openbsd
10 years agoNuke unused evptests.txt - the real one is over in regress.
jsing [Thu, 1 May 2014 16:07:13 +0000 (16:07 +0000)]
Nuke unused evptests.txt - the real one is over in regress.

ok miod@

10 years agoProvide an EVP implementation for ChaCha.
jsing [Thu, 1 May 2014 16:06:24 +0000 (16:06 +0000)]
Provide an EVP implementation for ChaCha.

ok miod@

10 years agoMove RSA keys from "lka" to a new dedicated "ca" process because lka
reyk [Thu, 1 May 2014 15:50:20 +0000 (15:50 +0000)]
Move RSA keys from "lka" to a new dedicated "ca" process because lka
is handling some async requests and shouldn't be busy with sync RSA.

ok gilles@

10 years agoFix perl arch directory name.
miod [Thu, 1 May 2014 15:04:31 +0000 (15:04 +0000)]
Fix perl arch directory name.

10 years agoRevert 1.49 (bad merge with free dejavu)
miod [Thu, 1 May 2014 15:00:19 +0000 (15:00 +0000)]
Revert 1.49 (bad merge with free dejavu)

10 years agosync
deraadt [Thu, 1 May 2014 14:47:47 +0000 (14:47 +0000)]
sync

10 years agox86-64 ABI requires arrays greater than 16 bytes to be aligned to
martynas [Thu, 1 May 2014 14:15:42 +0000 (14:15 +0000)]
x86-64 ABI requires arrays greater than 16 bytes to be aligned to
16byte boundary.  However, GCC 16-byte aligns arrays of >=16 BITS,
not BYTES.

This diff improves bug detectability for code which has local arrays
of [16 .. 127] bits:  in those cases SSP will now detect even 1-byte
overflows.

OK kettenis@.  Tested in snaps for a week.

10 years agofixup SoC name, as it's am335x, not am334x.
jasper [Thu, 1 May 2014 13:26:34 +0000 (13:26 +0000)]
fixup SoC name, as it's am335x, not am334x.

ok bmercer@

10 years agoAdd ChaCha to libcrypto, based on djb's public domain implementation.
jsing [Thu, 1 May 2014 13:15:22 +0000 (13:15 +0000)]
Add ChaCha to libcrypto, based on djb's public domain implementation.

ok deraadt@

10 years ago- add 'sunxi' to list of miniroot files
jasper [Thu, 1 May 2014 11:48:47 +0000 (11:48 +0000)]
- add 'sunxi' to list of miniroot files
- add list of supported 'sunxi' and 'imx' hardware

ok bmercer@

10 years agoAdd support for the french ANSSI FRP256v1 elliptic curve.
miod [Thu, 1 May 2014 11:29:18 +0000 (11:29 +0000)]
Add support for the french ANSSI FRP256v1 elliptic curve.

While not to be considered a good choice of elliptic curve (refer to
http://safecurves.cr.yp.to/ for more details), it is nevertheless deemed a
good decision to allow developers with requirements to use such a curve,
to be able to do this via a crypto library allowing for much better choices
to be made, without having to change (much of) their code to get better crypto.

ok beck@ deraadt@

10 years agoAdd Brainpool elliptic curves. From OpenSSL RT#2239 via ${DAYJOB}.
miod [Thu, 1 May 2014 11:13:26 +0000 (11:13 +0000)]
Add Brainpool elliptic curves. From OpenSSL RT#2239 via ${DAYJOB}.
Be sure to rerun `make includes' after updating.
ok tedu@ beck@ deraadt@

10 years agoRemove fips_md_init() macro indirection for digest algorithms, used by the
miod [Thu, 1 May 2014 11:11:37 +0000 (11:11 +0000)]
Remove fips_md_init() macro indirection for digest algorithms, used by the
OpenSSL FIPS module to prevent forbidden digests to be allowed.
No functional change but readability.

ok deraadt@

10 years agoNo longer mention the tools/ directory, which content is irrelevant those days;
miod [Thu, 1 May 2014 10:35:47 +0000 (10:35 +0000)]
No longer mention the tools/ directory, which content is irrelevant those days;
forgotten during previous cleanups.

10 years agomove pointer use to after a NULL pointer check
jsg [Thu, 1 May 2014 10:25:44 +0000 (10:25 +0000)]
move pointer use to after a NULL pointer check
ok dlg@

10 years agoCorrect a test for X509_get_notAfter() failing or returning
jsg [Thu, 1 May 2014 07:35:57 +0000 (07:35 +0000)]
Correct a test for X509_get_notAfter() failing or returning
an unsupported time type when passing data to keynote.

