florian [Wed, 23 Apr 2014 09:17:10 +0000 (09:17 +0000)]
missing break; not reachable
OK benno@
florian [Wed, 23 Apr 2014 09:16:11 +0000 (09:16 +0000)]
No need to set protocol in hints.
OK benno@
florian [Wed, 23 Apr 2014 09:14:49 +0000 (09:14 +0000)]
zap redundant cast
OK benno@
florian [Wed, 23 Apr 2014 09:14:07 +0000 (09:14 +0000)]
Introduce check_tos to unclutter the main loop.
OK benno@
florian [Wed, 23 Apr 2014 09:13:00 +0000 (09:13 +0000)]
move AF independet setsockopts down
OK benno@
florian [Wed, 23 Apr 2014 09:11:35 +0000 (09:11 +0000)]
s/Nxt/nxt/
OK benno@
florian [Wed, 23 Apr 2014 09:10:53 +0000 (09:10 +0000)]
Add error checking to sysctl. While there pass in an int otherwise
it failes with ENOMEM in traceroute.
OK benno@
florian [Wed, 23 Apr 2014 09:09:28 +0000 (09:09 +0000)]
sync to traceroute: move sndsock creation up.
OK benno@
florian [Wed, 23 Apr 2014 08:59:35 +0000 (08:59 +0000)]
Prepare for merge: introduce icmp_code for the AF switch.
OK benno@
florian [Wed, 23 Apr 2014 08:58:26 +0000 (08:58 +0000)]
Prepare for merge: s/icmp_code/icmp4_code/ and use icmp_code for
the AF switch.
OK benno@
florian [Wed, 23 Apr 2014 08:56:31 +0000 (08:56 +0000)]
Prepare for merge: s/packet_ok/packet_ok6/ and use packet_ok
for the AF switch.
florian [Wed, 23 Apr 2014 08:55:42 +0000 (08:55 +0000)]
Prepare for merge: s/packet_ok/packet_ok4/ and use packet_ok
for the AF switch.
florian [Wed, 23 Apr 2014 08:51:32 +0000 (08:51 +0000)]
Prepare merge: s/to/to6/; s/from/from6/
OK benno@
florian [Wed, 23 Apr 2014 08:50:27 +0000 (08:50 +0000)]
Prepare merge: introduce struct sockaddr *from, *to to be used in
AF independet places.
OK benno@
florian [Wed, 23 Apr 2014 08:47:16 +0000 (08:47 +0000)]
Prepare merge: s/to/to4/; s/from/from4/
OK benno@
florian [Wed, 23 Apr 2014 08:44:50 +0000 (08:44 +0000)]
Make this compile with -Wall et al.
OK benno@
otto [Wed, 23 Apr 2014 05:43:25 +0000 (05:43 +0000)]
Better, cleaner hash function that computes the same on be and le archs.
Should improve sparc64 and other be archs. ok matthew@ miod@
beck [Wed, 23 Apr 2014 05:13:57 +0000 (05:13 +0000)]
Make libssl and libcrypto compile with -Werror
ok miod@
beck [Wed, 23 Apr 2014 04:33:10 +0000 (04:33 +0000)]
Make sure ret->name is NULL'ed before return when freeing.
from Dirk Engling <erdgeist@erdgeist.org>
beck [Wed, 23 Apr 2014 04:24:39 +0000 (04:24 +0000)]
Rather than sprinkling magical numbers everywhere, we can use sizeof()
for the size of a fixed size array.
From Dirk Engling <erdgeist@erdgeist.org>
jsg [Wed, 23 Apr 2014 03:37:29 +0000 (03:37 +0000)]
rename some hardware revisions to match FreeBSD
jsg [Wed, 23 Apr 2014 03:20:55 +0000 (03:20 +0000)]
add support for RTL8168EP
From Edward O'Callaghan via FreeBSD
jsg [Wed, 23 Apr 2014 02:58:06 +0000 (02:58 +0000)]
While we always mask the revision with 0x7c800000 linux uses a table
that masks with either 0x7c800000 or 0x7cf00000 depending on the chip.
