openbsd
10 years agofix another chmod on permanent tempfile to respect umask.
espie [Mon, 13 Jan 2014 18:44:41 +0000 (18:44 +0000)]
fix another chmod on permanent tempfile to respect umask.

10 years agohave Ustar extract owners for symlinks, which isn't really important for
espie [Mon, 13 Jan 2014 18:42:34 +0000 (18:42 +0000)]
have Ustar extract owners for symlinks, which isn't really important for
pkg_add, since it skips links and restores owners from the plist anyways.

10 years agosay something if we sign an empty repository
espie [Mon, 13 Jan 2014 10:07:32 +0000 (10:07 +0000)]
say something if we sign an empty repository
tweak mode on tmp signed file

10 years agoIterate over the per interface address list instead of the global one
mpi [Mon, 13 Jan 2014 09:48:12 +0000 (09:48 +0000)]
Iterate over the per interface address list instead of the global one
in IFP_TO_IA().

ok bluhm@, henning@, mikeb@

10 years agopremature, only wanted to commit n: -> n
espie [Mon, 13 Jan 2014 09:42:53 +0000 (09:42 +0000)]
premature, only wanted to commit n: -> n

10 years agoduh, -n does not take args
espie [Mon, 13 Jan 2014 09:41:16 +0000 (09:41 +0000)]
duh, -n does not take args

10 years agoReturn the poison value in poison_check() and not the modified value.
mpi [Mon, 13 Jan 2014 09:27:39 +0000 (09:27 +0000)]
Return the poison value in poison_check() and not the modified value.

ok tedu@

10 years agowarning(), note(), debug(), parse_warn() always return 0, which no
krw [Mon, 13 Jan 2014 02:38:52 +0000 (02:38 +0000)]
warning(), note(), debug(), parse_warn() always return 0, which no
caller checks or saves. So just void them all.

10 years agoEnable Wbounded by default. Passing bound bigger than the buffer
martynas [Mon, 13 Jan 2014 01:44:31 +0000 (01:44 +0000)]
Enable Wbounded by default.  Passing bound bigger than the buffer
size almost always has security implications.  I think this quote
from Theo summarizes the situation best:

Which is why it is important to have at least one unforgiving
platform in the ecosystem which properly labels shit shit.

That's OpenBSD.  If anyone can't handle that, they can go to platforms
which hide the reality.

10 years agonew signify options. from and ok espie
tedu [Mon, 13 Jan 2014 01:41:34 +0000 (01:41 +0000)]
new signify options. from and ok espie

10 years agodang it!
tedu [Mon, 13 Jan 2014 01:41:00 +0000 (01:41 +0000)]
dang it!

10 years agonew day, new options. -m message and -x signature.
tedu [Mon, 13 Jan 2014 01:40:43 +0000 (01:40 +0000)]
new day, new options. -m message and -x signature.
this should be less confusing and more consistent in various modes.
also support stdin/stdout where feasible. touch up usage to be helpful.
ok deraadt

10 years agoPlace a SHA256 (not SHA256.sig, sorry not yet) onto the install*.iso
deraadt [Sun, 12 Jan 2014 21:57:59 +0000 (21:57 +0000)]
Place a SHA256 (not SHA256.sig, sorry not yet) onto the install*.iso
media to give some upcoming changes a chance of working.

Long discussions with todd and rpe

10 years agowe only write to writable files, so use O_WRONLY.
tedu [Sun, 12 Jan 2014 21:18:52 +0000 (21:18 +0000)]
we only write to writable files, so use O_WRONLY.
st_size is only meaningful for regular files, so check S_ISREG

10 years agorevert back to 1.97
phessler [Sun, 12 Jan 2014 20:23:29 +0000 (20:23 +0000)]
revert back to 1.97

There is a memory leak when using internal GZip, so switch back to the
external gzip for now.