Problem introduced by angelos in 1.41 though the code
has been reformatted a few times since then.

ok otto@ miod@

10 years agowith some random chance, swizzle the current page for the pool to avoid
tedu [Thu, 1 May 2014 04:25:02 +0000 (04:25 +0000)]
with some random chance, swizzle the current page for the pool to avoid
fully deterministic behavior. ok deraadt

10 years agonibbles aren't enough random, use bytes. does a better job of picking
tedu [Thu, 1 May 2014 04:08:13 +0000 (04:08 +0000)]
nibbles aren't enough random, use bytes. does a better job of picking
a free chunk at random and may allow to increase delayed chunk array.
ok otto

10 years agofixed some debug messages
sasano [Thu, 1 May 2014 03:45:08 +0000 (03:45 +0000)]
fixed some debug messages
ok by dcoppa@

10 years agofirst cut at documenting the change to malloc doing a partial 'junk' by
sthen [Wed, 30 Apr 2014 23:28:05 +0000 (23:28 +0000)]
first cut at documenting the change to malloc doing a partial 'junk' by
default and the new 'j' option to disable this; ok jmc@

10 years agoMake sure we flush discarded pages even if the number of hash buckets doesn't
kettenis [Wed, 30 Apr 2014 19:25:14 +0000 (19:25 +0000)]
Make sure we flush discarded pages even if the number of hash buckets doesn't
change.  From Pedro Martelletto via bitrig.

ok beck@, krw@

10 years agoUMAC can use our local fallback implementation of AES when OpenSSL isn't
naddy [Wed, 30 Apr 2014 19:07:48 +0000 (19:07 +0000)]
UMAC can use our local fallback implementation of AES when OpenSSL isn't
available.  Glue code straight from Ted Krovetz's original umac.c.
ok markus@

10 years agoAssigning list pointers doesn't really work with doubly linked lists. Use
kettenis [Wed, 30 Apr 2014 16:07:31 +0000 (16:07 +0000)]
Assigning list pointers doesn't really work with doubly linked lists.  Use
a remove-and-insert-all-items approach for now and remove the comments that
suggest manipulating list pointers.  Pointed out by Pedro Martelletto.

ok beck@, krw@, mikeb@

10 years agoPreserve intended chronological order of leases in
krw [Wed, 30 Apr 2014 15:11:00 +0000 (15:11 +0000)]
Preserve intended chronological order of leases in
dhclient.leases.<if> files by writing out in reverse the
reverse-chronological-order TAILQ client->leases.

Found while trying to restore static lease functionality.

10 years agoWrite last disk sector, not last 512-byte block, when testing validity
krw [Wed, 30 Apr 2014 14:28:48 +0000 (14:28 +0000)]
Write last disk sector, not last 512-byte block, when testing validity
of new partition limit.

Fixes growfs on 4K-sector disks.

Reported by and fix tested by David Vasek via misc@.

10 years agoAvoid a potential null pointer dereference by checking that we actually
jsing [Wed, 30 Apr 2014 13:51:58 +0000 (13:51 +0000)]
Avoid a potential null pointer dereference by checking that we actually
managed to allocate a fragment, before trying to memcpy data into it.

ok miod@

10 years agoFirst pass at removing win64 support from the assembly generating Perl
jsing [Wed, 30 Apr 2014 13:40:02 +0000 (13:40 +0000)]
First pass at removing win64 support from the assembly generating Perl
scripts. We certainly do not need an identical copy of the win64
exception handler in each script (surely one copy would be sufficient).

ok miod@

10 years agowhen doing opportunistic TLS, do not only downgrade during negotiation, but
gilles [Wed, 30 Apr 2014 12:49:54 +0000 (12:49 +0000)]
when doing opportunistic TLS, do not only downgrade during negotiation, but
also downgrade if a TLS error happens during the session.

ok eric@ who helped me with this

10 years agoRemove carp_seroute() it no longer does anything useful but mess with
mpi [Wed, 30 Apr 2014 10:04:33 +0000 (10:04 +0000)]
Remove carp_seroute() it no longer does anything useful but mess with
your IPv4 routes.

mcbride@ says that this function has been introduced in order to be able
to reach the MASTER node from a BACKUP node using the CARP address. The
reasons are:

1) For troubleshooting, so I can ping or otherwise monitor the MASTER
host.

