openbsd
10 years agoinstall signify keys
deraadt [Thu, 9 Jan 2014 18:51:30 +0000 (18:51 +0000)]
install signify keys

10 years agoInstall our first key. NOTE that this is a TEST KEY for use as we improve
deraadt [Thu, 9 Jan 2014 18:51:14 +0000 (18:51 +0000)]
Install our first key.  NOTE that this is a TEST KEY for use as we improve
our processes.
ok tedu

10 years agoif we're re-signing, check old sig first. shouldn't sign stuff we don't
espie [Thu, 9 Jan 2014 17:51:56 +0000 (17:51 +0000)]
if we're re-signing, check old sig first. shouldn't sign stuff we don't
trust.

10 years agowith the intermediate gunzip gone, this is a simple pipe. No need for
espie [Thu, 9 Jan 2014 17:41:41 +0000 (17:41 +0000)]
with the intermediate gunzip gone, this is a simple pipe. No need for
separate handles to tweak.

10 years agooops, re-adapt for the install media
deraadt [Thu, 9 Jan 2014 17:13:36 +0000 (17:13 +0000)]
oops, re-adapt for the install media

10 years agotest signing too
tedu [Thu, 9 Jan 2014 16:22:04 +0000 (16:22 +0000)]
test signing too

10 years agosignify subdir
tedu [Thu, 9 Jan 2014 16:17:37 +0000 (16:17 +0000)]
signify subdir

10 years agoregress signify
tedu [Thu, 9 Jan 2014 16:13:44 +0000 (16:13 +0000)]
regress signify

10 years agoramdisks need a /etc/signify directory
deraadt [Thu, 9 Jan 2014 15:43:16 +0000 (15:43 +0000)]
ramdisks need a /etc/signify directory

10 years ago-e embedded signatures. ok deraadt
tedu [Thu, 9 Jan 2014 15:36:40 +0000 (15:36 +0000)]
-e embedded signatures. ok deraadt

10 years agowe need to build a ztscale stub for zaurus media.
deraadt [Thu, 9 Jan 2014 15:02:50 +0000 (15:02 +0000)]
we need to build a ztscale stub for zaurus media.

10 years agoSimilar to attach-session, make switch-client -t accept a window and
nicm [Thu, 9 Jan 2014 14:28:14 +0000 (14:28 +0000)]
Similar to attach-session, make switch-client -t accept a window and
pane. From Johannes Jakobsson.

10 years agoAllow attach-session -t to accept a window and pane to select them on
nicm [Thu, 9 Jan 2014 14:20:55 +0000 (14:20 +0000)]
Allow attach-session -t to accept a window and pane to select them on
attach. Based on a diff from J Raynor.

10 years agoThree small changes from Tiago Cunha:
nicm [Thu, 9 Jan 2014 14:05:55 +0000 (14:05 +0000)]
Three small changes from Tiago Cunha:

- Check for truncation when copying path.
- Don't need to use a temporary buffer in screen_set_title.
- Include strerror in output when connecting to server fails.

10 years agoStyle and comment fixes from Tiago Cunha.
nicm [Thu, 9 Jan 2014 13:58:06 +0000 (13:58 +0000)]
Style and comment fixes from Tiago Cunha.

10 years agoSimplify args_set, from Tiago Cunha.
nicm [Thu, 9 Jan 2014 13:51:57 +0000 (13:51 +0000)]
Simplify args_set, from Tiago Cunha.

10 years agoRemove unnecessary calls to va_start/va_end, from Tiago Cunha.
nicm [Thu, 9 Jan 2014 13:46:12 +0000 (13:46 +0000)]
Remove unnecessary calls to va_start/va_end, from Tiago Cunha.

10 years agoFix the burner method, here the cookie is a pointer to rasops_info.
mpi [Thu, 9 Jan 2014 13:42:57 +0000 (13:42 +0000)]
Fix the burner method, here the cookie is a pointer to rasops_info.

