espie [Mon, 14 Jul 2014 08:15:20 +0000 (08:15 +0000)]
explicit copyright, as authorized by Thomas. Thanks!
deraadt [Mon, 14 Jul 2014 08:14:08 +0000 (08:14 +0000)]
sync
beck [Mon, 14 Jul 2014 08:11:34 +0000 (08:11 +0000)]
revert free checks in here. this seems to be a bit too agressive at the
moment and now is not the time. hitting these in here causes chaos.
We need to do these, but at a better time than right after a hackathon
and before release.
ok guenther@
pelikan [Mon, 14 Jul 2014 07:22:06 +0000 (07:22 +0000)]
international currency locale rules as per POSIX.1-2008
required for libc++
ok guenther afresh1
jmc [Mon, 14 Jul 2014 06:44:11 +0000 (06:44 +0000)]
use Nx;
jmc [Mon, 14 Jul 2014 06:39:23 +0000 (06:39 +0000)]
remove the never installed getmntopts.3 page, as well as the
corresponding comment in Makefile;
ok claudio deraadt
guenther [Mon, 14 Jul 2014 06:00:22 +0000 (06:00 +0000)]
Constipate st_hash()
guenther [Mon, 14 Jul 2014 05:59:26 +0000 (05:59 +0000)]
Oops: resurrect cached file that wasn't ripe for deletion
guenther [Mon, 14 Jul 2014 05:58:19 +0000 (05:58 +0000)]
Delete pointless 'return;' at end of function
guenther [Mon, 14 Jul 2014 05:54:19 +0000 (05:54 +0000)]
Fix an off-by-one error that's already been accepted upstream
deraadt [Mon, 14 Jul 2014 05:54:12 +0000 (05:54 +0000)]
Repair handling of ^C and ^D around command prompts, by inserting
correct newlines. Of course, that means removing stdio use from
signal handlers. Can we find someone to rewrite the entire interactive
half of this program?
ok guenther
guenther [Mon, 14 Jul 2014 05:53:29 +0000 (05:53 +0000)]
Instead of using a variable format string to change the field width,
use %*s and just put the width in a variable
guenther [Mon, 14 Jul 2014 05:49:14 +0000 (05:49 +0000)]
Add sendsyslog too, and sort
guenther [Mon, 14 Jul 2014 05:48:18 +0000 (05:48 +0000)]
Update for arc4random and syslog changes
guenther [Mon, 14 Jul 2014 05:44:59 +0000 (05:44 +0000)]
Update systrace policies for arc4random changes
guenther [Mon, 14 Jul 2014 05:41:00 +0000 (05:41 +0000)]
Eliminate a warning from -Wformat=2 by using an additional 'prefix'
variable instead of using a variable format string for printf
deraadt [Mon, 14 Jul 2014 05:03:04 +0000 (05:03 +0000)]
sync
deraadt [Mon, 14 Jul 2014 05:00:56 +0000 (05:00 +0000)]
Move rc.{local,shutdown,securelevel} to examples, as discusssed with
ajacoutot and robert
deraadt [Mon, 14 Jul 2014 04:02:33 +0000 (04:02 +0000)]
Create a socketpair() and tie one end to /dev/klog using ioctl LIOCSFD.
This allows us to receive messages direct from programs using the
fd-safe sendsyslog(2), aka. syslog_r(3). Thanks to guenther for this part
of the solution.
ok beck tedu miod guenther
deraadt [Mon, 14 Jul 2014 03:54:50 +0000 (03:54 +0000)]
Now that we have sendsyslog(2), we can directly use it in the
(previously completely retarded) stack_smash_handler of ld.so
ok beck miod tedu
deraadt [Mon, 14 Jul 2014 03:53:36 +0000 (03:53 +0000)]
crank major for syslog_r(3) using sendsyslog(2). new kernel needed, too.
deraadt [Mon, 14 Jul 2014 03:52:04 +0000 (03:52 +0000)]
Convert syslog_r(3) to using sendsyslog(2). This ensures that syslog_r(3)
can be used anywhere (signal handler, stack protector fault handler) as
long as the format string does not contain floating point.
ok tedu miod beck
deraadt [Mon, 14 Jul 2014 03:45:55 +0000 (03:45 +0000)]
check for existance of rc.shutdown, before sourcing it
dlg [Mon, 14 Jul 2014 03:45:43 +0000 (03:45 +0000)]
now that receive ring accounting has been pulled out of the mbuf layer,
we can pull the space the mbuf layer used to do per interface accounting
out of struct if_data.
saves a hundredish bytes on every interface.
ok deraadt@ claudio@
deraadt [Mon, 14 Jul 2014 01:36:00 +0000 (01:36 +0000)]
sync
jsing [Mon, 14 Jul 2014 01:05:36 +0000 (01:05 +0000)]
Hook in libressl to regress.
deraadt [Mon, 14 Jul 2014 01:01:27 +0000 (01:01 +0000)]
enter libressl for make includes
jsing [Mon, 14 Jul 2014 00:50:04 +0000 (00:50 +0000)]
Sort SUBDIRs.
jsing [Mon, 14 Jul 2014 00:49:03 +0000 (00:49 +0000)]
Hook libressl into the build.