2) In some cases it's undesirable (or even not possible) to run
services on other IP addresses. For example, services that only allow
you to configure 1 listening IP, or services where you wish to avoid
users connecting to anything but the MASTER server.

Sadly this function becames a horrible hack.  So if somebody thinks the
reasons explained before justify such logic, feel free to submit a
correct diff.

ok bluhm@, henning@, mikeb@

10 years agowhen using maildir, do not create automatically create folders to match tag
gilles [Wed, 30 Apr 2014 09:17:29 +0000 (09:17 +0000)]
when using maildir, do not create automatically create folders to match tag
in email address (ie: gilles+tag => ~/Maildir/.tag), instead use the folder
if it already exists and deliver to the mail Maildir otherwise.

ok eric@ and chl@

10 years agoThe RSA engine (used by pony) has to wait for a response from the
reyk [Wed, 30 Apr 2014 08:23:42 +0000 (08:23 +0000)]
The RSA engine (used by pony) has to wait for a response from the
privileged process (lka) and receive the imsgs in a while loop
synchronously.  But the lka also sends other imsgs (DNS etc.) that can
still be queued up in the buffer when waiting for the RSA response.
This only happens under load with many concurrent connections.  For
now, we just call the pony imsg handler for non-RSA imsgs that are
already in the buffer.

ok gilles@ eric@ blambert@

10 years agoreplace vis-ified output with human-readable strings
blambert [Wed, 30 Apr 2014 07:01:34 +0000 (07:01 +0000)]
replace vis-ified output with human-readable strings
for a few OIDs, with a framework in place to add more
as the mood strikes

ok reyk@ sthen@

10 years agoformat string fixes for (u)int64 vars
sf [Wed, 30 Apr 2014 06:24:23 +0000 (06:24 +0000)]
format string fixes for (u)int64 vars

ok kettenis@

10 years agotidy up SYNOPSIS, usage() and the options list; ok sthen
jmc [Wed, 30 Apr 2014 06:06:09 +0000 (06:06 +0000)]
tidy up SYNOPSIS, usage() and the options list; ok sthen

10 years agounit tests for new buffer API; including basic fuzz testing
djm [Wed, 30 Apr 2014 05:32:00 +0000 (05:32 +0000)]
unit tests for new buffer API; including basic fuzz testing

10 years agoNew buffer API; the first installment of the conversion/replacement
djm [Wed, 30 Apr 2014 05:29:56 +0000 (05:29 +0000)]
New buffer API; the first installment of the conversion/replacement
of OpenSSH's internals to make them usable as a standalone library.

This includes a set of wrappers to make it compatible with the
existing buffer API so replacement can occur incrementally.

With and ok markus@

Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review.

10 years agoEnforce proper alignment of stack variables which may get accessed with
miod [Wed, 30 Apr 2014 04:20:31 +0000 (04:20 +0000)]
Enforce proper alignment of stack variables which may get accessed with
double-word load and store instructions. This used to work by chance, but
recent compiler changes no longer put us in the lucky situation.

tweaks kettenis@

10 years agoi suck at math. b - 8 = 3, not 4. detected by Antoine Pitrou. thanks.
tedu [Wed, 30 Apr 2014 01:05:50 +0000 (01:05 +0000)]
i suck at math. b - 8 = 3, not 4. detected by Antoine Pitrou. thanks.

10 years agosync
deraadt [Wed, 30 Apr 2014 00:20:28 +0000 (00:20 +0000)]
sync

10 years agominor++ because of AI_ADDRCONFIG
sperreault [Wed, 30 Apr 2014 00:16:47 +0000 (00:16 +0000)]
minor++ because of AI_ADDRCONFIG

prodded by naddy, confirmed by Mark Kettenis

10 years agofcntl.h is still needed here.
nicm [Tue, 29 Apr 2014 22:31:22 +0000 (22:31 +0000)]
fcntl.h is still needed here.

10 years agoGet rid of the per-softc freelist of transfer descriptors and use a
mpi [Tue, 29 Apr 2014 21:51:18 +0000 (21:51 +0000)]
Get rid of the per-softc freelist of transfer descriptors and use a
per-driver pool(9) instead.