Problem noticed by Nick Gray and brett@ and analysed with mikeb@.

ok jsg@

10 years ago-C was useless with signify, report @signer identity instead (prepend
espie [Thu, 9 Jan 2014 13:40:05 +0000 (13:40 +0000)]
-C was useless with signify, report @signer identity instead (prepend
"reportedly" to make tedu happy :) )

10 years ago@signer makes sense only for signify, so move it there.
espie [Thu, 9 Jan 2014 13:30:46 +0000 (13:30 +0000)]
@signer makes sense only for signify, so move it there.

10 years agosimplify a bit: pass the first SIGNER for @signer.
espie [Thu, 9 Jan 2014 13:21:03 +0000 (13:21 +0000)]
simplify a bit: pass the first SIGNER for @signer.

10 years agodocument SIGNER
espie [Thu, 9 Jan 2014 10:51:51 +0000 (10:51 +0000)]
document SIGNER

10 years agoswitch to internal gzip/gunzip.
espie [Thu, 9 Jan 2014 10:43:13 +0000 (10:43 +0000)]
switch to internal gzip/gunzip.
reduces the number of external processes and the complexity of the code.

tested on a few select arches by tobiasu, naddy. If it breaks somewhere,
tough. This one is simple to revert.

10 years agotweak signing yet again. Have pkg_create automatically add signing
espie [Thu, 9 Jan 2014 10:36:52 +0000 (10:36 +0000)]
tweak signing yet again. Have pkg_create automatically add signing
identities every time, and make matching identities mandatory.
e.g., pkg_create and pkg_add must have matching -DSIGNER.
by default, signer is derived from uname -r and role (pkg_add/fw_update),
e.g., 54pkg, 54fw...

10 years agobzero/bcmp -> memset/memcmp. ok matthew
tedu [Thu, 9 Jan 2014 06:29:05 +0000 (06:29 +0000)]
bzero/bcmp -> memset/memcmp. ok matthew

10 years agotiny tweak to asm. prefer memcpy and memmove, with bcopy wrapper
tedu [Thu, 9 Jan 2014 05:39:41 +0000 (05:39 +0000)]
tiny tweak to asm. prefer memcpy and memmove, with bcopy wrapper
ok guenther

10 years agoSwitch to string copy rather than memcpy so we stop past '\0' and
martynas [Thu, 9 Jan 2014 05:07:37 +0000 (05:07 +0000)]
Switch to string copy rather than memcpy so we stop past '\0' and
don't copy over the garbage from the source buffer (like, leaking
the canary).  OK millert@.

10 years agoUse destination bound rather than the source bound for out_line and
martynas [Thu, 9 Jan 2014 05:04:03 +0000 (05:04 +0000)]
Use destination bound rather than the source bound for out_line and
out_name.  OK millert@.

10 years agoWhen formating the time for "ls -l"-style output, show dates in the future
guenther [Thu, 9 Jan 2014 03:26:00 +0000 (03:26 +0000)]
When formating the time for "ls -l"-style output, show dates in the future
with the year, and rearrange a comparison to avoid a potentional signed
arithmetic overflow that would give the wrong result.

ok djm@

10 years agoSymlinks are displayed with '->', not '=>'
guenther [Thu, 9 Jan 2014 03:13:24 +0000 (03:13 +0000)]
Symlinks are displayed with '->', not '=>'

10 years agoUpdate pax -v format to match "ls -l": display the year for dates
guenther [Thu, 9 Jan 2014 03:12:25 +0000 (03:12 +0000)]
Update pax -v format to match "ls -l": display the year for dates
in the future and include a space between the major and minor numbers
for devices.  Eliminate bogus handling of LC_TIME environment variable.
Make strftime() format selection understandable by gcc -Wformat=2.

ok millert@

10 years agoPer POSIX, times in the future should be reported with the year
guenther [Thu, 9 Jan 2014 03:07:52 +0000 (03:07 +0000)]
Per POSIX, times in the future should be reported with the year
like files more than six months old.  Use strftime() directly instead
of breaking down the ctime() output on character positions.

ok millert@

10 years agoFix the tests for the pf divert state and socket reuse.
bluhm [Wed, 8 Jan 2014 23:42:23 +0000 (23:42 +0000)]
Fix the tests for the pf divert state and socket reuse.

