openbsd
7 years agoOnly access offset if canaries are enabled *and* size > 0, otherwise offset
otto [Fri, 7 Jul 2017 19:14:46 +0000 (19:14 +0000)]
Only access offset if canaries are enabled *and* size > 0, otherwise offset
is not initialized. Problem spotted by Carlin Bingham; ok phessler@ tedu@

7 years agoadd parentheses to the output where required for disambiguation
schwarze [Fri, 7 Jul 2017 19:06:15 +0000 (19:06 +0000)]
add parentheses to the output where required for disambiguation

7 years agoYou win some, you los some. The Linux 4.4 code is still sub-standard but
kettenis [Fri, 7 Jul 2017 18:06:51 +0000 (18:06 +0000)]
You win some, you los some.  The Linux 4.4 code is still sub-standard but
triggers different warnings now.

ok naddy@

7 years agoHandle carp(4) as HTYPE_ETHER.
reyk [Fri, 7 Jul 2017 17:25:09 +0000 (17:25 +0000)]
Handle carp(4) as HTYPE_ETHER.

This fixes "dhcrelay -i carpX" that used to work when dhcrelay didn't care.

Reported and tested by Kapetanakis Giannis bilias at edu.physics.uoc.gr

7 years agosimplify the eqn_box_makebinary() function by removing the trivial pos
schwarze [Fri, 7 Jul 2017 17:15:21 +0000 (17:15 +0000)]
simplify the eqn_box_makebinary() function by removing the trivial pos
parameter; also minus two lines of code; no functional change

7 years agoReplace the many occurances of '256' with a new #define
krw [Fri, 7 Jul 2017 16:58:45 +0000 (16:58 +0000)]
Replace the many occurances of '256' with a new #define
DHO_COUNT.

7 years agoDisable tests that fail due to known make bugs, fix the others.
bluhm [Fri, 7 Jul 2017 16:31:37 +0000 (16:31 +0000)]
Disable tests that fail due to known make bugs, fix the others.

7 years agoclarify which httpd we are talking about;
schwarze [Fri, 7 Jul 2017 16:30:06 +0000 (16:30 +0000)]
clarify which httpd we are talking about;
from Raf Czlonka <rczlonka at gmail dot com>

7 years agoFix size of rightmost preview section.
nicm [Fri, 7 Jul 2017 16:27:26 +0000 (16:27 +0000)]
Fix size of rightmost preview section.

7 years agoReplace a doubled period and add a blank space in front of a bracket.
tb [Fri, 7 Jul 2017 16:21:34 +0000 (16:21 +0000)]
Replace a doubled period and add a blank space in front of a bracket.
From Klemens Nanni

ok rpe

7 years agoRadically simplify the definitions what the message levels ERROR
schwarze [Fri, 7 Jul 2017 16:19:30 +0000 (16:19 +0000)]
Radically simplify the definitions what the message levels ERROR
and WARNING mean: minus 20 lines of mdoc source.  OK jmc@.

7 years agodispatch_imsg() only needs to know name and rdomain.
krw [Fri, 7 Jul 2017 15:39:30 +0000 (15:39 +0000)]
dispatch_imsg() only needs to know name and rdomain.

No more struct interface_info knowledge in privsep.[ch]

7 years agoassemble_eh_header() needs only to know about hw_addr.
krw [Fri, 7 Jul 2017 15:14:47 +0000 (15:14 +0000)]
assemble_eh_header() needs only to know about hw_addr.

No more struct interface_info knowledge in packet.c

7 years agoRename cons_options() to pack_options(), and do_packet() to
krw [Fri, 7 Jul 2017 14:53:06 +0000 (14:53 +0000)]
Rename cons_options() to pack_options(), and do_packet() to
unpack_options(). Store the unpacked options in a static
variable. Move remaining raw packet processing from unpack_options()
to packethandler().

No more struct interface_info knowledge in options.c

7 years agoAdd logic for running SD commands. Tested with a few different makes
visa [Fri, 7 Jul 2017 14:49:04 +0000 (14:49 +0000)]
Add logic for running SD commands. Tested with a few different makes
of MMC/SD memory.