10 years agotedu ~/.klogin
dcoppa [Tue, 29 Apr 2014 21:30:20 +0000 (21:30 +0000)]
tedu ~/.klogin

ok henning@ deraadt@

10 years agoFor RSA private key privsep, only ever load the keys after forking the
reyk [Tue, 29 Apr 2014 21:04:17 +0000 (21:04 +0000)]
For RSA private key privsep, only ever load the keys after forking the
separated process.  This improves the previous because we don't trust
the PEM and BIO routines to cleanup the keys correctly.

ok gilles@

10 years agoDon't attempt to append a nul quote char to the filename. Should prevent
dtucker [Tue, 29 Apr 2014 20:36:51 +0000 (20:36 +0000)]
Don't attempt to append a nul quote char to the filename.  Should prevent
fatal'ing with "el_insertstr failed" when there's a single quote char
somewhere in the string.  bz#2238, ok markus@

10 years agoMove nulling of variable next to where it's freed. ok markus@
dtucker [Tue, 29 Apr 2014 19:58:50 +0000 (19:58 +0000)]
Move nulling of variable next to where it's freed.  ok markus@

10 years agoImplement RSA privilege separation for OpenSMTPD, based on my previous
reyk [Tue, 29 Apr 2014 19:13:13 +0000 (19:13 +0000)]
Implement RSA privilege separation for OpenSMTPD, based on my previous
implementation for relayd(8).  The smtpd(8) pony processes (mta
client, smtp server) don't keep the private keys in memory but send
their private key operations as imsgs to the "lookup"/mta process.
It's worth mentioning that this prevents acidental private key leakage
as it could have been caused by "Heartbleed".

ok gilles@

10 years agomake compiling against OpenSSL optional (make OPENSSL=no);
markus [Tue, 29 Apr 2014 18:01:49 +0000 (18:01 +0000)]
make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm

10 years agoa bit more merge for traceroute6 stuff, and some consistency fixes;
jmc [Tue, 29 Apr 2014 17:35:29 +0000 (17:35 +0000)]
a bit more merge for traceroute6 stuff, and some consistency fixes;
help/ok florian

10 years agowhen a session fails due to a TLS error in a smtp+tls:// connection, try
gilles [Tue, 29 Apr 2014 17:32:42 +0000 (17:32 +0000)]
when a session fails due to a TLS error in a smtp+tls:// connection, try
plain before giving up

ok eric@

10 years agoConstrain bytes read/written to positive values.
beck [Tue, 29 Apr 2014 15:46:54 +0000 (15:46 +0000)]
Constrain bytes read/written to positive values.
ok miod@ tedu@

10 years agore-add our own aesctr implementation; ok djm@
markus [Tue, 29 Apr 2014 15:39:33 +0000 (15:39 +0000)]
re-add our own aesctr implementation; ok djm@

10 years agoMove traceroute6 to the attic, fully merged into traceroute.
florian [Tue, 29 Apr 2014 15:03:07 +0000 (15:03 +0000)]
Move traceroute6 to the attic, fully merged into traceroute.

10 years agoFinally plug the public xfer leak #1 in our USB stack.
mpi [Tue, 29 Apr 2014 14:11:23 +0000 (14:11 +0000)]
Finally plug the public xfer leak #1 in our USB stack.

Every call to usbd_abort_pipe() on an interrupt pipe would simply
reset the intrxfer pointer, which would prevent usbd_close_pipe()
to free it.  Since we abort pipes in a lot of situations: when a
device is detached, when a USB-to-serial adapter is closed, when
an error occurs, when the machine is suspended, etc, this would
result in hundreds of leaked xfers in most of my machines.

xhci(4) is not affected, but you can't enable it right now since
the stack is not ready :)

While here put a KASSERT() to make sure drivers are only calling
the interrupt abort method for intrxfer, if that's not the case,
please let met know.

