openbsd
9 years agoUnify trickier node handling functions.
schwarze [Sun, 19 Apr 2015 14:57:16 +0000 (14:57 +0000)]
Unify trickier node handling functions.
* man_elem_alloc() -> roff_elem_alloc()
* man_block_alloc() -> roff_block_alloc()
The functions mdoc_elem_alloc() and mdoc_block_alloc() remain for
now because they need to do mdoc(7)-specific argument processing.

9 years agoBump minor, regen .pc and header
jturner [Sun, 19 Apr 2015 14:26:27 +0000 (14:26 +0000)]
Bump minor, regen .pc and header

9 years agoMerge conflicts
jturner [Sun, 19 Apr 2015 14:25:05 +0000 (14:25 +0000)]
Merge conflicts

9 years agoUnify some node handling functions that use TOKEN_NONE.
schwarze [Sun, 19 Apr 2015 14:25:05 +0000 (14:25 +0000)]
Unify some node handling functions that use TOKEN_NONE.
* mdoc_word_alloc(), man_word_alloc() -> roff_word_alloc()
* mdoc_word_append(), man_word_append() -> roff_word_append()
* mdoc_addspan(), man_addspan() -> roff_addtbl()
* mdoc_addeqn(), man_addeqn() -> roff_addeqn()
Minus 50 lines of code, no functional change.

9 years agoMerge conflicts
jturner [Sun, 19 Apr 2015 14:23:41 +0000 (14:23 +0000)]
Merge conflicts

9 years agoUpdate sqlite3 to 3.8.9. Changes available here:
jturner [Sun, 19 Apr 2015 14:21:33 +0000 (14:21 +0000)]
Update sqlite3 to 3.8.9. Changes available here:
http://sqlite.org/releaselog/3_8_9.html

Tested in bulk and ok landry@

9 years agoDecouple the token code for "no request or macro" from the individual
schwarze [Sun, 19 Apr 2015 13:59:37 +0000 (13:59 +0000)]
Decouple the token code for "no request or macro" from the individual
high-level parsers to allow further unification of functions that
only need to recognize this code, but that don't care about different
high-level macrosets beyond that.

9 years agoUnify node handling functions:
schwarze [Sun, 19 Apr 2015 13:50:10 +0000 (13:50 +0000)]
Unify node handling functions:
* node_alloc() for mdoc and man_node_alloc() -> roff_node_alloc()
* node_append() for mdoc and man_node_append() -> roff_node_append()
* mdoc_head_alloc() and man_head_alloc() -> roff_head_alloc()
* mdoc_body_alloc() and man_body_alloc() -> roff_body_alloc()
* mdoc_node_unlink() and man_node_unlink() -> roff_node_unlink()
* mdoc_node_free() and man_node_free() -> roff_node_free()
* mdoc_node_delete() and man_node_delete() -> roff_node_delete()
Minus 130 lines of code, no functional change.

9 years agoby default fill the ping payload with a chacha stream instead of
dlg [Sun, 19 Apr 2015 12:56:42 +0000 (12:56 +0000)]
by default fill the ping payload with a chacha stream instead of
an unvarying payload.

each ping process generates a random key, and each packet then uses
the timestamps mac as the IV for the stream.

this allows us to have a different payload per packet that we can
recalculate and compare in the same was as the static payload was
checked before. by aggressively varying the payload we hope to
generate more opportunities for dodgy network equipment to show
errors.

note that we do siphash before chacha because we want to be strict
about the timestamp payload, but we want to be able to recognise
errors in the rest of the payload and where those errors were. doing
chacha before siphash would have us than fail the whole packet if
a checksum doesnt match.

discussed with jp aumasson
ok florian@

9 years agoadd a mac to the timestamp payload and calculate it with siphash.
dlg [Sun, 19 Apr 2015 12:45:37 +0000 (12:45 +0000)]
add a mac to the timestamp payload and calculate it with siphash.

this lets us have some confidence that the timestamp hasnt been
damaged or tampered with in transit.

discussed with jp aumasson
ok florian@

9 years agoDo not truncate possible remaining transfer length.
mpi [Sun, 19 Apr 2015 11:12:58 +0000 (11:12 +0000)]
Do not truncate possible remaining transfer length.

