jsing [Thu, 8 May 2014 15:13:06 +0000 (15:13 +0000)]
KNF.
mikeb [Thu, 8 May 2014 14:48:31 +0000 (14:48 +0000)]
Pretty print MIB_ipNetToMediaPhysAddress'es; ok blambert
mpi [Thu, 8 May 2014 14:00:52 +0000 (14:00 +0000)]
Plug one more xfer leak.
Now that aborting interrupt pipes does not prevent us from freeing
the associated xfer, make sure to flag this xfer as "done" even if
there's no need to abort it in hardware.
jsing [Thu, 8 May 2014 13:48:36 +0000 (13:48 +0000)]
knfectomie.
aoyama [Thu, 8 May 2014 13:31:00 +0000 (13:31 +0000)]
The pcexmem(4) and pcexio(4) should be attached on LUNA-88K2 only.
Actually, there seems to be no PC-9801 extension board slot on
'original' LUNA-88K.
ok miod@
jsing [Thu, 8 May 2014 13:20:49 +0000 (13:20 +0000)]
Emergency knfectomie requested by tedu@.
blambert [Thu, 8 May 2014 13:11:16 +0000 (13:11 +0000)]
match iked proc.c infrastructure with proc.c
ok reyk@
blambert [Thu, 8 May 2014 13:08:48 +0000 (13:08 +0000)]
match relayd proc.c infrastructure with snmpd
okay reyk@
jmc [Thu, 8 May 2014 13:08:43 +0000 (13:08 +0000)]
inet(3) -> inet_net(3);
blambert [Thu, 8 May 2014 13:04:28 +0000 (13:04 +0000)]
Bring back restricted sockets, inadvertantly removed in
previous proc.c update
ok reyk@
giovanni [Thu, 8 May 2014 12:59:17 +0000 (12:59 +0000)]
kill some more VMS ifdefs
ok miod@
mpi [Thu, 8 May 2014 09:30:48 +0000 (09:30 +0000)]
Sync flags with route.h
mpi [Thu, 8 May 2014 09:28:08 +0000 (09:28 +0000)]
Introduce two new route flags: RTF_LOCAL and RTF_BROADCAST.
Nothing use them for the moment, but here is the plan:
Since a route lookup is always necessary to output a packet it makes
sense to store all the information regarding how the packet should be
sent in the routing entry. This will save us some expensive lookups
on address lists.
But once we have all the information about our addresses in the routing
table, we can even use it in the input path with the hope that the number
of lookups in the forwarding case can be reduce to one.
ok henning@, chris@
nicm [Thu, 8 May 2014 07:59:16 +0000 (07:59 +0000)]
Send up and down keys for mouse wheel in alternate screen mode (when it
normally does nothing), from Marcel Partap.
nicm [Thu, 8 May 2014 07:54:47 +0000 (07:54 +0000)]
Instead of forcing mouse scroll to 1 in choose mode, scale it down
instead. Means modifier keys still increase the line count, just not as
much. Based on a diff from Marcel Partap.
jmc [Thu, 8 May 2014 06:50:50 +0000 (06:50 +0000)]
whack some useless verbiage from DESCRIPTION, and merge some of it into
the env vars section; tidy up the env vars section and remove the commented
out stuff which relataes mainly to less on other systems;
jmc [Thu, 8 May 2014 06:24:14 +0000 (06:24 +0000)]
- update DESCRIPTION and COMPATIBILITY WITH MORE
- Xr more 1
ok millert schwarze
jmc [Thu, 8 May 2014 06:22:07 +0000 (06:22 +0000)]
+.Xr less 1 ,
nicm [Thu, 8 May 2014 06:06:07 +0000 (06:06 +0000)]
Plug a memory leak, from J Raynor.
nicm [Thu, 8 May 2014 06:03:30 +0000 (06:03 +0000)]
Both the two previous ways of navigating panes by direction have
irritating flaws:
a) The old way of always using the top or left if the choice is
ambiguous is annoying when the layout is unbalanced.
b) The new way of remembering the last used pane is annoying if the
layout is balanced and the leftmost is obvious to the user (because
clearly if we go right from the top-left in a tiled set of four we want
to end up in top-right, even if we were last using the bottom-right).