10 years agonginx dudes unrolled SSL_OP_ALL by hand so we also have to delete
tedu [Tue, 29 Apr 2014 14:10:07 +0000 (14:10 +0000)]
nginx dudes unrolled SSL_OP_ALL by hand so we also have to delete
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from here to benefit. ok miod

10 years agoregen
mcbride [Tue, 29 Apr 2014 13:49:19 +0000 (13:49 +0000)]
regen

10 years agosmtpd is the default mailer now;
jmc [Tue, 29 Apr 2014 13:48:18 +0000 (13:48 +0000)]
smtpd is the default mailer now;
From: Jan Stary

ok gilles

10 years agoAdd Microsoft Wireless Mobile Mouse 3500 and Wireless Arc Mouse.
mcbride [Tue, 29 Apr 2014 13:46:55 +0000 (13:46 +0000)]
Add Microsoft Wireless Mobile Mouse 3500 and Wireless Arc Mouse.

ok mpi

10 years agobz#1818 - don't send channel success/failre replies on channels that
djm [Tue, 29 Apr 2014 13:10:30 +0000 (13:10 +0000)]
bz#1818 - don't send channel success/failre replies on channels that
have sent a close already; analysis and patch from Simon Tatham;
ok markus@

10 years agoMake sure to call uhidev_close() upon detach, plug another xfer leak.
mpi [Tue, 29 Apr 2014 12:53:33 +0000 (12:53 +0000)]
Make sure to call uhidev_close() upon detach, plug another xfer leak.

10 years agoPlug an xfer leak.
mpi [Tue, 29 Apr 2014 12:47:33 +0000 (12:47 +0000)]
Plug an xfer leak.

10 years agoGet rid of the per-softc freelist of transfer descriptors and use a
mpi [Tue, 29 Apr 2014 12:45:29 +0000 (12:45 +0000)]
Get rid of the per-softc freelist of transfer descriptors and use a
per-driver pool(9) instead.

With inputs from mikeb@

10 years agoRemove unused arguments from ssl_smtp_init()
reyk [Tue, 29 Apr 2014 12:18:27 +0000 (12:18 +0000)]
Remove unused arguments from ssl_smtp_init()

ok gilles@

10 years agoRemove support for the obsolete (non-POSIX) "more -d" prompt.
millert [Tue, 29 Apr 2014 12:11:25 +0000 (12:11 +0000)]
Remove support for the obsolete (non-POSIX) "more -d" prompt.
This was a local change that was only enabled when the LESS_IS_MORE
environment variable was set and not when invoked as "more".
OK shadchin@ jmc@

10 years agoIf you plan to write an obfuscated-by-design kernel / userland
mpi [Tue, 29 Apr 2014 11:58:29 +0000 (11:58 +0000)]
If you plan to write an obfuscated-by-design kernel / userland
interface, I suggest you have a look at the link-layer sockaddr
interface:

  /*
   * A Link-Level Sockaddr may specify the interface in one of two
   * ways: either by means of a system-provided index number (computed
   * anew and possibly differently on every reboot), or by a human-readable
   * string such as "il0" (for managerial convenience).
   [...]
   */

ifa_ifwithnet() was not only checking for the sdl_index in order
to get the corresponding ifp for AF_LINK sockaddr, it was also
iterating over all the addresses on your system!  But in this
case, the `address' field of "struct sockaddr_dl" is an interface
name set by link_addr(3).

How can this work?  Well because the kernel allocates an empty
`netmask' field for each interface's lladdr, so that you can
abuse a network comparison function to reimplement strcmp(3)...

So when the userland does not specify an interface index, try
harder to see if it passed an ifp name, but at least be explicit
and use ifunit().

Found the hard way by/ok sthen@

10 years agomake sure the state machine only advances if the AUTH payload has
markus [Tue, 29 Apr 2014 11:51:13 +0000 (11:51 +0000)]
make sure the state machine only advances if the AUTH payload has
been verified; with & ok mikeb@

10 years agouse explicit_bzero() instead of memset() to clear out sensitive data.
reyk [Tue, 29 Apr 2014 10:18:06 +0000 (10:18 +0000)]
use explicit_bzero() instead of memset() to clear out sensitive data.

ok gilles@

10 years agoIt is only required to load the keys and certs into the same SSL
reyk [Tue, 29 Apr 2014 10:08:55 +0000 (10:08 +0000)]
It is only required to load the keys and certs into the same SSL
context once.  Simplify the code path by moving the loading from three
different places into ssl_ctx_create():

ok gilles@

10 years agoReplace 1 << PAGE_SHIFT with PAGE_SIZE.
kettenis [Tue, 29 Apr 2014 09:55:28 +0000 (09:55 +0000)]
Replace 1 << PAGE_SHIFT with PAGE_SIZE.

ok beck@, miod@

10 years agoFix typo: d_addrt -> daddr_t
dcoppa [Tue, 29 Apr 2014 07:52:06 +0000 (07:52 +0000)]
Fix typo: d_addrt -> daddr_t

ok bmercer@

10 years agofix a test for invalid timezones
jsg [Tue, 29 Apr 2014 07:44:19 +0000 (07:44 +0000)]
fix a test for invalid timezones
oks from a bunch of people