Reported by Takahiro HAYASHI on bugs@, thanks!

9 years agoRemove reference to oss audio emulation,
ratchov [Sun, 19 Apr 2015 08:58:02 +0000 (08:58 +0000)]
Remove reference to oss audio emulation,
from Scarlett <scarlett at entering.space>. Thanks!

9 years agoMake SNDCLT_DSP_* ioctls return ENOTTY, and remove the corresponding
ratchov [Sun, 19 Apr 2015 08:42:19 +0000 (08:42 +0000)]
Make SNDCLT_DSP_* ioctls return ENOTTY, and remove the corresponding
code. No ABI change.

ok armani@, guenther@, sthen@

9 years agoRemove emulation of oss audio ioctls from linux emulation.
ratchov [Sun, 19 Apr 2015 08:37:32 +0000 (08:37 +0000)]
Remove emulation of oss audio ioctls from linux emulation.

ok armani, guenther, sthen

9 years agoAdd a missing pmap_kremove
sf [Sun, 19 Apr 2015 06:30:20 +0000 (06:30 +0000)]
Add a missing pmap_kremove

Noticed by mlarkin@

9 years agoBinary code patching on i386
sf [Sun, 19 Apr 2015 06:27:17 +0000 (06:27 +0000)]
Binary code patching on i386

This commit ports the infrastructure to do binary code patching from amd64.
The existing code patching for SMAP is converted to the new infrastruture.

ok kettenis@
"should go in" deraadt@

9 years agoEnable the REG_READ ioctl. A whitelist is used to allow
jsg [Sun, 19 Apr 2015 02:55:52 +0000 (02:55 +0000)]
Enable the REG_READ ioctl.  A whitelist is used to allow
reading a timestamp off the render ring for the Mesa i965 driver.
ok kettenis@

9 years agoDon't lock the file for "vi -R" or "view". OK deraadt@
millert [Sun, 19 Apr 2015 01:10:59 +0000 (01:10 +0000)]
Don't lock the file for "vi -R" or "view".  OK deraadt@

9 years agoForce the boot partition to ext2fs, rathern than leaving it as it was.
deraadt [Sun, 19 Apr 2015 00:37:36 +0000 (00:37 +0000)]
Force the boot partition to ext2fs, rathern than leaving it as it was.
Found by inspection while curious... not though actual experience...
ok miod

9 years agoIt seems that the CPUID lies about the monitor-line size, or at least our
kettenis [Sat, 18 Apr 2015 22:16:21 +0000 (22:16 +0000)]
It seems that the CPUID lies about the monitor-line size, or at least our
interpretation of it isn't quite right.  So instead of allocating memory
and slicing it based on the parameters returned by CPUID, simply use a member
in struct cpu_info like basically all other OSes out there do.  Our struct
cpu_info is large enough to never cause any overlap.  This makes the
mwait-based idle loop actually work.  We still execute the CPUID instruction
to make sure monitor/mwait is properly supported by the hardware we're
running on.

ok sthen@, deraadt@, guenther@

9 years agoConvert many atoi() calls to strtonum(), adding range checks and failure
deraadt [Sat, 18 Apr 2015 18:28:36 +0000 (18:28 +0000)]
Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert

9 years agoDelete the wrapper functions mdoc_meta(), man_meta(), mdoc_node(),
schwarze [Sat, 18 Apr 2015 17:50:02 +0000 (17:50 +0000)]
Delete the wrapper functions mdoc_meta(), man_meta(), mdoc_node(),
man_node() from the mandoc(3) semi-public interface and the internal
wrapper functions print_mdoc() and print_man() from the HTML formatters.
Minus 60 lines of code, no functional change.

