openbsd
9 years agoremove a stupid -Wstrict-prototype warning by making the hash function
tedu [Thu, 22 Jan 2015 22:09:39 +0000 (22:09 +0000)]
remove a stupid -Wstrict-prototype warning by making the hash function
static. noticed by florian riehm

9 years agoTraditional roff(7) explicitly allows certain control characters
schwarze [Thu, 22 Jan 2015 21:36:44 +0000 (21:36 +0000)]
Traditional roff(7) explicitly allows certain control characters
in the input stream (SOH, STX, ETX, ENQ, ACK, BEL, BS) for specific
purposes (leaders, backspace, delimiters, .tr), but making sure
these don't leak through to the output is tricky, so mark them as
unsupported for now.

9 years agoFix logic botch causing warnings with Clang. Reported by dhill, matches
miod [Thu, 22 Jan 2015 21:18:56 +0000 (21:18 +0000)]
Fix logic botch causing warnings with Clang. Reported by dhill, matches
similar changes in FreeBSD a few years ago.

9 years agoPossibly uninitialized variable. From Clang via dhill.
miod [Thu, 22 Jan 2015 21:17:43 +0000 (21:17 +0000)]
Possibly uninitialized variable. From Clang via dhill.

9 years agoheirarchy -> hierarchy;
jmc [Thu, 22 Jan 2015 21:00:42 +0000 (21:00 +0000)]
heirarchy -> hierarchy;

9 years agoDocument that changes made to the directory hierarchy of the chroot
millert [Thu, 22 Jan 2015 20:44:05 +0000 (20:44 +0000)]
Document that changes made to the directory hierarchy of the chroot
jail may inadvertanly allow a process to escape.  Also mention the
problem of directory fd passing.  Based on a diff from deraadt@

9 years agoProvide a warning about chroot misuses (which sadly, seem to have become
deraadt [Thu, 22 Jan 2015 20:24:41 +0000 (20:24 +0000)]
Provide a warning about chroot misuses (which sadly, seem to have become
quite popular because shiny).  sshd cannot detect/manage/do anything
about these cases, best we can do is warn in the right spot in the man page.
ok markus

9 years agopool_setipl() on both pmap pools as a workaround for some sort of MP
deraadt [Thu, 22 Jan 2015 19:47:00 +0000 (19:47 +0000)]
pool_setipl() on both pmap pools as a workaround for some sort of MP
race.  This will certainly be revisited, but too much time has been
spent on it for now.
ok mpi

9 years agoDon't let a failing mparse_open() clobber the filename pointer;
schwarze [Thu, 22 Jan 2015 19:26:16 +0000 (19:26 +0000)]
Don't let a failing mparse_open() clobber the filename pointer;
fixes error message content and a use after free
for .so with non-existent target when -Wall or -Tlint is given.

9 years agoProcessing $OpenBSD$ as well as sccs's @(#) is an OpenBSD extension, and
krw [Thu, 22 Jan 2015 19:10:17 +0000 (19:10 +0000)]
Processing $OpenBSD$ as well as sccs's @(#) is an OpenBSD extension, and
should stop displaying the line at the 2nd '$'. Clarify intended behaviour
in man page.

ok millert@ beck@ deraadt@

9 years agoUse /etc/services names in all the default pf rules (most already
krw [Thu, 22 Jan 2015 19:00:24 +0000 (19:00 +0000)]
Use /etc/services names in all the default pf rules (most already
did). This allows any local changes to /etc/services to be effective
if all you have is the default.

Issue pointed out by Brian S. Vangsgaard on bugs@. Thanks!

ok phessler@ deraadt@

9 years agoClean up includes, while here fix a white space which lead to a false
florian [Thu, 22 Jan 2015 18:22:27 +0000 (18:22 +0000)]
Clean up includes, while here fix a white space which lead to a false
positive during grep'ing.
OK reyk

9 years agoLet powerpc's bus_space(9) use the same pmap and uvm interfaces than the
mpi [Thu, 22 Jan 2015 17:55:45 +0000 (17:55 +0000)]
Let powerpc's bus_space(9) use the same pmap and uvm interfaces than the
other archs.

Specify the caching policy by passing PMAP_* flags to pmap_kenter_pa()
like the majority of our archs do and kill pmap_kenter_cache().