7 years agoAdd a pane_pipe format to show if pipe-pane is active, GitHub issue 990.
nicm [Fri, 7 Jul 2017 14:39:45 +0000 (14:39 +0000)]
Add a pane_pipe format to show if pipe-pane is active, GitHub issue 990.

7 years agotrigger default .l.o rule and check the produced file has the right name
espie [Fri, 7 Jul 2017 14:12:43 +0000 (14:12 +0000)]
trigger default .l.o  rule and check the produced file has the right name

7 years agoCOMPILE.c already does -c, so no need to double it.
espie [Fri, 7 Jul 2017 14:11:07 +0000 (14:11 +0000)]
COMPILE.c already does -c, so no need to double it.
no functional change

7 years agounbreak
espie [Fri, 7 Jul 2017 13:44:45 +0000 (13:44 +0000)]
unbreak
this specific rule is only triggered twice in the whole ports tree
(sysutils/xjobs and print/l2a)

This fixes them

7 years agowe're not shooting yacception
espie [Fri, 7 Jul 2017 12:41:59 +0000 (12:41 +0000)]
we're not shooting yacception

okay millert@

7 years agoMake libtool regress tests pass:
bluhm [Fri, 7 Jul 2017 10:56:13 +0000 (10:56 +0000)]
Make libtool regress tests pass:
- There are no NOPIC architectures anymore.
- Add DISABLED targets for tests failing intensionally without
  touching the real targets.
- In execute mode libtool command line must use ./p2 as .  is not
  in my PATH.
OK mpi@ espie@

7 years agoMake mmap_hint.c compile on i386 by adding includes. Unfortunately
bluhm [Fri, 7 Jul 2017 10:49:12 +0000 (10:49 +0000)]
Make mmap_hint.c compile on i386 by adding includes.  Unfortunately
test is still failing.

7 years agoFix function name in panic message.
visa [Fri, 7 Jul 2017 10:04:43 +0000 (10:04 +0000)]
Fix function name in panic message.

7 years agoMake configuration lines match GENERIC files.
fcambus [Fri, 7 Jul 2017 09:15:59 +0000 (09:15 +0000)]
Make configuration lines match GENERIC files.

This adds amd64 and splits up alpha and i386.

OK deraadt@

7 years agoRemove unnecessary #ifdefs in telnet. No binary change.
fcambus [Fri, 7 Jul 2017 09:14:26 +0000 (09:14 +0000)]
Remove unnecessary #ifdefs in telnet. No binary change.

OK deraadt@, tedu@

7 years agoWhen working out the current client (for example for switch-client with
nicm [Fri, 7 Jul 2017 07:13:14 +0000 (07:13 +0000)]
When working out the current client (for example for switch-client with
no target), prefer clients attached to the current session if there is
one. GitHub issue 995 from Jan Larres.

7 years agoWhen generating all hostkeys (ssh-keygen -A), clobber existing keys
djm [Fri, 7 Jul 2017 03:53:12 +0000 (03:53 +0000)]
When generating all hostkeys (ssh-keygen -A), clobber existing keys
if they exist but are zero length. zero-length keys could previously
be made if ssh-keygen failed part way through generating them, so avoid
that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@

7 years agoallow fetching lists from https:// URLs too
djm [Fri, 7 Jul 2017 00:10:15 +0000 (00:10 +0000)]
allow fetching lists from https:// URLs too

7 years agoswitch user to _spamd before executing ftp(1) to fetch lists.
djm [Fri, 7 Jul 2017 00:09:14 +0000 (00:09 +0000)]
switch user to _spamd before executing ftp(1) to fetch lists.
sprinkle in some closefrom(2); ok deraadt@ beck@

7 years agoNow that we have the -Wstyle message level, downgrade six warnings
schwarze [Thu, 6 Jul 2017 22:58:44 +0000 (22:58 +0000)]
Now that we have the -Wstyle message level, downgrade six warnings
that are not syntax mistakes and that do not cause wrong formatting
or content to style suggestions.
Also upgrade two warnings that may cause information loss to errors.