9 years agoUnify {mdoc,man}_{alloc,reset,free}() into roff_man_{alloc,reset,free}().
schwarze [Sat, 18 Apr 2015 17:28:08 +0000 (17:28 +0000)]
Unify {mdoc,man}_{alloc,reset,free}() into roff_man_{alloc,reset,free}().
Minus 80 lines of code, no functional change.
Written on the train from Koeln to Wolfsburg returning from p2k15.

9 years agoMove mdoc_hash_init() and man_hash_init() to libmandoc.h
schwarze [Sat, 18 Apr 2015 17:01:28 +0000 (17:01 +0000)]
Move mdoc_hash_init() and man_hash_init() to libmandoc.h
and call them from mparse_alloc() and choose_parser(),
preparing unified allocation of struct roff_man.

9 years agoProfit from the unified struct roff_man and reduce the number of
schwarze [Sat, 18 Apr 2015 16:34:03 +0000 (16:34 +0000)]
Profit from the unified struct roff_man and reduce the number of
arguments of mparse_result() by one.  No functional change.
Written on the ICE Bruxelles-Koeln on the way back from p2k15.

9 years agoReplace the structs mdoc and man by a unified struct roff_man.
schwarze [Sat, 18 Apr 2015 16:04:40 +0000 (16:04 +0000)]
Replace the structs mdoc and man by a unified struct roff_man.
Almost completely mechanical, no functional change.
Written on the train from Exeter to London returning from p2k15.

9 years agoanother round of reducing the diff to linux
jsg [Sat, 18 Apr 2015 14:47:34 +0000 (14:47 +0000)]
another round of reducing the diff to linux

9 years agoSimplify vio_encap() a bit.
sf [Sat, 18 Apr 2015 14:38:38 +0000 (14:38 +0000)]
Simplify vio_encap() a bit.

From brad@

9 years agofrom brad:
jmc [Sat, 18 Apr 2015 12:04:59 +0000 (12:04 +0000)]
from brad:
don;t try to list all generations in ciss's Nd;
do not use all caps for "array"

9 years agodefine and use trace macros
jsg [Sat, 18 Apr 2015 11:41:28 +0000 (11:41 +0000)]
define and use trace macros
discussed with kettenis

9 years agoRemove some unused debug functions. If we're interested in
jsg [Sat, 18 Apr 2015 11:21:12 +0000 (11:21 +0000)]
Remove some unused debug functions.  If we're interested in
these in future we should add i915_debugfs.c

9 years agoreplace the hand rolled lists of mbufs in hfsc_classq with an
dlg [Sat, 18 Apr 2015 11:12:33 +0000 (11:12 +0000)]
replace the hand rolled lists of mbufs in hfsc_classq with an
mbuf_list.

hfsc lists are very clever because they manage a fifo with a single
pointer by abusing the m_next pointer of the tail mbuf to point to
the head. clever but hard to read.

mbuf_lists are slightly bigger because they explicitely track the
head mbuf, but i got us that space back by inlining hfsc_classq
into hfsc_class and removing the unnecessary classq field.

ok henning@

9 years agoadd and use module param macros
jsg [Sat, 18 Apr 2015 11:05:32 +0000 (11:05 +0000)]
add and use module param macros

9 years agoAvoid calling freeifaddrs() with an uninitialised pointer in an
jsg [Sat, 18 Apr 2015 09:32:59 +0000 (09:32 +0000)]
Avoid calling freeifaddrs() with an uninitialised pointer in an
error path.

9 years agoRegis Leroy reported that httpd does not strictly accept CRLF for
jsg [Sat, 18 Apr 2015 09:27:54 +0000 (09:27 +0000)]
Regis Leroy reported that httpd does not strictly accept CRLF for
newlines which could lead to http response splitting/smuggling
if a badly behaved proxy is in front of httpd.