Spread some pmap_update() along the way.

While here remove the unused flag argument from pmap_fill_pte().

Finally convert the bus map/unmap functions to km_alloc/free() instead
of uvm_km_valloc/free().

Inputs from kettenis@ and miod@, ok miod@

9 years agoClean up the relayd headers with help of include-what-you-use and some
reyk [Thu, 22 Jan 2015 17:42:09 +0000 (17:42 +0000)]
Clean up the relayd headers with help of include-what-you-use and some
manual review.  Based on common practice, relayd.h now includes the
necessary headers for itself.

OK benno@

9 years agoOnly allow the -r flag when sending a message; from Martin Brandenburg
millert [Thu, 22 Jan 2015 16:25:07 +0000 (16:25 +0000)]
Only allow the -r flag when sending a message; from Martin Brandenburg

9 years agospacing
reyk [Thu, 22 Jan 2015 15:23:50 +0000 (15:23 +0000)]
spacing

9 years agospacing
reyk [Thu, 22 Jan 2015 15:21:28 +0000 (15:21 +0000)]
spacing

9 years agowrap long lines; spacing.
reyk [Thu, 22 Jan 2015 15:21:05 +0000 (15:21 +0000)]
wrap long lines; spacing.

Repeat after me: "Lines are not longer than 80 characters long" and
"mg(1) is the only true editor, I'll use ESC-q to wrap the lines".

9 years agoReplace some obvious '$OpenBSD' and '$OpenBSD:' typos with '$OpenBSD$'.
krw [Thu, 22 Jan 2015 14:33:01 +0000 (14:33 +0000)]
Replace some obvious '$OpenBSD' and '$OpenBSD:' typos with '$OpenBSD$'.

Pointed out by dickman@.

ok sthen@ phessler@

9 years agosync
deraadt [Thu, 22 Jan 2015 13:16:24 +0000 (13:16 +0000)]
sync

9 years agoUse field names in struct initialisers.
jsing [Thu, 22 Jan 2015 11:16:56 +0000 (11:16 +0000)]
Use field names in struct initialisers.

No change to generated assembly.

9 years agolast entry in NAME should not have a trailing comma;
jmc [Thu, 22 Jan 2015 11:08:54 +0000 (11:08 +0000)]
last entry in NAME should not have a trailing comma;

9 years agoReduce the number of intermediate buffers by pre-allocating DMA buffers
mpi [Thu, 22 Jan 2015 10:27:47 +0000 (10:27 +0000)]
Reduce the number of intermediate buffers by pre-allocating DMA buffers
in the report functions instead of letting the stack do it magically for
us.

Reviewed and tested by David Higgs, thanks!

9 years agoUse correct error type and remove unused interface pointer.
mpi [Thu, 22 Jan 2015 10:23:47 +0000 (10:23 +0000)]
Use correct error type and remove unused interface pointer.

From Fabian Raetz.

9 years agoAdd MLINK for tls_config_set_ca_mem()
reyk [Thu, 22 Jan 2015 09:29:04 +0000 (09:29 +0000)]
Add MLINK for tls_config_set_ca_mem()

9 years agoLibreSSL now supports loading of CA certificates from memory, replace
reyk [Thu, 22 Jan 2015 09:26:05 +0000 (09:26 +0000)]
LibreSSL now supports loading of CA certificates from memory, replace
the internal and long-serving ssl_ctx_load_verify_memory() function
with a call to the SSL_CTX_load_verify_mem() API function.  The
ssl_privsep.c file with hacks for using OpenSSL in privsep'ed
processes can now go away; portable versions of smtpd and relayd
should start depending on LibreSSL or they have to carry ssl_privsep.c
in openbsd-compat to work with legacy OpenSSL.  No functional change.

Based on previous discussions with gilles@ bluhm@ and many others
OK bluhm@ (as part of the libcrypto/libssl/libtls diff)

9 years agoAllow to to load the CA chain directly from memory instead of
reyk [Thu, 22 Jan 2015 09:16:24 +0000 (09:16 +0000)]
Allow to to load the CA chain directly from memory instead of
specifying a file.  This enables CA verification in privsep'ed
processes that are running chroot'ed without direct access to the
certificate files.