OK espie@

10 years agoadd missing dash in -p option
rpe [Sun, 12 Jan 2014 17:17:12 +0000 (17:17 +0000)]
add missing dash in -p option

OK tedu@ jmc@

10 years agoRemove no-op 'HIDE' macro from sppp code. This probably existed to allow
stsp [Sun, 12 Jan 2014 15:38:06 +0000 (15:38 +0000)]
Remove no-op 'HIDE' macro from sppp code. This probably existed to allow
for easy switching to static functions. But we don't usually have static
functions in the kernel.
ok deraadt mpi mikeb

10 years agoDirectories updates for freetype 2.5.2
matthieu [Sun, 12 Jan 2014 15:07:47 +0000 (15:07 +0000)]
Directories updates for freetype 2.5.2

10 years agoimprove release directory example
deraadt [Sun, 12 Jan 2014 11:32:47 +0000 (11:32 +0000)]
improve release directory example

10 years agoplen is unsigned
deraadt [Sun, 12 Jan 2014 11:26:48 +0000 (11:26 +0000)]
plen is unsigned

10 years agosync
deraadt [Sun, 12 Jan 2014 11:26:17 +0000 (11:26 +0000)]
sync

10 years agocrank to 5.5beta
deraadt [Sun, 12 Jan 2014 11:26:08 +0000 (11:26 +0000)]
crank to 5.5beta

10 years agoallow prev release keys for now, transition 5.4 -> 5.5 kindof requires
espie [Sun, 12 Jan 2014 11:18:57 +0000 (11:18 +0000)]
allow prev release keys for now, transition 5.4 -> 5.5 kindof requires
it.

10 years agoexpand the "eval" description a little; from wiz@netbsd
jmc [Sun, 12 Jan 2014 09:33:32 +0000 (09:33 +0000)]
expand the "eval" description a little; from wiz@netbsd

10 years agoavoid use of OpenSSL BIGNUM type and functions for KEX with
djm [Sun, 12 Jan 2014 08:13:13 +0000 (08:13 +0000)]
avoid use of OpenSSL BIGNUM type and functions for KEX with
Curve25519 by adding a buffer_put_bignum2_from_string() that stores
a string using the bignum encoding rules. Will make it easier to
build a reduced-feature OpenSSH without OpenSSL in the future;
ok markus@

10 years agosubtly improve an example
deraadt [Sun, 12 Jan 2014 05:46:50 +0000 (05:46 +0000)]
subtly improve an example

10 years agoAlso move case 'c' into the #ifdef for a smaller binary. It will fall into
deraadt [Sun, 12 Jan 2014 04:37:51 +0000 (04:37 +0000)]
Also move case 'c' into the #ifdef for a smaller binary.  It will fall into
default, giving a nice failure.  I have not removed -c from the usage()
or getopt() because it is too much butchering...

10 years agoSince the return value of read_client_conf() is not checked, don't
krw [Sun, 12 Jan 2014 04:17:36 +0000 (04:17 +0000)]
Since the return value of read_client_conf() is not checked, don't
bother returning one.

10 years agoupdate list of chips supported, Chris Hettrick
deraadt [Sun, 12 Jan 2014 03:07:41 +0000 (03:07 +0000)]
update list of chips supported, Chris Hettrick

10 years agosync
deraadt [Sun, 12 Jan 2014 01:40:12 +0000 (01:40 +0000)]
sync

10 years agowhen selecting sets to install, postpone the xbase/comp check so the
halex [Sat, 11 Jan 2014 23:28:02 +0000 (23:28 +0000)]
when selecting sets to install, postpone the xbase/comp check so the
comp set does not get readded if the xbase set is being removed later
on the same input line

"nice semantics" deraadt@

10 years agotest pkg key for during the 5.5-beta sequence
naddy [Sat, 11 Jan 2014 22:26:01 +0000 (22:26 +0000)]
test pkg key for during the 5.5-beta sequence

10 years agotest fw key for during the 5.5-beta sequence
sthen [Sat, 11 Jan 2014 22:18:06 +0000 (22:18 +0000)]
test fw key for during the 5.5-beta sequence

10 years agoRemove useless use of strnlen(3).
schwarze [Sat, 11 Jan 2014 22:16:03 +0000 (22:16 +0000)]
Remove useless use of strnlen(3).
Yuckiness pointed out by deraadt@.

