doug [Sat, 20 Jun 2015 01:07:24 +0000 (01:07 +0000)]
Remove obsolete MDC-2DES from libcrypto.
ok deraadt@ jsing@ miod@
jca [Fri, 19 Jun 2015 23:54:15 +0000 (23:54 +0000)]
Tweak whitespace and remove dangling, unneeded "else".
No functional change.
jmatthew [Fri, 19 Jun 2015 23:17:59 +0000 (23:17 +0000)]
remove a bit more isp(4), from brad
jmatthew [Fri, 19 Jun 2015 23:07:04 +0000 (23:07 +0000)]
isp(4) man page needs to go too, pointed out by jmc@
uaa [Fri, 19 Jun 2015 20:39:34 +0000 (20:39 +0000)]
Only match devices with a valid configuration.
ok by mpi@
millert [Fri, 19 Jun 2015 18:41:53 +0000 (18:41 +0000)]
Remove needless casts. There's no reason to cast delim to char *
when we can just make spanp const char * to match it. OK deraadt@
deraadt [Fri, 19 Jun 2015 15:57:11 +0000 (15:57 +0000)]
sync
jsing [Fri, 19 Jun 2015 15:06:51 +0000 (15:06 +0000)]
Add missing message digests to function table.
Diff from kinichiro via github.
ok doug@
phessler [Fri, 19 Jun 2015 14:54:12 +0000 (14:54 +0000)]
show the number of (currently) known prefixes and the max-prefix limit,
when we terminate the session.
since we terminate the session as soon as we go above the limit, show
'>' since there may be more that we haven't/won't process.
OK benno@
naddy [Fri, 19 Jun 2015 12:15:38 +0000 (12:15 +0000)]
add 5.9 packages key
jmatthew [Fri, 19 Jun 2015 11:12:24 +0000 (11:12 +0000)]
remove isp(4) now that the ql* family have replaced it
bcook [Fri, 19 Jun 2015 07:18:58 +0000 (07:18 +0000)]
Remove fallback dynamic engine loading support.
Since we no longer have dynamic engines, don't bother falling back to them
if a builtin engine is not found first.
Before:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:
2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
27256010481532:error:
2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic
After:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:
2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
ok doug@
bcook [Fri, 19 Jun 2015 06:32:43 +0000 (06:32 +0000)]
Return the failing engine ID in the error stack.
Noted by doug@ in an earlier revision of the dynamic engine removal patch, but
I had forgotten to include it in the latest version.
bcook [Fri, 19 Jun 2015 06:20:11 +0000 (06:20 +0000)]
Add standard headers, C++ support to tls.h.
This makes using libtls easier to include by including dependent headers,
making something like this work as expected:
#include <iostream>
#include <tls.h>
int main()
{
std::cout << "tls_init: " << tls_init() << "\n";
}
This also makes building a standalone libtls-portable simpler.
ok doug@, jsing@
bcook [Fri, 19 Jun 2015 06:05:11 +0000 (06:05 +0000)]
Disable ENGINE_load_dynamic (dynamic engine support).
We do not build, test or ship any dynamic engines, so we can remove the dynamic
engine loader as well. This leaves a stub initialization function in its place.
ok beck@, reyk@, miod@
deraadt [Fri, 19 Jun 2015 05:51:01 +0000 (05:51 +0000)]
sync
doug [Fri, 19 Jun 2015 01:38:54 +0000 (01:38 +0000)]
Convert tls1_alpn_handle_client_hello() to CBS.
tweak + ok miod@ jsing@
doug [Fri, 19 Jun 2015 00:23:36 +0000 (00:23 +0000)]
Add CBS_dup() to initialize a new CBS with the same values.
This is useful for when you need to check the data ahead and then continue
on from the same spot.
input + ok jsing@ miod@
nicm [Thu, 18 Jun 2015 23:56:01 +0000 (23:56 +0000)]
Use the SRCDST define for usage.
nicm [Thu, 18 Jun 2015 23:55:24 +0000 (23:55 +0000)]
Use xsnprintf.
nicm [Thu, 18 Jun 2015 23:53:56 +0000 (23:53 +0000)]
Remove a stray : and tweak paragraph.
doug [Thu, 18 Jun 2015 23:25:07 +0000 (23:25 +0000)]
Extend the input types for CBB_add_*() to help catch bugs.