Requested by deraadt@
deraadt [Mon, 14 Jul 2014 00:35:10 +0000 (00:35 +0000)]
whitespace
reyk [Mon, 14 Jul 2014 00:19:48 +0000 (00:19 +0000)]
first step towards keep-alive/persistent connections support
bluhm [Mon, 14 Jul 2014 00:14:43 +0000 (00:14 +0000)]
Now that the relayd timeouts have been fixed, make the http timeout
test more strict again. Backout rev 1.2 of args-timeout-http.pl.
bluhm [Mon, 14 Jul 2014 00:11:12 +0000 (00:11 +0000)]
When a connection was spliced in one direction and in copy mode in
the other direction, the timeouts did not work. They were longer
than specified. Link the splicing and non-splicing timeouts.
Found by make run-regress-args-timeout-http.pl
OK reyk@
deraadt [Mon, 14 Jul 2014 00:01:39 +0000 (00:01 +0000)]
Improve RAND_write_file(), chmod crud, etc.
ok tedu
jsing [Mon, 14 Jul 2014 00:00:44 +0000 (00:00 +0000)]
Update regress test to work with ressl API changes.
tedu [Sun, 13 Jul 2014 23:59:58 +0000 (23:59 +0000)]
use mallocarray for multiplied value checking
benno [Sun, 13 Jul 2014 23:59:57 +0000 (23:59 +0000)]
fix regress tests after log changes. noticed by bluhm@.
everybody stand back. i know regular expressions.
jsing [Sun, 13 Jul 2014 23:54:52 +0000 (23:54 +0000)]
Add configuration handling for certificate and key files.
uebayasi [Sun, 13 Jul 2014 23:49:40 +0000 (23:49 +0000)]
KASSERTMSG(9): New kernel assertion with message
KASSERT() is annoying as it only prints the expression as a string. If you
(developers) want to know a little more information, you have to do:
#ifdef DIAGNOSTIC
if (bad)
panic(...);
#endif
KASSERTMSG() replaces it into a single line:
KASSERTMSG(!bad, ...);
Taken from NetBSD.
(There is a concern that KASSERT() messages are too long; consume more memory,
and not friendly for small monitors. This have to be considered & revisited
later.)
"Like" from henning@
Man page review & advices from jmc@ and schwarze@
jsing [Sun, 13 Jul 2014 23:36:24 +0000 (23:36 +0000)]
Add stubs for the proposed server API.
sasano [Sun, 13 Jul 2014 23:36:09 +0000 (23:36 +0000)]
add RDC R1012 support
jsing [Sun, 13 Jul 2014 23:34:39 +0000 (23:34 +0000)]
Stop leaking internal library pointers in error messages.
Requested by miod@
tedu [Sun, 13 Jul 2014 23:33:26 +0000 (23:33 +0000)]
pass correct sizes to free()
schwarze [Sun, 13 Jul 2014 23:25:09 +0000 (23:25 +0000)]
add missing whitespace between .Fa macro argument and trailing punctuation
deraadt [Sun, 13 Jul 2014 23:24:47 +0000 (23:24 +0000)]
use mallocarray()
sasano [Sun, 13 Jul 2014 23:19:51 +0000 (23:19 +0000)]
pciide.c, pciide_rdc_reg.h(new): ported rdcide(4) from NetBSD.
it supports RDC's R1012 IDE controller.
tested on 86duino EduCake (DM&P Vortex86EX SoC)
ok by deraadt@
jsing [Sun, 13 Jul 2014 23:19:02 +0000 (23:19 +0000)]
Tabs, not spaces.
tedu [Sun, 13 Jul 2014 23:18:01 +0000 (23:18 +0000)]
use mallocarray
jsing [Sun, 13 Jul 2014 23:17:29 +0000 (23:17 +0000)]
Rename the context allocation from ressl_new to ressl_client, which makes
it completely obvious what the context is for. Ensure client functions are
used on client contexts.
schwarze [Sun, 13 Jul 2014 23:12:02 +0000 (23:12 +0000)]
one .Fn argument per function argument
deraadt [Sun, 13 Jul 2014 23:10:23 +0000 (23:10 +0000)]
Some reallocarray() use; review Jean-Philippe Ouellet, patrick keshishian
ok tedu
jsing [Sun, 13 Jul 2014 23:06:18 +0000 (23:06 +0000)]
Split the context allocation out from the configuration. This will allow
us to properly report errors that occur during configuration processing.