So instead, use a combination of both: if there is only one possible
pane alongside the current pane, move to it, otherwise choose the most
recently used of the choice.
nicm [Thu, 8 May 2014 05:53:29 +0000 (05:53 +0000)]
Handle colour 8 properly in the 256 colour palette, from Timothy Allen.
miod [Wed, 7 May 2014 22:05:48 +0000 (22:05 +0000)]
Get __STRICT_ALIGNMENT from <machine/endian.h> and decide upon it, rather
than defining it for not (i386 and amd64 (and sometimes s390)) only.
Compile-time tests remain compile-time tests, and runtime-test remain
runtime-test instead of being converted to compile-time tests, per matthew@'s
explicit demand (rationale: this makes sure the compiler checks your code even
if you won't run it).
No functional change except on s390 (which we don't run on) and vax (which we
run on, but noone cares about)
ok matthew@
zhuk [Wed, 7 May 2014 21:42:50 +0000 (21:42 +0000)]
When you want more, you say "more". When you want less, you say "less".
When you don't get what you asked for, you get angry.
When you add a tiny bit, it should be "more" or "less" still,
or you'll get angry.
So lets make zmore(1) call more(1) and zless(1) call less(1),
as it's supposed to be.
okay and input from ingo@, no objections from author AKA millert@
tedu [Wed, 7 May 2014 21:32:19 +0000 (21:32 +0000)]
less than jpake
schwarze [Wed, 7 May 2014 21:20:06 +0000 (21:20 +0000)]
Repair the termination condition of a write(2) loop.
Since _PATH_MASTERPASSWD_LOCK is on a local file system in any sane setup
and written to in blocking mode, i don't see how write(2) could return
before having written everything, so this maybe wasn't an actual bug,
but it should be repaired anyway, if only for clarity and extra safety.
From Ben Cornett <ben at lantern dot is>;
ok millert@.
tedu [Wed, 7 May 2014 21:18:53 +0000 (21:18 +0000)]
don't free memory unless we allocated it.
reported to openssl by David Ramos (rt 3338)
stealing commit from logan, who's run away. ok miod.
tedu [Wed, 7 May 2014 21:09:03 +0000 (21:09 +0000)]
with the first bug it uncovered fixed, clear all bignums again.
i've never worked on codebase so resistant to efforts to improve it.
tedu [Wed, 7 May 2014 21:06:05 +0000 (21:06 +0000)]
in BN_clear_free, don't cleanse the data if the static data flag is set.
much debugging work done by otto. ok miod otto.
side note: BN_FLG_STATIC_DATA doesn't actually mean the data is static.
it's also used to indicate the data may be secretly shared behind your back
as a sort of poor man's refcounting, but without the refcounting.
halex [Wed, 7 May 2014 20:07:59 +0000 (20:07 +0000)]
comment style fix
ok crickets@
krw [Wed, 7 May 2014 18:55:52 +0000 (18:55 +0000)]
jmc@ points out '-F/-f' are available only in conjunction with
'-E' and '-R'.
miod [Wed, 7 May 2014 18:51:33 +0000 (18:51 +0000)]
Match search_string_def() prototype change, forgotten in previous protector.[ch]
commit.
jsing [Wed, 7 May 2014 17:41:41 +0000 (17:41 +0000)]
KNF.
schwarze [Wed, 7 May 2014 16:18:57 +0000 (16:18 +0000)]
Render roff escape sequences contained in manual page descriptions
before putting them into the mpages table.
Issue found by bentley@ in OpenBSD::Getopt(3p).
schwarze [Wed, 7 May 2014 15:10:33 +0000 (15:10 +0000)]
Fix two memory leaks in makewhatis -n:
1. As found by nigel@, names_check() requires database access.
2. Do not leak names and strings in -n mode.
tedu [Wed, 7 May 2014 14:59:11 +0000 (14:59 +0000)]
consolidate some code by using reallocarray in all cases.
ok deraadt millert
tedu [Wed, 7 May 2014 14:56:57 +0000 (14:56 +0000)]
use reallocarray. ok guenther
pirofti [Wed, 7 May 2014 14:44:54 +0000 (14:44 +0000)]
Fix whitespace mistakes.
schwarze [Wed, 7 May 2014 14:11:24 +0000 (14:11 +0000)]
Do not segfault in makewhatis -Q if the next .SH after .SH NAME
does not have any arguments. Crash found by nigel@ in kermit(1).