With feedback, tests, and OK from bluhm@

9 years agoSupport CA verification in chroot'ed processes without direct file
reyk [Thu, 22 Jan 2015 09:12:57 +0000 (09:12 +0000)]
Support CA verification in chroot'ed processes without direct file
access to the certificates.  SSL_CTX_load_verify_mem() is a frontend
to the new X509_STORE_load_mem() function that allows to load the CA
chain from a memory buffer that is holding the PEM-encoded files.
This function allows to handle the verification in privsep'ed code.

Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@

9 years agoAdd X509_STORE_load_mem() to load certificates from a memory buffer
reyk [Thu, 22 Jan 2015 09:06:39 +0000 (09:06 +0000)]
Add X509_STORE_load_mem() to load certificates from a memory buffer
instead of disk.  OpenSSL didn't provide a built-in API from loading
certificates in a chroot'ed process that doesn't have direct access to
the files.  X509_STORE_load_mem() provides a new backend that will be
used by libssl and libtls to implement such privsep-friendly
functionality.

Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@

9 years agodelete annoying white space that annoy
deraadt [Thu, 22 Jan 2015 05:48:17 +0000 (05:48 +0000)]
delete annoying white space that annoy

9 years agoMake it obvious which openssl test complained and whether it was expected.
doug [Thu, 22 Jan 2015 05:48:00 +0000 (05:48 +0000)]
Make it obvious which openssl test complained and whether it was expected.

ok bcook@

9 years agoRecognise 'F'/'f' constant suffix for single precision floating point.
jsg [Thu, 22 Jan 2015 05:35:27 +0000 (05:35 +0000)]
Recognise 'F'/'f' constant suffix for single precision floating point.
Prevents indent from inserting a space which broke the build of the
development version of Mesa.

ok millert@ deraadt@

9 years agopool_chk_page iterates over a pages free item lists and checks that
dlg [Thu, 22 Jan 2015 05:09:41 +0000 (05:09 +0000)]
pool_chk_page iterates over a pages free item lists and checks that
the items address is within the page. it does that by masking the
item address with the page mask and comparing that to the page
address.

however, if we're using large pages with external page headers, we
dont request that the large page be aligned to its size. eg, on an
arch with 4k pages, an 8k large page could be aligned to 4k, so
masking bits to get the page address wont work.

these incorrect checks were distracting while i was debugging large
pages on landisk.

this changes it to do range checks to see if the item is within the
page. it also checks if the item is on the page before checking if
its magic values or poison is right.

ok miod@

9 years agoAssume that the size of a pointer will not change at runtime.
bcook [Thu, 22 Jan 2015 03:56:27 +0000 (03:56 +0000)]
Assume that the size of a pointer will not change at runtime.

Change the runtime check for whether a long is smaller than a pointer to a
compile-time check. Replace the silly hash for LLP64 platforms.

ok tedu@

9 years agoamd's nfs_prot.x file has some tweaks from the standard; automate them with ed.
guenther [Thu, 22 Jan 2015 03:43:58 +0000 (03:43 +0000)]
amd's nfs_prot.x file has some tweaks from the standard; automate them with ed.
Regenerate the amd's NFS RPC stubs with a current rpcgen, automating the
  post-generation tweaks to the svc stubs.  However, do follow the modern
  naming style where the svc stubs have a _svc suffix.
As a side benefit, this eliminates the need to #include <nfs/nfsproto.h>
This is all a prelude to updating amd to talk NFSv3 with the kernel for
  its own "toplvl" mounts, to squash another y2038 issue.

9 years agobring back r1.80:
dlg [Thu, 22 Jan 2015 01:19:51 +0000 (01:19 +0000)]
bring back r1.80:

pass the size of the softc to free.

this time we only dereference the cfattach structure if we actually
need it once the refcount has dropped to 0.

tested by krw@ who found the original panic r1.80 was backed out for.
putting this in again so i can find out when else will break.

9 years agoMake syslogd tests more reliable on slow machines. All tests pass
bluhm [Thu, 22 Jan 2015 00:34:32 +0000 (00:34 +0000)]
Make syslogd tests more reliable on slow machines.  All tests pass
on my old sparc64.