Some of the hardware revisions I previously added can't be matched with
the current mask, these are already handled by other revision defines
so remove them.
When masking the revision defines with 0x7c800000:
RL_HWREV_8106E_SPIN1 is the same as RL_HWREV_8106E
RL_HWREV_8168G_SPIN1 is the same as RL_HWREV_8168G
RL_HWREV_8168G_SPIN2 is the same as RL_HWREV_8168GU
jsg [Wed, 23 Apr 2014 02:39:28 +0000 (02:39 +0000)]
Add support for RTL8168GU
from Rafael Neves
aoyama [Tue, 22 Apr 2014 22:58:02 +0000 (22:58 +0000)]
Unify the model name to LUNA-88K{,2}, that is considered the
`official' name.
ok jmc@ miod@
miod [Tue, 22 Apr 2014 22:21:32 +0000 (22:21 +0000)]
unifdef -UAES_LONG for we do not intend to run on platforms where int is smaller
than 32 bits.
millert [Tue, 22 Apr 2014 22:11:23 +0000 (22:11 +0000)]
Use calloc() instead of malloc(n * s) followed by memset(). Not
actually used on OpenBSD but changed to avoid false positives in
audits. From Jean-Philippe Ouellet.
miod [Tue, 22 Apr 2014 21:52:21 +0000 (21:52 +0000)]
So it turns out that libcrypto on i386 platforms, unconditionaly compiles this
little gem called OPENSSL_indirect_call(), supposedly to be ``handy under
Win32''.
In my view, this is a free-win ROP entry point. Why try and return to libc
when you can return to libcrypto with an easy to use interface?
Better not give that much attack surface, and remove this undocumented
entry point.
ok beck@ tedu@
miod [Tue, 22 Apr 2014 21:27:11 +0000 (21:27 +0000)]
When compiling with AES_WRAP_TEST, make main() return a meaningful value
instead of garbage, and add this to the libcrypto regress. Note these tests
are incomplete, as they always use the default IV.
tedu [Tue, 22 Apr 2014 21:24:20 +0000 (21:24 +0000)]
use reallocarray
miod [Tue, 22 Apr 2014 21:01:10 +0000 (21:01 +0000)]
Mention 16-bit sound is supported nowadays.
tedu [Tue, 22 Apr 2014 20:48:41 +0000 (20:48 +0000)]
remove dead stores to error. from Fritjof Bornebusch
tedu [Tue, 22 Apr 2014 20:42:01 +0000 (20:42 +0000)]
malloc/memset -> calloc. from peter malone
lteo [Tue, 22 Apr 2014 20:41:43 +0000 (20:41 +0000)]
Remove the certs directory that contains ancient files not used
by anything.
"yes, blow it away" beck@
tedu [Tue, 22 Apr 2014 20:40:37 +0000 (20:40 +0000)]
malloc/memset->calloc. with bonus null check. from peter malone.
tedu [Tue, 22 Apr 2014 20:38:02 +0000 (20:38 +0000)]
null a pointer to prevent double free. from Dirk Engling
miod [Tue, 22 Apr 2014 20:33:29 +0000 (20:33 +0000)]
Remove files which look like actual code compiled in libcrypto, but isn't.
One even says (in comments): HAS BUGS! DON'T USE
tedu [Tue, 22 Apr 2014 20:31:57 +0000 (20:31 +0000)]
fix memory leaks. from Dirk Engling
miod [Tue, 22 Apr 2014 20:31:38 +0000 (20:31 +0000)]
Remove meat which either duplicates code found in apps/, or is only of value
for 20th century historians, and can be put in the Attic.
tedu [Tue, 22 Apr 2014 20:25:16 +0000 (20:25 +0000)]
malloc/memset -> calloc. from peter malone
beck [Tue, 22 Apr 2014 20:14:39 +0000 (20:14 +0000)]
Fix issue where we could jump into getdirtybuf without splbio() on a retry
that probably crashed espie.