10 years agoSet socket buffer size to fixed value of 100000 octets. This
bluhm [Wed, 8 Jan 2014 23:32:17 +0000 (23:32 +0000)]
Set socket buffer size to fixed value of 100000 octets.  This
prevents that the socket splicing performance test interferes with
the dynamic TCP buffer size adjusting.

10 years agoWe still need to cast the resulting pointer in NEW and NEW2 as it
millert [Wed, 8 Jan 2014 23:12:57 +0000 (23:12 +0000)]
We still need to cast the resulting pointer in NEW and NEW2 as it
is used in pointer arithmetic.  Otherwise we do arithmetic on void
* and corrupt the heap.

10 years agoAdd casts to unsigned char for ctype functions and other places
millert [Wed, 8 Jan 2014 22:55:59 +0000 (22:55 +0000)]
Add casts to unsigned char for ctype functions and other places
where a char is stored in an int.  Joint work with and OK deraadt@

10 years agoregen
brad [Wed, 8 Jan 2014 22:52:54 +0000 (22:52 +0000)]
regen

10 years agoUse the same naming scheme on both sides for the Attansic entries and
brad [Wed, 8 Jan 2014 22:52:05 +0000 (22:52 +0000)]
Use the same naming scheme on both sides for the Attansic entries and
replace some tabs with spaces in between product and Intel.

10 years agoName the local variables for struct ifaddr consistently "ifa".
bluhm [Wed, 8 Jan 2014 22:38:29 +0000 (22:38 +0000)]
Name the local variables for struct ifaddr consistently "ifa".
OK mikeb@

10 years agoUse calloc() instead of malloc() + memset. Based on a diff from
millert [Wed, 8 Jan 2014 22:36:37 +0000 (22:36 +0000)]
Use calloc() instead of malloc() + memset.  Based on a diff from
Michael W. Bombardieri.  OK deraadt@

10 years agoMake allocate() take size_t and return void *. This lets us drop
millert [Wed, 8 Jan 2014 22:30:32 +0000 (22:30 +0000)]
Make allocate() take size_t and return void *.  This lets us drop
some more useless casts.  Also add missing arguments to a couple
of prototypes while here.  OK matthew@ pelikan@

10 years agoFix typo recieve -> receive.
bluhm [Wed, 8 Jan 2014 22:24:35 +0000 (22:24 +0000)]
Fix typo recieve -> receive.
OK sf@

10 years agoTake restore off the floppy media for now. Sorry.
deraadt [Wed, 8 Jan 2014 22:17:52 +0000 (22:17 +0000)]
Take restore off the floppy media for now.  Sorry.

10 years agoSwitch to using the base sha256 command, rather than some customized
deraadt [Wed, 8 Jan 2014 21:53:33 +0000 (21:53 +0000)]
Switch to using the base sha256 command, rather than some customized
abomination.
install.sub chunk tested by rpe

10 years agosync
deraadt [Wed, 8 Jan 2014 21:52:28 +0000 (21:52 +0000)]
sync

10 years agocreate the /etc/signify directory
deraadt [Wed, 8 Jan 2014 21:52:22 +0000 (21:52 +0000)]
create the /etc/signify directory

10 years agoRemove CALLOC, MALLOC, FREE and REALLOC macros and just call calloc(),
millert [Wed, 8 Jan 2014 21:40:25 +0000 (21:40 +0000)]
Remove CALLOC, MALLOC, FREE and REALLOC macros and just call calloc(),
nalloc(), free() and realloc() directly.  The macros were casting
to the wrong (pre-C89) types and there is no need for them in a C89
world.  OK matthew@

10 years agoregen
jcs [Wed, 8 Jan 2014 21:16:38 +0000 (21:16 +0000)]
regen

10 years agoadd a bunch of newer apple wellspring keyboard/trackpad ids
jcs [Wed, 8 Jan 2014 21:15:29 +0000 (21:15 +0000)]
add a bunch of newer apple wellspring keyboard/trackpad ids

10 years agoIf the file size is zero, there's nothing to transmit so avoid spamming
jca [Wed, 8 Jan 2014 17:31:36 +0000 (17:31 +0000)]
If the file size is zero, there's nothing to transmit so avoid spamming
syslog with mmap failures.  Noticed by and ok henning@, "looks right"
deraadt@

10 years agoBe sure to have pmap_extract() return FALSE for existing, but non-valid user
miod [Wed, 8 Jan 2014 17:12:18 +0000 (17:12 +0000)]
Be sure to have pmap_extract() return FALSE for existing, but non-valid user
pmap ptes.  Found the hard way by tobiasu@.

