openbsd
9 years agoLess mdc2.
jsing [Sat, 20 Jun 2015 13:51:52 +0000 (13:51 +0000)]
Less mdc2.

9 years agoProvide EC_curve_nid2nist() and EC_curve_nist2nid().
jsing [Sat, 20 Jun 2015 13:26:08 +0000 (13:26 +0000)]
Provide EC_curve_nid2nist() and EC_curve_nist2nid().

From OpenSSL.

Rides libcrypto bump.

ok miod@ (a while ago)

9 years agoMake SSL_OP_ALL readable.
jsing [Sat, 20 Jun 2015 12:29:39 +0000 (12:29 +0000)]
Make SSL_OP_ALL readable.

ok deraadt@ doug@ millert@ miod@ sthen@

9 years agoPut CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL.
jsing [Sat, 20 Jun 2015 12:01:54 +0000 (12:01 +0000)]
Put CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL.

ok doug@ deraadt@

9 years agoReplace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().
jsing [Sat, 20 Jun 2015 12:01:14 +0000 (12:01 +0000)]
Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().

ok doug@ deraadt@

9 years agoOnly match devices with a valid configuration.
mpi [Sat, 20 Jun 2015 11:35:27 +0000 (11:35 +0000)]
Only match devices with a valid configuration.

ok uaa@

9 years agosort +0n -> sort -n, the former is historical
jca [Sat, 20 Jun 2015 10:57:42 +0000 (10:57 +0000)]
sort +0n -> sort -n, the former is historical

9 years agoConvert ssl_parse_clienthello_renegotiate_ext to CBS.
doug [Sat, 20 Jun 2015 04:04:35 +0000 (04:04 +0000)]
Convert ssl_parse_clienthello_renegotiate_ext to CBS.

ok miod@, tweak + ok jsing@

9 years agosync
deraadt [Sat, 20 Jun 2015 01:45:17 +0000 (01:45 +0000)]
sync

9 years agoReplace internal call to CRYPTO_memcmp with timingsafe_memcmp.
doug [Sat, 20 Jun 2015 01:21:51 +0000 (01:21 +0000)]
Replace internal call to CRYPTO_memcmp with timingsafe_memcmp.

Suggested by jsing@.

ok jsing@ miod@

9 years agoBump major after {,asr_}print_sockaddr() renaming.
jca [Sat, 20 Jun 2015 01:17:34 +0000 (01:17 +0000)]
Bump major after {,asr_}print_sockaddr() renaming.

9 years agoFix warning on vax due to old gcc.
doug [Sat, 20 Jun 2015 01:17:27 +0000 (01:17 +0000)]
Fix warning on vax due to old gcc.

Old gcc warns when parameters have the same names as functions.  Noticed
by deraadt@.

ok deraadt@ jsing@

9 years agoRename print_sockaddr() to avoid symbol visibility problems
jca [Sat, 20 Jun 2015 01:16:25 +0000 (01:16 +0000)]
Rename print_sockaddr() to avoid symbol visibility problems

print_sockaddr is internal to asr, and conflicts with ports/net/samba4.

ok eric@

9 years agoCrank major for libcrypto, ssl and tls due to MDC-2DES removal.
doug [Sat, 20 Jun 2015 01:09:31 +0000 (01:09 +0000)]
Crank major for libcrypto, ssl and tls due to MDC-2DES removal.

ok miod@ jsing@

9 years agoRemove obsolete MDC-2DES from libcrypto.
doug [Sat, 20 Jun 2015 01:07:24 +0000 (01:07 +0000)]
Remove obsolete MDC-2DES from libcrypto.

ok deraadt@ jsing@ miod@

9 years agoTweak whitespace and remove dangling, unneeded "else".
jca [Fri, 19 Jun 2015 23:54:15 +0000 (23:54 +0000)]
Tweak whitespace and remove dangling, unneeded "else".

No functional change.