9 years agoDo not need to include <sys/cdefs.h> when headers included above end up
deraadt [Thu, 22 Jan 2015 00:07:15 +0000 (00:07 +0000)]
Do not need to include <sys/cdefs.h> when headers included above end up
doing so.

9 years agotweak previous; ok schwarze
jmc [Wed, 21 Jan 2015 23:48:05 +0000 (23:48 +0000)]
tweak previous; ok schwarze

9 years ago3 different .h files here include ioccom.h. Do not need to include it directly
deraadt [Wed, 21 Jan 2015 23:06:53 +0000 (23:06 +0000)]
3 different .h files here include ioccom.h.  Do not need to include it directly

9 years agoif_media.c needs net/if_var.h. This fixes the build with IFMEDIA_DEBUG.
deraadt [Wed, 21 Jan 2015 23:06:10 +0000 (23:06 +0000)]
if_media.c needs net/if_var.h. This fixes the build with IFMEDIA_DEBUG.
from Fabian Raetz

9 years agocomplete the circle so all ql pages xref all other ql pages
tedu [Wed, 21 Jan 2015 22:33:22 +0000 (22:33 +0000)]
complete the circle so all ql pages xref all other ql pages

9 years agoDo not need sys/cdefs.h
deraadt [Wed, 21 Jan 2015 22:28:09 +0000 (22:28 +0000)]
Do not need sys/cdefs.h

9 years agoremove #if 0 cdefs.h blocks
deraadt [Wed, 21 Jan 2015 22:26:52 +0000 (22:26 +0000)]
remove #if 0 cdefs.h blocks

9 years agoTo satisfy kernel grovellers and bad (but document) sysctl
deraadt [Wed, 21 Jan 2015 22:23:52 +0000 (22:23 +0000)]
To satisfy kernel grovellers and bad (but document) sysctl
practice, be pragmatic and #include <sys/timeout.h> for
struct tcpb (glorious namespace violation)
ok kettenis millert sthen

9 years agoOoops, no need to include sys/cdefs.h.
reyk [Wed, 21 Jan 2015 22:23:24 +0000 (22:23 +0000)]
Ooops, no need to include sys/cdefs.h.

Pointed out by florian@

9 years agohttpd is based on relayd and had included many headers that are only
reyk [Wed, 21 Jan 2015 22:21:05 +0000 (22:21 +0000)]
httpd is based on relayd and had included many headers that are only
needed by its ancestor.  jsg@, include-what-you-use, and some manual
review helped to cleanup the headers (take iwyu with a grain of salt).
Based on common practice, httpd.h now also includes the necessary
headers for itself.

OK florian@

9 years agoInclude <netinet/in.h> before <net/pfvar.h>. In a future change when
deraadt [Wed, 21 Jan 2015 21:50:32 +0000 (21:50 +0000)]
Include <netinet/in.h> before <net/pfvar.h>.  In a future change when
ports is ready, <net/pfvar.h> will stop including a pile of balony.

9 years agoRemove the useless variable ifa in rt_getifa().
bluhm [Wed, 21 Jan 2015 21:32:42 +0000 (21:32 +0000)]
Remove the useless variable ifa in rt_getifa().
OK mpi@

9 years agoRudimentary implementation of the roff(7) \o escape sequence (overstrike).
schwarze [Wed, 21 Jan 2015 20:20:49 +0000 (20:20 +0000)]
Rudimentary implementation of the roff(7) \o escape sequence (overstrike).
This is of some relevance because the pod2man(1) preamble abuses it
for the icelandic letter Thorn, instead of simply using \(TP and \(Tp.
Missing feature found by sthen@ in DateTime::Locale::is_IS(3p).

9 years agoBy popular demand, put NFS, ipv6 and vlan support in sparc installation media.
miod [Wed, 21 Jan 2015 20:05:29 +0000 (20:05 +0000)]
By popular demand, put NFS, ipv6 and vlan support in sparc installation media.
ok deraadt@

9 years agoImprove overstriking. When overstriking a wider character with a
schwarze [Wed, 21 Jan 2015 19:40:22 +0000 (19:40 +0000)]
Improve overstriking.  When overstriking a wider character with a
narrower one, center the latter horizontally.  After a group of
characters printed in the same position, advance by the width of
the widest one among them.