ok tedu@
espie [Tue, 22 Apr 2014 18:22:20 +0000 (18:22 +0000)]
turns out there are exactly 3 ports that actually use longnames:
eclipse-plugins-wtp-sdk
openclipart
qt4-html
so switch to pax extended headers now, the transition period is not
really needed. :)
tedu [Tue, 22 Apr 2014 16:58:20 +0000 (16:58 +0000)]
Trojan horse is still a noun. noted by fritjof
naddy [Tue, 22 Apr 2014 15:52:05 +0000 (15:52 +0000)]
Remove RX checksum offloading support. The chip is too limited, and
examining higher protocol layers to adjust the checksum and calculate
the pseudo-header in the driver is too complex to be worthwhile.
ok henning@
sobrado [Tue, 22 Apr 2014 15:22:04 +0000 (15:22 +0000)]
add closing parenthesis.
ok millert@
jmc [Tue, 22 Apr 2014 15:02:16 +0000 (15:02 +0000)]
- one more mallocarray -> reallocarray
- use <>
jsing [Tue, 22 Apr 2014 14:54:13 +0000 (14:54 +0000)]
Nuke the last of the windows related defines from the openssl apps.
ok deraadt@
henning [Tue, 22 Apr 2014 14:47:23 +0000 (14:47 +0000)]
this commit is really florian@'s, since he's the one who made removal
of our forked apache possible by his work on nginx and slowcgi, but he
doesn't want it - so it is my pleasure to tedu it. I spent so much work
on chroot in it 10 years ago - and am very happy to see it go now, nginx
is a far better choice today.
Bye bye, Apache, won't miss you.
reyk [Tue, 22 Apr 2014 14:42:53 +0000 (14:42 +0000)]
Finally remove KERBEROS5? from the Makefile infrastructure.
ok henning@
mpi [Tue, 22 Apr 2014 14:41:03 +0000 (14:41 +0000)]
Remove some altq tentacles.
ok pelikan@, henning@
tedu [Tue, 22 Apr 2014 14:27:25 +0000 (14:27 +0000)]
switch to reallocarray
tedu [Tue, 22 Apr 2014 14:26:26 +0000 (14:26 +0000)]
change mallocarray to reallocarray. useful in a few more situations.
malloc can, as always, be emulated via realloc(NULL).
ok deraadt
jsing [Tue, 22 Apr 2014 14:22:51 +0000 (14:22 +0000)]
KNF.
jmc [Tue, 22 Apr 2014 14:19:04 +0000 (14:19 +0000)]
more kerberos zapping;
jmc [Tue, 22 Apr 2014 14:16:30 +0000 (14:16 +0000)]
zap eol whitespace;
jmc [Tue, 22 Apr 2014 14:15:55 +0000 (14:15 +0000)]
zap stray Pp;
jsing [Tue, 22 Apr 2014 14:05:40 +0000 (14:05 +0000)]
More KNF.
gilles [Tue, 22 Apr 2014 13:57:58 +0000 (13:57 +0000)]
malloc -> calloc
jsing [Tue, 22 Apr 2014 13:48:29 +0000 (13:48 +0000)]
More KNF.
jsing [Tue, 22 Apr 2014 13:32:17 +0000 (13:32 +0000)]
More KNF.
jsing [Tue, 22 Apr 2014 13:13:58 +0000 (13:13 +0000)]
More KNF.
henning [Tue, 22 Apr 2014 12:53:48 +0000 (12:53 +0000)]
no more kerb, ok kettenis
sobrado [Tue, 22 Apr 2014 12:48:17 +0000 (12:48 +0000)]
no more kerberos authentication styles.
ok henning@, reyk@
jsing [Tue, 22 Apr 2014 12:43:34 +0000 (12:43 +0000)]
More KNF.
logan [Tue, 22 Apr 2014 12:42:04 +0000 (12:42 +0000)]
Document sftp upload resume.