Discussed with tedu@
schwarze [Sun, 13 Jul 2014 23:03:03 +0000 (23:03 +0000)]
Do not fold multiple function arguments into the same .Fn argument:
That may cause indexing and formatting issues.
Buggy mdoc(7) code mentioned by uebayasi@ to jmc@.
uebayasi [Sun, 13 Jul 2014 22:53:38 +0000 (22:53 +0000)]
boot(9): Cosmetic changes to improve diff'ability.
jsing [Sun, 13 Jul 2014 22:42:01 +0000 (22:42 +0000)]
Move the client code into a separate file.
jsing [Sun, 13 Jul 2014 22:31:42 +0000 (22:31 +0000)]
Rename various configuration handling functions.
Requested by and discussed with tedu@.
miod [Sun, 13 Jul 2014 22:28:03 +0000 (22:28 +0000)]
Comment out option GPT until the matching userland bits are in place.
jsing [Sun, 13 Jul 2014 22:13:52 +0000 (22:13 +0000)]
Use a single ressl.h header file.
Discussed with beck@ and tedu@.
uebayasi [Sun, 13 Jul 2014 22:13:06 +0000 (22:13 +0000)]
Cosmetic changes to reduce diffs.
claudio [Sun, 13 Jul 2014 21:59:50 +0000 (21:59 +0000)]
Update procflags list, add PS_SYSTEM, PS_EMBRYO, PS_ZOMBIE and
PS_NOBROADCASTKILL. The resulting table is shifted so far right
that a few additional lines had to be wrapped. Not ideal but the
best we can do at the moment.
kettenis [Sun, 13 Jul 2014 21:51:12 +0000 (21:51 +0000)]
The correct place to call _bus_dmamap_sync() is after we copy data *to* the
bounce buffer and before we copy data *from* the bounce buffer. Currently
_bus_dmamap_sync() is a no-op, but keeping it #ifdef'ed out in the wrong
place makes no sense.
ok deraadt@, miod@
deraadt [Sun, 13 Jul 2014 21:49:02 +0000 (21:49 +0000)]
sync
claudio [Sun, 13 Jul 2014 21:46:25 +0000 (21:46 +0000)]
Use lerrx instead of errx since the logging subsystem is already initialized.
OK florian@
matthew [Sun, 13 Jul 2014 21:44:58 +0000 (21:44 +0000)]
Fix sched_stop_secondary_cpus() to properly drain CPUs
TAILQ_FOREACH() isn't safe to use in sched_chooseproc() to iterate
over the run queues because within the loop body we remove the threads
from their run queues and reinsert them elsewhere. As a result, we
end up only draining the first thread of each run queue rather than
all of them.
ok kettenis
deraadt [Sun, 13 Jul 2014 21:39:00 +0000 (21:39 +0000)]
yes indeed, it returns void *. from Jean-Philippe Ouellet, i also had
this lurking in a tree
jsing [Sun, 13 Jul 2014 21:38:23 +0000 (21:38 +0000)]
Explicitly initialise slen - this was not previously done due to a missing
M_ASN1_D2I_begin macro.
jsing [Sun, 13 Jul 2014 21:35:27 +0000 (21:35 +0000)]
Convert error handling to SSLerr and ERR_asprintf_error_data.
yasuoka [Sun, 13 Jul 2014 21:34:35 +0000 (21:34 +0000)]
Some functions need to dup() before sending a socket by imsg and don't
need to close() after sending socket since imsg_compose() closes the
passing socket.
rpe [Sun, 13 Jul 2014 21:24:43 +0000 (21:24 +0000)]
Only set machdep.allowaperture if 'vga1: aperture needed' is found
in dmesg output. Use that information to decide whether or not to
ask the user if he intends to use X.
initial diff from and OK halex@
OK deraadt@
tedu [Sun, 13 Jul 2014 21:21:25 +0000 (21:21 +0000)]
include stdint.h for standard ints. from Jean-Philippe Ouellet
jasper [Sun, 13 Jul 2014 21:18:44 +0000 (21:18 +0000)]
fix even more trailing tabs
miod [Sun, 13 Jul 2014 21:18:26 +0000 (21:18 +0000)]
#$%#@$# CONSPEED
kettenis [Sun, 13 Jul 2014 21:13:51 +0000 (21:13 +0000)]
Display zero page hit and miss counters in vmstat -s.