9 years agoBuild the argument list for halt/reboot without excessive use of
naddy [Wed, 21 Jan 2015 19:38:53 +0000 (19:38 +0000)]
Build the argument list for halt/reboot without excessive use of
the conditional operator.  Adapted from NetBSD.  ok miod@

9 years agoTruncate progname to NAME_MAX in the syslog message, to ensure other
deraadt [Wed, 21 Jan 2015 19:34:24 +0000 (19:34 +0000)]
Truncate progname to NAME_MAX in the syslog message, to ensure other
information also makes it through.  This is a compromise to cope with
the absolutely ridiculous setprogname() API.
ok various discussions

9 years agoUse plain "-p" to specify "halt and power down", for consistency
naddy [Wed, 21 Jan 2015 19:29:52 +0000 (19:29 +0000)]
Use plain "-p" to specify "halt and power down", for consistency
and compatibility with other BSDs.  Adapted from FreeBSD.
Still permit the combination "-hp" as requested by many.
ok sthen@

9 years agoEven without BATs memory under ``physmaxaddr'' is mapped 1:1 in the
mpi [Wed, 21 Jan 2015 19:10:26 +0000 (19:10 +0000)]
Even without BATs memory under ``physmaxaddr'' is mapped 1:1 in the
kernel, so update pmap_extract() accordingly and save a VP lookup.

While here unify pted checks after the VP lookups.

ok miod@

9 years agoI don't foresee knowing that my i386 netbook has an AT/286+ bios and
tedu [Wed, 21 Jan 2015 18:39:54 +0000 (18:39 +0000)]
I don't foresee knowing that my i386 netbook has an AT/286+ bios and
not a PCjr bios will help diagnose any problems.
ok deraadt kettenis

9 years agoDo not try to stop and reset endpoints if USB transfers are aborted
mpi [Wed, 21 Jan 2015 14:02:33 +0000 (14:02 +0000)]
Do not try to stop and reset endpoints if USB transfers are aborted
because the HC has been shut down (during suspend/hibernate) or
removed (PCIe card).

In both cases the hardware wont complete the commands, resulting in
timeouts.  Instead just do the software part of the abort process.

Unbreak suspend/resume with USB a device connected to xhci(4) as
reported by Fabian Raetz on bugs@.

9 years agoUbreak the tree by using "struct ifreq" instead of "struct linux_ifreq".
mpi [Wed, 21 Jan 2015 13:47:45 +0000 (13:47 +0000)]
Ubreak the tree by using "struct ifreq" instead of "struct linux_ifreq".

9 years agoIn options-table.c r1.51 an extra space was added to the default status-right,
sthen [Wed, 21 Jan 2015 12:20:56 +0000 (12:20 +0000)]
In options-table.c r1.51 an extra space was added to the default status-right,
overrunning status-right-length with long window titles. Allow for the extra
space so the last digit of the year isn't lost.  ok nicm@

9 years agoEnable ix(4).
kettenis [Wed, 21 Jan 2015 12:07:36 +0000 (12:07 +0000)]
Enable ix(4).

9 years agocarpdev argument is no longer optional.
mpi [Wed, 21 Jan 2015 11:21:27 +0000 (11:21 +0000)]
carpdev argument is no longer optional.

9 years agoRemove the code to automagically find a "carpdev".
mpi [Wed, 21 Jan 2015 11:20:48 +0000 (11:20 +0000)]
Remove the code to automagically find a "carpdev".

The half-backed logic to find a parent interface before configuring an
address on a carp(4) interface is responsible for too many layers of
complexity resulting in various breakages everytime something change in
the stack.

So make carp(4) a bit less special.  It now requires a parent interface
like all the other pseudo-devices.

ok mikeb@, dlg@, florian@, henning@

9 years agoAdd a comment above the autopad checking.
brad [Wed, 21 Jan 2015 10:00:42 +0000 (10:00 +0000)]
Add a comment above the autopad checking.

9 years agoUse the RL_FLAG_AUTOPAD flag when trying to determine when
brad [Wed, 21 Jan 2015 09:52:55 +0000 (09:52 +0000)]
Use the RL_FLAG_AUTOPAD flag when trying to determine when
to pad short frames.