Switch from evbuffer_readline() to evbuffer_readln() with
EVBUFFER_EOL_CRLF_STRICT to avoid this.

ok florian@

9 years agoi386 and amd64 have only one syscall entry point now, so simply the
guenther [Sat, 18 Apr 2015 05:14:05 +0000 (05:14 +0000)]
i386 and amd64 have only one syscall entry point now, so simply the
EIP/RIP adjustment for ERESTART

ok mlarkin@

9 years agoUse futimens() to preserve timestamps with subsec precision.
guenther [Sat, 18 Apr 2015 03:15:46 +0000 (03:15 +0000)]
Use futimens() to preserve timestamps with subsec precision.
Don't cast file sizes to size_t when comparing file contents for the -C option

ok deraadt@

9 years agoUse getint() instead of intval() for parsing the columns variable,
deraadt [Fri, 17 Apr 2015 17:20:41 +0000 (17:20 +0000)]
Use getint() instead of intval() for parsing the columns variable,
allowing the addition of more accurate bounds and garbage checks.
ok millert

9 years agoFALLTHROUGH in getopt is incorrect. While here use strtonum
deraadt [Fri, 17 Apr 2015 16:47:47 +0000 (16:47 +0000)]
FALLTHROUGH in getopt is incorrect.  While here use strtonum
to parse tz_minuteswest.
ok millert

9 years agoOn Ethernet packets have a minimal length, so very short packets
bluhm [Fri, 17 Apr 2015 16:42:50 +0000 (16:42 +0000)]
On Ethernet packets have a minimal length, so very short packets
get padding appended to them.  This padding is not stripped off in
ip6_input() (due to support for IPv6 Jumbograms, RFC2675).  That
means PF needs to be careful when reassembling fragmented packets
to not include the padding in the reassembled packet.
from FreeBSD; via Kristof Provost; OK henning@

9 years agos/recommended/required/ that private keys be og-r
djm [Fri, 17 Apr 2015 13:32:09 +0000 (13:32 +0000)]
s/recommended/required/ that private keys be og-r
this wording change was made a while ago but got accidentally reverted

9 years agodon't try to cleanup NULL KEX proposals in kex_prop_free();
djm [Fri, 17 Apr 2015 13:25:52 +0000 (13:25 +0000)]
don't try to cleanup NULL KEX proposals in kex_prop_free();
found by Jukka Taimisto and Markus Hietava

9 years agouse error/logit/fatal instead of fprintf(stderr, ...) and exit(0),
djm [Fri, 17 Apr 2015 13:19:22 +0000 (13:19 +0000)]
use error/logit/fatal instead of fprintf(stderr, ...) and exit(0),
fix a few errors that were being printed to stdout instead of stderr
and a few non-errors that were going to stderr instead of stdout
bz#2325; ok dtucker

9 years agodebug log missing DISPLAY environment when X11 forwarding
djm [Fri, 17 Apr 2015 13:16:48 +0000 (13:16 +0000)]
debug log missing DISPLAY environment when X11 forwarding
requested; bz#1682 ok dtucker@

9 years agowhile trying to reproduce lockups on mp alpha i hit an
dlg [Fri, 17 Apr 2015 12:38:54 +0000 (12:38 +0000)]
while trying to reproduce lockups on mp alpha i hit an
MUTEX_ASSERT_UNLOCKED, but it turns out alpha mutexes arent very
friendly to diagnostics on smp systems.

alpha mutexes contained an mtx_lock member. when 0 the mutex was
unlocked, and when 1 it was locked. the MUTEX_ASSERT_UNLOCKED checked
if mtx_lock was 1 to see if the current cpu owned the mutex, but
in an mp system another cpu may have set mtx_lock to 1, which causes
the assert to fire.

this changes alpha mutexes so they record which cpu owns the lock
rather than just if the lock is held or not. the diagnostics compare
the owner to the current cpus curcpu() address so they can actually
tell if the current cpu holds the lock instead of whether any cpu
holds the lock.

instead of using custom asm to implement a cas this uses atomic_cas_ptr,
which on alpha uses gcc cas code. miod says he has far more confidence
in the gcc cas than the code that was there before.

while im here i also shuffled the code. on MULTIPROCESSOR systems
instead of duplicating code between mtx_enter and mtx_enter_try,
mtx_enter simply loops on mtx_enter_try until it succeeds.