10 years agotest key for during the 5.5-beta sequence
deraadt [Sat, 11 Jan 2014 22:15:55 +0000 (22:15 +0000)]
test key for during the 5.5-beta sequence

10 years agofchownat is allowed to return EOPNOTSUPP
espie [Sat, 11 Jan 2014 19:23:39 +0000 (19:23 +0000)]
fchownat is allowed to return EOPNOTSUPP
okay guenther@

10 years agotypos, from Markus Lude, thx!
espie [Sat, 11 Jan 2014 18:34:20 +0000 (18:34 +0000)]
typos, from Markus Lude, thx!

10 years agoSync description of struct pf_osfp_entry to rev 1.393 of pfvar.h
florian [Sat, 11 Jan 2014 14:37:51 +0000 (14:37 +0000)]
Sync description of struct pf_osfp_entry to rev 1.393 of pfvar.h
OK deraadt@

10 years agoWhen I created UDP socket splicing, I added the goto nextpkt loop
bluhm [Sat, 11 Jan 2014 14:33:48 +0000 (14:33 +0000)]
When I created UDP socket splicing, I added the goto nextpkt loop
to splice multiple UDP packets in the m_nextpkt list.  Some profiling
with TCP splicing showed that checking so_rcv.sb_mb is wrong.  It
causes several useless runs through the loop.  Better check for
nextrecord which contains the original m_nextpkt value of the mbuf.
OK mikeb@

10 years agoadd a few things mumble
deraadt [Sat, 11 Jan 2014 14:28:26 +0000 (14:28 +0000)]
add a few things mumble

10 years agoremove extraneous D, from Markus Lude
sthen [Sat, 11 Jan 2014 13:50:56 +0000 (13:50 +0000)]
remove extraneous D, from Markus Lude

10 years agosimplify code: always extract, then install, so that initial installations
espie [Sat, 11 Jan 2014 11:54:43 +0000 (11:54 +0000)]
simplify code: always extract, then install, so that initial installations
and updates are more similar.

10 years agoa bit of spring cleanup in advance: scrape old stuff that's not really
espie [Sat, 11 Jan 2014 11:51:01 +0000 (11:51 +0000)]
a bit of spring cleanup in advance: scrape old stuff that's not really
used.

10 years agooptarg/optind are declared in <unistd.h>, so kill the externs here
guenther [Sat, 11 Jan 2014 06:28:46 +0000 (06:28 +0000)]
optarg/optind are declared in <unistd.h>, so kill the externs here

10 years agoregen
brad [Sat, 11 Jan 2014 05:44:11 +0000 (05:44 +0000)]
regen

10 years agoadd some more Realtek Card Reader chipsets.
brad [Sat, 11 Jan 2014 05:43:33 +0000 (05:43 +0000)]
add some more Realtek Card Reader chipsets.

10 years agoNo need for a bin/cpio link on the media, because the pax|tar binary does
deraadt [Sat, 11 Jan 2014 05:40:14 +0000 (05:40 +0000)]
No need for a bin/cpio link on the media, because the pax|tar binary does
not support cpio anymore.

10 years agoButcher a smaller tar/pax here, which has no cpio support
deraadt [Sat, 11 Jan 2014 05:37:16 +0000 (05:37 +0000)]
Butcher a smaller tar/pax here, which has no cpio support
ok guenther

10 years agoAdd -DNOCPIO option for use by distrib/special
deraadt [Sat, 11 Jan 2014 05:36:26 +0000 (05:36 +0000)]
Add -DNOCPIO option for use by distrib/special
ok guenther tedu

10 years agoSync the comments for the M_ICMP_CSUM_* flags with their descriptions in
lteo [Sat, 11 Jan 2014 04:46:15 +0000 (04:46 +0000)]
Sync the comments for the M_ICMP_CSUM_* flags with their descriptions in
the mbuf(9) man page.

10 years agoCreate cleaner & less noisy makefiles, now that we've been using
deraadt [Sat, 11 Jan 2014 04:44:15 +0000 (04:44 +0000)]
Create cleaner & less noisy makefiles, now that we've been using
this for 20 years.  We don't need to see the splatter as much anymore.

10 years agojust a little TLC
deraadt [Sat, 11 Jan 2014 04:43:00 +0000 (04:43 +0000)]
just a little TLC

10 years agoLet tcpdump detect bad ICMPv6 checksums with the -v flag.
lteo [Sat, 11 Jan 2014 04:41:08 +0000 (04:41 +0000)]
Let tcpdump detect bad ICMPv6 checksums with the -v flag.