9 years agoremove a bit more isp(4), from brad
jmatthew [Fri, 19 Jun 2015 23:17:59 +0000 (23:17 +0000)]
remove a bit more isp(4), from brad

9 years agoisp(4) man page needs to go too, pointed out by jmc@
jmatthew [Fri, 19 Jun 2015 23:07:04 +0000 (23:07 +0000)]
isp(4) man page needs to go too, pointed out by jmc@

9 years agoOnly match devices with a valid configuration.
uaa [Fri, 19 Jun 2015 20:39:34 +0000 (20:39 +0000)]
Only match devices with a valid configuration.

ok by mpi@

9 years agoRemove needless casts. There's no reason to cast delim to char *
millert [Fri, 19 Jun 2015 18:41:53 +0000 (18:41 +0000)]
Remove needless casts.  There's no reason to cast delim to char *
when we can just make spanp const char * to match it.  OK deraadt@

9 years agosync
deraadt [Fri, 19 Jun 2015 15:57:11 +0000 (15:57 +0000)]
sync

9 years agoAdd missing message digests to function table.
jsing [Fri, 19 Jun 2015 15:06:51 +0000 (15:06 +0000)]
Add missing message digests to function table.

Diff from kinichiro via github.

ok doug@

9 years agoshow the number of (currently) known prefixes and the max-prefix limit,
phessler [Fri, 19 Jun 2015 14:54:12 +0000 (14:54 +0000)]
show the number of (currently) known prefixes and the max-prefix limit,
when we terminate the session.

since we terminate the session as soon as we go above the limit, show
'>' since there may be more that we haven't/won't process.

OK benno@

9 years agoadd 5.9 packages key
naddy [Fri, 19 Jun 2015 12:15:38 +0000 (12:15 +0000)]
add 5.9 packages key

9 years agoremove isp(4) now that the ql* family have replaced it
jmatthew [Fri, 19 Jun 2015 11:12:24 +0000 (11:12 +0000)]
remove isp(4) now that the ql* family have replaced it

9 years agoRemove fallback dynamic engine loading support.
bcook [Fri, 19 Jun 2015 07:18:58 +0000 (07:18 +0000)]
Remove fallback dynamic engine loading support.

Since we no longer have dynamic engines, don't bother falling back to them
if a builtin engine is not found first.

Before:

$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic

After:

$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown

ok doug@

9 years agoReturn the failing engine ID in the error stack.
bcook [Fri, 19 Jun 2015 06:32:43 +0000 (06:32 +0000)]
Return the failing engine ID in the error stack.

Noted by doug@ in an earlier revision of the dynamic engine removal patch, but
I had forgotten to include it in the latest version.

9 years agoAdd standard headers, C++ support to tls.h.
bcook [Fri, 19 Jun 2015 06:20:11 +0000 (06:20 +0000)]
Add standard headers, C++ support to tls.h.

This makes using libtls easier to include by including dependent headers,
making something like this work as expected:

#include <iostream>
#include <tls.h>

int main()
{
   std::cout << "tls_init: " << tls_init() << "\n";
}

This also makes building a standalone libtls-portable simpler.

ok doug@, jsing@

9 years agoDisable ENGINE_load_dynamic (dynamic engine support).
bcook [Fri, 19 Jun 2015 06:05:11 +0000 (06:05 +0000)]
Disable ENGINE_load_dynamic (dynamic engine support).

We do not build, test or ship any dynamic engines, so we can remove the dynamic
engine loader as well. This leaves a stub initialization function in its place.

ok beck@, reyk@, miod@

9 years agosync
deraadt [Fri, 19 Jun 2015 05:51:01 +0000 (05:51 +0000)]
sync

9 years agoConvert tls1_alpn_handle_client_hello() to CBS.
doug [Fri, 19 Jun 2015 01:38:54 +0000 (01:38 +0000)]
Convert tls1_alpn_handle_client_hello() to CBS.

tweak + ok miod@ jsing@

9 years agoAdd CBS_dup() to initialize a new CBS with the same values.
doug [Fri, 19 Jun 2015 00:23:36 +0000 (00:23 +0000)]
Add CBS_dup() to initialize a new CBS with the same values.

This is useful for when you need to check the data ahead and then continue
on from the same spot.

input + ok jsing@ miod@

9 years agoUse the SRCDST define for usage.
nicm [Thu, 18 Jun 2015 23:56:01 +0000 (23:56 +0000)]
Use the SRCDST define for usage.

9 years agoUse xsnprintf.
nicm [Thu, 18 Jun 2015 23:55:24 +0000 (23:55 +0000)]
Use xsnprintf.

9 years agoRemove a stray : and tweak paragraph.
nicm [Thu, 18 Jun 2015 23:53:56 +0000 (23:53 +0000)]
Remove a stray : and tweak paragraph.