9 years agoPass times as int64_t and eliminate the (long disabled) mount request.
guenther [Wed, 21 Jan 2015 09:51:23 +0000 (09:51 +0000)]
Pass times as int64_t and eliminate the (long disabled) mount request.
ABI change, so roll the RPC protocol version; how about 57 for OpenBSD 5.7?

9 years agoregen
guenther [Wed, 21 Jan 2015 09:50:50 +0000 (09:50 +0000)]
regen

9 years agoPass times as int64_t and eliminate the (long disabled) mount request.
guenther [Wed, 21 Jan 2015 09:50:25 +0000 (09:50 +0000)]
Pass times as int64_t and eliminate the (long disabled) mount request.
ABI change, so roll the RPC protocol version; how about 57 for OpenBSD 5.7?

9 years agoPass times as int64_t and eliminate the (long disabled) mount request.
guenther [Wed, 21 Jan 2015 09:49:37 +0000 (09:49 +0000)]
Pass times as int64_t and eliminate the (long disabled) mount request.
ABI change, so roll the RPC protocol version; how about 57 for OpenBSD 5.7?

9 years agoRemove all references to the amd -M option (it was disabled long ago) and
guenther [Wed, 21 Jan 2015 09:47:15 +0000 (09:47 +0000)]
Remove all references to the amd -M option (it was disabled long ago) and
correct the texinfo validation errors, then re-enable validation

9 years agofix macro breakage and update usage();
jmc [Wed, 21 Jan 2015 09:21:05 +0000 (09:21 +0000)]
fix macro breakage and update usage();

9 years agoSimplify internals and rewrite file header parsing code:
ratchov [Wed, 21 Jan 2015 08:43:55 +0000 (08:43 +0000)]
Simplify internals and rewrite file header parsing code:
- remove -M, -t, -w, -C, -x flags that don't make sense anymore
- make "-j off" the default (sndiod already does the job)
- don't limit the number of played/recorded files.
- add support for floating-point encoded files.
- add support for apple .aiff and sun/next .au files

9 years agoRegenerate the amq RPC stubs with a -current rpcgen, with some
guenther [Wed, 21 Jan 2015 08:24:41 +0000 (08:24 +0000)]
Regenerate the amq RPC stubs with a -current rpcgen, with some
post-processing of the server stub to match previous local changes.
This corrects the type handling of mt_mounttime, so "amq /mountpoint"
doesn't segv trying to treat a time_t as a pointer.
With the file (re)generation fixed, we can more easily update the
protocol to support 64bit time_t...

9 years agoamq doesn't use anything from misc_rpc.c
guenther [Wed, 21 Jan 2015 08:16:51 +0000 (08:16 +0000)]
amq doesn't use anything from misc_rpc.c

9 years agoAssume NFS_CHECK and RO_CHECK are defined.
guenther [Wed, 21 Jan 2015 04:08:37 +0000 (04:08 +0000)]
Assume NFS_CHECK and RO_CHECK are defined.
We only need the dev_t and not the entire struct stat in mntinfo.
Delete some superfluous casts.

9 years agoReduce opt_t from long to int.
guenther [Wed, 21 Jan 2015 03:18:31 +0000 (03:18 +0000)]
Reduce opt_t from long to int.
Debug message consistency: format opts with %#x and modes with %#04o

9 years agoFix deferred host DNS lookups.
bcook [Wed, 21 Jan 2015 03:14:10 +0000 (03:14 +0000)]
Fix deferred host DNS lookups.

If the network is unreachable when ntpd starts and host_dns fails, be sure
that we still close the HOST_DNS imsg.

Thanks to Paul de Weerd <weerd at weirdnet dot nl> for reporting this.

ok beck@

9 years agoRemove unsafe micro-optimization of *bit test*
guenther [Wed, 21 Jan 2015 03:05:03 +0000 (03:05 +0000)]
Remove unsafe micro-optimization of *bit test*

9 years agoDelete option COMPAT_43: support for pre-sa_len binaries has been obsolete
guenther [Wed, 21 Jan 2015 02:23:14 +0000 (02:23 +0000)]
Delete option COMPAT_43: support for pre-sa_len binaries has been obsolete
for a couple decades.  Keep the OSIOCGIFCONF ioctl to support COMPAT_LINUX
but move the rest of the Linux-specific ioctl() handling into linux_socket.c
This lets struct osockaddr finally move from sys/socket.h to protocols/talkd.h

ok krw@ deraadt@ mpi@

9 years agopass empty request lines through to tbl(7); sometimes, they end a layout
schwarze [Wed, 21 Jan 2015 02:16:11 +0000 (02:16 +0000)]
pass empty request lines through to tbl(7); sometimes, they end a layout