tedu [Wed, 7 May 2014 13:45:29 +0000 (13:45 +0000)]
revert, thanks sthen
pelikan [Wed, 7 May 2014 13:20:47 +0000 (13:20 +0000)]
back out the previous ICMP simplifying diff, it caused livelocks.
reported by Mikolaj Kucharski, thanks!
ok krw
markus [Wed, 7 May 2014 13:09:43 +0000 (13:09 +0000)]
try postponed requests first, so we do in-order processing; ok mikeb@
markus [Wed, 7 May 2014 13:04:01 +0000 (13:04 +0000)]
print msgid for debugging; ok reyk & mikeb
markus [Wed, 7 May 2014 12:57:13 +0000 (12:57 +0000)]
make authentication work with X509 certificates that don't have a
subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly;
feedback & ok mikeb@
schwarze [Wed, 7 May 2014 12:37:04 +0000 (12:37 +0000)]
Remove the undocumented and ineffective -F option (force hard link
to directory). This doesn't reduce functionality but merely results
in a better error message when trying to use the option,
and it simplifies the code.
The -f option first appeared in AT&T Version 7 UNIX (1979), and Keith
Bostic renamed it to -F for 4.3BSD-Reno in 1990 because it conflicted
with System V and POSIX. Meanwhile, NetBSD, FreeBSD, and DragonFly
removed it, too.
From Tristan Le Guern <tleguern at bouledef dot eu>.
OK guenther@ krw@
markus [Wed, 7 May 2014 10:52:47 +0000 (10:52 +0000)]
factor out ikev2_ike_auth() (state machine; used multiple times via callbacks)
from ikev2_ike_auth_recv() code (message parsing; used once); ok mikeb@
jsg [Wed, 7 May 2014 08:31:30 +0000 (08:31 +0000)]
add additional includes from eng_cryptodev.c
makes this compile with OPENSSL_NO_DEPRECATED defined.
ok deraadt@
mpi [Wed, 7 May 2014 08:26:38 +0000 (08:26 +0000)]
Remove the last hacks concerning the global list of IPv4 addresses in the
source address selection logic.
These hacks were only relevant for the NFS diskless boot code in order to
pick the local broadcast address of the only configured interface. So, be
explicit and set this address directly.
Tested by florian@, ok henning@, beck@, chrisz@
mpi [Wed, 7 May 2014 08:17:21 +0000 (08:17 +0000)]
Make sure to call uhidev_close() upon detach for every HID driver calling
uhidev_open() at attach time. This plugs up to 3 xfer leaks and a buffer
one.
ok yuo@
mpi [Wed, 7 May 2014 08:14:59 +0000 (08:14 +0000)]
Kill the {nd6_,}useloopback buttons, using the loopback interface for
local traffic is not optional.
ok mikeb@, stsp@, jca@
mpi [Wed, 7 May 2014 08:09:33 +0000 (08:09 +0000)]
Remove some m->m_pkthdr.rcvif dereference to help for upcoming
receiving pointer -> index conversion. No functional change.
ok chrisz@, jca@, mikeb@, lteo@
yasuoka [Wed, 7 May 2014 08:07:53 +0000 (08:07 +0000)]
Initialize struct iface by zero. Without this, npppd had used random
configuration.
from Anders Berggren.
guenther [Wed, 7 May 2014 02:57:41 +0000 (02:57 +0000)]
Fix ext2fs atime and mtime handling that I broke from an airport
lounge after n2k14.
Prototype patch from zhuk@
ok zhuk@ krw@ tedu@
sthen [Wed, 7 May 2014 02:46:05 +0000 (02:46 +0000)]
pass daemon_flags to nsd-control when used to check/reload/stop nsd,
the only useful option here is to specify an alternative config path,
which must be used for these operations as well as for startup.
tedu [Wed, 7 May 2014 01:49:36 +0000 (01:49 +0000)]
missing word in error message. ok millert
tedu [Wed, 7 May 2014 01:41:18 +0000 (01:41 +0000)]
delete some crusty casts
tedu [Wed, 7 May 2014 01:31:25 +0000 (01:31 +0000)]
convert calloc to use reallocarray instead. ok millert
tedu [Wed, 7 May 2014 01:27:42 +0000 (01:27 +0000)]
calloc, from peter malone
tedu [Wed, 7 May 2014 01:23:52 +0000 (01:23 +0000)]
use calloc. from peter malone
tedu [Wed, 7 May 2014 01:20:53 +0000 (01:20 +0000)]
calloc is simpler. suggested by Peter Malone and halex
tedu [Wed, 7 May 2014 01:14:21 +0000 (01:14 +0000)]
use calloc. from Peter Malone
deraadt [Wed, 7 May 2014 00:04:14 +0000 (00:04 +0000)]
miod forgot about fcrypt_b.c being needed, before he went off to get his
beauty sleep. He's probably having a nightmare about this right now....