While the previous types were correct, they can silently accept bad data
via truncation or signed conversion. We now take size_t as input for
CBB_add_u*() and do a range check.
discussed with deraadt@
input + ok jsing@ miod@
doug [Thu, 18 Jun 2015 22:51:05 +0000 (22:51 +0000)]
Remove Microsoft Server Gated Crypto.
Another relic due to the old US crypto policy.
From OpenSSL commit
63eab8a620944a990ab3985620966ccd9f48d681 and
95275599399e277e71d064790a1f828a99fc661a.
ok jsing@ miod@
doug [Thu, 18 Jun 2015 22:30:47 +0000 (22:30 +0000)]
Change DTLS client cert request code to match TLS.
DTLS currently doesn't check whether a client cert is expected. This
change makes the logic in dtls1_accept() match that from ssl3_accept().
From OpenSSL commit
c8d710dc5f83d69d802f941a4cc5895eb5fe3d65
input + ok jsing@ miod@
miod [Thu, 18 Jun 2015 21:45:00 +0000 (21:45 +0000)]
I'm afraid it will be a sunday.
sthen [Thu, 18 Jun 2015 20:56:33 +0000 (20:56 +0000)]
add 5.9 firmware key
naddy [Thu, 18 Jun 2015 20:02:57 +0000 (20:02 +0000)]
For unsupported sample formats, don't return EINVAL but set the closest
available format. ok ratchov@
martynas [Thu, 18 Jun 2015 20:01:47 +0000 (20:01 +0000)]
Fix stack shuffle such that sj includes si and the last element actually
gets a chance to be reordered.
jmc [Thu, 18 Jun 2015 11:38:41 +0000 (11:38 +0000)]
spelling fixes from theo buehler;
jsg [Thu, 18 Jun 2015 10:47:44 +0000 (10:47 +0000)]
CP2110 is handled by uslhcom not uslcom
mpi [Thu, 18 Jun 2015 10:02:49 +0000 (10:02 +0000)]
Only match devices with a valid configuration.
Tested by jsg@
mpi [Thu, 18 Jun 2015 09:47:16 +0000 (09:47 +0000)]
Only match devices with a valid configuration.
mpi [Thu, 18 Jun 2015 09:28:54 +0000 (09:28 +0000)]
Only match devices with a valid configuration.
Most of the WiFi/Ethernet USB adapter only have one configuration and always
use its first interface. In order to improve USB descriptors parsing start
by reducing the number of places where a configuration is set.
Tested by jsg@
deraadt [Thu, 18 Jun 2015 00:14:42 +0000 (00:14 +0000)]
sync
deraadt [Wed, 17 Jun 2015 22:35:08 +0000 (22:35 +0000)]
my keyboard is conspiring against me
deraadt [Wed, 17 Jun 2015 22:32:08 +0000 (22:32 +0000)]
crank to 5.8-beta
nicm [Wed, 17 Jun 2015 20:50:10 +0000 (20:50 +0000)]
Use strdup in xstrdup; from Fritjof Bornebusch.
jcs [Wed, 17 Jun 2015 20:39:47 +0000 (20:39 +0000)]
when no fingers are down, send 0 for z
fixes tap-to-click
jcs [Wed, 17 Jun 2015 20:38:15 +0000 (20:38 +0000)]
fix compilation with UBCMTP_DEBUG
nicm [Wed, 17 Jun 2015 19:56:08 +0000 (19:56 +0000)]
Change break-pane to take target and source panes (-t and -s) in line
with other commands, from Thomas Adam.
deraadt [Wed, 17 Jun 2015 19:52:18 +0000 (19:52 +0000)]
move to 5.8-beta. This is a bit earlier than normal...
nicm [Wed, 17 Jun 2015 18:51:11 +0000 (18:51 +0000)]
Use strdup in xstrdup from Fritjof Bornebusch. While here, remove xfree
which is unused.
miod [Wed, 17 Jun 2015 17:15:07 +0000 (17:15 +0000)]
Make kernel text read-only and unreadable from userland, and remove the bogus
comment about the emulation code requiring kernel text to be readable from
userland.