10 years agoFix wrapping of usage message for cksum.
millert [Wed, 8 Jan 2014 16:23:21 +0000 (16:23 +0000)]
Fix wrapping of usage message for cksum.

10 years agoflesh out STANDARDS somewhat; help/ok sobrado
jmc [Wed, 8 Jan 2014 16:19:24 +0000 (16:19 +0000)]
flesh out STANDARDS somewhat; help/ok sobrado
this was also ok millert some time ago

10 years agoerr() not errx() when fopen fails.
millert [Wed, 8 Jan 2014 16:16:44 +0000 (16:16 +0000)]
err() not errx() when fopen fails.

10 years agozap trailing whitespace;
jmc [Wed, 8 Jan 2014 16:15:45 +0000 (16:15 +0000)]
zap trailing whitespace;

10 years agoRemove NHASHES, it is not needed and is incompatible with #ifdef SMALL.
millert [Wed, 8 Jan 2014 16:13:11 +0000 (16:13 +0000)]
Remove NHASHES, it is not needed and is incompatible with #ifdef SMALL.
Remove style_hash and style_cksum, adjust the style of the selected
algorithms based on rflag and qflag instead.

10 years agosort options;
jmc [Wed, 8 Jan 2014 16:12:44 +0000 (16:12 +0000)]
sort options;

10 years agoRemove pmode, fix hfile open mode, check return value when writing
millert [Wed, 8 Jan 2014 15:54:09 +0000 (15:54 +0000)]
Remove pmode, fix hfile open mode, check return value when writing
file name to stdout.

10 years agoctype cleanup; ok gilles
deraadt [Wed, 8 Jan 2014 15:30:49 +0000 (15:30 +0000)]
ctype cleanup; ok gilles

10 years agoenter md5 directory
deraadt [Wed, 8 Jan 2014 14:20:52 +0000 (14:20 +0000)]
enter md5 directory

10 years agoBuild a -DSMALL verison of md5 for the install media (will be installed
deraadt [Wed, 8 Jan 2014 14:20:11 +0000 (14:20 +0000)]
Build a -DSMALL verison of md5 for the install media (will be installed
as sha256 and sha512, primarily)

10 years agoAdd -DSMALL support to kill a lot of the unncecessary hashes and checksums
deraadt [Wed, 8 Jan 2014 14:19:25 +0000 (14:19 +0000)]
Add -DSMALL support to kill a lot of the unncecessary hashes and checksums
that the install media won't need
ok millert, but he used the word butcher!

10 years agoAdd support for -h hashfile. This is very useful with with -p, in a pipeline,
deraadt [Wed, 8 Jan 2014 14:15:54 +0000 (14:15 +0000)]
Add support for -h hashfile.  This is very useful with with -p, in a pipeline,
to deliver the hash output to a different location.
ok millert

10 years agounsigned char for ctype. ok deraadt
okan [Wed, 8 Jan 2014 13:23:55 +0000 (13:23 +0000)]
unsigned char for ctype. ok deraadt

10 years agofix logic/usage in VERIFYONLY case
espie [Wed, 8 Jan 2014 07:04:29 +0000 (07:04 +0000)]
fix logic/usage in VERIFYONLY case
okay deraadt@

10 years agoDelete struct definitions that have been obsolete for a dozen years
guenther [Wed, 8 Jan 2014 06:50:57 +0000 (06:50 +0000)]
Delete struct definitions that have been obsolete for a dozen years

ok deraadt@

10 years agoZap leading whitespace
deraadt [Wed, 8 Jan 2014 06:43:34 +0000 (06:43 +0000)]
Zap leading whitespace