OK from djm@, with feedback from okan@.
okan [Tue, 22 Apr 2014 12:36:36 +0000 (12:36 +0000)]
Instead of special casing ftpd, uucpd and others that may have entries
in wtmp, go the other way and exclude entries we know ('console' and
'tty') from pid stripping, then strip the rest.
idea, feedback and ok millert@
mpi [Tue, 22 Apr 2014 12:35:00 +0000 (12:35 +0000)]
ifa_ifwithroute() is the only magic place where an AF_LINK sockaddr
can be given to ifa_ifwithnet().
Handle this specific case directly and let ifa_ifwithnet() do only
one thing: iterate on all the addresses of all the interfaces in a
given routing domain to return the most specific matching address.
ok mikeb@
espie [Tue, 22 Apr 2014 12:21:17 +0000 (12:21 +0000)]
pure reindent
henning [Tue, 22 Apr 2014 12:07:20 +0000 (12:07 +0000)]
NULL is cooler than 0 when pointers are concerned
ok gcc & md5 (aka no binary change)
reyk [Tue, 22 Apr 2014 12:00:03 +0000 (12:00 +0000)]
Update iked to use the same proc.c that relayd uses.
Less differences, less code to audit.
ok mikeb@
naddy [Tue, 22 Apr 2014 11:54:46 +0000 (11:54 +0000)]
If VLAN_HWTAGGING is disabled, we tell the chip not to strip the
tag from the received frame. Do not add the tag from the receive
descriptor in this case so that the packet isn't tagged twice.
Matches FreeBSD.
ok brad@
henning [Tue, 22 Apr 2014 11:47:55 +0000 (11:47 +0000)]
comment out the .if (${KERBEROS5:L} block for now, breaks the build
once the bsd.own.mk KERBEROS5 is removed otherwise. this way suggested
by theo.
henning [Tue, 22 Apr 2014 11:43:07 +0000 (11:43 +0000)]
we used to handle the vlan tag etc insertion very very very late,
on al already ass embed ethernet frame, which meant:
-copy (most of) the existing ethernet header into a ether_vlan_header
on the stack
-fill the extra fields in ether_vlan_header
-set the ether type
-m_adj() to make room for the extra space ether_vlan_header needs
-m_copyback the ether_vlan_header into the mbuf
that involves moving data around, which isn't all that cheap.
cleaner & easier to have ether_output prepend the ether_vlan_header instead
of the regular ethernet header, which makes the vlan tagging essentially
free in most cases.
help & ok reyk, naddy; waste of time bikeshedding tech@
deraadt [Tue, 22 Apr 2014 11:29:29 +0000 (11:29 +0000)]
sync
henning [Tue, 22 Apr 2014 11:15:05 +0000 (11:15 +0000)]
no more kerberos, ok theo reyk
reyk [Tue, 22 Apr 2014 11:06:22 +0000 (11:06 +0000)]
Remove the kerberos login methods.
henning [Tue, 22 Apr 2014 11:05:22 +0000 (11:05 +0000)]
-KERBEROS5
reyk [Tue, 22 Apr 2014 11:03:39 +0000 (11:03 +0000)]
Remove the kerberos login methods.
ok henning@
henning [Tue, 22 Apr 2014 10:50:15 +0000 (10:50 +0000)]
kerberos has been tedu'd, ok reyk
reyk [Tue, 22 Apr 2014 10:48:36 +0000 (10:48 +0000)]
Remove kerberosV, it is not special anymore.
ok henning@
dlg [Tue, 22 Apr 2014 10:25:12 +0000 (10:25 +0000)]
list VSCSI_STAT_RESET.
claudio didnt believe it existed cos it wasnt documented. i didnt believe
there was a manpage. i guess we were both wrong.
reyk [Tue, 22 Apr 2014 10:24:29 +0000 (10:24 +0000)]
Remove kerberosV from etc/
ok deraadt@ guenther@
reyk [Tue, 22 Apr 2014 10:21:56 +0000 (10:21 +0000)]
Remove KERBEROS5 from the Makefiles (except ssh for now, where it is
already manually disabled).
ok deraadt@
henning [Tue, 22 Apr 2014 10:11:32 +0000 (10:11 +0000)]
for consistency's sake, use the terminology from the 802.1Q standard
here too. pt out by alexey suslikov via mpi, ok reyk
guenther [Tue, 22 Apr 2014 10:08:54 +0000 (10:08 +0000)]
Oh yeah, MLINKS for errc family
Prodded by deraadt@
logan [Tue, 22 Apr 2014 10:07:12 +0000 (10:07 +0000)]
Sort the sftp command list.