Add a few DIAGNOSTIC checks for rogue ptes passed to rmpage().
Make sure the pte extent operations and update_pcbs() run at >= IPL_SCHED.
nicm [Wed, 17 Jun 2015 17:02:15 +0000 (17:02 +0000)]
Break cmdq_continue inner loop into a helper function.
nicm [Wed, 17 Jun 2015 16:50:28 +0000 (16:50 +0000)]
Move the shuffle code from new-window -a into a function and add a -a
flag for move-window too. From Thomas Adam.
nicm [Wed, 17 Jun 2015 16:44:49 +0000 (16:44 +0000)]
Use an explicit job state instead of avoid closing our side of the
socketpair and setting it to -1 to mark when the other side is
closed. This avoids closing it while the libevent bufferevent still has
it (it could try to add it to the polled set which some mechanisms don't
like). Fixes part a problem reported by Bruno Sutic.
sthen [Wed, 17 Jun 2015 15:06:28 +0000 (15:06 +0000)]
add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@
jsing [Wed, 17 Jun 2015 14:30:39 +0000 (14:30 +0000)]
Clean up alert codes and add references.
jsing [Wed, 17 Jun 2015 14:27:56 +0000 (14:27 +0000)]
Keep alerts sorted by alert code.
jsing [Wed, 17 Jun 2015 14:14:20 +0000 (14:14 +0000)]
Remove pointless comments.
mpi [Wed, 17 Jun 2015 08:31:55 +0000 (08:31 +0000)]
Four new sensors, from David Higgs.
nicm [Wed, 17 Jun 2015 08:13:31 +0000 (08:13 +0000)]
Remove NULL check before free; Fritjof Bornebusch.
doug [Wed, 17 Jun 2015 07:52:22 +0000 (07:52 +0000)]
Convert ssl_next_proto_validate to CBS.
ok miod@, tweak + ok jsing@
ajacoutot [Wed, 17 Jun 2015 07:50:38 +0000 (07:50 +0000)]
Really make daemon_class read-only; it's set to "daemon" of a matching
login class.
doug [Wed, 17 Jun 2015 07:36:30 +0000 (07:36 +0000)]
Convert tls1_check_curve to CBS.
ok miod@ jsing@
doug [Wed, 17 Jun 2015 07:29:33 +0000 (07:29 +0000)]
KNF whitespace.
ok miod@ jsing@
doug [Wed, 17 Jun 2015 07:25:56 +0000 (07:25 +0000)]
Use explicit int in bs_cbs.c.
ok miod@ jsing@
doug [Wed, 17 Jun 2015 07:20:39 +0000 (07:20 +0000)]
Use explicit int in bs_ber.c.
ok miod@ jsing@
doug [Wed, 17 Jun 2015 07:15:52 +0000 (07:15 +0000)]
Add tests for CBS_offset() and CBS_write_bytes().
"no problem" miod@, tweak + ok jsing@
doug [Wed, 17 Jun 2015 07:06:22 +0000 (07:06 +0000)]
Add CBS_write_bytes() to copy the remaining CBS bytes to the caller.
This is a common operation when dealing with CBS.
ok miod@ jsing@
doug [Wed, 17 Jun 2015 07:00:22 +0000 (07:00 +0000)]
Add a new function CBS_offset() to report the current offset in the data.
"why not" miod@, sure jsing@
doug [Wed, 17 Jun 2015 06:49:27 +0000 (06:49 +0000)]
Cleanup SSL_OP_* compat flags in ssl.h.
