt [Sat, 11 Jan 2014 22:15:55 +0000 (22:15 +0000)]
test key for during the 5.5-beta sequence
espie [Sat, 11 Jan 2014 19:23:39 +0000 (19:23 +0000)]
fchownat is allowed to return EOPNOTSUPP
okay guenther@
espie [Sat, 11 Jan 2014 18:34:20 +0000 (18:34 +0000)]
typos, from Markus Lude, thx!
florian [Sat, 11 Jan 2014 14:37:51 +0000 (14:37 +0000)]
Sync description of struct pf_osfp_entry to rev 1.393 of pfvar.h
OK deraadt@
bluhm [Sat, 11 Jan 2014 14:33:48 +0000 (14:33 +0000)]
When I created UDP socket splicing, I added the goto nextpkt loop
to splice multiple UDP packets in the m_nextpkt list. Some profiling
with TCP splicing showed that checking so_rcv.sb_mb is wrong. It
causes several useless runs through the loop. Better check for
nextrecord which contains the original m_nextpkt value of the mbuf.
OK mikeb@
deraadt [Sat, 11 Jan 2014 14:28:26 +0000 (14:28 +0000)]
add a few things mumble
sthen [Sat, 11 Jan 2014 13:50:56 +0000 (13:50 +0000)]
remove extraneous D, from Markus Lude
espie [Sat, 11 Jan 2014 11:54:43 +0000 (11:54 +0000)]
simplify code: always extract, then install, so that initial installations
and updates are more similar.
espie [Sat, 11 Jan 2014 11:51:01 +0000 (11:51 +0000)]
a bit of spring cleanup in advance: scrape old stuff that's not really
used.
guenther [Sat, 11 Jan 2014 06:28:46 +0000 (06:28 +0000)]
optarg/optind are declared in <unistd.h>, so kill the externs here
brad [Sat, 11 Jan 2014 05:44:11 +0000 (05:44 +0000)]
regen
brad [Sat, 11 Jan 2014 05:43:33 +0000 (05:43 +0000)]
add some more Realtek Card Reader chipsets.
deraadt [Sat, 11 Jan 2014 05:40:14 +0000 (05:40 +0000)]
No need for a bin/cpio link on the media, because the pax|tar binary does
not support cpio anymore.
deraadt [Sat, 11 Jan 2014 05:37:16 +0000 (05:37 +0000)]
Butcher a smaller tar/pax here, which has no cpio support
ok guenther
deraadt [Sat, 11 Jan 2014 05:36:26 +0000 (05:36 +0000)]
Add -DNOCPIO option for use by distrib/special
ok guenther tedu
lteo [Sat, 11 Jan 2014 04:46:15 +0000 (04:46 +0000)]
Sync the comments for the M_ICMP_CSUM_* flags with their descriptions in
the mbuf(9) man page.
deraadt [Sat, 11 Jan 2014 04:44:15 +0000 (04:44 +0000)]
Create cleaner & less noisy makefiles, now that we've been using
this for 20 years. We don't need to see the splatter as much anymore.
deraadt [Sat, 11 Jan 2014 04:43:00 +0000 (04:43 +0000)]
just a little TLC
lteo [Sat, 11 Jan 2014 04:41:08 +0000 (04:41 +0000)]
Let tcpdump detect bad ICMPv6 checksums with the -v flag.
Tested on amd64, i386, loongson, and macppc.
OK florian@
lteo [Sat, 11 Jan 2014 04:40:45 +0000 (04:40 +0000)]
Let tcpdump detect bad ICMP checksums with the -v flag.
Tested on amd64, i386, loongson, and macppc.
OK florian@
lteo [Sat, 11 Jan 2014 04:35:52 +0000 (04:35 +0000)]
Make icmp_print() accept the length variable, which is the length of the
packet without the IP header. This is needed by the next commit that
will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this
length variable, so this change makes icmp_print() consistent with
them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
lteo [Sat, 11 Jan 2014 04:29:07 +0000 (04:29 +0000)]
Check the return value of fstat() in readmsg().