9 years agoblank lines in tables do not need special handling; simplifies code
schwarze [Wed, 21 Jan 2015 00:45:16 +0000 (00:45 +0000)]
blank lines in tables do not need special handling; simplifies code
and reduces groff/mandoc differences in base by about 1%

9 years agoFix DTLS memory leak (CVE-2015-0206).
doug [Wed, 21 Jan 2015 00:15:50 +0000 (00:15 +0000)]
Fix DTLS memory leak (CVE-2015-0206).

There were four bugs fixed by this patch:

* dtls1_buffer_record() now frees rdata->rbuf.buf on error.  Since
  s->s3->rbuf was memset, rdata->rbuf is the only pointer left which
  points to the old rbuf.  On error, rdata is freed so there will not
  be any way of freeing this memory unless we do it here.

* Changed the return code of dtls1_buffer_record() to differentiate
  between queue full (0) and error (-1).  See below as this differs
  from upstream.

* Handle errors if calls to dtls1_buffer_record() fail with -1.
  Previously, it did not check the return value.

* Changed the way receipts are recorded.  Previously, it was recorded
  when processed successfully (whether buffered or not) in
  dtls1_process_record().  Now, it records when it is handled in
  dtls1_get_record(): either when it is entered into the queue to buffer
  for the next epoch or when it is processed directly.  Processing
  buffered records does not add a receipt because it needed one in
  order to get into the queue.

The above bugs combined contributed to an eventual DoS through memory
exhaustion.  The memory leak came from dtls1_buffer_record()'s error
handling.  The error handling can be triggered by a duplicate record
or malloc failure.  It was possible to add duplicate records because
they were not being dropped.  The faulty receipts logic did not detect
replays when dealing with records for the next epoch.  Additionally,
dtls1_buffer_record()'s return value was not checked so an attacker
could send repeated replay records for the next epoch.

Reported to OpenSSL by Chris Mueller.

Patch based on OpenSSL commit 103b171d8fc282ef435f8de9afbf7782e312961f
and BoringSSL commit 44e2709cd65fbd2172b9516c79e56f1875f60300.

Our patch matches BoringSSL's commit.  OpenSSL returns 0 when the queue
is full or when malloc() or pitem_new() fails.  They return -1 on error
including !ssl3_setup_buffers() which is another failure to allocate
memory.

BoringSSL and LibreSSL changed the return code for dtls1_buffer_record()
to be 1 on success, 0 when the queue is full and -1 on error.

input + ok bcook@, jsing@

9 years agoReduce use of <sys/param.h> and transition to <limits.h> throughout.
deraadt [Tue, 20 Jan 2015 23:14:00 +0000 (23:14 +0000)]
Reduce use of <sys/param.h> and transition to <limits.h> throughout.
ok djm markus

9 years agouse SUBDIR to recuse into unit tests; makes "make obj" actually
djm [Tue, 20 Jan 2015 22:58:57 +0000 (22:58 +0000)]
use SUBDIR to recuse into unit tests; makes "make obj" actually
work

9 years agotweak previous; ok schwarze
jmc [Tue, 20 Jan 2015 22:34:15 +0000 (22:34 +0000)]
tweak previous; ok schwarze

9 years agoDocument how to send syslog messages over TCP or TLS.
bluhm [Tue, 20 Jan 2015 22:10:37 +0000 (22:10 +0000)]
Document how to send syslog messages over TCP or TLS.
OK jmc@

9 years agoincrease TMP_MAX to the equivalent of INT_MAX. it's actually more,
tedu [Tue, 20 Jan 2015 22:09:50 +0000 (22:09 +0000)]
increase TMP_MAX to the equivalent of INT_MAX. it's actually more,
but safer not to wraparound by accident.
ok deraadt millert miod

9 years agotweak previous;
jmc [Tue, 20 Jan 2015 22:02:15 +0000 (22:02 +0000)]
tweak previous;

9 years agoSplit the -Werror message level into -Werror (broken manual, probably
schwarze [Tue, 20 Jan 2015 21:12:46 +0000 (21:12 +0000)]
Split the -Werror message level into -Werror (broken manual, probably
using mandoc is better than using groff) and -Wunsupp (manual using
unsupported low-level roff(7) feature, probably using groff is better
than using mandoc).  Once this feature is complete, it is intended
to help porting, making the decision whether to USE_GROFF easier.