this also provides an alternative implementation of mutexes on
!MULTIPROCESSOR systems that avoids interlocking opcodes. mutexes
wont contend on UP boxes, theyre basically wrappers around spls.
we can just do the splraise, stash the owner as a guard value for
DIAGNOSTIC and return. similarly, mtx_enter_try on UP will never
fail, so we can just call mtx_enter and return 1.

ok miod@

9 years agoIPSEC_IN_CRYPTO_DONE and OUT_CRYPTO_NEEDED are gone
mikeb [Fri, 17 Apr 2015 11:06:39 +0000 (11:06 +0000)]
IPSEC_IN_CRYPTO_DONE and OUT_CRYPTO_NEEDED are gone

9 years agoStubs and support code for NIC-enabled IPsec bite the dust.
mikeb [Fri, 17 Apr 2015 11:04:01 +0000 (11:04 +0000)]
Stubs and support code for NIC-enabled IPsec bite the dust.
No objection from reyk@, OK markus, hshoexer

9 years agoRemove unused ipsp_parse_headers that was supposed to parse packets
mikeb [Fri, 17 Apr 2015 10:08:07 +0000 (10:08 +0000)]
Remove unused ipsp_parse_headers that was supposed to parse packets
returned by IPsec-enabled NICs;  OK markus, hshoexer

9 years agoRemove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexer
mikeb [Fri, 17 Apr 2015 10:04:37 +0000 (10:04 +0000)]
Remove unsupported SADB_X_IDENTTYPE_CONNECTION;  OK markus, hshoexer

9 years agoRemove superflous "::1" route, test currently failing but a fix is
mpi [Fri, 17 Apr 2015 08:20:24 +0000 (08:20 +0000)]
Remove superflous "::1" route, test currently failing but a fix is
in its way.

9 years agoLocal routes should be present in the routing table output.
mpi [Fri, 17 Apr 2015 08:19:27 +0000 (08:19 +0000)]
Local routes should be present in the routing table output.

9 years agoparse_prefix in parse.c got changed but the declaration in bgpctl.c
phessler [Fri, 17 Apr 2015 07:51:09 +0000 (07:51 +0000)]
parse_prefix in parse.c got changed but the declaration in bgpctl.c
wasn't updated, so we would crash when doing `bgpctl net bulk` commands.

Fix by moving parse_prefix into a header, since we use it in more than
one file.

crash found by henning@
underlying problem found by blambert@

OK sthen@ deraadt@ claudio@ henning@

9 years agoMatch -current output. Every configured address should have a local route
mpi [Fri, 17 Apr 2015 07:46:10 +0000 (07:46 +0000)]
Match -current output.  Every configured address should have a local route
and remove redundant loopback cloning route.

Note that tests using IPv6 still contain two routes to "::1" this should
cause no harm but is being investigated.

9 years agoCrank the timeout and decrease the buffer size to not end up dropping
mpi [Fri, 17 Apr 2015 07:17:51 +0000 (07:17 +0000)]
Crank the timeout and decrease the buffer size to not end up dropping
all the entropy provided by the device.

Also make sure we match the right endpoint.

From Sean Levy based on comments from Andreas Gustafsson who's behind
Alea.

9 years agooops, started expecting sockoptlevelname() to handle two arguments
guenther [Fri, 17 Apr 2015 06:33:30 +0000 (06:33 +0000)]
oops, started expecting sockoptlevelname() to handle two arguments
but never actually did so.  Fix that so that we stop losing the
second argument to {get,set}sockopt().  Handling of levels other than
SOL_SOCKET could be improved.