These were recently removed and are now set to 0:
SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
The code associated with these was deleted in the past at some point
and these are also now 0:
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_EPHEMERAL_RSA
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
The SSL_OP_ALL macro has been updated to reflect the removals.
ok miod@ jsing@
mpi [Wed, 17 Jun 2015 06:24:46 +0000 (06:24 +0000)]
Move mbuf_list and mbuf_queue documentation in their own manual.
ok jmc@, deraadt@, dlg@
deraadt [Wed, 17 Jun 2015 03:59:12 +0000 (03:59 +0000)]
stray char jumped in
deraadt [Wed, 17 Jun 2015 03:49:29 +0000 (03:49 +0000)]
delete completely bogus (floating? was there an old variable decl
in the past?) comment about FILEC
noted by Peter Brottveit Bock
deraadt [Wed, 17 Jun 2015 03:48:21 +0000 (03:48 +0000)]
remove -DFILEC; code does not compile for the -UFILEC case, and anyways,
who wants csh without FILEC??
from Peter Brottveit Bock, but redone using unifdef
uebayasi [Wed, 17 Jun 2015 03:04:50 +0000 (03:04 +0000)]
Set FUNC symbol sizes of auto-generated and hand-written syscall wrappers.
Original diff from guenther@, adjusted by me.
OK guenther@
miod [Tue, 16 Jun 2015 20:30:24 +0000 (20:30 +0000)]
Typos in comments; Ville Valkonen
miod [Tue, 16 Jun 2015 20:25:35 +0000 (20:25 +0000)]
Do not provide extra _fdata and __data_start symbols; nothing in the non-mips32
world uses them.
miod [Tue, 16 Jun 2015 18:28:51 +0000 (18:28 +0000)]
alloc_contiguous_pages() is supposed to round the allocation size to a page
boundary, not to an u area boundary. Oops.
miod [Tue, 16 Jun 2015 18:24:38 +0000 (18:24 +0000)]
Clear the PIC `write request' memory at initialization time. There is
apparently a risk of spurious parity errors if we don't.
mpi [Tue, 16 Jun 2015 11:17:02 +0000 (11:17 +0000)]
Sync with recent changes.
mpi [Tue, 16 Jun 2015 11:09:39 +0000 (11:09 +0000)]
Store a unique ID, an interface index, rather than a pointer to the
receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
doug [Tue, 16 Jun 2015 06:37:58 +0000 (06:37 +0000)]
Be more strict about BER and DER terminology.
bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like
encoding with one violation (indefinite form) to strict DER. Rename
the functions to reflect this.
ok miod@ jsing@
doug [Tue, 16 Jun 2015 06:11:39 +0000 (06:11 +0000)]
Simplify cbs_get_any_asn1_element_internal based on comments from jsing@
jsg [Tue, 16 Jun 2015 05:08:55 +0000 (05:08 +0000)]
Add a uslcom id for the Netgear M7100 console from Andrew Daugherity.
Add some additional uslcom ids found in the Linux driver while here.
jsg [Tue, 16 Jun 2015 05:07:54 +0000 (05:07 +0000)]
regen
jsg [Tue, 16 Jun 2015 05:07:25 +0000 (05:07 +0000)]
Add a uslcom id for the Netgear M7100 console from Andrew Daugherity.
Add some additional uslcom ids found in the Linux driver while here.
doug [Tue, 16 Jun 2015 02:27:24 +0000 (02:27 +0000)]
Add support for OPTION_DISCARD.
ok jsing@
jmc [Mon, 15 Jun 2015 22:39:14 +0000 (22:39 +0000)]
put -F before -f in the options list;
bluhm [Mon, 15 Jun 2015 21:44:57 +0000 (21:44 +0000)]
Rework how fstat and ktrace pattern are specified in the test
arguments. Add tests to check wether syslogd privsep works. This
is done for debug and foreground and daemon mode. Fstat is checked
for chroot and sockets. Ktrace dump is grepped for setting uid and
gid.
bluhm [Mon, 15 Jun 2015 21:42:15 +0000 (21:42 +0000)]
Implement a -F switch, that tells syslogd to stay in foreground.
OK benno@; input millert@; no objections deraadt@
jsing [Mon, 15 Jun 2015 18:44:22 +0000 (18:44 +0000)]
If AuthorizedPrincipalsCommand is specified, however
AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
potentially fail due to key_cert_check_authority() failing to locate a
principal that matches the username, even though an authorized principal
has already been matched in the output of the subprocess. Fix this by using
the same logic to determine if pw->pw_name should be passed, as is used to
determine if a authorized principal must be matched earlier on.
ok djm@
jsing [Mon, 15 Jun 2015 18:42:19 +0000 (18:42 +0000)]
Make the arguments to match_principals_command() similar to
match_principals_file(), by changing the last argument a
struct sshkey_cert * and dereferencing key->cert in the caller.