7 years agosync
tb [Thu, 6 Jul 2017 22:19:23 +0000 (22:19 +0000)]
sync

7 years agoREGRESS_TARGET has been renamed to TEST_TARGET.
bluhm [Thu, 6 Jul 2017 21:41:59 +0000 (21:41 +0000)]
REGRESS_TARGET has been renamed to TEST_TARGET.
spotted by anton@

7 years agoDelete variable REGRESS_TARGET, missing plural S is a typo and it
bluhm [Thu, 6 Jul 2017 21:33:45 +0000 (21:33 +0000)]
Delete variable REGRESS_TARGET, missing plural S is a typo and it
is not used.  Convert tests into a common style.
OK anton@

7 years agoanton@ has fixed the test script so that it can run as root. Remove
bluhm [Thu, 6 Jul 2017 19:40:18 +0000 (19:40 +0000)]
anton@ has fixed the test script so that it can run as root.  Remove
my workaround that switched to build user.

7 years agoFix display of overlong lines containing non-ASCII bytes.
schwarze [Thu, 6 Jul 2017 19:27:37 +0000 (19:27 +0000)]
Fix display of overlong lines containing non-ASCII bytes.
Also fixes a crash reported by Hiltjo Posthuma <hiltjo at codemadness
dot org>, though in a different way than with the patch he sent.
OK florian@ bcallah@

7 years agorevert previous, requested by jmc@; he says the broken .Xr is intentional
schwarze [Thu, 6 Jul 2017 19:20:21 +0000 (19:20 +0000)]
revert previous, requested by jmc@; he says the broken .Xr is intentional

7 years agoOur website says that socppc was discontinued after 5.8 (thanks to
schwarze [Thu, 6 Jul 2017 17:39:45 +0000 (17:39 +0000)]
Our website says that socppc was discontinued after 5.8 (thanks to
tobiasu@ for pointing that out), but the manual pages are still
installed.  I have no idea how to properly tedu an architecture, so
deleting the dead .Xr to boot_socppc(8) is all i'm doing in this respect.

7 years agoDocument tls_config_set_crl_file() and tls_config_set_crl_mem().
jsing [Thu, 6 Jul 2017 17:27:19 +0000 (17:27 +0000)]
Document tls_config_set_crl_file() and tls_config_set_crl_mem().

Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!

7 years agoDelete cross references to boot_landisk(8).
schwarze [Thu, 6 Jul 2017 17:24:49 +0000 (17:24 +0000)]
Delete cross references to boot_landisk(8).
According to tobiasu@, landisk is moribund and writing new manual
pages for it would be a waste of time.

7 years agoBump minor due to symbol addition.
jsing [Thu, 6 Jul 2017 17:12:44 +0000 (17:12 +0000)]
Bump minor due to symbol addition.

7 years agoAdd support for providing CRLs to libtls - once a CRL is provided we
jsing [Thu, 6 Jul 2017 17:12:22 +0000 (17:12 +0000)]
Add support for providing CRLs to libtls - once a CRL is provided we
enable CRL checking for the full certificate chain.

Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!

Discussed with beck@

7 years agofix RCS Id; found with mandoc -Tlint
schwarze [Thu, 6 Jul 2017 16:58:34 +0000 (16:58 +0000)]
fix RCS Id; found with mandoc -Tlint

7 years agocons_options() only needs to know a buffer and a length to
krw [Thu, 6 Jul 2017 16:56:52 +0000 (16:56 +0000)]
cons_options() only needs to know a buffer and a length to
pack options into. Not all the gory details of interface_info.

Move some of the raw packet processing out of options.c's
do_packet() and into the more obvious dispatch.c's
packethandler().

Mention that RFC791 is why we use 576-byte UDP packets.

7 years agodelete duplicate RCS ID and lots of .Tn
schwarze [Thu, 6 Jul 2017 16:52:32 +0000 (16:52 +0000)]
delete duplicate RCS ID and lots of .Tn

7 years agodelete duplicate RCS IDs; found with mandoc -Tlint
schwarze [Thu, 6 Jul 2017 16:50:58 +0000 (16:50 +0000)]
delete duplicate RCS IDs; found with mandoc -Tlint

7 years agoDo not suppress what's going on.
anton [Thu, 6 Jul 2017 16:34:28 +0000 (16:34 +0000)]
Do not suppress what's going on.