ok tedu
tedu [Tue, 6 May 2014 23:50:53 +0000 (23:50 +0000)]
temp variable for a bit of clarity
tedu [Tue, 6 May 2014 23:33:04 +0000 (23:33 +0000)]
remove unneeded variable
martynas [Tue, 6 May 2014 23:32:34 +0000 (23:32 +0000)]
When the stack protector heuristics doesn't cover a function, leave
a little pointer-sized gap before the return value. This protects
from common off-by-one type of bugs and costs nothing: the attacker
won't be able to overwrite return pointer. Developed at m2k14,
thanks for the hackathon!
tedu [Tue, 6 May 2014 23:27:50 +0000 (23:27 +0000)]
factor out the safepath
tedu [Tue, 6 May 2014 23:24:19 +0000 (23:24 +0000)]
be more explicit about what's a string
martynas [Tue, 6 May 2014 23:22:33 +0000 (23:22 +0000)]
Introduce -fstack-shuffle, which randomizes local stack variables.
This will make the environment more hostile and help detect bugs
that depend on overrunning one variable into another, with almost
no performance cost.
Discussed with Theo at m2k14 hackathon. "oh god yes" tedu@, "oh nice" djm@
tedu [Tue, 6 May 2014 23:19:46 +0000 (23:19 +0000)]
better alloc idiom
tedu [Tue, 6 May 2014 23:17:13 +0000 (23:17 +0000)]
factor max message size
tedu [Tue, 6 May 2014 23:05:51 +0000 (23:05 +0000)]
don't give people bad ideas about pool_debug
millert [Tue, 6 May 2014 22:55:27 +0000 (22:55 +0000)]
We don't really need uniform distribution for mktemp(3) so use
arc4random_buf() to avoid lots of arc4random() calls with a getpid()
syscall for each one. We fetch 32 bytes of random data at a time
which can handle up to 16 Xs. 16 Xs should be enough for anyone.
Requested and OK deraadt@
tedu [Tue, 6 May 2014 21:52:40 +0000 (21:52 +0000)]
small fix from mancha1. currently unused file, but no harm fixing it.
tedu [Tue, 6 May 2014 20:55:10 +0000 (20:55 +0000)]
reallocarray
tedu [Tue, 6 May 2014 20:50:42 +0000 (20:50 +0000)]
spell NULL as NULL
miod [Tue, 6 May 2014 20:40:26 +0000 (20:40 +0000)]
Make sure the stdout output is check, to confirm proper sorting.
miod [Tue, 6 May 2014 20:32:11 +0000 (20:32 +0000)]
Assorted cleanups:
- replace hardcoded sizes with sizeof()
- pqueue_find() apparently used to need to keep track of the previous node
when iterating, which causes its logic to be complicated. However, nowadays
it only needs to iterate, so replace with a straightforward, much
readable logic.
- remove #if 0'ed code
From ``sin'' from 2f30 dot org on tech@, thanks!
miod [Tue, 6 May 2014 20:27:17 +0000 (20:27 +0000)]
Add a fixed (read: non-SIGSEGV'ing) pq_test.
miod [Tue, 6 May 2014 20:25:40 +0000 (20:25 +0000)]
Remove broken-by-design test
miod [Tue, 6 May 2014 20:17:16 +0000 (20:17 +0000)]
Make sure PKCS7_get_octet_string() return values are checked for NULL.
Reported by David Ramos (and simultaneously to OpenSSL as PR#3339).
ok beck@ logan@
miod [Tue, 6 May 2014 20:00:06 +0000 (20:00 +0000)]
Remove the ``addressable'' argument to search_string_def(). Turned out to be
a bad idea, for it causes false positives, which then can cause ICE trying
to protect narrower-than-int incoming arguments, if building with
-fstack-protector-all.
