schwarze [Wed, 23 Jul 2014 15:00:00 +0000 (15:00 +0000)]
Security fix:
After decoding numeric (\N) and one-character (\<, \> etc.)
character escape sequences, do not forget to HTML-encode the
resulting ASCII character. Malicious manuals were able to smuggle
XSS content by roff-escaping the HTML-special characters they need.
That's a classic bug type in many web applications, actually... :-(
Found myself while auditing the HTML formatter for safe output handling.
espie [Wed, 23 Jul 2014 14:43:44 +0000 (14:43 +0000)]
document format changes, including the new @ts annotation that pkg_create
will generate after 5.6.
espie [Wed, 23 Jul 2014 14:35:17 +0000 (14:35 +0000)]
move misleading comment
reyk [Wed, 23 Jul 2014 13:26:39 +0000 (13:26 +0000)]
Correctly shutdown the servers when the process is terminating;
prevents a crash on exit. With debugging help from blambert@.
reyk [Wed, 23 Jul 2014 12:01:27 +0000 (12:01 +0000)]
always enable DPRINTF with compiled with DEBUG
reyk [Wed, 23 Jul 2014 11:49:06 +0000 (11:49 +0000)]
httpd.conf can be installed 0644 instead of 0600 like relayd.conf.
ok ajacoutot@ benno@
ajacoutot [Wed, 23 Jul 2014 11:44:35 +0000 (11:44 +0000)]
Add httpd.conf.
espie [Wed, 23 Jul 2014 10:19:51 +0000 (10:19 +0000)]
rephrase multi-packaged LIB_DEPENDS description to match fixed semantics.
jasper [Wed, 23 Jul 2014 10:06:18 +0000 (10:06 +0000)]
correctly drain and destroy the bufq upon detach
ok dlg@
guenther [Wed, 23 Jul 2014 08:07:35 +0000 (08:07 +0000)]
Subtraction usually decrements the value
ok dlg@
ajacoutot [Wed, 23 Jul 2014 08:01:15 +0000 (08:01 +0000)]
Trailing whitespace.
jmc [Wed, 23 Jul 2014 06:22:28 +0000 (06:22 +0000)]
tweak previous;
deraadt [Wed, 23 Jul 2014 05:57:36 +0000 (05:57 +0000)]
document that sendsyslog saves the day
miod [Wed, 23 Jul 2014 04:44:56 +0000 (04:44 +0000)]
Check the return value of the UI functions (including UI_new() which return
value is happily dereferenced without checking it for being non-NULL).
ok beck@
dlg [Wed, 23 Jul 2014 02:30:12 +0000 (02:30 +0000)]
document mallocarray like malloc throughout the page. better describe
what M_CANFAIL means for each.
motivation and initial diff from doug hogan
deraadt [Wed, 23 Jul 2014 00:18:22 +0000 (00:18 +0000)]
sync
dtucker [Tue, 22 Jul 2014 23:57:40 +0000 (23:57 +0000)]
Add $OpenBSD tag to make syncs easier
dtucker [Tue, 22 Jul 2014 23:35:38 +0000 (23:35 +0000)]
Regenerate test keys with certs signed with
ed25519 instead of ecdsa.
These can be used in -portable on platforms that don't support ECDSA.
dtucker [Tue, 22 Jul 2014 23:23:22 +0000 (23:23 +0000)]
Sign test certs with
ed25519 instead of ecdsa so that they'll work in
-portable on platforms that don't have ECDSA in their OpenSSL. ok djm
schwarze [Tue, 22 Jul 2014 22:41:29 +0000 (22:41 +0000)]
Security fix:
The function print_encode() is used both for plain text
and for quoted attribute values.
Escape the '"' character such that malicious manuals cannot pull off
XSS attacks using malformed .Lk, .Mt, .%U, and .UR macros (and maybe
others) to trigger the latter case.
In the former case, escaping does no harm.