9 years agoThe first argument to socket/socketpair is an address family, not a protocol
guenther [Fri, 17 Apr 2015 06:14:36 +0000 (06:14 +0000)]
The first argument to socket/socketpair is an address family, not a protocol
family.  (sysctl(3) is practically the only place where PF_* is correct)

9 years agoTweaks utimensat/futimens handling to always update ctime, even when both
guenther [Fri, 17 Apr 2015 04:43:20 +0000 (04:43 +0000)]
Tweaks utimensat/futimens handling to always update ctime, even when both
atime and mtime are UTIME_OMIT (at least for ufs, tmpfs, and ext2fs), and
to correctly handle a timestamp of -1.

ok millert@

9 years agodon't call record_login() in monitor when UseLogin is enabled;
djm [Fri, 17 Apr 2015 04:32:31 +0000 (04:32 +0000)]
don't call record_login() in monitor when UseLogin is enabled;
bz#278 reported by drk AT sgi.com; ok dtucker

9 years agoAdd some missing options to sshd -T and fix the output of VersionAddendum
dtucker [Fri, 17 Apr 2015 04:12:35 +0000 (04:12 +0000)]
Add some missing options to sshd -T and fix the output of VersionAddendum
HostCertificate.  bz#2346, patch from jjelen at redhat com, ok djm.

9 years agoMake drm ioctls table driven. Further reduces the diff to linux.
jsg [Fri, 17 Apr 2015 00:54:41 +0000 (00:54 +0000)]
Make drm ioctls table driven.  Further reduces the diff to linux.
ok kettenis@

9 years agoDocument "none" for PidFile XAuthLocation TrustedUserCAKeys and RevokedKeys.
dtucker [Thu, 16 Apr 2015 23:25:50 +0000 (23:25 +0000)]
Document "none" for PidFile XAuthLocation TrustedUserCAKeys and RevokedKeys.
bz#2382, feedback from jmc@, ok djm@

9 years agoRestore the page headers and page footers that accidentally got lost
schwarze [Thu, 16 Apr 2015 20:21:08 +0000 (20:21 +0000)]
Restore the page headers and page footers that accidentally got lost
in rev. 1.225.  Regression reported by florian@.

9 years agofirmware, not firmwares;
jmc [Thu, 16 Apr 2015 20:01:39 +0000 (20:01 +0000)]
firmware, not firmwares;

9 years agotweak previous;
jmc [Thu, 16 Apr 2015 19:59:28 +0000 (19:59 +0000)]
tweak previous;

9 years agoipa_inp_next is unused; via mikeb@
markus [Thu, 16 Apr 2015 19:44:01 +0000 (19:44 +0000)]
ipa_inp_next is unused; via mikeb@

9 years agoremove unfinished/unused support for socket-attached ipsec-policies
markus [Thu, 16 Apr 2015 19:24:13 +0000 (19:24 +0000)]
remove unfinished/unused support for socket-attached ipsec-policies
ok mikeb

9 years agochange {import,export}_identity so it can be used for policies; ok mikeb
markus [Thu, 16 Apr 2015 19:18:10 +0000 (19:18 +0000)]
change {import,export}_identity so it can be used for policies; ok mikeb
(fixes sadb_ident_type conversion for policies)

9 years agoshorten "outdated mandoc.db" warning message; requested by deraadt@
schwarze [Thu, 16 Apr 2015 16:35:02 +0000 (16:35 +0000)]
shorten "outdated mandoc.db" warning message; requested by deraadt@

9 years agosync
deraadt [Thu, 16 Apr 2015 15:50:47 +0000 (15:50 +0000)]
sync

9 years agoTweak error output.
gsoares [Thu, 16 Apr 2015 15:14:30 +0000 (15:14 +0000)]
Tweak error output.
ok krw@

9 years agoMake sure LLVM static analyzer do not report a false positive,
mpi [Thu, 16 Apr 2015 14:23:48 +0000 (14:23 +0000)]
Make sure LLVM static analyzer do not report a false positive,
found by and fix confirmed by jsg@.

9 years agodocument %m, sort %.
espie [Thu, 16 Apr 2015 14:11:29 +0000 (14:11 +0000)]
document %m, sort %.

9 years agoadd %m as a shorthand, will expand to
espie [Thu, 16 Apr 2015 14:08:19 +0000 (14:08 +0000)]
add %m as a shorthand, will expand to
pub/OpenBSD/5.7/packages/amd64
for lazy typers.

okay aja@

9 years agodocument % sequences.
espie [Thu, 16 Apr 2015 13:40:56 +0000 (13:40 +0000)]
document % sequences.