7 years agoThe 0x (or 0X) prefix in base 16 is optional so only skip over the
millert [Thu, 6 Jul 2017 16:23:11 +0000 (16:23 +0000)]
The 0x (or 0X) prefix in base 16 is optional so only skip over the
prefix if the character following it is a valid hex char.  The C99
standard is clear that given the string "0xy" zero should be returned
and endptr set to point to the "x".  OK deraadt@ espie@

7 years agofix broken cross references; found with mandoc -Tlint
schwarze [Thu, 6 Jul 2017 15:42:04 +0000 (15:42 +0000)]
fix broken cross references; found with mandoc -Tlint

7 years agoinstaller version of slaacd, not hooked up to the build yet
florian [Thu, 6 Jul 2017 15:05:28 +0000 (15:05 +0000)]
installer version of slaacd, not hooked up to the build yet

7 years agoSprinkel in some #ifndef SMALL to make slaacd smaller for the
florian [Thu, 6 Jul 2017 15:02:53 +0000 (15:02 +0000)]
Sprinkel in some #ifndef SMALL to make slaacd smaller for the
installer.

This removes the control socket handling which is useless because we
won't have slaacctl in the installer.

Also deraadt@ pointed out that this would be the first use of log.c in
the installer where we don't have syslogd running so it's rather
pointless. So this completely neuters logging.

The log.h change doesn't interfere with benno@'s efforts of unifying
log.c

The installer version of slaacd won't even compile control.c and log.c

7 years agoreorder imsg_type enum so that we can #ifndef SMALL all the control
florian [Thu, 6 Jul 2017 14:57:29 +0000 (14:57 +0000)]
reorder imsg_type enum so that we can #ifndef SMALL all the control
related imsg types

7 years agomove rpref enum definition up so that we can #ifndef SMALL a big block
florian [Thu, 6 Jul 2017 14:56:39 +0000 (14:56 +0000)]
move rpref enum definition up so that we can #ifndef SMALL a big block

7 years agoDisable new tests until sed has been adapted.
bluhm [Thu, 6 Jul 2017 14:17:11 +0000 (14:17 +0000)]
Disable new tests until sed has been adapted.
Discussed with otto@

7 years agosync
deraadt [Thu, 6 Jul 2017 14:15:14 +0000 (14:15 +0000)]
sync

7 years agoInitialize the return value and do not use garbage as exit status.
bluhm [Thu, 6 Jul 2017 13:20:54 +0000 (13:20 +0000)]
Initialize the return value and do not use garbage as exit status.
Then the test passes.

7 years agoLink the runtests programs statically and explain why.
bluhm [Thu, 6 Jul 2017 13:11:15 +0000 (13:11 +0000)]
Link the runtests programs statically and explain why.

7 years agoAdd ULL suffix to 64 bit constants. This avoids compiler warnings
bluhm [Thu, 6 Jul 2017 13:06:34 +0000 (13:06 +0000)]
Add ULL suffix to 64 bit constants.  This avoids compiler warnings
on i386 and allows to compile the C++ test.  Upstream dropped the
ULL in an insufficient attempt to make the siphash code C89 compatible.
Their fix will be more complicated.
No binary change.

7 years ago/tmp/cvsa9y4jm
espie [Thu, 6 Jul 2017 12:15:23 +0000 (12:15 +0000)]
/tmp/cvsa9y4jm

7 years agoRemove bogus arguments from a printf in the bootloader.
mlarkin [Thu, 6 Jul 2017 11:27:56 +0000 (11:27 +0000)]
Remove bogus arguments from a printf in the bootloader.

ok tom@

7 years agoCompile libexpat with -fvisibility=hidden. This restricts the
bluhm [Thu, 6 Jul 2017 11:17:58 +0000 (11:17 +0000)]
Compile libexpat with -fvisibility=hidden.  This restricts the
exported symbols to the indended API.  We do not need a Symbols.map
anymore.  Major library bump is necessary as some internal functions
vanish from the ABI.
Discussed upstream with Sebastian Pipping; ports bulk build ajacoutot@;
OK deraadt@

7 years agosync the list of pci devices which don't require aperture
jsg [Thu, 6 Jul 2017 10:09:26 +0000 (10:09 +0000)]
sync the list of pci devices which don't require aperture
ok kettenis@

7 years agoAdd tests for all features of file completion in csh.
anton [Thu, 6 Jul 2017 06:33:42 +0000 (06:33 +0000)]
Add tests for all features of file completion in csh.