OK from djm@
reyk [Tue, 22 Apr 2014 10:01:15 +0000 (10:01 +0000)]
The complexity and quality of kerberosV and the fact that almost
nobody is using it doesn't justify to have it in base - disable and
remove it. If the 2 two people who use it still want it, they can
make a port or recompile OpenBSD on their own.
There is a quote in theo.c from August 2010: "basically, dung beetles
fucking. that's what kerberosV + openssl is like".
Discussed with many. Tests by henning@ reyk@ and others.
ok deraadt@ henning@
reyk [Tue, 22 Apr 2014 09:48:51 +0000 (09:48 +0000)]
The complexity and quality of kerberosV and the fact that almost
nobody is using it doesn't justify to enable it by default. It will
be disabled and removed from base and possibly be moved to ports.
Discussed with many. Tests by henning@ reyk@ and others.
ok henning@
dlg [Tue, 22 Apr 2014 08:48:51 +0000 (08:48 +0000)]
move vscsi from using scsi_req_probe and scsi_req_detach to using
the newly minted scsi_probe and scsi_detach respectively from a
task it runs itself.
the probe and detach ioctls requests work the same before and after
this change, but this paves the way for vscsi being able to report
the status of these requests back to userland.
discussed with claudio@
tested with current iscsid and an md3200i
espie [Tue, 22 Apr 2014 08:26:31 +0000 (08:26 +0000)]
effectively use emult_realloc, okay guenther@
reyk [Tue, 22 Apr 2014 08:04:23 +0000 (08:04 +0000)]
Support the CA key for SSL inspection in the ca process. Instead of
looking up the keys by relay id, add all keys to a list and look them
up by key id.
ok benno@
dlg [Tue, 22 Apr 2014 07:29:11 +0000 (07:29 +0000)]
factor out the code that figures out whether you're probing or detaching
a whole bus, a target, or a specific lun on a target from the bioctl
and scsi_req paths.
i want to reuse this factored code for something claudio wants.
tedu [Tue, 22 Apr 2014 05:44:40 +0000 (05:44 +0000)]
errx when errno won't be set.
lteo [Tue, 22 Apr 2014 02:29:52 +0000 (02:29 +0000)]
gets() is gone
guenther [Tue, 22 Apr 2014 00:33:02 +0000 (00:33 +0000)]
Add errc/verrc/warnc/vwarnc family: versions of err/... that take the errno
value to use for the strerror() message as an argument. Originally from
FreeBSD 3.0
Patch from Steffen Nurpmeso (sdaoden (at) gmail.com) with minor tweaks.
guenther [Tue, 22 Apr 2014 00:23:35 +0000 (00:23 +0000)]
Clarify an err() message
guenther [Tue, 22 Apr 2014 00:22:41 +0000 (00:22 +0000)]
Convert a malloc(x*y)+memset to calloc(x,y)
From Jean-Philippe Ouellet (jean-philippe (at) ouellet.biz)
rpe [Mon, 21 Apr 2014 23:15:09 +0000 (23:15 +0000)]
Avoid a loop during autoinstall in case the path in the responsefile does
not exist.
OK halex@ krw@
djm [Mon, 21 Apr 2014 22:15:37 +0000 (22:15 +0000)]
repair regress tests broken by server-side default cipher/kex/mac changes
by ensuring that the option under test is included in the server's
algorithm list
claudio [Mon, 21 Apr 2014 20:20:37 +0000 (20:20 +0000)]
Print bytes read and written in human readable form, like:
2849359 I2T calls (5 read,
2849352 writes)
5 data reads (2.3K bytes read)
2849352 data writes (43.5G bytes written)
2849358 T2I calls (
2849358 done, 0 sense errors, 0 errors)