As a first step, distinguish four classes of roff(7) requests:
1. Supported (currently 24 requests)
2. Currently ignored because unimportant (120)  ->  no message
3. Ignored for good because insecure (14)  ->  -Werror
4. Currently unsupported (68)  ->  these trigger the new -Wunsupp messages

9 years agoi wrote this
tedu [Tue, 20 Jan 2015 20:50:36 +0000 (20:50 +0000)]
i wrote this

9 years agokex_setup errors are fatal()
markus [Tue, 20 Jan 2015 20:16:21 +0000 (20:16 +0000)]
kex_setup errors are fatal()

9 years agoIf _dl_progname exceeds half the syslog buffer, truncate it with "...",
deraadt [Tue, 20 Jan 2015 19:51:00 +0000 (19:51 +0000)]
If _dl_progname exceeds half the syslog buffer, truncate it with "...",
so that the remaining information is more visible
ok kettenis miod

9 years agoMove ps_strings "after" the random stackgap. This makes its location a
kettenis [Tue, 20 Jan 2015 19:43:20 +0000 (19:43 +0000)]
Move ps_strings "after" the random stackgap.  This makes its location a
per-process value, and therefpore turns the VM_PSSTRINGS sysctl into a
per-process one as well.  This gets rid of a pointer to the bottom of the
stack at a fixed location.  Also clears the road for unmapping the stackgap.

ok deraadt@

9 years agoone more "center"; tedu forgot to use -i, i think...
jmc [Tue, 20 Jan 2015 19:23:32 +0000 (19:23 +0000)]
one more "center"; tedu forgot to use -i, i think...

9 years agotweak previous;
jmc [Tue, 20 Jan 2015 19:20:45 +0000 (19:20 +0000)]
tweak previous;

9 years agoDo not use /usr/ports/infrastructure/man/ by default because this
schwarze [Tue, 20 Jan 2015 19:17:28 +0000 (19:17 +0000)]
Do not use /usr/ports/infrastructure/man/ by default because this
directory is not contained in OpenBSD base, and because even people
having the directory often don't understand that they need to run
makewhatis(8) - and instead complain about the resulting warnings.
This commit reverts revisions 1.17 and 1.21.

Requested by deraadt@ millert@ kettenis@ who argue that people
using /usr/ports/infrastructure/bin/ already need to set PATH,
so editing man.conf (or, though more fragile, setting MANPATH)
should not be a big deal for them.

9 years agochange spelling of centre to center. consistent with other man pages,
tedu [Tue, 20 Jan 2015 18:54:33 +0000 (18:54 +0000)]
change spelling of centre to center. consistent with other man pages,
the name of the macro being described, and look(1).
ok jmc

9 years agoHOST_NAME_MAX + 1 is big enough for gethostname(3); this array has
florian [Tue, 20 Jan 2015 18:44:16 +0000 (18:44 +0000)]
HOST_NAME_MAX + 1 is big enough for gethostname(3); this array has
been one char too big when it was defined in terms of MAXHOSTNAMELEN.
While here, NI_MAXHOST is big enough for getnameinfo(3).
OK benno@

9 years agoMerge two copies of the (almost) identical bus space code into one file.
mpi [Tue, 20 Jan 2015 18:34:00 +0000 (18:34 +0000)]
Merge two copies of the (almost) identical bus space code into one file.

This brings bus_space_mmap(9) to socppc and change its bus_space_map(9)
implementation to use kernel_map instead of phys_map like macppc and
everybody else.

9 years agoAdjust <sys/param.h> comments regarding use of use of MSIZE, or
deraadt [Tue, 20 Jan 2015 18:26:57 +0000 (18:26 +0000)]
Adjust <sys/param.h> comments regarding use of use of MSIZE, or
delete <sys/param.h> if now possible
ok guenther