7 years agoDisassociate PA load address of the kernel from VA, such that PA isn't
deraadt [Thu, 6 Jul 2017 06:21:56 +0000 (06:21 +0000)]
Disassociate PA load address of the kernel from VA, such that PA isn't
a mask of VA, but can be an offset (once other code is ready...).  Also,
simplify and remove useless symbols.
ok mlarkin

7 years agovmd: increase the max number of disks from 2 to 4. Requires kernel rebuild
mlarkin [Thu, 6 Jul 2017 06:19:15 +0000 (06:19 +0000)]
vmd: increase the max number of disks from 2 to 4. Requires kernel rebuild
as a struct passed to vmm has changed size.

ok deraadt, pd

7 years ago0xcc-fill a few more alignments. Not because these ones matter particularily,
deraadt [Thu, 6 Jul 2017 06:17:04 +0000 (06:17 +0000)]
0xcc-fill a few more alignments.  Not because these ones matter particularily,
but because elimination highlights more important ones.
Cursory review mortimer, ok mlarkin

7 years agoremove an unneeded .align and .code32
mlarkin [Thu, 6 Jul 2017 04:32:30 +0000 (04:32 +0000)]
remove an unneeded .align and .code32

ok deraadt

7 years agofix date
schwarze [Thu, 6 Jul 2017 00:18:33 +0000 (00:18 +0000)]
fix date

7 years agoFix operator precedence according to Brian W. Kernighan and Lorinda
schwarze [Thu, 6 Jul 2017 00:08:52 +0000 (00:08 +0000)]
Fix operator precedence according to Brian W. Kernighan and Lorinda
L. Cherry, "Typesetting Mathematics - User's Guide (Second Edition)",
August 15, 1978, paragraph 23; swarm of bugs pointed out by bentley@.

7 years agoFix native/raw backlight support in inteldrm(4).
kettenis [Wed, 5 Jul 2017 20:30:13 +0000 (20:30 +0000)]
Fix native/raw backlight support in inteldrm(4).

7 years agoValidate prefix information in router advertisements according to RFC
florian [Wed, 5 Jul 2017 20:18:11 +0000 (20:18 +0000)]
Validate prefix information in router advertisements according to RFC
4862 Section 5.5.3.

This very likely solves the problem of slaacd generating privacy
addresses at a very high rate as reported by Matthias Schmidt on
bugs@; thanks!

The problem is that we constantly generate new privacy addresses if we
receive a router advertisement with a pltime of 0 since that address
will immediately be deprecated.

This needs revisiting since we will run into the same problem with
other low pltimes.

7 years agoFavor a UID-agnostic prompt in ksh edit mode tests. Allows the tests to pass
anton [Wed, 5 Jul 2017 19:40:58 +0000 (19:40 +0000)]
Favor a UID-agnostic prompt in ksh edit mode tests. Allows the tests to pass
when executed as root.

Spotted by bluhm@

7 years agoRevert previously added tests for file completion that are currently failing.
anton [Wed, 5 Jul 2017 19:27:26 +0000 (19:27 +0000)]
Revert previously added tests for file completion that are currently failing.

Prodded by bluhm@

7 years agoavoid double space caused by end-of-sentence detection; requested by jmc@
schwarze [Wed, 5 Jul 2017 18:56:33 +0000 (18:56 +0000)]
avoid double space caused by end-of-sentence detection; requested by jmc@

7 years agoRemove knowledge of struct interface_info from clparse.c. Just
krw [Wed, 5 Jul 2017 16:17:41 +0000 (16:17 +0000)]
Remove knowledge of struct interface_info from clparse.c. Just
pass the interface name and the TAILQ to put static leases into.

Add a TAILQ for static leases to struct client_config to hold the
static leases until it's time to add them to ifi.