Issue found by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
tedu [Tue, 22 Jul 2014 22:09:36 +0000 (22:09 +0000)]
adjust -C algorithm to be more aggressive in scaling up.
works better for me, and others as well.
sthen [Tue, 22 Jul 2014 22:05:46 +0000 (22:05 +0000)]
add 5.7 firmware key
aoyama [Tue, 22 Jul 2014 22:01:10 +0000 (22:01 +0000)]
Add a link to pcexio(4) man page. Now 'man 4 pcexio' works fine on
luna88k.
ok miod@
deraadt [Tue, 22 Jul 2014 21:41:09 +0000 (21:41 +0000)]
The last poison change is awesome, it is triggering use after free bugs.
Some of them aren't too difficult to find and fix, but others are turning
out to be deeply hidden. The timing is poor -- disable this for now.
We need to revisit this right after tree unlock.
ajacoutot [Tue, 22 Jul 2014 21:01:58 +0000 (21:01 +0000)]
Revert revisions 1.88-1.94 but keep recent relevant changes.
The `+' sign was added by mistake thinking it was doing something else.
ok schwarze@
jmc [Tue, 22 Jul 2014 19:03:21 +0000 (19:03 +0000)]
some minor fixes;
ajacoutot [Tue, 22 Jul 2014 18:31:16 +0000 (18:31 +0000)]
Typo.
no ok needed miod@ guenther@
jca [Tue, 22 Jul 2014 18:28:40 +0000 (18:28 +0000)]
FSTAB -> _PATH_FSTAB, the latter is deprecated.
From natano@bitrig, ok deraadt@
schwarze [Tue, 22 Jul 2014 18:14:05 +0000 (18:14 +0000)]
Security fix to prevent XSS attacks:
Restrict the character set of strings passed into html_alloc(),
in particular architecture names that come from the QUERY_STRING,
but also SCRIPT_NAME and manpath.conf content for additional safety,
and bail out safely on violations.
Issue reported by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
miod [Tue, 22 Jul 2014 18:10:48 +0000 (18:10 +0000)]
Now that DES_random_key() can be trusted, use it to generate DES keys in the
EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and
not even checking it against the weak keys list.
ok beck@
miod [Tue, 22 Jul 2014 18:09:20 +0000 (18:09 +0000)]
In DES_random_key(), force the generated key to the odd parity before checking
it is not one of the weak and semi-weak keys.
Even though the probability of generating a weak key with incorrect parity is
abysmally small, there is no reason to be correct (although, if you're in a
need for fresh DES keys nowadays, you should seriously consider switching to
a stronger symmetric cipher algorithm).
ok beck@
deraadt [Tue, 22 Jul 2014 18:03:03 +0000 (18:03 +0000)]
use NULL instead of (foo *)0; Kent R. Spillner
deraadt [Tue, 22 Jul 2014 17:57:35 +0000 (17:57 +0000)]
sync
reyk [Tue, 22 Jul 2014 17:54:43 +0000 (17:54 +0000)]
There is no httpctl yet.
Found by jturner
deraadt [Tue, 22 Jul 2014 17:49:58 +0000 (17:49 +0000)]
floating ,
reyk [Tue, 22 Jul 2014 17:37:15 +0000 (17:37 +0000)]
Enable httpd(8) in the builds to get more testing, feedback and
improvements. It is not "finished" but serves static files.
ok deraadt@
jasper [Tue, 22 Jul 2014 17:26:03 +0000 (17:26 +0000)]
- remove unneeded header
- move a declaration before code
- sync with wd.c -r1.101 from may 2011 and pass dk_openmask to setdisklabel
deraadt [Tue, 22 Jul 2014 17:05:45 +0000 (17:05 +0000)]
Repair two deep targets mistakenly called as afterinstall, rather
than distribution. These would modify files in /etc, part of the base
set, but still... that makes it harder to discern their sets placement.
deraadt [Tue, 22 Jul 2014 17:01:33 +0000 (17:01 +0000)]
use a better style of sh code around aperture
reyk [Tue, 22 Jul 2014 16:58:21 +0000 (16:58 +0000)]
Add initial httpd.conf(5) example for httpd(8)
Requested by deraadt@
deraadt [Tue, 22 Jul 2014 16:51:00 +0000 (16:51 +0000)]
remove unneccessary casts; Kent R. Spillner
jasper [Tue, 22 Jul 2014 14:52:35 +0000 (14:52 +0000)]
better warning for 8bit cards
jasper [Tue, 22 Jul 2014 14:49:49 +0000 (14:49 +0000)]
- use DL_SECTOBLK() instead of handrolling the same functionality
- octcfsize() returns daddr_t, so calculate the return value in a daddr_t
jasper [Tue, 22 Jul 2014 14:45:34 +0000 (14:45 +0000)]
Switch to MI functions disk_{gone,openpart,closepart} instead of handrolling
the same functionality.
aoyama [Tue, 22 Jul 2014 13:39:16 +0000 (13:39 +0000)]
Use MI rasops_cmap, instead of MD-defined ANSI colormap.