9 years agoExtend the input types for CBB_add_*() to help catch bugs.
doug [Thu, 18 Jun 2015 23:25:07 +0000 (23:25 +0000)]
Extend the input types for CBB_add_*() to help catch bugs.

While the previous types were correct, they can silently accept bad data
via truncation or signed conversion.  We now take size_t as input for
CBB_add_u*() and do a range check.

discussed with deraadt@
input + ok jsing@ miod@

9 years agoRemove Microsoft Server Gated Crypto.
doug [Thu, 18 Jun 2015 22:51:05 +0000 (22:51 +0000)]
Remove Microsoft Server Gated Crypto.

Another relic due to the old US crypto policy.

From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and
95275599399e277e71d064790a1f828a99fc661a.

ok jsing@ miod@

9 years agoChange DTLS client cert request code to match TLS.
doug [Thu, 18 Jun 2015 22:30:47 +0000 (22:30 +0000)]
Change DTLS client cert request code to match TLS.

DTLS currently doesn't check whether a client cert is expected.  This
change makes the logic in dtls1_accept() match that from ssl3_accept().
From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65

input + ok jsing@ miod@

9 years agoI'm afraid it will be a sunday.
miod [Thu, 18 Jun 2015 21:45:00 +0000 (21:45 +0000)]
I'm afraid it will be a sunday.

9 years agoadd 5.9 firmware key
sthen [Thu, 18 Jun 2015 20:56:33 +0000 (20:56 +0000)]
add 5.9 firmware key

9 years agoFor unsupported sample formats, don't return EINVAL but set the closest
naddy [Thu, 18 Jun 2015 20:02:57 +0000 (20:02 +0000)]
For unsupported sample formats, don't return EINVAL but set the closest
available format.  ok ratchov@

9 years agoFix stack shuffle such that sj includes si and the last element actually
martynas [Thu, 18 Jun 2015 20:01:47 +0000 (20:01 +0000)]
Fix stack shuffle such that sj includes si and the last element actually
gets a chance to be reordered.

9 years agospelling fixes from theo buehler;
jmc [Thu, 18 Jun 2015 11:38:41 +0000 (11:38 +0000)]
spelling fixes from theo buehler;

9 years agoCP2110 is handled by uslhcom not uslcom
jsg [Thu, 18 Jun 2015 10:47:44 +0000 (10:47 +0000)]
CP2110 is handled by uslhcom not uslcom

9 years agoOnly match devices with a valid configuration.
mpi [Thu, 18 Jun 2015 10:02:49 +0000 (10:02 +0000)]
Only match devices with a valid configuration.

Tested by jsg@

9 years agoOnly match devices with a valid configuration.
mpi [Thu, 18 Jun 2015 09:47:16 +0000 (09:47 +0000)]
Only match devices with a valid configuration.

9 years agoOnly match devices with a valid configuration.
mpi [Thu, 18 Jun 2015 09:28:54 +0000 (09:28 +0000)]
Only match devices with a valid configuration.

Most of the WiFi/Ethernet USB adapter only have one configuration and always
use its first interface.  In order to improve USB descriptors parsing start
by reducing the number of places where a configuration is set.

Tested by jsg@

9 years agosync
deraadt [Thu, 18 Jun 2015 00:14:42 +0000 (00:14 +0000)]
sync

9 years agomy keyboard is conspiring against me
deraadt [Wed, 17 Jun 2015 22:35:08 +0000 (22:35 +0000)]
my keyboard is conspiring against me

9 years agocrank to 5.8-beta
deraadt [Wed, 17 Jun 2015 22:32:08 +0000 (22:32 +0000)]
crank to 5.8-beta

9 years agoUse strdup in xstrdup; from Fritjof Bornebusch.
nicm [Wed, 17 Jun 2015 20:50:10 +0000 (20:50 +0000)]
Use strdup in xstrdup; from Fritjof Bornebusch.

9 years agowhen no fingers are down, send 0 for z
jcs [Wed, 17 Jun 2015 20:39:47 +0000 (20:39 +0000)]
when no fingers are down, send 0 for z

fixes tap-to-click

9 years agofix compilation with UBCMTP_DEBUG
jcs [Wed, 17 Jun 2015 20:38:15 +0000 (20:38 +0000)]
fix compilation with UBCMTP_DEBUG

9 years agoChange break-pane to take target and source panes (-t and -s) in line
nicm [Wed, 17 Jun 2015 19:56:08 +0000 (19:56 +0000)]
Change break-pane to take target and source panes (-t and -s) in line
with other commands, from Thomas Adam.