Add add_lease() to add leases to a TAILQ while checking for
leases that are superseded by the new lease.

7 years agoRFC 6066 states that IP literals are not permitted in "HostName" for a
jsing [Wed, 5 Jul 2017 15:38:35 +0000 (15:38 +0000)]
RFC 6066 states that IP literals are not permitted in "HostName" for a
TLS Server Name extension, however seemingly several clients (including
Python, Ruby and Safari) violate the RFC. Given that this is a fairly
widespread issue, if we receive a TLS Server Name extension that contains
an IP literal, pretend that we did not receive the extension rather than
causing a handshake failure.

Issue raised by jsg@

ok jsg@

7 years agoImplement the generated dependency with a stamp file to avoid needless
bluhm [Wed, 5 Jul 2017 15:31:45 +0000 (15:31 +0000)]
Implement the generated dependency with a stamp file to avoid needless
recompiling of the test programs.  Add some RCS ids.

7 years agoforgot to commit this one
espie [Wed, 5 Jul 2017 15:15:48 +0000 (15:15 +0000)]
forgot to commit this one

7 years agoThe EQN_LISTONE box type is pointless.
schwarze [Wed, 5 Jul 2017 15:03:20 +0000 (15:03 +0000)]
The EQN_LISTONE box type is pointless.
Simplify by just using EQN_LIST with expectargs = 1.
Noticed while investigating a bug report from bentley@.
No functional change.

7 years agoEnable NFSCLIENT to let installation over NFS work.
visa [Wed, 5 Jul 2017 14:58:59 +0000 (14:58 +0000)]
Enable NFSCLIENT to let installation over NFS work.

OK kettenis@, deraadt@

7 years agoFix RAMDISK build.
visa [Wed, 5 Jul 2017 14:47:58 +0000 (14:47 +0000)]
Fix RAMDISK build.

OK bluhm@

7 years agomake use of (f)lex -o option to create unique temporary files, so that
espie [Wed, 5 Jul 2017 13:31:40 +0000 (13:31 +0000)]
make use of (f)lex -o option to create unique temporary files, so that
make -j will be happier.

okay millert@

7 years agobased on florian@'s observation and guenther@'s work in kernel makefiles.
espie [Wed, 5 Jul 2017 13:30:01 +0000 (13:30 +0000)]
based on florian@'s observation and guenther@'s work in kernel makefiles.
don't include .d files during obj and cleanup, because those files might
be utterly bogus following an untimely reboot.

This allows cleaning stuff up without needing to manually remove those
files.

okay millert@, kettenis@

7 years agoregen
kettenis [Wed, 5 Jul 2017 12:43:32 +0000 (12:43 +0000)]
regen

7 years agoAdd Intel Braswell Sensor Hub device.
kettenis [Wed, 5 Jul 2017 12:43:10 +0000 (12:43 +0000)]
Add Intel Braswell Sensor Hub device.

7 years agonits about trailing punctuation found with mandoc -Tlint
schwarze [Wed, 5 Jul 2017 12:23:46 +0000 (12:23 +0000)]
nits about trailing punctuation found with mandoc -Tlint

7 years agovoid functions don't return 0
tb [Wed, 5 Jul 2017 11:44:35 +0000 (11:44 +0000)]
void functions don't return 0

From Klemens Nanni

7 years agofix cross references to self; found with mandoc -Tlint
schwarze [Wed, 5 Jul 2017 11:43:09 +0000 (11:43 +0000)]
fix cross references to self; found with mandoc -Tlint

7 years agoConvert pf tagname malloc(9) into pool_get(9) to make it MP safe.
bluhm [Wed, 5 Jul 2017 11:40:17 +0000 (11:40 +0000)]
Convert pf tagname malloc(9) into pool_get(9) to make it MP safe.
While there use TAILQ_FOREACH macro for traversing tags.
OK mpi@