9 years agoreorg code, the arch/osversion code should live in a single place,
espie [Thu, 16 Apr 2015 13:29:16 +0000 (13:29 +0000)]
reorg code, the arch/osversion code should live in a single place,
short and sweet

9 years agoMatch the Nd of the page, prodded by jmc@
mpi [Thu, 16 Apr 2015 11:21:01 +0000 (11:21 +0000)]
Match the Nd of the page, prodded by jmc@

9 years agocommit expanded tags for %c, %v, %a
espie [Thu, 16 Apr 2015 09:32:23 +0000 (09:32 +0000)]
commit expanded tags for %c, %v, %a

9 years agoEnable ualea(4) where we have uhub(4), these USB device lists cry for
mpi [Thu, 16 Apr 2015 09:09:49 +0000 (09:09 +0000)]
Enable ualea(4) where we have uhub(4), these USB device lists cry for
unification...

9 years agoManpage for ualea(4) with tweaks from jmc@.
mpi [Thu, 16 Apr 2015 08:56:53 +0000 (08:56 +0000)]
Manpage for ualea(4) with tweaks from jmc@.

9 years agoNew driver for Araneus Alea II TRNG. All the hardwork has been done by
mpi [Thu, 16 Apr 2015 08:55:21 +0000 (08:55 +0000)]
New driver for Araneus Alea II TRNG.  All the hardwork has been done by
Sean Levy, aka attila, <attila + stalphonsos ! com>, thanks!

ok deraadt@

9 years agoPlug leak of address passed to logging. bz#2373, patch from jjelen at redhat,
dtucker [Wed, 15 Apr 2015 23:23:25 +0000 (23:23 +0000)]
Plug leak of address passed to logging.  bz#2373, patch from jjelen at redhat,
ok markus@

9 years agoFix some issues in bright colour handling. Bold background doesn't exist
nicm [Wed, 15 Apr 2015 22:34:46 +0000 (22:34 +0000)]
Fix some issues in bright colour handling. Bold background doesn't exist
so there is no reason for tty_check_bg to mess with the BRIGHT flag at
all, ever. Also use aixterm colours for 256-to-16 translation if the
terminal supports them. And there is no reason for tty_colours_bg to
worry about whether the terminal supports them - tty_check_bg has
already taken care of it.

9 years agoUse tty_term_flag not _has for flags, also fix a typo (position not
nicm [Wed, 15 Apr 2015 22:10:13 +0000 (22:10 +0000)]
Use tty_term_flag not _has for flags, also fix a typo (position not
permission).

9 years agoTest that ping6 fragments with ethernet padding get reassembled
bluhm [Wed, 15 Apr 2015 21:29:15 +0000 (21:29 +0000)]
Test that ping6 fragments with ethernet padding get reassembled
correctly.

9 years agoConvert error/errorx/errorc functions -> fatal/fatalx/fatalc and
millert [Wed, 15 Apr 2015 16:43:11 +0000 (16:43 +0000)]
Convert error/errorx/errorc functions -> fatal/fatalx/fatalc and
make then take a printf format string instead of requiring the
caller to snprintf into a buffer first.  OK deraadt@

9 years agoOnly set the cipher list if one was specified and actually check the return
jsing [Wed, 15 Apr 2015 16:33:49 +0000 (16:33 +0000)]
Only set the cipher list if one was specified and actually check the return
value from SSL_CTX_set_cipher_list(). Also remove pointless getenv()
handling.

ok bcook@ doug@

9 years agoClean up the ssl_bytes_to_cipher_list() API - rather than having the
jsing [Wed, 15 Apr 2015 16:25:43 +0000 (16:25 +0000)]
Clean up the ssl_bytes_to_cipher_list() API - rather than having the
ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either
zeroed or if NULL a new one is allocated, always allocate one and return it
directly.