9 years agomove to 5.8-beta. This is a bit earlier than normal...
deraadt [Wed, 17 Jun 2015 19:52:18 +0000 (19:52 +0000)]
move to 5.8-beta.  This is a bit earlier than normal...

9 years agoUse strdup in xstrdup from Fritjof Bornebusch. While here, remove xfree
nicm [Wed, 17 Jun 2015 18:51:11 +0000 (18:51 +0000)]
Use strdup in xstrdup from Fritjof Bornebusch. While here, remove xfree
which is unused.

9 years agoMake kernel text read-only and unreadable from userland, and remove the bogus
miod [Wed, 17 Jun 2015 17:15:07 +0000 (17:15 +0000)]
Make kernel text read-only and unreadable from userland, and remove the bogus
comment about the emulation code requiring kernel text to be readable from
userland.

Add a few DIAGNOSTIC checks for rogue ptes passed to rmpage().

Make sure the pte extent operations and update_pcbs() run at >= IPL_SCHED.

9 years agoBreak cmdq_continue inner loop into a helper function.
nicm [Wed, 17 Jun 2015 17:02:15 +0000 (17:02 +0000)]
Break cmdq_continue inner loop into a helper function.

9 years agoMove the shuffle code from new-window -a into a function and add a -a
nicm [Wed, 17 Jun 2015 16:50:28 +0000 (16:50 +0000)]
Move the shuffle code from new-window -a into a function and add a -a
flag for move-window too. From Thomas Adam.

9 years agoUse an explicit job state instead of avoid closing our side of the
nicm [Wed, 17 Jun 2015 16:44:49 +0000 (16:44 +0000)]
Use an explicit job state instead of avoid closing our side of the
socketpair and setting it to -1 to mark when the other side is
closed. This avoids closing it while the libevent bufferevent still has
it (it could try to add it to the polled set which some mechanisms don't
like). Fixes part a problem reported by Bruno Sutic.

9 years agoadd DST Root CA X3 certificate, already present in most browser cert stores.
sthen [Wed, 17 Jun 2015 15:06:28 +0000 (15:06 +0000)]
add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

9 years agoClean up alert codes and add references.
jsing [Wed, 17 Jun 2015 14:30:39 +0000 (14:30 +0000)]
Clean up alert codes and add references.

9 years agoKeep alerts sorted by alert code.
jsing [Wed, 17 Jun 2015 14:27:56 +0000 (14:27 +0000)]
Keep alerts sorted by alert code.

9 years agoRemove pointless comments.
jsing [Wed, 17 Jun 2015 14:14:20 +0000 (14:14 +0000)]
Remove pointless comments.

9 years agoFour new sensors, from David Higgs.
mpi [Wed, 17 Jun 2015 08:31:55 +0000 (08:31 +0000)]
Four new sensors, from David Higgs.

9 years agoRemove NULL check before free; Fritjof Bornebusch.
nicm [Wed, 17 Jun 2015 08:13:31 +0000 (08:13 +0000)]
Remove NULL check before free; Fritjof Bornebusch.

9 years agoConvert ssl_next_proto_validate to CBS.
doug [Wed, 17 Jun 2015 07:52:22 +0000 (07:52 +0000)]
Convert ssl_next_proto_validate to CBS.

ok miod@, tweak + ok jsing@

9 years agoReally make daemon_class read-only; it's set to "daemon" of a matching
ajacoutot [Wed, 17 Jun 2015 07:50:38 +0000 (07:50 +0000)]
Really make daemon_class read-only; it's set to "daemon" of a matching
login class.

9 years agoConvert tls1_check_curve to CBS.
doug [Wed, 17 Jun 2015 07:36:30 +0000 (07:36 +0000)]
Convert tls1_check_curve to CBS.

ok miod@ jsing@

9 years agoKNF whitespace.
doug [Wed, 17 Jun 2015 07:29:33 +0000 (07:29 +0000)]
KNF whitespace.

ok miod@ jsing@

9 years agoUse explicit int in bs_cbs.c.
doug [Wed, 17 Jun 2015 07:25:56 +0000 (07:25 +0000)]
Use explicit int in bs_cbs.c.

ok miod@ jsing@

9 years agoUse explicit int in bs_ber.c.
doug [Wed, 17 Jun 2015 07:20:39 +0000 (07:20 +0000)]
Use explicit int in bs_ber.c.

ok miod@ jsing@

9 years agoAdd tests for CBS_offset() and CBS_write_bytes().
doug [Wed, 17 Jun 2015 07:15:52 +0000 (07:15 +0000)]
Add tests for CBS_offset() and CBS_write_bytes().