7 years agoThe IP in IP input function strips the outer header and reinserts
bluhm [Wed, 5 Jul 2017 11:34:10 +0000 (11:34 +0000)]
The IP in IP input function strips the outer header and reinserts
the inner IP packet into the internet queue.  The IPv6 local delivery
code has a loop to deal with header chains.  The idea is to use
this loop and avoid the queueing and rescheduling.  The IPsec packet
will be processed in a single flow.
Merge the IP deliver loop from both IP versions into a single
ip_deliver() function that can handle both addresss families.  This
allows to process an IP in IP header like a normal extension header.
If af != AF_UNSPEC, we are already in a deliver loop and have the
kernel look.  Then we can just return the next protocol.  Otherwise
we enqueue.  The dequeue thread has the kernel lock and starts an
IP delivery loop.
OK mpi@

7 years agoDon't stop logging to stderr when running in foreground with -d.
reyk [Wed, 5 Jul 2017 11:11:56 +0000 (11:11 +0000)]
Don't stop logging to stderr when running in foreground with -d.

Pointed out by Kapetanakis Giannis

7 years agoComments are lying.
mpi [Wed, 5 Jul 2017 10:48:41 +0000 (10:48 +0000)]
Comments are lying.

7 years agodocument that we're no longer using 'make depend'
espie [Wed, 5 Jul 2017 10:41:01 +0000 (10:41 +0000)]
document that we're no longer using 'make depend'

7 years agobye bye depends
espie [Wed, 5 Jul 2017 10:22:32 +0000 (10:22 +0000)]
bye bye depends
okay tb@ deraadt@

7 years agoIf we are sending a neighbor solicitation for a link local address
florian [Wed, 5 Jul 2017 09:51:37 +0000 (09:51 +0000)]
If we are sending a neighbor solicitation for a link local address
send it with a link local source address as well.

This helps upstream routers with their own source address
selection.

A reoccurring scenario is:
- gateway on fe80::1%if
- the gateway does not have an IP in the same prefix as our global address

When we want to talk to the outside world we first need to resolve the
gateway. We copy the source address from our outgoing packet to the
neighbor solicitation packet (a global address) and ask for layer2
information of a link local address.

The upstream router now needs to do source address selection of it's
own. Since we are coming from a global address and there is no address
from the same prefix the router uses another global address lying
around.

We then drop this with "ND packet from non-neighbor".

Reported over the years by a few people, most recently by Marc Peters
on bugs@ who confirmed that this fixes the problem.

OK stsp@, mpi@

7 years agoSome documentation improvements:
mpi [Wed, 5 Jul 2017 09:40:16 +0000 (09:40 +0000)]
Some documentation improvements:

- Fix TLS s/server/client/

- Use 'remote loghost' consistently, even if it's not clear to which
  endpoint this correspond.

- Replace 'forwarding' by 'sending' to remove the ambiguity about the
  inserted hostname.

- Do not use the word 'server' with 'socket' to avoid confusion with
  a TLS server.

- Prefer 'senders' than 'clients' when it comes to spoofing, to reduce
  one usage of the word 'client.

ok jmc@, bluhm@

7 years agoremove useless (void)printf casts, diff from Klemens Nanni, massaged
florian [Wed, 5 Jul 2017 07:15:40 +0000 (07:15 +0000)]
remove useless (void)printf casts, diff from Klemens Nanni, massaged
by me.

7 years agoAdd tests for file completion in ksh emacs mode, currently failing.
anton [Wed, 5 Jul 2017 06:31:59 +0000 (06:31 +0000)]
Add tests for file completion in ksh emacs mode, currently failing.

While here, pass the v option to hexdump in order to output all data.

7 years agoSwitch to build user if run as root. Prompt output $ or # affects test.
bluhm [Tue, 4 Jul 2017 23:54:52 +0000 (23:54 +0000)]
Switch to build user if run as root.  Prompt output $ or # affects test.

7 years agocross reference to self; found with mandoc(1)
schwarze [Tue, 4 Jul 2017 23:38:49 +0000 (23:38 +0000)]
cross reference to self; found with mandoc(1)

7 years agoRevert back previous, pledge cannot be enabled on the privsep'd proc yet, at
mestre [Tue, 4 Jul 2017 23:13:09 +0000 (23:13 +0000)]
Revert back previous, pledge cannot be enabled on the privsep'd proc yet, at
least not as is

Reported by tim@, OK deraadt@ to backout the pledge for now