Inspired by simliar changes in BoringSSL.

ok beck@ doug@

9 years agoNow that tls_close() is more robust, consider a failure to be fatal.
jsing [Wed, 15 Apr 2015 16:09:29 +0000 (16:09 +0000)]
Now that tls_close() is more robust, consider a failure to be fatal.

9 years agoTreat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. Also
jsing [Wed, 15 Apr 2015 16:08:43 +0000 (16:08 +0000)]
Treat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. Also
ensure that outlen is set to zero so that tls_read() has read(2) like
semantics for EOF.

Spotted by doug@

9 years agoMake tls_close() more robust - do not rely on a close notify being received
jsing [Wed, 15 Apr 2015 16:05:23 +0000 (16:05 +0000)]
Make tls_close() more robust - do not rely on a close notify being received
from the other side and only return TLS_READ_AGAIN/TLS_WRITE_AGAIN if we
failed to send a close notify on a non-blocking socket.

Otherwise be more forceful and always shutdown/close the socket regardless
of other failures. Also do not consider ENOTCONN or ECONNRESET to be a
shutdown failure, since there are various situations where this can occur.

ok doug@ guenther@

9 years agoFix setting old-style window -fg/-bg/-attr options that aren't global.
nicm [Wed, 15 Apr 2015 15:44:40 +0000 (15:44 +0000)]
Fix setting old-style window -fg/-bg/-attr options that aren't global.

9 years agoAdd the necessary glue to keep carp(4) working while other pseudo-drivers
mpi [Wed, 15 Apr 2015 15:16:17 +0000 (15:16 +0000)]
Add the necessary glue to keep carp(4) working while other pseudo-drivers
are converted to if_input().

ok dlg@, claudio@

9 years agoUse ether_ifattach() and ether_ifdetach() when cloning/destroying an
mpi [Wed, 15 Apr 2015 15:14:37 +0000 (15:14 +0000)]
Use ether_ifattach() and ether_ifdetach() when cloning/destroying an
interface instead of rewritting most of them.

This change is also needed for upcoming if_input() conversion.

As a bonus pseudo-driver attached on top of carp are now detached in
the right order.

ok claudio@, henning@

9 years agoinclude header required for DEBUG build; ok jsg@
naddy [Wed, 15 Apr 2015 14:06:03 +0000 (14:06 +0000)]
include header required for DEBUG build; ok jsg@

9 years agoAvoid using inet_ntoa() twice in a single printf() parameter list
krw [Wed, 15 Apr 2015 12:40:57 +0000 (12:40 +0000)]
Avoid using inet_ntoa() twice in a single printf() parameter list
by caching the results from excess inet_ntoa() calls before doing
the printf(). Should improve usefullness (?) of DHCPRELEASE log
entries by actually printing ciaddr and giaddr correctly when
dhcprelays stand between servers and clients.

Looks good to dlg@.

9 years agoFix a typo introduced in the niq_enqueue() conversion.
mpi [Wed, 15 Apr 2015 10:11:29 +0000 (10:11 +0000)]
Fix a typo introduced in the niq_enqueue() conversion.

Should fix a panic reported by many on bugs@ and misc@.

ok dlg@

9 years agoAdd the necessary glue to keep vlan(4) working while other pseudo-drivers
mpi [Wed, 15 Apr 2015 09:58:44 +0000 (09:58 +0000)]
Add the necessary glue to keep vlan(4) working while other pseudo-drivers
are converted to if_input().

Reviewed by Rafael Zalamena.

ok claudio@, dlg@

9 years agoConvert remaining drm ioctl implementation functions to return Linux-style
kettenis [Wed, 15 Apr 2015 09:48:18 +0000 (09:48 +0000)]
Convert remaining drm ioctl implementation functions to return Linux-style
negative errno values.

ok jsg@

9 years agoadd the include dir for libepoxy
jsg [Wed, 15 Apr 2015 07:41:53 +0000 (07:41 +0000)]
add the include dir for libepoxy

9 years agoUnneeded return at the end of a void function.
mlarkin [Wed, 15 Apr 2015 03:52:45 +0000 (03:52 +0000)]
Unneeded return at the end of a void function.