No functional change.
ok djm@
miod [Mon, 15 Jun 2015 17:01:04 +0000 (17:01 +0000)]
Don't error out when an existing typedef is redefined with the same definition;
this is allowed in C11 and 3rd-party software is relying upon this to be
accepted by the compiler.
Nevertheless warn about this if -pedantic.
ok ajacoutot@ deraadt@ millert@
mpi [Mon, 15 Jun 2015 16:46:21 +0000 (16:46 +0000)]
Bring back r1.78 and r1.79, now that ajactouto@'s regression has
been found: it was a hardware failure.
When a bus is explored, do not probe the ports which status hasn't
changed. This saves a lot of I/O when attaching/detaching devices
and might help with some timing related problems.
mpi [Mon, 15 Jun 2015 15:55:08 +0000 (15:55 +0000)]
Fix a double free in the destroy path triggered when a second process,
in my case dhclient(8), races with ifconfig(8) to free the descriptors
of the joined multicast groups.
While here reduce the difference with carp(4).
ok dms@
mpi [Mon, 15 Jun 2015 15:45:28 +0000 (15:45 +0000)]
Set the length of isochronous transfers as the sum of the frames lengths.
This reduces differences between non-isoch and isoch transfers submissions,
makes the generic DMA buffer overrun check work with isoch transfers and
will allow some code simplifications in HC drivers.
Since short-transfers were never checked for isoch transfers, we now need to
pass the USBD_SHORT_XFER_OK flag to not change this behavior. This might be
revisited later.
ok ratchov@
millert [Mon, 15 Jun 2015 15:38:04 +0000 (15:38 +0000)]
Update to tzdata2015e from ftp.iana.org
millert [Mon, 15 Jun 2015 14:29:52 +0000 (14:29 +0000)]
get_val() already frees the buffer passed to it so we don't need to
do it in the caller.
mikeb [Mon, 15 Jun 2015 13:26:48 +0000 (13:26 +0000)]
Use proper argument type for crp_callback functions; no functional change.
mikeb [Mon, 15 Jun 2015 12:59:37 +0000 (12:59 +0000)]
No need for an extra local variable; no functional change.
mikeb [Mon, 15 Jun 2015 12:37:37 +0000 (12:37 +0000)]
Use proper argument type for crp_callback functions; no functional change.
nicm [Mon, 15 Jun 2015 10:58:01 +0000 (10:58 +0000)]
Add window_activity format, from Thomas Adam based on a diff originally
from propos6 at gmail dot com.
florian [Mon, 15 Jun 2015 09:25:22 +0000 (09:25 +0000)]
hook up chmod
florian [Mon, 15 Jun 2015 09:24:49 +0000 (09:24 +0000)]
oops
florian [Mon, 15 Jun 2015 09:23:12 +0000 (09:23 +0000)]
First stab at regression test for chmod (and chflags, chgrp and chown
which are the same binary). This is supposed to exercise all syscalls
paths through those tools and not a comprehensive regression test.
sthen [Mon, 15 Jun 2015 08:48:23 +0000 (08:48 +0000)]
document pfctl -ss -R <rule>, ok mikeb@
stsp [Mon, 15 Jun 2015 08:06:11 +0000 (08:06 +0000)]
Remove comments referring to Linux iwlwifi source filenames from iwm(4).
Linux is a moving target so these comments provide little value.
Discussed with kettenis and deraadt.
stsp [Mon, 15 Jun 2015 07:50:44 +0000 (07:50 +0000)]
Make the wifi LED work with iwm(4).
The bad news: Many laptops sold with iwm(4) cards don't have a wifi LED :-(
The good news: Laptops with LEDs and no wifi device white-list in BIOS
actually exist! Tested in one such machine.
ok kettenis@ deraadt@