From etoh@'s gcc 3.4 tree, unbreaks -fstack-protector-all on m88k (well, maybe
not completely, but it makes it compile more files, such as pf.c which contains
functions receiving uint16_t arguments pushed on the stack due to the
exhaustion of caller-saved registers).
miod [Tue, 6 May 2014 19:55:06 +0000 (19:55 +0000)]
Sort CFLAGS, SRC and SSLASM stanzas by the directories they apply to, to make
these files similar in layout to the other md Makefile.inc; no functional
change.
deraadt [Tue, 6 May 2014 18:58:15 +0000 (18:58 +0000)]
sync
pirofti [Tue, 6 May 2014 17:20:39 +0000 (17:20 +0000)]
Add brswphy(4) manual page.
pirofti [Tue, 6 May 2014 17:11:16 +0000 (17:11 +0000)]
Enable brswphy(4) on the Octeon platform.
Needed for proper networking on my DSR-500.
pirofti [Tue, 6 May 2014 17:09:02 +0000 (17:09 +0000)]
Add support for the Broadcom PHY found on the Octeon-based DSR-500.
This is an MI driver currently targeting only the BCM53115 model,
but other Broadcom devices (specially from the 53XX family) can make use
of it as well.
The driver currently accounts just for the CPU port. The switch is left
in dumb-mode. Further advanced switch control is in the works.
Parts of this was inspired by looking at the b53 driver from the
OpenWrt project. Thanks!
Okay miod@
pirofti [Tue, 6 May 2014 16:59:32 +0000 (16:59 +0000)]
Regen after Broadcom 53115 addition.
pirofti [Tue, 6 May 2014 16:59:03 +0000 (16:59 +0000)]
Add an entry for the Broadcom 53115 model found on the DSR-500.
Okay miod@
tedu [Tue, 6 May 2014 16:06:33 +0000 (16:06 +0000)]
missing NULL checks to see if init is needed. found hard way by deraadt.
tedu [Tue, 6 May 2014 15:59:24 +0000 (15:59 +0000)]
fix stupid commit
tedu [Tue, 6 May 2014 15:49:45 +0000 (15:49 +0000)]
enh@google reported a warning in crufty y2k code. just delete it.
ok deraadt stsp
tedu [Tue, 6 May 2014 15:48:38 +0000 (15:48 +0000)]
reallocarray for things which are arrays. ok deraadt
tedu [Tue, 6 May 2014 15:38:49 +0000 (15:38 +0000)]
use explicit_bzero
tedu [Tue, 6 May 2014 15:37:57 +0000 (15:37 +0000)]
clear a stack buffer with explicit_bzero
jasper [Tue, 6 May 2014 14:44:08 +0000 (14:44 +0000)]
remove cpsw_{read,write}_4 wrapper functions and just use the real
bus_space_{read,write}_4 instead.
tested by nick@, ok bmercer@
markus [Tue, 6 May 2014 14:10:53 +0000 (14:10 +0000)]
change the create-child-sa responder code, so it does not store any
state in the ikesa structure. this way we can initiate a create-child-sa
and process requests for the peer at the same time. ok mikeb@
jmc [Tue, 6 May 2014 13:09:18 +0000 (13:09 +0000)]
zap stray word; ok markus
mpi [Tue, 6 May 2014 11:50:13 +0000 (11:50 +0000)]
Include <sys/vmmeter.h> directly instead of relying on it being
pulled by <uvm/uvm_extern.h> and turn uvm_total() into a private
function.
The preferred way to get memory stats is through the VM_UVMEXP
sysctl(3) since VM_METER is just a wrapper on top of it. In the
kernel, use `uvmexp' directly instead of uvm_total().
This change does not remove <sys/vmmeter.h> from <uvm/uvm_extern.h>
to give some more time to port maintainers to fix their ports.
ok guenther@ as part of a larger diff.
reyk [Tue, 6 May 2014 11:11:14 +0000 (11:11 +0000)]
Explicitly zero out the ibufs before releasing the memory to make sure
that included crypto parameters are cleaned.
ok mikeb@ markus@
reyk [Tue, 6 May 2014 11:03:02 +0000 (11:03 +0000)]
Fix two memory leaks: EVP_PKEY_get1_RSA() returns a referenced key
that requires to call RSA_free() to dereference it after use. Also
free a temporary key that was read by PEM_read_PrivateKey() and
immediately written into a bio.
ok markus@
markus [Tue, 6 May 2014 10:24:22 +0000 (10:24 +0000)]
initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey
events while we are busy initiating child-SAs; ok mikeb@