OK deraadt@ tedu@
deraadt [Sat, 11 Jan 2014 04:01:13 +0000 (04:01 +0000)]
use -DSHA2_ONLY to be more clear about what we are butchering
idea from tedu
deraadt [Sat, 11 Jan 2014 03:35:57 +0000 (03:35 +0000)]
use NOMAN=1 for all directories
deraadt [Sat, 11 Jan 2014 03:35:14 +0000 (03:35 +0000)]
unify with other Makefiles around here
millert [Fri, 10 Jan 2014 23:01:29 +0000 (23:01 +0000)]
Use strtoul() to do octal and hex character conversion instead of
custom code.
deraadt [Fri, 10 Jan 2014 22:54:12 +0000 (22:54 +0000)]
improve ntpctl usage so that the manual page does not need to be read
every time
ok jmc
tobiasu [Fri, 10 Jan 2014 22:52:50 +0000 (22:52 +0000)]
Don't overwrite the regress target, provide a test target instead. This allows
the test target to fail without terminating overall regression tests. Clean up
a little.
Also adjust orders.txt.sig comment to new reality, making the test pass again.
Looks ok to sthen@
brad [Fri, 10 Jan 2014 22:34:48 +0000 (22:34 +0000)]
regen
mlarkin [Fri, 10 Jan 2014 22:34:41 +0000 (22:34 +0000)]
Resurrect the "park APs in realmode" idea that we explored back at t2k13
(and which didn't work at that time due to a bug which has since been
fixed). The APs are now demoted to real mode and placed in a HLT loop
while the hibernated image is being unpacked.
Helps my x230 significantly, no more spurious reboots on resume.
ok deraadt
brad [Fri, 10 Jan 2014 22:34:17 +0000 (22:34 +0000)]
Add the ULT Haswell host bridge id.
Was intending to add this but also reminded by mark rowland
brad [Fri, 10 Jan 2014 22:01:30 +0000 (22:01 +0000)]
Add MSI support.
Tested by comete@daknet.org and vigdis+obsd@chown.me.
florian [Fri, 10 Jan 2014 21:57:44 +0000 (21:57 +0000)]
Fix the unitialized rtableid bug discovered and fixed in the previous
commit by brad@ by calling setsockopt SO_RTABLE only when -V is
present. As a bonus drop privileges very early in main, before option
parsing.
This brings ping6 more in line with what ping does and will make
eventual unification easier.
OK deraadt@
"works for me" brad@
deraadt [Fri, 10 Jan 2014 21:45:04 +0000 (21:45 +0000)]
depluralize
ok jmc
deraadt [Fri, 10 Jan 2014 20:53:45 +0000 (20:53 +0000)]
match what hppa is doing now (not tested, but should be right)
ok miod jsing
deraadt [Fri, 10 Jan 2014 20:53:19 +0000 (20:53 +0000)]
correct argument handling; this has been broken since to beginning
and was writing to wrong memory.
ok jsing miod guenther
jmc [Fri, 10 Jan 2014 20:20:34 +0000 (20:20 +0000)]
do not list sha1 and sha256 in SEE ALSO, since md5 is already there, and
they're one and the same page now;
jmc [Fri, 10 Jan 2014 20:14:08 +0000 (20:14 +0000)]
catch up to the fact that md5/sha* got merged, and document -c consistently;
some style and cleanup tweaks while here
ok deraadt
lteo [Fri, 10 Jan 2014 18:52:22 +0000 (18:52 +0000)]
Add MISSING to the list of possible results of a checklist comparison.
lteo [Fri, 10 Jan 2014 18:51:05 +0000 (18:51 +0000)]
When using a checklist, print MISSING for non-existent files.
Based on an earlier diff by tedu@
Requested by deraadt@
OK deraadt@
deraadt [Fri, 10 Jan 2014 17:52:50 +0000 (17:52 +0000)]
sort options
deraadt [Fri, 10 Jan 2014 17:47:44 +0000 (17:47 +0000)]
tedu merged the hash manual pages back together. This goes even further,
repairing the documentation for the -c option.
sthen [Fri, 10 Jan 2014 17:41:39 +0000 (17:41 +0000)]
Remove unnecessary rc_post from rc.d/nsd.