10 years agoZap trailing whitespace
guenther [Wed, 8 Jan 2014 06:41:49 +0000 (06:41 +0000)]
Zap trailing whitespace

10 years agosynch with signify(1) paranoia
espie [Wed, 8 Jan 2014 06:40:56 +0000 (06:40 +0000)]
synch with signify(1) paranoia

10 years agoalways include dd
deraadt [Wed, 8 Jan 2014 06:17:21 +0000 (06:17 +0000)]
always include dd

10 years agocalling HashFinal with a null digest should crash, not be silently ignored
tedu [Wed, 8 Jan 2014 06:14:56 +0000 (06:14 +0000)]
calling HashFinal with a null digest should crash, not be silently ignored

10 years agoReplace strtoq(), QUAD_MAX, and %qu with their long long equivalent
guenther [Wed, 8 Jan 2014 05:52:47 +0000 (05:52 +0000)]
Replace strtoq(), QUAD_MAX, and %qu with their long long equivalent

10 years agoa few more blocks can use VERIFYONLY
deraadt [Wed, 8 Jan 2014 05:51:35 +0000 (05:51 +0000)]
a few more blocks can use VERIFYONLY

10 years agoallow building a VERIFYONLY version that's considerably smaller.
tedu [Wed, 8 Jan 2014 05:00:01 +0000 (05:00 +0000)]
allow building a VERIFYONLY version that's considerably smaller.
most of the savings comes from eliminating the large constant table
in ge25519.c. ok deraadt

10 years agoEliminate poisonous LONG_OFF_T conditional
guenther [Wed, 8 Jan 2014 04:58:36 +0000 (04:58 +0000)]
Eliminate poisonous LONG_OFF_T conditional

adjective suggested by deraadt@

10 years agoDelete a bogus extern declaration and move around a couple others
guenther [Wed, 8 Jan 2014 04:48:29 +0000 (04:48 +0000)]
Delete a bogus extern declaration and move around a couple others

10 years agoUse size_t where appropriate
guenther [Wed, 8 Jan 2014 04:43:48 +0000 (04:43 +0000)]
Use size_t where appropriate

ok fgsch@

10 years agoRename arguments to avoid shadowing global variables
guenther [Wed, 8 Jan 2014 04:42:24 +0000 (04:42 +0000)]
Rename arguments to avoid shadowing global variables

ok fgsch@

10 years agoMark some functions as printf-like and fix a bogus format string
guenther [Wed, 8 Jan 2014 04:41:40 +0000 (04:41 +0000)]
Mark some functions as printf-like and fix a bogus format string

ok fgsch@

10 years agorename SHA256_ONLY to SHA2_SMALL; changing things so that sha512 support
deraadt [Wed, 8 Jan 2014 04:35:34 +0000 (04:35 +0000)]
rename SHA256_ONLY to SHA2_SMALL; changing things so that sha512 support
is also pulled in

10 years agoenable building of signify in the ramdisks
deraadt [Wed, 8 Jan 2014 04:33:23 +0000 (04:33 +0000)]
enable building of signify in the ramdisks

10 years agoreduce size by using equivalent code from libc instead of nacl
tedu [Wed, 8 Jan 2014 03:59:46 +0000 (03:59 +0000)]
reduce size by using equivalent code from libc instead of nacl
ok deraadt

10 years agono tomfoolery: mark the comment as untrusted, and enforce it.
tedu [Wed, 8 Jan 2014 03:57:57 +0000 (03:57 +0000)]
no tomfoolery: mark the comment as untrusted, and enforce it.
usability: add random key fingerprints to detect sig/pubkey mismatch
feedback espie naddy

10 years agoPerform manual malloc/free of a large object in pfkeyv2_send() to
deraadt [Wed, 8 Jan 2014 02:39:02 +0000 (02:39 +0000)]
Perform manual malloc/free of a large object in pfkeyv2_send() to
reduce stack space requirements.
ok mikeb mpi

10 years agoMake skipping the root fs DUID aware.
rpe [Tue, 7 Jan 2014 23:58:44 +0000 (23:58 +0000)]
Make skipping the root fs DUID aware.