Note about workaround for 8bpp frame buffer:
Current LUNA wscons touches only first 4 planes (plane #0-#3), but
other program (e.g. mlterm-fb) can use all 8 planes on an 8bpp frame
buffer. When such program exits, it may not clear all planes, so
there may be some visible garbage data on the other 4 planes (plane
#4-#7) when we use default 256 rasops_cmap directly.
We should manage all 8 planes on LUNA, but that will be too much
overhead for 16 colors wscons. So, by repeating 16 colors in 256
colormap, we can ignore the values on the other 4 planes.
ok miod@
mpi [Tue, 22 Jul 2014 13:12:11 +0000 (13:12 +0000)]
Fewer <netinet/in_systm.h>
mpi [Tue, 22 Jul 2014 11:06:09 +0000 (11:06 +0000)]
Fewer <netinet/in_systm.h> !
mpi [Tue, 22 Jul 2014 10:35:34 +0000 (10:35 +0000)]
<netinet/in_systm.h> is no longer needed.
ajacoutot [Tue, 22 Jul 2014 10:03:56 +0000 (10:03 +0000)]
tab->space; consistent with the other sysctl values.
ajacoutot [Tue, 22 Jul 2014 08:48:07 +0000 (08:48 +0000)]
Drop quotes and mention that 3 and not 2 variables can be overridden.
ok robert@
ajacoutot [Tue, 22 Jul 2014 07:38:52 +0000 (07:38 +0000)]
Tweak after recebt rc.securelevel change.
jsg [Tue, 22 Jul 2014 07:30:24 +0000 (07:30 +0000)]
use ansi style function declarations
with suggestions from and ok guenther@
guenther [Tue, 22 Jul 2014 07:13:42 +0000 (07:13 +0000)]
Convert from <sys/endian.h> to the shiney new <endian.h>
ok dtucker@, who also confirmed that -portable handles this already
guenther [Tue, 22 Jul 2014 06:55:22 +0000 (06:55 +0000)]
Handle failure of NETSCAPE_SPKI_b64_encode() and don't leak memory
when BIO_new_{file,fp}() fails.
inspired by a diff from logan@ ok miod@
guenther [Tue, 22 Jul 2014 06:47:13 +0000 (06:47 +0000)]
Use Cm instead of Li for 'MASK:'
(Overlooked among jmc@'s other suggestions)
ajacoutot [Tue, 22 Jul 2014 06:45:31 +0000 (06:45 +0000)]
Drop the "... during install" comments; they were missing in several
places and it makes things simpler: no need to check for file existence.
discussed with and ok deraadt@ rpe@
guenther [Tue, 22 Jul 2014 06:28:10 +0000 (06:28 +0000)]
Rewrite the description of the string_mask config file option to match
reality, and reformatting to be readable.
formatting and wording suggestions miod@ jmc@
deraadt [Tue, 22 Jul 2014 04:53:59 +0000 (04:53 +0000)]
oops, duplicate
deraadt [Tue, 22 Jul 2014 04:44:09 +0000 (04:44 +0000)]
need dev/pci/vga_pcivar.h
jsg [Tue, 22 Jul 2014 04:42:51 +0000 (04:42 +0000)]
The aperture needed test should be in vgafb as well as vga@pci.