ok deraadt@
jasper [Sun, 13 Jul 2014 21:13:30 +0000 (21:13 +0000)]
more hanging tabs
deraadt [Sun, 13 Jul 2014 21:11:40 +0000 (21:11 +0000)]
ugly hanging tabs; ok jasper
nicm [Sun, 13 Jul 2014 20:57:46 +0000 (20:57 +0000)]
Show an error if cmd_find_session can't find the current session, like
the other functions.
miod [Sun, 13 Jul 2014 20:53:35 +0000 (20:53 +0000)]
No libsa putchar wanted here actually
krw [Sun, 13 Jul 2014 20:51:08 +0000 (20:51 +0000)]
An EOF is a good reason to close a connection.
ok nicm@
deraadt [Sun, 13 Jul 2014 20:49:42 +0000 (20:49 +0000)]
obvious conversion to mallocarray()
jmc [Sun, 13 Jul 2014 20:42:33 +0000 (20:42 +0000)]
tweak previous;
jmc [Sun, 13 Jul 2014 20:40:34 +0000 (20:40 +0000)]
missing bracket in previous;
miod [Sun, 13 Jul 2014 20:29:05 +0000 (20:29 +0000)]
Still needs <sys/reboot.h>
nicm [Sun, 13 Jul 2014 20:23:10 +0000 (20:23 +0000)]
If a client is killed while suspended with ^Z so has gone through the
MSG_EXITED dance, don't try to resume it since a) it's pointless and b)
the tty structures have been cleaned up and tmux will crash.
tedu [Sun, 13 Jul 2014 20:09:38 +0000 (20:09 +0000)]
remove all crypt choices other than bcrypt. ok afresh1 deraadt
tedu [Sun, 13 Jul 2014 19:40:57 +0000 (19:40 +0000)]
calling this "encryption" makes me cringe. "slightly obfuscated" is better.
tedu [Sun, 13 Jul 2014 18:59:40 +0000 (18:59 +0000)]
compare snprintf return value with -1. this isn't really necessary because
int promotion rules guarantee the correct result when compared with sizeof,
but it is perhaps easier for some people to understand it this way.
from Doug Hogan.
deraadt [Sun, 13 Jul 2014 18:22:12 +0000 (18:22 +0000)]
sync
jasper [Sun, 13 Jul 2014 18:08:16 +0000 (18:08 +0000)]
sync with kernel, root= -> rootdev=
jasper [Sun, 13 Jul 2014 18:07:38 +0000 (18:07 +0000)]
consistency with upcoming bootloader device parsing of the uboot arguments,
root= becomes rootdev=
jsing [Sun, 13 Jul 2014 17:56:56 +0000 (17:56 +0000)]
Convert d2i_SSL_SESSION to ASN1 primitives, instead of the horrific
asn1_mac.h macros. This still needs a lot of improvement, but immediately
becomes readable.
ok miod@ (sight unseen!)
claudio [Sun, 13 Jul 2014 17:53:41 +0000 (17:53 +0000)]
Use errx() after getpwnam() failure since errno may not be set.
All other privsep / privdrop daemons do this the same way.
OK florian@ some time ago
claudio [Sun, 13 Jul 2014 17:47:03 +0000 (17:47 +0000)]
Document KERN_PROC_NOBROADKILL
bluhm [Sun, 13 Jul 2014 17:41:04 +0000 (17:41 +0000)]
When reassembled IPv6 fragments are NATed or RDRed by pf, the
checksum has to be recalculated before the packet is fragmented
again. Put a missing in6_proto_cksum_out() into pf_refragment6().
This makes run-regress-frag6 and run-regress-frag6-ext pass again.
From Matthias Pitzl; OK henning@
jmc [Sun, 13 Jul 2014 17:39:57 +0000 (17:39 +0000)]
tweak previous;
deraadt [Sun, 13 Jul 2014 17:39:56 +0000 (17:39 +0000)]
do not need malloc.h
deraadt [Sun, 13 Jul 2014 17:34:25 +0000 (17:34 +0000)]
use mallocarray where arguments are multiplied; ok tedu
jmc [Sun, 13 Jul 2014 17:28:13 +0000 (17:28 +0000)]
-N for SYNOPSIS and usage(), and some small changes to previous;
espie [Sun, 13 Jul 2014 17:24:06 +0000 (17:24 +0000)]
bye bye src url. Never amounted to much, we went another road a while ago
pirofti [Sun, 13 Jul 2014 17:19:17 +0000 (17:19 +0000)]
Keep track of port connections and port resets.
Also notify upstream when a port finished reseting and when the
connection status changes.
Gets things further along to the point where pipe device transfer
and control methods are required.
espie [Sun, 13 Jul 2014 17:17:21 +0000 (17:17 +0000)]
bundling base + packages was slow, as it needed to find lots of files.
different approach: mark the base system in one go, then hand pick the
files from the pkglocatedb.
quite a few unaccounted files yet, this will get better