If ROOTDEV is either the device from fstab or the converted DUID
device name with the partition added, skip the current fstab entry

ok halex@

10 years agoAsa Yeamans points out that we need to CMSG_SPACE[] for the 2nd message
deraadt [Tue, 7 Jan 2014 19:23:13 +0000 (19:23 +0000)]
Asa Yeamans points out that we need to CMSG_SPACE[] for the 2nd message
as well.
ok guenther millert

10 years agoseverely restrict what characters can be in a signer, to make
espie [Tue, 7 Jan 2014 18:35:23 +0000 (18:35 +0000)]
severely restrict what characters can be in a signer, to make
certain it's not possible to go ../  from /etc/signify

10 years agoeven if Ustar handles fifo and stuff gracefully, pkg contents should be more
espie [Tue, 7 Jan 2014 17:33:53 +0000 (17:33 +0000)]
even if Ustar handles fifo and stuff gracefully, pkg contents should be more
limited...

10 years agoPropagate an rdomain number to the nd6_lookup independently from
mikeb [Tue, 7 Jan 2014 17:07:45 +0000 (17:07 +0000)]
Propagate an rdomain number to the nd6_lookup independently from
the ifp pointer which can be NULL.  This prevents a crash reported
by David Hill <dhill at mindcry ! org>.  OK bluhm

10 years agoSome follow-up fixes for IFID collision handling in IPv6CP.
stsp [Tue, 7 Jan 2014 16:34:05 +0000 (16:34 +0000)]
Some follow-up fixes for IFID collision handling in IPv6CP.

Really change the link-local address in the unlikely event of an IFID
collision, instead of going into an infinite conf-nak loop with the peer.

To make the netinet6 code use the IPv6CP IFID in a new link-local address,
in6_ifattach_linklocal() must accept a provided IFID.  Replace the unused
'altifp' parameter with a new 'ifid' parameter for this purpose.

Always use the latest suggested address in IPv6CP replies, even if
the task to update the interface's address hasn't run yet.
Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.

ok mpi

10 years agouse IF_NAMESIZE as size of buffer for interface name
gsoares [Tue, 7 Jan 2014 14:58:40 +0000 (14:58 +0000)]
use IF_NAMESIZE as size of buffer for interface name

OK mpi@ deraadt@

10 years agoctype cleanups; ok okan
deraadt [Tue, 7 Jan 2014 14:08:16 +0000 (14:08 +0000)]
ctype cleanups; ok okan

10 years agosync
deraadt [Tue, 7 Jan 2014 14:06:16 +0000 (14:06 +0000)]
sync

10 years agosome more devices; Alexey E. Suslikov
deraadt [Tue, 7 Jan 2014 14:06:10 +0000 (14:06 +0000)]
some more devices; Alexey E. Suslikov

10 years agosync
deraadt [Tue, 7 Jan 2014 14:00:54 +0000 (14:00 +0000)]
sync

10 years agoFTX support; from Chris Hettrick
deraadt [Tue, 7 Jan 2014 14:00:50 +0000 (14:00 +0000)]
FTX support; from Chris Hettrick

10 years agoscrape support for old +COMMENT file.
espie [Tue, 7 Jan 2014 13:52:43 +0000 (13:52 +0000)]
scrape support for old +COMMENT file.
8 years of backward compatibility is long enough... :)

10 years agorecognize special file +META
espie [Tue, 7 Jan 2014 13:37:23 +0000 (13:37 +0000)]
recognize special file +META

10 years agotedu some very old checks: we no longer have INSTALL/UNINSTALL scripts,
espie [Tue, 7 Jan 2014 13:31:35 +0000 (13:31 +0000)]
tedu some very old checks: we no longer have INSTALL/UNINSTALL scripts,
so we don't care whether /var/db/pkg is mounted noexec.

10 years agolet's verify all checksums.
espie [Tue, 7 Jan 2014 13:26:17 +0000 (13:26 +0000)]
let's verify all checksums.
I forgot about special files, since they've been extracted early,
but they can be checked nonetheless.

(prevents people from tampering with DESC and the like)