Problem noticed/fix tested by sebastia@ on macppc.
sparc64 problems in earlier diff pointed out by deraadt@
'looks good' kettenis@ 'commit' deraadt@
guenther [Tue, 22 Jul 2014 02:58:32 +0000 (02:58 +0000)]
Correct the initializer for tunnconf_default_pptp
ok yasuoka@
beck [Tue, 22 Jul 2014 02:21:20 +0000 (02:21 +0000)]
Kill a bunch more BUF_strdup's - these are converted to have a check for
NULL before an intrinsic strdup.
ok miod@
yasuoka [Tue, 22 Jul 2014 02:02:59 +0000 (02:02 +0000)]
Handle msgbuf_write() returning EAGAIN.
from krw
djm [Tue, 22 Jul 2014 01:32:12 +0000 (01:32 +0000)]
change the test for still-open Unix domain sockets to be robust against
nc implementations that produce error messages. from -portable
dtucker [Tue, 22 Jul 2014 01:18:50 +0000 (01:18 +0000)]
Prevent spam from key_load_private_pem during hostbased auth. ok djm@
bcook [Tue, 22 Jul 2014 01:15:58 +0000 (01:15 +0000)]
better match proposed syscall api
uebayasi [Tue, 22 Jul 2014 01:04:04 +0000 (01:04 +0000)]
boot(9): Reduce diffs between hppa & hppa64 (& others)
deraadt [Tue, 22 Jul 2014 01:01:37 +0000 (01:01 +0000)]
sync
deraadt [Tue, 22 Jul 2014 00:41:19 +0000 (00:41 +0000)]
Pull in all the parts. Let's face the facts -- .PATH from other
parts of the tree is PAINFUL for basically everyone upstream, not
just for us in our own tree.
deraadt [Mon, 21 Jul 2014 23:34:54 +0000 (23:34 +0000)]
protect sysctl path with SYS__sysctl instead; from enh@google, ok bcook
matthew [Mon, 21 Jul 2014 23:05:12 +0000 (23:05 +0000)]
Add pthread_sigmask() and raise() to the list of async signal safe
functions, per POSIX Issue 7
ok deraadt
schwarze [Mon, 21 Jul 2014 22:32:55 +0000 (22:32 +0000)]
fix a minibug reported by kristaps@:
preserve manpath and arch in .Xr links
jasper [Mon, 21 Jul 2014 21:07:34 +0000 (21:07 +0000)]
- whitespace cleanups (trailing whitespace, indentation)
- minor code shuffling and rename a variable to reduce diff with wd.c
no binary change
nicm [Mon, 21 Jul 2014 20:45:35 +0000 (20:45 +0000)]
Revert the up/down wheel emulation for now, there will be a better way
to do this along later for those who want it.
naddy [Mon, 21 Jul 2014 20:43:00 +0000 (20:43 +0000)]
Bring back net.inet6.icmp6.rediraccept for rtsol. Pointed out by
bluhm@ three days ago, oops.
naddy [Mon, 21 Jul 2014 20:39:59 +0000 (20:39 +0000)]
net.inet6.ip6.accept_rtadv is gone
naddy [Mon, 21 Jul 2014 20:34:14 +0000 (20:34 +0000)]
Since net.inet6.ip6.accept_rtadv is gone, the installer shouldn't
set it. Provisionally drop net.inet6.icmp6.rediraccept, too.
guenther [Mon, 21 Jul 2014 20:19:47 +0000 (20:19 +0000)]
Use explicit_bzero() instead of memset() on buffers going out of scope.
Also, zero the SHA256 context.
suggested by "eric" in a comment on an opensslrampage.org post
ok miod@ deraadt@
deraadt [Mon, 21 Jul 2014 19:55:33 +0000 (19:55 +0000)]
don't try to be clever and name the _PATH_CP exec "mv", since this
breaks the instbin argv[0] mechanism
found by landry, ok guenther
schwarze [Mon, 21 Jul 2014 19:51:32 +0000 (19:51 +0000)]
use getlist() instead of hand-rolled equivalent, no functional change;
diff from Kent R. Spillner <kspillner at acm org>;
no objections came up when showing this diff on tech@
deraadt [Mon, 21 Jul 2014 19:15:56 +0000 (19:15 +0000)]
cast from void * before math; enh@google
deraadt [Mon, 21 Jul 2014 18:13:12 +0000 (18:13 +0000)]
missing newline
matthew [Mon, 21 Jul 2014 17:40:06 +0000 (17:40 +0000)]
Fix typo: s/lstate/lstat/
uebayasi [Mon, 21 Jul 2014 17:25:47 +0000 (17:25 +0000)]
boot(9): Reduce annoying style diffs
- Always use either: ((x & RB_XXX) != 0) or ((x & RB_XXX) == 0) in boolean
context (mostly if (x), or x ? y : z)
- prom_halt() in alpha is confirmed to take int as boolean
Converted by coccinelle. No functional change intended.
schwarze [Mon, 21 Jul 2014 15:44:22 +0000 (15:44 +0000)]
Kristaps points out that the current HTTP/1.1 draft standard (RFC
2616) requires the Location: response-header field to be an absolute
URI (14.30), and only the most recent proposed standard (RFC 7231),
which is barely a month old, allows a relative Location: (7.1.2).