Tested on amd64, i386, loongson, and macppc.

OK florian@

10 years agoLet tcpdump detect bad ICMP checksums with the -v flag.
lteo [Sat, 11 Jan 2014 04:40:45 +0000 (04:40 +0000)]
Let tcpdump detect bad ICMP checksums with the -v flag.

Tested on amd64, i386, loongson, and macppc.

OK florian@

10 years agoMake icmp_print() accept the length variable, which is the length of the
lteo [Sat, 11 Jan 2014 04:35:52 +0000 (04:35 +0000)]
Make icmp_print() accept the length variable, which is the length of the
packet without the IP header.  This is needed by the next commit that
will allow tcpdump to detect bad ICMP checksums.

Related functions like {tcp,udp,icmp6}_print() already accept this
length variable, so this change makes icmp_print() consistent with
them as well.

This commit makes no functional change to tcpdump itself.

OK florian@

10 years agoCheck the return value of fstat() in readmsg().
lteo [Sat, 11 Jan 2014 04:29:07 +0000 (04:29 +0000)]
Check the return value of fstat() in readmsg().

OK deraadt@ tedu@

10 years agouse -DSHA2_ONLY to be more clear about what we are butchering
deraadt [Sat, 11 Jan 2014 04:01:13 +0000 (04:01 +0000)]
use -DSHA2_ONLY to be more clear about what we are butchering
idea from tedu

10 years agouse NOMAN=1 for all directories
deraadt [Sat, 11 Jan 2014 03:35:57 +0000 (03:35 +0000)]
use NOMAN=1 for all directories

10 years agounify with other Makefiles around here
deraadt [Sat, 11 Jan 2014 03:35:14 +0000 (03:35 +0000)]
unify with other Makefiles around here

10 years agoUse strtoul() to do octal and hex character conversion instead of
millert [Fri, 10 Jan 2014 23:01:29 +0000 (23:01 +0000)]
Use strtoul() to do octal and hex character conversion instead of
custom code.

10 years agoimprove ntpctl usage so that the manual page does not need to be read
deraadt [Fri, 10 Jan 2014 22:54:12 +0000 (22:54 +0000)]
improve ntpctl usage so that the manual page does not need to be read
every time
ok jmc

10 years agoDon't overwrite the regress target, provide a test target instead. This allows
tobiasu [Fri, 10 Jan 2014 22:52:50 +0000 (22:52 +0000)]
Don't overwrite the regress target, provide a test target instead.  This allows
the test target to fail without terminating overall regression tests. Clean up
a little.

Also adjust orders.txt.sig comment to new reality, making the test pass again.

Looks ok to sthen@

10 years agoregen
brad [Fri, 10 Jan 2014 22:34:48 +0000 (22:34 +0000)]
regen

10 years agoResurrect the "park APs in realmode" idea that we explored back at t2k13
mlarkin [Fri, 10 Jan 2014 22:34:41 +0000 (22:34 +0000)]
Resurrect the "park APs in realmode" idea that we explored back at t2k13
(and which didn't work at that time due to a bug which has since been
fixed). The APs are now demoted to real mode and placed in a HLT loop
while the hibernated image is being unpacked.

Helps my x230 significantly, no more spurious reboots on resume.

ok deraadt

10 years agoAdd the ULT Haswell host bridge id.
brad [Fri, 10 Jan 2014 22:34:17 +0000 (22:34 +0000)]
Add the ULT Haswell host bridge id.

Was intending to add this but also reminded by mark rowland

10 years agoAdd MSI support.
brad [Fri, 10 Jan 2014 22:01:30 +0000 (22:01 +0000)]
Add MSI support.

Tested by comete@daknet.org and vigdis+obsd@chown.me.

10 years agoFix the unitialized rtableid bug discovered and fixed in the previous
florian [Fri, 10 Jan 2014 21:57:44 +0000 (21:57 +0000)]
Fix the unitialized rtableid bug discovered and fixed in the previous
commit by brad@ by calling setsockopt SO_RTABLE only when -V is
present. As a bonus drop privileges very early in main, before option
parsing.
This brings ping6 more in line with what ping does and will make
eventual unification easier.