10 years agoRemove device white-listing as matching method, relies on on usage id
andre [Tue, 29 Apr 2014 07:23:40 +0000 (07:23 +0000)]
Remove device white-listing as matching method, relies on on usage id
versus supported sensors table filtering.

discussed with and ok mpi@

10 years agoImplement AI_ADDRCONFIG
sperreault [Mon, 28 Apr 2014 21:38:59 +0000 (21:38 +0000)]
Implement AI_ADDRCONFIG

This is a getaddrinfo() flag that is defined thusly in RFC 3493:

   If the AI_ADDRCONFIG flag is specified, IPv4 addresses shall be
   returned only if an IPv4 address is configured on the local system,
   and IPv6 addresses shall be returned only if an IPv6 address is
   configured on the local system.  The loopback address is not
   considered for this case as valid as a configured address.

      For example, when using the DNS, a query for AAAA records should
      occur only if the node has at least one IPv6 address configured
      (other than IPv6 loopback) and a query for A records should occur
      only if the node has at least one IPv4 address configured (other
      than the IPv4 loopback).

The flag is set by default when hints is NULL.

ok Eric Faurot, Jason McIntyre

10 years agoRemove WIN32, WIN64 and MINGW32 tentacles.
miod [Mon, 28 Apr 2014 21:14:50 +0000 (21:14 +0000)]
Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

10 years agoRemove bogus semicolon.
brad [Mon, 28 Apr 2014 21:01:51 +0000 (21:01 +0000)]
Remove bogus semicolon.

Pointed out by LLVM.

fd.c:1378:29: error: if statement has empty body [-Werror,-Wempty-body]

ok miod@

10 years agouse the correct algorithm mask. reported by satish lvr via
tedu [Mon, 28 Apr 2014 20:10:55 +0000 (20:10 +0000)]
use the correct algorithm mask. reported by satish lvr via
http://marc.info/?l=openssl-dev&m=139779977532459&w=2
ok miod

10 years agoSSL_OP_ALL is supposed to be all options and workarounds that are safe,
tedu [Mon, 28 Apr 2014 20:05:21 +0000 (20:05 +0000)]
SSL_OP_ALL is supposed to be all options and workarounds that are safe,
but disabling attack mitigations is not safe. 0.9.6d contained a
workaround for an attack against CBC modes. 0.9.6e disabled it by default
because "some" implementations couldn't handle empty fragments. 12 years
have passed. Does anybody still care? Let's find out.
ok miod

10 years agoRemove ending cplusplus guard followed by starting cplusplus guard; from
miod [Mon, 28 Apr 2014 19:06:19 +0000 (19:06 +0000)]
Remove ending cplusplus guard followed by starting cplusplus guard; from
Gebruiker Schoot.

10 years agoLeftover includes and local declarations; from Gebruiker Schoot
miod [Mon, 28 Apr 2014 19:04:59 +0000 (19:04 +0000)]
Leftover includes and local declarations; from Gebruiker Schoot

10 years agoIgnore IRIX6-compatible archive map on mips64 platform, since the mips64
miod [Mon, 28 Apr 2014 18:49:28 +0000 (18:49 +0000)]
Ignore IRIX6-compatible archive map on mips64 platform, since the mips64
toolchain creates them. This lets nm -w correctly return 0 for valid archives.

ok jasper@ deraadt@

10 years agore-add _ppp for npppd here as well; ok ajacoutot
okan [Mon, 28 Apr 2014 17:03:48 +0000 (17:03 +0000)]
re-add _ppp for npppd here as well; ok ajacoutot

10 years agomacro fixes for previous; ok reyk
jmc [Mon, 28 Apr 2014 16:23:19 +0000 (16:23 +0000)]
macro fixes for previous; ok reyk

10 years agosync bzero => memset that was done for ip_divert.c before.
reyk [Mon, 28 Apr 2014 15:43:04 +0000 (15:43 +0000)]
sync bzero => memset that was done for ip_divert.c before.

ok tedu@

10 years agoDo not sleep after poll returning an error. Blindly copied over from
florian [Mon, 28 Apr 2014 15:25:34 +0000 (15:25 +0000)]
Do not sleep after poll returning an error. Blindly copied over from
ping6 to ping by me without thinking clearly.
pointed out by deraadt@
OK jca@