While most modern browsers appear to support relative Location:
headers, some may not, and it's maybe a bit early to rely on relative
Location: headers.
I'm not going back to the HTTP_HOST or SERVER_NAME CGI variables,
though. While some CGI programs certainly require those, in which
case both the CGI programmer and the web server admin have to be
very careful to keep the system secure and reliable, man.cgi(8)
does not really need them. We always know at compile time which
domain we are running for, and for man.cgi(8), security and reliability
are definitely much more important than flexibility. So make HTTP_HOST
a compile-time definition for now.
naddy [Mon, 21 Jul 2014 12:33:58 +0000 (12:33 +0000)]
5.7 packages key
nicm [Mon, 21 Jul 2014 10:52:48 +0000 (10:52 +0000)]
lockf is entirely useless and it was a mistake to change to it, go back
to using flock which actually works sensibly. Also always retry the lock
to fix a potential race, and add some extra logging.
nicm [Mon, 21 Jul 2014 10:25:48 +0000 (10:25 +0000)]
Drop explicit support for F13-F20 and change to match the xterm terminfo
entry:
F13-F24 are S-F1 to S-F12
F25-F36 are C-F1 to C-F12
F37-F48 are C-S-F1 to C-S-F12
F49-F60 are M-F1 to M-F12
and F61-F63 are M-S-F1 to M-S-F3
This should be no difference for applications inside tmux, but means
that any key binding for F13 will need to be replaced by S-F1 and so on.
mlarkin [Mon, 21 Jul 2014 01:57:55 +0000 (01:57 +0000)]
fix some wrong comments and a bit of KNF
guenther [Mon, 21 Jul 2014 01:53:12 +0000 (01:53 +0000)]
printf(9) and friends don't support the <number>$ flags, so gcc's
kprintf attribute shouldn't accept them.
ok martynas@
guenther [Mon, 21 Jul 2014 01:51:10 +0000 (01:51 +0000)]
Switch from <sys/endian.h> or <machine/endian.h> to the new,
being-standardized <endian.h>
ok deraadt@ millert@ beck@
deraadt [Mon, 21 Jul 2014 00:11:24 +0000 (00:11 +0000)]
sync
deraadt [Mon, 21 Jul 2014 00:10:21 +0000 (00:10 +0000)]
5.7 base key
guenther [Sun, 20 Jul 2014 21:41:54 +0000 (21:41 +0000)]
Provide correct guidance on which header to use in the comments
bcook [Sun, 20 Jul 2014 20:51:13 +0000 (20:51 +0000)]
Move more OS-specific functionality to arc4random.h headers.
Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers.
On OpenBSD, move thread_private.h as well to arc4random.h.
On Windows, use TerminateProcess on getentropy failure.
ok deraadt@
tobias [Sun, 20 Jul 2014 20:27:19 +0000 (20:27 +0000)]
Fixed typo in error message.
okay deraadt@
deraadt [Sun, 20 Jul 2014 20:12:41 +0000 (20:12 +0000)]
ask about lid
deraadt [Sun, 20 Jul 2014 20:08:44 +0000 (20:08 +0000)]
if we think this is a laptop (wsdisplay.....) ask a lidsuspend
question. Let's see who whines.
deraadt [Sun, 20 Jul 2014 19:47:53 +0000 (19:47 +0000)]
look up correct dev_t. This matters for the case where a device is
underlying softraid.
ok mlarkin
tobias [Sun, 20 Jul 2014 19:33:54 +0000 (19:33 +0000)]
Merge cmd.c from zboot into boot, dropping "clear" command while at it.
With input from deraadt@
okay jasper@, uebayashi@