OK deraadt@
"works for me" brad@

10 years agodepluralize
deraadt [Fri, 10 Jan 2014 21:45:04 +0000 (21:45 +0000)]
depluralize
ok jmc

10 years agomatch what hppa is doing now (not tested, but should be right)
deraadt [Fri, 10 Jan 2014 20:53:45 +0000 (20:53 +0000)]
match what hppa is doing now (not tested, but should be right)
ok miod jsing

10 years agocorrect argument handling; this has been broken since to beginning
deraadt [Fri, 10 Jan 2014 20:53:19 +0000 (20:53 +0000)]
correct argument handling; this has been broken since to beginning
and was writing to wrong memory.
ok jsing miod guenther

10 years agodo not list sha1 and sha256 in SEE ALSO, since md5 is already there, and
jmc [Fri, 10 Jan 2014 20:20:34 +0000 (20:20 +0000)]
do not list sha1 and sha256 in SEE ALSO, since md5 is already there, and
they're one and the same page now;

10 years agocatch up to the fact that md5/sha* got merged, and document -c consistently;
jmc [Fri, 10 Jan 2014 20:14:08 +0000 (20:14 +0000)]
catch up to the fact that md5/sha* got merged, and document -c consistently;
some style and cleanup tweaks while here

ok deraadt

10 years agoAdd MISSING to the list of possible results of a checklist comparison.
lteo [Fri, 10 Jan 2014 18:52:22 +0000 (18:52 +0000)]
Add MISSING to the list of possible results of a checklist comparison.

10 years agoWhen using a checklist, print MISSING for non-existent files.
lteo [Fri, 10 Jan 2014 18:51:05 +0000 (18:51 +0000)]
When using a checklist, print MISSING for non-existent files.

Based on an earlier diff by tedu@
Requested by deraadt@
OK deraadt@

10 years agosort options
deraadt [Fri, 10 Jan 2014 17:52:50 +0000 (17:52 +0000)]
sort options

10 years agotedu merged the hash manual pages back together. This goes even further,
deraadt [Fri, 10 Jan 2014 17:47:44 +0000 (17:47 +0000)]
tedu merged the hash manual pages back together.  This goes even further,
repairing the documentation for the -c option.

10 years agoRemove unnecessary rc_post from rc.d/nsd.
sthen [Fri, 10 Jan 2014 17:41:39 +0000 (17:41 +0000)]
Remove unnecessary rc_post from rc.d/nsd.

It was there to try and ensure that failure was reported if nsd stopped
shortly after startup (as it used to do if the address was in use, etc),
but this is no longer the case with nsd 4 which returns a failure at
startup in these cases, and having it there breaks properly printing
"(ok)" when stopping.

10 years ago-c comment, for people who don't like the default. ok deraadt
tedu [Fri, 10 Jan 2014 17:38:24 +0000 (17:38 +0000)]
-c comment, for people who don't like the default. ok deraadt

10 years agoUse arc4random instead of random in the flock regress tests.
jsing [Fri, 10 Jan 2014 16:34:25 +0000 (16:34 +0000)]
Use arc4random instead of random in the flock regress tests.

ok deraadt@

10 years agolikewise. this is useless
espie [Fri, 10 Jan 2014 16:09:08 +0000 (16:09 +0000)]
likewise. this is useless

10 years agoby popular demand, remove excessive paranoia
espie [Fri, 10 Jan 2014 16:05:31 +0000 (16:05 +0000)]
by popular demand, remove excessive paranoia

10 years agosignify silent by default, don't bother working around stdout.
espie [Fri, 10 Jan 2014 14:34:02 +0000 (14:34 +0000)]
signify silent by default, don't bother working around stdout.

10 years agoreplace the rest of the obsolete radix macros
tedu [Fri, 10 Jan 2014 14:29:08 +0000 (14:29 +0000)]
replace the rest of the obsolete radix macros
sprinkle 0 -> NULL where obvious
ok millert mpi

10 years agoMake this work on hppa.
jsing [Fri, 10 Jan 2014 14:16:42 +0000 (14:16 +0000)]
Make this work on hppa.