"no problem" miod@, tweak + ok jsing@

9 years agoAdd CBS_write_bytes() to copy the remaining CBS bytes to the caller.
doug [Wed, 17 Jun 2015 07:06:22 +0000 (07:06 +0000)]
Add CBS_write_bytes() to copy the remaining CBS bytes to the caller.

This is a common operation when dealing with CBS.

ok miod@ jsing@

9 years agoAdd a new function CBS_offset() to report the current offset in the data.
doug [Wed, 17 Jun 2015 07:00:22 +0000 (07:00 +0000)]
Add a new function CBS_offset() to report the current offset in the data.

"why not" miod@, sure jsing@

9 years agoCleanup SSL_OP_* compat flags in ssl.h.
doug [Wed, 17 Jun 2015 06:49:27 +0000 (06:49 +0000)]
Cleanup SSL_OP_* compat flags in ssl.h.

These were recently removed and are now set to 0:

SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
SSL_OP_SSLEAY_080_CLIENT_DH_BUG

The code associated with these was deleted in the past at some point
and these are also now 0:

SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_EPHEMERAL_RSA
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG

The SSL_OP_ALL macro has been updated to reflect the removals.

ok miod@ jsing@

9 years agoMove mbuf_list and mbuf_queue documentation in their own manual.
mpi [Wed, 17 Jun 2015 06:24:46 +0000 (06:24 +0000)]
Move mbuf_list and mbuf_queue documentation in their own manual.

ok jmc@, deraadt@, dlg@

9 years agostray char jumped in
deraadt [Wed, 17 Jun 2015 03:59:12 +0000 (03:59 +0000)]
stray char jumped in

9 years agodelete completely bogus (floating? was there an old variable decl
deraadt [Wed, 17 Jun 2015 03:49:29 +0000 (03:49 +0000)]
delete completely bogus (floating?  was there an old variable decl
in the past?) comment about FILEC
noted by Peter Brottveit Bock

9 years agoremove -DFILEC; code does not compile for the -UFILEC case, and anyways,
deraadt [Wed, 17 Jun 2015 03:48:21 +0000 (03:48 +0000)]
remove -DFILEC; code does not compile for the -UFILEC case, and anyways,
who wants csh without FILEC??
from Peter Brottveit Bock, but redone using unifdef

9 years agoSet FUNC symbol sizes of auto-generated and hand-written syscall wrappers.
uebayasi [Wed, 17 Jun 2015 03:04:50 +0000 (03:04 +0000)]
Set FUNC symbol sizes of auto-generated and hand-written syscall wrappers.

Original diff from guenther@, adjusted by me.

OK guenther@

9 years agoTypos in comments; Ville Valkonen
miod [Tue, 16 Jun 2015 20:30:24 +0000 (20:30 +0000)]
Typos in comments; Ville Valkonen

9 years agoDo not provide extra _fdata and __data_start symbols; nothing in the non-mips32
miod [Tue, 16 Jun 2015 20:25:35 +0000 (20:25 +0000)]
Do not provide extra _fdata and __data_start symbols; nothing in the non-mips32
world uses them.

9 years agoalloc_contiguous_pages() is supposed to round the allocation size to a page
miod [Tue, 16 Jun 2015 18:28:51 +0000 (18:28 +0000)]
alloc_contiguous_pages() is supposed to round the allocation size to a page
boundary, not to an u area boundary. Oops.

9 years agoClear the PIC `write request' memory at initialization time. There is
miod [Tue, 16 Jun 2015 18:24:38 +0000 (18:24 +0000)]
Clear the PIC `write request' memory at initialization time. There is
apparently a risk of spurious parity errors if we don't.

9 years agoSync with recent changes.
mpi [Tue, 16 Jun 2015 11:17:02 +0000 (11:17 +0000)]
Sync with recent changes.

9 years agoStore a unique ID, an interface index, rather than a pointer to the
mpi [Tue, 16 Jun 2015 11:09:39 +0000 (11:09 +0000)]
Store a unique ID, an interface index, rather than a pointer to the
receiving interface in the packet header of every mbuf.