It was there to try and ensure that failure was reported if nsd stopped
shortly after startup (as it used to do if the address was in use, etc),
but this is no longer the case with nsd 4 which returns a failure at
startup in these cases, and having it there breaks properly printing
"(ok)" when stopping.
tedu [Fri, 10 Jan 2014 17:38:24 +0000 (17:38 +0000)]
-c comment, for people who don't like the default. ok deraadt
jsing [Fri, 10 Jan 2014 16:34:25 +0000 (16:34 +0000)]
Use arc4random instead of random in the flock regress tests.
ok deraadt@
espie [Fri, 10 Jan 2014 16:09:08 +0000 (16:09 +0000)]
likewise. this is useless
espie [Fri, 10 Jan 2014 16:05:31 +0000 (16:05 +0000)]
by popular demand, remove excessive paranoia
espie [Fri, 10 Jan 2014 14:34:02 +0000 (14:34 +0000)]
signify silent by default, don't bother working around stdout.
tedu [Fri, 10 Jan 2014 14:29:08 +0000 (14:29 +0000)]
replace the rest of the obsolete radix macros
sprinkle 0 -> NULL where obvious
ok millert mpi
jsing [Fri, 10 Jan 2014 14:16:42 +0000 (14:16 +0000)]
Make this work on hppa.
deraadt [Fri, 10 Jan 2014 14:06:18 +0000 (14:06 +0000)]
be a bit more careful
jsing [Fri, 10 Jan 2014 13:45:00 +0000 (13:45 +0000)]
Do not include MD assembly code in a sys regress test. Untested on alpha,
however it has a much better chance of compiling than it did previously.
sobrado [Fri, 10 Jan 2014 12:07:19 +0000 (12:07 +0000)]
Using random-id is recommended in combination with no-df to ensure
unique IP identifiers.
ok henning@
sthen [Fri, 10 Jan 2014 11:19:31 +0000 (11:19 +0000)]
revert previous; height is never changed, but top is changed.
ok espie@ who saw intermittent sigbus in ports/math/hc with this.
deraadt [Fri, 10 Jan 2014 07:57:24 +0000 (07:57 +0000)]
remove md5 after installing it (with the links to the sha256/512 commands).
this is because the md5/sha256/sha512 are in the same binary, found in the
md5 directory, but the version on the media lacks md5 support. Understand?
jmc [Fri, 10 Jan 2014 07:53:04 +0000 (07:53 +0000)]
no Pp before or after Sh;
brad [Fri, 10 Jan 2014 06:18:40 +0000 (06:18 +0000)]
Fix a bug found in ping6 when rebuilding with stack protector strong.
rtableid is unitialized; the stack protector strong binary would fail
to set the routing table id. Copy the rtableid initialization over to
ping to keep what is essentially similar code in sync.
ok deraadt@
djm [Fri, 10 Jan 2014 05:59:19 +0000 (05:59 +0000)]
the /etc/ssh/ssh_host_ed25519_key is loaded by default too
tedu [Fri, 10 Jan 2014 05:34:46 +0000 (05:34 +0000)]
the -c option is really a mode change, incompatible with other options.
(there are some others too, but -c is particularly misleading.) split it
out in synopsis and usage.
ok deraadt
guenther [Fri, 10 Jan 2014 04:54:35 +0000 (04:54 +0000)]
ddpcb and unixsw symbols are no longer used with kvm_read
ok deraadt@
guenther [Fri, 10 Jan 2014 04:53:35 +0000 (04:53 +0000)]
Copy changes from ls -l to find -ls: print future times with year and use
strftime() instead of parsing ctime()'s output.
ok millert@
tedu [Fri, 10 Jan 2014 04:49:35 +0000 (04:49 +0000)]
quiet time. printing verified was an artifact of development, to be sure
we didn't accidentally fall through main without doing anything, but tools
should be quiet unless there's an error.
tedu [Fri, 10 Jan 2014 04:36:58 +0000 (04:36 +0000)]
use a single positional argument instead of a creeping list of __progname
tedu [Fri, 10 Jan 2014 04:34:24 +0000 (04:34 +0000)]
a little more consistent with names, notably call signature files sigfiles
for short, instead of output.
tedu [Fri, 10 Jan 2014 04:28:57 +0000 (04:28 +0000)]
base64.c workaround keeps sneaking back in
deraadt [Fri, 10 Jan 2014 04:24:18 +0000 (04:24 +0000)]
provide a small (very very) practical example for using signify
ok tedu
deraadt [Fri, 10 Jan 2014 04:23:37 +0000 (04:23 +0000)]
change the listing of the options, because there is way too much
befuddlement.
sorry jmc
ok tedu
tedu [Fri, 10 Jan 2014 04:15:38 +0000 (04:15 +0000)]
at least for now, we're going to need some -Inspector magic
lteo [Fri, 10 Jan 2014 04:02:15 +0000 (04:02 +0000)]
Check the return values of the strdup() calls.
OK deraadt@
deraadt [Fri, 10 Jan 2014 03:53:44 +0000 (03:53 +0000)]
be forceful with removing the SHA256 file