10 years agoAdd support for 255 character file names in fuse.
syl [Mon, 28 Apr 2014 13:08:34 +0000 (13:08 +0000)]
Add support for 255 character file names in fuse.

from Helg Bredow, thanks!
input/OK reyk@

10 years agofix memory leak
blambert [Mon, 28 Apr 2014 12:48:36 +0000 (12:48 +0000)]
fix memory leak

ok reyk@

10 years agocheck for integer overflows in custom allocs, okay jca@
espie [Mon, 28 Apr 2014 12:34:11 +0000 (12:34 +0000)]
check for integer overflows in custom allocs, okay jca@

10 years agoAdd support for exporting ARP table via ipNetToMediaTable OID.
mikeb [Mon, 28 Apr 2014 12:03:32 +0000 (12:03 +0000)]
Add support for exporting ARP table via ipNetToMediaTable OID.
With help from blambert@ and sthen@, tested by sthen@, benno@
and myself;  ok blambert

10 years agospacing
reyk [Mon, 28 Apr 2014 11:19:22 +0000 (11:19 +0000)]
spacing

10 years agobump copyright
reyk [Mon, 28 Apr 2014 11:17:15 +0000 (11:17 +0000)]
bump copyright

10 years agoAdd missing documentation for ipcomp(4) support and the configuration
reyk [Mon, 28 Apr 2014 11:16:18 +0000 (11:16 +0000)]
Add missing documentation for ipcomp(4) support and the configuration
payloads.

ok sthen@ krw@

10 years agoIt's about time to remove the infamous CAVEATS section in iked(8).
reyk [Mon, 28 Apr 2014 11:05:59 +0000 (11:05 +0000)]
It's about time to remove the infamous CAVEATS section in iked(8).
Software is never "finished" but the implementation has matured enough
to drop the disclaimer about using it in production networks.

Thanks to markus@, mikeb@ and Hans-Joerg Hoexer for their significant
and ongoing work on improving iked(8).

Removal prompted by sthen@ and many others.

10 years agoMove an opening brace so a loop that delays while waiting
jsg [Mon, 28 Apr 2014 10:06:37 +0000 (10:06 +0000)]
Move an opening brace so a loop that delays while waiting
for hardware to set a ready bit actually delays.

ok krw@ deraadt@ 'sounds correct' miod@

10 years agowhitespace cleanup while reading result of florian's recent (very nice) work
deraadt [Mon, 28 Apr 2014 09:45:30 +0000 (09:45 +0000)]
whitespace cleanup while reading result of florian's recent (very nice) work

10 years agobetter proc id name (it handles traps, not alerts) for the
blambert [Mon, 28 Apr 2014 08:25:05 +0000 (08:25 +0000)]
better proc id name (it handles traps, not alerts) for the
snmp trap handler

10 years agobuffer_get_string_ptr's return should be const to remind
djm [Mon, 28 Apr 2014 03:09:18 +0000 (03:09 +0000)]
buffer_get_string_ptr's return should be const to remind
callers that futzing with it will futz with the actual buffer
contents

10 years agoImprove error handling in dbopen(). If PRAGMA SQL statements fail,
schwarze [Sun, 27 Apr 2014 23:03:52 +0000 (23:03 +0000)]
Improve error handling in dbopen().  If PRAGMA SQL statements fail,
report the error, close the database, and return failure from dbopen(),
such that the main program can recover and rebuild the database.

As noticed by stsp@, this can happen when database files are
accessible, but corrupt or in the wrong format, which will now
automatically be repaired.

Besides, use a safer idiom after sqlite3_open*() failure that also
handles out-of-memory situations correctly, and do not forget to
close the database after CREATE TABLE failure.

10 years agoFor LUNA88K, make sure the architecture name shown to the user
schwarze [Sun, 27 Apr 2014 22:41:39 +0000 (22:41 +0000)]
For LUNA88K, make sure the architecture name shown to the user
matches the architecture name required for man -S and apropos -S.
Adjust the case of LUNA68K to match the case of LUNA88K.
ok aoyama@

10 years agoRegress for access()
guenther [Sun, 27 Apr 2014 22:18:25 +0000 (22:18 +0000)]
Regress for access()

10 years agotypo in comment
miod [Sun, 27 Apr 2014 20:38:39 +0000 (20:38 +0000)]
typo in comment