The interface pointer should now be retrieved when necessary with
if_get().  If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.

Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.

Tested by jmatthew@ and krw@, discussed with many.

ok mikeb@, bluhm@, dlg@

9 years agoBe more strict about BER and DER terminology.
doug [Tue, 16 Jun 2015 06:37:58 +0000 (06:37 +0000)]
Be more strict about BER and DER terminology.

bs_ber.c does not convert BER to DER.  It's a hack to convert a DER-like
encoding with one violation (indefinite form) to strict DER.  Rename
the functions to reflect this.

ok miod@ jsing@

9 years agoSimplify cbs_get_any_asn1_element_internal based on comments from jsing@
doug [Tue, 16 Jun 2015 06:11:39 +0000 (06:11 +0000)]
Simplify cbs_get_any_asn1_element_internal based on comments from jsing@

9 years agoAdd a uslcom id for the Netgear M7100 console from Andrew Daugherity.
jsg [Tue, 16 Jun 2015 05:08:55 +0000 (05:08 +0000)]
Add a uslcom id for the Netgear M7100 console from Andrew Daugherity.
Add some additional uslcom ids found in the Linux driver while here.

9 years agoregen
jsg [Tue, 16 Jun 2015 05:07:54 +0000 (05:07 +0000)]
regen

9 years agoAdd a uslcom id for the Netgear M7100 console from Andrew Daugherity.
jsg [Tue, 16 Jun 2015 05:07:25 +0000 (05:07 +0000)]
Add a uslcom id for the Netgear M7100 console from Andrew Daugherity.
Add some additional uslcom ids found in the Linux driver while here.

9 years agoAdd support for OPTION_DISCARD.
doug [Tue, 16 Jun 2015 02:27:24 +0000 (02:27 +0000)]
Add support for OPTION_DISCARD.

ok jsing@

9 years agoput -F before -f in the options list;
jmc [Mon, 15 Jun 2015 22:39:14 +0000 (22:39 +0000)]
put -F before -f in the options list;

9 years agoRework how fstat and ktrace pattern are specified in the test
bluhm [Mon, 15 Jun 2015 21:44:57 +0000 (21:44 +0000)]
Rework how fstat and ktrace pattern are specified in the test
arguments.  Add tests to check wether syslogd privsep works.  This
is done for debug and foreground and daemon mode.  Fstat is checked
for chroot and sockets.  Ktrace dump is grepped for setting uid and
gid.

9 years agoImplement a -F switch, that tells syslogd to stay in foreground.
bluhm [Mon, 15 Jun 2015 21:42:15 +0000 (21:42 +0000)]
Implement a -F switch, that tells syslogd to stay in foreground.
OK benno@; input millert@; no objections deraadt@

9 years agoIf AuthorizedPrincipalsCommand is specified, however
jsing [Mon, 15 Jun 2015 18:44:22 +0000 (18:44 +0000)]
If AuthorizedPrincipalsCommand is specified, however
AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
potentially fail due to key_cert_check_authority() failing to locate a
principal that matches the username, even though an authorized principal
has already been matched in the output of the subprocess. Fix this by using
the same logic to determine if pw->pw_name should be passed, as is used to
determine if a authorized principal must be matched earlier on.

ok djm@

9 years agoMake the arguments to match_principals_command() similar to
jsing [Mon, 15 Jun 2015 18:42:19 +0000 (18:42 +0000)]
Make the arguments to match_principals_command() similar to
match_principals_file(), by changing the last argument a
struct sshkey_cert * and dereferencing key->cert in the caller.

No functional change.

ok djm@

9 years agoDon't error out when an existing typedef is redefined with the same definition;
miod [Mon, 15 Jun 2015 17:01:04 +0000 (17:01 +0000)]
Don't error out when an existing typedef is redefined with the same definition;
this is allowed in C11 and 3rd-party software is relying upon this to be
accepted by the compiler.
Nevertheless warn about this if -pedantic.
ok ajacoutot@ deraadt@ millert@

9 years agoBring back r1.78 and r1.79, now that ajactouto@'s regression has
mpi [Mon, 15 Jun 2015 16:46:21 +0000 (16:46 +0000)]
Bring back r1.78 and r1.79, now that ajactouto@'s regression has
been found: it was a hardware failure.

When a bus is explored, do not probe the ports which status hasn't
changed.  This saves a lot of I/O when attaching/detaching devices
and might help with some timing related problems.