10 years agobe a bit more careful
deraadt [Fri, 10 Jan 2014 14:06:18 +0000 (14:06 +0000)]
be a bit more careful

10 years agoDo not include MD assembly code in a sys regress test. Untested on alpha,
jsing [Fri, 10 Jan 2014 13:45:00 +0000 (13:45 +0000)]
Do not include MD assembly code in a sys regress test. Untested on alpha,
however it has a much better chance of compiling than it did previously.

10 years agoUsing random-id is recommended in combination with no-df to ensure
sobrado [Fri, 10 Jan 2014 12:07:19 +0000 (12:07 +0000)]
Using random-id is recommended in combination with no-df to ensure
unique IP identifiers.

ok henning@

10 years agorevert previous; height is never changed, but top is changed.
sthen [Fri, 10 Jan 2014 11:19:31 +0000 (11:19 +0000)]
revert previous; height is never changed, but top is changed.
ok espie@ who saw intermittent sigbus in ports/math/hc with this.

10 years agoremove md5 after installing it (with the links to the sha256/512 commands).
deraadt [Fri, 10 Jan 2014 07:57:24 +0000 (07:57 +0000)]
remove md5 after installing it (with the links to the sha256/512 commands).
this is because the md5/sha256/sha512 are in the same binary, found in the
md5 directory, but the version on the media lacks md5 support.  Understand?

10 years agono Pp before or after Sh;
jmc [Fri, 10 Jan 2014 07:53:04 +0000 (07:53 +0000)]
no Pp before or after Sh;

10 years agoFix a bug found in ping6 when rebuilding with stack protector strong.
brad [Fri, 10 Jan 2014 06:18:40 +0000 (06:18 +0000)]
Fix a bug found in ping6 when rebuilding with stack protector strong.
rtableid is unitialized; the stack protector strong binary would fail
to set the routing table id. Copy the rtableid initialization over to
ping to keep what is essentially similar code in sync.

ok deraadt@

10 years agothe /etc/ssh/ssh_host_ed25519_key is loaded by default too
djm [Fri, 10 Jan 2014 05:59:19 +0000 (05:59 +0000)]
the /etc/ssh/ssh_host_ed25519_key is loaded by default too

10 years agothe -c option is really a mode change, incompatible with other options.
tedu [Fri, 10 Jan 2014 05:34:46 +0000 (05:34 +0000)]
the -c option is really a mode change, incompatible with other options.
(there are some others too, but -c is particularly misleading.) split it
out in synopsis and usage.
ok deraadt

10 years agoddpcb and unixsw symbols are no longer used with kvm_read
guenther [Fri, 10 Jan 2014 04:54:35 +0000 (04:54 +0000)]
ddpcb and unixsw symbols are no longer used with kvm_read

ok deraadt@

10 years agoCopy changes from ls -l to find -ls: print future times with year and use
guenther [Fri, 10 Jan 2014 04:53:35 +0000 (04:53 +0000)]
Copy changes from ls -l to find -ls: print future times with year and use
strftime() instead of parsing ctime()'s output.

ok millert@

10 years agoquiet time. printing verified was an artifact of development, to be sure
tedu [Fri, 10 Jan 2014 04:49:35 +0000 (04:49 +0000)]
quiet time. printing verified was an artifact of development, to be sure
we didn't accidentally fall through main without doing anything, but tools
should be quiet unless there's an error.

10 years agouse a single positional argument instead of a creeping list of __progname
tedu [Fri, 10 Jan 2014 04:36:58 +0000 (04:36 +0000)]
use a single positional argument instead of a creeping list of __progname

10 years agoa little more consistent with names, notably call signature files sigfiles
tedu [Fri, 10 Jan 2014 04:34:24 +0000 (04:34 +0000)]
a little more consistent with names, notably call signature files sigfiles
for short, instead of output.

10 years agobase64.c workaround keeps sneaking back in
tedu [Fri, 10 Jan 2014 04:28:57 +0000 (04:28 +0000)]
base64.c workaround keeps sneaking back in

10 years agoprovide a small (very very) practical example for using signify
deraadt [Fri, 10 Jan 2014 04:24:18 +0000 (04:24 +0000)]
provide a small (very very) practical example for using signify
ok tedu